EPIC logo

  
========================================================================
                              E P I C  A l e r t
========================================================================
Volume 15.07                                            April 4, 2008
------------------------------------------------------------------------

                               Published by the
                  Electronic Privacy Information Center (EPIC)
                               Washington, D.C.

                http://www.epic.org/alert/EPIC_Alert_15.07.html


========================================================================
Table of Contents
========================================================================
[1] Court Allows Privacy Act Lawsuit Against TSA to Continue
[2] EPIC Sues Virginia State Police for Documents Regarding Secrecy Bill
[3] Clinton, McCain, Obama Passport Privacy Breached
[4] DHS Hits Roadblocks In Demanding Implementation of REAL ID
[5] EPIC Urges Strong Accuracy Requirements for Worker ID System
[6] News in Brief
[7] EPIC Bookstore: "The Commission"
[8] Upcoming Conferences and Events
     - Subscription Information
     - Privacy Policy
     - About EPIC
     - Donate to EPIC
       http://www.epic.org/donate

========================================================================
[1] Court Allows Privacy Act Lawsuit Against TSA to Continue
========================================================================

A federal district court judge has ruled that Transportation Security
Administration (TSA) employees whose personal data was compromised in an
agency security breach can continue their suit for damages under the
Privacy Act of 1974. In May, the TSA lost a hard drive containing
biographic and financial data on 100,000 employees.

The hard drive, which contains payroll data from January 2002 to August
2005, holds employee names, Social Security numbers (SSN), birth dates,
and bank account and routing information. The employees claim that the
breach constitutes a violation of the Privacy Act, which provides
remedies for certain disclosures of personal information held by the
government, including the creation of new security measures, and
damages.

DC District Court Judge Henry Kennedy found that the individual
employees have standing to bring the Privacy Act claim, that the claim
is ripe, and that they have met the conditions for stating a Privacy Act
claim. Judge Kennedy’s decision allows the employees’ lawsuit against
the Transportation Security Administration to continue.

In 2003, EPIC filed an amicus brief in Doe v. Chao, a Supreme Court case
interpreting the Privacy Act's minimum damages provision. EPIC outlined
the grave dangers posed by SSN disclosure, specifically discussing
identity theft. EPIC then pointed out that Congress has provided
liquidated damage -- the amount of which is determined in advance so
that a dollar amount doesn't have to be specifically proved -- in other
privacy laws to enforce rights that are difficult to put a money value
on.

Finally, EPIC reviewed the Privacy Act's legislative history to
demonstrate that Congress has long recognized the risks to privacy posed
by unnecessary SSN disclosure. EPIC argued that the award of actual
damages in compensation for SSN disclosure under the Privacy Act should
be triggered not by a showing of specific monetary damages, but by a
showing of adverse affect to the individual, defined as risk of SSN
misuse.

District Court Decision in American Federation of Government Employees,
et al., v. TSA (March 31, 2008) (pdf):

     http://epic.org/privacy/ssn/tsa_pa_033108.pdf

Transportation Security Administration’s Web Site on the May 2007
Security Breach:

     http://www.tsa.gov/datasecurity/faqs.shtm

EPIC page on Doe v. Chao:

     http://www.epic.org/privacy/chao/

EPIC page on Social Security Numbers:

     http://epic.org/privacy/ssn/


========================================================================
[2] EPIC Sues Virginia State Police for Documents Regarding Secrecy Bill
========================================================================

On March 21, 2008, EPIC filed a Virginia Freedom of Information Act
lawsuit challenging the Virginia State Police’s failure to make public
documents relating to the role of federal agencies in recent legislative
efforts to limit the state's open government and privacy laws. On
February 12, 2008, EPIC filed a Virginia Freedom of Information Act
request for the documents. EPIC seeks to determine whether the U.S.
Dept. of Justice or the U.S. Dept. of Homeland Security participated in
the development of the legislation. EPIC’s lawsuit follows the Virginia
State Police’s refusal to produce any documents in response to EPIC’s
request.

In January 2008, HB 1007 was introduced before the Virginia General
Assembly.  The bill would limit Virginia's open government and privacy
statutes, as well as Virginia's common law right of privacy, for
Virginia agencies connected to the Virginia Fusion Intelligence Center.
The Virginia Fusion Intelligence Center is one of several similar
entities established by state governments throughout the United States.

