======================================================================= E P I C A l e r t ======================================================================= Volume 15.24 December 8, 2008 ----------------------------------------------------------------------- Published by the Electronic Privacy Information Center (EPIC) Washington, D.C. http://www.epic.org/alert/EPIC_Alert_15.24.html "Defend Privacy. Support EPIC." http://epic.org/donate ======================================================================= Table of Contents ======================================================================= [1] Senator Leahy Presses Justice Department on Telephone Privacy [2] EPIC Urges Disclosure of Google Flu Trends Information [3] EPIC Writes to NPR to drop E-verify Promotion, Urges DHS Disclosure [4] EPIC Pursues Disclosure of FBI Surveillance Guidelines [5] House Committee Host Day Long Discussion on the Transition of DHS [6] News in Brief [7] EPIC Bookstore: "The Online Panopticon" [8] Upcoming Conferences and Events - Subscription Information - Privacy Policy - About EPIC - Donate to EPIC http://www.epic.org/donate - Support Privacy '08 http://www.privacy08.org - Job Announcement ======================================================================= [1] Senator Leahy Presses Justice Department on Telephone Privacy ======================================================================= Senator Patrick Leahy wrote to the Department of Justice following media reports that Verizon employees improperly "accessed and viewed" President-elect Obama's cell phone records. Senator Leahy specifically asked for the number of prosecutions and investigations undertaken by the Justice Department pursuant to a federal statute aimed at protecting privacy in telephone records. Senator Leahy also inquired if the Department found the Telephone Records and Privacy Protection Act of 2007 effective in protecting Americans' privacy. The statute prohibits obtaining confidential phone records from a telecommunications carrier or IP-enabled voice service provider through pretexting or accessing customer accounts without authorization. The statute provides criminal sanctions of imprisonment which may include a fine for violations. As Senator Leahy's letter highlights, data privacy breaches involving sensitive phone records of ordinary Americans are occurring with greater frequency. Cell phone records contain highly confidential personal data that can be of great use to criminals. Telephone records can be used to perpetrate acts of domestic violence, compromise the safety of law enforcement officers and their families, reveal the names of telephone users' doctors, public and private relationships, business associates as well as undermine the integrity of law enforcement investigations. In the past, the information has been obtained by private investigators and sold to third party data brokers. In 2007, EPIC testified before the House Energy and Commerce Committee on the need to provide security for telephone records. The Federal Communications Commission, in response to a petition from EPIC adopted additional safeguards to protect customers' proprietary network information against unauthorized access and disclosure. The new rule requires telephone companies to obtain affirmative, opt-in consent from customers before they disclose personal information to outside corporations. Senator Leahy's letter to the US Department of Justice: http://epic.org/redirect/120808_Leahy_letter2DOJ_TRPPA.html Personal Cell Phone Account Of President-Elect Obama Accessed By Unauthorized Employees: http://news.vzw.com/news/2008/11/pr2008-11-20b.html Telephone Records and Privacy Protection Act of 2006: http://www.govtrack.us/congress/billtext.xpd?bill=h109-4709 EPIC's page on Illegal Sale of Phone Records: http://epic.org/privacy/iei/ EPIC's testimony for Congress (March 2007): http://epic.org/privacy/iei/roten_hcom0307.pdf EPIC's page on Customer Proprietary Network Information (CPNI): http://epic.org/privacy/cpni/ FCC's rule requiring telephone companies affirmative, opt-in consent: http://hraunfoss.fcc.gov/edocs_public/attachmatch/FCC-07-22A1.pdf ======================================================================= [2] EPIC Urges Federal Health Officials to Reveal Flu Trends Deal ======================================================================= On December 3, 2008, EPIC filed a Freedom of Information Act request to force federal officials to reveal how much user search data Google has transmitted to the Centers for Disease Control and Prevention. In November, Google announced Google Flu Trends, a web tool that analyzes internet users' search queries to predict flu outbreaks. Google has provided Flu Trends data to the federal government, but has refused to publish any information about the search queries. "No clear legal or technological privacy safeguards prevent the disclosure of individual search histories concerning