======================================================================== E P I C A l e r t ======================================================================== Volume 15.07 April 4, 2008 ------------------------------------------------------------------------ Published by the Electronic Privacy Information Center (EPIC) Washington, D.C. http://www.epic.org/alert/EPIC_Alert_15.07.html ======================================================================== Table of Contents ======================================================================== [1] Court Allows Privacy Act Lawsuit Against TSA to Continue [2] EPIC Sues Virginia State Police for Documents Regarding Secrecy Bill [3] Clinton, McCain, Obama Passport Privacy Breached [4] DHS Hits Roadblocks In Demanding Implementation of REAL ID [5] EPIC Urges Strong Accuracy Requirements for Worker ID System [6] News in Brief [7] EPIC Bookstore: "The Commission" [8] Upcoming Conferences and Events - Subscription Information - Privacy Policy - About EPIC - Donate to EPIC http://www.epic.org/donate ======================================================================== [1] Court Allows Privacy Act Lawsuit Against TSA to Continue ======================================================================== A federal district court judge has ruled that Transportation Security Administration (TSA) employees whose personal data was compromised in an agency security breach can continue their suit for damages under the Privacy Act of 1974. In May, the TSA lost a hard drive containing biographic and financial data on 100,000 employees. The hard drive, which contains payroll data from January 2002 to August 2005, holds employee names, Social Security numbers (SSN), birth dates, and bank account and routing information. The employees claim that the breach constitutes a violation of the Privacy Act, which provides remedies for certain disclosures of personal information held by the government, including the creation of new security measures, and damages. DC District Court Judge Henry Kennedy found that the individual employees have standing to bring the Privacy Act claim, that the claim is ripe, and that they have met the conditions for stating a Privacy Act claim. Judge Kennedy’s decision allows the employees’ lawsuit against the Transportation Security Administration to continue. In 2003, EPIC filed an amicus brief in Doe v. Chao, a Supreme Court case interpreting the Privacy Act's minimum damages provision. EPIC outlined the grave dangers posed by SSN disclosure, specifically discussing identity theft. EPIC then pointed out that Congress has provided liquidated damage -- the amount of which is determined in advance so that a dollar amount doesn't have to be specifically proved -- in other privacy laws to enforce rights that are difficult to put a money value on. Finally, EPIC reviewed the Privacy Act's legislative history to demonstrate that Congress has long recognized the risks to privacy posed by unnecessary SSN disclosure. EPIC argued that the award of actual damages in compensation for SSN disclosure under the Privacy Act should be triggered not by a showing of specific monetary damages, but by a showing of adverse affect to the individual, defined as risk of SSN misuse. District Court Decision in American Federation of Government Employees, et al., v. TSA (March 31, 2008) (pdf): http://epic.org/privacy/ssn/tsa_pa_033108.pdf Transportation Security Administration’s Web Site on the May 2007 Security Breach: http://www.tsa.gov/datasecurity/faqs.shtm EPIC page on Doe v. Chao: http://www.epic.org/privacy/chao/ EPIC page on Social Security Numbers: http://epic.org/privacy/ssn/ ======================================================================== [2] EPIC Sues Virginia State Police for Documents Regarding Secrecy Bill ======================================================================== On March 21, 2008, EPIC filed a Virginia Freedom of Information Act lawsuit challenging the Virginia State Police’s failure to make public documents relating to the role of federal agencies in recent legislative efforts to limit the state's open government and privacy laws. On February 12, 2008, EPIC filed a Virginia Freedom of Information Act request for the documents. EPIC seeks to determine whether the U.S. Dept. of Justice or the U.S. Dept. of Homeland Security participated in the development of the legislation. EPIC’s lawsuit follows the Virginia State Police’s refusal to produce any documents in response to EPIC’s request. In January 2008, HB 1007 was introduced before the Virginia General Assembly. The bill would limit Virginia's open government and privacy statutes, as well as Virginia's common law right of privacy, for Virginia agencies connected to