EPIC logo

=======================================================================
                              E P I C   A l e r t
=======================================================================
Volume 15.22                                          November 11, 2008
-----------------------------------------------------------------------

                                Published by the
                   Electronic Privacy Information Center (EPIC)
                                Washington, D.C.

                 http://www.epic.org/alert/EPIC_Alert_15.22.html


=======================================================================
Table of Contents
=======================================================================
[1] Privacy '08: Election of Barack Obama to Be the 44th President
[2] In EPIC lawsuit, Federal Judge to Review Warrantless Wiretap Memos
[3] Federal Regulators Delay Implementation of Final Rules on ID Theft
[4] United States Supreme Court agrees to hear DNA case
[5] Google, Yahoo Drop Deal After Antitrust Review
[6] News in Brief
[7] EPIC Bookstore: "The Supreme Court"
[8] Upcoming Conferences and Events
  	- Subscription Information
  	- Privacy Policy
  	- About EPIC
  	- Donate to EPIC http://www.epic.org/donate
  	- Support Privacy '08 http://www.privacy08.org
	- Job Announcement

=======================================================================
[1] Privacy '08: Election of Barack Obama to Be the 44th President
=======================================================================

On January 20, 2009, President Elect Obama will become the 44th
President of the United States. Throughout his campaign for the
presidency, Senator Obama addressed the issues of privacy, Executive
Authority, and data protection beginning with the release of his
technology policy's position paper for his campaign in November 2007.
The technology policy position paper said, "Safeguard our Right to
Privacy: The open information platforms of the 21st century can also
tempt institutions to violate the privacy of citizens. As president,
Barack Obama will strengthen privacy protections for the digital age
and will harness the power of technology to hold government and
business accountable for violations of personal privacy."

In December 2007, Senator Obama, responded to a Boston Globe
presidential candidate survey on presidential power. The survey
included a question on whether the president has inherent powers under
the Constitution to conduct surveillance for national security purposes
without judicial warrants. Senator Obama's reply rejected the assertion
that the President has the power by stating "The Supreme Court has
never held that the president has such powers. As president, I will
follow existing law, and when it comes to U.S. citizens and residents,
I will only authorize surveillance for national security purposes
consistent with FISA and other federal statutes." The survey asked a
question about presidential discretion, "Does the Constitution empower
the president to disregard a congressional statute limiting the
deployment of troops...?" Senator Obama responded that "No, the
President does not have that power."

In March 2008, it was disclosed that a State Department employee
repeatedly breached the passport files of Senators Clinton, McCain, and
Senator Obama. In response, Senator Obama spoke forcefully about the
privacy rights of data subjects and said that the matter should be
investigated "diligently and openly." He spoke of the need of the
American people to be secure in the belief that their records with
government agencies are kept private by saying, "One of the things that
the American people count on in their interactions with any level of
government is that if they have to disclose personal information, that
it will stay personal and stay private." Senator Obama also called for
the full participation of Congressional Oversight Committees in the
investigation, "I think that it should be done in conjunction with
those Congressional Committees that have oversight so that it is not
simply an internal matter. It is not because I have any particular
concern... but because we should have a set clear principles for
people having confidence that when they give information to their
government, that it is not going to be misused."


Senator Obama also spoke in support of medical and family privacy
when confronted by reporters for comment following the disclosure
that Governor Palin's unwed teenage daughter was pregnant, by saying
"Let me be as clear as possible. I think people's families are off-
limits, and people's children are especially off-limits. This shouldn't
be part of our politics. It has no relevance to Gov. Palin's
performance as governor or her potential performance as a vice
president." He ended his comments by saying, "My mother was eighteen
when she had me."

President-elect Obama, a former Constitutional law professor, in the
final debate prior to the election, expressed his position that the
"Constitution has a right to privacy in it that should not be subject
to state referenda."

Privacy emerged in other ways during the campaign, for example,
following her nomination, Governor Palin's personal e-mail account was
accessed by online snoopers. When accused of breaching local and state
government records related to a plumber repeatedly referenced by
Senator McCain during the final debate, Senate Obama said, "Invasions
of privacy should not be tolerated. If these records were accessed
inappropriately, it had nothing to do with our campaign and should be
investigated fully."

EPIC's Privacy '08 campaign enters the transition phase in preparation
for the next Administration. The campaign was successful in engaging
candidates in discussions related to privacy policy and the next
administration. The focus of the project now shifts to administration
transition and federal government institution reform.


