EPIC logo

 
========================================================================
                              E P I C  A l e r t
========================================================================
Volume 15.14                                               July 11, 2008
------------------------------------------------------------------------

                               Published by the
                  Electronic Privacy Information Center (EPIC)
                               Washington, D.C.

                http://www.epic.org/alert/EPIC_Alert_15.14.html


========================================================================
Table of Contents
========================================================================
[1] EPIC Obtains Settlement with FTC Regarding Google Merger Review
[2] EPIC Testifies in Senate on Passport Record Privacy
[3] Google's Data Retention Policy Permits Release of Users' History 
[4] Senate Capitulates, Warrantless Wiretapping Law Enacted
[5] Patient Privacy Toolkit Helps Citizens Protect Their Medical Records
[6] News in Brief
[7] EPIC Bookstore: Understanding Privacy by Daniel Solove
[8] Upcoming Conferences and Events
    - Subscription Information
    - Privacy Policy
    - About EPIC
    - Donate to EPIC
      http://www.epic.org/donate
    - Support Privacy '08
      http://www.privacy08.org

========================================================================
[1] EPIC Obtains Settlement with FTC Regarding Conflict of Interest
========================================================================

EPIC has settled a Freedom of Information Act lawsuit with the Federal
Trade Commission involving the FTC's review of the Google-Doubleclick
merger and a conflict of interest that arose from the participation of
the Washington law firm Jones Day. The FTC has turned over to
EPIC several documents concerning the conflict of interest in the
case and also provided attorneys fees to EPIC to settle the case.

In early December 2007, EPIC learned of a conflict of interest in the
Google-Doubleclick merger review involving Federal Trade Commission
(FTC) Chairman Deborah Platt Majoras and the Jones Day law firm. On
December 12, 2007, Jones Day's web site stated that "Jones Day is
advising DoubleClick, Inc., the digital marketing technology provider,
on the international and U.S. antitrust and competition law aspects of
its planned $3.1 billion acquisition by Google, Inc. [...] The
transaction is currently under review by the U.S. Federal Trade
Commission and European Commission."  Chairman Majoras is a former
partner of Jones Day. Chairman Majoras' spouse, John M. Majoras, is a
current Jones Day partner, "the Firm's global coordinator of competition
law litigation," "the Partner-in-Charge of business development in the
Washington, D.C. Office" and "a member of the Firmwide Business
Development Committee."

On December 12, 2007, EPIC filed a formal complaint with the Secretary
of the Commission requesting that Chairman Majoras recuse herself from
the FTC's review of the Google-Doubleclick merger. Subsequent to the
filing of the recusal petition by EPIC, the page on the Jones Day web
site that indicated that the firm was representing Doubleclick on the
"U.S. antitrust and competition law aspects" of the merger review by the
"U.S. Federal Trade Commission" was removed. The web page has never been
re-posted. In its formal complaint, EPIC noted that Chairman Majoras
previously recused herself in antitrust matters pending before the FTC
when there were similar conflicts of interest with Jones Day. Chairman
Majoris refused to recuse herself and the merger was approved.

EPIC then filed Freedom of Information Act requests with the FTC for
agency records that directly relate to Chairman Majoras' conflict of
interest in the Commission's Google-Doubleclick merger review. On July
8, EPIC obtained documents detailing former FTC Chairman Deborah Platt
Majoras' conflict of interest in the Google-Doubleclick merger review. A
July 17, 2007 memorandum obtained by EPIC flatly contradicts Majoras'
claim that "no one at the FTC" knew of the conflict "until the afternoon
of Tuesday, December 11, 2007."

"The documents obtained by EPIC about the Google-Doubleclick deal raise
new questions about the adequacy of the FTC's merger review," said Marc
Rotenberg, EPIC Executive Director. "We believe that the Office of
Government Ethics and the Congressional oversight committees need to
begin a formal investigation. If wrongdoing is found, the merger may
need to be reopened." Mr. Rotenberg continued, "Ethics in government
will be a critical issue for the next Administration. The American
people have the right to know whether the Presidential candidates are
satisfied with the FTC's handling of the Google-Doubleclick merger
review."

