EPIC logo

  
========================================================================
                              E P I C  A l e r t
========================================================================
Volume 15.08                                            April 17, 2008
------------------------------------------------------------------------

                               Published by the
                  Electronic Privacy Information Center (EPIC)
                               Washington, D.C.

                http://www.epic.org/alert/EPIC_Alert_15.08.html


========================================================================
Table of Contents
========================================================================
[1] Documents Reveal Federal Role In Fusion Center Secrecy
[2] European Privacy Officials: Privacy Rules Apply to Search Engines
[3] EPIC Urges Senate Committee to Press FTC on Consumer Privacy and FOIA
[4] EPIC Urges Strong Consumer Protections in RFID Bill in New Hampshire
[5] TACD Issues Charter for Consumer Rights in the Digital World
[6] News in Brief
[7] EPIC Bookstore: "Federal Dataveillance"
[8] Upcoming Conferences and Events
     - Subscription Information
     - Privacy Policy
     - About EPIC
     - Donate to EPIC
       http://www.epic.org/donate

========================================================================
[1] Documents Reveal Federal Role In Fusion Center Secrecy
========================================================================

Pursuant to a Freedom of Information Act lawsuit, EPIC has obtained a
Memorandum of Understanding between the FBI and the Virginia State
Police that limits the state's open government law.  The Memorandum
applies to the Virginia Fusion Intelligence Center, a database that
collects information on ordinary citizens.  The agreement requires the
state agency to comply with federal regulations that restrict the
disclosure of records about the Virginia Fusion Center that would
otherwise be available to the public.  The State Police disclosed the
document in response to EPIC’s lawsuit, which follows EPIC’s February
12, 2008 open government request to the Department.

The federal regulations (28 CFR Part 16) cited in the Memorandum contain
at least thirty-seven exemptions from open government and privacy laws.
The Memorandum also requires the State Police to refer open government
requests to federal agents if the requests relate to information shared
by the FBI with the fusion center.  In effect, the Memorandum imposes
additional limitations on the documents that can be accessed by the
public under Virginia’s open records and privacy law.

EPIC’s lawsuit against the Virginia State Police remains pending.  At a
April 10, 2008 hearing in Richmond, a District Court judge required the
State Police to produce additional records sought by EPIC. EPIC’s
requests target documents relating to communications between the State
Police and federal entities regarding funding and development of the
Virginia Fusion Center, as well as impact on Virginia’s government
transparency and privacy laws.

EPIC sued the State Police to compel the disclosure of public records
relating to the role of federal agencies in the Virginia Fusion Center. 
Of particular interest to EPIC is federal involvement in recent
legislative efforts to limit Virginia’s open government and privacy
laws. EPIC seeks to determine whether the U.S. Dept. of Justice or the
U.S. Dept. of Homeland Security participated in the development of the
legislation, HB 1007.  The legislation, introduced in January 2008,
limits Virginia's open government and privacy statutes, as well as
Virginia's common law right of privacy, for Virginia agencies connected
to the Virginia Fusion Center.  The fusion center is one of several
similar entities established by state governments throughout the United
States.

Fusion centers are intelligence databases that collect information from
federal, state, municipal, and private sources.  Privacy advocates have
criticized the non-transparent operation of fusion centers, and their
lack of meaningful civilian oversight.  Federal guidelines call for
fusion centers to accumulate and retain information about citizens from
sources such as: financial records, credit reports, medical records,
internet and email data, video surveillance from retail stores and
sporting facilities, data from preschools, and welfare records.

EPIC v. Virginia Department of State Police - Fusion Center Secrecy
Bill:

     http://epic.org/privacy/virginia_fusion/

Memorandum of Understanding:

     http://epic.org/privacy/virginia_fusion/MOU.pdf

EPIC’s Freedom of Information Act Lawsuit:

     http://epic.org/privacy/fusion/VA_FOIA_lawsuit_032108.pdf

EPIC’s Freedom on Information Act Request:

     http://epic.org/privacy/fusion/VA_FOIA021208.pdf

EPIC - Information Fusion Centers and Privacy:

     http://epic.org/privacy/fusion/


========================================================================
[2] European Privacy Officials: Privacy Rules Apply to Search Engines
========================================================================

A recent opinion from the Article 29 Data Protection Working Party has
established that European privacy rules apply to various search engine
services. A previous opinion had stated that Internet Protocol (IP)
addresses were personal data.  Search engines collect vast amounts of
data in the form of search terms submitted by individuals, cookies, logs
of IP addresses, data collected via associated services (like email or
instant messaging), and in their cached copies of indexed websites.
Search engines that have establishments or use equipment within the
European Union are subject to the requirements of the Data Protection
Directive, even if their corporate headquarters are outside of Europe.