Fusion centers, intelligence databases that collect information on
ordinary citizens, have raised substantial privacy concerns.  Federal
guidelines call for fusion centers to accumulate and retain information
about citizens from a wide range of public and private sources.   Such
information includes, but is not limited to: financial records, credit
reports, medical records, internet and email data, video surveillance
from retail stores and sporting facilities, data from preschools, and
welfare records.

The Virginia Fusion Intelligence Center’s operations involve contact
with federal agencies and federal programs. Press reports and statements
from Virginia officials have raised questions about federal involvement
in the Virginia legislation. Shortly after HB 1007 was introduced, the
Virginia Fusion Intelligence Center’s administrative head implied that
federal policies might have been the impetus for HB 1007, but did not
provide further details.

EPIC’s lawsuit asks the court to compel the disclosure of pubic records
relating to federal involvement in the development of HB 1007.  EPIC’s
requests target documents relating to communications between the
Virginia State Police and federal agencies regarding “funding,
development, and impact” on Virginia’s government transparency and
privacy laws.  The lawsuit is presently pending.


EPIC’s Freedom of Information Act Lawsuit:

     http://epic.org/privacy/fusion/VA_FOIA_lawsuit_032108.pdf

EPIC’s Freedom on Information Act Request:

     http://epic.org/privacy/fusion/VA_FOIA021208.pdf

HB 1007:

     http://epic.org/redirect/HB_1007.html

EPIC’s Letter to Virginia Legislators:

     http://epic.org/privacy/fusion/Letter_to_Senate_02_25_08.pdf
     

========================================================================
[3] Clinton, McCain, Obama Passport Privacy Breached
========================================================================

The State Department has revealed that three private contractors
improperly accessed the confidential passport file of Senators Hillary
Clinton, John McCain, and Barack Obama. On January 9, February 21, and
March 14, the State Department discovered three separate incidents of
unauthorized access to the passport files of Senator Obama, by three
separate contract employees in three separate locations. The contract
employers were contacted; in two cases the employees who accessed the
files were terminated, the third was disciplined. Later, it was revealed
that Senator Clinton and Senator McCain’s files had also been improperly
accessed.

Secretary of State Condoleezza Rice has spoken with the three candidates
about the breaches and issued an apology. Senators Clinton, McCain, and
Obama have also all released statements on the breach, with Senator
Obama calling for a “full and thorough investigation”. Senators Patrick
Leahy (D-Vt.) and Arlen Specter (R-Pa.) have called for the Department
of Justice to open a criminal investigation into the breaches of the
passport files.

The privacy breaches have raised question about the government using the
services of contract staff. The Office of Passport Services has relied
on support from contract staff for several years. There are currently
2635 contractors working in the National Passport Information Center.
The three employees who accessed the files of the presidential
candidates worked at Stanley Corporation and The Analysis Corporation.
Stanley, a Virginia based company, recently announced the signing of a
five-year, $570-million contract to support passport services at the
State Department.

Passport files contain sensitive personal information that can be used
for identity theft or to stalk individuals. The contents of a passport
file can include all the information that is required in a passport
application such as the applicant’s full name, date of birth, place of
birth, gender, social security number, mailing address, phone numbers,
and email address.

Department of State: On-the-Record Briefing on Unauthorized Accessed
Passport Records, March 20, 2008:

     http://www.state.gov/m/rls/102460.htm

Department of State: Questions Taken at the March 21, 2008 Daily Press
Briefing:

     http://www.state.gov/r/pa/prs/ps/2008/mar/102503.htm

Department of State: Questions taken at the March 24, 2008 Daily Press
Briefing:

     http://www.state.gov/r/pa/prs/ps/2008/mar/102569.htm

Department of State: Daily Press Briefing, March 24, 2008:

     http://www.state.gov/r/pa/prs/dpb/2008/mar/102560.htm

Letters from Senators Leahy and Specter to the Attorney General:

     http://epic.org/redirect/leahy_specter_letter.html 

EPIC’s page on Passport Privacy:

     http://epic.org/privacy/travel/pass/default.html

EPIC’s page on the Privacy Act of 1974:

     http://epic.org/privacy/1974act/

========================================================================
[4] DHS Hits Roadblocks In Demanding Implementation of REAL ID
========================================================================

