EPIC logo

=======================================================================
                              E P I C   A l e r t
=======================================================================
Volume 15.24                                           December 8, 2008
-----------------------------------------------------------------------

                                Published by the
                   Electronic Privacy Information Center (EPIC)
                                Washington, D.C.

                 http://www.epic.org/alert/EPIC_Alert_15.24.html

			"Defend Privacy. Support EPIC."
			     http://epic.org/donate


=======================================================================
Table of Contents
=======================================================================
[1] Senator Leahy Presses Justice Department on Telephone Privacy
[2] EPIC Urges Disclosure of Google Flu Trends Information
[3] EPIC Writes to NPR to drop E-verify Promotion, Urges DHS Disclosure
[4] EPIC Pursues Disclosure of FBI Surveillance Guidelines
[5] House Committee Host Day Long Discussion on the Transition of DHS
[6] News in Brief
[7] EPIC Bookstore: "The Online Panopticon"
[8] Upcoming Conferences and Events
  	- Subscription Information
  	- Privacy Policy
  	- About EPIC
  	- Donate to EPIC http://www.epic.org/donate
  	- Support Privacy '08 http://www.privacy08.org
	- Job Announcement

=======================================================================
[1] Senator Leahy Presses Justice Department on Telephone Privacy
=======================================================================

Senator Patrick Leahy wrote to the Department of Justice following
media reports that Verizon employees improperly "accessed and viewed"
President-elect Obama's cell phone records. Senator Leahy specifically
asked for the number of prosecutions and investigations undertaken by
the Justice Department pursuant to a federal statute aimed at
protecting privacy in telephone records. Senator Leahy also inquired if
the Department found the Telephone Records and Privacy Protection Act
of 2007 effective in protecting Americans' privacy.

The statute prohibits obtaining confidential phone records from a
telecommunications carrier or IP-enabled voice service provider through
pretexting or accessing customer accounts without authorization. The
statute provides criminal sanctions of imprisonment which may include a
fine for violations.

As Senator Leahy's letter highlights, data privacy breaches involving
sensitive phone records of ordinary Americans are occurring with
greater frequency. Cell phone records contain highly confidential
personal data that can be of great use to criminals. Telephone records
can be used to perpetrate acts of domestic violence, compromise the
safety of law enforcement officers and their families, reveal the names
of telephone users' doctors, public and private relationships, business
associates as well as undermine the integrity of law enforcement
investigations. In the past, the information has been obtained by
private investigators and sold to third party data brokers.

In 2007, EPIC testified before the House Energy and Commerce Committee
on the need to provide security for telephone records. The Federal
Communications Commission, in response to a petition from EPIC adopted
additional safeguards to protect customers' proprietary network
information against unauthorized access and disclosure. The new rule
requires telephone companies to obtain affirmative, opt-in consent from
customers before they disclose personal information to outside
corporations.

Senator Leahy's letter to the US Department of Justice:
     http://epic.org/redirect/120808_Leahy_letter2DOJ_TRPPA.html

Personal Cell Phone Account Of President-Elect Obama Accessed
By Unauthorized Employees:
     http://news.vzw.com/news/2008/11/pr2008-11-20b.html

Telephone Records and Privacy Protection Act of 2006:
     http://www.govtrack.us/congress/billtext.xpd?bill=h109-4709

EPIC's page on Illegal Sale of Phone Records:
     http://epic.org/privacy/iei/

EPIC's testimony for Congress (March 2007):
     http://epic.org/privacy/iei/roten_hcom0307.pdf

EPIC's page on Customer Proprietary Network Information (CPNI):
     http://epic.org/privacy/cpni/

FCC's rule requiring telephone companies affirmative, opt-in consent:
     http://hraunfoss.fcc.gov/edocs_public/attachmatch/FCC-07-22A1.pdf



=======================================================================
[2] EPIC Urges Federal Health Officials to Reveal Flu Trends Deal
=======================================================================

On December 3, 2008, EPIC filed a Freedom of Information Act request to
force federal officials to reveal how much user search data Google has
transmitted to the Centers for Disease Control and Prevention. In
November, Google announced Google Flu Trends, a web tool that analyzes
internet users' search queries to predict flu outbreaks. Google has
provided Flu Trends data to the federal government, but has refused to
publish any information about the search queries. "No clear legal or
technological privacy safeguards prevent the disclosure of individual
search histories concerning the flu, or related medical concerns. The
public should be informed of the CDC's ongoing role in Google Flu
Trends," EPIC and Patient Privacy Rights wrote in a letter to Google
CEO Eric Schmidt.

