EPIC logo

  
========================================================================
                              E P I C  A l e r t
========================================================================
Volume 15.09                                            May 1, 2008
------------------------------------------------------------------------

                               Published by the
                  Electronic Privacy Information Center (EPIC)
                               Washington, D.C.

                http://www.epic.org/alert/EPIC_Alert_15.09.html


========================================================================
Table of Contents
========================================================================
[1] U.S. Senate Approves Genetic Privacy Legislation
[2] Privacy Officials Recommend Social Networking Privacy Safeguards
[3] EPIC Makes Final Arguments in Virginia Fusion Center Lawsuit
[4] EPIC Testifies on New Voting Guidelines
[5] Supreme Court Upholds Voter ID Law
[6] News in Brief
[7] EPIC Bookstore: The Future of the Internet -- And How to Stop It 
[8] Upcoming Conferences and Events
    - EPIC launches Privacy'08 campaign
    - Subscription Information
    - Privacy Policy
    - About EPIC
    - Donate to EPIC
      http://www.epic.org/donate
    - Support Privacy '08
      http://www.privacy08.org

========================================================================
[1] U.S. Senate Approves Genetic Privacy Legislation
========================================================================

The U.S. Senate passed the Genetic Information Nondiscrimination Act
("GINA") on April 24 with a vote of 95-0. The bill addresses the risk
that advances in genetics open new opportunities for medical progress
and will also give rise to the potential misuse of genetic data to
discriminate. The genetic privacy bill seeks to establish a national
standard to prohibit genetic discrimination by health insurance
providers and employers. Under the bill, these entities cannot require
genetic testing, cannot determine premiums or eligibility for insurance
or employment based on genetic information, and are limited in their
collection and use of genetic data.

"A person’s unique genetic code contains the most personal aspects of
their identity.  As we begin to decipher this information, Americans
have legitimate fears about how this deeply private information will be
used," said bill co-sponsor Sen. Edward Kennedy. The legislation "takes
a substantial step to preserve the value of new genetic technology and
protect the basic rights of every American," said bill co-sponsor Sen.
Edward Kennedy.

However, experts caution against too much optimism over the legislation.
"Perhaps the greatest risk posed by enacting GINA would be that
lawmakers might become complacent and believe that the problem of
genetic discrimination in health insurance and employment has been
adequately addressed by the new federal law," noted Mark Rothstein in a
recent analysis of the legislation in the Journal of Law, Ethics and
Medicine. He is Director of the Institute for Bioethics, Health Policy
and Law at the University of Louisville School of Medicine.

The bill, which passed the Senate in 2003 but died in the House, was
reintroduced on January 16. Now that it has passed the Senate, the bill
goes back to the House; President Bush has said he supports the
legislation.

Genetic Information Nondiscrimination Act, S. 358:

     http://thomas.loc.gov/cgi-bin/bdquery/z?d110:SN00358:

Institute for Bioethics, Health Policy and Law at the University of
Louisville School of Medicine:

     http://louisville.edu/bioethics/

EPIC page on Genetic Privacy:

     http://epic.org/privacy/genetic/

========================================================================
[2] Privacy Officials Recommend Social Networking Privacy Safeguards
========================================================================

The International Working Group On Data Protection in Telecommunications
has released a report and guidance (pdf) on privacy in social networking
services. The report identifies risks to privacy and security, and
provides guidance to regulators, service operators and users to counter
these risks. Risks include the large amount of data collection; the
misuse of profile data by third parties; insecure infrastructure; and
application programming interfaces. Social networking services are seen
by the report as "pushing the boundaries" of individual space. Large
quantities of personal information are quickly and globally made
available, particularly digital images and video. The identified risks
are only the "tip of the iceberg" as new uses for personal data in user
profiles are identified by law enforcement, secret services, and the
private sector.

Government officials should ensure that service providers are honest and
clear about their information practices, to enable informed user choice.
 Providers should be obliged to give notice of data breaches.
Educational institutions should introduce tools for informational
self-protection in their curricula.

For providers, the main elements for fair information practices are
transparent, open information uses, and providers living up to promises
made to users. Further, providers should enable and encourage the use of
pseudonymous profiles. Privacy friendly default settings, including the
non-indexibility of profiles by search engines, play a key role in
protecting user privacy. Methods for enabling user control of data
should be devised, both within the community and for third party uses. 
Improved complaint handling, security and offering of encrypted
connections will also improve data protection.