EPIC web page - EPIC v. Federal Trade Commission, Conflict of Interest
in Google-Doubleclick Merger Review:

     http://epic.org/privacy/ftc/foia/

EPIC web page - Privacy? Proposed Google/DoubleClick Deal:

     http://epic.org/privacy/ftc/google/

Petition for Chairman Majoras' recusal (pdf):

     http://www.epic.org/privacy/ftc/google/recusal_121207.pdf

FTC Statement Regarding Recusal Petition for Review of Proposed
Acquisition of DoubleClick, Inc. By Google, Inc.:

     http://www.ftc.gov/opa/2007/12/google.shtm


========================================================================
[2] EPIC Testifies in Senate on Passport Record Privacy
========================================================================

EPIC Executive Director Marc Rotenberg testified before the Senate
Judiciary Committee on July 10, 2008 on "Passport Files: Privacy
Protection Needed for Americans." The hearing followed reports
that private contractors working for the State Department snooped
through the Passport files of Presidential candidates, celebrities,
and others.

At a July 10, 2008 hearing, EPIC urged the Senate Judiciary Committee to
implement strong safeguards for all Americans' passport information.
EPIC recommends limiting employee and contractor disclosures, increasing
accounting requirements, and the creation of an independent privacy
agency. Further, EPIC states that the State Department should be more
open about its information security practices. Finally, EPIC supports
passage of S. 495, the Personal Data Privacy and Security Act. The
Committee Hearing follows the Office of Inspector General's (OIG)
release of a heavily redacted report prompted by the highly publicized
breaches of 3 U.S. Senators' electronic passport files.

The internal watchdog of the State Department "found many
[institutional] control weaknesses relating to the prevention and
detection of unauthorized access to passport and applicant information"
and the subsequent disciplinary response. Only 6 of 22 recommendations
were not completely redacted. The OIG used vague language, like
"consider", "determine the feasibility of", and "evaluate" to recommend
that the State Department implement comprehensive strategies to those
weaknesses. The report also recommended assessments of existing security
controls, the provision of in-house breach notification, and the
extension of authorized access policies to other agencies. In a limited
review of 150 high-profile people's passport files, the report found
that 127 of 150 prominent figures' files were accessed at least once; 42
files were viewed at least 26 times. During this election season,
contractors breached the passport files of Senators McCain, Obama, and
Clinton.

Senators Leahy and Specter called on the Department of Justice to launch
criminal investigations without waiting for the State Department's
internal review, contrary to Attorney General Mukasey's plan. On March
21, 2008, Secretary of State Rice apologized to the three Presidential
candidates after media reports showed that three private contractors
improperly accessed their confidential passport files. In 1992,
then-Presidential candidate Bill Clinton fell victim to a similar
breach.

Two Senate bills address issues inadequately discussed in the Inspector
General's report. One bill specifically tackles the issues of breach
notification and contractor relationships. Another bill expands criminal
liability to include conspiracy, restitution, and forfeiture. Instead of
requiring concrete action, the heavily redacted report merely suggests
that the State Department consider and evaluate potential programs to
ensure individuals' privacy.

The unauthorized access of Americans' passport files containing
personally identifiable information could easily lead to identity theft.
The breach of Presidential candidates' files clearly has implications
during this important election year. The lack of institutional control
over access to sensitive data, especially by contractors, is troubling.

EPIC's Senate Testimony (pdf):

     http://epic.org/privacy/travel/pass/senate071008.pdf

EPIC page on Passport Privacy:

     http://epic.org/privacy/travel/pass/default.html

EPIC page on Identity Theft:

     http://epic.org/privacy/dv/identity_theft.html

State Department's Inspector General Recommendations (pdf):

     http://www.govexec.com/pdfs/070308n2.pdf

Personal Data Privacy and Security Act of 2007:

     http://thomas.loc.gov/cgi-bin/bdquery/z?d110:S.495:

Identity Theft Enforcement and Restitution Act of 2007:

     http://thomas.loc.gov/cgi-bin/bdquery/z?d110:S.2168:


========================================================================
[3] Google's Data Retention Policy Permits Release of Users' History
========================================================================

On July 2, 2008, a New York court granted a motion to compel production
of "all data from the Logging database concerning each time a YouTube
video has been viewed on the YouTube website or through embedding on a
third-party website". The owner of YouTube, Google, has defended its
data retention policy claiming users' data is retained to improve the
company's search services. Google ignored recommendations to amend its
policies and discontinue retaining its' users personal information. In
Viacom's copyright infringement suit, the court ordered Google to
provide Viacom with data retained in their logging database. This
includes each viewer's unique login ID and the Internet Protocol (IP)
address for that viewer's computer. This ruling could affect Youtube
users everywhere.

