======================================================================= E P I C A l e r t ======================================================================= Volume 16.01 January 28, 2009 ----------------------------------------------------------------------- Published by the Electronic Privacy Information Center (EPIC) Washington, D.C. http://www.epic.org/alert/EPIC_Alert_16.01.html "Defend Privacy. Support EPIC." http://epic.org/donate ======================================================================= Table of Contents ======================================================================= [1] EPIC, Civil Society Celebrate International Privacy Day [2] Supreme Court Permits Arrest Based on Police Database Error EPIC Amicus Brief Cited in Dissent [3] EPIC, Experts Urge Supreme Court: Protect Anonymity & Pseudonymity [4] Homeland Security Promotes Employment Verification System - EPIC Pursues Open Government Request [5] Data Breaches on Rise in the US [6] News in Brief [7] EPIC Bookstore: "Blown to Bits" [8] Upcoming Conferences and Events - Subscription Information - Privacy Policy - About EPIC - Donate to EPIC http://www.epic.org/donate - Support Privacy '08 http://www.privacy08.org - Job Announcement ======================================================================= [1] EPIC, Civil Society Celebrate International Privacy Day ======================================================================= EPIC and civil society organizations around the world celebrated International Privacy Day with a call to governments to sign on to the Council of Europe Privacy Convention, which was opened for signature on January 28, 1981. The object of the Privacy Convention, known as "Convention 108," is to strengthen data protection for individuals with regard to automatic processing of personal information relating to them. As the Council of Europe explained, In order to secure for every individual, whatever his/her nationality or residence, respect for his/her rights and fundamental freedoms, and in particular his/her right to privacy, with regard to automatic processing of personal data relating to him/her, the Council of Europe elaborated the "Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data" which was opened for signature on 28 January 1981. To this day, it still remains the only binding international legal instrument with a worldwide scope of application in this field, open to any country, including countries which are not members of the Council of Europe. The Convention remains timely. As one source noted, In addition to being the first legally binding international instrument in the area of data protection, this Convention has withstood the test of time by being adaptive and fairly rigorous. Today the principles of this agreement are being examined for their applicability to the collection and processing of biometric data. One scholar recently wrote that "It is not too difficult for the data protection laws of quite a few non-European countries to meet the requirements of Convention 108" and suggested "The opening up of Convention 108 to non-European countries is one way of sidestepping the cumbersome process of developing a new UN convention on privacy" and concluded that "this approach deserves serious consideration by Asia-Pacific and other governments that already have privacy laws of international standard, or are considering introducing them." Forty-one countries have ratified the Convention 108. Civil society groups will continue their efforts to press for adoption of the Convention among the countries that have not yet ratified. They also noted that previous US objections to signing a Council of Convention would no longer apply since the US had urged many countries to sign the controversial Council of Europe Convention on Cybercrime. On International Privacy Day, EPIC also honored eminent Italian jurist Stefano Rodotà with the "International Privacy Champion" award. EPIC said that Professor Rodotà has profoundly influenced the public's understanding of human rights in the age of the Internet and described Professor Rodotà as "a powerful advocate for the rights of the citizen." Previous recipients of the EPIC Champion of Freedom Award include Senator Patrick Leahy and Professor Pamela Samuelson. EPIC, Council of Europe Privacy Convention: http://epic.org/privacy/intl/coeconvention/ COE Privacy Convention - Text http://conventions.coe.int/Treaty/en/Treaties/Html/108.htm Graham Greenleaf, "Accession to Council of Europe privacy Convention 108 by non-European states": http://epic.org/redirect/011509_GGreenleaf_coe108.html International Privacy Day Campaign (with activities) http://www.facebook.com/home.php#/event.php?eid=54024777428 Privacy International: http://www.privacyinternational.org/ The Public Voice: http://www.thepublicvoice.org Net Dialogue, INITIATIVE: COE's Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data: http://www.netdialogue.org/initiatives/coeautoprocess/ EPIC, "Privacy and Human Rights" http://epic.org/phr06/ Statement of Senator Patrick Leahy on "Data Privacy Day" http://leahy.senate.gov/press/200901/012809B.HTML Wikipedia, Stefano Rodota (Italian) http://it.wikipedia.org/wiki/Stefano_Rodot%C3%A0 Facebook Fan page, Stefano