======================================================================= E P I C A l e r t ======================================================================= Volume 15.19 September 26, 2008 ----------------------------------------------------------------------- Published by the Electronic Privacy Information Center (EPIC) Washington, D.C. http://www.epic.org/alert/EPIC_Alert_15.19.html ======================================================================= Table of Contents ======================================================================= [1] Privacy '08 - Presidential Debates [2] EPIC Supports International Right to Know Day [3] EPIC Urges FTC to Establish Privacy Safeguards for RFID Tags [4] Senate Begins Hearings on FBI Attorney General Guidelines [5] Privacy at the Internet Governance Forum Consultation [6] News in Brief [7] EPIC Bookstore: 2008 FOIA Manual Now Available [8] Upcoming Conferences and Events - Subscription Information - Privacy Policy - About EPIC - Donate to EPIC http://www.epic.org/donate - Support Privacy '08 http://www.privacy08.org ======================================================================= [1] Privacy '08 - Presidential Debates ======================================================================= Privacy '08 Campaign Urges Privacy Discussion in Presidential Debates The Privacy '08 campaign sent a letter to Jim Lehrer, moderator of the first 2008 U.S. Presidential debate, urging him to question the candidates regarding the future of privacy protections for Americans. The letter is the most recent effort by the Privacy '08 campaign to push privacy issues to the forefront of the 2008 election discussion. The campaign challenges the candidates to meaningfully engage privacy issues in the weeks leading to the November elections, and poses questions to the nominees on its web site - privacy08.org. Senator John McCain has requested postponement of the first debate, which is presently scheduled for Friday, September 26th at 9 p.m. EPIC's letter comes on the heels of the issuance of a strong defense of privacy rights by four Presidential candidates. Charging that the Republican and Democratic parties have ignored the "most important issues facing our nation," Presidential candidates Chuck Baldwin, Bob Barr, Cynthia McKinney, and Ralph Nader issued a strong statement on four key issues, including privacy. The Privacy Principle begins "We must protect the privacy and civil liberties of all persons under US jurisdiction." The candidates said the principles "should be key in the considerations of every voter this November and in every election." The announcement was made at a September 10, 2008 National Press Club event organized by Ron Paul's Campaign for Liberty. Earlier in September, EPIC held a Privacy '08 event at the National Press Club, during which Bob Barr, the Libertarian Party candidate for President, addressed privacy concerns facing the American public. Congressman Barr spoke about numerous privacy topics, and exhorted other candidates to debate on wiretapping and surveillance issues. Barr also urged the public to challenge elected officials to articulate their positions on how citizens' privacy relates to the government's need to promote industry and prevent crime. Although Senator Obama and Senator McCain have not made privacy central to their platforms, privacy issues have affected the campaigns. In March 2008, the State Department determined that three private contractors accessed the confidential passport files of Presidential candidates Hillary Clinton, John McCain, and Barack Obama. An independent government report later criticized lax federal protections for sensitive passport data. Privacy '08 Letter to Jim Lehrer: http://www.privacy08.org/pdf/Privacy08_Letter_to_Lehrer.pdf Privacy '08 - a Time for Debate: http://www.privacy08.org/debates.php Privacy Statement by Four Presidential Candidates: http://www.votenader.org/weagree/ Privacy '08 Facebook Cause: http://www.epic.org/redirect/fbprivacy08.html Privacy '08 on Twitter: http://twitter.com/privacy08 Privacy '08 CafePress: http://www.cafepress.com/epicorg ======================================================================= [2] EPIC Supports International Right to Know Day ======================================================================= September 26 is International Right to Know Day. It was created to mark the establishment of the global Freedom of Information Advocates Network. The aim of Right to Know Day is to raise awareness of every individual's right of access to government-held information: the right to know how elected officials are exercising power and how taxpayers' money is being spent. Freedom of information advocates have used the day to share ideas, strategies and success stories about the development of freedom of information laws and the goals of open government. In celebration of International Rights to Know Day, EPIC has published the 2008 edition of the FOIA manual, "Litigation Under