Several states are rejecting the Department of Homeland Security’s REAL
ID program, which would create a national identification system. States
had until March 31, 2008 to ask the agency for an extension that would
allow state licenses and ID cards to remain “valid for federal purposes”
past May 11, 2008. Though some states did not request extensions, the
Department of Homeland Security approved their driver’s licenses and ID
cards to remain valid through the extension period, until December 31,
2009.

Four states (Maine, Montana, New Hampshire and South Carolina) have
expressly rejected the system and none asked for an extension. DHS has
given all four extensions, though the states said they would never
implement REAL ID because the states have passed laws banning the
national identification system.

The Department of Homeland Security said it “made extensions available
for states that needed additional time to come into compliance, or to
complete ongoing security measures,” implying that states that received
extensions had agreed to implement the REAL ID national identification
system. However, a number of states have said that these extensions do
not constitute an agreement to implement this national ID scheme.

For example, California (one of the most populous states) sent a letter
to DHS on March 18, stating, “California’s request for an extension is
not a commitment to implement REAL ID.” New Hampshire said, “because our
Legislature voted overwhelmingly in 2007 to pass a bill that prohibits
our state from implementing the REAL ID Act in New Hampshire, we cannot
authorize implementation of the REAL ID regulations.”

The REAL ID proposal has drawn sharp criticism from state governments,
members of Congress, civil liberties advocates, and security experts.
EPIC has called the scheme "a real danger to security and civil rights."
Congress is considering legislation to repeal REAL ID.

Senator Patrick Leahy, who co-sponsored legislation to replace REAL ID
with the negotiated rulemaking process originally enacted in the 2004
Intelligence Reform and Terrorist Prevention Act, has criticized the
national identification system. "The Bush administration's REAL ID
program will not only lead to long lines at every DMV across the
country, it will impose a massive unfunded mandate on state governments
while offering absolutely no federal privacy protections to our
citizens," Senator Leahy said.

Department of Homeland Security's Page on REAL ID (including links to
Final Rule and final Privacy Impact Assessment):

     http://www.dhs.gov/xprevprot/programs/gc_1200062053842.shtm

Senator Patrick Leahy, Press Release about REAL ID Final Regulations
(Jan. 11, 2008):

     http://leahy.senate.gov/press/200801/011108a.html

Stop REAL ID Campaign:

     http://www.privacycoalition.org/stoprealid/

EPIC's page on National ID Cards and REAL ID Act (includes links to
letters from states rejecting REAL ID):

     http://epic.org/privacy/id-cards/

========================================================================
[5] EPIC Urges Strong Accuracy Requirements for Worker ID System
========================================================================

In March 31, 2008 comments to the Department of Homeland Security, EPIC
urged the agency to fully apply all Privacy Act of 1974 obligations,
including those of access, correction and data accuracy, to the
Verification Information System. This system gathers and accesses a vast
amount of personal data on citizens and immigrants and uses this data to
underpin the federal government’s Employment Eligibility Verification
System (“EEVS”). 

With this system, DHS is attempting to gain the
authority to determine employment eligibility for virtually all
Americans in the workforce. Privacy Act protections are especially
needed because of data security and accuracy problems in the information
systems used by EEVS, EPIC said. Various federal agencies, including
DHS, have suffered serious data security breaches in recent years.
“Incredibly, the Department of Homeland Security last year reported that
it experienced 844 ‘cybersecurity incidents’ in Fiscal Years 2005 and
2006,” EPIC said. “Among these security breaches: ‘A workstation was
infected with a Trojan scanning for port 137, an event that clearly
demonstrated individuals attempting to scan DHS systems through the
internet,’ ‘Unauthorized individuals gaining access to DHS equipment and
data,’ and ‘numerous Classified data spillages.’” 