The requirements limit the processing of personal data to legitimate
purposes, and forbid excessive collection of data. Search engines must
therefore delete or anonymize personal data once they are no longer
necessary for the original purpose collected. The Working Party did not
see a need for the retention to last longer than 6 months.  Search
engines should follow "robots.txt" and other metadata used by website
owners to mark which parts of their websites should not be indexed by
search engines. Search engines should give  data subjects clear and
intelligible information about the data they collect, and the purposes
for which it is used.  Secondary uses, such as creating profiles of
natural persons or facial recognition of images, must be based on
legitimate grounds such as consent.  These uses should also meet all the
requirements of the Data Protection Directive.

Earlier this year, EPIC urged the European Parliament to protect the
privacy of search engine information. EPIC noted that search engines
keep personal data when IP addresses can be used to identify
individuals. EPIC also detailed general privacy problems with the
Google-Doubleclick merger, including the 2 year retention of query data
and the lack of adequate explanation of why this retention is necessary.
Google also fails to allow individuals to see the data that is kept on
them or otherwise expunge this data.

The Working Party also stated that the requirements of the Data
Retention directive did not apply to search engine services. Search
engines are not "electronic communications services" subject to
retention requirements, though search companies may offer other
services, such as email, that would be.

Opinion on Data Protection Issues Related to Search Engines

     http://epic.org/redirect/ec_data_protection.html

Article 29 Data Protection Working Party

     http://ec.europa.eu/justice_home/fsj/privacy/workinggroup/index_en.htm

EPIC Testimony Before the European Parliament on Data Protection and
Search Engines

     http://epic.org/privacy/ftc/google/

EPIC's Search Engine Privacy page

     http://epic.org/privacy/search_engine/

EPIC Page on the Google-DoubleClick Merger

     http://epic.org/privacy/ftc/google/


========================================================================
[3] EPIC Urges Senate Committee to Press FTC on Consumer Privacy and FOIA
========================================================================

On April 7, 2008, EPIC asked the Senate Commerce Committee to press the
Federal Trade Commission (FTC) on the Commission's failure to adequately
protect consumer privacy and failure to operate transparently. EPIC
highlighted the Commission's decision to not require privacy safeguards
as a condition of the recent Google/Doubleclick merger. EPIC also
detailed the FTC's handling of Chairman Deborah Platt Majoras’ apparent
conflict of interest in the merger review, and noted that the FTC has
failed to disclose records relating to Jones Day's involvement in the
merger review.

In a letter to the Committee, EPIC stated that, by approving the
Google/Doubleclick merger on December 20, 2007, the Commission failed to
fulfill its obligations to the public.  As a result, it placed the
privacy interests of American consumers at grave risk.

On April 20, 2007, EPIC filed a detailed complaint asking the Commission
to establish substantial privacy safeguards as a condition of approving
the then-proposed merger of Google, Inc. and Doubleclick, Inc.  EPIC
informed the Commission that the Google/Doubleclick merger posed a
unique and substantial threat to the privacy interests of Internet users
around the world.  EPIC’s Complaint urged the Commission to either block
the deal or impose substantial privacy safeguards as conditions of
merger approval.  Others, including Senators Patrick Leahy and Herbert
Kohl, shared EPIC’s concerns regarding the merger’s privacy
implications. Despite the serious consumer privacy threats raised by the
merger, the Commission approved it, and did not impose any conditions to
protect consumers’ privacy.

EPIC’s letter to the Committee also observed that the Commission’s
handling of Chairman Majoras’ apparent conflict of interest in the
Google/Doubleclick merger review reflects poorly on the Commission’s
impartiality and commitment to transparency.  The role of the Jones Day
law firm in the Google/Doubleclick merger review raised questions
regarding an apparent conflict of interest.  During the Commission’s
review of the merger, Jones Day publicly stated that it represented
Doubleclick regarding the merger.   EPIC learned that Chairman Majoras’
spouse, John M. Majoras, is a Jones Day partner, and sought the
Chairman’s recusal from the merger review. Chairman Majoras declined to
recuse herself, and voted to approve the merger without conditions.  In
December 2007, EPIC filed two brief open government requests for
Commission records relating to the apparent conflict. The Commission did
not respond timely to EPIC’s requests, and has not disclosed a single
document.  On March 14, 2008, EPIC filed a lawsuit to compel the FTC to
disclose the documents.