Viacom filed suit for the user's logging data claiming Youtube
encourages users to upload significant amounts of pirated copyrighted
shows. Google/Youtube contends this would, at a minimum, violate users'
privacy. The court, however, claims privacy concerns are speculative.
The court cited Google's own assertion that IP addresses of computers
aren't personally revealing to justify its ruling. Privacy groups have
long held that Google should not retain such identifiable information as
IP addresses because the company could not control the release of such
data. The court's order to release the data confirms EPIC's contentions.
In addition, EPIC stated its concern of collecting personally
identifiable data by search engines which leads to behavioral marketing
and widespread public disclosure of personal information.

In response to privacy advocates' concerns arising from Google's failure
to conspicuously post its privacy policy, the company added a privacy
link to its home page. EPIC, along with other privacy advocates, urged
Google to comply with California's privacy policy law and the "standard
practice for commercial Web sites". Google added the privacy policy link
on day 31 of EPIC's 30-day countdown of the California law notice
deadline.

Justia Page on Viacom International, Inc. et al v. Youtube, Inc. et al:

     http://epic.org/redirect/justia_viacom_youtube.html

Judge Order for Release of Documents (pdf):

     http://epic.org/redirect/viacom_youtube.html

EPIC page on Search Engine Privacy:

     http://epic.org/privacy/search_engine/

Privacy link on Google.com:

     http://epic.org/redirect/google_privacylink.html


Letter from Privacy Groups to Google (June 3, 2008) (pdf):

     http://epic.org/privacy/ftc/google/Google_Letter060308.pdf

========================================================================
[4] Senate Capitulates, Warrantless Wiretapping Law Enacted
========================================================================

On July 10, President Bush signed the FISA Amendments Act of 2008, 
thereby clearing the way for warrantless wiretapping by intelligence 
officers. A day earlier, the US Senate granted full legal immunity for
telecommunications companies that participated in the White House's
extrajudicial wiretapping program since 2001. President Bush threatened
to veto the bill unless it immunized companies like AT&T and Verizon
from lawsuits relating to their facilitation of the National Security
Agency's domestic spying. American citizens have filed about 40 such
lawsuits and alleged that the federal spy agency tapped their phones
without a warrant, and that private telecom companies permitted the
government to listen to calls without legal authorization.

On July 3, Judge Vaughn R. Walker, the chief judge presiding over the
cases, released his ruling on one of the lawsuits, rejecting the Bush
administration's legal justifications for the snooping program:
"Whatever power the executive may otherwise have had in this regard,
[federal law] limits the power of the executive branch to conduct such
activities." On the heals of this determination, a federal appeals court
was set to rule on a number of other class action lawsuits against the
telecom companies relating to their cooperation with the eavesdropping
program. However, the Senate's passage of the immunity bill will likely
force the closure of those cases. Senator Patrick Leahy argued that
Congress' actions were "flying in the face" of judicial review
established in Marbury v. Madison, and mean that courts can reach "no
conclusive judgment on the president's program, ever, and thus no
accountability." Senator Leahy further protested "stripping the Federal
Courts of jurisdiction in cases which have been pending for over three
years."

A proposal to strip retroactive immunity for telecom companies was
defeated by a 66-32 vote. The proposal's sponsor, Connecticut Senator
Chris Dodd, labeled the debate a "false dichotomy" between privacy and
security, observing that, since 2004, the United States Foreign
Intelligence Surveillance Court granted 18,761 warrants and rejected
just 5.

An attempt to "substitute" the US government for the telecom companies
was defeated by a vote of 61-37. The plan would have barred lawsuits
against private companies, but allowed claims against the government
agencies that ran the domestic spy program. The plan's author,
Pennsylvania Senator Arlen Specter, called the immunity bill "a
historical embarrassment," adding that the vast majority of senators
voting on the bill had not read about the details of the program.
Senator Specter also criticized his colleagues, suggesting that the
continued classification of the program precluded an honest vote on
immunity: "We don't know what we're voting on […] and we don't know what
this program is, and yet we are granting retroactive immunity to the
telecom companies." Finally, the Senate declined to delay action on the
immunity decision until after the Inspectors General's final report on
the President's surveillance program.