the Federal Open Government Laws." The book contains the texts of the US open government laws, including the Freedom of Information Act, the Privacy Act, the Government in the Sunshine Act, and the Federal Advisory Committee Act. Over the years, the EPIC FOIA litigation manual has incorporated materials on international open government laws. The 2008 edition includes contact information for open government agencies, links to many national access laws, and additional resources for open government advocates and practitioners. The 2008 edition also includes the Carter Center Declaration on Access to Information, which affirms the ongoing importance of open government to promote government accountability and to sustain democratic institutions. EPIC, Open Government Manual (2008): http://epic.org/bookstore/foia2008/ EPIC, Open Government: http://epic.org/open_gov/ Dave Banisar, "The Irresistable Rise of a Right," Index on Censorship: http://www.eurozine.com/articles/2005-10-21-banisar-en.html Dave Banisar, "Freedom of Information Around the World 2006: A Global Survey of Access to Government Information Laws" (Privacy International, 2006): http://www.privacyinternational.org/foi/foisurvey2006.pdf Open the Government Coalition: http://www.openthegovernment.org Online Network of Freedom of Information Advocates: http://www.freedominfo.org Carter Center, Access to Information Program: http://www.cartercenter.org/peace/americas/information.html ======================================================================= [3] EPIC Urges FTC to Establish Privacy Safeguards for RFID Tags ======================================================================= On September 23, 2008, the Federal Trade Commission held a workshop to explore emerging applications of Radio Frequency Identification (RFID) technology and its implication for consumer protection policy. The workshop was attended by industry representatives, government officials and consumer advocates from the United States and Europe to discuss privacy and security concerns associated with RFID technology. The FTC event had two panels to discuss the use of RFID in "Contactless Payment Systems" and in "Item-level tagging in retail." The panels discussed existing usage and potential benefits of large scale deployment to both consumers and retailers. The discussions also addressed privacy issues arising from such use. In this workshop, the sufficiency of notice to consumers, the processing of personally identifiable information and the availability of a written, comprehensive privacy policy regarding the use RFIDs were identified as key concerns. Other privacy issues identified were the system level risk of leak of Personally Identifiable Information, which entity would decide what data on a RFID chip would constitute acceptable risk and RFID security controls including consumer controlled kill switches. The NIST representative highlighted risks outlined in their Special Publication 800-98. In 2004, EPIC submitted recommendations to federal regulators addressing risks to consumer safety and the unregulated use of RFID that reveal personal data. EPIC's recommendations focused on use in the retail and manufacturing industry where retailers and manufacturers had begun to implement item-level RFID tagging to facilitate supply chain efficiency, inventory control and similar applications. EPIC recommended that entities that use RFID must inform subjects about the presence of tags, the presence of readers and when those tags are being accessed. The removal of tags, considering alternatives prior to the use of RFID, obtaining the consent of the subject and informing the subject about the purpose of the usage were strongly urged. Entities using RFID were told to inform subjects about whether the obtained data could be disclosed to any third party. EPIC further recommended that the data be kept accurate, securely stored and readily available to the subject. The designation of specific personnel to ensure compliance to the recommended guidelines was also deemed a high priority. The guidelines further advocated that RFID users should not track, snoop or coerce individuals into using tags or keeping the tags alive, and should provide the subjects an opportunity to dispose the tags if they desired. The workshop panel consisted of representatives from federal regulators, the European Commission, consumer organizations and both European and American commercial entities. The FTC workshop followed an earlier symposium organized by the TransAtlantic Business Dialogue on the 'Societal Benefits of RFID' which was held on September 22, 2008. The symposium focused on three RFID technology applications: environmental protection and sustainability, healthcare delivery and supply chain security. The symposium participants encouraged the benefits of RFID in patient tracking, medication errors and the need for standardization in RFID technology applications. According to the participants, the presence of a