EPIC's request comes on the heels of acknowledgements from Google and
the CDC that the search engine company has provided data to the federal
agency. Google stated that it "shared our preliminary results with the
Epidemiology and Prevention Branch of the Influenza Division at CDC
throughout the 2007-2008 flu season." On November 19, 2008, Google and
the CDC jointly published an academic paper concerning Flu Trends. 

Furthermore, Google stated that Flu Trends uses current user search
data, as well as years of historic user data, including data for "all
weeks between September 28, 2003 and March 11, 2007." The search data
is used to generate estimates of flu activity on a state by state
basis. But Google says that Flu Trends could be used to provide data on
smaller groups of users, which could increase the likelihood that
individuals will be identified and linked to medical searches. Flu
Trends "may be capable of providing [flu] estimates for large cities
and metropolitan areas with high internet penetration, providing even
more local influenza surveillance. We hope to explore this topic as
well," Google said.

Google Flu Trends relies on individual search terms, such as "flu
symptoms," provided by Internet users. Google has said that it will
only reveal aggregate data, but there are no clear privacy safeguards
which prevent disclosure of individual search histories concerning the
flu. Privacy and medical groups have urged Google to be more
transparent and publish the algorithm on which Flu Trends data is based
so that the public can determine whether the privacy safeguards are
adequate.

Questions have been raised about the adequacy of Google's
"anonymization" techniques. Google Flu Trends analyzes search queries
submitted by Google users. User search data is stored on Google's
servers, and retained by the search engine company. This information
includes the Internet Protocol (IP) address, the date and time of
the query as well as a unique cookie ID assigned to the browser.

Google has stated that it will anonymize search data after a period
of nine months, but technical experts have questioned the efficacy of
the technique. Google obfuscates the fourth octet but retains the rest
of the IP address. At most, the redacted IP address is one of 254 other
users. Moreover, the unique cookie assigned by Google to the browser
remains unchanged over time and can be easily used by Google (or any
entity with powers to subpoena Google) to trace back the search query
down to a specific user. This linking of a search term to a specific
user can re-identify search terms back to an individual that had been
previously "de-identified" by Google.


EPIC's Freedom of Information Act Request to the Centers for Disease
Control and Prevention:
     http://epic.org/privacy/flutrends/foia120308.pdf

EPIC's page on Google Flu Trends and Privacy:
     http://epic.org/privacy/flutrends/

EPIC's page on Search Engine Privacy
     http://epic.org/privacy/search_engine/

EPIC and Patient Privacy Rights' November 12, 2008 Letter to Google:
     http://www.epic.org/privacy/flutrends/EPIC_ltr_FluTrends_11-08.pdf

Google's Response to EPIC and Patient Privacy Rights:
     http://epic.org/redirect/120808_GOOGLE_reply_epicppr.html

Server Information Google Retains:
     http://www.google.com/intl/en/privacy_faq.html#serverlogs



=======================================================================
[3] EPIC Tells NPR to Drop E-verify Promotion, Urges DHS Disclosure
=======================================================================

EPIC, in a letter to National Public Radio, urged the NPR Ombudsman to
discontinue the promotion of the Department of Homeland Security
"E-Verify" program. The E-Verify program is a controversial employment
eligibility verification system, operated by the Department of Homeland
Security. The letter was also signed by ACLU, the National Immigration
Law Center and Free Press.

The National Public Radio began running an advertisement on November
10, 2008 underwritten by the DHS for its "E-Verify" program. The
advertisement states "[s]upport for NPR comes from NPR stations, and
the Department of Homeland Security (DHS), offering E-Verify,
confirming the legal working of new hires. At DHS dot gov slash
E-Verify." However, it is the policy of The Federal Communications
Commission that public broadcasters like NPR may include "...slogans
which identify and do not promote". The FCC further expects public
broadcast licensees to review their donor or underwriter
acknowledgements and make reasonable good faith judgments as to
whether broadcasts identify, rather than promote.