Rodota http://www.facebook.com/home.php#/pages/Stefano-Rodota/47114266507 ======================================================================= [2] Supreme Court Permits Arrest Based on Police Database Error, EPIC Amicus Brief Cited in Dissent ======================================================================= The Supreme Court in a 5-4 opinion, held that the police may use false information contained in a police database as the evidence for an arrest. Chief Justice Roberts held that, "when police mistakes are the result of negligence such as that described here, rather than systemic error or reckless disregard of constitutional requirements, any marginal deterrence does not 'pay its way.'" In Herring v. US, the police searched and then arrested Bennie Dean Herring based on incorrect information in a government database. He was illegally arrested and searched even though he told the officers that there was no arrest warrant, and no officer had seen or could produce a copy of the arrest warrant. After he was indicted, Herring petitioned the district court to suppress the evidence gathered incident to his unlawful arrest, arguing the exclusionary rule prevented the use of such evidence. But the district court ruled against him. Herring then appealed to the Eleventh Circuit Court of Appeals, which affirmed the district court's ruling. Herring thereafter petitioned for cert. to the US Supreme Court. Justice Ginsburg, writing for four of the Justices in dissent, said that "negligent recordkeeping errors by law enforcement threaten individual liberty, are susceptible to deterrence by the exclusionary rule, and cannot be remedied effectively through other means." EPIC filed a friend of the court brief urging the Justices to ensure the accuracy of police databases, on behalf of 27 legal scholars and technical experts and 13 privacy and civil liberty groups. The EPIC brief was cited by the Justices in dissent. Justice Ginsburg highlighting EPIC's brief underscored that "electronic databases form the nervous system of contemporary criminal justice operations" and "[p]olice today [could] access databases that include not only the updated National Crime Information Center (NCIC), but also terrorist watchlists, the Federal Government's employee eligibility system, and various commercial databases." Further relying on EPIC's brief, she also warned that the "risk of error stemming from these databases is not slim" and they were "insufficiently monitored" and "often out of date." Justice Ginsburg disagreed with the majority opinion on three major premises. She argued that restricting the remedy of suppression of evidence to deliberate or reckless errors, defendants were left with no remedy for violations of their constitutional rights. Secondly, she raised her doubts that police forces possessed sufficient incentives to maintain up-to-date records. Thirdly, Justice Ginsburg reasoned that even when deliberate or reckless conduct was afoot, the Court's assurance will often be an empty promise - as the defendant will probably be unable to make the required showing. Supreme Court Opinion (Jan. 14): http://epic.org/privacy/herring/07-513_opinion.pdf "Friend-of-the-court," Brief by EPIC, 27 Legal Scholars and Technical Experts and 13 Privacy and Civil Liberty Groups (pdf) (May 16, 2008): http://epic.org/privacy/herring/07-513tsac_epic.pdf US Supreme Court Docket page for Herring v. US: http://www.supremecourtus.gov/docket/07-513.htm EPIC page on Herring v. US http://epic.org/privacy/herring/ EPIC's page on the 2003 online petition urging the reestablishment of accuracy requirements for the FBI's National Crime Information Center, the nation's largest criminal justice database: http://epic.org/privacy/ncic/ ======================================================================= [3] EPIC, Experts Urge Supreme Court: Protect Anonymity & Pseudonymity ======================================================================= On December 19, 2008, EPIC filed a "friend of the court" brief in the United States Supreme Court, urging the Justices to protect anonymous and pseudonymous activities. The brief was filed on behalf of seventeen legal scholars and technical experts. In Flores-Figueroa v. United States, the Court will be asked to determine whether individuals who include identification numbers that are not theirs, but don't intentionally impersonate others, can be subject to harsher punishments under federal law. EPIC explained that anonymous and pseudonymous behavior is a cornerstone of privacy protection in the identity management field. The brief urges the Court to not "set a precedent that might inadvertently render the use of privacy enhancing pseudonyms, anonymizers, and other techniques for identity management unlawful." Amici said that the term "identity theft" "has a specific meaning among technologists, academics, security professionals, and other experts in the field of identity management." "Identity theft" refers to the knowing impersonation of one person by another. "The unknowing use of inaccurate credentials does not constitute identity theft," amici argued. The brief explains that precise use of technical concepts is crucial, particularly in a case that could impose enhanced