the Virginia Fusion Intelligence Center. The Virginia Fusion Intelligence Center is one of several similar entities established by state governments throughout the United States. Fusion centers, intelligence databases that collect information on ordinary citizens, have raised substantial privacy concerns. Federal guidelines call for fusion centers to accumulate and retain information about citizens from a wide range of public and private sources. Such information includes, but is not limited to: financial records, credit reports, medical records, internet and email data, video surveillance from retail stores and sporting facilities, data from preschools, and welfare records. The Virginia Fusion Intelligence Center’s operations involve contact with federal agencies and federal programs. Press reports and statements from Virginia officials have raised questions about federal involvement in the Virginia legislation. Shortly after HB 1007 was introduced, the Virginia Fusion Intelligence Center’s administrative head implied that federal policies might have been the impetus for HB 1007, but did not provide further details. EPIC’s lawsuit asks the court to compel the disclosure of pubic records relating to federal involvement in the development of HB 1007. EPIC’s requests target documents relating to communications between the Virginia State Police and federal agencies regarding “funding, development, and impact” on Virginia’s government transparency and privacy laws. The lawsuit is presently pending. EPIC’s Freedom of Information Act Lawsuit: http://epic.org/privacy/fusion/VA_FOIA_lawsuit_032108.pdf EPIC’s Freedom on Information Act Request: http://epic.org/privacy/fusion/VA_FOIA021208.pdf HB 1007: http://epic.org/redirect/HB_1007.html EPIC’s Letter to Virginia Legislators: http://epic.org/privacy/fusion/Letter_to_Senate_02_25_08.pdf ======================================================================== [3] Clinton, McCain, Obama Passport Privacy Breached ======================================================================== The State Department has revealed that three private contractors improperly accessed the confidential passport file of Senators Hillary Clinton, John McCain, and Barack Obama. On January 9, February 21, and March 14, the State Department discovered three separate incidents of unauthorized access to the passport files of Senator Obama, by three separate contract employees in three separate locations. The contract employers were contacted; in two cases the employees who accessed the files were terminated, the third was disciplined. Later, it was revealed that Senator Clinton and Senator McCain’s files had also been improperly accessed. Secretary of State Condoleezza Rice has spoken with the three candidates about the breaches and issued an apology. Senators Clinton, McCain, and Obama have also all released statements on the breach, with Senator Obama calling for a “full and thorough investigation”. Senators Patrick Leahy (D-Vt.) and Arlen Specter (R-Pa.) have called for the Department of Justice to open a criminal investigation into the breaches of the passport files. The privacy breaches have raised question about the government using the services of contract staff. The Office of Passport Services has relied on support from contract staff for several years. There are currently 2635 contractors working in the National Passport Information Center. The three employees who accessed the files of the presidential candidates worked at Stanley Corporation and The Analysis Corporation. Stanley, a Virginia based company, recently announced the signing of a five-year, $570-million contract to support passport services at the State Department. Passport files contain sensitive personal information that can be used for identity theft or to stalk individuals. The contents of a passport file can include all the information that is required in a passport application such as the applicant’s full name, date of birth, place of birth, gender, social security number, mailing address, phone numbers, and email address. Department of State: On-the-Record Briefing on Unauthorized Accessed Passport Records, March 20, 2008: http://www.state.gov/m/rls/102460.htm Department of State: Questions Taken at the March 21, 2008 Daily Press Briefing: http://www.state.gov/r/pa/prs/ps/2008/mar/102503.htm Department of State: Questions taken at the March 24, 2008 Daily Press Briefing: http://www.state.gov/r/pa/prs/ps/2008/mar/102569.htm Department of State: Daily Press Briefing, March 24, 2008: http://www.state.gov/r/pa/prs/dpb/2008/mar/102560.htm Letters from Senators Leahy and Specter to the Attorney General: http://epic.org/redirect/leahy_specter_letter.html EPIC’s page on Passport Privacy: http://epic.org/privacy/travel/pass/default.html EPIC’s page on the Privacy Act of 1974: http://epic.org/privacy/1974act/ ======================================================================== [4] DHS Hits Roadblocks In Demanding Implementation of REAL ID ======================================================================== Several states are rejecting the Department of Homeland Security’s REAL ID program, which would create a national identification system. States had until March 31, 2008 to ask the agency for an extension that would allow state licenses and ID cards to remain “valid for federal purposes” past May 11, 2008. Though some states did not request extensions, the Department of Homeland Security approved their driver’s licenses and ID cards to remain valid through the extension period, until December 31, 2009. Four states (Maine, Montana, New Hampshire and South Carolina) have expressly rejected the system and none asked for an extension. DHS has given all four extensions, though the states said they would never implement REAL ID because the states have passed laws banning the national identification system. The Department of Homeland Security said it “made extensions available for states that needed additional time to come into compliance, or to complete ongoing security measures,” implying that states that received extensions had agreed to implement the REAL ID national identification system. However, a number of states have said that these extensions do not constitute an agreement to implement this national ID scheme. For example, California (one of the most populous states) sent a letter to DHS on March 18, stating, “California’s request for an extension is not a commitment to implement REAL ID.” New Hampshire said, “because our Legislature voted overwhelmingly in 2007 to pass a bill that prohibits our state from implementing the REAL ID Act in New Hampshire, we cannot authorize implementation of the REAL ID regulations.” The REAL ID proposal has drawn sharp criticism from state governments, members of Congress, civil liberties advocates, and security experts. EPIC has called the scheme "a real danger to security and civil rights." Congress is considering legislation to repeal REAL ID. Senator Patrick Leahy, who co-sponsored legislation to replace REAL ID with the negotiated rulemaking process originally enacted in the 2004 Intelligence Reform and Terrorist Prevention Act, has criticized the national identification system. "The Bush administration's REAL ID program will not only lead to long lines at every DMV across the country, it will impose a massive unfunded mandate on state governments while offering absolutely no federal privacy protections to our citizens," Senator Leahy said. Department of Homeland Security's Page on REAL ID (including links to Final Rule and final Privacy Impact Assessment): http://www.dhs.gov/xprevprot/programs/gc_1200062053842.shtm Senator Patrick Leahy, Press Release about REAL ID Final Regulations (Jan. 11, 2008): http://leahy.senate.gov/press/200801/011108a.html Stop REAL ID Campaign: http://www.privacycoalition.org/stoprealid/ EPIC's page on National ID Cards and REAL ID Act (includes links to letters from states rejecting REAL ID): http://epic.org/privacy/id-cards/ ======================================================================== [5] EPIC Urges Strong Accuracy Requirements for Worker ID System ======================================================================== In March 31, 2008 comments to the Department of Homeland Security, EPIC urged the agency to fully apply all Privacy Act of 1974 obligations, including those of access, correction and data accuracy, to the Verification Information System. This system gathers and accesses a vast amount of personal data on citizens and immigrants and uses this data to underpin the federal government’s Employment Eligibility Verification System (“EEVS”). With this system, DHS is attempting to gain the authority to determine employment eligibility for virtually all Americans in the workforce. Privacy Act protections are especially needed because of data security and accuracy problems in the information systems used by EEVS, EPIC said. Various federal agencies, including DHS, have suffered serious data security breaches in recent years. “Incredibly, the Department of Homeland Security last year reported that it experienced 844 ‘cybersecurity incidents’ in Fiscal Years 2005 and 2006,” EPIC said. “Among these security breaches: ‘A workstation was infected with a Trojan scanning for port 137, an event that clearly demonstrated individuals attempting to scan DHS systems through the internet,’ ‘Unauthorized individuals gaining access to DHS equipment and data,’ and ‘numerous Classified data spillages.’” Another