President Bush signs FISA Amendments Act of 2008:

     http://www.whitehouse.gov/news/releases/2008/07/20080710-2.html

Ruling of Hon. Vaughn R. Walker in warrantless wiretapping lawsuit 
(pdf):

     http://epic.org/redirect/vaughnwalker_wiretap.html

Senator Dodd's proposal to strip retroactive immunity:

     http://thomas.loc.gov/cgi-bin/query/D?r110:1:./temp/~r1103uy6HM

Senator Specter's attempt to substitute the US government for the
telecom companies:

     http://thomas.loc.gov/cgi-bin/query/D?r110:4:./temp/~r110174sMt

Senator Bingaman's plan to delay action until the Inspectors General's
final report is released:

     http://thomas.loc.gov/cgi-bin/query/D?r110:3:./temp/~r110g85A0s

EPIC's web page on FISA:

     http://epic.org/privacy/terrorism/fisa/


========================================================================
[5] Patient Privacy Toolkit Helps Citizens Protect Their Medical Records
========================================================================

In April 2008, 130,000 Wellpoint, Inc. customers learned that the health
insurer disclosed their private medical records, including their social
security numbers, on the Internet. This followed a virtually identical
February breach that disclosed health information on the Internet
regarding 71,000 people enrolled in Georgia public health programs.
These breaches make clear that numerous privacy violations have exposed
millions of Americans' medical information to criminals, identity
thieves, and other prying eyes. Despite citizens' unambiguous desire to
keep their medical information private, their wishes have been
frustrated by these medical data breaches and a lack of easily available
information about how citizens can protect themselves.

In an effort to make medical record privacy information more accessible
to the public, Patient Privacy Rights, a non-profit group whose mission
is to ensure that Americans control all access to their health records,
created the Patient Privacy Toolkit.  "The move to electronic health
records, the lack of protection for personal health records, and the
ineffectiveness of HIPPA can cause serious consequences for citizens,
including discrimination against people with a genetic predisposition or
a previous illness," said Katherine Johnson, the program and outreach
coordinator of Patient Privacy Rights.  The toolkit includes important
information and documents, such as forms to opt out of the American
Medical Association's database, a summary of health privacy laws in each
state, and consent forms to request that a doctor only disclose medical
information with the patient's consent. It is available for free on the
Patient Privacy Rights website.

Congress is currently considering a bill on medical records privacy. The
discussion draft of the bill includes breach notification similar to
that in California, which would let citizens know if their records are
breached. Congress recently invited EPIC to comment on the discussion
draft. EPIC suggested additions, including a clear statement of
Americans' right to privacy of their health records, incorporation of
enhanced privacy protections for especially sensitive health
information, establishment of a patients' right of action for
individuals whose medical privacy is violated, and a requirement that
companies take commonsense steps to secure electronic health
information.

Patient Privacy Rights:

     http://www.patientprivacyrights.org/

EPIC's Medical Records Privacy Site:

     http://epic.org/privacy/medical/

EPIC's comments on the discussion draft on medical records privacy
(pdf):

     http://epic.org/privacy/medical/EPIC_HIT_060908.pdf

Wellpoint Data Breach - Chicago Tribune Review

     http://epic.org/redirect/wellpoint_databreach.html

Bill to Amend the Public Health Service Act to Promote the Adoption of
Health Information Technology, and for Other Purposes:

     http://www.govtrack.us/congress/bill.xpd?bill=h110-6357

========================================================================
[6] News in Brief
========================================================================

District of Columbia Rolls Out First-of-its-kind Unified ID Card

This summer, the District of Columbia will begin distributing the "DC
One Card", an all-in-one ID card for residents and workers. The card
will eventually incorporate several forms of credentials, including
public transit fare cards, library cards, and student IDs; it will also
be required in order to access government, park, and community
facilities. Although government officials claim that there are no
current plans to track cardholders, they also admit that personal data
will be collected and retained. The government will maintain a database
that contains personally identifiable information about all card
holders, including name, address, telephone number, date of birth, a
part of the social security number, and the various agencies and
programs at which the card has been registered.