criminal identity theft penalties on a person who presented an identity document that contained his own name, but an inaccurate ID number. The brief details the importance of anonymous and pseudonymous credentials in identity management systems, and explains how an averse decision in this case "threatens to impose aggravated identity theft penalties on individuals who present inaccurate credentials in an effort to protect their privacy through pseudonymous or anonymous activities." EPIC also described the long and distinguished history of pseudonymous activity, from the American founders' pseudonymous advocacy for liberty through Mary Ann Evans' "George Eliot" nom de plume and the U.S. government's issuance of pseudonymous credentials to enrollees in the Department of Justice's Witness Protection Program. In Flores-Figueroa v. United States, the petitioner challenged his conviction for "aggravated identity theft" under the Identity Theft Penalty Enhancement Act. Flores-Figueroa maintains that he did not commit identity theft when he used an identity document with his real name and an identity number that was not his to maintain employment. The federal law provides for enhanced penalties when a person "knowingly transfers, possesses, or uses, without lawful authority, a means of identification of another person." Flores-Figueroa identified himself by his real name to his employer, but provided a false Social Security Number and false Permanent Resident Number. Both ID numbers were issued to someone else, but neither person shared Flores-Figueroa's name, and the government presented no evidence that Flores-Figueroa knew that the ID numbers were assigned to real people. The case will resolve whether a person can be convicted of aggravated identity theft if he does not "knowingly" use an ID number assigned to "another person." EPIC has advocated for strong protections against identity theft, and opposed burdensome ID requirements. Earlier this year, EPIC encouraged federal regulators to impose monetary penalties on companies that exposed their customers' data to criminals. In addition, EPIC has long supported the right of individuals to preserve their anonymity, particularly in the face of ever more intrusive government identification requirements. "Friend-of-the-court," Brief by EPIC, Legal Scholars, Technical Experts (Dec. 19, 2008): http://epic.org/privacy/flores-figueroa/121908_brief.pdf US Supreme Court Docket page for Flores-Figueroa v. United States: http://www.supremecourtus.gov/docket/08-108.htm EPIC's Flores-Figueroa v. United States page: http://epic.org/privacy/flores-figueroa/ EPIC's Identity Theft Page: http://epic.org/privacy/idtheft/ EPIC's Support for Constitutional Right to Anonymity in Watchtower Bible v. Stratton: http://epic.org/free_speech/watchtower.html Petitioner's Brief for Supreme Court Review in Flores-Figueroa v. United States: http://epic.org/privacy/flores-figueroa/pet_amicus.pdf The Government's Brief Regarding Supreme Court Review in Flores-Figueroa v. United States: http://epic.org/privacy/flores-figueroa/gov_amicus.pdf ======================================================================= [4] Homeland Security Promotes Employment Verification System - EPIC Pursues Open Government Request ======================================================================= The Department of Homeland Security has issued a solicitation for "Marketing and Advertising Services in Support of E-Verify." The E-Verify program was created by the U.S. Department of Homeland Security and the Social Security Administration to verify the work authorization status of new hires. However, the Government Accountability Office, the Social Security Administration's Inspector General, and the CATO Institute have detailed many shortcomings of E-Verify, and have highlighted high levels of inaccuracies in the databases on which the program is based, employer misuse resulting in discrimination and unlawful termination, the lack of privacy protections as well as the program's high costs. The USCIS solicitation, which runs into 64 pages, anticipates a national level marketing and advertising campaign budget estimated at $30 million all of which comes from taxpayer's money. In spite of being fully aware of the limitations of the E-Verify program and a federal court granting a preliminary injunction in implementing a DHS "Safe Harbor" rule designed impose liability on disobeying employers, the E-Verify program promotion not only seems to be continuing, but also gathering steam. On November 10, 2008, NPR began running a credit on its radio stations which stated "[s]upport for NPR comes from NPR stations, and the Department of Homeland Security (DHS), offering E-Verify, confirming the legal working of new hires. At DHS dot gov slash E-Verify." The ad running on NPR radio stations is part of a political campaign to make E-Verify mandatory for all U.S. employers. By law, NPR can only identify and not promote underwritings and sponsorship. In a letter to the NPR Ombudsman, EPIC noted that E-Verify "could deny many eligible individuals - including U.S. citizens and legal immigrants - the opportunity to work," and is "ineffective as a solution to U.S. immigration problems." The