Candidate Obama Statement on Technology
     http://www.barackobama.com/issues/technology/

Obama's Replies to Boston Globe Survey on Executive Authority
     http://epic.org/redirect/110708_Obama_Boston_Globe.html

EPIC Alert 15.07 passport breach of State Department Records:
     http://epic.org/alert/EPIC_Alert_15.07.html

Obama's Response to Data Breach:
     http://epic.org/redirect/110708_Obama_CNN_Passport.html

Obama on Constitutional Right to Privacy:
     http://epic.org/redirect/110708_Obama_CNN_DebatePrivacy.html

Obama on family privacy:
     http://epic.org/redirect/110708_Obama_CNN_FamilyPrivacy.html

Joe the Plumber Data Breaches:
     http://epic.org/redirect/110708_Obama_JoePlumber_DataBrch.html

Privacy '08 Facebook Cause:
     http://www.epic.org/redirect/fbprivacy08.html

Privacy '08 on Twitter:
     http://twitter.com/privacy08

Privacy '08 CafePress:
     http://www.cafepress.com/epicorg



=======================================================================
[2] In EPIC lawsuit, Federal Judge to Review Warrantless Wiretap Memos
=======================================================================

On October 31, a federal judge ordered the US Department of Justice to
provide for independent judicial inspection of documents relating to
the President's warrantless wiretapping program. In EPIC v. DOJ, EPIC,
the ACLU, and the National Security Archive are seeking documents
authored by government lawyers regarding the President's warrantless
wiretapping program. The opinions, prepared by the Office of Legal
Counsel, provided the legal basis for the President to wiretap American
citizens in the United States without court approval. The order
requires the government to disclose the documents to the court by
November 17.

EPIC seeks the disclosure of opinions prepared by the Department of
Justice Office of Legal Counsel regarding the President's warrantless
domestic surveillance program. The Office of Legal Counsel (OLC)
regularly issues opinions on a variety of topics in response to legal
questions posited by the President and the heads of executive
departments.

Government lawyers have also withheld the memos from lawmakers charged
with overseeing the department. After the department stymied efforts to
shed light on the OLC opinions, Senate Judiciary Committee Chairman
Patrick Leahy recently issued a subpoena requiring Attorney General
Michael Mukasey to disclose information regarding the federal
government's terrorism-related activities, including its warrantless
surveillance program. Senator Leahy wrote, "There is no legitimate
argument for withholding the requested materials from this Committee."
Senator Edward Kennedy previously criticized the secrecy surrounding
the Office of Legal Counsel opinions, arguing that the Administration's
selective disclosure of the documents to a tiny number of legislators
"is a pale shadow of the real disclosure that Americans deserve."

EPIC began the Freedom of Information Act lawsuit in December 2005,
after the New York Times first reported the details of the wiretap
program. EPIC requested documents relating to legal opinions that
were prepared to justify the program. The DOJ refused to produce
several key documents, and EPIC sued, demanding that the DOJ disclose
the documents in compliance with the Freedom of Information Act.

EPIC v. DOJ Page on the National Security Agency's
Warrantless Surveillance Program:
     http://epic.org/privacy/nsa/foia/

Court Order Requiring Judicial Review of DOJ Documents:
     http://epic.org/privacy/nsa/foia/103108_order.pdf

EPIC's Complaint Against the Department of Justice:
     http://www.epic.org/privacy/nsa/complaint_doj.pdf

Senator Patrick Leahy's October 21, 2008 Letter to
Attorney General Michael Mukasey:
     http://epic.org/redirect/110708_Leahy_letter_Mukasey_Wwiretap.html

Press Release, "Kennedy Calls for Oversight of Warrantless Wiretapping"
January 24, 2008:
     http://epic.org/redirect/kennedy.html



=======================================================================
[3] Federal Regulators Delay Implementation of Final Rules on ID Theft
=======================================================================

On October 22, the Federal Trade Commission delayed enforcement of
rules requiring financial institutions and creditors to implement
identity theft prevention programs. The rules, originally slated to go
into effect on November 1, 2008, are intended to spur better
identification of patterns and activities that are "red flags"
signaling identity theft. The Commission will begin enforcing the
"red flags" rule on May 1, 2009, six months after the target date.

Regulators delayed the rules, a move that postpones badly needed
identity theft protections for consumers, because many corporations
reportedly "had not followed or even been aware of the rulemaking, and
therefore learned of the Rule's requirements too late to be able to
come into compliance by November 1, 2008." However, federal regulators
previously provided several notices of the November deadline. Congress
passed the law in 2003. The Commission, federal bank regulatory
agencies, and the National Credit Union Administration publicly issued
the final regulations on October 31, 2007. In June 2008, the Commission
published a Business Alert detailing upcoming compliance obligations. 