The Senate Commerce Committee held hearings regarding the Commission's
reauthorization on April 8, 2008. EPIC urged the Committee to cut the
Commission's budget by 5% based on the Commission's lack of commitment
to consumer privacy and open government.

EPIC’s Letter to the Senate Commerce Committee:

     http://epic.org/privacy/ftc/EPIC_letter_020708e.pdf

Summary of FTC Reauthorization Legislation:

     http://epic.org/redirect/us_senate.html

EPIC’s Open Government Lawsuit Against the FTC:

     http://epic.org/privacy/ftc/google/FTC_Complaint031408.pdf

EPIC's page on Privacy? Proposed Google/Doubleclick Deal:

     http://epic.org/privacy/ftc/google/

========================================================================
[4] EPIC Urges Strong Consumer Protections in RFID Bill in New Hampshire
========================================================================

In response to a request from a New Hampshire state senator, EPIC this
week analyzed HB 686, concerning radio frequency identification (RFID)
technology. EPIC supports the legislation, as it includes strong
consumer protections, and recommends two additions.

RFID systems generally include a tag or chip (on which data is stored)
and an antenna (to transmit the data to a reader).  “Active” RFID tags
or chips have an internal power source, transmit continuously, and can
initiate communication with readers. “Passive” RFID tags or chips do not
have an internal power source but rather derive power from the reader’s
signal; nor can they initiate communication with readers.

RFID tags are small enough to be invisibly embedded in products, product
packaging and even printing inks. They can be read from a distance and
through a variety of substances such as snow, fog, ice or paint. The
data transmitted by the tag may provide identification or location
information, or specifics about the product tagged, such as price,
color, or date of purchase.

HB 686 is important, EPIC said, because "RFID technology is rapidly
increasing. Major uses of RFID include electronic roadway toll
collection (E-Z pass systems), passports, various ID cards (such as
university ID cards), credit and debit cards, supply chain management
and animal tracking." EPIC explained there are privacy and security
risks associated with RFID-enabled identification cards, including
“skimming” and “eavesdropping.”  Skimming occurs when an individual with
unauthorized RFID reader gathers information from an RFID chip without
the cardholder’s knowledge. Eavesdropping occurs when an unauthorized
individual intercepts data as it is read by an authorized RFID reader or
interrogator.

The legislation would establish important safeguards for New Hampshire
residents, EPIC said "including: (1) penalties for illegal use of RFID
technology; (2) a private right of action for individuals; (3)
restrictions on the use of RFID technology by the State of New Hampshire
with few exceptions; (4) prohibitions on electronic tracking of
individuals without a valid court order or consent; and (5) prohibitions
against forced implantation of RFID devices in humans."

Though HB 686 includes numerous consumer protections, EPIC also
recommended the NH Senate "also: (1) address unique identifiers linked
to databases containing personally identifiable information, and (2)
label RFID readers and interrogators, as well as RFID tags and products
containing tags." Such unique identifiers can be used to create detailed
personal profiles on individuals. "Though companies have urged against
the regulation of these unique identifiers, they should be covered under
HB 686 because the misuse or abuse of such unique identifiers could be
as risky as misuse or abuse of Social Security Numbers," EPIC said.

Also, though HB 686 includes provisions requiring the labeling of
products containing RFID tags, EPIC recommends "that there should be a
requirement that RFID readers or interrogators also clearly and
prominently display a universally recognized symbol for RFID technology,
so that consumers will know where there is a danger of their data being
read without their knowledge." HB 686 has passed the New Hampshire House
and is before the Senate.