mere number on a tag was a virtual serial number and did not warrant any privacy concern; however, as EPIC has pointed out earlier, RFID users should specify the purpose before attaching, storing or associating that number with other PII somewhere else on the system. It was also pointed out, the implications of loss of medical privacy through the use of RFIDs by organizations outside the purview of HIPAA. The Federal Trade Commission is seeking comments from the public on RFID and the increasing prevalence of contactless payment devices in everyday consumer transactions like credit card purchases and public transit. The Commission is also requesting information on the growing utilization of item-level tagging in the retail sector as well as security and privacy threats and proposed solutions. Comments may be submitted until October 23, 2008. FTC Transatlantic RFID Workshop on Consumer Policy and Data Security: http://www.ftc.gov/bcp/workshops/transatlantic/index.shtml EPIC FTC RFID Page: http://epic.org/privacy/rfid/ EPIC Recommendations to the FTC on RFID tags: http://epic.org/privacy/rfid/rfid_gdlnes-070904.pdf NIST Guidelines for Securing Radio Frequency Identification: http://epic.org/redirect/092608_NIST_rfid-guidelines.html Transatlantic Symposium on the Societal Benefits of RFID: http://epic.org/redirect/092608_TABD_rfid_sched.html FTC request for public comment on RFID: https://secure.commentworks.com/ftc-TransatlanticRFID/ ======================================================================= [4] Senate Begins Hearings on FBI Attorney General Guidelines ======================================================================= The Senate Judiciary Committee held a hearing on September 17, 2008 titled 'Oversight of the Federal Bureau of Investigation." The hearing, in which the Director of the Federal Bureau of Investigation testified, was held regarding proposed amendments to the Attorney General's Guidelines for Domestic FBI Operations. The federal law enforcement agency is proposing to adopt new guidelines for domestic operations that would permit "assessments" of individuals without any suspicion of criminal wrongdoing that could escalate to full investigations. The guidelines were first adopted in 1976 pursuant to the recommendations of the Church Committee, which investigated the FBI and other intelligence agencies' political suppression activities. In 2003, the guidelines were revised, and explicitly laid down differing standards for investigations of criminal activities and threats to national security. The 2003 guidelines prohibited the use of race as the sole factor in Federal law enforcement activities related to specific investigations. The use of race or ethnicity could only be considered in limited cases where there was trustworthy information, relevant to the locality or time frame that linked the person of a certain race to a specific crime. In investigating threats to national security, however, the FBI could initiate the investigation without regard to the specificity, locale or particular scheme requirement. The 2008 guidelines propose to unify the standards related to criminal activities and threats to national security such as terrorism. The 2008 guidelines appear to remove restrictions on the use of racial factors in investigations. Earlier this month, the Judiciary Committee of the House of Representatives consisting of Congressman John Conyers, Jr., Robert C. Scott and Jerrold Nadler questioned the need to consolidate the FBI guidelines during the waning days of the Administration and raised doubts regarding the effect of such amendments on the constitutional rights of Americans. Congressman John Conyers, Jr., Robert C. Scott and Jerrold Nadler Lawmakers also raised the possibility of innocent citizens coming under a cloud of suspicion for their legitimate religious and political activities. Thereafter, some senators voiced concerns regarding the use of a variety of intrusive investigative techniques to determine possible criminal activity, national security threats or foreign intelligence collection without any factual basis. The 2008 guidelines also permit the collection of foreign intelligence information inside the United States through both "assessments" and predicated "full investigations" with little explicit protection for information gathered about United States persons as well as broad information-sharing provisions with few constraints. The Attorney General seeks to implement the new directives effective October 1, 2008. Despite the rapidly approaching target date, the draft guidelines have not been released to the public. Select federal legislators, certain members of the media, and representatives from EPIC and the ACLU received limited access to the draft guidelines. Senators Feingold, Kennedy, Durbin and Whitehouse urged the FBI to include bare minimum safeguards, such as: banning surveillance or other investigative activity based on a suspect's race, ethnicity, national origin