EPIC, the Government Accountability Office, the Social Security
Administration�s Inspector General, and the CATO Institute have
detailed many shortcomings of E-Verify, and have highlighted several
issues with the program including high levels of inaccuracies in the
databases on which the program is based, employer misuse resulting in
discrimination and unlawful termination, the lack of privacy
protections as well as the program's high costs. The letter to the
Ombudsman conveys that "E-Verify is ineffective as a solution to U.S.
immigration problems" and that "many experts have documented how the
flawed E-Verify program could deny many eligible individuals -
including U.S. citizens and legal immigrants -- the opportunity to
work" and urges NPR to remove the promotion of E-Verify.

EPIC also filed a Freedom of Information request with the DHS asking
for all records, including contracts and related documents, between DHS
and NPR concerning the E-Verify promotion that began in November, 2008.
The request also included a demand for records involving contracts and
related documents involving DHS and other media outlets concerning the
promotion for E-Verify.


EPIC's letter to NPR Ombudsman:
     http://epic.org/DHS_NPR_ltr_12-08.pdf

EPIC's FOIA request to DHS:
     http://epic.org/privacy/e-verify/dhs_foia_120408.pdf

"Should NPR Run Funding Credits from the Department of Homeland
Security?", NPR Ombudsman, November 25, 2008:
     http://epic.org/redirect/120808_NPR_EVerify_fundingcredits.html

"In the Matter of Commission Policy Concerning the Noncommercial Nature
of Educational Broadcasting", 51 Federal Register 21800, June 16, 1986:
     http://www.fcc.gov/mb/audio/nature.html

"Employment Verification - Challenges Exist in Implementing a Mandatory
Electronic Employment Verification System", United States Government
Accountability Office", June 10, 2008:
     http://www.gao.gov/new.items/d08895t.pdf

"Inspector General's Statement on SSA's Major Management and
Performance Challenges", Nov. 5, 2008:
     http://epic.org/redirect/120808_IG_SSA_statement.html

E-Verify Debunking Exposes Debunking Errors,
The Cato Institute, May 21, 2008:
     http://epic.org/redirect/120808_CATO_EVerify_error.html

EPIC, "Spotlight on Surveillance: E-Verify System - DHS Changes Name,
But Problems Remain for U.S. Workers.":
     http://epic.org/privacy/surveillance/spotlight/0707/default.html



=======================================================================
[4] EPIC Pursues Disclosure of FBI Surveillance Guidelines
=======================================================================

On December 1, 2008, EPIC filed a of Freedom of Information Act request
with the Federal Bureau of Investigation. EPIC's request seeks the
complete and unredacted final version of the Attorney General's
Guidelines for Domestic FBI Operations that came into effect on
December 1, 2008. The guidelines pertain to the Bureau's investigation
of federal crimes, assessment of threats to national security, foreign
intelligence development, intelligence collection, analysis, planning,
and information sharing.

The guidelines grant the FBI broad authority to conduct domestic
surveillance of many individuals suspected of no crime. Although the
draft guidelines were issued on October 3, 2008, the final version has
not been made available to the public. The FBI has stated that the
guidelines were revised in the wake of discussions with lawmakers,
privacy organizations, and the press.

On September 17, 2008, the Senate Judiciary Committee held a hearing
titled "Oversight of the Federal Bureau of Investigation" regarding the
revised guidelines. FBI Director Robert Mueller III testified, and
Senators expressed concern regarding the FBI's lack of collaboration
with Congress regarding the new guidelines. Senators Richard Durbin,
Edward Kennedy, and Russ Feingold sent a letter urging significant
revisions to the guidelines. The Senators also urged the Attorney
General to make the draft guidelines public to allow for more
meaningful input.

Previously, Congressmen John Conyers, Jr., Robert C. Scott and Jerrold
Nadler, members of the House of Representatives Judiciary Committee,
questioned the need to consolidate the FBI guidelines during the waning
days of the Bush Administration. They voiced doubts regarding the
effect of such amendments on Americans' constitutional rights. The
Congressmen also raised the specter of innocent citizens coming under a
cloud of suspicion for legitimate religious and political activities. 

As the guidelines have not been publicly disclosed, there is no way to
analyze if the directives incorporate meaningful privacy safeguards to
ensure that field agents honor constitutional values and civil
liberties while conducting domestic surveillance. Previously, EPIC had
sued the Justice Department over heavily redacted records that were
turned over as part of a FOIA request. The documents in that case
indicated that the FBI had investigated hundreds of potential
violations related to its use of secret surveillance operations.