complication with EEVS is that the majority of "tentative nonconfirmations" occur because of a significant problem in the systems: Information in the databases queried is incorrect or untimely. "These databases have high error rates in determining work eligibility status, causing these verification problems and backlogs. In a 1997 report and a 2002 follow-up review, the Inspector General of the Department of Justice found that data from the Immigration and Naturalization Service (the predecessor of U.S. Citizenship and Immigration Services), which E-Verify queries, was unreliable and 'flawed in content and accuracy,'" EPIC said. Also, in an October opinion granting a temporary restraining order enjoining the Department of Homeland Security from implementing a new “no-match” employment eligibility verification proposal, the federal judge noted, “the government recognizes, the no-match letters are based on SSA records that include numerous errors.” In the final rule for REAL ID implementation (released in January), Department of Homeland Security admitted there are accuracy and reliability problems in SSOLV said that it, AAMVA, and the States are working with SSA to attempt to solve these problems. Such erroneous records could lead to “tentative” or “final nonconfirmation” notices for affected employees. It is inconceivable that the drafters of the Privacy Act would have permitted such a system to be granted broad exemptions from Privacy Act obligations. EPIC said, “Consistent and broad application of the Privacy Act obligations are the best means of ensuring accuracy and reliability of the data used in a system that profoundly affects Americans’ employment.” EPIC has repeatedly detailed problems in the Employment Eligibility Verification System. In Congressional testimony last year, EPIC Executive Director Marc Rotenberg said existing agency database problems should be corrected before any expansion of the system is considered. He also highlighted the dangers of massive data aggregation in centralized databases, such as the Employment Eligibility Verification System. Such a large collection of personal data increases the possibility that the information could be used for unintended purposes, such as long-term tracking of individuals, misuse by authorized users and identity theft. Federal Register Notice for Verification Information System (February 28, 2008): http://edocket.access.gpo.gov/2008/E8-3833.htm Department of Homeland Security’s page on Employment Eligibility Verification System: http://www.dhs.gov/ximgtn/programs/gc_1185221678150.shtm EPIC, Comments Urging Strong Accuracy Requirements for Employment Eligibility Verification System (March 31, 2008) (pdf): http://www.epic.org/privacy/ssn/epic_vis_033108.pdf EPIC, Marc Rotenberg, Testimony on Employment Verification Systems before the House Committee on Ways and Means (June 7, 2007) (pdf): http://www.epic.org/privacy/ssn/eevs_test_060707.pdf EPIC’s page on Social Security Numbers: http://epic.org/privacy/ssn/ ======================================================================== [6] News in Brief ======================================================================== Congress Holds First Hearing on Online Virtual Worlds, Simulcast in Second Life The House Commerce Committee held a hearing today on "Online Virtual Worlds: Applications and Avatars in a User-Generated Medium." It was the first simulcast of a Congressional hearing in a virtual world. In the Chairman's Opening Statement, Rep. Ed Markey (D-MA) described the hearing as "both a glimpse into the future and a window into the current reality of millions of people across the world." The most recent edition of the EPIC Privacy and Human Rights report contains a "country report" on Second Life. Committee on Energy and Commerce: http://energycommerce.house.gov/ Press release – Representative Edward Markey: http://epic.org/redirect/markey_pr.html EPIC Bookstore - Privacy and Human Rights 2006: http://epic.org/phr06/ Despite Data Breaches, Federal Trade Commission Does Not Fine TJX, Reed Elsevier, or Seisint The FTC settled separate actions against a retailer, TJX, and two data brokers, Reed Elsevier, and Seisint, without imposing fines. The Commission alleged that the companies “failed to provide reasonable and appropriate security for sensitive consumer information,” which led to data breaches. As a result of the TJX data breach, between 45 million and 100 million credit card numbers were exposed to fraud. As a result of the Reed Elsevier and Seisint data breach, personal information regarding several hundred thousand people was exposed in a scheme involving stolen computer logins and passwords. The Commission did not fine the companies, but required that they