EPIC logo

=======================================================================
                              E P I C   A l e r t
=======================================================================
Volume 15.20                                           October 10, 2008
-----------------------------------------------------------------------

                                Published by the
                   Electronic Privacy Information Center (EPIC)
                                Washington, D.C.

                 http://www.epic.org/alert/EPIC_Alert_15.20.html

=======================================================================
Table of Contents
=======================================================================
[1] Academies Urge Comprehensive Review of Counterterrorism Programs
[2] Supreme Court Hears Arguments in Police Database Errors Case
[3] Justice Department issues New Surveillance guidelines
[4] China spies on Skype users
[5] Schneier, Friedman Speak at Press Club on Privacy
[6] October 11 - Freedom Not Fear
[7] News in Brief
[8] EPIC Bookstore: "Playing the Identity Card"
[9] Upcoming Conferences and Events
  	- Subscription Information
  	- Privacy Policy
  	- About EPIC
  	- Donate to EPIC http://www.epic.org/donate
  	- Support Privacy '08 http://www.privacy08.org

=======================================================================
[1] Academies Urge Comprehensive Review of Counterterrorism Programs
=======================================================================

All U.S. agencies with counterterrorism programs that collect or "mine"
personal data -- such as phone, medical, and travel records or Web sites
visited -- should be required to systematically evaluate the programs'
effectiveness, lawfulness, and impacts on privacy, says a new report
from the National Research Council. Both classified and unclassified
programs should be evaluated before they are set in motion and regularly
thereafter for as long as they are in use, says the report.

The report also says that Congress should re-examine existing law to
assess how privacy can be protected in such programs, and should
consider restricting how personal data are used. And it recommends
that any individuals harmed by violations of privacy be given a
meaningful form of redress.

"The danger of terror attacks on the U.S. is real and serious, and we
should use the information technologies at our disposal to combat this
threat," said William Perry, co-chair of the committee that wrote the
report, former U.S. secretary of defense. "However, the threat does not
justify government activities that violate the law, or fundamental
changes in the level of privacy protection to which Americans are
entitled."

Each time a person makes a telephone call, uses a credit card, pays
taxes, or takes a trip, he or she leaves digital tracks, records that
often end up in massive corporate or government databases. Through
formal or informal agreements, government has access to much of the
data owned by private-sector companies. Agencies use sophisticated
techniques to mine some of these databases -- searching for
information on particular suspects, and looking for unusual patterns
of activity that may indicate a terrorist network.


Pattern-Seeking Data-Mining Methods Are of Limited Usefulness

Routine forms of data mining can provide important assistance in the
fight against terrorism by expanding and speeding traditional
investigative work, the report says. Far more problematic are
automated data-mining techniques that search databases for unusual
patterns of activity not already known to be associated with
terrorists, the report says. Although these methods have been useful in
the private sector for spotting consumer fraud, they are less helpful
for counterterrorism precisely because so little is known about what
patterns indicate terrorist activity; as a result, they are likely to
generate huge numbers of false leads. Actions such as arrest, search,
or denial of rights should never be taken solely on the basis of an
automated data-mining result, the report adds.


Oversight Needed to Protect Privacy, Prevent "Mission Creep"

Collecting and examining data to try to identify terrorists inevitably
involves privacy violations, since even well-managed programs
necessarily result in some "false positives" where innocent people are
flagged as possible threats, and their personal information is
examined. A mix of policy and technical safeguards could minimize
these intrusions, the report says. Indeed, reducing the number of false
positives also improves programs' effectiveness by focusing attention
and resources on genuine threats.

Policymakers should consider establishing restrictions on the use of
data, the committee said. Although some laws limit what types of data
the government may collect, there are few legal limits on how agencies
can use already-collected data, including those gathered by private
companies. An agency could obtain and mine a database of financial
records for counterterrorism purposes, for example, and then decide to
use it for an entirely different purpose, such as uncovering tax
evaders. Restrictions on use can help ensure that programs stay focused
on the particular problems they were designed to address, and guard
against unauthorized or unconsidered expansion of government
surveillance power.

Poor-quality data are a major concern in protecting privacy because
inaccuracies may cause data-mining algorithms to identify innocent
people as threats, the report says. Linking data sources together tends
to compound the problem; current literature suggests that a "mosaic" of
data assembled from multiple databases is likely to be error-prone.
Analysts and officials should be aware of this tendency toward errors
and the consequent likelihood of false positives.

All information-based programs should be accompanied by robust,
independent oversight to ensure that privacy safeguards are not bypassed
in daily operations, the report says. Systems should log who accesses
data, thus leaving a trail that can itself be mined to monitor for
abuse.