letter, however, failed to evoke a response. Thereafter, EPIC filed a Freedom of Information request with DHS to uncover all records, including contracts and related documents, between DHS and NPR concerning the E-Verify promotion. The request included a demand for expedited processing, which under statute, must elicitate a response within 10 calendar days. Although DHS acknowledged the demand for information, and referred the request for processing and direct response to USCIS, the USCIS failed and/or neglected to reply with a determination within the statutory timeframe which is the equivalent of a denial. Therefore, EPIC filed an appeal from the denial of the request. EPIC's Freedom of Information Request to DHS/USCIS: http://epic.org/privacy/e-verify/dhs_foia_120408.pdf EPIC's Freedom of Information request Appeal to USCIS: http://epic.org/privacy/e-verify/DHS_EV_Appeal_01082008.pdf EPIC's letter to NPR Ombudsman: http://epic.org/DHS_NPR_ltr_12-08.pdf EPIC, "Spotlight on Surveillance: E-Verify System - DHS Changes Name, But Problems Remain for U.S. Workers.": http://epic.org/privacy/surveillance/spotlight/0707/default.html "Employment Verification - Challenges Exist in Implementing a Mandatory Electronic Employment Verification System," United States Government Accountability Office," June 10, 2008: http://www.gao.gov/new.items/d08895t.pdf "Inspector General's Statement on SSA's Major Management and Performance Challenges," Nov. 5, 2008: http://epic.org/redirect/120808_IG_SSA_statement.html ======================================================================= [5] Data Breaches on Rise in the US ======================================================================= The Identity Theft Resource Center, a nonprofit working to understand and prevent of identity theft, issued a report for the year 2008 on data breaches in the United States. The California based Center reported that data breaches increased dramatically in 2008. The breach report included 656 reported breaches at the end of 2008 and reflected an increase of 47 percent over a total of 446 data breaches in 2007. The ITRC classifies entities into five groups: Business, Educational, Government/Military, Health/Medical and Financial/Credit. The rankings of these groups have not changed since 2007. While data breaches from Business and Educational entities were 240 and 131, Financial/Credit related data breaches were reported to be 78. The ITRC also tracked five categories of data loss methods: Insider Theft, Hacking, Data on the Move, Accidental Exposure and Subcontractor. The report noted that Insider Theft accounted for 15.7 percent, Hacking at 13.9 percent, Data on the Move at 20.7 percent, Accidental Exposure at 14.4 percent, and Subcontractor related data loss at 10.4 percent. Electronic breaches accounted for 82.3 percent compared to paper breaches at 17.7 percent. While the report identified 35.7 million records potentially breached as per notification letters and information provided by breached entities, 41.9 percent went unreported or undisclosed making the total number of affected records an unreliable number to use for any accurate reporting. The ITRC concluded that most breached data was unprotected by either encryption or even passwords. The ITRC advised agencies and companies to (a) minimize personnel with access to personally identifying information, (b) encrypt mobile data storage devices, (c) set policy for storage and transport of data, (d) encrypt and securely store all data transfers and backups, (e) properly destroy all paper documents before disposal, (f) update computer security and (g) train employees on safe information handling. Data Breaches are the leading cause of identity theft. The Federal Trade Commission estimates that as many as 9 million Americans have their identities stolen each year. Many states have laws that govern how businesses should respond to data breaches, and what notice or assistance they are required to provide to affected consumers. Massachusetts recently established stringent rules for data security as well. ITRC Data Breach Report: http://epic.org/redirect/011509_ITRC_DataBreach_report.html 2008 Data Breach Total Soars, ITRC: http://epic.org/redirect/011509_ITRC_DataBreach_media.html Federal Trade Commission's page on Data Breaches: http://epic.org/redirect/011509_FTC_DataBreach.html Federal Trade Commission's page on Identity Theft: http://epic.org/redirect/011509_FTC_IdTheft.html EPIC's page on Identity Theft: http://epic.org/privacy/idtheft/ ======================================================================= [6] News in Brief ======================================================================= Federal Intelligence Court Rules Warrantless Wiretapping Legal The Foreign Intelligence Surveillance Court of Review has ordered the release of a redacted opinion which ruled in August, 2008 that warrantless wiretapping of international phone calls and the interception of e-mail messages were permissible. Giving support to the Protect America Act, the Court found that "foreign intelligence surveillance possesses characteristics that qualify" for an exception in the interest of "national security." Court Opinion: http://www.uscourts.gov/newsroom/2009/FISCR_Opinion.pdf