The DC One Card Website:

     http://dconecard.dc.gov/

EPIC's page on National ID Cards:

     http://epic.org/privacy/id-cards/


Federal Trade Commission Studying Recourse for Identity Theft Victims

Federal regulators are investigating the sufficiency of the assistance
available to identity theft victims. The Federal Trade Commission seeks
public comments to advance its understanding of victims of identity
theft and their experiences with consumer reporting agencies. The study
comes while identity theft watchdogs warn that data breaches are at an
all-time high. Identity theft victims often interact with commercial
data brokers when they exercise rights afforded to them under the Fair
Credit Reporting Act. Consumer protection law allows victims to place
fraud alerts on their files and to dispute inaccurate information. The
Commission's study seeks to discover whether these private companies'
practices hinder victims from exercising their rights to protect
themselves from the harm arising from the original identity theft.
Public comments must be filed by September 2, 2008 and should be
submitted in electronic form.

FTC Request for Public Comment

     http://www.ftc.gov/opa/2008/07/fcra.shtm 

EPIC page on the Fair Credit Reporting Act:

     http://epic.org/privacy/fcra/ 


CIPPIC Offers $20,000 Privacy Fellowship

An Internet law clinic at the University of Ottowa is still taking
applications for a Fellow studying privacy issues.  Law school
applicants may apply for a $20,000 Fellowship with The Canadian Internet
Policy and Public Interest Clinic ("CIPPIC"), by including a cover
letter explaining their interest in the Fellowship and how it fits in
with their proposed academic research.  The Fellow's research may
include comparative analysis of data protection laws, state surveillance
initiatives, consumer profiling, online social networking, and Canadian
privacy law reform. CIPPIC provides a hands-on clinical learning
environment where students work with professors at the intersection of
technology and policy. Its mission is to fill voids in public policy
debates on technology law issues, ensure balance in policy and
law-making processes, and provide legal assistance to under-represented
organizations and individuals on matters involving the intersection of
law and technology.

Canadian Internet Policy and Public Interest Clinic:

     http://www.cippic.ca/en/

University Of Ottowa Online Admissions:

     http://www.grad.uottawa.ca/apply


Report: ID Theft Reaches All-Time High

Identity theft has reached an all-time high, according to a watchdog
group's latest report. The Identity Theft Resource Center reports that
the total number of publicly disclosed data breaches in the first half
of 2008 is more than 69% greater than in the same time period last year.
It also notes that the actual number of breaches this year is likely
even higher than the 342 mentioned in the report, due to underreporting
and the fact that some of the breaches reported as a single event
actually affected multiple businesses. Weak protections by businesses
over databases of customer information have contributed mightily to the
growth of the illicit industry of appropriating personal information to
commit fraud. In April, EPIC filed comments with the Federal Trade
Commission, urging the FTC to include civil penalties in its proposed
settlement with several companies responsible for data breaches. EPIC
argued that remedial measures alone would provide an insufficient
incentive for companies to protect consumers' data.

Identity Theft Resource Center Publishes Figures For First Half Of 2008:

     http://epic.org/redirect/identity_theft_report.html

EPIC Page On Identity Theft:

     http://epic.org/privacy/idtheft/


Legal Battle May Disallow Publication on Cracked RFID Chip

Researchers from the Dutch Radboud University have cracked and cloned
London's Oyster travel card, after cracking the Dutch Mifare Travel
card. The latter would be used in a nationwide network for billing of
public transportation. Both cards use the Mifare Classic RFID tag, which
relies for its security on an algorithm that can be cracked with modest
effort. The troubled card provides for contact-less entrance to public
transportations and office buildings worldwide. The manufacturer of the
chip, NXP, follows Dutch secretary of state Tineke Huizinga in claiming
that publication of the results is irresponsible. While NXP is taking
the researchers to court, the University issued a statement valuing
scientific publication of security leaks and mentioning that the
publication will help NXP to develop a better chip. The results will be
published at the European computer security (Esorics) conference in
Spain in September of this year.