Federal Bureau of Investigation, U.S. Department of Justice,
Attorney General's Consolidated Guidelines, (Oct. 3, 2008):
     http://www.usdoj.gov/ag/readingroom/guidelines.pdf

Attorney General Memorandum to Department Components on Guidelines
for Domestic FBI Operations:
     http://www.usdoj.gov/ag/readingroom/guidelines-memo.pdf

Durbin Statement on Announcement of New FBI Guidelines, (Oct. 3, 2008):
    http://durbin.senate.gov/showRelease.cfm?releaseId=304117 

Congressional Testimony of Valerie Caproni - General Counsel, FBI;
and Elisebeth Collins Cook - Assistant Attorney General, Office of
Legal Policy, DOJ, (Sept. 23, 2008):
     http://www.fbi.gov/congress/congress08/caproni092308.htm

Testimony of the FBI Director to the Senate Judiciary Committee:
     http://www.fbi.gov/congress/congress08/mueller091708.htm

Senators express concern to the Attorney General over FBI Guidelines:
     http://feingold.senate.gov/~feingold/releases/08/08/20080820.html

EPIC page on Attorney General Guidelines:
    http://epic.org/privacy/fbi/

Freedom of Information Act Work on the National Security Agency's
Warrantless Surveillance Program, EPIC v. DOJ:
     http://epic.org/privacy/nsa/foia/

=======================================================================
[5] House Committee Host Day Long Discussion on the Transition of DHS
=======================================================================

On December 3, 2008, the Majority Staff for the House Committee on
Homeland Security hosted a daylong series of roundtable discussions on
the future of privacy, civil liberties, and civil rights. The event,
entitled "A Path Forward: Constitutional Protections in Homeland 
Security", was sponsored by Representative Bennie G. Thompson, Chairman
of the Committee on Homeland Security. Experts from a wide range of
civil society organizations gave their views on the focus the
Department should take in dealing with privacy, civil rights, and civil
liberties during the new Administration.

The event provided an opportunity for Hill staff to hear from subject
matter experts in the areas of civil liberties, privacy, and civil
rights. Six panels covered a range of topics including domestic
surveillance, cyber-security, border security, transportation privacy,
and data mining. The panel discussions provided a framework on the work
of the Department of Homeland Security with a view toward transitioning
the agency to the next administration.

Key discussions revolved around how technology, policy, and legislative
oversight can work to address perceived problems with the Department of
Homeland Security's implementation of legislative objectives. Panel
experts discussed the challenge of transparency, accountability, and
oversight of the authority provided to the agency as it relates to
privacy. In the area of air travel, examples were presented on how
travelers who wear headscarves, turbans, speak with accents, or come
from different cultures are impacted by the application of passenger
screening protocols.

Participants offered recommendations on how the process can be
improved, which included greater transparency on the application of
agency programs; accountability on the part of known agency staff for
compliance with the Federal Privacy Act; and corrective action
regarding the abuses and misuse of personal information.

A Path Forward: Constitutional Protections in Homeland Security:
     http://homeland.house.gov/press/index.asp?ID=410

EPIC'S Spotlight on Surveillance Series Secure Flight page:
     http://epic.org/privacy/surveillance/spotlight/0807/default.html

EPIC's page on E-Verify:
     http://epic.org/privacy/surveillance/spotlight/0707/default.html

EPIC's page on Fusion Centers:
     http://epic.org/privacy/surveillance/spotlight/0607/default.html

EPIC's page on Real ID:
     http://epic.org/privacy/surveillance/spotlight/0307/default.html



=======================================================================
[6] News in Brief
=======================================================================

Homeland Security Releases Datamining Report

The Department of Homeland Security released the 2008 report to the
Congress on data mining technology and policy. The report discusses
activities currently deployed or under development on data mining and
provides a summary of the Privacy Office's public workshop,
"Implementing Privacy Protections in Government Data Mining." The
report also presents new privacy principles for research projects
conducted by the DHS Science and Technology Directorate (S&T), the
Department's primary research and development arm.