The "red flags" rules require financial institutions and creditors to
maintain identity theft prevention programs that identify, detect, and
respond to patterns, practices, or specific activities that could
indicate identity theft. Such patterns and activities include: alerts,
notifications, or warnings from a consumer reporting agency; suspicious
documents; suspicious personally identifying information, such as a
suspicious address; unusual use of - or suspicious activity relating to
- a covered account; and notices from customers, victims of identity
theft, law enforcement authorities, or other businesses about possible
identity theft in connection with covered accounts. The rules are
intended to curb identity theft, which consumers consistently cite as a
top concern, and which results in billions of dollars in losses each
year. 

The federal rules were developed pursuant to the Fair and Accurate
Credit Transactions (FACTA) Act of 2003, a federal law that amended the
federal Fair Credit Reporting Act. The FACTA added significant remedial
identity theft provisions to federal law. in 2003, EPIC testified
before Congress regarding the FACTA, supporting the inclusion of
stronger privacy and identity theft protections in the law. "Americans
need greater protections to address problems with identity theft,
privacy, and inaccuracy," EPIC argued.

FTC Grants Delay in Enforcement of "Red Flags" ID Theft Rules,
October 22, 2008:
     http://www.ftc.gov/opa/2008/10/redflags.shtm

FTC Enforcement Policy Statement Regarding "Red Flags" ID Theft Rules,
October 22, 2008:
     http://www.ftc.gov/os/2008/10/081022idtheftredflagsrule.pdf

EPIC's Testimony in Congress Regarding the Fair and Accurate Credit
Transactions (FACTA) Act of 2003, July 9, 2003:
     http://epic.org/privacy/fcra/2622testimony.html

FTC Business Alert to Companies Covered by "Red Flags" ID Theft Rule,
June 2008:
     http://www.ftc.gov/bcp/edu/pubs/business/alerts/alt050.shtm

Federal Register Notice Issuing "Red Flags" ID Theft Rules:
     http://ftc.gov/os/fedreg/2007/november/071109redflags.pdf

Agencies Issue Final Rules on Identity Theft Red Flags,
October 31, 2007:
     http://ftc.gov/opa/2007/10/redflag.shtm



=======================================================================
[4] United States Supreme Court Agrees to Hear DNA Case
=======================================================================

The Supreme Court has agreed to hear a case on whether a prisoner has a
post-conviction right of access to evidence for the purpose of DNA
testing. Currently, 44 states have enacted laws allowing prisoners to
demand access for post conviction testing. The Supreme Court will now
decide if the state's affirmative duty to disclose exculpatory material
requires providing access to evidence for fresh DNA testing.

In District Attorney's Office v. Osborne, the defense counsel did not
seek the best DNA testing available at that time of trial. However, the
Federal Appeals Court ordered prosecutors in Alaska to turn over DNA
evidence that had been used to convict Osborne. The Appeals Court held
that Osborne did not have access to the newly available DNA testing
method at the time of trial. The new method allows Osborne to be
identified or excluded as the source of the DNA to a virtual certainty.

In 1998, the Federal Bureau of Investigation (FBI) initiated a project,
Combined DNA Index System (CODIS), that allowed the storing of genetic
profiles by law enforcement agencies which could later be searched for
possible suspects. The collection of genetic information for creating
profiles and searchable databases have raised significant privacy
concerns. EPIC has argued that the agency should limit access to
material that must be preserved under law to government agencies that
will use the material to further the legislative purpose of crime
investigation.

Genetic data poses significant privacy risks because it can serve as
an identifier conveying sensitive personal information about the
individual and his or her family. In the criminal justice system, DNA
is used to ascertain the identity of an individual and point towards
his guilt. However, EPIC contends, genetic evidence, once collected,
should also be allowed to exonerate an accused including post-
conviction exonerations. According to The Innocence Project, there have
been 223 post-conviction DNA exonerations in United States since 1989.

EPIC has argued on genetic privacy on numerous occasions and has
filed a number of amicus briefs. EPIC recommended that limitations be
imposed on the collection and use of genetic material. In a case
involving DNA dragnets, where police requests members of a known group
or community to provide DNA samples to be matched against that of the
perpetrator, EPIC recommended that DNA dragnets should conform to best
practices to ensure that Fourth Amendment guarantees are not violated
and employ such practices only when all alternate investigative avenues
have been exhausted. Such dragnets also raise substantial problems
associated with racial profiling, coercion, and data retention. Another
case EPIC argued that the compelled production of DNA samples from
probationers unrelated to a particular criminal investigation violates
the Fourth Amendment. EPIC has also argued that DNA contained more
information than a fingerprint and that, in the absence of privacy
safeguards, a DNA sample collected for one purpose could be used in
the future for an unrelated purposes. EPIC also submitted comments to
the United States Department of Justice for the preservation of
biological evidence and urged a definition of privacy obligations
affecting the implementation of a statute providing new avenues of
post-conviction relief for defendants to be outside the recognized
purpose of the statute.