The report closed by calling upon privacy and consumer groups to raise
awareness with regulators, service providers, the public and young
people about privacy risks.

Report and Guidance on Privacy In Social Network Services:

     http://epic.org/redirect/repguidanceSNS.html

International Working Group On Data Protection In Telecommunications:

     http://www.berlin-privacy-group.org

EPIC Social Networking Privacy Page:

     http://epic.org/privacy/socialnet/

EPIC Facebook Privacy Page:

     http://epic.org/privacy/facebook/

========================================================================
[3] EPIC Makes Final Arguments in Virginia Fusion Center Lawsuit
========================================================================

On April 24, 2008, EPIC made final arguments in its Virginia Freedom of
Information Act lawsuit against the Virginia State Police.  EPIC asked
the Court to: 1) assess, through in camera review, the propriety of
redactions made by the Virginia State Police to documents disclosed in
response to EPIC’s open government requests; and 2) award EPIC its
attorneys’ fees and costs incurred in the case.  Virginia law permits a
FOIA requestor to recover reasonable fees and costs from a Virginia
agency if the requestor "substantially prevails on the merits of the
case."  As a result of EPIC’s lawsuit, the State Police disclosed
several hundred pages of documents relating to the Virginia Fusion
Intelligence Center.  EPIC expects the Richmond General District Court
to issue its final order in the case within two weeks.

EPIC sued the State Police to compel the disclosure of public records
relating to the role of federal agencies in the Virginia Fusion Center. 
The Virginia Fusion Center is a database that collects information on
ordinary citizens.  Of particular interest to EPIC was federal
involvement in recent legislative efforts to limit Virginia’s open
government and privacy laws.  EPIC sought to determine whether the U.S.
Dept. of Justice or the U.S. Dept. of Homeland Security participated in
the development of the legislation, HB 1007.  The legislation,
introduced in January 2008 and recently signed by Virginia Governor Tim
Kaine, limits Virginia's open government and privacy statutes, as well
as Virginia's common law right of privacy, for the Virginia Fusion
Center.  The fusion center is one of several similar entities
established by state governments throughout the United States.

As a result of its Freedom of Information Act lawsuit, EPIC obtained
documents, including a Memorandum of Understanding between the FBI and
the Virginia State Police that limits the state's open government law. 
The Memorandum is a secret contract that was executed prior to the
enactment of HB 1007. The agreement requires the state agency to comply
with federal regulations that restrict the disclosure of records about
the Virginia Fusion Center that would otherwise be available to the
public.  The federal regulations (28 CFR Part 16) cited in the
Memorandum contain at least thirty-seven exemptions from open government
and privacy laws. The Memorandum also requires the State Police to refer
state-law open government requests to federal agents if the requests
relate to information shared by the FBI with the fusion center.

On the heels of the lawsuit against the Virginia State Police, EPIC
expanded its investigation of fusion centers.  On April 18, 2008, EPIC
filed an open government request with the Texas Department of Public
Safety. EPIC’s request seeks documents about the federal government’s
role in the Texas Fusion Center’s transparency and privacy policies. The
White House's official position requires fusion centers to respect state
open government and privacy laws.  However, the Memorandum of
Understanding between the Virginia State Police and the FBI is
inconsistent with the While House’s stated policy.  EPIC seeks to
determine the extent of federal involvement in the Texas Fusion Center’s
compliance with Texas open government and privacy laws.

Fusion centers are intelligence databases that collect information from
federal, state, municipal, and private sources. Privacy advocates have
criticized the non-transparent operation of fusion centers, and their
lack of meaningful civilian oversight.  Federal guidelines call for
fusion centers to accumulate and retain information about citizens from
sources such as: financial records, credit reports, medical records,
internet and email data, video surveillance from retail stores and
sporting facilities, data from preschools, and welfare records.