Another complication with EEVS is that the majority of "tentative
nonconfirmations" occur because of a significant problem in the systems:
Information in the databases queried is incorrect or untimely. "These
databases have high error rates in determining work eligibility status,
causing these verification problems and backlogs. In a 1997 report and a
2002 follow-up review, the Inspector General of the Department of Justice
found that data from the Immigration and Naturalization Service (the
predecessor of U.S. Citizenship and Immigration Services), which
E-Verify queries, was unreliable and 'flawed in content and accuracy,'"
EPIC said. 

Also, in an October opinion granting a temporary restraining
order enjoining the Department of Homeland Security from implementing a
new “no-match” employment eligibility verification proposal, the federal
judge noted, “the government recognizes, the no-match letters are based
on SSA records that include numerous errors.” In the final rule for REAL
ID implementation (released in January), Department of Homeland Security
admitted there are accuracy and reliability problems in SSOLV said that
it, AAMVA, and the States are working with SSA to attempt to solve these
problems. Such erroneous records could lead to “tentative” or “final
nonconfirmation” notices for affected employees. 

It is inconceivable that the drafters of the Privacy Act would have
permitted such a system to be granted broad exemptions from Privacy Act
obligations. EPIC said, “Consistent and broad application of the Privacy
Act obligations are the best means of ensuring accuracy and reliability
of the data used in a system that profoundly affects Americans’
employment.” 

EPIC has repeatedly detailed problems in the Employment
Eligibility Verification System. In Congressional testimony last year,
EPIC Executive Director Marc Rotenberg said existing agency database
problems should be corrected before any expansion of the system is
considered. He also highlighted the dangers of massive data aggregation
in centralized databases, such as the Employment Eligibility
Verification System. Such a large collection of personal data increases
the possibility that the information could be used for unintended
purposes, such as long-term tracking of individuals, misuse by
authorized users and identity theft.

Federal Register Notice for Verification Information System (February
28, 2008): 

     http://edocket.access.gpo.gov/2008/E8-3833.htm 
     
Department of Homeland Security’s page on Employment Eligibility
Verification System:

     http://www.dhs.gov/ximgtn/programs/gc_1185221678150.shtm 
     
EPIC, Comments Urging Strong Accuracy Requirements for Employment Eligibility
Verification System (March 31, 2008) (pdf):

     http://www.epic.org/privacy/ssn/epic_vis_033108.pdf 
     
EPIC, Marc Rotenberg, Testimony on Employment Verification Systems
before the House Committee on Ways and Means (June 7, 2007) (pdf):

     http://www.epic.org/privacy/ssn/eevs_test_060707.pdf 
     
EPIC’s page on Social Security Numbers: 

     http://epic.org/privacy/ssn/


========================================================================
[6] News in Brief
========================================================================

Congress Holds First Hearing on Online Virtual Worlds, Simulcast in
Second Life

The House Commerce Committee held a hearing today on "Online Virtual
Worlds: Applications and Avatars in a User-Generated Medium." It was the
first simulcast of a Congressional hearing in a virtual world. In the
Chairman's Opening Statement, Rep. Ed Markey (D-MA) described the
hearing as "both a glimpse into the future and a window into the current
reality of millions of people across the world." The most recent edition
of the EPIC Privacy and Human Rights report contains a "country report"
on Second Life.

Committee on Energy and Commerce:

     http://energycommerce.house.gov/

Press release – Representative Edward Markey:

     http://epic.org/redirect/markey_pr.html

EPIC Bookstore - Privacy and Human Rights 2006:

     http://epic.org/phr06/


Despite Data Breaches, Federal Trade Commission Does Not Fine TJX, Reed
Elsevier, or Seisint

The FTC settled separate actions against a retailer, TJX, and two data
brokers, Reed Elsevier, and Seisint, without imposing fines.  The
Commission alleged that the companies “failed to provide reasonable and
appropriate security for sensitive consumer information,” which led to
data breaches.  As a result of the TJX data breach, between 45 million
and 100 million credit card numbers were exposed to fraud.  As a result
of the Reed Elsevier and Seisint data breach, personal information
regarding several hundred thousand people was exposed in a scheme
involving stolen computer logins and passwords.  The Commission did not
fine the companies, but required that they tighten security measures and
perform future audits.  The FTC is accepting public comments regarding
the settlements through April 28, 2008.  The Commission will make a
final decision regarding the settlement after the conclusion of the
comment period.