tighten security measures and perform future audits. The FTC is accepting public comments regarding the settlements through April 28, 2008. The Commission will make a final decision regarding the settlement after the conclusion of the comment period. Agency Announces Settlement of Separate Actions Against Retailer TJX, and Data Brokers Reed Elsevier and Seisint for Failing to Provide Adequate Security for Consumers’ Data: http://www.ftc.gov/opa/2008/03/datasec.shtm EPIC's Identity Theft page: http://epic.org/privacy/idtheft/ William E. Kovacic Appointed Federal Trade Commission Chairman Commissioner William E. Kovacic was selected by President Bush serve as Chairman of the FTC upon the departure of the current Chairman, Deborah Platt Majoras. Majoras previously announced her resignation and made public her intention to join Procter & Gamble Co. after leaving the Commission. Commissioner Kovacic, previously confirmed as a FTC Commissioner, will not require additional confirmation by the Senate. Kovacic inherits a Commission docket that has recently been replete with privacy-related matters. Last week, the Commission settled actions arising from data breaches at TJX, Reed Elsevier, and Seisint. In January 2008, EPIC filed a complaint with the Commission arising from Ask.com’s unfair and deceptive search engine privacy practices. In April 2007, EPIC asked the Commission to impose privacy-protecting conditions on the Google-Doubleclick merger. FTC Announcement: http://ftc.gov/opa/2008/03/kovacic.shtm EPIC’s page on AskEraser: http://epic.org/privacy/ask/default.html EPIC’s page on the Google/DoubleClick Deal: http://epic.org/privacy/ftc/google/ Homeland Security Releases Final Rule on Controversial Traveler System The Department of Homeland Security has released the final regulations for the Western Hemisphere Travel Initiative (WHTI), a system that requires U.S. citizens and foreign nationals to present a passport or other documents to prove identity and citizenship when entering the United States from certain countries in North, Central or South America. Senators Leahy and Stevens authored a law that postponed the document requirements until June 2009 or until seven conditions are met, whichever is later. In response to the final rule, Senator Leahy said, DHS “still [has] given the American people no reason to believe they will meet the readiness conditions in the new law. […] In DHS’s hands, WHTI is not an advance in security but smoke and mirrors with little real benefit and the potential for a great deal of collateral damage to our economy.” EPIC has detailed problems in the agency’s plan for a travel card under this system, explaining that the tracking technology proposed would jeopardize the privacy and security of US travelers. Department of Homeland Security’s Final Rule on Western Hemisphere Travel Initiative (March 27, 2008) (pdf): http://www.dhs.gov/xlibrary/assets/whti_landseafinalrule.pdf EPIC's page on RFID: http://www.epic.org/privacy/rfid/ Intelligence Agencies Using Google Technologies Agencies of the United States government are using Google technologies for their intelligence operations. The Intellipedia project, a classified wiki that agents add their information to, is using Google search technologies. Google's federal government sales team seeks to expand the sales of its technologies to federal agencies. Google recently merged with Doubleclick, an Internet cookie-based advertising firm with extensive profiles of Internet user's browsing histories. EPIC Page on Search Engine Privacy: http://epic.org/privacy/search_engine/ EPIC Page on Google/Doubleclick Merger: http://epic.org/privacy/ftc/google/ Unencrypted Laptop Containing Patient Data Stolen From NIH A laptop stolen from the National Institutes of Health (NIH) contained personal identifiers and some health information. The laptop with data on 2,500 research subjects was stolen from a researcher's car. Congressman Ed Markey sent a letter to Health and Human Services Secretary Michael Leavitt inquiring why the data was not encrypted according to federal standards and why the subjects were not promptly notified. The subjects of the stolen data were not notified until a month after the breach. This follows after other federal government security breaches, including the theft of a laptop at the Department of Veteran's affairs that exposed the personal information of 26 million veterans. EPIC Page on VA Data Theft http://epic.org/privacy/vatheft/ Congressman Markey's Letter to the HHS Secretary http://markey.house.gov/docs/health/032408nihdataloss.pdf Washington State Passes Laws Limiting RFID Use Washington state has passed two laws that limit the collection and use of radio frequency identification (RFID) technology