EPIC logo

=======================================================================
                              E P I C   A l e r t
=======================================================================
Volume 16.02                                          February 10, 2009
-----------------------------------------------------------------------

                                Published by the
                   Electronic Privacy Information Center (EPIC)
                                Washington, D.C.

                 http://www.epic.org/alert/EPIC_Alert_16.02.html

			"Defend Privacy. Support EPIC."
			     http://epic.org/donate


=======================================================================
Table of Contents
=======================================================================
[1] Medical Privacy Moves Forward in Congress
[2] Civil Society Launches Campaign for Privacy Convention
[3] National Academies Report Calls for New Approach to Medical Privacy
[4] President Obama Promotes Open Government
[5] Report - Google Latitude Poses Significant Privacy Risks
[6] News in Brief
[7] EPIC Bookstore: "The Dark Side"
[8] Upcoming Conferences and Events
  	- Subscription Information
  	- Privacy Policy
  	- About EPIC
  	- Donate to EPIC http://www.epic.org/donate

=======================================================================
[1] Medical Privacy Moves Forward in Congress
=======================================================================

The House of Representatives recently adopted the American Recovery and
Reinvestment Act of 2009 which included strong privacy provisions for
the proposed medical health network under Subtitle - D. The last
amended Senate version of the bill also included similar provision. The
House Stimulus Bill amends the Public Health Service Act and the Social
Security Act by adding key definitions. Definitions of "breach,"
"personal health records" and "protected health information" were
clarified. Title 30 of the bill sets up the Office of the National
Coordinator for Health Information Technology with the Department of
Health and Human Services. The National Coordinator is to update the
existing Federal Health IT Strategic Plan to include specific objectives
and milestones.

These objectives include the incorporation of privacy and security
protections for the electronic exchange of individual's identifiable
health information; implementation of security methods to ensure
appropriate authorization and electronic authentication of health
information; specifying technologies for rendering health information
unusable, unreadable, or indecipherable; and strategies to enhance the
use of health information technology in improving the quality of health
care.

The privacy protections also include timeliness and methods of breach
notifications; application of privacy provisions and penalties to
business associates of covered entities; and the restriction on the
sale of medical data. Periodic audits also ensure that covered entities
and business associates adhere to privacy requirements.

The bill mandates the National Coordinator to submit reports to the
legislature on various issues including additional funding or authority,
implementation and impact assessment. The bill also directs the
appointment of a Chief Privacy Officer of the Office of the National
Coordinator to advise on privacy, security, and data stewardship of
electronic health information and coordinate with other agencies and
their personnel.

The Health Information Technology Policy Committee is also established
by the bill to make policy recommendations to the National Coordinator
relating to the implementation of a nationwide health information
technology infrastructure permitting use and exchange of health
information. The Committee is charged with recommending where the
standards, specification and certifications are needed in the realm of
electronic exchange of health information. The areas where the
Committee are required to consider include (1) technologies that
protect the medical privacy and promote security in electronic health
records; (2) a nationwide health information technology infrastructure
that allows accurate electronic exchange of medical information;
(3) the utilization of certified electronic health record;
(4) technologies that renders medical information unusable, unreadable
or indecipherable to unauthorized individuals during network or
physical transmission.

The HIT Standards Committee, set up by the statute, is assigned the
task of recommending to the National Coordinator standards,
implementation specifications and certification criteria. The duties of
the Standards Committee includes standards development, acting as a
forum, and provisions for public inputs. The HIT Standards Committee
recommendations will also have to be published. The bill also goes on
to apply the process of adoption of endorsed standards and specifically
exempts private entities.

Sections of the bill also mandate that agencies promoting quality and
efficient health care in Federal government or sponsored health care
programs to agree that all health care providers and similar entities
utilizes health information technology systems and meet the standards
and specifications adopted under the bill.