Agency Announces Settlement of Separate Actions Against Retailer TJX,
and Data Brokers Reed Elsevier and Seisint for Failing to Provide
Adequate Security for Consumers’ Data:
  
     http://www.ftc.gov/opa/2008/03/datasec.shtm

EPIC's Identity Theft page:

     http://epic.org/privacy/idtheft/


William E. Kovacic Appointed Federal Trade Commission Chairman

Commissioner William E. Kovacic was selected by President Bush serve as
Chairman of the FTC upon the departure of the current Chairman, Deborah
Platt Majoras. Majoras previously announced her resignation and made
public her intention to join Procter & Gamble Co. after leaving the
Commission. Commissioner Kovacic, previously confirmed as a FTC
Commissioner, will not require additional confirmation by the Senate.
Kovacic inherits a Commission docket that has recently been replete with
privacy-related matters.  Last week, the Commission settled actions
arising from data breaches at TJX, Reed Elsevier, and Seisint.  In
January 2008, EPIC filed a complaint with the Commission arising from
Ask.com’s unfair and deceptive search engine privacy practices.  In
April 2007, EPIC asked the Commission to impose privacy-protecting
conditions on the Google-Doubleclick merger.

FTC Announcement:

     http://ftc.gov/opa/2008/03/kovacic.shtm

EPIC’s page on AskEraser:

     http://epic.org/privacy/ask/default.html

EPIC’s page on the Google/DoubleClick Deal:

     http://epic.org/privacy/ftc/google/


Homeland Security Releases Final Rule on Controversial Traveler System

The Department of Homeland Security has released the final regulations
for the Western Hemisphere Travel Initiative (WHTI), a system that
requires U.S. citizens and foreign nationals to present a passport or
other documents to prove identity and citizenship when entering the
United States from certain countries in North, Central or South America.
Senators Leahy and Stevens authored a law that postponed the document
requirements until June 2009 or until seven conditions are met,
whichever is later. In response to the final rule, Senator Leahy said,
DHS “still [has] given the American people no reason to believe they
will meet the readiness conditions in the new law. […] In DHS’s hands,
WHTI is not an advance in security but smoke and mirrors with little
real benefit and the potential for a great deal of collateral damage to
our economy.” EPIC has detailed problems in the agency’s plan for a
travel card under this system, explaining that the tracking technology
proposed would jeopardize the privacy and security of US travelers.

Department of Homeland Security’s Final Rule on Western Hemisphere
Travel Initiative  (March 27, 2008) (pdf):

     http://www.dhs.gov/xlibrary/assets/whti_landseafinalrule.pdf 
     
EPIC's page on RFID: 

     http://www.epic.org/privacy/rfid/
     

Intelligence Agencies Using Google Technologies

Agencies of the United States government are using Google technologies
for their intelligence operations.  The Intellipedia project, a
classified wiki that agents add their information to, is using Google
search technologies. Google's federal government sales team seeks to
expand the sales of its technologies to federal agencies.  Google
recently merged with Doubleclick, an Internet cookie-based advertising
firm with extensive profiles of Internet user's browsing histories.

EPIC Page on Search Engine Privacy:

     http://epic.org/privacy/search_engine/

EPIC Page on Google/Doubleclick Merger:

     http://epic.org/privacy/ftc/google/


Unencrypted Laptop Containing Patient Data Stolen From NIH

A laptop stolen from the National Institutes of Health (NIH) contained
personal identifiers and some health information. The laptop with data
on 2,500 research subjects was stolen from a researcher's car.
Congressman Ed Markey sent a letter to Health and Human Services
Secretary Michael Leavitt inquiring why the data was not encrypted
according to federal standards and why the subjects were not promptly
notified. The subjects of the stolen data were not notified until a
month after the breach. This follows after other federal government
security breaches, including the theft of a laptop at the Department of
Veteran's affairs that exposed the personal information of 26 million
veterans.