Court Order Authorizing Public Release: http://www.fas.org/irp/agency/doj/fisa/fiscr011209.pdf Foreign Intelligence Surveillance Act: http://epic.org/privacy/terrorism/fisa/ Court Denies Rehearing in Prescription Privacy Law Case The First Circuit Court of Appeals denied rehearing en banc in a case which involved a recent New Hampshire law that banned the sale of prescriber-identifiable prescription drug data for marketing purposes. EPIC and sixteen experts in privacy and technology had filed a friend of the court brief in the matter urging a reversal of a District Court ruling that delayed enforcement of the New Hampshire Prescription Confidentiality Act. In November last year, the First Circuit Court of Appeals upheld the ban following which a motion of en banc rehearing had been filed. Court Order denying re-hearing: http://epic.org/privacy/imshealth/CA1_enbanc_011409.pdf Opinion Upholding New Hampshire Prescription Confidentiality Act: http://epic.org/privacy/imshealth/11_18_08_order.pdf EPIC's Brief in Support of Prescription Privacy: http://epic.org/privacy/imshealth/epic_ims.pdf New Hampshire Prescription Confidentiality Act: http://www.gencourt.state.nh.us/legislation/2006/HB1346.html Maine's Prescription Privacy Law: http://epic.org/redirect/112008_ME_prescrption_privacy.html Vermont's Prescription Privacy Law: http://epic.org/redirect/112008_VT_prescrption_privacy.html EPIC's page on IMS Health Inc. v. Ayotte: http://epic.org/privacy/imshealth/default.html EPIC, Patient Advocates Urge Congress to "ACT" on Privacy EPIC and more than 25 members of the Coalition for Patient Privacy at a news conference on January 14, 2009 in Washington, DC urged Congress to include critical privacy safeguards for the medical record network that may be included in the economic stimulus plan. The Coalition partners are recommending that lawmakers "ACT" on privacy and provide Accountability for access to health records, Control of personal information, and Transparency to protect medical consumers from abuse. Coalition for Patient Privacy: http://www.patientprivacyrights.org/ Coalition for Patient Privacy Press release: http://www.patientprivacyrights.org/site/R?i=-BviVrOz6zoN_13UqgbzhQ Coalition letter to Congress: http://www.patientprivacyrights.org/site/R?i=dvCRMk51lVXnJoxfWoC9MQ EPIC's page on Medical Privacy: http://epic.org/privacy/medical/default.html Future of Privacy Forum Issues Recommendations for the Administration The Future of Privacy Forum proposed seven privacy recommendations to the upcoming administration. The FPF urged the President to also appoint a Chief Privacy Officer (CPO) in order to recognize that responsible use of data by businesses and government is critical to the economy, to protecting civil liberties and to ensuring public safety. Other recommendations were to appoint a Chief Privacy Officer to promote fair information practices in both public and private sectors; ensure that interactive tools used by the government to provide users with enhanced transparency and controls; establish a standard definition of personal information; increase technology and research support for the Federal Trade Commission; enhance criminal law enforcement support for the Federal Trade Commission; provide national leadership to resolve the conflict between privacy and online safety for youth; and encourage accountable business models. Future of Privacy Forum Recommendations: http://www.net-security.org/secworld.php?id=6921 Trade Commission Proposes Consumer Authentication The Federal Trade Commission issued a report recommending five measures to help prevent Social Security numbers from being used for identity theft. The report recommended improving consumer authentication, restricting public display and transmission of Social Security Numbers, establishing national standards for data protection and breach notification, conducting outreach to business and consumers and promoting coordination and information sharing on use of SSNs. The Commission recommended that the Congress should strengthen the procedures that private-sector organizations use to authenticate their customers identities. Although the Commission recommended a national data security standard to cover SSNs, it did not clarify that such regulations should not pre-empt State regulations providing a higher threshold of privacy. FTC Issues Report on Social Security Numbers and Identity Theft: http://www.ftc.gov/opa/2008/12/ssnreport.shtm Security in Numbers, SSNs and ID Theft: http://www.ftc.gov/os/2008/12/P075414ssnreport.pdf EPIC's page on Identity Theft: http://epic.org/privacy/idtheft EPIC's page on Privacy and Preemption: http://epic.org/privacy/preemption/ Consumer Groups Urge Trade Commission to Investigate Mobile Marketing The Center for Digital Democracy and the U.S. Public Interest Research Group filed a complaint with the Federal Trade Commission to investigate the growing threat to consumer privacy in the mobile advertising world. Certain services track, analyze, and target the public and build secret profiles. Users are targeted based on their online behavior and their location. The complaint urges the Commission to define and clarify practices, review self-regulation, require notice and disclosure and