Raboud University's Digital Security Group Page on Mifare:

     http://www.ru.nl/ds/research/rfid/

EPIC page on RFID:

     http://epic.org/privacy/rfid/


Facebook Exposes Images of Users' Drivers Licenses

On May 2, 2008, the social networking website Facebook exposed some
users' driver's license images. Facebook requires that members who
register as musicians submit digital images of their driver's licenses.
The social networking site reportedly stores the images in anticipation
of potential copyright disputes related to music posted on Facebook. In
a letter to Maryland officials, Facebook described the security breach,
blaming "a temporary code glitch," and said that at least two Maryland
residents were affected. Facebook also stated that the driver's license
images were subsequently moved to "a separate, secure database to ensure
the information is not inadvertently displayed in the future." In
personal letters to the affected users, Facebook recognized that the
breach puts users at risk for identity theft and fraud, warning that,
"we recommend you closely monitor your financial accounts and, if you
see any unauthorized activity, promptly contact your financial
institution." The letter alleges that Facebook is "modifying its systems
and practices to enhance the security of sensitive information," but
failed to identify any concrete steps by the social networking giant.

Facebook Exposes Images of Users' Drivers Licenses (pdf):

     http://www.oag.state.md.us/idtheft/Breach%20Notices/ITU-153491.pdf

EPIC - "Facebook Privacy":

     http://epic.org/privacy/facebook/default.html


Iraqi Woman Objects to "Virtual Strip Search"

The use of invasive body-imaging technology is alienating conservative
Muslim women in Iraq. Recently, a female government employee wrapped in
traditional Muslim garb stood outside the heavily-secured green zone in
Baghdad, holding up a protest placard and a picture of a naked woman.
 It is an example of the images Baghdad security employees see when they
search Iraqi women using Backscatter X-Ray Scanners, as well as the
images that a growing number of Transportation Security Administration
employees can see when they screen travelers in American airports.
 "We're not terrorists, and we care about our safety," said the Iraqi
woman.  She objects to the policy summed up on her placard -- "Either no
clothes, or the American prisons."  The Transportation Security
Administration has been expanding the use of these scanners in airports
as a substitute to pat-down searches.  The images can be seen by male
and female employees, and raise concerns that they can be saved and
viewed later.

Backscatter X-ray Protest in Iraq:

     http://www.npr.org/templates/story/story.php?storyId=92301102

EPIC's Page On Backscatter X-Ray Screening:

     http://epic.org/privacy/airtravel/backscatter/

EPIC's Spotlight On Backscatter X-Ray Screening:

     http://epic.org/privacy/surveillance/spotlight/0605/


========================================================================
[7] EPIC Bookstore: Understanding Privacy by Daniel Solove
========================================================================

Understanding Privacy by Daniel J. Solove

     http://www.powells.com/partner/24075/biblio/1-9780674027725-0

The book is written with the goal of bringing clarity to the
conceptualization of privacy. The purpose of the conceptualization of
privacy is to define its unique characteristics. Solove strives to
create a new understanding of privacy while navigating its complex
issues without giving way to vagueness.  The author acknowledges the
difficulty in establishing a fix definition of privacy. He sees
privacy as consisting of “both a positive and negative right,” with an
intense struggle over what falls within and outside of the right to
privacy.

He asserts that to solve some of the problems of privacy we must begin
with a conceptualization of privacy based on Ludwig Wittgenstein’s
concept of “family resemblances” to “guide policymakers and legal
interpretations.” This perspective on privacy would focus on
identifying the many similarities among those areas considered to be
problematic situations. Solove cites this lack of conceptualization as
the underlying reason for the difficulty faced by policymakers and the
courts in correctly prescribing solutions to privacy problems.  Solove
states that the courts and policymakers have been influenced by the
work of privacy theorists who fall short in their attempt to
conceptualize privacy.

Solove would like to further make the case that the use of the word
“privacy” should conform to its conceptualization.  Chapter 3 through
6 make that case that conceptualization of privacy should be
understood “in a pluralistic manner from the bottom up, as a set of
protections against a related cluster of problems.”  Solove’s theory
involves four aspects: a method, a degree of generality, a structure
that accommodates variability, and a focus.
He advocates that we should understand privacy in a pluralistic
manner; and that generality should seek a balance between “generality
and particularity. “ He states that another hurdle in the striving for
a legal and policy framework for privacy is that it is not a fixed
thing it changes with the passage of generations and the traversing of
societies.  The cultural and historical aspects of our understanding
of privacy are interwoven with changing attitudes, institutions,
living conditions, and technology.  He says that to achieve
variability an acknowledgement of the significance of these aspects of
the human condition are essential.