The report notes that another area ripe for congressional action is
legislation to clarify private-sector rights, responsibilities, and
liability in turning over data to the government -- areas that are
currently unclear. Although the committee did not recommend specific
content for this legislation, it noted that private companies should
not be held liable simply for complying with government requirements
to turn over data.

EPIC has written extensively on the problems with data mining and
opposed the establishment of Total Information Awareness.


National Research Council:
     http://sites.nationalacademies.org/nrc/index.htm

"Protecting Individual Privacy in the Struggle Against Terrorism:
A Framework for Program Assessment" (Overview):
     http://www.nationalacademies.org/morenews/20081007.html

"Protecting Individual Privacy in the Struggle Against Terrorism:
A Framework for Program Assessment" (Report):
     http://www.nap.edu/catalog.php?record_id=12452

NRC Press Release, Oct. 8, 2008:
     http://epic.org/redirect/101008_NRC_terrorism.html

EPIC on Problems with Data mining:
     http://epic.org/privacy/profiling/datamining3.25.03.html

EPIC, Total Information Awareness:
     http://epic.org/privacy/profiling/tia/



=======================================================================
[2] Supreme Court Hears Arguments in Police Database Errors Case
=======================================================================

On October 7, 2008, the U.S. Supreme Court heard arguments in Herring
v. United States. EPIC filed a "friend of the court" brief in the case,
urging the Justices to ensure the accuracy of police databases. The
EPIC brief was filed on behalf of 27 legal scholars and technical
experts and 13 privacy and civil liberty groups. EPIC explained how
government databases are becoming increasingly unreliable according to
the government's own studies, and urged the Court to "ensure an
accuracy obligation on law enforcement agents who rely on criminal
justice information systems." The amici warned that, "to permit a good
faith reliance on data that is inaccurate, incomplete, or out of date
will actually exacerbate the problem and increase the likelihood of
unfair treatment in the criminal justice system." 

In Herring v. US, the Court will determine whether an arrest based on
inaccurate information in a criminal justice database should be upheld.
Police arrested Bennie Dean Herring based on incorrect information in a
government warrant database. He was searched incident to the improper
arrest, and police discovered evidence of unrelated alleged crimes -
drug and gun possession. Herring told the officers that no arrest
warrant existed, and no officer had seen or could produce a copy of the
warrant.

After he was indicted for drug possession, Herring petitioned the trial
court to suppress the evidence gathered incident to his unlawful
arrest, arguing that the exclusionary rule prevented the use of such
evidence. The court refused to exclude the evidence, stating that the
police relied on the erroneous information in good faith. Herring has
asked the Supreme Court to overturn the decision.

Pamela S. Karlan, EPIC Advisory Board member and Stanford Law School
professor, argued on behalf of Herring. "There's not a Barney Fife
defense to the violation of the Fourth Amendment," she said, "if [the
police] had been doing a good job of maintaining their records all
along, this violation never would have occurred." Ms. Karlan further
advocated for "a system in which suppression hearings can be conducted
expeditiously based on the facts of particular cases."

EPIC's brief said that government database technology has changed
dramatically since 1995, when the Court upheld the use of evidence
obtained from an erroneous arrest record that was the product of a
court clerk's mistake. In recent years, there has been an increase in
information sharing not just among federal agencies but also between
federal, state, local, tribal and commercial entities.

The policies and practices of modern policing have been changed by the
federal government's Information Sharing Environment as well as state
and local fusion centers. These developments allow broad data gathering
and sharing. "Today, the police have within their electronic reach
access to an extraordinary range of databases including: the National
Crime Information Center, systems associated with the federal
government's employment eligibility verification system, terrorist
watch lists and various commercial databases," EPIC's brief said.

These government and commercial databases are filled with errors;
according to the federal government's own reports. "Yet the government
has further compounded the problems with record inaccuracies with two
decisions: first, the increased distribution of the data not just among
government agencies but among federal, state, local, tribal and
commercial entities; and second, the exemption of database systems from
important privacy and accuracy requirements set out in federal laws."