or religion; requiring some factual proof for opening inquiries; and taking steps to protect the information that the FBI collects about U.S. citizens and residents, particularly in gathering foreign intelligence data. Earlier policies by the FBI on the power to investigate Americans posed serious threats to the right of individuals to speak and assemble freely without the specter of government monitoring. Furthermore, the policies permitted prospective searches without any evidence of suspicious behavior. In spite of procuring large amounts of data, the FBI has been unable to process leads effectively. New guidelines will allow the FBI to gather even more information, which is particularly problematic given the Bureau's record of abusing its investigatory powers to harass and disrupt political opponents. EPIC page on Attorney General Guidelines: http://epic.org/privacy/fbi/ US Department of Justice 2003 Racial Profiling: http://epic.org/redirect/092608_USDOJ_race_prof.html Senator Leahy's letter to the Attorney General: http://epic.org/redirect/092608_Leahy_toAG_letter.html Senators express concern to the Attorney General over FBI Guidelines: http://feingold.senate.gov/~feingold/releases/08/08/20080820.html Congress' letter to the Attorney General: http://epic.org/redirect/092608_Congress_letterToAG.html Testimony of the FBI Diretor to the Senate Judiciary Committee: http://www.fbi.gov/congress/congress08/mueller091708.htm Testimony of FBI General Counsel to the Senate Intelligence Committee: http://www.fbi.gov/congress/congress08/caproni092308.htm ======================================================================= [5] Privacy at the Internet Governance Forum Consultation ======================================================================= On September 16, 2008, the Internet Governance Forum (IGF) held its open consultation at Geneva in preparation for the third forum that will be held in Hyderabad, India from December 3-6, 2008. Comments on the Substantive Program Agenda was one of the main topics of discussion. In the 2007 IGF meeting, privacy was subsumed under the main session of "security" and other controversial topics including human rights were avoided. This year, the right of privacy will be discussed under the main title "Promoting cyber-security and trust." Civil Society Participants objected to the title and said that some governments use the focus on security fear to diminish the right to privacy. Instead, civil society participants argued for discussions about the opportunities that the Internet offers to enrich fundamental rights and freedoms. At the Latin America Regional Consultation of the Internet Governance Forum in August, 2008, civil society participants pointed out that the right to privacy and data protection should be a main topic in the Internet Governance debate. The IGF was formed to support the United Nations Secretary-General in carrying out the mandate from the World Summit on the Information Society with regard to convening a new multi-stakeholder policy dialogue forum. According to Paragraph 72 of the World Summit of the Information Society Tunis Agenda, the IGF's mandate sought to discuss public policy issues related to key elements of Internet governance in order to foster the sustainability, robustness, security, stability and development of the Internet. Internet Governance Forum Website: http://www.intgovforum.org/ Latin American Regional Preparatory Meeting of the IGF: http://www.lacnic.net/en/eventos/mvd2008/igf.html Contributions submitted as input into the 16 September IGF consultations: http://www.intgovforum.org/contributions_General_2008.html#16-sep The Public Voice Project: http://www.thepublicvoice.org IGF and Privacy: Privacy and Human Rights Report 2006: http://epic.org/redirect/092608_IGFandPrivacy.html ======================================================================= [6] News in Brief ======================================================================= EPIC Fundraiser - October 5, 2008 EPIC, with co-chairs Philip Friedman, Christopher Wolf and the EPIC Advisory Board, is hosting a fundraising event on the evening of October 5, 2008. Legal commentator Jeffrey Rosen will speak on "The Future of the Supreme Court." Mr. Rosen is a Professor of Law at The George Washington University Law School, Legal Affiars Correspondent for the New Republic, and the author of several popular law books, including "The Supreme Court: The Personalities and Rivalries that Defined America." Do join us by sending a RSVP: rsvp@epic.org but if not, please consider a contribution to EPIC: http://epic.org/donate URGENT - ThePrivacyPlace.Org Privacy Survey is Underway Researchers at ThePrivacyPlace.Org are conducting an online survey about privacy policies and user values. The survey must be completed by Friday night, September 26, 2008, and takes about 5 to 10 minutes. The survey is supported by a federal grant and was first offered in 2002. ThePrivacyPlace.Org is conducting the