EPIC's page on District Attorney's Office v. Osborne:
     http://epic.org/privacy/osborne

Osborne v. Dist. Attorney's Office, 521 F.3d 1118 (9th Cir. 2008):
     http://epic.org/redirect/110708_CA9_Osborne.html

United States Supreme Court Petition for certiorari:
     http://epic.org/redirect/110708_SCOTUS_Osborne-cert.html

United States Supreme Court Brief in opposition:
     http://epic.org/redirect/110708_SCOTUS_Osborne-Opp.html

United States Supreme Court Petitioner's reply:
     http://epic.org/redirect/110708_SCOTUS_Osborne-Rep.html

EPIC's page on Genetic Privacy:
     http://epic.org/privacy/genetic/

EPIC's page on Kohler v. Englade:
     http://epic.org/privacy/kohler/

EPIC's amicus brief in Kohler v. Englade:
     http://epic.org/privacy/kohler/amicus.pdf

EPIC's page on United States v. Kincade:
     http://epic.org/privacy/kincade/

EPIC's amicus brief in United States v. Kincade:
     http://www.epic.org/privacy/genetic/kincade_amicus.pdf

EPIC's page on Quander v. Johnson:
     http://epic.org/privacy/johnson/

EPIC's amicus brief in Quander v. Johnson:
     http://epic.org/privacy/johnson/johnson_cert_amicus.pdf

EPIC's comment to DOJ on Preservation of Biological Evidence:
     http://epic.org/privacy/genetic/062705dna_comments.html

Innocence Project:
     http://www.innocenceproject.org/



=======================================================================
[5] Google, Yahoo Drop Deal After Antitrust Review
=======================================================================

Following an antitrust review by the US Department of Justice, Google,
the internet's largest search engine, abandoned its planned advertising
arrangement with Yahoo, a Google competitor. In June, the two internet
search companies announced plans to coordinate the sale of online
advertisements. The agreement would have granted Yahoo! the option
to use Google to sell ads for placement on Yahoo!'s search results
pages and certain third-party syndication partner Web sites in place of
ads sold through Yahoo!'s competing search advertising platform.

The US Department of Justice scrutinized the deal, and expressed
concern that the arrangement would eliminate competition for
Internet-based advertising. The Department's investigation revealed
that Internet search advertising and Internet search syndication are
each relevant antitrust markets and that Google is by far the largest
provider of such services, with shares of more than 70 percent in both
markets. Yahoo! is by far Google's most significant competitor in
both markets, with combined market shares of 90 percent and 95 percent
in the search advertising and search syndication markets, respectively.
Yahoo! provides an alternative to Google for many advertisers and
syndication partners, and Yahoo! recently had begun making significant
investments in order to compete more effectively against Google,
including the 2007 introduction of its Panama search advertising
platform.

Government lawyers said that, "if implemented, the agreement between
these two companies accounting for 90 percent or more of each relevant
market would likely harm competition" and threatened to file a lawsuit
to scuttle the deal. According to Thomas O. Barnett, Assistant Attorney
General in charge of the Department's Antitrust Division, "The
arrangement likely would have denied consumers the benefits of
competition -lower prices, better service and greater innovation."

In 2007, EPIC urged the Federal Trade to impose conditions in a similar
merger review, involving Google and Doubleclick. The FTC failed to do
so, even after the Commission issued a "Second Request," which typically
signals an intent to block or modify a deal.

The outcome in the FTC Google-Doubleclick merger review raised concerns
about the independence of the Commission, following the revelation that
the spouses of two Commissioners, including the Chairman, worked for the
law firm that represented Doubleclick in the proceeding. Chairman
Majoras resigned from the Commission shortly after the Doubleclick deal
was finalized.

President-elect Barak Obama is expected to name several new members to
the Federal Trade Commission, including a new Chairman.


Google, "Ending our agreement with Yahoo!":
     http://epic.org/redirect/110708_Google_Yahoo_goodbye.html

Google, "Our agreement to provide ad technology to Yahoo!":
     http://epic.org/redirect/110708_Google_Yahoo_AdAgreement.html

Department of Justice, "Yahoo! Inc. and Google Inc. Abandon Their
Advertising Agreement Resolves Justice Department's Antitrust Concerns,
Competition Is Preserved in Markets for Internet Search Advertising":
     http://www.usdoj.gov/opa/pr/2008/November/08-at-981.html

EPIC, "Privacy? Proposed Google/DoubleClick Deal":
     http://epic.org/privacy/ftc/google/

EPIC, "Regarding the Majority Opinion of the Federal Trade Commission
in Proposed Acquisition of Doubleclick":
     http://epic.org/privacy/ftc/google/EPIC_statement122007.pdf