EPIC Page on VA Data Theft

    http://epic.org/privacy/vatheft/

Congressman Markey's Letter to the HHS Secretary

    http://markey.house.gov/docs/health/032408nihdataloss.pdf


Washington State Passes Laws Limiting RFID Use

Washington state has passed two laws that limit the collection and use
of radio frequency identification (RFID) technology data. RFID chips
transmit data wirelessly, which can raise security and privacy risks if
proper safeguards are not in place. HB 2729 and HB 1031 make it a felony
to “skim” data from RFID-enabled ID cards; “skimming” is the gathering
of data from RFID without that person's knowledge and consent for
criminal purposes. There are exceptions for international border
crossings. However, the final laws no longer contain provisions that
would have outlawed surreptitious gathering of such data for marketing
purposes, so that may still be done even without the individuals’
knowledge or consent. The laws set restrictions on the release of ID
card data to law enforcement officials. The laws will go into effect on
June 12.

Washington State HB 2729: Addressing the reading and handling of certain
identification documents (pdf):

     http://epic.org/redirect/HB_2729.html 

Washington State HB 1031: Changing provisions concerning electronic
devices (pdf):

     http://epic.org/redirect/HB_1031.html 

EPIC page on RFID:

     http://epic.org/privacy/rfid/


========================================================================
[7] EPIC Bookstore: “The Commission”
========================================================================

The Commission: The Uncensored History of the 9/11 Investigation by
Philip Shenon 

     http://www.powells.com/partner/24075/biblio/9780446580755

It is difficult to describe the reaction in Washington, DC when the
final report of the 9-11 Commission appeared in bookstores across the
city. For those policy wonks who are accustomed to bland reports from
the Government Printing Office, the stack of paperbacks on tables at
Borders and Barnes & Nobles was an amazing site. Bookstore windows
featured the “Report on National Commission on Terrorist Attacks Upon
the United States” next to best-selling fiction and popular diet books.
And at $8 a copy, the book became a bestseller.

The writing was widely praised. “It reads like a thriller,” gushed the
reviewers who pointed to chapters with titles such as “The System was
Blinking Red.” The co-chairman intoned the bipartisan agreement that
signaled official Washington’s official acceptance of the report’s
conclusions. And candidates for office and members of Congress rushed to
endorse the recommendations of the 9-11 Commission as if it were a
shopping list. (The new Democratic Majority placed the list on web site
and checked off items as legislation was enacted.)

To be sure, the work of the 9-11 Commission was an extraordinary
undertaking on a difficult topic, brought forward during a period of
growing political polarization. The temptation to lay blame was
everywhere apparent. Could President Clinton have stopped bin Laden? He
gave the order to take out the 9-11 mastermind but the plan was poorly
executed. Did President Bush’s National Security team drop the ball
during the transition? They were told to focus on bin Laden, but worried
more about an off-course spy plan.

Phil Shenon, the New York Times reporter who covered the Commission for
the paper, went behind the scenes, spoke with staff, the Commissioners,
those who appeared before the Commission, and others whose stories often
remained out of the paper. Shenon’s particular focus was on the executive
director of the Commission, Virginia history professor Phil Zelikow. In
parts brilliant and abrasive, Zelikow, Shenon reports, kept the staff on
edge, the commission in the dark, and the report on track. The big
secret about the Zelikow appointment was that he had authored the Bush
administration’s memo on pre-emptive war that led the country into Iraq.
He also maintained close ties with Secretary of State Condoleezza Rice,
whose own inability to focus President Bush on the bin Laden threat may
have contributed to the events of 9-11. The conclusion, one could easily
draw, is that Zelikow biased the report to diminish the responsibility
of the Bush administration. But that conclusion is not beyond dispute,
given the extensive commentary since publication of the 9-11 report, the
comments of the Commissioners, and the interesting exchange between the
author and Zelikow himself.

Still, criticisms of the report and the implementation of the
recommendations remain. Some commentators, such as Judge Richard Posner,
questioned whether the effort to streamline the federal government was
an effective way to respond to an unpredictable enemy (redundancy has
its virtues) and even whether it would be possible to prevent a future
attack by determined opponents.