Is it possible to develop a unified theory of privacy?  Privacy is a
completely unique human concept that has defied a single all
encompassing definition.  This is an interesting read—one that may
intrigue privacy experts and those exploring the realms of the “right
to be let alone.”


Lillie Coney


================================

EPIC Publications:

"Information Privacy Law: Cases and Materials, Second Edition" Daniel J.
Solove, Marc Rotenberg, and Paul Schwartz. (Aspen 2005). Price: $98.

    http://www.epic.org/redirect/aspen_ipl_casebook.html

This clear, comprehensive introduction to the field of information
privacy law allows instructors to enliven their teaching of fundamental
concepts by addressing both enduring and emerging controversies. The
Second Edition addresses numerous rapidly developing areas of privacy
law, including: identity theft, government data mining and electronic
surveillance law, the Foreign Intelligence Surveillance Act,
intelligence sharing, RFID tags, GPS, spyware, web bugs, and more.
Information Privacy Law, Second Edition, builds a cohesive foundation
for an exciting course in this rapidly evolving area of law.

================================

"Privacy & Human Rights 2006: An International Survey of Privacy Laws
and Developments" (EPIC 2007). Price: $75.

     http://www.epic.org/phr06/

This annual report by EPIC and Privacy International provides an
overview of key privacy topics and reviews the state of privacy in over
75 countries around the world. The report outlines legal protections,
new challenges, and important issues and events relating to privacy.
Privacy & Human Rights 2006 is the most comprehensive report on privacy
and data protection ever published.

================================

"FOIA 2006: Litigation Under the Federal Open Government Laws," Harry
A. Hammitt, Marc Rotenberg, Melissa Ngo, and Mark S. Zaid, editors
(EPIC 2007). Price: $50. 

     http://www.epic.org/bookstore/foia2006

This is the standard reference work covering all aspects of the Freedom
of Information Act, the Privacy Act, the Government in the Sunshine Act,
and the Federal Advisory Committee Act.  The 23nd edition fully updates
the manual that lawyers, journalists and researchers have relied on for
more than 25 years.  For those who litigate open government cases (or
need to learn how to litigate them), this is an essential reference
manual.

================================

"The Public Voice WSIS Sourcebook: Perspectives on the World Summit on
the Information Society" (EPIC 2004). Price: $40.

     http://www.epic.org/bookstore/pvsourcebook

This resource promotes a dialogue on the issues, the outcomes, and the
process of the World Summit on the Information Society (WSIS).  This
reference guide provides the official UN documents, regional and
issue-oriented perspectives, and recommendations and proposals for
future action, as well as a useful list of resources and contacts for
individuals and organizations that wish to become more involved in the
WSIS process.

================================

"The Privacy Law Sourcebook 2004: United States Law, International Law,
and Recent Developments," Marc Rotenberg, editor (EPIC 2005). Price:
$40.

     http://www.epic.org/bookstore/pls2004/

The Privacy Law Sourcebook, which has been called the "Physician's Desk
Reference" of the privacy world, is the leading resource for students,
attorneys, researchers, and journalists interested in pursuing privacy
law in the United States and around the world. It includes the full
texts of major privacy laws and directives such as the Fair Credit
Reporting Act, the Privacy Act, and the OECD Privacy Guidelines, as well
as an up-to-date section on recent developments. New materials include
the APEC Privacy Framework, the Video Voyeurism Prevention Act, and the
CAN-SPAM Act.

================================

"Filters and Freedom 2.0: Free Speech Perspectives on Internet Content
Controls" (EPIC 2001). Price: $20.

     http://www.epic.org/bookstore/filters2.0

A collection of essays, studies, and critiques of Internet content
filtering.  These papers are instrumental in explaining why filtering
threatens free expression.

================================

EPIC publications and other books on privacy, open government, free
expression, crypto and governance can be ordered at:

EPIC Bookstore 

     http://www.epic.org/bookstore

"EPIC Bookshelf" at Powell's Books

     http://www.powells.com/bookshelf/epicorg.html

================================

EPIC also publishes EPIC FOIA Notes, which provides brief summaries of
interesting documents obtained from government agencies under the
Freedom of Information Act.