New Hampshire HB 686, “An act relative to the regulation of remotely
readable devices and the illegal use of payment card scanning devices or
reencoders”:

  http://www.gencourt.state.nh.us/legislation/2008/HB0686.html

EPIC Analysis of HB 686 (April 14, 2008) (pdf):

    http://epic.org/privacy/rfid/epic_clegg_hb686.pdf

EPIC page on RFID Technology:

    http://epic.org/privacy/rfid/

========================================================================
[5] TACD Issues Charter for Consumer Rights in the Digital World
========================================================================

The Trans-Atlantic Consumer Dialogue (TACD), a group of US and EU
consumer organizations, has issued its Charter for Consumer Rights in
the Digital World. The Charter "identifies the core rights that the
members of TACD regard as indispensable to meeting the challenges
presented by the digital world and the utilization of its potentials."

These rights are culled from previous TACD resolutions detailing the
interests of consumers in the digital world. The rights in the Charter
are: "1. Right to access neutral networks 2. Right to access digital
media and information 3. Right to secure networks and services 4. Right
to privacy and data protection 5. Right to software interoperability 6.
Right to barrier-free access and equality 7. Right to pluralistic
media."

As personal data of consumers is increasingly gathered and compiled into
detailed profiles, there is a need to focus on the right to privacy and
data protection. For example, online targeted advertising is becoming
more invasive. TACD urges, among other things, that businesses and
governments: "be subjected to enforceable Fair Information Practices
that give rights to consumers and impose responsibilities on
organizations that collect and use personal data"; "use effective and
updated technology to protect confidential personal data against
unauthorized use"; "inform consumers of the measures they can take to
protect their own data." Also, governments should "ensure that programs
to combat terrorism and organized crime do not undermine
self-determination in terms of personal information and the protection
of individuals' privacy."

As the Internet becomes a more important information source, there is
the growing risk that such data will be filtered or slanted in some
form. TACD notes, "Internet service providers (ISPs) may block or
degrade the access of consumers to certain content and applications, or
limit the types of equipment that can be attached to networks."
Therefore, TACD details the right of consumers to access neutral
networks. "That means that consumers have the right to attach devices of
their choice, the right to access or provide content, services and
applications of their choice, and the right for this access to be free
from discrimination according to source, destination, content and type
of application."

Finally, the TACD Charter for Consumer Rights urged "Internet users and
governments to develop a better understanding of the challenge industry
consolidations pose to the open Internet and specifically how dominant
Internet firms are able to leverage their position in one market sector
to discourage competition other market sectors." TACD recommended that
governments "Ensure that competition law is enforced paying particular
attention to the increasing vertical integration in this sector" and
that governments "Establish privacy and consumer safeguards as a central
requirement in the context of merger review for Internet firms."

On its Web site, TACD lists more recommendations on how to protect the
seven rights of the Charter for Consumer Rights in the Digital World.

Trans-Atlantic Consumer Dialogue, Charter for Consumer Rights in the
Digital World (April 16, 2008):

     http://epic.org/redirect/tacd.html

Code of Fair Information Practices:

     http://epic.org/privacy/consumer/code_fair_info.html

EPIC page on Privacy? Proposed Google-DoubleClick Merger (concerning
online targeted advertising and privacy questions):

 http://epic.org/privacy/ftc/google/

EPIC page on Personal Data and Privacy Protection:

     http://epic.org/privacy/consumer/

========================================================================
[6] News in Brief
========================================================================

Bill to Reimburse Jurisdictions for Cost of Paper Ballots for November
Fails

The House failed to pass H.R. 5036 with a sufficient margin to ensure
that jurisdictions that decide to acquire paper ballot systems for the
November 2008 election from being reimbursed by the federal government.
The measure would have also provided funding to states for conducting
post election audits. The vote was actually a procedural move to place
the bill on the “Suspension Calendar,” which would indicate a
non-controversial measure. The Democrats and Republicans had worked out
an agreement to support the bill being placed on the Suspension
Calendar, but the White House issued a statement late on the day prior
to the vote in opposition of the effort. This resulted in a nearly
perfect party line vote—resulting in the outcome falling short of the
2/3rds majority needed.  The vote was 239 for and 178 against placing
the bill on House Calendar under suspensions.

Vote on the Bill:

     http://clerk.house.gov/cgi-bin/vote.asp?year=2008&rollnumber=188 

HR 5036:

     http://thomas.loc.gov/cgi-bin/query/D?c110:2:./temp/~c110isK3RU:: 
     
White House Statement

     http://www.whitehouse.gov/omb/legislative/sap/110-2/saphr5036-h.pdf 
     
EPIC voting project: 

     http://votingintegrity.org


Medical Center Staff Spied for 10 years on Celebrity Patients

UCLA Medical center staff have, for 10 years, improperly accessed
confidential medical files. A former employee recently confirmed
accessing the records of celebrities such as Maria Shriver and Farrah
Fawcett. Another discussed similar snooping 13 years ago. Secretary Kim
Belshe, of the California Health and Human Services agency has promised
to take action against UCLA.