=======================================================================
[6] News in Brief
=======================================================================

EPIC supports privacy of Washington D.C. Metro passengers:

On October 29, 2008 EPIC staff joined the organizers at
FlexYourRights.org who were handing out flyers at Dupont Circle Metro 
station against the searching of carry-on items of passengers for
possible explosives, before entering the Metro stations. The EPIC staff
also handed out the flyers and displayed the "Privacy '08" banner.
The Washington Metropolitan Area Transit Authority recently announced a
rule authorizing officers to randomly select passengers items for
inspection. However, in the process, if an illegal item, unrelated to
the reason for the search, is discovered, the item can be confiscated
as evidence and the police will cite or arrest the individual. Also, if
a "suspicious" person is not selected for inspection, even then the
carry-on bag will still be subject to inspection if the officer has
a reasonable suspicion about the person. The legality of these searches
is based on a Circuit Court decision arising from New York holding such
searches to be constitutional if, among other things, the passengers
receive notice of such a search and that it is voluntary. Although a
passenger may decline the search and leave the Metro, police may arrest
anyone who refuses to be searched and later attempts to re-enter the
Metro. The decision also dictates that officers conducting the search
may not exercise any discretion in determining whom to search and may
not conduct the inspection for longer that necessary to determine that
the individual is not carrying an explosive device.


Washington Metropolitan Area Transit Authority Press Release:
     http://epic.org/redirect/110708_WMATA_PressRelease.html

Washington Metropolitan Area Transit Authority Search FAQs:
     http://www.wmata.com/faqs/preview.cfm?faqID=50

FlexYourRights.org flyer:
     http://epic.org/redirect/110708_FlexYourRights_flyer.html

MacWade v. Kelly (2nd Cir. 2006):
     http://www.aele.org/law/2006LRSEP/macwade-kelly.html

Facebook - Stop DC Metro Searches:
     http://www.facebook.com/event.php?eid=41115218932

Protesters Oppose Metro Bag Searches, ABC 7 News:
     http://www.wjla.com/news/stories/1008/565559_video.html



President's Task Force Reports on Identity Theft

The President's Identity Theft Task force submitted a Strategic Plan to
the President in April 2007 outlining the nature and scope of identity
theft and offered a 31 recommendations to the Federal Government.
In a recent report, the Task Force documented efforts to implement the
Strategic Plan. The Strategic Plan contained recommendations in four
key areas: Data protection, avoiding data misuse, victim assistance and
deterrence. The report states that the Task Force launched initiatives
aimed at making the federal government a better custodian of personal
information and leading the Office of Personnel Management to eliminate
unnecessary uses of Social Security Numbers in aspects of work. Member
agencies of the Task Force also held workshops and launched initiatives
in assisting identity theft victims. The Task Force also worked on the
betterment of law enforcement's ability to investigate, prosecute and
punish identity thieves.
EPIC has long advocated various ways and means to curbing the problem
of identity theft. Earlier this year, EPIC filed comments with the
Federal Regulators urging them to include civil penalties in
settlements arising from data breaches by TJX, Reed Elsevier, and
Seisint. These cases are also mentioned in the report.

President's Task Force Report on Identity Theft:
     http://www.ftc.gov/os/2008/10/081021taskforcereport.pdf

EPIC's page on Identity Theft:
     http://epic.org/privacy/idtheft/

EPIC's page on Identity Theft and Domestic Abuse:
     http://epic.org/privacy/dv/identity_theft.html

EPIC's comments to FTC for inclusion of civil penalties:
     http://epic.org/privacy/idtheft/042808_ftc.pdf



GAO Report Finds SSNs are Widely Available in Bulk

The United States Government Accountability Office (GAO) in a recent
report to Senator Charles E. Schumer published details outlining the
extent, purpose and to whom public records containing Social Security
Numbers (SSNs) are made available for purchase and what measures had
been taken to protect SSNs from in these records.
The GAO report found that many county public records containing SSNs
are available in bulk to both businesses and persons as a result of
state open records laws and also because private companies request
access to these records to support their businesses. Of the counties
surveyed, only 16 percent actually placed restrictions on the types
of entities that have access to these records. Although title companies
usually received these records, the survey found that records are also
obtained by mortgage companies as well as data resellers. The survey
also revealed that 62 percent of the counties have not initiated
redacting or truncating SSNs. The report concludes by leaving to the
Congress the need of balancing the confidentiality of SSNs and the
open access to public records.