the flu, or related medical concerns. The public should be informed of the CDC's ongoing role in Google Flu Trends," EPIC and Patient Privacy Rights wrote in a letter to Google CEO Eric Schmidt. EPIC's request comes on the heels of acknowledgements from Google and the CDC that the search engine company has provided data to the federal agency. Google stated that it "shared our preliminary results with the Epidemiology and Prevention Branch of the Influenza Division at CDC throughout the 2007-2008 flu season." On November 19, 2008, Google and the CDC jointly published an academic paper concerning Flu Trends. Furthermore, Google stated that Flu Trends uses current user search data, as well as years of historic user data, including data for "all weeks between September 28, 2003 and March 11, 2007." The search data is used to generate estimates of flu activity on a state by state basis. But Google says that Flu Trends could be used to provide data on smaller groups of users, which could increase the likelihood that individuals will be identified and linked to medical searches. Flu Trends "may be capable of providing [flu] estimates for large cities and metropolitan areas with high internet penetration, providing even more local influenza surveillance. We hope to explore this topic as well," Google said. Google Flu Trends relies on individual search terms, such as "flu symptoms," provided by Internet users. Google has said that it will only reveal aggregate data, but there are no clear privacy safeguards which prevent disclosure of individual search histories concerning the flu. Privacy and medical groups have urged Google to be more transparent and publish the algorithm on which Flu Trends data is based so that the public can determine whether the privacy safeguards are adequate. Questions have been raised about the adequacy of Google's "anonymization" techniques. Google Flu Trends analyzes search queries submitted by Google users. User search data is stored on Google's servers, and retained by the search engine company. This information includes the Internet Protocol (IP) address, the date and time of the query as well as a unique cookie ID assigned to the browser. Google has stated that it will anonymize search data after a period of nine months, but technical experts have questioned the efficacy of the technique. Google obfuscates the fourth octet but retains the rest of the IP address. At most, the redacted IP address is one of 254 other users. Moreover, the unique cookie assigned by Google to the browser remains unchanged over time and can be easily used by Google (or any entity with powers to subpoena Google) to trace back the search query down to a specific user. This linking of a search term to a specific user can re-identify search terms back to an individual that had been previously "de-identified" by Google. EPIC's Freedom of Information Act Request to the Centers for Disease Control and Prevention: http://epic.org/privacy/flutrends/foia120308.pdf EPIC's page on Google Flu Trends and Privacy: http://epic.org/privacy/flutrends/ EPIC's page on Search Engine Privacy http://epic.org/privacy/search_engine/ EPIC and Patient Privacy Rights' November 12, 2008 Letter to Google: http://www.epic.org/privacy/flutrends/EPIC_ltr_FluTrends_11-08.pdf Google's Response to EPIC and Patient Privacy Rights: http://epic.org/redirect/120808_GOOGLE_reply_epicppr.html Server Information Google Retains: http://www.google.com/intl/en/privacy_faq.html#serverlogs ======================================================================= [3] EPIC Tells NPR to Drop E-verify Promotion, Urges DHS Disclosure ======================================================================= EPIC, in a letter to National Public Radio, urged the NPR Ombudsman to discontinue the promotion of the Department of Homeland Security "E-Verify" program. The E-Verify program is a controversial employment eligibility verification system, operated by the Department of Homeland Security. The letter was also signed by ACLU, the National Immigration Law Center and Free Press. The National Public Radio began running an advertisement on November 10, 2008 underwritten by the DHS for its "E-Verify" program. The advertisement states "[s]upport for NPR comes from NPR stations, and the Department of Homeland Security (DHS), offering E-Verify, confirming the legal working of new hires. At DHS dot gov slash E-Verify." However, it is the policy of The Federal Communications Commission that public broadcasters like NPR may include "...slogans which identify and do not promote". The FCC further expects public broadcast licensees to review their donor or underwriter acknowledgements and make reasonable good faith judgments as to whether broadcasts identify, rather than promote. EPIC, the Government Accountability Office, the Social Security Administration�s Inspector General, and the CATO Institute have detailed many shortcomings of E-Verify, and have