The American Recovery and Reinvestment Act of 2009 imposes the
condition that the funds can be appropriated only if the investments or
funds are for products permitting complete and accurate electronic
exchange and use of medical information including standards for
security, privacy, and quality improvement functions that have been
adopted by the Office of the National Coordinator. These provisions
have also been approved in the Senate. Patient Privacy Rights supported
the legislation.

The American Recovery and Reinvestment Act of 2009:
     http://thomas.loc.gov/cgi-bin/bdquery/z?d111:h.r.00001:

Subtitle D - Privacy:
     http://epic.org/privacy/pdf/subtitleDPrivacy.pdf

Encryption requirements under the statute:
     http://epic.org/privacy/pdf/MarkeyAmendment.pdf

Patient Privacy Rights:
     http://www.patientprivacyrights.org/

Senator Leahy's statement on medical privacy:
     http://leahy.senate.gov/press/200901/012709a.html

EPIC's page on Medical Privacy:
     http://epic.org/privacy/medical/default.html



=======================================================================
[2] Civil Society Launches Campaign for Privacy Convention
=======================================================================

On the occasion of the International Privacy Day on January 28, 2009,
the Public Voice urged support for the Council of Europe Privacy
Convention No. 108. The object of the Privacy Convention was to
strengthen the legal protection of individuals with regard to
automatic processing of personal information relating to them. At the
time of its creation, there was an emerging need for such legal rules
in view of the increasing use of computers for administrative purposes.
With the advent of the internet, the transfer of personal data across
nationals borders became prevalent and the need for the protection of
personal information even more necessary.

The Member States of the Council of Europe signed the "Convention for
the Protection of Individuals with regard to Automatic Processing of
Personal Data" in Strasbourg, France on January 28, 1981 with the
objective of securing in the territory of each nation for every
individual, whatever his nationality or residence, respect for his
rights and fundamental freedoms, and in particular his right to
privacy, with regard to automatic processing of personal data
relating to him.

The Public Voice stated that there is very little what consumers can do
today to protect their personal information. If meaningful solutions
are to be developed, the focus must necessarily be on those entities
that are in control of the data concerning the private lives of
persons - the industry and the governments. The key objective is to
motivate people to action - not just checking their privacy settings,
shredding old bank statements or installing a browser extension, but
to raise awareness of why meaningful regulation of privacy and
enforcement of privacy rights are key for the protection of the ability
to control personal information.

At present, forty-one countries have ratified the Council of Europe
Privacy Convention. A coalition organized by the Public Voice is
requesting that national governments support the Council of Europe
Privacy Convention and adopt comprehensive privacy legislation based
on that standard.

In the United States, the US Privacy Coalition launched the campaign
to urge the US Government to support the Council of Europe Privacy
Convention and has proposed a resolution for the U.S. Senate. If
adopted, it would provide a broad framework upon which privacy laws
providing better safeguards could be enacted. According to Net
Dialogue, the "Convention has withstood the test of time by being
adaptive and fairly rigorous. Today the principles of this agreement
are being examined for their applicability to the collection and
processing of biometric data."


The Public Voice:
     http://www.thepublicvoice.org/

International Privacy Day - Facebook:
     http://www.facebook.com/home.php#/event.php?eid=54024777428

Privacy Coalition's Resolution on International Privacy Day:
     http://epic.org/redirect/020909_PrivCoal_Intl_Priv_Day.html

Summary of the Privacy Convention:
     http://conventions.coe.int/Treaty/en/Summaries/Html/108.htm

Background of the Privacy Convention (ETS No. 108):
     http://epic.org/redirect/020909_PrivConv_bckgrnd.html

Text of the Privacy Convention (ETS No. 108):
     http://conventions.coe.int/Treaty/en/Treaties/Html/108.htm

Explanatory Report on the Privacy Convention:
     http://conventions.coe.int/Treaty/en/Reports/Html/108.htm

Ratifications of the Privacy Convention:
     http://epic.org/redirect/020909_CoE_ETS108.html