Subscribe to EPIC FOIA Notes at:

     https:/mailman.epic.org/mailman/listinfo/foia_notes


========================================================================
[8] Upcoming Conferences and Events
========================================================================

Fighting Internet Censorship. July 15, 2008, US House of Representatives
Room to be determined. For more information:
http://www.freedomhouse.org The 8th Privacy Enhancing Technologies Symposium (PETS 2008), 23-25 July, 2008, Leuven, Belgium. For more information: http://petsymposium.org/2008 DHS Public Workshop Data Mining. July 24-25, Washington, DC. For more information: http://edocket.access.gpo.gov/2008/E8-14394.htm The Privacy Symposium - Summer 2008: An Executive Education Program on Privacy and Data Security Policy and Practice, August 18-21, 2008, Harvard University, Cambridge, MA. For more information: http://www.privacysummersymposium.com/ Privacy Awareness Week. August 24, 2008. Australia, New Zealand, Hong Kong, Korea and Canada. For more information: http://www.privacyawarenessweek.org/paw Youth Privacy Online: Take Control, Make It Your Choice! September 4,
2008, Eaton Centre Marriott, Toronto. For more information:
http://www.ipc.on.ca Access to Information: Twenty-five Years on. September 8, Minto Suites
Hotel, Ottowa. For more information:
http://www.rileyis.com/seminars/ International Symposium on Data Protecion in Social Networks. October 13, 2008, Strasbourg. For more information: http://epic.org/intsymposium_sns.html Protecting Privacy in a Borderless World. October 15-17, 2008, Strasbourg. For more information: http://www.privacyconference2008.org Privacy in Social Network Sites Conference October 23-24, 2008. Delft University of Technology, Faculty of TPM, The Netherlands. For more information: http://www.ethicsandtechnology.eu ====================================================================== Subscription Information ====================================================================== Subscribe/unsubscribe via web interface: https://mailman.epic.org/mailman/listinfo/epic_news Back issues are available at: http://www.epic.org/alert The EPIC Alert displays best in a fixed-width font, such as Courier. ======================================================================== Privacy Policy ======================================================================== The EPIC Alert mailing list is used only to mail the EPIC Alert and to send notices about EPIC activities. We do not sell, rent or share our mailing list. We also intend to challenge any subpoena or other legal process seeking access to our mailing list. We do not enhance (link to other databases) our mailing list or require your actual name. In the event you wish to subscribe or unsubscribe your e-mail address from this list, please follow the above instructions under "subscription information." ======================================================================== About EPIC ======================================================================== The Electronic Privacy Information Center is a public interest research center in Washington, DC. It was established in 1994 to focus public attention on emerging privacy issues such as the Clipper Chip, the Digital Telephony proposal, national ID cards, medical record privacy, and the collection and sale of personal information. EPIC publishes the EPIC Alert, pursues Freedom of Information Act litigation, and conducts policy research. For more information, see http://www.epic.org or write EPIC, 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009. +1 202 483 1140 (tel), +1 202 483 1248 (fax). ======================================================================== Donate to EPIC ======================================================================== If you'd like to support the work of the Electronic Privacy Information Center, contributions are welcome and fully tax-deductible. Checks should be made out to "EPIC" and sent to 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009. Or you can contribute online at: http://www.epic.org/donate Your contributions will help support Freedom of Information Act and First Amendment litigation, strong and effective advocacy for the right of privacy and efforts to oppose government regulation of encryption and expanding wiretapping powers. Thank you for your support. ======================================================================= Support Privacy '08 ======================================================================= If you would like more information on Privacy '08, go online and search for "Privacy 08". You'll find a Privacy08 Cause at Facebook, Privacy08 at Twitter, a Privacy08 Channel on YouTube to come soon, and much more. You can also order caps and t-shirts at CafePress Privacy08. Start a discussion. Hold a meeting. Be creative. Spread the word. You can donate online at epic.org. Support the campaign. Facebook Cause: http://www.epic.org/redirect/fbprivacy08.html Twitter: http://twitter.com/privacy08 CafePress: http://www.cafepress.com/epicorg ------------------------- END EPIC Alert 15.13 ------------------------- .