EPIC logo

 
=======================================================================
                             E P I C   A l e r t
=======================================================================
Volume 15.19                                         September 26, 2008
-----------------------------------------------------------------------

                               Published by the
                  Electronic Privacy Information Center (EPIC)
                               Washington, D.C.

                http://www.epic.org/alert/EPIC_Alert_15.19.html


=======================================================================
Table of Contents
=======================================================================
[1] Privacy '08 - Presidential Debates
[2] EPIC Supports International Right to Know Day
[3] EPIC Urges FTC to Establish Privacy Safeguards for RFID Tags
[4] Senate Begins Hearings on FBI Attorney General Guidelines
[5] Privacy at the Internet Governance Forum Consultation
[6] News in Brief
[7] EPIC Bookstore: 2008 FOIA Manual Now Available
[8] Upcoming Conferences and Events
 	- Subscription Information
 	- Privacy Policy
 	- About EPIC
 	- Donate to EPIC http://www.epic.org/donate
 	- Support Privacy '08 http://www.privacy08.org

=======================================================================
[1] Privacy '08 - Presidential Debates
=======================================================================

Privacy '08  Campaign Urges Privacy Discussion in Presidential Debates

The Privacy '08 campaign sent a letter to Jim Lehrer, moderator of the
first 2008 U.S. Presidential debate, urging him to question the
candidates regarding the future of privacy protections for Americans.
The letter is the most recent effort by the Privacy '08 campaign to
push privacy issues to the forefront of the 2008 election discussion.
The campaign challenges the candidates to meaningfully engage privacy
issues in the weeks leading to the November elections, and poses
questions to the nominees on its web site - privacy08.org. Senator
John McCain has requested postponement of the first debate, which is
presently scheduled for Friday, September 26th at 9 p.m. 

EPIC's letter comes on the heels of the issuance of a strong defense of
privacy rights by four Presidential candidates. Charging that the
Republican and Democratic parties have ignored the "most important
issues facing our nation," Presidential candidates Chuck Baldwin, Bob
Barr, Cynthia McKinney, and Ralph Nader issued a strong statement on
four key issues, including privacy. The Privacy Principle begins "We
must protect the privacy and civil liberties of all persons under US
jurisdiction." The candidates said the principles "should be key in the
considerations of every voter this November and in every election." The
announcement was made at a September 10, 2008 National Press Club event
organized by Ron Paul's Campaign for Liberty.

Earlier in September, EPIC held a Privacy '08 event at the National
Press Club, during which Bob Barr, the Libertarian Party candidate for
President, addressed privacy concerns facing the American public.
Congressman Barr spoke about numerous privacy topics, and exhorted
other candidates to debate on wiretapping and surveillance issues. Barr
also urged the public to challenge elected officials to articulate
their positions on how citizens' privacy relates to the government's
need to promote industry and prevent crime.

Although Senator Obama and Senator McCain have not made privacy central
to their platforms, privacy issues have affected the campaigns. In
March 2008, the State Department determined that three private
contractors accessed the confidential passport files of Presidential
candidates Hillary Clinton, John McCain, and Barack Obama. An
independent government report later criticized lax federal protections
for sensitive passport data.

Privacy '08 Letter to Jim Lehrer:
     http://www.privacy08.org/pdf/Privacy08_Letter_to_Lehrer.pdf

Privacy '08 - a Time for Debate:
     http://www.privacy08.org/debates.php

Privacy Statement by Four Presidential Candidates:
     http://www.votenader.org/weagree/

Privacy '08 Facebook Cause:
     http://www.epic.org/redirect/fbprivacy08.html

Privacy '08 on Twitter:
     http://twitter.com/privacy08

Privacy '08 CafePress:
     http://www.cafepress.com/epicorg

=======================================================================
[2] EPIC Supports International Right to Know Day
=======================================================================

September 26 is International Right to Know Day. It was created to
mark the establishment of the global Freedom of Information Advocates
Network. The aim of Right to Know Day is to raise awareness of every
individual's right of access to government-held information: the right
to know how elected officials are exercising power and how taxpayers'
money is being spent. Freedom of information advocates have used the
day to share ideas, strategies and success stories about the
development of freedom of information laws and the goals of open
government.