European Convention on Cybercrime:
     http://epic.org/redirect/020909_CoE_ETS185.html

EPIC's letter to Senate dissuading support for Cybercrime Convention:
     http://epic.org/privacy/intl/senateletter-072605.pdf



=======================================================================
[3] National Academies Report Calls for New Approach to Medical Privacy
=======================================================================

The National Academies called for a new approach to medical record
privacy. "Beyond the HIPAA Privacy Rule: Enhancing Privacy, Improving
Health Through Research" found that the current medical privacy
regulations do not protect privacy and unnecessarily impede health
research. The expert committee recommended Congress authorize the
development of an entirely new approach to protecting personal health
information in research applying privacy, data security, and
accountability standards uniformly to information used in all medical
research regardless the funder or who conducts the research.

The report by the Institute of Medicine, urged all institutions
conducting medical research to improve data protection as data breaches
were a growing threat for health information databases. The experts
suggested that all portable media containing health information,
including laptops, be encrypted.

The experts recommendations took into consideration benefits that both
ethically conducted research as well as privacy protections ensured and
came to the conclusion that the Health Insurance Portability and
Accountability Act was difficult to reconcile with other federal
regulations governing research involving personally identifiable
information.

Among the recommendations, the committee suggested the development of a
new method that focuses on the best practices in privacy, security and
transparency. The committee also suggested the usage of de-identified
medical data in which personal information is removed and unauthorized
re-identification is prohibited by law. Other recommendations included
an ethical oversight in which use of personally identifiable
information without individual consent is necessary.

Finally, the expert committee concluded that to ensure progress in the
nation's health and health care, effective privacy protections must be
implemented in a way that does not hinder health research or inhibit
medical advances. EPIC Director Marc Rotenberg participated in the study
project.



HIPAA Privacy Rule Fails to Adequately Protect Patient Privacy
and Hampers Health Research:
     http://epic.org/redirect/020909_HIPAA_Natl_Acad.html

Report Brief: Beyond the HIPAA Privacy Rule: Enhancing Privacy,
Improving Health Through Research:
     http://epic.org/redirect/020909_HIPAA_Rept_Brf.html

Report: Beyond the HIPAA Privacy Rule: Enhancing Privacy, Improving
Health Through Research:
     http://www.nap.edu/catalog.php?record_id=12458

Institute of Medicine:
     http://www.iom.edu/

Report Brief from the Institute of Medicine:
     http://www.iom.edu/File.aspx?ID=61836



=======================================================================
[4] President Obama Promotes Open Government
=======================================================================

President Obama in his first 24 hours in Office, issued a series of
Executive Orders. One of the Orders dealt with the Freedom of
Information Act (FOIA) activity of federal government agencies. Quoting
Justice Louis Brandeis, President Obama declared "sunlight is the best
disinfectant." President Obama further stated "in our democracy, the
Freedom of Information Act, which encourages accountability through
transparency, is the most prominent expression of a profound national
commitment to ensuring an open Government. At the heart of that
commitment is the idea that accountability is in the interest of the
Government and the citizenry alike."

President Obama declared the Freedom of Information should be
administered with a clear presumption of openness. In response to
Freedom of Information requests, executive branch agencies should
act promptly and in a spirit of cooperation, recognizing that such
agencies are servants of the public. Recognizing that transparency
promotes accountability and information maintained by the Federal
Government is a national asset, President Obama also declared that all
agencies should bring in a culture of open Government. The Executive
Order further directed the agencies to take affirmative steps to make
information public especially using modern technology and not wait for
specific requests.

The President Executive orders also included active collaboration that
engages citizens in the work of their Government, innovation and public
feedback as the bedrock of the new administration. Using knowledge in a
dispersed society, the orders also called for increased opportunities
for citizens to participate in policymaking and to provide the
Government with the benefits of the citizen's collective expertise and
information.