survey again in 2008 to reveal how user values have changed over the intervening years. The survey results will help organizations ensure their website privacy practices are aligned with current consumer values, and the results will be made available via the ThePrivacyPlace.Org website. ThePrivacyPlace.Org privacy survey: http://theprivacyplace.org/currentsurvey Poll: Americans Extremely Concerned About Internet Privacy A poll by the Consumer Reports National Research Center shows that most Americans are very concerned about what is being done with their personal information online. According to the poll, 82 percent of consumers are concerned about their credit card numbers being stolen online, while 72 percent are concerned that their online behaviors are being tracked and profiled by companies. Although 68 percent of consumers have provided personal information in order to access a website, 53 percent are uncomfortable with internet companies using their email content or browsing history to send relevant ads, and 54 percent are uncomfortable with third parties collecting information about their online behavior. Consumers are aware that information about their surfing habits is being collected online, but many are not aware of what companies are able to do with their information. Consumer Reports National Research Center, 2008 Privacy Poll: http://epic.org/redirect/092608_ConsumerReport_poll.html RFID Tagged Hurricane Evacuees In 2007, the State of Texas entered into a contract with AT&T Inc, Motorola, Radiant RFID and Retriever Software. The state contracted with the AT&T headed group to deliver a statewide automated evacuee tracking system. The system deployed handheld computers incorporating a Geographic Information System (GIS) database with location and status update displays, bar coded wristbands, RFID readers, and commercial bus transportation equipped with mobile Global Positioning System installed. Evacuees would have wristbands scanned as they board evacuation buses and again when they arrive at their shelter destinations. The data would be routinely updated and transmitted by wireless communication to a central database maintained by the University of Texas Center for Space Research. Hurricane Ike evacuees could be seen wearing wristbands that were applied during the evacuation registration process. The wristbands were not removable by evacuees without some effort. The evacuees were scanned, using handheld devices as they boarded buses. Buses were equipped with GPS tracking technology to track the location of buses along the evacuation routes. Reports on how the information would be used include: to inquiries from the public about the condition of evacuated family members, and to reunite families separated during the evacuation. The privacy implications for victims of domestic violence, identity theft, and those who wish not to be indentified as evacuees are clear. Press release on the hurricane evacuee tracking system: http://epic.org/redirect/092608_Hurricane_pressrelease.html EPIC's hurricane evacuee identity theft page http://epic.org/privacy/idtheft/katrina.html Domestic Violence and Privacy: http://epic.org/privacy/dv/ Homeless Management Information System: http://epic.org/privacy/dv/hmis.html Poverty and Privacy: http://epic.org/privacy/poverty/ Damages from Privacy Statutes - Pichler v. UNITE A federal appeals court ruled that the plain language of the Driver's Privacy Protection Act of 1994 does not require actual damages to recover liquidated damages. The court stated that although the court has the discretion to award actual damages, however high they may be, the provision for liquidated damages provided the minimum amount for any breach that the court chose to compensate. The Court agreed with a previous federal court decision in the case of Kehoe v. Fidelity that liquidated damages are not confined to people who suffer and prove actual damages. The Court further reiterated the Supreme Court analysis of Doe v. Chao in holding a person need not prove actual damages to receive liquidated damages. Pichler v. UNITE, No. 06-4522 (CA3 Sept. 9, 2008): http://www.ca3.uscourts.gov/opinarch/064522p.pdf EPIC page on Doe v. Chao, 540 U.S. 614 (2004): http://epic.org/privacy/chao/ EPIC page on Kehoe v. Fidelity Federal Bank and Trust, 421 F.3d 1209 (11th Cir. 2005): http://epic.org/privacy/drivers/kehoe.html HHS Protection of Medical Data Privacy Inadequate The Government Accountability Office (GAO) issued a report this month recommending that the Department of Health and Human Services (HHS) include in its privacy approach a process for ensuring that key privacy principles and challenges are completely and adequately addressed. This reports follows an earlier GAO report conducted in January 2007 reporting on the status of efforts by the HHS to ensure privacy of personal health information exchanged within a nationwide health information network. The earlier report recommended that HHS define and implement