"Friend-of-the-court," Brief by EPIC, 27 Legal Scholars and Technical
Experts and 13 Privacy and Civil Liberty Groups (May 16, 2008):
     http://epic.org/privacy/herring/07-513tsac_epic.pdf

Transcript of Herring v. US argument:
     http://epic.org/redirect/101008_SCOTUS_Herring.html

US Supreme Court Docket page for Herring v. US:          
     http://www.supremecourtus.gov/docket/07-513.htm

EPIC page on Herring v. US: 
     http://epic.org/privacy/herring/

EPIC's page on the 2003 online petition urging the reestablishment of
accuracy requirements for the FBI's National Crime Information Center,
the nation's largest criminal justice database:
     http://epic.org/privacy/ncic/



=======================================================================
[3] Justice Department Issues New Surveillance guidelines
=======================================================================

On October 3, 2008, The Department of Justice released revised
guidelines governing the Federal Bureau of Investigation's surveillance
of Americans. The guidelines will become effective on December 1, 2008.
The revised guidelines grant federal agents authority to use more
invasive investigation techniques more often. In response, Senator
Patrick Leahy warned that the guidelines lack "clear rules, bright
lines and close oversight," and noted that "the FBI has itself abused
overly broad authorities it has been given in the past, including the
misuse of National Security Letters."

The previous standards set forth separate standards regarding criminal
law enforcement activities; national security efforts; foreign
intelligence collection; and other activities. The separate guidelines
restricted the use of invasive surveillance techniques to specific
circumstances, and offered some privacy protections for individuals who
were not suspected of a crime. For example, the previous guidelines
permitted preliminary physical surveillance of citizens if law
enforcement agents had particularized suspicion of criminal activity,
but barred such spying if the government had no suspicion of criminal
activity. 

The new guidelines permit widespread, invasive physical surveillance of
citizens without suspicion of criminal wrongdoing. In addition, the new
guidelines permit federal agents to recruit new informants to spy on
Americans before an investigation is even opened by the FBI. The
guidelines also permit the collection of foreign intelligence
information inside the United States through both "assessments" and
predicated "full investigations" with little explicit protection for
information gathered, as well as broad information-sharing provisions
with few constraints. 

Questions remain regarding the relationship between the consolidated
guidelines and the FBI's 2003 rules prohibiting the use of race as the
sole factor in federal law enforcement investigations. The new
guidelines reference the 2003 protections, but the 2003 document is
based on the distinctions between criminal law enforcement activities,
national security efforts, and foreign intelligence collection that are
eliminated in the new, consolidated rules. This conflict raises the
threat of racial profiling by federal law enforcement agents. 

On September 17, 2008, the Senate Judiciary Committee held a hearing
titled "Oversight of the Federal Bureau of Investigation" regarding the
revised guidelines. FBI Director Robert Mueller III testified, and
Senators expressed concern regarding the FBI's lack of collaboration
with Congress regarding the new guidelines. Senators have voiced
concerns regarding the use of intrusive investigative techniques
without any factual basis. Senators Russ Feingold, Edward Kennedy,
Richard Durbin and Sheldon Whitehouse urged the FBI to include bare
minimum safeguards, such as: banning surveillance or other
investigative activity based on a suspect's race, ethnicity, national
origin or religion; requiring some factual proof for opening inquiries;
and taking steps to protect the information that the FBI collects about
U.S. citizens and residents, particularly in gathering foreign
intelligence data.

Previously, Congressmen John Conyers, Jr., Robert C. Scott and Jerrold
Nadler, members of the House of Representatives Judiciary Committee,
questioned the need to consolidate the FBI guidelines during the waning
days of the Bush Administration. They voiced doubts regarding the
effect of such amendments on Americans' constitutional rights. The
Congressmen also raised the specter of innocent citizens coming under a
cloud of suspicion for legitimate religious and political activities. 

EPIC page on Attorney General Guidelines:
    http://epic.org/privacy/fbi/

Reaction Of Senator Patrick Leahy To The Attorney General
Consolidated Guidelines:
     http://leahy.senate.gov/press/200810/100308a.html

Attorney General Consolidated Guidelines:
     http://www.usdoj.gov/opa/opa_documents.htm

Attorney General Memorandum to Department Components on Guidelines for Domestic FBI Operations:
     http://www.usdoj.gov/ag/readingroom/guidelines-memo.pdf

US Department of Justice 2003 Guidelines Regarding Racial Profiling:
     http://epic.org/redirect/092608_USDOJ_race_prof.html

Senators express concern to the Attorney General over FBI Guidelines:
     http://feingold.senate.gov/~feingold/releases/08/08/20080820.html

Testimony of the FBI Director to the Senate Judiciary Committee:
     http://www.fbi.gov/congress/congress08/mueller091708.htm

Testimony of FBI General Counsel to the Senate Intelligence Committee:
     http://www.fbi.gov/congress/congress08/caproni092308.htm


=======================================================================
[4] China spies on Skype users
=======================================================================

Skype is a popular instant messenger plus Voice-over-Internet Protocol
(VoIP) software. While calls from computer to computer is free, calls
from computer to landline telephones come for a small fee. The software
also allows file transfers, video conferencing and texting to
cellphones. Skype, owned by eBay, went into a joint venture with TOM
Online, a wireless provider based in China, to create a co-branded
version of Skype for exclusive use in China, dubbed the "TOM-Skype."