Among other initiatives, the President ordered the Guantanamo Bay U.S.
military prison to be closed within a year and suspension of legal
proceedings against the detainees being held there. In an open letter
by members of Global Openness Community welcoming President Obama's
initiative on transparency, the organizations welcomed the reversal of
recent trends and promote high standards of openness in government.
The groups also called on governments around the world to take
similar action to promote transparency and respect for the right of
access to information. EPIC was one of the groups supporting the
initiative.


The White House Briefing Room: Freedom of Information Act:
     http://www.whitehouse.gov/the_press_office/FreedomofInformationAct

The White House Briefing Room: Transparency and Open Government:
     http://epic.org/redirect/020909_WhiteHouse_Trans_OpenGov.html

Open Letter by Members of Global Openness Community Welcoming
President Obama's Initiative on Transparency:
     http://www.access-info.org/?id=41

EPIC's page on Freedom of Information Act:
     http://epic.org/open_gov/



=======================================================================
[5] Report - Google Latitude Poses Significant Privacy Risks
=======================================================================

Privacy International has identified a major security flaw in Google's
new phone locational tracking service, Google Latitude. It is a new
service that allows smart phones to display user locations on another
smart phone or online through Google iGadget. Once installed, the
application conveys location information through Google Maps. Google
states that Google Latitude is completely "opt-in" and only reports the
last updated location and does not keep a history of previously
reported locations.

However, a number of design flaws has been identified. According to
Privacy International, the Google system lacks adequate safeguards to
protect users from covert opt-in to Latitude's tracking technology.
Anyone with physical access to someone's phone could authorize Google
Latitude without the person's knowledge. Further, someone may be given
a Latitude enabled phone without being informed of Google Latitude's
activation. There is no easy method of discovering the tracking status
of the phone.

Cell phone tracking technology works through the use of identifying the
cell phone towers in the vicinity of the cell phone user. Cell phones
automatically connect to the closest tower based on the strength of the
signal. Each cell location bears a corresponding identification number,
which Google uses to match against a database and approximate the
location of the cell phone. Urban areas have a greater density of
cell phone towers. Therefore, the accuracy of identification of
location increases in cities.

Privacy International also believes that Google has created an
unnecessary danger to the privacy and security of users. It is clear
the company is aware of the need to create a message alert on
Latitude-enabled phones but has chosen to launch the service without
universal access to this safeguard.


Google Latitude - Introduction:
     http://www.google.com/latitude/intro.html

Location Source and Accuracy:
     http://epic.org/redirect/020909_Google_Lat_SrcAcc.html

City Level Location Sharing:
     http://epic.org/redirect/020909_Google_Lat_CityShare.html

Privacy international identifies major security flaw in Google's
global phone tracking system:
     http://epic.org/redirect/020909_PI_Google_Lat.html

EPIC's page on Personal Surveillance:
     http://epic.org/privacy/dv/personal_surveillance.html



=======================================================================
[6] News in Brief
=======================================================================

Supreme Court Refuses to Hear Internet Censorship Appeal

The Supreme Court denied the last appeal of the Government from an
Appeals Court decision that turned down the enforcement of the Child
Online Protection Act (COPA). COPA establishes criminal penalties for
any online commercial distribution of material harmful to minors.
The Appeals Court held COPA unconstitutional on the ground that COPA
made every web communication provider abide by the most restrictive
community's standards." EPIC had challenged the implementation of COPA
over ten years ago and had been fighting the case along with the ACLU
and the EFF. EPIC argued that COPA violated the First Amendment as well
as privacy of the individual on the internet.