highlighted several issues with the program including high levels of inaccuracies in the databases on which the program is based, employer misuse resulting in discrimination and unlawful termination, the lack of privacy protections as well as the program's high costs. The letter to the Ombudsman conveys that "E-Verify is ineffective as a solution to U.S. immigration problems" and that "many experts have documented how the flawed E-Verify program could deny many eligible individuals - including U.S. citizens and legal immigrants -- the opportunity to work" and urges NPR to remove the promotion of E-Verify. EPIC also filed a Freedom of Information request with the DHS asking for all records, including contracts and related documents, between DHS and NPR concerning the E-Verify promotion that began in November, 2008. The request also included a demand for records involving contracts and related documents involving DHS and other media outlets concerning the promotion for E-Verify. EPIC's letter to NPR Ombudsman: http://epic.org/DHS_NPR_ltr_12-08.pdf EPIC's FOIA request to DHS: http://epic.org/privacy/e-verify/dhs_foia_120408.pdf "Should NPR Run Funding Credits from the Department of Homeland Security?", NPR Ombudsman, November 25, 2008: http://epic.org/redirect/120808_NPR_EVerify_fundingcredits.html "In the Matter of Commission Policy Concerning the Noncommercial Nature of Educational Broadcasting", 51 Federal Register 21800, June 16, 1986: http://www.fcc.gov/mb/audio/nature.html "Employment Verification - Challenges Exist in Implementing a Mandatory Electronic Employment Verification System", United States Government Accountability Office", June 10, 2008: http://www.gao.gov/new.items/d08895t.pdf "Inspector General's Statement on SSA's Major Management and Performance Challenges", Nov. 5, 2008: http://epic.org/redirect/120808_IG_SSA_statement.html E-Verify Debunking Exposes Debunking Errors, The Cato Institute, May 21, 2008: http://epic.org/redirect/120808_CATO_EVerify_error.html EPIC, "Spotlight on Surveillance: E-Verify System - DHS Changes Name, But Problems Remain for U.S. Workers.": http://epic.org/privacy/surveillance/spotlight/0707/default.html ======================================================================= [4] EPIC Pursues Disclosure of FBI Surveillance Guidelines ======================================================================= On December 1, 2008, EPIC filed a of Freedom of Information Act request with the Federal Bureau of Investigation. EPIC's request seeks the complete and unredacted final version of the Attorney General's Guidelines for Domestic FBI Operations that came into effect on December 1, 2008. The guidelines pertain to the Bureau's investigation of federal crimes, assessment of threats to national security, foreign intelligence development, intelligence collection, analysis, planning, and information sharing. The guidelines grant the FBI broad authority to conduct domestic surveillance of many individuals suspected of no crime. Although the draft guidelines were issued on October 3, 2008, the final version has not been made available to the public. The FBI has stated that the guidelines were revised in the wake of discussions with lawmakers, privacy organizations, and the press. On September 17, 2008, the Senate Judiciary Committee held a hearing titled "Oversight of the Federal Bureau of Investigation" regarding the revised guidelines. FBI Director Robert Mueller III testified, and Senators expressed concern regarding the FBI's lack of collaboration with Congress regarding the new guidelines. Senators Richard Durbin, Edward Kennedy, and Russ Feingold sent a letter urging significant revisions to the guidelines. The Senators also urged the Attorney General to make the draft guidelines public to allow for more meaningful input. Previously, Congressmen John Conyers, Jr., Robert C. Scott and Jerrold Nadler, members of the House of Representatives Judiciary Committee, questioned the need to consolidate the FBI guidelines during the waning days of the Bush Administration. They voiced doubts regarding the effect of such amendments on Americans' constitutional rights. The Congressmen also raised the specter of innocent citizens coming under a cloud of suspicion for legitimate religious and political activities. As the guidelines have not been publicly disclosed, there is no way to analyze if the directives incorporate meaningful privacy safeguards to ensure that field agents honor constitutional values and civil liberties while conducting domestic surveillance. Previously, EPIC had sued the Justice Department over heavily redacted records that were turned over as part of a FOIA request. The documents in that case indicated that the FBI had investigated hundreds of potential violations related to its use of secret surveillance operations. Federal Bureau of Investigation, U.S. Department of Justice, Attorney General's Consolidated Guidelines, (Oct. 3, 