an overall privacy approach for protecting personal health information. The GAO concluded that although the HHS had identified milestones and the entity responsible for integrating the outcomes of its privacy- related initiatives, it had fallen short of fully implementing the GAO recommendations as its approach did not include a defined process for assessing and prioritizing the many privacy-related initiatives that ensure that key privacy principles and challenges will be fully and adequately addressed. GAO report on protection of personal health information (September): http://www.gao.gov/new.items/d081138.pdf GAO report identifying methods for health information privacy (2007): http://www.gao.gov/new.items/d07238.pdf EPIC page on medical privacy: http://epic.org/privacy/medical/ Cloud Computing Raises Privacy Concerns On September 2, 2008, the Pew Internet and American Life Project released a report demonstrating that "cloud computing" applications, such as web-based email, are raising new privacy concerns. The report, Use of Cloud Computing Applications and Services, found that 69 percent of online Americans use webmail services, store data online, or use software programs such as web-enabled word processors. At the same time, users report substantial concern regarding any undisclosed use of their data. For example, 90 percent of respondents said that they "would be very concerned if the company at which their data were stored sold it to another party," and 80 percent say "they would be very concerned if companies used their photos or other data in marketing campaigns." Pew Report - Use of Cloud Computing Applications and Services: http://www.pewinternet.org/PPF/r/262/report_display.asp EPIC Public Opinion and Privacy Page: http://epic.org/privacy/survey/ Identity Theft Legislation Passes Congress On September 15, 2008, the House of Representatives approved the Identity Theft Enforcement and Restitution Act, legislation introduced by Senator Patrick Leahy that passed the Senate in 2007. The bill provides new ways for victims of identity theft to obtain relief, and expands the computer crime law to address the problem of spyware software that secretly monitors computer users. The President is expected to sign the measure. EPIC has advocated for strong identity theft protections before Congress and federal regulators. Senator Leahy and Senator Specter are also pressing for passage of the Personal Data Privacy and Security Act, which addresses consumer concerns such as security breaches and the misuse of the Social Security Number. The bill is currently pending in the Senate. Leahy Statement On the Identity Theft Enforcement and Restitution Act: http://leahy.senate.gov/press/200809/091508b.html EPIC Identity Theft - Its Causes and Solutions: http://epic.org/privacy/idtheft/ Telecoms package: Privacy Implications On September 24, 2008, the European Parliament voted in favor of reforms of telecommunications laws, including amendments to the European Union Directive for Privacy in Electronic Communications. Those amendments makes clear that "Data protection rules must cover private and not just public networks, so data stored on social networking sites such as Facebook and MySpace will be covered by the rules." It also includes the obligation of the companies operating on the Internet to notify the public about security breaches. "A security violation such as the theft of a client list must be notified to the regulator by the operator. Users must be warned of any infringement of their personal data if the case is serious enough to warrant it, and the perpetrator could be prosecuted by the Member State." Other provisions address topics such as spam, cookies, viruses, trojans and spyware. Telecoms package: more competition and improved consumer rights: http://epic.org/redirect/092608_TelecomPackage.html Telecoms: better services for consumers and a safer Internet: http://epic.org/redirect/092608_Telecom_Services_internet.html EU Directive 2002/58/EC on Data Protection and Privacy: http://epic.org/redirect/091208_eu.html The Telecom Package Amendments: http://epic.org/redirect/092608_TelecomAmendments.html Privacy and Human Rights 2006: http://epic.org/phr06 ======================================================================= [7] EPIC Bookstore: 2008 FOIA Manual Now Available ======================================================================= "Litigation Under the Federal Open Government Laws 2008", edited by Harry A. Hammitt, Marc Rotenberg, John A. Verdi, and Mark S. Zaid (EPIC 2008) http://epic.org/bookstore/foia2008/ "Deserves a place in the library of everyone who is involved in, or thinking about, litigation under the Freedom of Information Act." - Steve Aftergood, Federation of American Scientists Litigation Under the Federal Open Government Laws is the standard reference work covering all aspects of the Freedom of Information Act, the Privacy Act, the Government in the Sunshine Act, and the Federal Advisory