Civil libertarians also rightly question whether the security
recommendations of the Commission were given greater priority than the
privacy recommendations. There is little evidence, for example, that new
mechanisms of oversight have matched the new systems of surveillance, as
the Commission proposed. There is no discussion of the President’s
domestic surveillance program in the report, even though the spying
began shortly after 9-11. That oversight is troubling. Given the
Commission’s generally helpful recommendations on Patriot Act review,
one wonders what might have been said if the full scope of domestic
spying were known. The watch lists, embraced by the Commission, continue
grow even as the program of record inaccuracy plagues the government’s
data sharing efforts. And the proposal for REAL ID has provoked such a
backlash from the states that that box of completed recommendations may
soon be unchecked.

There is good reason to continue to evaluate the impact of the 9-11
Commission and more generally the steps taken in the response to the
terrorist attacks upon the United States. The selection of the executive
director of the 9-11 Commission is one topic. There are others.

-	Marc Rotenberg

[EPIC’s Commentary on the 9-11 Commission is available at
http://epic.org/privacy/terrorism/911comm.html]

================================


EPIC Publications:

"Information Privacy Law: Cases and Materials, Second Edition" Daniel J.
Solove, Marc Rotenberg, and Paul Schwartz. (Aspen 2005). Price: $98.
http://www.epic.org/redirect/aspen_ipl_casebook.html

This clear, comprehensive introduction to the field of information
privacy law allows instructors to enliven their teaching of fundamental
concepts by addressing both enduring and emerging controversies. The
Second Edition addresses numerous rapidly developing areas of privacy
law, including: identity theft, government data mining and electronic
surveillance law, the Foreign Intelligence Surveillance Act,
intelligence sharing, RFID tags, GPS, spyware, web bugs, and more.
Information Privacy Law, Second Edition, builds a cohesive foundation
for an exciting course in this rapidly evolving area of law.

================================

"Privacy & Human Rights 2006: An International Survey of Privacy Laws
and Developments" (EPIC 2007). Price: $75.
http://www.epic.org/phr06/

This annual report by EPIC and Privacy International provides an
overview of key privacy topics and reviews the state of privacy in over
75 countries around the world. The report outlines legal protections,
new challenges, and important issues and events relating to privacy.
Privacy & Human Rights 2006 is the most comprehensive report on privacy
and data protection ever published.

================================

"FOIA 2006: Litigation Under the Federal Open Government Laws," Harry
A. Hammitt, Marc Rotenberg, Melissa Ngo, and Mark S. Zaid, editors
(EPIC 2007). Price: $50. http://www.epic.org/bookstore/foia2006

This is the standard reference work covering all aspects of the Freedom
of Information Act, the Privacy Act, the Government in the Sunshine Act,
and the Federal Advisory Committee Act.  The 23nd edition fully updates
the manual that lawyers, journalists and researchers have relied on for
more than 25 years.  For those who litigate open government cases (or
need to learn how to litigate them), this is an essential reference
manual.

================================

"The Public Voice WSIS Sourcebook: Perspectives on the World Summit on
the Information Society" (EPIC 2004). Price: $40.
http://www.epic.org/bookstore/pvsourcebook

This resource promotes a dialogue on the issues, the outcomes, and the
process of the World Summit on the Information Society (WSIS).  This
reference guide provides the official UN documents, regional and
issue-oriented perspectives, and recommendations and proposals for
future action, as well as a useful list of resources and contacts for
individuals and organizations that wish to become more involved in the
WSIS process.

================================

"The Privacy Law Sourcebook 2004: United States Law, International Law,
and Recent Developments," Marc Rotenberg, editor (EPIC 2005). Price:
$40.
http://www.epic.org/bookstore/pls2004/

The Privacy Law Sourcebook, which has been called the "Physician's Desk
Reference" of the privacy world, is the leading resource for students,
attorneys, researchers, and journalists interested in pursuing privacy
law in the United States and around the world. It includes the full
texts of major privacy laws and directives such as the Fair Credit
Reporting Act, the Privacy Act, and the OECD Privacy Guidelines, as well
as an up-to-date section on recent developments. New materials include
the APEC Privacy Framework, the Video Voyeurism Prevention Act, and the
CAN-SPAM Act.