To comply with Chinese laws, TOM operates a text filter in TOM-Skype
which automatically blocked certain words from appearing in text-chats.
In 2006, Skype declared that if the messages were found to be
unsuitable for displaying, it was simply discarded and not displayed or
transmitted anywhere.

However, a recent joint report of the Information Warfare Monitor and
ONI Asia, authored by Nart Villeneuve, paints a contrary, darker
picture. The report found that full text chat messages of TOM-Skype
users and other Skype users who have communicated with TOM-Skype users,
are regularly scanned for sensitive keywords and then the information
is uploaded and stored on servers in China. This data, along with other
records containing personal information and contact details are then
stored on the insecure, publicly accessible web server. As the
encryption key is also stored at the same location, it was possible for
anyone to decrypt the data.

The report further highlighted the keywords that trigger the data
capture; and the subsequent uploading pertain to keywords relating to
political topics or obscenity. The TOM-Skype surveillance network
consists of eight servers that were part of the network and includes
a version meant for cybercafes which contained log files and
information revealing the list of censored words.

With a total of over a million messages, the personal information in
the log files of the server contained IP addresses from over 59
different countries, usernames, date and time of entry and call
records. The content filter logs dating from August 2008 contained
identifying information including email addresses, passwords, phone
numbers, package tracking numbers and bank card numbers.

The report findings raise questions about the degree of cooperation
between TOM Online and Skype with the Chinese government in monitoring
the communication of activists and dissidents as well as ordinary
citizens. In the last few days, the President of Skype addressed the
issue by expressing that he was not aware of TOM's policy of uploading
and storing of chat messages from Skype and he was in the process of
obtaining information from TOM regarding the secret change of policy.
He declared that the accessibility of TOM's servers were a security
breach which had been fixed.

In 2004, Shi Tao, a Chinese journalist was arrested and then
imprisoned by the Chinese authorities for 'disclosure of state
secrets' by forwarding an email after Yahoo cooperated with the
Chinese authorities which led to Tao's arrest. Yahoo was subsequently
questioned by the House Foreign Affairs Committee over this decision.


The EPIC publication on Privacy and Human Rights brings to the fore
such issues prevalent in China and other parts of the world. China
regularly monitors all internet activity and actively censors content
it deems objectionable. As an example, although the Chinese Foreign
Ministry assured guests of privacy during the Beijing Olympic Games,
Senator Brownback stated that he had obtained an order from the Chinese
Public Security Bureau directing all hotels to intercept and record
internet activities of all guests.

Breaching Trust: An analysis of surveillance and security practices on
China's TOM-Skype platform:
     http://www.infowar-monitor.net/breachingtrust.pdf

Comments about Skype chat text filtering in China (April 2006):
     http://epic.org/redirect/101008_SKYPE_comments.html

Skype President addresses Chinese Privacy Breach (October 2008):
     http://epic.org/redirect/101008_SKYPE_president.html

EPIC's page on Olympic Privacy:
     http://epic.org/privacy/olympic/default.html

EPIC's link on Privacy & Human Rights (2006):
     http://epic.org/phr06/



=======================================================================
[5] Schneier, Friedman Speak at Press Club on Privacy
=======================================================================

Bruce Schneier, noted author and internationally recognized security
expert, and Philip Friedman, a Washington DC consumer protection
attorney participated in a Privacy '08 National Press Club event on
Monday, October 6, 2008.

The event was organized by the Electronic Privacy Information Center
(EPIC) to promote public discussion about privacy and the Presidential
campaign. Earlier, in September, EPIC held a Privacy '08 event at the
National Press Club, during which Bob Barr, the Libertarian Party
candidate for President, addressed privacy concerns facing the
American public. Congressman Barr spoke about numerous privacy topics,
and exhorted other candidates to debate on wiretapping and surveillance
issues. Barr also urged the public to challenge elected officials to
articulate their positions on how citizens' privacy relates to the
government's need to promote industry and prevent crime.

The Privacy 08 effort sought that the moderators of the Presidential
and Vice Presidential debates ask the candidates a question about
privacy. Gwen Ifill, moderator of the Vice Presidential Debate, did ask
a about privacy. Both Senators McCain and Obama have posted policy
statements about privacy on their web site, but neither candidate has
addressed this issue directly during the campaign.

Although Senator Obama and Senator McCain have not made privacy central
to their platforms, privacy issues have affected the campaigns.
In March 2008, the State Department determined that three private
contractors accessed the confidential passport files of Presidential
candidates Hillary Clinton, John McCain, and Barack Obama. An
independent government report later criticized lax federal protections
for sensitive passport data.