Data Mining: Technology and Policy, 2008 Report to Congress:
     http://epic.org/redirect/120808_DHS_DataMining_report.htm

EPIC 2003 letter to Congress on datamining:
     http://epic.org/privacy/profiling/datamining3.25.03.html

The National Research Council, Data-based Counterterrorism Programs Should
be Evaluated for Effectiveness, Privacy:
     http://epic.org/redirect/120808_NRC_DataMining_overview.html



ASAP Hold Annual Meeting in Washington DC

The American Society of Access Professionals (ASAP) held its annual
meeting on December 2, 2008. The meeting had three key components:
Privacy Program, National Security Program, and Training of Federal
FOIA officers. Panels discussed broad range of topics including:
information fusion centers, international privacy regimes, and a
federal legislative update on privacy. The meeting is a staple for
federal Freedom of Information Act (FOIA) officers who serve within
each agency. The three days of meetings was an opportunity for FOIA
officers, open government advocacy organizations, and agency personnel
to meet and discuss key aspects of their work.


ASAP Annual Meeting Web Page:
     http://www.accesspro.org/symposium2008/

"Litigation Under the Federal Open Government Laws 2008":
     http://epic.org/bookstore/foia2008/



Spies Can Eavesdrop Overseas Americans Without Court Order

Constitutional rights and statutes regulate the rights of U.S. citizens
against unlawful searches or electronic surveillance. However,
recently, the Second Circuit Court ruled that when a citizen is outside
the US, such constitutional protections afforded to Americans do not
apply. The court noted that, under the facts of the case, the search
was reasonable as the matter pertained threats to national security.
The right of warrantless wiretapping of citizens inside the nation has
been a subject to controversy. Recently, in a case by EPIC against the
Justice Department, a Federal Judge ordered the review of Justice
Department documents authored by the Office of Legal Counsel which
provided the basis for the President to wiretap citizens without court
approval.


In re Terrorist Bombings of U.S. Embassies (Fourth Amendment
Challenges), 01-1535-cr(L):
     http://epic.org/privacy/pdf/el-hage.pdf

EPIC's FOIA work on the NSA's Warrantless Surveillance page:
     http://epic.org/privacy/nsa/foia/

EPIC's page on Wiretapping:
     http://epic.org/privacy/wiretap/



Mandatory Use of SSNs for Federal Identification Comes to an End 

President Bush signed an Executive Order on November 18, 2008 which no
longer makes it mandatory for the federal agencies to rely exclusively
on Social Security Numbers (SSNs) as personal identifiers. The
Executive Order declares that federal "agencies should conduct agency
activities that involve personal identifiers in a manner consistent
with protection of such identifiers against unlawful use." This
Executive Order amends a 1943 Executive Order mandating the exclusive
use of SSNs for numerical identification of accounts of individual
persons. The increasing use of SSNs have led to the proliferation in
identity theft which has been dubbed as the top crime committed in the
United States.


Executive Order 13478 of November 18, 2008:
     http://edocket.access.gpo.gov/2008/pdf/E8-27771.pdf

Numbering System for Federal Accounts Relating to Individual Persons,
(Executive Order 9397 of November 22, 1943:
     http://epic.org/redirect/120808_SSN_XO_Roosevelt1943.html

EPIC's page on Identity Theft:
     http://epic.org/privacy/idtheft/



Galexia Re-Examines the US Safe Harbor Framework

The US Safe Harbor agreement between the European Commission and the
United States Department of Commerce provides the basis for the
transfer of personal data by organizations from Europe to US in spite
of not meeting the European standards for privacy protection. A new
report on Safe Harbor Framework raises concerns that the agreement is
not functioning. Many countries and organizations are looking at legal
and technical approaches to privacy protection for the global
information infrastructure.


The US Safe Harbor - Fact or Fiction? (2008):
     http://epic.org/redirect/120808_SafeHarbor_Galexia_2008.html


EPIC's page on International Privacy Standards:
     http://epic.org/privacy/intl/



Action: Submit Proposals for the 19th Annual CFP Conference

The Computers, Freedom and Privacy (CFP) Conference recently issued a
call for proposals for its 19th conference in Washington, D.C.,
scheduled to be held between June 1-4, 2009. The conference organizers
are requesting proposals and ideas for panels, plenaries, debates,
keynote speakers, and other sessions. The conference seeks advantage
of the fact that it is being held in the nation's capital and wishes
to discuss objectives and challenges of the new administration and
plans to incorporate a global and international perspective. The
conference will be future-oriented and include debates and also inform
attendees about cutting-edge technologies and issues. The deadlines for
receiving proposals is December 19, 2008.