2008): http://www.usdoj.gov/ag/readingroom/guidelines.pdf Attorney General Memorandum to Department Components on Guidelines for Domestic FBI Operations: http://www.usdoj.gov/ag/readingroom/guidelines-memo.pdf Durbin Statement on Announcement of New FBI Guidelines, (Oct. 3, 2008): http://durbin.senate.gov/showRelease.cfm?releaseId=304117 Congressional Testimony of Valerie Caproni - General Counsel, FBI; and Elisebeth Collins Cook - Assistant Attorney General, Office of Legal Policy, DOJ, (Sept. 23, 2008): http://www.fbi.gov/congress/congress08/caproni092308.htm Testimony of the FBI Director to the Senate Judiciary Committee: http://www.fbi.gov/congress/congress08/mueller091708.htm Senators express concern to the Attorney General over FBI Guidelines: http://feingold.senate.gov/~feingold/releases/08/08/20080820.html EPIC page on Attorney General Guidelines: http://epic.org/privacy/fbi/ Freedom of Information Act Work on the National Security Agency's Warrantless Surveillance Program, EPIC v. DOJ: http://epic.org/privacy/nsa/foia/ ======================================================================= [5] House Committee Host Day Long Discussion on the Transition of DHS ======================================================================= On December 3, 2008, the Majority Staff for the House Committee on Homeland Security hosted a daylong series of roundtable discussions on the future of privacy, civil liberties, and civil rights. The event, entitled "A Path Forward: Constitutional Protections in Homeland Security", was sponsored by Representative Bennie G. Thompson, Chairman of the Committee on Homeland Security. Experts from a wide range of civil society organizations gave their views on the focus the Department should take in dealing with privacy, civil rights, and civil liberties during the new Administration. The event provided an opportunity for Hill staff to hear from subject matter experts in the areas of civil liberties, privacy, and civil rights. Six panels covered a range of topics including domestic surveillance, cyber-security, border security, transportation privacy, and data mining. The panel discussions provided a framework on the work of the Department of Homeland Security with a view toward transitioning the agency to the next administration. Key discussions revolved around how technology, policy, and legislative oversight can work to address perceived problems with the Department of Homeland Security's implementation of legislative objectives. Panel experts discussed the challenge of transparency, accountability, and oversight of the authority provided to the agency as it relates to privacy. In the area of air travel, examples were presented on how travelers who wear headscarves, turbans, speak with accents, or come from different cultures are impacted by the application of passenger screening protocols. Participants offered recommendations on how the process can be improved, which included greater transparency on the application of agency programs; accountability on the part of known agency staff for compliance with the Federal Privacy Act; and corrective action regarding the abuses and misuse of personal information. A Path Forward: Constitutional Protections in Homeland Security: http://homeland.house.gov/press/index.asp?ID=410 EPIC'S Spotlight on Surveillance Series Secure Flight page: http://epic.org/privacy/surveillance/spotlight/0807/default.html EPIC's page on E-Verify: http://epic.org/privacy/surveillance/spotlight/0707/default.html EPIC's page on Fusion Centers: http://epic.org/privacy/surveillance/spotlight/0607/default.html EPIC's page on Real ID: http://epic.org/privacy/surveillance/spotlight/0307/default.html ======================================================================= [6] News in Brief ======================================================================= Homeland Security Releases Datamining Report The Department of Homeland Security released the 2008 report to the Congress on data mining technology and policy. The report discusses activities currently deployed or under development on data mining and provides a summary of the Privacy Office's public workshop, "Implementing Privacy Protections in Government Data Mining." The report also presents new privacy principles for research projects conducted by the DHS Science and Technology Directorate (S&T), the Department's primary research and development arm. Data Mining: Technology and Policy, 2008 Report to Congress: http://epic.org/redirect/120808_DHS_DataMining_report.htm EPIC 2003 letter to Congress on datamining: http://epic.org/privacy/profiling/datamining3.25.03.html The National Research Council, Data-based Counterterrorism Programs Should be Evaluated for Effectiveness, Privacy: http://epic.org/redirect/120808_NRC_DataMining_overview.html ASAP Hold Annual Meeting in Washington DC The American Society of Access Professionals (ASAP) held its annual meeting on December 2, 2008. The meeting