also protect the public. Earlier, thirty Privacy Coalition members sent a letter to then President-elect Barack Obama highlighting the importance of protecting consumer privacy in new network services. Center for Digital Democracy: http://www.democraticmedia.org/ U.S. Public Interest Research Group: http://www.uspirg.org/ Complaint before the FTC: http://www.democraticmedia.org/files/FTCmobile_complaint0109.pdf The Federal Trade Commission: http://www.ftc.gov/ The Privacy Coalition: http://privacycoalition.org/ Privacy Coalition Letter to President-elect Barack Obama: http://epic.org/L6=http://epic.org/privacy/pdf/obama-ftc-ltr.pdf EPIC's page on Privacy and Consumer Profiling: http://epic.org/privacy/profiling/default.html Federal Regulator Reverses on Internet Content Filtering Plan The Federal Communications Commission Chairman Kevin Martin has said in an interview published by Ars Technica on Dec. 29 that he will not pursue a government-mandated content filter as part of a proposal for a nationwide free wireless broadband network. EPIC had opposed the provision and said that it would create a dangerous precedent that would encourage governments to limit access to unpopular or controversial speech. Kevin Martin's interview: http://epic.org/redirect/011509_FCC_KevinMartin_at.html The Transportation Research Board Held Meeting The Transportation Research Board held its 88th Annual Meeting in Washington DC. Transportation, Energy, and Climate Change was the theme for the event. The meeting featured 3,000 presenters in about 600 presentations that engaged 10,000 national and international transportation professionals attending the event. The meeting featured discussions about technology and its potential for addressing global warming challenges and the efficient use of roads and highways. In recent years, innovative surface transportation has exposed automobile users to smart fee tolling systems offered automated payment options. Privacy consequences of smart transportation systems were discussed during the panel presentation "Valuing Privacy in Intelligent Transportation Systems" held on Tuesday, January 12, 2009. 88th Annual Meeting, January 11-15, 2009, Transportation Research Board: http://www.trb.org/Meeting/2009/default.asp Chinese Filtering Circumvention Tools Sell User Data The Berkman Center for Internet & Society reported that three of the circumvention tools being used to bypass China's Great Firewall are actually tracking and selling the individual web browsing histories of their clients. The findings, which appeared on a blog, showed that the sites employed deceptive languages regarding the safety of their use and access and privacy policies were altogether absent. The tools, DynaWeb FreeGate, GPass, and FirePhoenix have chosen a business model of selling user data. Hal Roberts, "watching technology," The Berkman Center for Internet & Society: http://epic.org/redirect/011509_Berkman_Blog.html ======================================================================= [7] EPIC Bookstore: "Blown to Bits" ======================================================================= "Blown to Bits" by Hal Abelson, Ken Ledeen & Harry Lewis http://www.powells.com/biblio/64-9780137135592-0?&PID=24075 The free flow of information in an increasingly connected world has brought about technological feasibilities that years ago would have sounded schizophrenic. Yet, as every person treads the digital world, whether knowingly or unknowingly, they leave behind digital footprints in a myriad of ways. This book examines how the ubiquity of technology dilutes itself into the fabric of daily life, and the way our world responds to those consequences. Each chapter begins with an engaging real life story. The authors highlight the use of modern technology, sometimes as a tool, sometimes as a crutch, and sometimes as a weapon. But each time with definite consequences of how "bits" of information are not only changing reality, but also our perception of the way we interact with the world. "Your Life, Liberty and Happiness After the Digital Explosion" is an apt tagline for the book which traces the evolution of the digital world - the way we use it and the way it makes us adopt newer policies to "govern" the explosion of digital information. The book brings to the fore a series of varied impacts of technology. Cell phone "pings" locating people in distress, the social costs of seemingly innocuous surveillance, the disparity between what a computer displays and what lies beneath, the unintended directories in the online world, the ownership of the digital bit, and the lists of problems it poses to the safety and security of the civilized world. One cannot but marvel at the dichotomy of challenges and pleasures that the digital life has whipped up. Without being judgmental, Abelson, Ledeen and Lewis bring out the most obvious and apparent facts offered by the new technology and give a take on the good and the ill, the promises and the perils, and the risks and the opportunities, without conveying the readers a sense of foreboding. The authors explain complex computer and internet workings without leaving a layman grappling with jargons and yet manage to give the readers a sense of how we are