Committee Act. The 2008 edition includes a foreword by Senator Patrick Leahy, co-sponsor of the OPEN Government Act of 2007. The EPIC FOIA litigation manual is the most comprehensive, authoritative discussion of the federal open access laws. This updated version includes new material regarding the substantial FOIA amendments enacted on December 31, 2007 as the OPEN Government Act of 2007. Many of the amendments are effective as of December 31, 2008. The fully updated 2008 volume is the 24th edition of the manual that lawyers, journalists and researchers have relied on for more than 25 years. Litigation Under the Federal Open Government Laws is published by EPIC in cooperation with Access Reports and the James Madison Project. The book draws upon the expertise of practicing attorneys who are recognized experts in the field. The 24th edition includes updates concerning the OPEN Government Act of 2007, a revised chapter regarding litigation strategy, international open government resources, a glossary of key terms, and is updated with new significant cases. Appendices include a sample FOIA request, a sample request for expedited processing, and sample pleadings for the FOIA, the Privacy Act, and Federal Advisory Commission Act, and the Government in the Sunshine Act. For those who litigate open government cases, or need to learn how to litigate them, this is the essential reference manual. Order Litigation Under the Federal Open Government Laws 2008: http://epic.org/bookstore/foia2008/ ================================ EPIC Publications: "Information Privacy Law: Cases and Materials, Second Edition" Daniel J. Solove, Marc Rotenberg, and Paul Schwartz. (Aspen 2005). Price: $98. http://www.epic.org/redirect/aspen_ipl_casebook.html This clear, comprehensive introduction to the field of information privacy law allows instructors to enliven their teaching of fundamental concepts by addressing both enduring and emerging controversies. The Second Edition addresses numerous rapidly developing areas of privacy law, including: identity theft, government data mining and electronic surveillance law, the Foreign Intelligence Surveillance Act, intelligence sharing, RFID tags, GPS, spyware, web bugs, and more. Information Privacy Law, Second Edition, builds a cohesive foundation for an exciting course in this rapidly evolving area of law. ================================ "Privacy & Human Rights 2006: An International Survey of Privacy Laws and Developments" (EPIC 2007). Price: $75. http://www.epic.org/phr06/ This annual report by EPIC and Privacy International provides an overview of key privacy topics and reviews the state of privacy in over 75 countries around the world. The report outlines legal protections, new challenges, and important issues and events relating to privacy. Privacy & Human Rights 2006 is the most comprehensive report on privacy and data protection ever published. ================================ "The Public Voice WSIS Sourcebook: Perspectives on the World Summit on the Information Society" (EPIC 2004). Price: $40. http://www.epic.org/bookstore/pvsourcebook This resource promotes a dialogue on the issues, the outcomes, and the process of the World Summit on the Information Society (WSIS). This reference guide provides the official UN documents, regional and issue-oriented perspectives, and recommendations and proposals for future action, as well as a useful list of resources and contacts for individuals and organizations that wish to become more involved in the WSIS process. ================================ "The Privacy Law Sourcebook 2004: United States Law, International Law, and Recent Developments," Marc Rotenberg, editor (EPIC 2005). Price: $40. http://www.epic.org/bookstore/pls2004/ The Privacy Law Sourcebook, which has been called the "Physician's Desk Reference" of the privacy world, is the leading resource for students, attorneys, researchers, and journalists interested in pursuing privacy law in the United States and around the world. It includes the full texts of major privacy laws and directives such as the Fair Credit Reporting Act, the Privacy Act, and the OECD Privacy Guidelines, as well as an up-to-date section on recent developments. New materials include the APEC Privacy Framework, the Video Voyeurism Prevention Act, and the CAN-SPAM Act. ================================ "Filters and Freedom 2.0: Free Speech Perspectives on Internet Content Controls" (EPIC 2001). Price: $20. http://www.epic.org/bookstore/filters2.0 A collection of essays, studies, and critiques of Internet content filtering. These papers are instrumental in explaining why filtering threatens free expression. ================================ EPIC publications and other books on privacy, open government, free expression, crypto and governance can be ordered at: EPIC Bookstore http://www.epic.org/bookstore "EPIC Bookshelf" at Powell's Books http://www.powells.com/bookshelf/epicorg.html ================================ EPIC also publishes