Supreme Court Docket:
     http://www.supremecourtus.gov/docket/08-565.htm

Brief for the Government:
     http://www.usdoj.gov/osg/briefs/2000/2pet/7pet/2000-1293.pet.aa.pdf

EPIC's brief in Opposition:
     http://www.epic.org/free_speech/copa/op_cert.pdf

EPIC's page on ACLU v. Mukasey:
     http://epic.org/free_speech/copa/default.html

EPIC's page on Child Online Protection Act:
     http://www.usdoj.gov/osg/briefs/2000/2pet/7pet/2000-1293.pet.aa.pdf



DHS Advisory Committee Issues Recommendations

The DHS Data Privacy and Integrity Advisory Committee made several
recommendations to the new secretary of the Department of Homeland
Security, Janet Napolitano and the Acting Chief Privacy Officer John W.
Kropf. The letter recommended that the operations and structure of the
DHS Privacy Office and addressed privacy issues currently facing the
Department such as E-Verify, Border Search and Seizure of Digital
Information, Comprehensive National Cybersecurity Initiative and REAL
ID. The DHS Data Privacy and Integrity Advisory Committee will meet in
Arlington, Virginia on February 23, 2009. For prior distribution of any
written materials to Committee member or to make oral presentations,
the Executive Director of DHS Data Privacy and Integrity Advisory
Committee is to be sent a copy by February 23, 2009.


The DHS Data Privacy and Integrity Advisory Committee Letter:
     http://epic.org/redirect/020909_DHS_DPIAC_letter.html

Privacy Office - DHS Data Privacy and Integrity Advisory Committee:
     http://www.dhs.gov/xinfoshare/committees/editorial_0512.shtm

Notice of meeting:
     http://edocket.access.gpo.gov/2009/pdf/E9-2318.pdf



Cambridge City Council Blocks Surveillance Camera Activation

The Cambridge City Council in a Policy Order Resolution, No. O-18,
on February 2, 2009 ordered that the installation of security cameras
in the City of Cambridge be halted. The cameras were to be installed
throughout the city under funding from the Department of Homeland
Security for the stated purpose of monitoring evacuation routes. Citing
potential threats to invasion of privacy and individual civil liberties
outweighing any potential benefits in improving public safety, the City
Council went on record opposing the installation of the security
cameras and ordered the City Manager to comply.

Policy Order Resolution, No. O-18, Cambridge City Council:
     http://epic.org/redirect/020909_Cambridge_CC_O18.html

EPIC's page on Video Surveillance:
     http://epic.org/privacy/surveillance/



Surveillance Cameras Pose Privacy Threats

The Privacy Commissioner of Canada and the Information and Privacy
Commissioner for British Columbia declared that surveillance cameras
set up before the 2010 Winter Olympics in Vancouver must not be used to
monitor city residents after the game is over. Highlighting the
situation in Athens, Greece after the 2004 Olympics, the Commissioner
stated how the police used the cameras into a network for surveillance
and thus left a troubling legacy. Holding that safety and security was
of the utmost importance, the Commissioners stated that security at the
Winter Olympics should not take people down the path of a surveillance
society although they may be having "benevolent intentions."

Privacy, Security and the Vancouver 2010 Olympic Games:
     http://www.privcom.gc.ca/speech/2009/sp-d_090202_e.asp

Privacy protection must be part of Vancouver Olympic Games planning,
say federal and B.C. Privacy Commissioners:
     http://www.privcom.gc.ca/media/nr-c/2009/nr-c_090202_e.asp

EPIC's page on Video Surveillance:
     http://epic.org/privacy/surveillance/



House of Lords Committee Finds Growing Use of CCTV Threat to Freedom

The Select Committee on the Constitution of the British House of Lords
issued the Second Report of the Session 2008-09. The report,
"Surveillance: Citizens and the State," described the wide variety of
surveillance in existence including closed-circuit television, the
interception of telecommunications ("wiretapping"), covert activities
by human agents, heat-seeking and other sensing devices, body scans,
and technology for tracking movement. The report stated that Britain
had the highest use of CCTV in the world with around four million
cameras. Lord Harry Woolf, a former Lord Chief Justice, and two former
attorney generals warned of pervasive and routine electronic
surveillance.