headed towards a new era in information exchange. The authors declare that the value of technology depends on we use it and conclude by foretelling that the ongoing digital explosion will result in dramatic changes in our sense of personal identity and privacy, our capacity for free speech, and the creativity that drives human progress. -- Anirban Sen ================================ EPIC Publications: "Litigation Under the Federal Open Government Laws 2008," edited by Harry A. Hammitt, Marc Rotenberg, John A. Verdi, and Mark S. Zaid (EPIC 2008). Price: $60. http://epic.org/bookstore/foia2008/ Litigation Under the Federal Open Government Laws is the most comprehensive, authoritative discussion of the federal open access laws. This updated version includes new material regarding the substantial FOIA amendments enacted on December 31, 2007. Many of the recent amendments are effective as of December 31, 2008. The standard reference work includes in-depth analysis of litigation under Freedom of Information Act, Privacy Act, Federal Advisory Committee Act, Government in the Sunshine Act. The fully updated 2008 volume is the 24th edition of the manual that lawyers, journalists and researchers have relied on for more than 25 years. ================================ "Information Privacy Law: Cases and Materials, Second Edition" Daniel J. Solove, Marc Rotenberg, and Paul Schwartz. (Aspen 2005). Price: $98. http://www.epic.org/redirect/aspen_ipl_casebook.html This clear, comprehensive introduction to the field of information privacy law allows instructors to enliven their teaching of fundamental concepts by addressing both enduring and emerging controversies. The Second Edition addresses numerous rapidly developing areas of privacy law, including: identity theft, government data mining and electronic surveillance law, the Foreign Intelligence Surveillance Act, intelligence sharing, RFID tags, GPS, spyware, web bugs, and more. Information Privacy Law, Second Edition, builds a cohesive foundation for an exciting course in this rapidly evolving area of law. ================================ "Privacy & Human Rights 2006: An International Survey of Privacy Laws and Developments" (EPIC 2007). Price: $75. http://www.epic.org/phr06/ This annual report by EPIC and Privacy International provides an overview of key privacy topics and reviews the state of privacy in over 75 countries around the world. The report outlines legal protections, new challenges, and important issues and events relating to privacy. Privacy & Human Rights 2006 is the most comprehensive report on privacy and data protection ever published. ================================ "The Public Voice WSIS Sourcebook: Perspectives on the World Summit on the Information Society" (EPIC 2004). Price: $40. http://www.epic.org/bookstore/pvsourcebook This resource promotes a dialogue on the issues, the outcomes, and the process of the World Summit on the Information Society (WSIS). This reference guide provides the official UN documents, regional and issue-oriented perspectives, and recommendations and proposals for future action, as well as a useful list of resources and contacts for individuals and organizations that wish to become more involved in the WSIS process. ================================ "The Privacy Law Sourcebook 2004: United States Law, International Law, and Recent Developments," Marc Rotenberg, editor (EPIC 2005). Price: $40. http://www.epic.org/bookstore/pls2004/ The Privacy Law Sourcebook, which has been called the "Physician's Desk Reference" of the privacy world, is the leading resource for students, attorneys, researchers, and journalists interested in pursuing privacy law in the United States and around the world. It includes the full texts of major privacy laws and directives such as the Fair Credit Reporting Act, the Privacy Act, and the OECD Privacy Guidelines, as well as an up-to-date section on recent developments. New materials include the APEC Privacy Framework, the Video Voyeurism Prevention Act, and the CAN-SPAM Act. ================================ "Filters and Freedom 2.0: Free Speech Perspectives on Internet Content Controls" (EPIC 2001). Price: $20. http://www.epic.org/bookstore/filters2.0 A collection of essays, studies, and critiques of Internet content filtering. These papers are instrumental in explaining why filtering threatens free expression. ================================ EPIC publications and other books on privacy, open government, free expression, crypto and governance can be ordered at: EPIC Bookstore http://www.epic.org/bookstore "EPIC Bookshelf" at Powell's Books http://www.powells.com/bookshelf/epicorg.html ================================ EPIC also publishes EPIC FOIA Notes, which provides brief summaries of interesting documents obtained from government agencies under the Freedom of Information Act. Subscribe to EPIC FOIA Notes at: https:/mailman.epic.org/mailman/listinfo/foia_notes ======================================================================= [8] Upcoming Conferences and Events ======================================================================= The Privacy by Design Challenge - nine privacy leaders from major corporations present their latest innovations in Privacy-Enhancing