GAO report on the wide availability of Social Security Numbers:
     http://www.gao.gov/new.items/d081009r.pdf

EPIC Social Security Number (SSN) Privacy page:
     http://epic.org/privacy/ssn/



UK government forces closure of tax website over security breach

The United Kingdom's Department for Work and Pensions shutdown key
government computing systems after a 4-gigabyte memory stick, a thumb
size digital memory device, containing data records on 12 million was
found in a car park. The data found on the memory stick included
passwords that would allow Web access to personal information of data
subjects. The agency reacted by closing all Web access to the online
data service portal provided to users. The services offered to
e-government users included self-assessment tax returns, VAT returns,
pension entitlements and child benefits. Government officials past
response to reticence about the wisdom of concentrating so much data
in one database was that it was secure. This is the most recent in a
long line of government data breaches, which have risen to 277.

Daily Mail's article on memory stick containing personal data:
     http://epic.org/redirect/110708_DataBreach_DailyMail.html

EPIC's comments to FTC for inclusion of civil penalties:
     http://epic.org/privacy/idtheft/042808_ftc.pdf



Consumer Group Calls Attention to Google Chrome's Security Flaws

The security flaws contained within Google Chrome have been the subject
of discussion since its launch in September 2008. Now, Consumer Group
has called attention to Google's auto-suggest feature (built-in within
Google Chrome). A video released on YouTube demonstrates how merely
typing in letters of a word sends the information to Google which could
be revealed by the use of packet sniffers in the network. Also, the
letters are stored on Google's servers which could potentially be
acquired through search warrants and may lead to drawing of unwarranted
assumptions and conclusions. The video explains that these features are
not transparent and no readily visible options exist for disabling
them. Other groups such as Center for Digital Democracy, have described
Chrome as a "digital Trojan horse to collect even more masses of
consumer data". London based Privacy International has also lamented
that it was impossible to track information acquired by Google.

Google's Growth Raises Privacy Concerns:
     http://edition.cnn.com/2008/TECH/11/04/google.privacy.ap/

Consumer Watchdog Exposes Google Privacy Problems:
     http://epic.org/redirect/110708_Google_probs_ConWatDog.html

Consumer Watchdog's YouTube video:
     http://www.consumerwatchdog.org/google



Mortgage Company Settles After Data Breach

Premier Capital Lending, Inc., routinely obtained credit reports from
consumer reporting agencies that contained sensitive personal
information about customers and potential customers. A hacker broke
into Premier's computer by exploiting features and obtained Premier's
username and password and used these credentials to get over 400
credit reports using Premier's account. The Federal Regulators stated
that Premier failed to live up to its privacy policy of protecting the
privacy and confidentiality of customer information. The Federal
Regulators agreed to a proposed consent agreement that is open for
public comment till December 5, 2008. EPIC had previously submitted
comments to the FTC for inclusion of civil penalties in cases involving
data breaches. EPIC argued that consent orders result in marginal
improvements to security and privacy practices; companies must have
strong practical incentives to vigorously implement obligations under
consent orders which only civil penalties can provide.


Mortgage Company Settles Data Security Charges:
     http://ftc.gov/opa/2008/11/pcl.shtm

FTC Agreement in FTC File No. 0723004:
     http://ftc.gov/os/caselist/0723004/081106pclagree.pdf

EPIC's comments to FTC for inclusion of civil penalties:
     http://epic.org/privacy/idtheft/042808_ftc.pdf



=======================================================================
[7] EPIC Bookstore: "The Supreme Court"
=======================================================================

The Supreme Court, Personalities and Rivalries that Define America
By Jeffrey Rosen

     http://www.powells.com/biblio/1-9780805081824-3?&PID=24075

The Supreme Court remains the most obscure branch of the federal
government. What would the glare of publicity do to the court - and
more importantly the unquestioned acceptance of its decisions? We
have seen in recent history when Supreme Court decisions attracted
public partisan scrutiny, for example, in Bush v. Gore.

The Court's traditions, and methods of deliberation are not written
about often enough outside of the glare of controversial decisions.
Jeffery Rosen as a student of the Supreme Court is well positioned to
accomplish a rare feat in his book - speak not just about the decisions
of the court, but the personalities that ultimately shaped those
decisions. Beginning with little power in the troika, which formed the
branches of US federal government, Rosen asserts that the people skills
of John Marshall shown light down the path that the court would follow
to establishing its place in the Federal government.

Rosen reveals his core thesis in the book through the personalities of
eight key figures: John Marshall and Thomas Jefferson, John Marshall
Harlan and Oliver Wendell Holmes, Hugo Black and William O. Douglas,
and William Rehnquist and Antonin Scalia. The mavericks and the drum
majors: those who are unable or unwilling to lead and those who are
Supreme Court leaders.