Privacy '08 Letter to Jim Lehrer:
     http://www.privacy08.org/pdf/Privacy08_Letter_to_Lehrer.pdf

Privacy '08 - a Time for Debate:
     http://www.privacy08.org/debates.php

Privacy Statement by Four Presidential Candidates:
     http://www.votenader.org/weagree/

Privacy '08 Facebook Cause:
     http://www.epic.org/redirect/fbprivacy08.html

Privacy '08 on Twitter:
     http://twitter.com/privacy08

Privacy '08 CafePress:
     http://www.cafepress.com/epicorg



=======================================================================
[6] October 11 - Freedom Not Fear
=======================================================================
ACTION: Join The Freedom not Fear Action Day in October 11

On October 11, 2008, many people around the world will raise their
voice against all mass scale surveillance and data retention practices
under the slogan of 'Freedom not Fear - Stop the Surveillance mania!"
From protest in the streets of Berlin and DJ parties in Paris to
workshops on privacy enhancing technologies and media campaigns in
Argentina, Guatemala, Peru and Chile, many citizens in 22 Europeans
countries, United States and Latin America will support the Freedom
not Fear Worldwide Action Day in their own creative way. 

"Support the campaigning, organize a conference, blog, moblog, podcast
the event, take pictures of all camera surveillance on the streets and
post it on your blog, raise your voice!" Beatriz Busaniche from
Fundacion Via Libre Argentina, said.

"Guatemala has a history of informers in every corner that led to major
human rights abuses. We learned from the past. Let us not repeat the
history. Let's take care our freedoms on October 11," Renata Avila,
Global Voices, Guatemala added.

In recognition of October 11, Freedom not Fear Day, many US
organizations set out the following recommendations:

* End Watch Lists, Fusion Centers and other data profiling programs
  that fail to comply with the full requirements of the federal Privacy
  Act;

* Affirm international human rights, including freedom of expression 
  and privacy protection so as to strengthen democratic institutions
  and protect the rights of individuals;

* Repeal the Patriot Act and other legal authorities that permit
  warrantless surveillance and unconstitutional monitoring and tracking
  of individuals;

* End the culture of secrecy that allows government officials to
  hide mismanagement, fraud, and incompetence behind the veil of
  "homeland security";

* Establish comprehensive data protection legislation that will
  safeguard personal information and reduce the risk of identity theft
  and security breaches.

In the United States, Marc Rotenberg, EPIC Executive Director said
"Many programs established by the United States after 9/11 have done
little to promote security, but they have diminished privacy and cost
taxpayers dearly. It is time to replace fear with reason, and secrecy
with transparency. EPIC supports the Freedom not Fear campaign and
joins with other groups in urging national governments to respect
individual rights, the rule of law, and democratic institutions."


More information:
Freedom not Fear Day in Washington, D.C., United States:
     http://www.thepublicvoice.org/fnf-dc/ 

Freedom not Fear Day, Worldwide Action Day:
     http://wiki.vorratsdatenspeicherung.de/Freedom_Not_Fear_2008

German Working Group on Data Retention (AK Vorrat):
     http://www.vorratsdatenspeicherung.de/index.php?lang=en

Freedom not Fear Day in Buenos Aires, Argentina:
     http://www.privacidad.org.ar

Freedom not Fear Day in Paris, France:
     http://www.humanrights21.org/

Freedom not Fear Day in Guatemala City, Guatemala:
     http://freedomnotfear.wordpress.com/ 

The Public Voice Facebook on Freedom Not Fear:
     http://www.facebook.com/group.php?gid=16165509212



=======================================================================
[6] News in Brief
=======================================================================

Senators Question Secret Trade Agreement

Sens. Patrick Leahy and Arlen Specter of the Senate Judiciary Committee
expressed concern that the Anti-Counterfeiting Trade Agreement (ACTA),
currently under negotiation by the U.S. Trade Representative may not
have been drafted with sufficient flexibility and could limit
Congress's ability to make appropriate refinements to intellectual
property law in the future. The senators questioned the lack of
transparency and the quick deliberations accompanying the negotiations.
In a letter to the U.S. Trade Representative, Susan Schwab, the
senators asked that the liability of service providers or technological
protection measures be left out from the agreement. The letter also
warned of a possibility of a significant impact in intellectual
property protections taking effect without formal Congressional
involvement.
ACTA was announced in October 2007, but the lack of transparency in the
negotiating process and a leaked discussion paper have caused alarm
among consumer rights groups and two of them have submitted a
Freedom of Information request in June this year asking for all the
records. In September, EPIC alerted readers about public interest NGO's
expressing concern about the ACTA Draft Treaty and the possibility
of policies that may limit legitimate business activity, the
participative web, and e-government service delivery.