had three key components: Privacy Program, National Security Program, and Training of Federal FOIA officers. Panels discussed broad range of topics including: information fusion centers, international privacy regimes, and a federal legislative update on privacy. The meeting is a staple for federal Freedom of Information Act (FOIA) officers who serve within each agency. The three days of meetings was an opportunity for FOIA officers, open government advocacy organizations, and agency personnel to meet and discuss key aspects of their work. ASAP Annual Meeting Web Page: http://www.accesspro.org/symposium2008/ "Litigation Under the Federal Open Government Laws 2008": http://epic.org/bookstore/foia2008/ Spies Can Eavesdrop Overseas Americans Without Court Order Constitutional rights and statutes regulate the rights of U.S. citizens against unlawful searches or electronic surveillance. However, recently, the Second Circuit Court ruled that when a citizen is outside the US, such constitutional protections afforded to Americans do not apply. The court noted that, under the facts of the case, the search was reasonable as the matter pertained threats to national security. The right of warrantless wiretapping of citizens inside the nation has been a subject to controversy. Recently, in a case by EPIC against the Justice Department, a Federal Judge ordered the review of Justice Department documents authored by the Office of Legal Counsel which provided the basis for the President to wiretap citizens without court approval. In re Terrorist Bombings of U.S. Embassies (Fourth Amendment Challenges), 01-1535-cr(L): http://epic.org/privacy/pdf/el-hage.pdf EPIC's FOIA work on the NSA's Warrantless Surveillance page: http://epic.org/privacy/nsa/foia/ EPIC's page on Wiretapping: http://epic.org/privacy/wiretap/ Mandatory Use of SSNs for Federal Identification Comes to an End President Bush signed an Executive Order on November 18, 2008 which no longer makes it mandatory for the federal agencies to rely exclusively on Social Security Numbers (SSNs) as personal identifiers. The Executive Order declares that federal "agencies should conduct agency activities that involve personal identifiers in a manner consistent with protection of such identifiers against unlawful use." This Executive Order amends a 1943 Executive Order mandating the exclusive use of SSNs for numerical identification of accounts of individual persons. The increasing use of SSNs have led to the proliferation in identity theft which has been dubbed as the top crime committed in the United States. Executive Order 13478 of November 18, 2008: http://edocket.access.gpo.gov/2008/pdf/E8-27771.pdf Numbering System for Federal Accounts Relating to Individual Persons, (Executive Order 9397 of November 22, 1943: http://epic.org/redirect/120808_SSN_XO_Roosevelt1943.html EPIC's page on Identity Theft: http://epic.org/privacy/idtheft/ Galexia Re-Examines the US Safe Harbor Framework The US Safe Harbor agreement between the European Commission and the United States Department of Commerce provides the basis for the transfer of personal data by organizations from Europe to US in spite of not meeting the European standards for privacy protection. A new report on Safe Harbor Framework raises concerns that the agreement is not functioning. Many countries and organizations are looking at legal and technical approaches to privacy protection for the global information infrastructure. The US Safe Harbor - Fact or Fiction? (2008): http://epic.org/redirect/120808_SafeHarbor_Galexia_2008.html EPIC's page on International Privacy Standards: http://epic.org/privacy/intl/ Action: Submit Proposals for the 19th Annual CFP Conference The Computers, Freedom and Privacy (CFP) Conference recently issued a call for proposals for its 19th conference in Washington, D.C., scheduled to be held between June 1-4, 2009. The conference organizers are requesting proposals and ideas for panels, plenaries, debates, keynote speakers, and other sessions. The conference seeks advantage of the fact that it is being held in the nation's capital and wishes to discuss objectives and challenges of the new administration and plans to incorporate a global and international perspective. The conference will be future-oriented and include debates and also inform attendees about cutting-edge technologies and issues. The deadlines for receiving proposals is December 19, 2008. Call for presentations, tutorials, and workshops (CFP 2009): http://epic.org/redirect/120808_CFP_callpage.html CFP 2009 Submission Page: http://www.cfp2009.org/submissions/ CFP 2009 Submission Guidelines: http://www.cfp2009.org/wiki/index.php/Submission_guidelines European Court Rules UK DNA Retention Illegal The European Court of Human Rights ruled that the world largest DNA database, based in the United Kingdom, violated Article 8 of the European Convention on Human Rights which protects the right to privacy. Privacy