data. RFID chips transmit data wirelessly, which can raise security and privacy risks if proper safeguards are not in place. HB 2729 and HB 1031 make it a felony to “skim” data from RFID-enabled ID cards; “skimming” is the gathering of data from RFID without that person's knowledge and consent for criminal purposes. There are exceptions for international border crossings. However, the final laws no longer contain provisions that would have outlawed surreptitious gathering of such data for marketing purposes, so that may still be done even without the individuals’ knowledge or consent. The laws set restrictions on the release of ID card data to law enforcement officials. The laws will go into effect on June 12. Washington State HB 2729: Addressing the reading and handling of certain identification documents (pdf): http://epic.org/redirect/HB_2729.html Washington State HB 1031: Changing provisions concerning electronic devices (pdf): http://epic.org/redirect/HB_1031.html EPIC page on RFID: http://epic.org/privacy/rfid/ ======================================================================== [7] EPIC Bookstore: “The Commission” ======================================================================== The Commission: The Uncensored History of the 9/11 Investigation by Philip Shenon http://www.powells.com/partner/24075/biblio/9780446580755 It is difficult to describe the reaction in Washington, DC when the final report of the 9-11 Commission appeared in bookstores across the city. For those policy wonks who are accustomed to bland reports from the Government Printing Office, the stack of paperbacks on tables at Borders and Barnes & Nobles was an amazing site. Bookstore windows featured the “Report on National Commission on Terrorist Attacks Upon the United States” next to best-selling fiction and popular diet books. And at $8 a copy, the book became a bestseller. The writing was widely praised. “It reads like a thriller,” gushed the reviewers who pointed to chapters with titles such as “The System was Blinking Red.” The co-chairman intoned the bipartisan agreement that signaled official Washington’s official acceptance of the report’s conclusions. And candidates for office and members of Congress rushed to endorse the recommendations of the 9-11 Commission as if it were a shopping list. (The new Democratic Majority placed the list on web site and checked off items as legislation was enacted.) To be sure, the work of the 9-11 Commission was an extraordinary undertaking on a difficult topic, brought forward during a period of growing political polarization. The temptation to lay blame was everywhere apparent. Could President Clinton have stopped bin Laden? He gave the order to take out the 9-11 mastermind but the plan was poorly executed. Did President Bush’s National Security team drop the ball during the transition? They were told to focus on bin Laden, but worried more about an off-course spy plan. Phil Shenon, the New York Times reporter who covered the Commission for the paper, went behind the scenes, spoke with staff, the Commissioners, those who appeared before the Commission, and others whose stories often remained out of the paper. Shenon’s particular focus was on the executive director of the Commission, Virginia history professor Phil Zelikow. In parts brilliant and abrasive, Zelikow, Shenon reports, kept the staff on edge, the commission in the dark, and the report on track. The big secret about the Zelikow appointment was that he had authored the Bush administration’s memo on pre-emptive war that led the country into Iraq. He also maintained close ties with Secretary of State Condoleezza Rice, whose own inability to focus President Bush on the bin Laden threat may have contributed to the events of 9-11. The conclusion, one could easily draw, is that Zelikow biased the report to diminish the responsibility of the Bush administration. But that conclusion is not beyond dispute, given the extensive commentary since publication of the 9-11 report, the comments of the Commissioners, and the interesting exchange between the author and Zelikow himself. Still, criticisms of the report and the implementation of the recommendations remain. Some commentators, such as Judge Richard Posner, questioned whether the effort to streamline the federal government was an effective way to respond to an unpredictable enemy (redundancy has its virtues) and even whether it would be possible to prevent a future attack by determined opponents. Civil libertarians also rightly question whether the security recommendations of the Commission were given greater priority than the privacy recommendations. There is little evidence, for example, that new mechanisms of oversight have matched the new systems of