Call for presentations, tutorials, and workshops (CFP 2009):
     http://epic.org/redirect/120808_CFP_callpage.html

CFP 2009 Submission Page:
     http://www.cfp2009.org/submissions/

CFP 2009 Submission Guidelines:
     http://www.cfp2009.org/wiki/index.php/Submission_guidelines



European Court Rules UK DNA Retention Illegal 

The European Court of Human Rights ruled that the world largest DNA
database, based in the United Kingdom, violated Article 8 of the
European Convention on Human Rights which protects the right to
privacy. Privacy International, based in the UK, filed an amicus brief
in this case. The European court considered several issues including
familial searching, social stigmatization, and the protection of
children's rights. The court, sitting as a Grand Chamber, ruled that
applicants who have not been convicted of a crime are presumed
innocent and that retaining indefinitely their genetic samples,
fingerprints and DNA profiles interfered with the right to respect
for private life. EPIC has addressed the issue of genetic privacy
and law enforcement and has also filed a number of amicus briefs in
various cases in the United States.


"S. and Marper v. The United Kingdom"
(Applications nos. 30562/04 and 30566/0):
     http://www.privacyinternational.org/issues/dna/marper-v-uk.doc

Privacy International Amicus Brief:
     http://www.privacyinternational.org/issues/dna/pi-brief-marper.pdf

The United Kingdom national DNA database:
     http://epic.org/redirect/120808_UKDNA_database.html

European Convention on Human Rights:
     http://epic.org/redirect/120808_ECHR_fulltext.html

EPIC's page on Genetic Privacy:
     http://epic.org/privacy/genetic/



Action: Comment on Genetic Information Non-discrimination Act

Several federal agencies are together requesting comments to aid in the
development of regulations under a federal statute that prohibits
discrimination in health coverage based on genetic information. The
statute prohibits group health plans and health insurance issuers in
the group market from using genetic information to adjust premium or
contribution amounts for the group covered under the plan. Comments
are being sought on a number of issues including economic analysis and
regulatory guidance. Deadline for submission of comments is December 9,
2008.

Request for Information Regarding Sections 101 Through 104 of the
Genetic Information Nondiscrimination Act of 2008:
     http://epic.org/redirect/120808_GINA_DOL_comments.html



=======================================================================
[7] EPIC Bookstore: "The Online Panopticon"
=======================================================================

"The Online Panopticon" by David Riphagen

     http://www.cafepress.com/privacyinsns.330035597
     http://www.privacyinsocialnetworksites.nl/

Social Networking Sites, or Web 2.0 services as they are popularly
called, are an increasingly popular method of online communications,
entertainment, and networking tools for users to upload, share and
view information, photos, and exchange messages. However, the plethora
of personal information on such sites poses significant dangers to
privacy and can also be used for harmful activities. As Riphagen points
out, Social Networking Sites can be regarded as the online version of
the Panopticon prison. This concept of omnipresent guards monitoring
data subjects without their knowledge or consent is analogous to Social
Networking Sites, which have access to all their users' information and
use this information for whatever "[Social Networking Sites] think
benefits you" without the user's knowledge or explicit consent.

Several harmful activities can be performed with the identity-relevant
information that these sites collect. Personal information, once posted
on the internet without sufficient control, can come back to haunt
users later. Facebook, MySpace, Orkut and Hyves all offer some level of
control over the information posted. But the level of information
management differs from site to site and Social Networking Sites
reserve the right to access and use this information at any time.
Monitoring and tracking individuals through these snippets of data can
unearth a wealth of information leading to a multitude of threats.

Riphagen's publication looks into many of privacy harms posed by Social
Networking Sites set against a legal framework of the laws of America,
Europe and Canada, as well as other major regulations. Based on threat
identification acquired through surveys of American experts on privacy
and the Internet, Riphagen uses a risk analysis perspective
distinguishing threats from incidents and materialized threats. From
classifying threats to applying tort laws to addressing the damage from
privacy perils, the book offers a comprehensive inquiry into reported
incidents as well as identifying hypothetical hazards that may crop up
in the future.

The paper concludes by recommending research into the business methods
and financial incentives of Social Networking Sites and discovering
their route to profit in order to investigate if privacy and profit can
enhance each other. Other recommendations include conducting a
quantitative survey, using data and constructing a utility curve for
users of Social Networking Sites, which would help in identifying trade
-offs and influencing pay-offs. Finally, Riphagen advises that the
regulation of identity-relevant information be based on potential
privacy harms, their probability of occurrence and their negative
impact on users.