The book begins with the personality conflicts between distant cousins
President Thomas Jefferson and John Marshall. This is an important time
for the Supreme Court - as it moved from powerlessness to final say on
the constitutionality of state and federal laws. Rosen looks at the
post-Revolutionary war politics flavoring the tensions between the
author of the court's role of judicial review and a President
suspicious of the power of the federal courts. The power of life 
hanging experiences and personal perspective to shape the view of
members of the court is best expressed in the chapter on the rivalry
between John Marshall Harlan and Oliver Wendell Holmes, Jr. The Civil
War shaped both men in dramatically different ways: Holmes was a
committed abolitionist and Harlan was a southern slaveholder.
Post-Civil War Holmes "became a radical skeptic of abolitionism..."
while Harlan became a champion of "racial and economic equality."

The book breathes life into the history of the court in a surprising
and entertaining way by exploring the role of judicial temperament on
the deliberative process. Rosen, argues that the members of the court 
are people first. He explains that their personalities may best explain
the deliberative process that governs court rulings.

The book closes with a view to the future of the court under the
leadership of Chief Justice John G. Roberts, Jr., who took office in
2005. Roberts views John Marshall as his role model for how the Supreme
Court ought to work. He points to "the personalization of judicial
politics," that had damaged the court. Roberts also commented on the
media's obsession with controversy evidenced in 5-4 decisions. Roberts
expresses a desire to find consensus in the court. The task for nine
individuals is much more difficult, but he does not shy away from the
challenge.

This is an insightful book and for someone who appreciates history that
explores personalities, this is a rare find. For students, observers,
and fans of the Supreme Court this is a great book for exploring the
importance of temperament in the deliberative process.

-- Lillie Coney 



================================
EPIC Publications:

"Litigation Under the Federal Open Government Laws 2008", edited by
Harry A. Hammitt, Marc Rotenberg, John A. Verdi, and Mark S. Zaid
(EPIC 2008). Price: $60.

http://epic.org/bookstore/foia2008/
	
Litigation Under the Federal Open Government Laws is the most
comprehensive, authoritative discussion of the federal open access
laws. This updated version includes new material regarding the
substantial FOIA amendments enacted on December 31, 2007. Many of the
recent amendments are effective as of December 31, 2008. The standard
reference work includes in-depth analysis of litigation under Freedom
of Information Act, Privacy Act, Federal Advisory Committee Act,
Government in the Sunshine Act. The fully updated 2008 volume is the
24th edition of the manual that lawyers, journalists and researchers
have relied on for more than 25 years. 

================================

"Information Privacy Law: Cases and Materials, Second Edition" Daniel
J. Solove, Marc Rotenberg, and Paul Schwartz. (Aspen 2005). Price: $98.

http://www.epic.org/redirect/aspen_ipl_casebook.html

This clear, comprehensive introduction to the field of information
privacy law allows instructors to enliven their teaching of fundamental
concepts by addressing both enduring and emerging controversies. The
Second Edition addresses numerous rapidly developing areas of privacy
law, including: identity theft, government data mining and electronic
surveillance law, the Foreign Intelligence Surveillance Act,
intelligence sharing, RFID tags, GPS, spyware, web bugs, and more.
Information Privacy Law, Second Edition, builds a cohesive foundation
for an exciting course in this rapidly evolving area of law.

================================

"Privacy & Human Rights 2006: An International Survey of Privacy Laws
and Developments" (EPIC 2007). Price: $75.
http://www.epic.org/phr06/

This annual report by EPIC and Privacy International provides an
overview of key privacy topics and reviews the state of privacy in over
75 countries around the world. The report outlines legal protections,
new challenges, and important issues and events relating to privacy.
Privacy & Human Rights 2006 is the most comprehensive report on privacy
and data protection ever published.

================================

"The Public Voice WSIS Sourcebook: Perspectives on the World Summit on
the Information Society" (EPIC 2004). Price: $40.

http://www.epic.org/bookstore/pvsourcebook

This resource promotes a dialogue on the issues, the outcomes, and the
process of the World Summit on the Information Society (WSIS). This
reference guide provides the official UN documents, regional and
issue-oriented perspectives, and recommendations and proposals for
future action, as well as a useful list of resources and contacts for
individuals and organizations that wish to become more involved in the
WSIS process.

================================

"The Privacy Law Sourcebook 2004: United States Law, International Law,
and Recent Developments," Marc Rotenberg, editor (EPIC 2005). Price:
$40.

http://www.epic.org/bookstore/pls2004/

The Privacy Law Sourcebook, which has been called the "Physician's Desk
Reference" of the privacy world, is the leading resource for students,
attorneys, researchers, and journalists interested in pursuing privacy
law in the United States and around the world. It includes the full
texts of major privacy laws and directives such as the Fair Credit
Reporting Act, the Privacy Act, and the OECD Privacy Guidelines, as well
as an up-to-date section on recent developments. New materials include
the APEC Privacy Framework, the Video Voyeurism Prevention Act, and the
CAN-SPAM Act.