In celebration of International Rights to Know Day, EPIC has published
the 2008 edition of the FOIA manual, "Litigation Under the Federal Open
Government Laws." The book contains the texts of the US open government
laws, including the Freedom of Information Act, the Privacy Act, the
Government in the Sunshine Act, and the Federal Advisory Committee Act.

Over the years, the EPIC FOIA litigation manual has incorporated
materials on international open government laws. The 2008 edition
includes contact information for open government agencies, links to
many national access laws, and additional resources for open government
advocates and practitioners. The 2008 edition also includes the Carter
Center Declaration on Access to Information, which affirms the ongoing
importance of open government to promote government accountability and
to sustain democratic institutions.

EPIC, Open Government Manual (2008):
     http://epic.org/bookstore/foia2008/
    
EPIC, Open Government:
     http://epic.org/open_gov/

Dave Banisar, "The Irresistable Rise of a Right,"
Index on Censorship:
     http://www.eurozine.com/articles/2005-10-21-banisar-en.html

Dave Banisar, "Freedom of Information Around the World 2006: A Global
Survey of Access to Government Information Laws" (Privacy
International, 2006):
     http://www.privacyinternational.org/foi/foisurvey2006.pdf

Open the Government Coalition:
     http://www.openthegovernment.org

Online Network of Freedom of Information Advocates:
     http://www.freedominfo.org

Carter Center, Access to Information Program:
     http://www.cartercenter.org/peace/americas/information.html 



=======================================================================
[3] EPIC Urges FTC to Establish Privacy Safeguards for RFID Tags
=======================================================================

On September 23, 2008, the Federal Trade Commission held a workshop to
explore emerging applications of Radio Frequency Identification (RFID)
technology and its implication for consumer protection policy. The
workshop was attended by industry representatives, government officials
and consumer advocates from the United States and Europe to discuss
privacy and security concerns associated with RFID technology.

The FTC event had two panels to discuss the use of RFID in
"Contactless Payment Systems" and in "Item-level tagging in retail."
The panels discussed existing usage and potential benefits of large
scale deployment to both consumers and retailers. The discussions also
addressed privacy issues arising from such use. In this workshop, the
sufficiency of notice to consumers, the processing of personally
identifiable information and the availability of a written,
comprehensive privacy policy regarding the use RFIDs were identified
as key concerns.

Other privacy issues identified were the system level risk of leak of
Personally Identifiable Information, which entity would decide what
data on a RFID chip would constitute acceptable risk and RFID security
controls including consumer controlled kill switches. The NIST
representative highlighted risks outlined in their Special Publication
800-98.

In 2004, EPIC submitted recommendations to federal regulators
addressing risks to consumer safety and the unregulated use of RFID 
that reveal personal data. EPIC's recommendations focused on 
use in the retail and manufacturing industry where retailers and
manufacturers had begun to implement item-level RFID tagging to
facilitate supply chain efficiency, inventory control and similar
applications.

EPIC recommended that entities that use RFID must inform subjects about
the presence of tags, the presence of readers and when those tags are
being accessed. The removal of tags, considering alternatives prior to
the use of RFID, obtaining the consent of the subject and informing
the subject about the purpose of the usage were strongly urged.
Entities using RFID were told to inform subjects about whether the
obtained data could be disclosed to any third party. EPIC further
recommended that the data be kept accurate, securely stored and
readily available to the subject. The designation of specific personnel
to ensure compliance to the recommended guidelines was also deemed a
high priority. The guidelines further advocated that RFID users should
not track, snoop or coerce individuals into using tags or keeping the
tags alive, and should provide the subjects an opportunity to dispose
the tags if they desired.

The workshop panel consisted of representatives from federal
regulators, the European Commission, consumer organizations and both
European and American commercial entities. The FTC workshop followed an
earlier symposium organized by the TransAtlantic Business Dialogue on
the 'Societal Benefits of RFID' which was held on September 22, 2008.
The symposium focused on three RFID technology applications:
environmental protection and sustainability, healthcare delivery and
supply chain security.

The symposium participants encouraged the benefits of RFID in patient
tracking, medication errors and the need for standardization in RFID
technology applications. According to the participants, the presence of
a mere number on a tag was a virtual serial number and did not warrant
any privacy concern; however, as EPIC has pointed out earlier, RFID
users should specify the purpose before attaching, storing or
associating that number with other PII somewhere else on the system.
It was also pointed out, the implications of loss of medical privacy
through the use of RFIDs by organizations outside the purview of HIPAA.