Senators' letter to USTR:
     http://ip-watch.org/files/acta_letter.pdf

Announcement of ACTA:
     http://epic.org/redirect/101008_USTR_acta.html

EPIC Alert 15.18 ACTA article:
     http://epic.org/alert/EPIC_Alert_15.18.html#acta


President Signs Satellite Surveillance Bill
On October 7, 2008, President Bush signed a law permitting the
Department of Homeland Security to begin a satellite spy program
targeting US land. The provisions, part of a large budget bill, provide
funding for the federal government to expand its surveillance of US
territory via satellite. Independent federal investigators at the
Government Accountability Office have questioned the program's
compliance with federal privacy and civil liberties obligations.
Federal officials failed to release the investigators' full report.
Congressman Bennie G. Thompson, Chairman of the House Homeland Security
Committee, has called for a halt to the program, and referred to the
spy plan "Big Brother in the Sky."

Congressmen Call for Moratorium on Spy Satellite Program:
     http://homeland.house.gov/issues/index.asp?ID=262

Department of Homeland Security Fact Sheet 
-National Applications Office:
     http://www.dhs.gov/xnews/releases/pr_1187188414685.shtm



PBS Series Highlights Surveillance State

Thought Total Information Awareness was dead?  The "Last Enemy" is now
showing in the US on Sunday evenings on PBS. The popular BBC series
brings John Poindexter's surveillance fantasy to life with a rock star
cast in London and enough  digital dystopia to make even the folks at
the Department of Homeland Security take a breath. For the full October
2008 Orwell movie festival  experience, be sure to see also
"Eagle Eye," starring Shia LaBeouf, and  "Body of Lies" with Russell
Crowe and Leonardo DiCaprio.

PBS Masterpiece, The "Last Enemy":
     http://www.pbs.org/wgbh/masterpiece/lastenemy/

"The Last Enemy" on YouTube
(with creepy Total Information Awareness opening):
     http://www.youtube.com/watch?v=EmGIuSncvd4

IMDb, "Eagle Eye":
     http://www.imdb.com/title/tt1059786/

IMDb, "Body of Lies":
     http://www.imdb.com/title/tt0758774/



Article 29 Working Party agrees to nine country mutual data protection:

The European Union Article 29 Data Protection Working Party approved
and agreed that the countries of France, Germany, Ireland, Italy,
Latvia, Luxembourg, Netherlands, Spain and the United Kingdom give
mutual recognition to Binding Corporate Rules (BCR) on Data Protection.
The countries agreed to have the BCRs sent through the BCR coordination
procedure.

Once the Lead Authority on Data Protection circulates the approved
draft, other Data Protection Authorities to recognize it as a policy
commitment and permit and authorize the binding corporate rules
directly or advice the body which in turn provides that authorization.

Privacy Laws & Business, October 8, 2008:
     http://http://www.privacylaws.com



Article 29 Working Party has many doubts about US electronic visas

The European Union Privacy Commissioners is seeking to clarify many
aspects of the US Electronic System for Travel Authorization (ESTA).
ESTA requires passengers to submit telephone numbers, email addresses
and other data which will be retained for a period of 75 years. It will
replace the existing paper I-94W filled in by travelers on flight to
the United States.
While ESTA is now on a voluntary basis since August 2008, the Privacy
Commissioners are seeking more information on how the existing
sensitive data that is already collected is being dealt with, how
travelers will have access to their information and update its accuracy
over time. The Privacy Commissions also want to know the consequences
when travel authorization documents are lost or stolen.

Electronic System for Travel Authorization (ESTA):
     http://www.cbp.gov/esta

EPIC's page on Air Travel Privacy:
     http://epic.org/privacy/airtravel/

Privacy Laws & Business, October 8, 2008
     http://http://www.privacylaws.com

=======================================================================
[8] EPIC Bookstore: "Playing the Identity Card"
=======================================================================

"Playing the Identity Card"
Edited by Colin J. Bennett and David Lyon

     http://www.powells.com/biblio/72-9780415465649-0

In a world where a person is dependent on documents to establish that
they 'are who they say they are' the ubiquity of identity cards hardly
seems surprising. But, the extent to which identity cards form a mode
of governance and are seen as an exercise of authority by the State or
alternately the conferring of benefits, remains a matter of perception
within the designated populace.

"Playing the Identity Card' provides a valuable insight into the
present methods of identification around the world. This book also
includes future suggested changes from eleven countries having the
largest population in addition to two international organizations. Each
country profile is written by a different author and offers a local
flavor of how an identity document is viewed, its origins and socio-
political perspectives.