Report: UCLA File Snooping an Old Issue

     http://www.nytimes.com/aponline/us/AP-Records-Snooping.html

EPIC Page on Medical Privacy

     http://epic.org/privacy/medical/


Legal Questions Surround Surreptitious DNA Gathering

Lawyers are raising challenges to police practices of gathering DNA from
individuals without warrants or other legal process. Police tail the
suspect and wait for them to discard a cigarette, saliva, or other
material from which DNA can be extracted. Lawyers argue that individuals
have a reasonable expectation of privacy in their genetic information
discarded by routine bodily functions. The police practice leads to the
unsupervised government collection of DNA information on innocent
individuals. DNA can identify not only an individual, but can also
reveal sensitive health and family information.

Lawyers Fight DNA Samples Taken on The Sly

     http://www.nytimes.com/2008/04/03/science/03dna.html

EPIC Genetic Privacy Page

     http://epic.org/privacy/genetic/

EPIC Page on Johnson v. Quander (Compelled DNA Collection)

     http://epic.org/privacy/johnson/


Washington, DC, Police to Connect 5,000 Surveillance Cameras

DC officials are poised to give the Metropolitan Police Department
access to 5,000 cameras throughout the city. These cameras were
originally deployed to monitor traffic, schools and public housing but
are now being drafted into general public surveillance. Last month, in a
statement to the DC Council, EPIC urged a careful evaluation of the cost
and effectiveness of camera surveillance systems. No studies have shown
a significant drop in violent crime when camera systems are used. The
MPD has suggested a drop in crime in some parts of the city, but Council
member Mary Cheh noted that MPD did not analyze whether the crimes were
merely displaced to other areas of the city. In the MPD's annual report
on cameras, police showed no convictions and a handful of arrests based
on evidence from the 73 cameras throughout the District.

Washington Metropolitan Police Department, Closed Circuit Television
(CCTV) Annual Report 2007 (pdf):

     http://epic.org/redirect/mpdc_cctv_annual_report.html


EPIC, Statement to the DC Council Opposing Expanded Camera Surveillance
Under Bill 17-438 (pdf):

     http://www.epic.org/privacy/surveillance/epic_dc17-438_031108.pdf

EPIC's page on Video Surveillance:

     http://epic.org/privacy/surveillance/


Alaska Joins Other States in Rejecting REAL ID System

Just two weeks after DHS granted all 56 states and territories
extensions that would allow state licenses and ID cards to remain "valid
for federal purposes" past May 11, 2008, Alaska has passed legislation
against the REAL ID national identification scheme. SB 202 states, "A
state agency may not expend funds solely for the purpose of implementing
or aiding in the implementation of, the requirements of the federal Real
ID Act of 2005." DHS has said it "made extensions available for states
that needed additional time to come into compliance, or to complete
ongoing security measures," implying that states that received
extensions had agreed to implement the national identification system.
However, Alaska is one of several states that has declared unequivocally
that it will not implement the REAL ID scheme.

Alaska SB 202, "An Act relating to expenditures in aid of or to
implement the provisions of the federal Real ID Act" (pdf):

     http://epic.org/privacy/id-cards/alaska_sb202.pdf

EPIC's page on National ID Cards and the REAL ID Act:

     http://epic.org/privacy/id-cards/


========================================================================
[7] EPIC Bookstore: "Federal Dataveillance"
========================================================================

Federal Dataveillance: Implications for Constitutional Privacy
Protections by Martin Kuhn.

     http://www.powells.com/partner/24075/biblio/9781593322304  

The defining of what is meant by privacy is the topic of this book—but
more important the challenges of keeping that definition salient to the
world of information exchange. The book explores privacy as space,
privacy as secrecy, and privacy as information control. The definition
has changed because of new business practices, technologies and social
and cultural norms.  This book does a very good job of touching on the
issues of information privacy by first explaining its origin and its
transformation into an enforceable right protected by the First and
Fourth Amendment. It is also noteworthy that this book is one of the
best resources on the body of work produced by privacy experts who focus
on the public interest because of extensive referencing.  Too often
writers who address the topic of privacy may fail to cite the original
source of a particular perspective or research.