The Federal Trade Commission is seeking comments from the public on
RFID and the increasing prevalence of contactless payment devices in
everyday consumer transactions like credit card purchases and
public transit. The Commission is also requesting information on the
growing utilization of item-level tagging in the retail sector as well
as security and privacy threats and proposed solutions. Comments may be
submitted until October 23, 2008.



FTC Transatlantic RFID Workshop on Consumer Policy and Data Security:
     http://www.ftc.gov/bcp/workshops/transatlantic/index.shtml

EPIC FTC RFID Page:
     http://epic.org/privacy/rfid/

EPIC Recommendations to the FTC on RFID tags:
     http://epic.org/privacy/rfid/rfid_gdlnes-070904.pdf

NIST Guidelines for Securing Radio Frequency Identification:
     http://epic.org/redirect/092608_NIST_rfid-guidelines.html

Transatlantic Symposium on the Societal Benefits of RFID:
     http://epic.org/redirect/092608_TABD_rfid_sched.html

FTC request for public comment on RFID:
     https://secure.commentworks.com/ftc-TransatlanticRFID/

=======================================================================
[4] Senate Begins Hearings on FBI Attorney General Guidelines
=======================================================================

The Senate Judiciary Committee held a hearing on September 17, 2008
titled 'Oversight of the Federal Bureau of Investigation." The hearing,
in which the Director of the Federal Bureau of Investigation testified,
was held regarding proposed amendments to the Attorney General's
Guidelines for Domestic FBI Operations. The federal law enforcement
agency is proposing to adopt new guidelines for domestic operations
that would permit "assessments" of individuals without any suspicion
of criminal wrongdoing that could escalate to full investigations. The
guidelines were first adopted in 1976 pursuant to the recommendations
of the Church Committee, which investigated the FBI and other
intelligence agencies' political suppression activities. 

In 2003, the guidelines were revised, and explicitly laid down
differing standards for investigations of criminal activities and
threats to national security. The 2003 guidelines prohibited the use of
race as the sole factor in Federal law enforcement activities related
to specific investigations. The use of race or ethnicity could only be
considered in limited cases where there was trustworthy information,
relevant to the locality or time frame that linked the person of a
certain race to a specific crime. In investigating threats to national
security, however, the FBI could initiate the investigation without
regard to the specificity, locale or particular scheme requirement.
The 2008 guidelines propose to unify the standards related to criminal
activities and threats to national security such as terrorism. The 2008
guidelines appear to remove restrictions on the use of racial factors
in investigations.

Earlier this month, the Judiciary Committee of the House of
Representatives consisting of Congressman John Conyers, Jr., Robert C.
Scott and Jerrold Nadler questioned the need to consolidate the FBI
guidelines during the waning days of the Administration and raised
doubts regarding the effect of such amendments on the constitutional
rights of Americans. Congressman John Conyers, Jr., Robert C. Scott
and Jerrold Nadler Lawmakers also raised the possibility of innocent
citizens coming under a cloud of suspicion for their legitimate
religious and political activities.

Thereafter, some senators voiced concerns regarding the use of
a variety of intrusive investigative techniques to determine possible
criminal activity, national security threats or foreign intelligence
collection without any factual basis. The 2008 guidelines also permit
the collection of foreign intelligence information inside the United
States through both "assessments" and predicated "full investigations"
with little explicit protection for information gathered about United
States persons as well as broad information-sharing provisions with few
constraints.

The Attorney General seeks to implement the new directives effective
October 1, 2008. Despite the rapidly approaching target date, the draft
guidelines have not been released to the public. Select federal
legislators, certain members of the media, and representatives from
EPIC and the ACLU received limited access to the draft guidelines.
Senators Feingold, Kennedy, Durbin and Whitehouse urged the FBI to
include bare minimum safeguards, such as: banning surveillance or other
investigative activity based on a suspect's race, ethnicity, national
origin or religion; requiring some factual proof for opening inquiries;
and taking steps to protect the information that the FBI collects about
U.S. citizens and residents, particularly in gathering foreign
intelligence data.