EPIC v. Virginia Department of State Police - Fusion Center Secrecy
Bill:

     http://epic.org/privacy/virginia_fusion/

EPIC’s Freedom of Information Act Lawsuit:

     http://epic.org/privacy/fusion/VA_FOIA_lawsuit_032108.pdf

Memorandum of Understanding Between the Virginia State Police and the
Federal Bureau of Investigation: 

    http://epic.org/privacy/virginia_fusion/MOU.pdf

EPIC’s Freedom on Information Act Request to the Texas Department of
Public Safety:

     http://epic.org/privacy/fusion/FOIA_TX_MOU.pdf

EPIC - Information Fusion Centers and Privacy:

     http://epic.org/privacy/fusion/

========================================================================
[4] EPIC Testifies on New Voting Guidelines
========================================================================

On April 24, 2008, EPIC testified before the Election Assistance
Commission on the development of the 2007 Voluntary Voting System
Guidelines. The standards would replace the 2005 version and be the
first major rewrite of voting systems standards, which predated the
founding of the new agency in 2004.  The work marks the latest step
towards a fully federal process for voting system standards, testing,
and certification.

The 2007 draft standards document is very different from the 2005
version because it reduces ambiguity, creates an opportunity for new
types of voting systems to be considered, and supports the review of
more types of voting systems than the earlier version. The 2007 draft
standards supports an “independent voter-verifiable record” while at the
same time establishing that verification these records must be
accessible for minority language speakers and persons with disabilities.
 The 2007 draft standard has also expanded the usability and
accessibility review of voting systems to include summative usability
testing to support measures on how accurately voters may cast their
ballots.  The topic of human factors is covered in the new and expanded
material.  Human factors have featured prominently in failed election
processes in the 13th District of Florida in 2006 and the Florida 2000
election.

Another key development in the new draft standards is software
independence, which requires that “an undetectable error or fault in the
voting system’s software is not capable of causing an undetectable
change in election results.  The standard as currently drafted requires
that all voting systems certified under the standard must be software
independent.  The most controversial measure in the proposed standard
maybe the establishment of an “innovation class,” which would allow
consideration of voting systems that are not addressed by the final
version of the standards.

EPIC Testimony on Voluntary Voting System Guidelines (April 24, 2008):

     http://epic.org/privacy/voting/eac_test4_24.pdf

EPIC’s Voting Privacy Page:

     http://epic.org/privacy/voting/

EPIC’s Voting Project: National Committee for Voting Integrity:

     http://votingintegrity.org

========================================================================
[5] Supreme Court Upholds Voter ID Law
========================================================================

The U.S. Supreme Court on April 28 struck down a challenge to a voter ID
law in Indiana. In 6-3 opinion, the majority said the state interests
"are both neutral and sufficiently strong to require us to reject
petitioners’ facial attack on the statute," and the burden imposed on
voters was "minimal and justified."

The Indiana law requires individuals to show a government-issued photo
ID card before they are allowed to vote. Prior to the enactment of this
law, voters were required only to sign a book at the polling place,
where a photocopy of the voter's signature was kept on file.

In the lead opinion, Justice Stevens admitted that the case contained
"no evidence" of the type of voter fraud the law was devised to deter:
cases in which a voter attempts to cast a ballot in another person’s
name. But Justice Stevens also wrote that the risk of voter fraud is
"real" and the state has a "valid interest in protecting ‘the integrity
and reliability of the electoral process.’" Justice Stevens rejected the
assertion that the "imposes ‘excessively burdensome requirements’ on any
class of voters." Neither the state nor the courts have been able to
identify one case in which a photo ID requirement would have prevented
voter fraud. Indiana has a recent and documented history of absentee
voter fraud, but the law at issue creates an exception for absentee
voters, allowing them to vote without presenting government-issued photo
identification.

Writing in dissent, Justice Souter said, "this statute imposes a
disproportionate burden upon those without" government-issued photo IDs,
and Indiana has failed to justify this burden. "The onus of the Indiana
law is illegitimate just because it correlates with no state interest so
well as it does with the object of deterring poorer residents from
exercising the franchise."

In November, EPIC and 10 legal scholars and technical experts had
submitted a "friend of the court" brief urging the Court to invalidate
the law. The group argued: "First, the Indiana law ostensibly seeks to
address the problem of voter fraud through the establishment of photo
requirement at the polling place, yet leaves open the ongoing risk of
fraud made possible by absentee voting. As a matter of logic, the
identification requirement is flawed. Second, the state voter ID law
will almost certainly rely upon the federally mandated REAL ID, a
controversial system of identification that will introduce additional
privacy and security risks." With its decision, the Supreme Court has
not barred all future challenges to voter ID laws, but keeps the door
open for future cases that seek to test such laws as they were applied
in a specific election. In short, if a voter is actually disenfranchised
by such laws, then the Court would consider that case. However, such
challenges would have difficulty succeeding. Indiana is one of seven
states with a voter photo ID requirement. A number of other states are
considering similar legislation.