surveillance, as the Commission proposed. There is no discussion of the President’s domestic surveillance program in the report, even though the spying began shortly after 9-11. That oversight is troubling. Given the Commission’s generally helpful recommendations on Patriot Act review, one wonders what might have been said if the full scope of domestic spying were known. The watch lists, embraced by the Commission, continue grow even as the program of record inaccuracy plagues the government’s data sharing efforts. And the proposal for REAL ID has provoked such a backlash from the states that that box of completed recommendations may soon be unchecked. There is good reason to continue to evaluate the impact of the 9-11 Commission and more generally the steps taken in the response to the terrorist attacks upon the United States. The selection of the executive director of the 9-11 Commission is one topic. There are others. - Marc Rotenberg [EPIC’s Commentary on the 9-11 Commission is available at http://epic.org/privacy/terrorism/911comm.html] ================================ EPIC Publications: "Information Privacy Law: Cases and Materials, Second Edition" Daniel J. Solove, Marc Rotenberg, and Paul Schwartz. (Aspen 2005). Price: $98. http://www.epic.org/redirect/aspen_ipl_casebook.html This clear, comprehensive introduction to the field of information privacy law allows instructors to enliven their teaching of fundamental concepts by addressing both enduring and emerging controversies. The Second Edition addresses numerous rapidly developing areas of privacy law, including: identity theft, government data mining and electronic surveillance law, the Foreign Intelligence Surveillance Act, intelligence sharing, RFID tags, GPS, spyware, web bugs, and more. Information Privacy Law, Second Edition, builds a cohesive foundation for an exciting course in this rapidly evolving area of law. ================================ "Privacy & Human Rights 2006: An International Survey of Privacy Laws and Developments" (EPIC 2007). Price: $75. http://www.epic.org/phr06/ This annual report by EPIC and Privacy International provides an overview of key privacy topics and reviews the state of privacy in over 75 countries around the world. The report outlines legal protections, new challenges, and important issues and events relating to privacy. Privacy & Human Rights 2006 is the most comprehensive report on privacy and data protection ever published. ================================ "FOIA 2006: Litigation Under the Federal Open Government Laws," Harry A. Hammitt, Marc Rotenberg, Melissa Ngo, and Mark S. Zaid, editors (EPIC 2007). Price: $50. http://www.epic.org/bookstore/foia2006 This is the standard reference work covering all aspects of the Freedom of Information Act, the Privacy Act, the Government in the Sunshine Act, and the Federal Advisory Committee Act. The 23nd edition fully updates the manual that lawyers, journalists and researchers have relied on for more than 25 years. For those who litigate open government cases (or need to learn how to litigate them), this is an essential reference manual. ================================ "The Public Voice WSIS Sourcebook: Perspectives on the World Summit on the Information Society" (EPIC 2004). Price: $40. http://www.epic.org/bookstore/pvsourcebook This resource promotes a dialogue on the issues, the outcomes, and the process of the World Summit on the Information Society (WSIS). This reference guide provides the official UN documents, regional and issue-oriented perspectives, and recommendations and proposals for future action, as well as a useful list of resources and contacts for individuals and organizations that wish to become more involved in the WSIS process. ================================ "The Privacy Law Sourcebook 2004: United States Law, International Law, and Recent Developments," Marc Rotenberg, editor (EPIC 2005). Price: $40. http://www.epic.org/bookstore/pls2004/ The Privacy Law Sourcebook, which has been called the "Physician's Desk Reference" of the privacy world, is the leading resource for students, attorneys, researchers, and journalists interested in pursuing privacy law in the United States and around the world. It includes the full texts of major privacy laws and directives such as the Fair Credit Reporting Act, the Privacy Act, and the OECD Privacy Guidelines, as well as an up-to-date section on recent developments. New materials include the APEC Privacy Framework, the Video Voyeurism Prevention Act, and the CAN-SPAM Act. ================================ "Filters and Freedom 2.0: Free Speech Perspectives on Internet Content Controls" (EPIC 2001). Price: $20. http://www.epic.org/bookstore/filters2.0 A collection of essays, studies, and critiques