Earlier policies by the FBI on the power to investigate Americans posed
serious threats to the right of individuals to speak and assemble
freely without the specter of government monitoring. Furthermore, the
policies permitted prospective searches without any evidence of
suspicious behavior. In spite of procuring large amounts of data, the
FBI has been unable to process leads effectively. New guidelines will
allow the FBI to gather even more information, which is particularly
problematic given the Bureau's record of abusing its investigatory
powers to harass and disrupt political opponents.



EPIC page on Attorney General Guidelines:
   http://epic.org/privacy/fbi/

US Department of Justice 2003 Racial Profiling:
     http://epic.org/redirect/092608_USDOJ_race_prof.html

Senator Leahy's letter to the Attorney General:
     http://epic.org/redirect/092608_Leahy_toAG_letter.html

Senators express concern to the Attorney General over FBI Guidelines:
     http://feingold.senate.gov/~feingold/releases/08/08/20080820.html

Congress' letter to the Attorney General:
     http://epic.org/redirect/092608_Congress_letterToAG.html

Testimony of the FBI Diretor to the Senate Judiciary Committee:
     http://www.fbi.gov/congress/congress08/mueller091708.htm

Testimony of FBI General Counsel to the Senate Intelligence Committee:
     http://www.fbi.gov/congress/congress08/caproni092308.htm



=======================================================================
[5] Privacy at the Internet Governance Forum Consultation
=======================================================================

On September 16, 2008, the Internet Governance Forum (IGF) held its
open consultation at Geneva in preparation for the third forum that
will be held in Hyderabad, India from December 3-6, 2008.

Comments on the Substantive Program Agenda was one of the main topics
of discussion. In the 2007 IGF meeting, privacy was subsumed under
the main session of "security" and other controversial topics including
human rights were avoided. This year, the right of privacy will be
discussed under the main title "Promoting cyber-security and trust."

Civil Society Participants objected to the title and said that
some governments use the focus on security fear to diminish the right to
privacy. Instead, civil society participants argued for discussions
about the opportunities that the Internet offers to enrich fundamental
rights and freedoms. At the Latin America Regional Consultation of the
Internet Governance Forum in August, 2008, civil society participants
pointed out that the right to privacy and data protection should be a
main topic in the Internet Governance debate.

The IGF was formed to support the United Nations Secretary-General in
carrying out the mandate from the World Summit on the Information
Society with regard to convening a new multi-stakeholder policy
dialogue forum. According to Paragraph 72 of the World Summit of the
Information Society Tunis Agenda, the IGF's mandate sought to discuss
public policy issues related to key elements of Internet governance
in order to foster the sustainability, robustness, security, stability
and development of the Internet.

Internet Governance Forum Website:
     http://www.intgovforum.org/

Latin American Regional Preparatory Meeting of the IGF:
     http://www.lacnic.net/en/eventos/mvd2008/igf.html

Contributions submitted as input into the 16 September IGF consultations:
     http://www.intgovforum.org/contributions_General_2008.html#16-sep

The Public Voice Project:
     http://www.thepublicvoice.org

IGF and Privacy: Privacy and Human Rights Report 2006:
     http://epic.org/redirect/092608_IGFandPrivacy.html



=======================================================================
[6] News in Brief
=======================================================================

EPIC Fundraiser - October 5, 2008

EPIC, with co-chairs Philip Friedman, Christopher Wolf and the EPIC 
Advisory Board, is hosting a fundraising event on the evening of
October 5, 2008. Legal commentator Jeffrey Rosen will speak on "The
Future of the Supreme Court." Mr. Rosen is a Professor of Law at The
George Washington University Law School, Legal Affiars Correspondent
for the New Republic, and the author of several popular law books, 
including "The Supreme Court: The Personalities and Rivalries 
that Defined America."

Do join us by sending a RSVP:
   rsvp@epic.org

but if not, please consider a contribution to EPIC:
   http://epic.org/donate



URGENT - ThePrivacyPlace.Org Privacy Survey is Underway

Researchers at ThePrivacyPlace.Org are conducting an online survey
about privacy policies and user values. The survey must be completed by
Friday night, September 26, 2008, and takes about 5 to 10 minutes. The
survey is supported by a federal grant and was first offered in 2002.
ThePrivacyPlace.Org is conducting the survey again in 2008 to reveal
how user values have changed over the intervening years. The survey
results will help organizations ensure their website privacy practices
are aligned with current consumer values, and the results will be made
available via the ThePrivacyPlace.Org website.