================================

"Filters and Freedom 2.0: Free Speech Perspectives on Internet Content
Controls" (EPIC 2001). Price: $20.

http://www.epic.org/bookstore/filters2.0

A collection of essays, studies, and critiques of Internet content
filtering. These papers are instrumental in explaining why filtering
threatens free expression.

================================

EPIC publications and other books on privacy, open government, free
expression, crypto and governance can be ordered at:

EPIC Bookstore
http://www.epic.org/bookstore

"EPIC Bookshelf" at Powell's Books
http://www.powells.com/bookshelf/epicorg.html

================================

EPIC also publishes EPIC FOIA Notes, which provides brief summaries of
interesting documents obtained from government agencies under the
Freedom of Information Act.

Subscribe to EPIC FOIA Notes at:
https:/mailman.epic.org/mailman/listinfo/foia_notes


=======================================================================
[8] Upcoming Conferences and Events
=======================================================================

Privacy and Identity Theft Conference. November 24-25, 2008.
Fairmont Hotel, Vancouver, Canada. For more information:
http://www.idconference2008.com/

Third Internet Governance Forum. December 3-6, 2008. Hyderabad,
India. For more information: http://www.intgovforum.org

International Human Rights Day, December 10, 2008. For more
information: http://www.un.org/events/humanrights/2008/

Tilting perspectives on regulating technologies, Tilburg Institute
for Law and Technology, and Society, Tilburg University. December
10-11, Tilburg, Netherlands.
http://www.tilburguniversity.nl/tilt/conference

The American Conference Institute is hosting the 8th National Symposium
on Privacy and Security of Consumer and Employee Information at the
Four Points by Sheraton, Washington, DC. January 27-28, 2009,
Washington, DC. http://www.americanconference.com/Privacy.htm



=======================================================================
Subscription Information
=======================================================================

Subscribe/unsubscribe via web interface:
https://mailman.epic.org/mailman/listinfo/epic_news

Back issues are available at:
http://www.epic.org/alert


The EPIC Alert displays best in a fixed-width font, such as Courier.

=======================================================================
Privacy Policy
=======================================================================

The EPIC Alert mailing list is used only to mail the EPIC Alert and to
send notices about EPIC activities. We do not sell, rent or share our
mailing list. We also intend to challenge any subpoena or other legal
process seeking access to our mailing list. We do not enhance (link to
other databases) our mailing list or require your actual name.

In the event you wish to subscribe or unsubscribe your e-mail address
from this list, please follow the above instructions under "subscription
information."

=======================================================================
About EPIC
=======================================================================

The Electronic Privacy Information Center is a public interest research
center in Washington, DC. It was established in 1994 to focus public
attention on emerging privacy issues such as the Clipper Chip, the
Digital Telephony proposal, national ID cards, medical record privacy,
and the collection and sale of personal information. EPIC publishes the
EPIC Alert, pursues Freedom of Information Act litigation, and conducts
policy research. For more information, see http://www.epic.org or write
EPIC, 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009. +1 202
483 1140 (tel), +1 202 483 1248 (fax).

=======================================================================
Donate to EPIC
=======================================================================

If you'd like to support the work of the Electronic Privacy Information
Center, contributions are welcome and fully tax-deductible. Checks
should be made out to "EPIC" and sent to 1718 Connecticut Ave., NW,
Suite 200, Washington, DC 20009. Or you can contribute online at:

http://www.epic.org/donate

Your contributions will help support Freedom of Information Act and
First Amendment litigation, strong and effective advocacy for the right
of privacy and efforts to oppose government regulation of encryption and
expanding wiretapping powers.

Thank you for your support.

=======================================================================
Support Privacy '08
=======================================================================

If you would like more information on Privacy '08, go online and search
for "Privacy 08." You'll find a Privacy08 Cause at Facebook, Privacy08
at Twitter, a Privacy08 Channel on YouTube to come soon, and much more.
You can also order caps and t-shirts at CafePress Privacy08.

Start a discussion. Hold a meeting. Be creative. Spread the word. You
can donate online at epic.org. Support the campaign.

Facebook Cause:
http://www.epic.org/redirect/fbprivacy08.html

Twitter:
http://twitter.com/privacy08

CafePress:
http://www.cafepress.com/epicorg

========================================================================
                          E P I C   Job Announcement
========================================================================

        EPIC is seeking a smart, energetic, creative individual
                     for the position of Staff Counsel

                         Deadline: Jan. 1, 2009

                       Click here for more details
           http://www.epic.org/epic/jobs/counsel_1108.html


------------------------- END EPIC Alert 15.22 ------------------------

.