of Internet content filtering. These papers are instrumental in explaining why filtering threatens free expression. ================================ EPIC publications and other books on privacy, open government, free expression, crypto and governance can be ordered at: EPIC Bookstore http://www.epic.org/bookstore "EPIC Bookshelf" at Powell's Books http://www.powells.com/bookshelf/epicorg.html ================================ EPIC also publishes EPIC FOIA Notes, which provides brief summaries of interesting documents obtained from government agencies under the Freedom of Information Act. Subscribe to EPIC FOIA Notes at: https://mailman.epic.org/cgi-bin/control/foia_notes ======================================================================== [8] Upcoming Conferences and Events ======================================================================== "Can Privacy Education Help Consumers?". April 17, 2008. National Press Club. For more information: http://annenbergwashingtonseries.org/speakers.html "Next steps towards privacy enhancing security technologies", April 28-29, 2008, Vienna. For more information: http://www.prise.oeaw.ac.at/conference.htm Identity, Privacy and Security Research Symposium, May 2, 2008, Toronto. For more information: http://www.ipsi.utoronto.ca. CFP 2008: Technology Policy 08. New Haven, Connecticut. May 19-23, 2008. For more information http://www.cfp2008.org Future of the Internet Economy - OECD Ministerial Meeting. June 17-18, 2008. Seoul, Korea. For more information: http://www.oecd.org/document/19/0,2340,en_2649_37441_38051667 _1_1_1_37441,00.html Second Annual National Institute on Cyberlaw: Expanding the Horizons. June 18-20, 2008. Washington DC. For more information: http://www.abanet.org/cle/programs/n08ceh1.html Conference on Ethics, Technology and Identity. The Hague. June 18-20, 2008. For more information http://www.ethicsandtechnology.eu/ETI The Privacy Symposium - Summer 2008: An Executive Education Program on Privacy and Data Security Policy and Practice, August 18-21, 2008, Harvard University, Cambridge, MA. For more information: http://www.privacysummersymposium.com/. ====================================================================== Subscription Information ====================================================================== Subscribe/unsubscribe via web interface: https://mailman.epic.org/cgi-bin/mailman/listinfo/epic_news Back issues are available at: http://www.epic.org/alert The EPIC Alert displays best in a fixed-width font, such as Courier. ======================================================================== Privacy Policy ======================================================================== The EPIC Alert mailing list is used only to mail the EPIC Alert and to send notices about EPIC activities. We do not sell, rent or share our mailing list. We also intend to challenge any subpoena or other legal process seeking access to our mailing list. We do not enhance (link to other databases) our mailing list or require your actual name. In the event you wish to subscribe or unsubscribe your e-mail address from this list, please follow the above instructions under "subscription information." ======================================================================== About EPIC ======================================================================== The Electronic Privacy Information Center is a public interest research center in Washington, DC. It was established in 1994 to focus public attention on emerging privacy issues such as the Clipper Chip, the Digital Telephony proposal, national ID cards, medical record privacy, and the collection and sale of personal information. EPIC publishes the EPIC Alert, pursues Freedom of Information Act litigation, and conducts policy research. For more information, see http://www.epic.org or write EPIC, 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009. +1 202 483 1140 (tel), +1 202 483 1248 (fax). ======================================================================== Donate to EPIC ======================================================================== If you'd like to support the work of the Electronic Privacy Information Center, contributions are welcome and fully tax-deductible. Checks should be made out to "EPIC" and sent to 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009. Or you can contribute online at: http://www.epic.org/donate Your contributions will help support Freedom of Information Act and First Amendment litigation, strong and effective advocacy for the right of privacy and efforts to oppose government regulation of encryption and expanding wiretapping powers. Thank you for your support. ------------------------- END EPIC Alert 15.07 ------------------------- .