US Supreme Court decision in Crawford v. Marion County (April 28, 2008)
(pdf):

     http://www.scotusblog.com/wp/wp-content/uploads/2008/04/07-21.pdf

EPIC's page on Crawford v. Marion County, Indiana:

     http://www.epic.org/privacy/voting/crawford/

EPIC's page on Voting and Privacy:

     http://www.epic.org/privacy/voting/

The National Committee for Voting Integrity:

     http://www.votingintegrity.org/

========================================================================
[6] News in Brief
========================================================================

NJ Supreme Court: Subscribers Have Privacy Right In Internet Data 

In a 7-0 ruling on April 21, the New Jersey Supreme Court upheld a lower
court ruling and found that Internet service providers must protect user
information and a valid subpoena is needed before the providers can
disclose private data about subscribers. "We now hold that citizens have
a reasonable expectation of privacy, protected by Article I, Paragraph
7, of the New Jersey Constitution, in the subscriber information they
provide to Internet service providers – just as New Jersey citizens have
a privacy interest in their bank records stored by banks and telephone
billing records kept by phone companies," the court ruled. Last year,
EPIC joined five groups in filing a "friend of the court" brief to the
NJ Supreme Court in New Jersey v. Reid. In their brief, the groups
explained, "This case raises far-reaching questions about the scope of
privacy protection in the electronic environment," especially because
subscriber information "can reveal substantially more about an
individual than, for example, the phone numbers she dials."

New Jersey Supreme Court ruling in State v. Reid (April 21, 2008) (pdf):

     http://www.epic.org/redirect/NJsupremeReid.html

"Friend of the court" brief of EPIC and five groups
(July 5, 2007) (pdf):

     http://www.epic.org/privacy/nj_reid/amicus_reid.pdf


DHS Chief: Fingerprints Not "Personal Data."

Michael Chertoff, Secretary of the Department of Homeland Security, told
Canadian journalists that fingerprints are not personal data. Chertoff
explained that, "you leave it on glasses and silverware and articles all
over the world, they’re like footprints."  Canada's privacy
commissioner, Jennifer Stoddard replied that Canadian legislation
defines fingerprints as personal information. In a letter to the Minster
of Public Safety and emergency Preparedness Canada, Stoddard pointed to
the holding of several courts that compelling fingerprint collection
might violate rights under the Charter of Rights and Freedoms. In the
United States, the Privacy Act includes fingerprints in its definition
of records identifying individuals, bringing them under the protection
of the Privacy Act.

Chertoff Says Fingerprints Aren’t ‘Personal Data’:

     http://thinkprogress.org/2008/04/16/chertoff-fingerprints/

Letter to the Minister of Public Safety and Emergency Preparedness
Canada:

     http://www.privcom.gc.ca/media/nr-c/2008/let_080411_e.asp

EPIC Privacy Act Page:

     http://epic.org/privacy/laws/privacy_act.html


GAO: Feds Aiding Challenges of State Information Fusion Centers

Almost all states and several local governments have begun setting up
information fusion centers to share law enforcement and intelligence
information with the federal government. The GAO reports that DHS and
DOJ have taken steps to grant these centers access to federal
information systems.  The centers are turning to the federal government
for guidance, training as well as funding. This training includes
federal assistance in setting up state and local privacy and civil
liberties policies. EPIC has sued the Virginia State Police requesting
documents detailing their relationship with the federal government and
their efforts to change state open government laws.