-- Anirban Sen



================================
EPIC Publications:

"Litigation Under the Federal Open Government Laws 2008", edited by
Harry A. Hammitt, Marc Rotenberg, John A. Verdi, and Mark S. Zaid
(EPIC 2008). Price: $60.

http://epic.org/bookstore/foia2008/
	
Litigation Under the Federal Open Government Laws is the most
comprehensive, authoritative discussion of the federal open access
laws. This updated version includes new material regarding the
substantial FOIA amendments enacted on December 31, 2007. Many of the
recent amendments are effective as of December 31, 2008. The standard
reference work includes in-depth analysis of litigation under Freedom
of Information Act, Privacy Act, Federal Advisory Committee Act,
Government in the Sunshine Act. The fully updated 2008 volume is the
24th edition of the manual that lawyers, journalists and researchers
have relied on for more than 25 years. 

================================

"Information Privacy Law: Cases and Materials, Second Edition" Daniel
J. Solove, Marc Rotenberg, and Paul Schwartz. (Aspen 2005). Price: $98.

http://www.epic.org/redirect/aspen_ipl_casebook.html

This clear, comprehensive introduction to the field of information
privacy law allows instructors to enliven their teaching of fundamental
concepts by addressing both enduring and emerging controversies. The
Second Edition addresses numerous rapidly developing areas of privacy
law, including: identity theft, government data mining and electronic
surveillance law, the Foreign Intelligence Surveillance Act,
intelligence sharing, RFID tags, GPS, spyware, web bugs, and more.
Information Privacy Law, Second Edition, builds a cohesive foundation
for an exciting course in this rapidly evolving area of law.

================================

"Privacy & Human Rights 2006: An International Survey of Privacy Laws
and Developments" (EPIC 2007). Price: $75.
http://www.epic.org/phr06/

This annual report by EPIC and Privacy International provides an
overview of key privacy topics and reviews the state of privacy in over
75 countries around the world. The report outlines legal protections,
new challenges, and important issues and events relating to privacy.
Privacy & Human Rights 2006 is the most comprehensive report on privacy
and data protection ever published.

================================

"The Public Voice WSIS Sourcebook: Perspectives on the World Summit on
the Information Society" (EPIC 2004). Price: $40.

http://www.epic.org/bookstore/pvsourcebook

This resource promotes a dialogue on the issues, the outcomes, and the
process of the World Summit on the Information Society (WSIS). This
reference guide provides the official UN documents, regional and
issue-oriented perspectives, and recommendations and proposals for
future action, as well as a useful list of resources and contacts for
individuals and organizations that wish to become more involved in the
WSIS process.

================================

"The Privacy Law Sourcebook 2004: United States Law, International Law,
and Recent Developments," Marc Rotenberg, editor (EPIC 2005). Price:
$40.

http://www.epic.org/bookstore/pls2004/

The Privacy Law Sourcebook, which has been called the "Physician's Desk
Reference" of the privacy world, is the leading resource for students,
attorneys, researchers, and journalists interested in pursuing privacy
law in the United States and around the world. It includes the full
texts of major privacy laws and directives such as the Fair Credit
Reporting Act, the Privacy Act, and the OECD Privacy Guidelines, as well
as an up-to-date section on recent developments. New materials include
the APEC Privacy Framework, the Video Voyeurism Prevention Act, and the
CAN-SPAM Act.

================================

"Filters and Freedom 2.0: Free Speech Perspectives on Internet Content
Controls" (EPIC 2001). Price: $20.

http://www.epic.org/bookstore/filters2.0

A collection of essays, studies, and critiques of Internet content
filtering. These papers are instrumental in explaining why filtering
threatens free expression.

================================

EPIC publications and other books on privacy, open government, free
expression, crypto and governance can be ordered at:

EPIC Bookstore
http://www.epic.org/bookstore

"EPIC Bookshelf" at Powell's Books
http://www.powells.com/bookshelf/epicorg.html

================================

EPIC also publishes EPIC FOIA Notes, which provides brief summaries of
interesting documents obtained from government agencies under the
Freedom of Information Act.