The nature and consequences of sharing and processing personal
information across bureaucratic divides mandates inter-agency
cooperation. The need for standardized information interchange amidst
different types of identity cards, corporate influence and ultimate
needs and goals for the government form the focal points in each
country's discussion.

Although concepts of privacy differ from country to country, identity
cards are tools of governance that help in classifying differing levels
of authorization. In spite of the fact that they are termed voluntary,
opting out may impose significant disadvantages on the citizen.
Drawing conclusions from the past experiences of identity card holders
yields valuable information in extrapolating to future implementation
in other scenarios. Analyzing the motivations behind the need for
identity documents is essential to understanding possible alternatives.

Overall, the book examines different angles leading up to and the
supporting basis of the requirement of identity cards, set against
political cultures and policy legacies of each State and offer a
factual account of existing identity card regimes. The authors conclude
that identity cards do stand out as a classic, authority-based model of
government based on command and sanction in an era when policy-making
is characterized by new governance arrangements and innovative ways to
co-regulate society.

-- Anirban Sen



================================

EPIC Publications:

"Litigation Under the Federal Open Government Laws 2008", edited by
Harry A. Hammitt, Marc Rotenberg, John A. Verdi, and Mark S. Zaid
(EPIC 2008). Price: $60.

http://epic.org/bookstore/foia2008/
	
Litigation Under the Federal Open Government Laws is the most
comprehensive, authoritative discussion of the federal open access
laws. This updated version includes new material regarding the
substantial FOIA amendments enacted on December 31, 2007. Many of the
recent amendments are effective as of December 31, 2008. The standard
reference work includes in-depth analysis of litigation under Freedom
of Information Act, Privacy Act, Federal Advisory Committee Act,
Government in the Sunshine Act. The fully updated 2008 volume is the
24th edition of the manual that lawyers, journalists and researchers
have relied on for more than 25 years. 

================================

"Information Privacy Law: Cases and Materials, Second Edition" Daniel
J. Solove, Marc Rotenberg, and Paul Schwartz. (Aspen 2005). Price: $98.

http://www.epic.org/redirect/aspen_ipl_casebook.html

This clear, comprehensive introduction to the field of information
privacy law allows instructors to enliven their teaching of fundamental
concepts by addressing both enduring and emerging controversies. The
Second Edition addresses numerous rapidly developing areas of privacy
law, including: identity theft, government data mining and electronic
surveillance law, the Foreign Intelligence Surveillance Act,
intelligence sharing, RFID tags, GPS, spyware, web bugs, and more.
Information Privacy Law, Second Edition, builds a cohesive foundation
for an exciting course in this rapidly evolving area of law.

================================

"Privacy & Human Rights 2006: An International Survey of Privacy Laws
and Developments" (EPIC 2007). Price: $75.
http://www.epic.org/phr06/

This annual report by EPIC and Privacy International provides an
overview of key privacy topics and reviews the state of privacy in over
75 countries around the world. The report outlines legal protections,
new challenges, and important issues and events relating to privacy.
Privacy & Human Rights 2006 is the most comprehensive report on privacy
and data protection ever published.

================================

"The Public Voice WSIS Sourcebook: Perspectives on the World Summit on
the Information Society" (EPIC 2004). Price: $40.

http://www.epic.org/bookstore/pvsourcebook

This resource promotes a dialogue on the issues, the outcomes, and the
process of the World Summit on the Information Society (WSIS). This
reference guide provides the official UN documents, regional and
issue-oriented perspectives, and recommendations and proposals for
future action, as well as a useful list of resources and contacts for
individuals and organizations that wish to become more involved in the
WSIS process.

================================

"The Privacy Law Sourcebook 2004: United States Law, International Law,
and Recent Developments," Marc Rotenberg, editor (EPIC 2005). Price:
$40.

http://www.epic.org/bookstore/pls2004/

The Privacy Law Sourcebook, which has been called the "Physician's Desk
Reference" of the privacy world, is the leading resource for students,
attorneys, researchers, and journalists interested in pursuing privacy
law in the United States and around the world. It includes the full
texts of major privacy laws and directives such as the Fair Credit
Reporting Act, the Privacy Act, and the OECD Privacy Guidelines, as well
as an up-to-date section on recent developments. New materials include
the APEC Privacy Framework, the Video Voyeurism Prevention Act, and the
CAN-SPAM Act.

================================

"Filters and Freedom 2.0: Free Speech Perspectives on Internet Content
Controls" (EPIC 2001). Price: $20.

http://www.epic.org/bookstore/filters2.0

A collection of essays, studies, and critiques of Internet content
filtering. These papers are instrumental in explaining why filtering
threatens free expression.