EPIC FOIA Notes, which provides brief summaries of interesting documents obtained from government agencies under the Freedom of Information Act. Subscribe to EPIC FOIA Notes at: https:/mailman.epic.org/mailman/listinfo/foia_notes ======================================================================= [8] Upcoming Conferences and Events ======================================================================= Telecommunications Policy Roundtable. September 26-28, 2008, George Mason University School of Law, Arlington, Virginia. http://www.tprcweb.com/ Europe-wide action day "Freedom not fear." October 11, 2008. Multiple sites. For more information: http://wiki.vorratsdatenspeicherung.de/Freedom_Not_Fear_2008 International Symposium on Data Protection in Social Networks. October 13, 2008, Strasbourg. For more information: http://epic.org/intsymposium_sns.html 30th International Data Protection and Privacy Conference: Protecting Privacy in a Borderless World. October 15-17, 2008, Strasbourg. For more information: http://www.privacyconference2008.org European Dialogue on Internet Governance (EuroDIG). October 20-21, 2008, Strasbourg, France http://www.eurodig.org/ Privacy in Social Network Sites Conference October 23-24, 2008. Delft University of Technology, Faculty of TPM, The Netherlands. For more information: http://www.ethicsandtechnology.eu Third Internet Governance Forum. December 3-6, 2008. Hyderabad, India. For more information: http://www.intgovforum.org Tilting perspectives on regulating technologies, Tilburg Institute for Law and Technology, and Society, Tilburg University. December 10-11, Tilburg, Netherlands http://www.tilburguniversity.nl/tilt/conference ======================================================================= Subscription Information ======================================================================= Subscribe/unsubscribe via web interface: https://mailman.epic.org/mailman/listinfo/epic_news Back issues are available at: http://www.epic.org/alert The EPIC Alert displays best in a fixed-width font, such as Courier. ======================================================================= Privacy Policy ======================================================================= The EPIC Alert mailing list is used only to mail the EPIC Alert and to send notices about EPIC activities. We do not sell, rent or share our mailing list. We also intend to challenge any subpoena or other legal process seeking access to our mailing list. We do not enhance (link to other databases) our mailing list or require your actual name. In the event you wish to subscribe or unsubscribe your e-mail address from this list, please follow the above instructions under "subscription information." ======================================================================= About EPIC ======================================================================= The Electronic Privacy Information Center is a public interest research center in Washington, DC. It was established in 1994 to focus public attention on emerging privacy issues such as the Clipper Chip, the Digital Telephony proposal, national ID cards, medical record privacy, and the collection and sale of personal information. EPIC publishes the EPIC Alert, pursues Freedom of Information Act litigation, and conducts policy research. For more information, see http://www.epic.org or write EPIC, 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009. +1 202 483 1140 (tel), +1 202 483 1248 (fax). ======================================================================= Donate to EPIC ======================================================================= If you'd like to support the work of the Electronic Privacy Information Center, contributions are welcome and fully tax-deductible. Checks should be made out to "EPIC" and sent to 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009. Or you can contribute online at: http://www.epic.org/donate Your contributions will help support Freedom of Information Act and First Amendment litigation, strong and effective advocacy for the right of privacy and efforts to oppose government regulation of encryption and expanding wiretapping powers. Thank you for your support. ======================================================================= Support Privacy '08 ======================================================================= If you would like more information on Privacy '08, go online and search for "Privacy 08." You'll find a Privacy08 Cause at Facebook, Privacy08 at Twitter, a Privacy08 Channel on YouTube to come soon, and much more. You can also order caps and t-shirts at CafePress Privacy08. Start a discussion. Hold a meeting. Be creative. Spread the word. You can donate online at epic.org. Support the campaign. Facebook Cause: http://www.epic.org/redirect/fbprivacy08.html Twitter: http://twitter.com/privacy08 CafePress: http://www.cafepress.com/epicorg ------------------------- END EPIC Alert 15.19 ------------------------ .