ThePrivacyPlace.Org privacy survey:
     http://theprivacyplace.org/currentsurvey



Poll: Americans Extremely Concerned About Internet Privacy

A poll by the Consumer Reports National Research Center shows that most
Americans are very concerned about what is being done with their
personal information online. According to the poll, 82 percent of
consumers are concerned about their credit card numbers being stolen
online, while 72 percent are concerned that their online behaviors are
being tracked and profiled by companies. Although 68 percent of
consumers have provided personal information in order to access a
website, 53 percent are uncomfortable with internet companies using
their email content or browsing history to send relevant ads, and 54
percent are uncomfortable with third parties collecting information
about their online behavior. Consumers are aware that information about
their surfing habits is being collected online, but many are not aware
of what companies are able to do with their information.

Consumer Reports National Research Center, 2008 Privacy Poll:
     http://epic.org/redirect/092608_ConsumerReport_poll.html



RFID Tagged Hurricane Evacuees

In 2007, the State of Texas entered into a contract with AT&T Inc, 
Motorola, Radiant RFID and Retriever Software. The state contracted
with the AT&T headed group to deliver a statewide automated evacuee
tracking system. The system deployed handheld computers incorporating a
Geographic Information System (GIS) database with location and status
update displays, bar coded wristbands, RFID readers, and commercial
bus transportation equipped with mobile Global Positioning System
installed.

Evacuees would have wristbands scanned as they board evacuation buses
and again when they arrive at their shelter destinations. The data
would be routinely updated and transmitted by wireless communication
to a central database maintained by the University of Texas Center for
Space Research.

Hurricane Ike evacuees could be seen wearing wristbands that were
applied during the evacuation registration process. The wristbands
were not removable by evacuees without some effort. The evacuees were
scanned, using handheld devices as they boarded buses. Buses were
equipped with GPS tracking technology to track the location of buses
along the evacuation routes.

Reports on how the information would be used include: to inquiries from
the public about the condition of evacuated family members, and to
reunite families separated during the evacuation. The privacy
implications for victims of domestic violence, identity theft, and
those who wish not to be indentified as evacuees are clear.


Press release on the hurricane evacuee tracking system:
     http://epic.org/redirect/092608_Hurricane_pressrelease.html

EPIC's hurricane evacuee identity theft page
     http://epic.org/privacy/idtheft/katrina.html

Domestic Violence and Privacy:
     http://epic.org/privacy/dv/

Homeless Management Information System:
     http://epic.org/privacy/dv/hmis.html

Poverty and Privacy:
     http://epic.org/privacy/poverty/



Damages from Privacy Statutes - Pichler v. UNITE

A federal appeals court ruled that the plain language of the 
Driver's Privacy Protection Act of 1994 does not require
actual damages to recover liquidated damages. The court stated
that although the court has the discretion to award actual damages,
however high they may be, the provision for liquidated damages
provided the minimum amount for any breach that the court chose
to compensate.

The Court agreed with a previous federal court decision in the case of
Kehoe v. Fidelity that liquidated damages are not confined to people 
who suffer and prove actual damages. The Court further reiterated the
Supreme Court analysis of Doe v. Chao in holding a person need not 
prove actual damages to receive liquidated damages.

Pichler v. UNITE, No. 06-4522 (CA3 Sept. 9, 2008):
     http://www.ca3.uscourts.gov/opinarch/064522p.pdf

EPIC page on Doe v. Chao, 540 U.S. 614 (2004):
     http://epic.org/privacy/chao/

EPIC page on Kehoe v. Fidelity Federal Bank and Trust, 421 F.3d 1209
(11th Cir. 2005):
     http://epic.org/privacy/drivers/kehoe.html



HHS Protection of Medical Data Privacy Inadequate

The Government Accountability Office (GAO) issued a report this month
recommending that the Department of Health and Human Services (HHS) 
include in its privacy approach a process for ensuring that key 
privacy principles and challenges are completely and adequately
addressed. This reports follows an earlier GAO report conducted in
January 2007 reporting on the status of efforts by the HHS to ensure 
privacy of personal health information exchanged within a nationwide
health information network. The earlier report recommended that HHS
define and implement an overall privacy approach for protecting 
personal health information.