Homeland Security: Federal Efforts Are Helping to Address Some
Challenges Faced by State and Local Fusion Centers:

     http://www.gao.gov/new.items/d08636t.pdf

EPIC v. Virginia Department of State Police: Fusion Center Secrecy Bill:

     http://epic.org/privacy/virginia_fusion/

Information Fusion Centers and Privacy:

     http://epic.org/privacy/fusion/


Justice Dept. Seeks Comments on Proposed DNA Fingerprint Rules

On April 18, the Justice Department released its proposed regulations
for implementation of the DNA Fingerprint Act of 2005. "This rule
directs agencies of the United States that arrest or detain individuals,
or that supervise individuals facing charges, to collect DNA samples
from individuals who are arrested, facing charges, or convicted, and
from non-United States persons who are detained under the authority of
the United States." Also, "Agencies collecting DNA samples are directed
to furnish the samples to the Federal Bureau of Investigation, or to
other agencies or entities as authorized by the Attorney General, for
purposes of analysis and entry into the Combined DNA Index System." The
regulations include other directions and limitations. Comments on the
proposed regulations are due by May 19 and must include reference to
"OAG Docket No. 119."

Justice Department rulemaking on DNA Fingerprint Act of 2005 (April 18,
2008):

     http://edocket.access.gpo.gov/2008/E8-8339.htm

EPIC’s page on Genetic Privacy:

     http://epic.org/privacy/genetic/

========================================================================
[7] EPIC Bookstore: "The Future of the Internet -- And How to Stop It"
========================================================================

The Future of the Internet -- And How to Stop It by Jonathan Zittrain
(Yale University Press: 2008, ISBN: 978-0-300-12487-3)

Professor Zittrain's modestly titled "The Future of the Internet -- And
How To Stop It" elucidates what has made the Internet so successful, so
creative, and yet has also placed it in danger. Zittrain finds the
solution by isolating ways these key ingredients can be used to solve
the rising problems. From the punch card census to Wikipedia; from the
Internet worm to massive botnets run by mobsters; from government
mainframes to embarrassing user-generated viral videos, Zittrain covers
the gamut of the Internet history and experience, tying it under his
model of the competition between generative networks and controlled,
limited appliances and networks.

As Zittrain explains, the Internet is a generative network -- it fosters
innovation and disruption -- in contradiction to appliancized networks
such as the old America Online or Compuserve, which greatly limited
innovation in favor of control. This generativity works on several
"layers" of the internet -- from the basic IP, or Internet Protocol, to
devices, operating systems and even the content or social aspects of the
Internet. This generativity has allowed the explosion of the Internet
and its various uses: any device can be made to connect to the IP
protocol; transport protocols such as FTP and HTTP can be made to work
on IP; Websites and email services run on those protocols; computer
components can run many operating systems; operating systems can run any
software; Wikis and other software allow anyone to modify websites
without the need to learn HTML.

While generativity has brought the Internet's benefits into existence it
has also brought a new breed of problems. Computers that run any code
can easily fall victims to viruses, and become sources of annoyance or
malfeasance to the rest of the Internet. Compromised computers can
launch spam, phishing and denial of service attacks. One answer to these
problems is to reduce the generativity, to create more "tethered
appliances." In some ways the next generation does not see the same
generativity that the Internet previously had. Youth communicate via
instant messaging, texting and social network sites, avoiding e-mail as
too filled with spam, viruses and phishing attempts. Zittrain considers
these "contingently generative" services -- you're free to do a lot, to
create, but this license may be withdrawn.

But centralized, contingently generative devices raise other problems,
of control and information collection.  An automobile with a navigation
device under control of a provider can have that device hijacked for
eavesdropping by law enforcement. A digital video recorder that receives
updates from its central server can be updated according to a court
order, disabling functions that users were expecting.

Zittrain offers a different solution from the tethered appliance model.
The answer is to promote solutions that preserve and indeed depend on
the generative features. At the technical level, computers can be
technically configured to easily recover from user mistakes -- undoing
virus installations.  Or users can share simple statistics about their
computers, allowing the creation of systems that decide whether new code
is safe or not.

Privacy is the subject of one chapter, with Zittrain proposing that the
solution for generative privacy problems lie in the "social layer." 
Privacy regulations, based on the 1973 principles of Fair Information
Practice (FIPs), are appropriate to "privacy 1.0" threats of centralized
information collection. Privacy 2.0 sees the dangers of ubiquitous
sensors, of peer production and reputation systems. Zittrain would
promote code-backed norms -- so that one can list one's privacy
preferences similar to the way that the Creative Commons facilitates one
listing their Copyright licensing preferences.  Or users could be
enabled to contextualize their data online, or enact "reputation
bankruptcies" that would expire some of their older activity.  But these
ideas are still reminiscent of Fair Information Practices, still focused
on the privacy 1.0 principles.  Code backed norms are simply another way
to talk about user control and consent. Contextualizing one's data
online is similar to the FIP of being able to amend or correct a record.
 Reputation bankruptcy is akin to deleting a record.  And lastly, social
networks are not quite distributed -- YouTube is a centralized place to
take down videos; Facebook and Myspace can booth surveil as well exclude
the content on it.