The book is a surprisingly quick read on a complicated subject, which is
very successful in presenting the information in a digestible format. 
The writings of the best minds that have worked on and advanced the
cause of privacy are cited in the book.  A legal overview is presented
in chapters 2 and 3, which look at important Supreme Court cases that
impacted the legal framework that establish the right to engage in
anonymous political speech, association with others, as well as
invasions of privacy related to searches, government wiretaps, and
physical searches of items discarded by individuals.

The author makes the case that today’s discussions on privacy have
pooled all of the issues that have advanced the notion of privacy rights
i.e. technology, business practices, and government authority.  US
Government agencies are very interested in knowledge discovery in
databases (KDD) because they believe that this approach will yield
information on potential terrorists and criminals.  However, great
stores of data now resides in the hands of private companies not
government agencies.  The introduction of technology that allows for
remote access and manipulation of digital records presents challenges to
the wall that once separated government and private data.

Kuhn poses a question at the start of his book does the use of KDD
infringe upon constitutional privacy rights to such an extent that the
courts will need to rethink key areas of privacy law.  This is the
challenge of the new century and the landscape of privacy protection in
the United States.

Lillie Coney

================================


EPIC Publications:

"Information Privacy Law: Cases and Materials, Second Edition" Daniel J.
Solove, Marc Rotenberg, and Paul Schwartz. (Aspen 2005). Price: $98.
http://www.epic.org/redirect/aspen_ipl_casebook.html

This clear, comprehensive introduction to the field of information
privacy law allows instructors to enliven their teaching of fundamental
concepts by addressing both enduring and emerging controversies. The
Second Edition addresses numerous rapidly developing areas of privacy
law, including: identity theft, government data mining and electronic
surveillance law, the Foreign Intelligence Surveillance Act,
intelligence sharing, RFID tags, GPS, spyware, web bugs, and more.
Information Privacy Law, Second Edition, builds a cohesive foundation
for an exciting course in this rapidly evolving area of law.

================================

"Privacy & Human Rights 2006: An International Survey of Privacy Laws
and Developments" (EPIC 2007). Price: $75.
http://www.epic.org/phr06/

This annual report by EPIC and Privacy International provides an
overview of key privacy topics and reviews the state of privacy in over
75 countries around the world. The report outlines legal protections,
new challenges, and important issues and events relating to privacy.
Privacy & Human Rights 2006 is the most comprehensive report on privacy
and data protection ever published.

================================

"FOIA 2006: Litigation Under the Federal Open Government Laws," Harry
A. Hammitt, Marc Rotenberg, Melissa Ngo, and Mark S. Zaid, editors
(EPIC 2007). Price: $50. http://www.epic.org/bookstore/foia2006

This is the standard reference work covering all aspects of the Freedom
of Information Act, the Privacy Act, the Government in the Sunshine Act,
and the Federal Advisory Committee Act.  The 23nd edition fully updates
the manual that lawyers, journalists and researchers have relied on for
more than 25 years.  For those who litigate open government cases (or
need to learn how to litigate them), this is an essential reference
manual.

================================

"The Public Voice WSIS Sourcebook: Perspectives on the World Summit on
the Information Society" (EPIC 2004). Price: $40.
http://www.epic.org/bookstore/pvsourcebook

This resource promotes a dialogue on the issues, the outcomes, and the
process of the World Summit on the Information Society (WSIS).  This
reference guide provides the official UN documents, regional and
issue-oriented perspectives, and recommendations and proposals for
future action, as well as a useful list of resources and contacts for
individuals and organizations that wish to become more involved in the
WSIS process.

================================

"The Privacy Law Sourcebook 2004: United States Law, International Law,
and Recent Developments," Marc Rotenberg, editor (EPIC 2005). Price:
$40.
http://www.epic.org/bookstore/pls2004/

The Privacy Law Sourcebook, which has been called the "Physician's Desk
Reference" of the privacy world, is the leading resource for students,
attorneys, researchers, and journalists interested in pursuing privacy
law in the United States and around the world. It includes the full
texts of major privacy laws and directives such as the Fair Credit
Reporting Act, the Privacy Act, and the OECD Privacy Guidelines, as well
as an up-to-date section on recent developments. New materials include
the APEC Privacy Framework, the Video Voyeurism Prevention Act, and the
CAN-SPAM Act.