The GAO concluded that although the HHS had identified milestones and
the entity responsible for integrating the outcomes of its privacy-
related initiatives, it had fallen short of fully implementing the GAO
recommendations as its approach did not include a defined process for
assessing and prioritizing the many privacy-related initiatives that
ensure that key privacy principles and challenges will be fully and
adequately addressed.

GAO report on protection of personal health information (September):
     http://www.gao.gov/new.items/d081138.pdf

GAO report identifying methods for health information privacy (2007):
     http://www.gao.gov/new.items/d07238.pdf 

EPIC page on medical privacy:
     http://epic.org/privacy/medical/



Cloud Computing Raises Privacy Concerns

On September 2, 2008, the Pew Internet and American Life Project
released a report demonstrating that "cloud computing" applications,
such as web-based email, are raising new privacy concerns. The report,
Use of Cloud Computing Applications and Services, found that 69 percent
of online Americans use webmail services, store data online, or use
software programs such as web-enabled word processors. At the same
time, users report substantial concern regarding any undisclosed use of
their data. For example, 90 percent of respondents said that they
"would be very concerned if the company at which their data were stored
sold it to another party," and 80 percent say "they would be very
concerned if companies used their photos or other data in marketing campaigns."

Pew Report - Use of Cloud Computing Applications and Services:
     http://www.pewinternet.org/PPF/r/262/report_display.asp

EPIC Public Opinion and Privacy Page:
     http://epic.org/privacy/survey/



Identity Theft Legislation Passes Congress

On September 15, 2008, the House of Representatives approved the
Identity Theft Enforcement and Restitution Act, legislation introduced
by Senator Patrick Leahy that passed the Senate in 2007. The bill
provides new ways for victims of identity theft to obtain relief, and
expands the computer crime law to address the problem of spyware 
software that secretly monitors computer users. The President is
expected to sign the measure. EPIC has advocated for strong identity
theft protections before Congress and federal regulators. Senator Leahy
and Senator Specter are also pressing for passage of the Personal Data
Privacy and Security Act, which addresses consumer concerns such as
security breaches and the misuse of the Social Security Number. The bill
is currently pending in the Senate. 

Leahy Statement On the Identity Theft Enforcement and Restitution Act: 
     http://leahy.senate.gov/press/200809/091508b.html

EPIC Identity Theft - Its Causes and Solutions:
     http://epic.org/privacy/idtheft/



Telecoms package: Privacy Implications

On September 24, 2008, the European Parliament voted in favor of
reforms of telecommunications laws, including amendments to the
European Union Directive for Privacy in Electronic Communications.
Those amendments makes clear that "Data protection rules must cover
private and not just public networks, so data stored on social
networking sites such as Facebook and MySpace will be covered by the
rules." It also includes the obligation of the companies operating on
the Internet to notify the public about security breaches. "A security
violation such as the theft of a client list must be notified to the
regulator by the operator. Users must be warned of any infringement
of their personal data if the case is serious enough to warrant it,
and the perpetrator could be prosecuted by the Member State." Other
provisions address topics such as spam, cookies, viruses, trojans and
spyware.

Telecoms package: more competition and improved consumer rights:
     http://epic.org/redirect/092608_TelecomPackage.html

Telecoms: better services for consumers and a safer Internet:
     http://epic.org/redirect/092608_Telecom_Services_internet.html

EU Directive 2002/58/EC on Data Protection and Privacy:
     http://epic.org/redirect/091208_eu.html

The Telecom Package Amendments:
     http://epic.org/redirect/092608_TelecomAmendments.html

Privacy and Human Rights 2006:
     http://epic.org/phr06



=======================================================================
[7] EPIC Bookstore: 2008 FOIA Manual Now Available
=======================================================================

"Litigation Under the Federal Open Government Laws 2008", edited by
Harry A. Hammitt, Marc Rotenberg, John A. Verdi, and Mark S. Zaid
(EPIC 2008)

http://epic.org/bookstore/foia2008/

"Deserves a place in the library of everyone who
is involved in, or thinking about, litigation
under the Freedom of Information Act."

                              - Steve Aftergood,
                                Federation of American Scientists

Litigation Under the Federal Open Government Laws is the standard
reference work covering all aspects of the Freedom of Information Act,
the Privacy Act, the Government in the Sunshine Act, and the Federal
Advisory Committee Act. The 2008 edition includes a foreword by
Senator Patrick Leahy, co-sponsor of the OPEN Government Act of 2007. 