Norms and methods for expressing privacy preferences may help, but
ultimately privacy 1.0 harms will remain and may indeed grow with the
Internet. Traditional concepts of regulation will still be relevant -
they just need to be re-thought, engineered in. Perhaps even
re-generated.

Guilherme Roschke

================================

EPIC Publications:

"Information Privacy Law: Cases and Materials, Second Edition" Daniel J.
Solove, Marc Rotenberg, and Paul Schwartz. (Aspen 2005). Price: $98.

    http://www.epic.org/redirect/aspen_ipl_casebook.html

This clear, comprehensive introduction to the field of information
privacy law allows instructors to enliven their teaching of fundamental
concepts by addressing both enduring and emerging controversies. The
Second Edition addresses numerous rapidly developing areas of privacy
law, including: identity theft, government data mining and electronic
surveillance law, the Foreign Intelligence Surveillance Act,
intelligence sharing, RFID tags, GPS, spyware, web bugs, and more.
Information Privacy Law, Second Edition, builds a cohesive foundation
for an exciting course in this rapidly evolving area of law.

================================

"Privacy & Human Rights 2006: An International Survey of Privacy Laws
and Developments" (EPIC 2007). Price: $75.

     http://www.epic.org/phr06/

This annual report by EPIC and Privacy International provides an
overview of key privacy topics and reviews the state of privacy in over
75 countries around the world. The report outlines legal protections,
new challenges, and important issues and events relating to privacy.
Privacy & Human Rights 2006 is the most comprehensive report on privacy
and data protection ever published.

================================

"FOIA 2006: Litigation Under the Federal Open Government Laws," Harry
A. Hammitt, Marc Rotenberg, Melissa Ngo, and Mark S. Zaid, editors
(EPIC 2007). Price: $50. 

     http://www.epic.org/bookstore/foia2006

This is the standard reference work covering all aspects of the Freedom
of Information Act, the Privacy Act, the Government in the Sunshine Act,
and the Federal Advisory Committee Act.  The 23nd edition fully updates
the manual that lawyers, journalists and researchers have relied on for
more than 25 years.  For those who litigate open government cases (or
need to learn how to litigate them), this is an essential reference
manual.

================================

"The Public Voice WSIS Sourcebook: Perspectives on the World Summit on
the Information Society" (EPIC 2004). Price: $40.

     http://www.epic.org/bookstore/pvsourcebook

This resource promotes a dialogue on the issues, the outcomes, and the
process of the World Summit on the Information Society (WSIS).  This
reference guide provides the official UN documents, regional and
issue-oriented perspectives, and recommendations and proposals for
future action, as well as a useful list of resources and contacts for
individuals and organizations that wish to become more involved in the
WSIS process.

================================

"The Privacy Law Sourcebook 2004: United States Law, International Law,
and Recent Developments," Marc Rotenberg, editor (EPIC 2005). Price:
$40.

     http://www.epic.org/bookstore/pls2004/

The Privacy Law Sourcebook, which has been called the "Physician's Desk
Reference" of the privacy world, is the leading resource for students,
attorneys, researchers, and journalists interested in pursuing privacy
law in the United States and around the world. It includes the full
texts of major privacy laws and directives such as the Fair Credit
Reporting Act, the Privacy Act, and the OECD Privacy Guidelines, as well
as an up-to-date section on recent developments. New materials include
the APEC Privacy Framework, the Video Voyeurism Prevention Act, and the
CAN-SPAM Act.

================================

"Filters and Freedom 2.0: Free Speech Perspectives on Internet Content
Controls" (EPIC 2001). Price: $20.

     http://www.epic.org/bookstore/filters2.0

A collection of essays, studies, and critiques of Internet content
filtering.  These papers are instrumental in explaining why filtering
threatens free expression.