================================

EPIC publications and other books on privacy, open government, free
expression, crypto and governance can be ordered at:

EPIC Bookstore
http://www.epic.org/bookstore

"EPIC Bookshelf" at Powell's Books
http://www.powells.com/bookshelf/epicorg.html

================================

EPIC also publishes EPIC FOIA Notes, which provides brief summaries of
interesting documents obtained from government agencies under the
Freedom of Information Act.

Subscribe to EPIC FOIA Notes at:
https:/mailman.epic.org/mailman/listinfo/foia_notes


=======================================================================
[8] Upcoming Conferences and Events
=======================================================================

Europe-wide action day "Freedom not fear." October 11, 2008.
Multiple sites. For more information:
http://wiki.vorratsdatenspeicherung.de/Freedom_Not_Fear_2008

International Symposium on Data Protection in Social Networks.
October 13, 2008, Strasbourg. For more information:
http://epic.org/intsymposium_sns.html

30th International Data Protection and Privacy Conference:
Protecting Privacy in a Borderless World. October 15-17, 2008,
Strasbourg. For more information:
http://www.privacyconference2008.org

European Dialogue on Internet Governance (EuroDIG). October 20-21,
2008, Strasbourg, France http://www.eurodig.org/

Privacy in Social Network Sites Conference October 23-24, 2008.
Delft University of Technology, Faculty of TPM, The Netherlands. For
more information: http://www.ethicsandtechnology.eu

Third Internet Governance Forum. December 3-6, 2008. Hyderabad,
India. For more information: http://www.intgovforum.org

Tilting perspectives on regulating technologies, Tilburg Institute
for Law and Technology, and Society, Tilburg University. December
10-11, Tilburg, Netherlands
http://www.tilburguniversity.nl/tilt/conference

The American Conference Institute is hosting the 8th National Symposium
on Privacy and Security of Consumer and Employee Information at the
Four Points by Sheraton , Washington, DC. January 27-28, 2009,
Washington, DC.

http://www.americanconference.com/Privacy.htm



=======================================================================
Subscription Information
=======================================================================

Subscribe/unsubscribe via web interface:
https://mailman.epic.org/mailman/listinfo/epic_news

Back issues are available at:
http://www.epic.org/alert


The EPIC Alert displays best in a fixed-width font, such as Courier.

=======================================================================
Privacy Policy
=======================================================================

The EPIC Alert mailing list is used only to mail the EPIC Alert and to
send notices about EPIC activities. We do not sell, rent or share our
mailing list. We also intend to challenge any subpoena or other legal
process seeking access to our mailing list. We do not enhance (link to
other databases) our mailing list or require your actual name.

In the event you wish to subscribe or unsubscribe your e-mail address
from this list, please follow the above instructions under "subscription
information."

=======================================================================
About EPIC
=======================================================================

The Electronic Privacy Information Center is a public interest research
center in Washington, DC. It was established in 1994 to focus public
attention on emerging privacy issues such as the Clipper Chip, the
Digital Telephony proposal, national ID cards, medical record privacy,
and the collection and sale of personal information. EPIC publishes the
EPIC Alert, pursues Freedom of Information Act litigation, and conducts
policy research. For more information, see http://www.epic.org or write
EPIC, 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009. +1 202
483 1140 (tel), +1 202 483 1248 (fax).

=======================================================================
Donate to EPIC
=======================================================================

If you'd like to support the work of the Electronic Privacy Information
Center, contributions are welcome and fully tax-deductible. Checks
should be made out to "EPIC" and sent to 1718 Connecticut Ave., NW,
Suite 200, Washington, DC 20009. Or you can contribute online at:

http://www.epic.org/donate

Your contributions will help support Freedom of Information Act and
First Amendment litigation, strong and effective advocacy for the right
of privacy and efforts to oppose government regulation of encryption and
expanding wiretapping powers.

Thank you for your support.

=======================================================================
Support Privacy '08
=======================================================================

If you would like more information on Privacy '08, go online and search
for "Privacy 08." You'll find a Privacy08 Cause at Facebook, Privacy08
at Twitter, a Privacy08 Channel on YouTube to come soon, and much more.
You can also order caps and t-shirts at CafePress Privacy08.

Start a discussion. Hold a meeting. Be creative. Spread the word. You
can donate online at epic.org. Support the campaign.

Facebook Cause:
http://www.epic.org/redirect/fbprivacy08.html

Twitter:
http://twitter.com/privacy08

CafePress:
http://www.cafepress.com/epicorg

------------------------- END EPIC Alert 15.20 ------------------------