International, based in the UK, filed an amicus brief in this case. The European court considered several issues including familial searching, social stigmatization, and the protection of children's rights. The court, sitting as a Grand Chamber, ruled that applicants who have not been convicted of a crime are presumed innocent and that retaining indefinitely their genetic samples, fingerprints and DNA profiles interfered with the right to respect for private life. EPIC has addressed the issue of genetic privacy and law enforcement and has also filed a number of amicus briefs in various cases in the United States. "S. and Marper v. The United Kingdom" (Applications nos. 30562/04 and 30566/0): http://www.privacyinternational.org/issues/dna/marper-v-uk.doc Privacy International Amicus Brief: http://www.privacyinternational.org/issues/dna/pi-brief-marper.pdf The United Kingdom national DNA database: http://epic.org/redirect/120808_UKDNA_database.html European Convention on Human Rights: http://epic.org/redirect/120808_ECHR_fulltext.html EPIC's page on Genetic Privacy: http://epic.org/privacy/genetic/ Action: Comment on Genetic Information Non-discrimination Act Several federal agencies are together requesting comments to aid in the development of regulations under a federal statute that prohibits discrimination in health coverage based on genetic information. The statute prohibits group health plans and health insurance issuers in the group market from using genetic information to adjust premium or contribution amounts for the group covered under the plan. Comments are being sought on a number of issues including economic analysis and regulatory guidance. Deadline for submission of comments is December 9, 2008. Request for Information Regarding Sections 101 Through 104 of the Genetic Information Nondiscrimination Act of 2008: http://epic.org/redirect/120808_GINA_DOL_comments.html ======================================================================= [7] EPIC Bookstore: "The Online Panopticon" ======================================================================= "The Online Panopticon" by David Riphagen http://www.cafepress.com/privacyinsns.330035597 http://www.privacyinsocialnetworksites.nl/ Social Networking Sites, or Web 2.0 services as they are popularly called, are an increasingly popular method of online communications, entertainment, and networking tools for users to upload, share and view information, photos, and exchange messages. However, the plethora of personal information on such sites poses significant dangers to privacy and can also be used for harmful activities. As Riphagen points out, Social Networking Sites can be regarded as the online version of the Panopticon prison. This concept of omnipresent guards monitoring data subjects without their knowledge or consent is analogous to Social Networking Sites, which have access to all their users' information and use this information for whatever "[Social Networking Sites] think benefits you" without the user's knowledge or explicit consent. Several harmful activities can be performed with the identity-relevant information that these sites collect. Personal information, once posted on the internet without sufficient control, can come back to haunt users later. Facebook, MySpace, Orkut and Hyves all offer some level of control over the information posted. But the level of information management differs from site to site and Social Networking Sites reserve the right to access and use this information at any time. Monitoring and tracking individuals through these snippets of data can unearth a wealth of information leading to a multitude of threats. Riphagen's publication looks into many of privacy harms posed by Social Networking Sites set against a legal framework of the laws of America, Europe and Canada, as well as other major regulations. Based on threat identification acquired through surveys of American experts on privacy and the Internet, Riphagen uses a risk analysis perspective distinguishing threats from incidents and materialized threats. From classifying threats to applying tort laws to addressing the damage from privacy perils, the book offers a comprehensive inquiry into reported incidents as well as identifying hypothetical hazards that may crop up in the future. The paper concludes by recommending research into the business methods and financial incentives of Social Networking Sites and discovering their route to profit in order to investigate if privacy and profit can enhance each other. Other recommendations include conducting a quantitative survey, using data and constructing a utility curve for users of Social Networking Sites, which would help in identifying trade -offs and influencing pay-offs. Finally, Riphagen advises that the regulation of identity-relevant information be based on potential privacy harms, their probability of occurrence and their negative impact on users. -- Anirban Sen ================================ EPIC Publications: "Litigation Under the Federal Open Government Laws 2008", edited by Harry A. Hammitt, Marc Rotenberg, John A. Verdi, and Mark S. Zaid (EPIC 2008). Price: $60. http://epic.org/bookstore/foia2008/ Litigation Under the Federal Open Government Laws is the most comprehensive, authoritative discussion of the federal open access laws. This updated version includes new material regarding the substantial FOIA amendments enacted on December 31, 2007. Many of the recent amendments are effective as of December 31, 2008. The standard reference work includes in-depth analysis of litigation under Freedom of Information Act, Privacy Act, Federal Advisory Committee Act, Government in the Sunshine Act. The fully updated 2008 volume is the 24th edition of the manual that lawyers, journalists and researchers have relied on for more than 25 years. ================================ "Information Privacy Law: Cases and Materials, Second Edition" Daniel J. Solove, Marc Rotenberg, and Paul Schwartz. (Aspen 2005). Price: $98. http://www.epic.org/redirect/aspen_ipl_casebook.html This clear, comprehensive introduction to the field of information privacy law allows instructors to enliven their teaching of fundamental concepts by addressing both enduring and emerging controversies. The Second Edition addresses numerous rapidly developing areas of privacy law, including: identity theft, government data mining and electronic surveillance law, the Foreign Intelligence Surveillance Act, intelligence sharing, RFID tags, GPS, spyware, web bugs, and more. Information Privacy Law, Second Edition, builds a cohesive foundation for an exciting course in this rapidly evolving area of law. ================================ "Privacy & Human Rights 2006: An International Survey of Privacy Laws and Developments" (EPIC 2007). Price: $75. http://www.epic.org/phr06/ This annual report by EPIC and Privacy International provides an overview of key privacy topics and reviews the state of privacy in over 75 countries around the world. The report outlines legal protections, new challenges, and important issues and events relating to privacy. Privacy & Human Rights 2006 is the most comprehensive report on privacy and data protection ever published. ================================ "The Public Voice WSIS Sourcebook: Perspectives on the World Summit on the Information Society" (EPIC 2004). Price: $40. http://www.epic.org/bookstore/pvsourcebook This resource promotes a dialogue on the issues, the outcomes, and the process of the World Summit on the Information Society (WSIS). This reference guide provides the official UN documents, regional and issue-oriented perspectives, and recommendations and proposals for future action, as well as a useful list of resources and contacts for individuals and organizations that wish to become more involved in the WSIS process. ================================ "The Privacy Law Sourcebook 2004: United States Law, International Law, and Recent Developments," Marc Rotenberg, editor (EPIC 2005). Price: $40. http://www.epic.org/bookstore/pls2004/ The Privacy Law Sourcebook, which has been called the "Physician's Desk Reference" of the privacy world, is the leading resource for students, attorneys, researchers, and journalists interested in pursuing privacy law in the United States and around the world. It includes the full texts of major privacy laws and directives such as the Fair Credit Reporting Act, the Privacy Act, and the OECD Privacy Guidelines, as well as an up-to-date section on recent developments. New materials include the APEC Privacy Framework, the Video Voyeurism Prevention Act, and the CAN-SPAM Act. ================================ "Filters and Freedom 2.0: Free Speech Perspectives on Internet Content Controls" (EPIC 2001). Price: $20. http://www.epic.org/bookstore/filters2.0 A collection of essays, studies, and critiques of Internet content filtering. These papers are instrumental in explaining why filtering threatens free expression. ================================ EPIC publications and other books on privacy, open government, free expression, crypto and governance can be ordered at: EPIC Bookstore http://www.epic.org/bookstore "EPIC Bookshelf" at Powell's Books http://www.powells.com/bookshelf/epicorg.html ================================ EPIC also publishes EPIC FOIA Notes, which provides brief summaries of interesting documents obtained from government agencies under the Freedom of Information Act. Subscribe to EPIC FOIA Notes at: https:/mailman.epic.org/mailman/listinfo/foia_notes ======================================================================= [8] Upcoming Conferences and Events ======================================================================= International Human Rights Day, December 10, 2008. For more information: http://www.un.org/events/humanrights/2008/ Tilting perspectives on regulating technologies, Tilburg Institute for Law and Technology, and