================================

"Filters and Freedom 2.0: Free Speech Perspectives on Internet Content
Controls" (EPIC 2001). Price: $20.
http://www.epic.org/bookstore/filters2.0

A collection of essays, studies, and critiques of Internet content
filtering.  These papers are instrumental in explaining why filtering
threatens free expression.

================================

EPIC publications and other books on privacy, open government, free
expression, crypto and governance can be ordered at:

EPIC Bookstore http://www.epic.org/bookstore

"EPIC Bookshelf" at Powell's Books
http://www.powells.com/bookshelf/epicorg.html

================================

EPIC also publishes EPIC FOIA Notes, which provides brief summaries of
interesting documents obtained from government agencies under the
Freedom of Information Act.

Subscribe to EPIC FOIA Notes at:
https://mailman.epic.org/cgi-bin/control/foia_notes


========================================================================
[8] Upcoming Conferences and Events
========================================================================

"Can Privacy Education Help Consumers?". April 17, 2008. National Press
Club. For more information:
http://annenbergwashingtonseries.org/speakers.html

"Next steps towards privacy enhancing security technologies", April
28-29, 2008, Vienna. For more information:
http://www.prise.oeaw.ac.at/conference.htm

Identity, Privacy and Security Research
Symposium, May 2, 2008, Toronto. For more information:
http://www.ipsi.utoronto.ca.

CFP 2008: Technology Policy 08. New Haven, Connecticut. May 19-23,
2008. For more information http://www.cfp2008.org

Future of the Internet Economy - OECD Ministerial Meeting. June 17-18,
2008. Seoul, Korea. For more information:
http://www.oecd.org/document/19/0,2340,en_2649_37441_38051667
_1_1_1_37441,00.html

Second Annual National Institute on Cyberlaw: Expanding the Horizons.
June 18-20, 2008. Washington DC. For more information:
http://www.abanet.org/cle/programs/n08ceh1.html 

Conference on Ethics, Technology and Identity. The Hague. June 18-20,
2008. For more information http://www.ethicsandtechnology.eu/ETI

The Privacy Symposium - Summer 2008: An Executive Education Program on
Privacy and Data Security Policy and Practice, August 18-21, 2008,
Harvard University, Cambridge, MA. For more information:
http://www.privacysummersymposium.com/. 

======================================================================
Subscription Information
======================================================================

Subscribe/unsubscribe via web interface:

https://mailman.epic.org/cgi-bin/mailman/listinfo/epic_news

Back issues are available at:

http://www.epic.org/alert

The EPIC Alert displays best in a fixed-width font, such as Courier.

========================================================================
Privacy Policy
========================================================================

The EPIC Alert mailing list is used only to mail the EPIC Alert and to
send notices about EPIC activities.  We do not sell, rent or share our
mailing list.  We also intend to challenge any subpoena or other legal
process seeking access to our mailing list.  We do not enhance (link to
other databases) our mailing list or require your actual name.

In the event you wish to subscribe or unsubscribe your e-mail address
from this list, please follow the above instructions under "subscription
information."

========================================================================
About EPIC
========================================================================

The Electronic Privacy Information Center is a public interest research
center in Washington, DC.  It was established in 1994 to focus public
attention on emerging privacy issues such as the Clipper Chip, the
Digital Telephony proposal, national ID cards, medical record privacy,
and the collection and sale of personal information. EPIC publishes the
EPIC Alert, pursues Freedom of Information Act litigation, and conducts
policy research.  For more information, see http://www.epic.org or write
EPIC, 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009. +1 202
483 1140 (tel), +1 202 483 1248 (fax).

========================================================================
Donate to EPIC
========================================================================

If you'd like to support the work of the Electronic Privacy Information
Center, contributions are welcome and fully tax-deductible.  Checks
should be made out to "EPIC" and sent to 1718 Connecticut Ave., NW,
Suite 200, Washington, DC 20009.  Or you can contribute online at:
http://www.epic.org/donate

Your contributions will help support Freedom of Information Act and
First Amendment litigation, strong and effective advocacy for the right
of privacy and efforts to oppose government regulation of encryption and
expanding wiretapping powers.

Thank you for your support.

------------------------- END EPIC Alert 15.08 -------------------------

.