================================

EPIC publications and other books on privacy, open government, free
expression, crypto and governance can be ordered at:

EPIC Bookstore 

     http://www.epic.org/bookstore

"EPIC Bookshelf" at Powell's Books

     http://www.powells.com/bookshelf/epicorg.html

================================

EPIC also publishes EPIC FOIA Notes, which provides brief summaries of
interesting documents obtained from government agencies under the
Freedom of Information Act.

Subscribe to EPIC FOIA Notes at:

     https:/mailman.epic.org/mailman/listinfo/foia_notes


========================================================================
[8] Upcoming Conferences and Events
========================================================================

Identity, Privacy and Security Research
Symposium, May 2, 2008, Toronto. For more information:
     http://www.ipsi.utoronto.ca

CFP 2008: Technology Policy 08. New Haven, Connecticut. May 19-23,
2008. For more information
     http://www.cfp2008.org

Future of the Internet Economy - OECD Ministerial Meeting. June 17-18,
2008. Seoul, Korea. For more information:
     http://www.epic.org/redirect/OECD180608.html

Second Annual National Institute on Cyberlaw: Expanding the Horizons.
June 18-20, 2008. Washington DC. For more information:
     http://www.abanet.org/cle/programs/n08ceh1.html 

Conference on Ethics, Technology and Identity. The Hague. June 18-20,
2008. For more information
     http://www.ethicsandtechnology.eu/ETI

Privacy Laws & Business 21st Annual International Conference. Value
Privacy, Secure Your Reputation, Reduce Risk. 7-9th July, 2008, St.
John’s College, Cambridge. For more information:
     http://www.privacylaws.com/

The Privacy Symposium - Summer 2008: An Executive Education Program on
Privacy and Data Security Policy and Practice, August 18-21, 2008,
Harvard University, Cambridge, MA. For more information:
     http://www.privacysummersymposium.com/

======================================================================
Subscription Information
======================================================================

Subscribe/unsubscribe via web interface:

     https://mailman.epic.org/mailman/listinfo/epic_news

Back issues are available at:

     http://www.epic.org/alert

The EPIC Alert displays best in a fixed-width font, such as Courier.

========================================================================
Privacy Policy
========================================================================

The EPIC Alert mailing list is used only to mail the EPIC Alert and to
send notices about EPIC activities.  We do not sell, rent or share our
mailing list.  We also intend to challenge any subpoena or other legal
process seeking access to our mailing list.  We do not enhance (link to
other databases) our mailing list or require your actual name.

In the event you wish to subscribe or unsubscribe your e-mail address
from this list, please follow the above instructions under "subscription
information."

========================================================================
About EPIC
========================================================================

The Electronic Privacy Information Center is a public interest research
center in Washington, DC.  It was established in 1994 to focus public
attention on emerging privacy issues such as the Clipper Chip, the
Digital Telephony proposal, national ID cards, medical record privacy,
and the collection and sale of personal information. EPIC publishes the
EPIC Alert, pursues Freedom of Information Act litigation, and conducts
policy research.  For more information, see http://www.epic.org or write
EPIC, 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009. +1 202
483 1140 (tel), +1 202 483 1248 (fax).

========================================================================
Donate to EPIC
========================================================================

If you'd like to support the work of the Electronic Privacy Information
Center, contributions are welcome and fully tax-deductible.  Checks
should be made out to "EPIC" and sent to 1718 Connecticut Ave., NW,
Suite 200, Washington, DC 20009.  Or you can contribute online at:

     http://www.epic.org/donate

Your contributions will help support Freedom of Information Act and
First Amendment litigation, strong and effective advocacy for the right
of privacy and efforts to oppose government regulation of encryption and
expanding wiretapping powers.

Thank you for your support.
=======================================================================
Support Privacy '08
=======================================================================

If you would like more information on Privacy '08, go online and search
for "Privacy 08". You'll find a Privacy08 Cause at Facebook, Privacy08
at Twitter, a Privacy08 Channel on YouTube to come soon, and much more.
You can also order caps and t-shirts at CafePress Privacy08.

Start a discussion. Hold a meeting. Be creative. Spread the word. You
can donate online at epic.org. Support the campaign.

Facebook Cause:

     http://www.epic.org/redirect/fbprivacy08.html

Twitter:

     http://twitter.com/privacy08

CafePress:

     http://www.cafepress.com/epicorg

------------------------- END EPIC Alert 15.09 -------------------------

.