The EPIC FOIA litigation manual is the most comprehensive,
authoritative discussion of the federal open access laws. This updated
version includes new material regarding the substantial FOIA amendments
enacted on December 31, 2007 as the OPEN Government Act of 2007. Many
of the amendments are effective as of December 31, 2008. 

The fully updated 2008 volume is the 24th edition of the manual that
lawyers, journalists and researchers have relied on for more than 25
years. Litigation Under the Federal Open Government Laws is published
by EPIC in cooperation with Access Reports and the James Madison
Project. The book draws upon the expertise of practicing attorneys who
are recognized experts in the field. The 24th edition includes updates
concerning the OPEN Government Act of 2007, a revised chapter regarding
litigation strategy, international open government resources, a
glossary of key terms, and is updated with new significant cases.

Appendices include a sample FOIA request, a sample request for
expedited processing, and sample pleadings for the FOIA, the Privacy
Act, and Federal Advisory Commission Act, and the Government in the
Sunshine Act.

For those who litigate open government cases, or need to learn how to
litigate them, this is the essential reference manual.

Order Litigation Under the Federal Open Government Laws 2008:
     http://epic.org/bookstore/foia2008/




================================

EPIC Publications:

"Information Privacy Law: Cases and Materials, Second Edition" Daniel
J. Solove, Marc Rotenberg, and Paul Schwartz. (Aspen 2005). Price: $98.

http://www.epic.org/redirect/aspen_ipl_casebook.html

This clear, comprehensive introduction to the field of information
privacy law allows instructors to enliven their teaching of fundamental
concepts by addressing both enduring and emerging controversies. The
Second Edition addresses numerous rapidly developing areas of privacy
law, including: identity theft, government data mining and electronic
surveillance law, the Foreign Intelligence Surveillance Act,
intelligence sharing, RFID tags, GPS, spyware, web bugs, and more.
Information Privacy Law, Second Edition, builds a cohesive foundation
for an exciting course in this rapidly evolving area of law.

================================

"Privacy & Human Rights 2006: An International Survey of Privacy Laws
and Developments" (EPIC 2007). Price: $75.
http://www.epic.org/phr06/

This annual report by EPIC and Privacy International provides an
overview of key privacy topics and reviews the state of privacy in over
75 countries around the world. The report outlines legal protections,
new challenges, and important issues and events relating to privacy.
Privacy & Human Rights 2006 is the most comprehensive report on privacy
and data protection ever published.

================================

"The Public Voice WSIS Sourcebook: Perspectives on the World Summit on
the Information Society" (EPIC 2004). Price: $40.

http://www.epic.org/bookstore/pvsourcebook

This resource promotes a dialogue on the issues, the outcomes, and the
process of the World Summit on the Information Society (WSIS). This
reference guide provides the official UN documents, regional and
issue-oriented perspectives, and recommendations and proposals for
future action, as well as a useful list of resources and contacts for
individuals and organizations that wish to become more involved in the
WSIS process.

================================

"The Privacy Law Sourcebook 2004: United States Law, International Law,
and Recent Developments," Marc Rotenberg, editor (EPIC 2005). Price:
$40.

http://www.epic.org/bookstore/pls2004/

The Privacy Law Sourcebook, which has been called the "Physician's Desk
Reference" of the privacy world, is the leading resource for students,
attorneys, researchers, and journalists interested in pursuing privacy
law in the United States and around the world. It includes the full
texts of major privacy laws and directives such as the Fair Credit
Reporting Act, the Privacy Act, and the OECD Privacy Guidelines, as well
as an up-to-date section on recent developments. New materials include
the APEC Privacy Framework, the Video Voyeurism Prevention Act, and the
CAN-SPAM Act.

================================

"Filters and Freedom 2.0: Free Speech Perspectives on Internet Content
Controls" (EPIC 2001). Price: $20.

http://www.epic.org/bookstore/filters2.0

A collection of essays, studies, and critiques of Internet content
filtering. These papers are instrumental in explaining why filtering
threatens free expression.