Technologies. Toronto, Canada, January 28, 2009. For more information, http://www.privacybydesign.ca/registration.htm The American Conference Institute is hosting the 8th National Symposium on Privacy and Security of Consumer and Employee Information at the Four Points by Sheraton, Washington, D.C., January 27-28, 2009, Washington, DC. http://www.americanconference.com/Privacy.htm Notice and Request for Public Comments by the Federal Trade Commission on Digital Rights Management Technologies. Comments due by January 30, 2009. Event: Wednesday, March 25, 2009, Seattle, WA. For more information, https://secure.commentworks.com/ftc-DRMtechnologies/ The IAPP Privacy Summit 2009 will be held between March 11-13, 2009, at Washington, D.C. For more information, http://www.privacysummit.org "Conference on International Aspects of Securing Personal Data," The Federal Trade Commission, Washington, D.C., March 16-17, 2009. For more information, http://ftc.gov/opa/2008/12/datasec.shtm IEEE Symposium on Security and Privacy, May 17-20, 2009, The Claremont Resort, Oakland, California. For more information, http://oakland09.cs.virginia.edu/ Web 2.0 Security & Privacy 2009, Thursday, May 21, The Claremont Resort, Oakland, California. For more information, http://w2spconf.com/2009/ Computers, Freedom, and Privacy, 19th Annual Conference, Washington, D.C., June 1-4, 2009. For more information, http://www.cfp2009.org/wiki/index.php/Main_Page "The Transformation of Privacy Policy," Institutions, Markets Technology Institute for Advanced Studies (IMT)Lucca, Italy, July 2-4, 2009. ======================================================================= Subscription Information ======================================================================= Subscribe/unsubscribe via web interface: https://mailman.epic.org/mailman/listinfo/epic_news Back issues are available at: http://www.epic.org/alert The EPIC Alert displays best in a fixed-width font, such as Courier. ======================================================================= Privacy Policy ======================================================================= The EPIC Alert mailing list is used only to mail the EPIC Alert and to send notices about EPIC activities. We do not sell, rent or share our mailing list. We also intend to challenge any subpoena or other legal process seeking access to our mailing list. We do not enhance (link to other databases) our mailing list or require your actual name. In the event you wish to subscribe or unsubscribe your e-mail address from this list, please follow the above instructions under "subscription information." ======================================================================= About EPIC ======================================================================= The Electronic Privacy Information Center is a public interest research center in Washington, DC. It was established in 1994 to focus public attention on emerging privacy issues such as the Clipper Chip, the Digital Telephony proposal, national ID cards, medical record privacy, and the collection and sale of personal information. EPIC publishes the EPIC Alert, pursues Freedom of Information Act litigation, and conducts policy research. For more information, see http://www.epic.org or write EPIC, 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009. +1 202 483 1140 (tel), +1 202 483 1248 (fax). ======================================================================= Donate to EPIC ======================================================================= If you'd like to support the work of the Electronic Privacy Information Center, contributions are welcome and fully tax-deductible. Checks should be made out to "EPIC" and sent to 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009. Or you can contribute online at: http://www.epic.org/donate Your contributions will help support Freedom of Information Act and First Amendment litigation, strong and effective advocacy for the right of privacy and efforts to oppose government regulation of encryption and expanding wiretapping powers. Thank you for your support. ======================================================================= Support Privacy '08 ======================================================================= If you would like more information on Privacy '08, go online and search for "Privacy 08." You'll find a Privacy08 Cause at Facebook, Privacy08 at Twitter, a Privacy08 Channel on YouTube to come soon, and much more. You can also order caps and t-shirts at CafePress Privacy08. Start a discussion. Hold a meeting. Be creative. Spread the word. You can donate online at epic.org. Support the campaign. Facebook Cause: http://www.epic.org/redirect/fbprivacy08.html Twitter: http://twitter.com/privacy08 CafePress: http://www.cafepress.com/epicorg ======================================================================== E P I C Job Announcement ======================================================================== EPIC is seeking a smart, energetic, creative individual for the position of Staff Counsel Deadline: Jan. 31, 2009 Click here for more details http://www.epic.org/epic/jobs/counsel_1108.html ------------------------- END EPIC Alert 16.01------------------------- .