Subscribe to EPIC FOIA Notes at:
https:/mailman.epic.org/mailman/listinfo/foia_notes


=======================================================================
[8] Upcoming Conferences and Events
=======================================================================

International Human Rights Day, December 10, 2008. For more
information: http://www.un.org/events/humanrights/2008/


Tilting perspectives on regulating technologies, Tilburg Institute
for Law and Technology, and Society, Tilburg University. December
10-11, Tilburg, Netherlands.
http://www.tilburguniversity.nl/tilt/conference


The American Conference Institute is hosting the 8th National Symposium
on Privacy and Security of Consumer and Employee Information at the
Four Points by Sheraton, Washington, D.C., January 27-28, 2009,
Washington, DC. http://www.americanconference.com/Privacy.htm


"Patents, Copyrights and Knowledge Governance: The Next Four Years",
Trans Atlantic Consumer Dialogue (TACD) Workshop held by the TACD
Working Group on Intellectual Property, Washington, D.C.,
January 12-13, 2009. For more information,
http://www.tacd-ip.org/blog/?page_id=5


The IAPP Privacy Summit 2009 will be held between March 11-13, 2009,
at Washington, D.C. For more information, http://www.privacysummit.org


"Conference on International Aspects of Securing Personal Data", The
Federal Trade Commission, Washington, D.C., March 16-17, 2009:
For more information, http://ftc.gov/opa/2008/12/datasec.shtm


Computers, Freedom, and Privacy, 19th Annual Conference, Washington,
D.C., June 1-4, 2009. For more information,
http://www.cfp2009.org/wiki/index.php/Main_Page


"The Transformation of Privacy Policy", Institutions, Markets
Technology Institute for Advanced Studies (IMT)Lucca, Italy, July 2-4,
2009.


=======================================================================
Subscription Information
=======================================================================

Subscribe/unsubscribe via web interface:
https://mailman.epic.org/mailman/listinfo/epic_news

Back issues are available at:
http://www.epic.org/alert


The EPIC Alert displays best in a fixed-width font, such as Courier.

=======================================================================
Privacy Policy
=======================================================================

The EPIC Alert mailing list is used only to mail the EPIC Alert and to
send notices about EPIC activities. We do not sell, rent or share our
mailing list. We also intend to challenge any subpoena or other legal
process seeking access to our mailing list. We do not enhance (link to
other databases) our mailing list or require your actual name.

In the event you wish to subscribe or unsubscribe your e-mail address
from this list, please follow the above instructions under "subscription
information."

=======================================================================
About EPIC
=======================================================================

The Electronic Privacy Information Center is a public interest research
center in Washington, DC. It was established in 1994 to focus public
attention on emerging privacy issues such as the Clipper Chip, the
Digital Telephony proposal, national ID cards, medical record privacy,
and the collection and sale of personal information. EPIC publishes the
EPIC Alert, pursues Freedom of Information Act litigation, and conducts
policy research. For more information, see http://www.epic.org or write
EPIC, 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009. +1 202
483 1140 (tel), +1 202 483 1248 (fax).

=======================================================================
Donate to EPIC
=======================================================================

If you'd like to support the work of the Electronic Privacy Information
Center, contributions are welcome and fully tax-deductible. Checks
should be made out to "EPIC" and sent to 1718 Connecticut Ave., NW,
Suite 200, Washington, DC 20009. Or you can contribute online at:

http://www.epic.org/donate

Your contributions will help support Freedom of Information Act and
First Amendment litigation, strong and effective advocacy for the right
of privacy and efforts to oppose government regulation of encryption and
expanding wiretapping powers.

Thank you for your support.

=======================================================================
Support Privacy '08
=======================================================================

If you would like more information on Privacy '08, go online and search
for "Privacy 08." You'll find a Privacy08 Cause at Facebook, Privacy08
at Twitter, a Privacy08 Channel on YouTube to come soon, and much more.
You can also order caps and t-shirts at CafePress Privacy08.

Start a discussion. Hold a meeting. Be creative. Spread the word. You
can donate online at epic.org. Support the campaign.

Facebook Cause:
http://www.epic.org/redirect/fbprivacy08.html

Twitter:
http://twitter.com/privacy08

CafePress:
http://www.cafepress.com/epicorg

========================================================================
                          E P I C   Job Announcement
========================================================================

        EPIC is seeking a smart, energetic, creative individual
                     for the position of Staff Counsel

                         Deadline: Jan. 1, 2009

                       Click here for more details
           http://www.epic.org/epic/jobs/counsel_1108.html


------------------------- END EPIC Alert 15.24 ------------------------
.