Society, Tilburg University. December 10-11, Tilburg, Netherlands. http://www.tilburguniversity.nl/tilt/conference The American Conference Institute is hosting the 8th National Symposium on Privacy and Security of Consumer and Employee Information at the Four Points by Sheraton, Washington, D.C., January 27-28, 2009, Washington, DC. http://www.americanconference.com/Privacy.htm "Patents, Copyrights and Knowledge Governance: The Next Four Years", Trans Atlantic Consumer Dialogue (TACD) Workshop held by the TACD Working Group on Intellectual Property, Washington, D.C., January 12-13, 2009. For more information, http://www.tacd-ip.org/blog/?page_id=5 The IAPP Privacy Summit 2009 will be held between March 11-13, 2009, at Washington, D.C. For more information, http://www.privacysummit.org "Conference on International Aspects of Securing Personal Data", The Federal Trade Commission, Washington, D.C., March 16-17, 2009: For more information, http://ftc.gov/opa/2008/12/datasec.shtm Computers, Freedom, and Privacy, 19th Annual Conference, Washington, D.C., June 1-4, 2009. For more information, http://www.cfp2009.org/wiki/index.php/Main_Page "The Transformation of Privacy Policy", Institutions, Markets Technology Institute for Advanced Studies (IMT)Lucca, Italy, July 2-4, 2009. ======================================================================= Subscription Information ======================================================================= Subscribe/unsubscribe via web interface: https://mailman.epic.org/mailman/listinfo/epic_news Back issues are available at: http://www.epic.org/alert The EPIC Alert displays best in a fixed-width font, such as Courier. ======================================================================= Privacy Policy ======================================================================= The EPIC Alert mailing list is used only to mail the EPIC Alert and to send notices about EPIC activities. We do not sell, rent or share our mailing list. We also intend to challenge any subpoena or other legal process seeking access to our mailing list. We do not enhance (link to other databases) our mailing list or require your actual name. In the event you wish to subscribe or unsubscribe your e-mail address from this list, please follow the above instructions under "subscription information." ======================================================================= About EPIC ======================================================================= The Electronic Privacy Information Center is a public interest research center in Washington, DC. It was established in 1994 to focus public attention on emerging privacy issues such as the Clipper Chip, the Digital Telephony proposal, national ID cards, medical record privacy, and the collection and sale of personal information. EPIC publishes the EPIC Alert, pursues Freedom of Information Act litigation, and conducts policy research. For more information, see http://www.epic.org or write EPIC, 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009. +1 202 483 1140 (tel), +1 202 483 1248 (fax). ======================================================================= Donate to EPIC ======================================================================= If you'd like to support the work of the Electronic Privacy Information Center, contributions are welcome and fully tax-deductible. Checks should be made out to "EPIC" and sent to 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009. Or you can contribute online at: http://www.epic.org/donate Your contributions will help support Freedom of Information Act and First Amendment litigation, strong and effective advocacy for the right of privacy and efforts to oppose government regulation of encryption and expanding wiretapping powers. Thank you for your support. ======================================================================= Support Privacy '08 ======================================================================= If you would like more information on Privacy '08, go online and search for "Privacy 08." You'll find a Privacy08 Cause at Facebook, Privacy08 at Twitter, a Privacy08 Channel on YouTube to come soon, and much more. You can also order caps and t-shirts at CafePress Privacy08. Start a discussion. Hold a meeting. Be creative. Spread the word. You can donate online at epic.org. Support the campaign. Facebook Cause: http://www.epic.org/redirect/fbprivacy08.html Twitter: http://twitter.com/privacy08 CafePress: http://www.cafepress.com/epicorg ======================================================================== E P I C Job Announcement ======================================================================== EPIC is seeking a smart, energetic, creative individual for the position of Staff Counsel Deadline: Jan. 1, 2009 Click here for more details http://www.epic.org/epic/jobs/counsel_1108.html ------------------------- END EPIC Alert 15.24 ------------------------ .