================================

EPIC publications and other books on privacy, open government, free
expression, crypto and governance can be ordered at:

EPIC Bookstore
http://www.epic.org/bookstore

"EPIC Bookshelf" at Powell's Books
http://www.powells.com/bookshelf/epicorg.html

================================

EPIC also publishes EPIC FOIA Notes, which provides brief summaries of
interesting documents obtained from government agencies under the
Freedom of Information Act.

Subscribe to EPIC FOIA Notes at:
https:/mailman.epic.org/mailman/listinfo/foia_notes


=======================================================================
[8] Upcoming Conferences and Events
=======================================================================


Telecommunications Policy Roundtable. September 26-28, 2008,
George Mason University School of Law, Arlington, Virginia.
http://www.tprcweb.com/

Europe-wide action day "Freedom not fear." October 11, 2008.
Multiple sites. For more information:
http://wiki.vorratsdatenspeicherung.de/Freedom_Not_Fear_2008

International Symposium on Data Protection in Social Networks.
October 13, 2008, Strasbourg. For more information:
http://epic.org/intsymposium_sns.html

30th International Data Protection and Privacy Conference:
Protecting Privacy in a Borderless World. October 15-17, 2008,
Strasbourg. For more information:
http://www.privacyconference2008.org

European Dialogue on Internet Governance (EuroDIG). October 20-21,
2008, Strasbourg, France http://www.eurodig.org/

Privacy in Social Network Sites Conference October 23-24, 2008.
Delft University of Technology, Faculty of TPM, The Netherlands. For
more information: http://www.ethicsandtechnology.eu

Third Internet Governance Forum. December 3-6, 2008. Hyderabad,
India. For more information: http://www.intgovforum.org

Tilting perspectives on regulating technologies, Tilburg Institute
for Law and Technology, and Society, Tilburg University. December
10-11, Tilburg, Netherlands
http://www.tilburguniversity.nl/tilt/conference


=======================================================================
Subscription Information
=======================================================================

Subscribe/unsubscribe via web interface:
https://mailman.epic.org/mailman/listinfo/epic_news

Back issues are available at:
http://www.epic.org/alert


The EPIC Alert displays best in a fixed-width font, such as Courier.

=======================================================================
Privacy Policy
=======================================================================

The EPIC Alert mailing list is used only to mail the EPIC Alert and to
send notices about EPIC activities. We do not sell, rent or share our
mailing list. We also intend to challenge any subpoena or other legal
process seeking access to our mailing list. We do not enhance (link to
other databases) our mailing list or require your actual name.

In the event you wish to subscribe or unsubscribe your e-mail address
from this list, please follow the above instructions under "subscription
information."

=======================================================================
About EPIC
=======================================================================

The Electronic Privacy Information Center is a public interest research
center in Washington, DC. It was established in 1994 to focus public
attention on emerging privacy issues such as the Clipper Chip, the
Digital Telephony proposal, national ID cards, medical record privacy,
and the collection and sale of personal information. EPIC publishes the
EPIC Alert, pursues Freedom of Information Act litigation, and conducts
policy research. For more information, see http://www.epic.org or write
EPIC, 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009. +1 202
483 1140 (tel), +1 202 483 1248 (fax).

=======================================================================
Donate to EPIC
=======================================================================

If you'd like to support the work of the Electronic Privacy Information
Center, contributions are welcome and fully tax-deductible. Checks
should be made out to "EPIC" and sent to 1718 Connecticut Ave., NW,
Suite 200, Washington, DC 20009. Or you can contribute online at:

http://www.epic.org/donate

Your contributions will help support Freedom of Information Act and
First Amendment litigation, strong and effective advocacy for the right
of privacy and efforts to oppose government regulation of encryption and
expanding wiretapping powers.

Thank you for your support.

=======================================================================
Support Privacy '08
=======================================================================

If you would like more information on Privacy '08, go online and search
for "Privacy 08." You'll find a Privacy08 Cause at Facebook, Privacy08
at Twitter, a Privacy08 Channel on YouTube to come soon, and much more.
You can also order caps and t-shirts at CafePress Privacy08.

Start a discussion. Hold a meeting. Be creative. Spread the word. You
can donate online at epic.org. Support the campaign.

Facebook Cause:

http://www.epic.org/redirect/fbprivacy08.html

Twitter:

http://twitter.com/privacy08

CafePress:

http://www.cafepress.com/epicorg

------------------------- END EPIC Alert 15.19 ------------------------

.