================================

"Filters and Freedom 2.0: Free Speech Perspectives on Internet Content
Controls" (EPIC 2001). Price: $20.
http://www.epic.org/bookstore/filters2.0

A collection of essays, studies, and critiques of Internet content
filtering.  These papers are instrumental in explaining why filtering
threatens free expression.

================================

EPIC publications and other books on privacy, open government, free
expression, crypto and governance can be ordered at:

EPIC Bookstore http://www.epic.org/bookstore

"EPIC Bookshelf" at Powell's Books
http://www.powells.com/bookshelf/epicorg.html

================================

EPIC also publishes EPIC FOIA Notes, which provides brief summaries of
interesting documents obtained from government agencies under the
Freedom of Information Act.

Subscribe to EPIC FOIA Notes at:
https://mailman.epic.org/cgi-bin/control/foia_notes


========================================================================
[8] Upcoming Conferences and Events
========================================================================

"Can Privacy Education Help Consumers?". April 17, 2008. National Press
Club. For more information:
http://annenbergwashingtonseries.org/speakers.html

"Next steps towards privacy enhancing security technologies", April
28-29, 2008, Vienna. For more information:
http://www.prise.oeaw.ac.at/conference.htm

Identity, Privacy and Security Research
Symposium, May 2, 2008, Toronto. For more information:
http://www.ipsi.utoronto.ca.

CFP 2008: Technology Policy 08. New Haven, Connecticut. May 19-23,
2008. For more information http://www.cfp2008.org

Future of the Internet Economy - OECD Ministerial Meeting. June 17-18,
2008. Seoul, Korea. For more information:
http://www.oecd.org/document/19/0,2340,en_2649_37441_38051667
_1_1_1_37441,00.html

Second Annual National Institute on Cyberlaw: Expanding the Horizons.
June 18-20, 2008. Washington DC. For more information:
http://www.abanet.org/cle/programs/n08ceh1.html 

Conference on Ethics, Technology and Identity. The Hague. June 18-20,
2008. For more information http://www.ethicsandtechnology.eu/ETI

The Privacy Symposium - Summer 2008: An Executive Education Program on
Privacy and Data Security Policy and Practice, August 18-21, 2008,
Harvard University, Cambridge, MA. For more information:
http://www.privacysummersymposium.com/. 

======================================================================
Subscription Information
======================================================================

Subscribe/unsubscribe via web interface:

https://mailman.epic.org/cgi-bin/mailman/listinfo/epic_news

Back issues are available at:

http://www.epic.org/alert

The EPIC Alert displays best in a fixed-width font, such as Courier.

========================================================================
Privacy Policy
========================================================================

The EPIC Alert mailing list is used only to mail the EPIC Alert and to
send notices about EPIC activities.  We do not sell, rent or share our
mailing list.  We also intend to challenge any subpoena or other legal
process seeking access to our mailing list.  We do not enhance (link to
other databases) our mailing list or require your actual name.

In the event you wish to subscribe or unsubscribe your e-mail address
from this list, please follow the above instructions under "subscription
information."

========================================================================
About EPIC
========================================================================

The Electronic Privacy Information Center is a public interest research
center in Washington, DC.  It was established in 1994 to focus public
attention on emerging privacy issues such as the Clipper Chip, the
Digital Telephony proposal, national ID cards, medical record privacy,
and the collection and sale of personal information. EPIC publishes the
EPIC Alert, pursues Freedom of Information Act litigation, and conducts
policy research.  For more information, see http://www.epic.org or write
EPIC, 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009. +1 202
483 1140 (tel), +1 202 483 1248 (fax).

========================================================================
Donate to EPIC
========================================================================

If you'd like to support the work of the Electronic Privacy Information
Center, contributions are welcome and fully tax-deductible.  Checks
should be made out to "EPIC" and sent to 1718 Connecticut Ave., NW,
Suite 200, Washington, DC 20009.  Or you can contribute online at:
http://www.epic.org/donate

Your contributions will help support Freedom of Information Act and
First Amendment litigation, strong and effective advocacy for the right
of privacy and efforts to oppose government regulation of encryption and
expanding wiretapping powers.

Thank you for your support.

------------------------- END EPIC Alert 15.07 -------------------------

.