Surveillance: Citizens and the State, Select Committee on the
Constitution, House of Lords:
     http://epic.org/redirect/020909_Surveillance_HL_report.html



Government Postpones E-Verify Contractor Rule

The federal government has postponed an earlier DHS order directing
federal employers to use the employment eligibility electronic
verification program, E-Verify. The E-Verify program is a controversial
employment eligibility verification system, operated by the Department
of Homeland Security. EPIC, the Government Accountability Office, the
Social Security Administration's Inspector General, and the CATO
Institute have detailed many shortcomings of E-Verify.


Federal Register, January 14, 2009:
     http://edocket.access.gpo.gov/2009/pdf/E9-651.pdf

EPIC's page on E-Verify:
     http://epic.org/privacy/surveillance/spotlight/0707/default.html



Privacy Problems Plague New White House Web Site

While the public responded very favorably to the announcements from
President Barack Obama, problems with the privacy practices of the new
White House web site where the President's statements are posted emerged.
One columnist noted a tracking feature associated with YouTube that
violated a long-standing rule to limit the use of persistent cookies in
the federal government. Information was collected from even those users
who never clicked the "play" button on the Whitehouse website. The
White House Counsel's office also issued a waiver to allow for the use
of these persistent cookies. However, soon after the blog, the embedded
videos were changed to linked pictures which limited the risk of
cookies to those who only played the video. Additionally, a link was
added to download the videos and bypass the cookies altogether.

The White House:
     http://www.whitehouse.gov

The White House Online Privacy Policy:
     http://www.whitehouse.gov/privacy/

White House exempts YouTube from privacy rules:
     http://news.cnet.com/8301-13739_3-10147726-46.html

White House acts to limit YouTube cookie tracking:
     http://news.cnet.com/8301-13739_3-10148844-46.html

EPIC's page on Cookies:
     http://epic.org/privacy/internet/cookies/


=======================================================================
[7] EPIC Bookstore: "The Dark Side"
=======================================================================

"The Dark Side: The Inside Story of How the War on Terror Turned Into
a War on American Ideals"
by Jane Mayer

     http://www.powells.com/biblio/2-9780385526395-1?&PID=24075

The new President, Barack Obama, has come into Washington vowing to
battle Islamic-extremist terrorism in a new way based on mutual
respect, and has ordered the closing of Guantanamo Bay detention
center and the C.I.A. secret prisons. So, now may be a good time to
read a recap of the motivations and methods of the "War on Terror"
pursued by the George W. Bush administration since September 11, 2001.
The Dark Side is the story of the long-held desires of men such as
Dick Cheney and other conservative ideologues to implement a new
constitutional framework based on the "unitary executive" that allowed
for the establishment of new methods of waging war such as
extraordinary renditions, torture or "enhanced interrogations," and
secret "black site" prisons. These disturbing methods of counter-
terrorism intelligence gathering were, according to the author,
created not so much a response to 9/11. Instead, the leaders of this
nation used that day's events as a rationale for a harsher way of
dealing with threats - a way that was illegal and unconstitutional
in all but the most Orwellian of interpretations.

The book is an outright condemnation of torture not only because it
is illegal under international law and inhumane, but also because
little data exists that is effective at gathering accurate
intelligence. In the end, the author considers the Bush "War on
Terror" as probably the most aberrant response to a security threat
ever supported as official U.S. government policy. That individuals,
at first, queued up to volunteer as lawyers to draft legal
justifications, as agents to commit torture, and as scientists to
perfect the heinous methods of interrogation certainly says much
about the darker side of human nature - making the title of the
book apt. However, the book details a second war that was
simultaneously going on within the executive branch agencies and the
military by career employees repulsed by the shift towards
illegality as official policy. These individuals highlight the good
side of human nature, and give rise for hope that even in the darker
periods of national panic and fear some more rationale voices of
reason remain. 

The Dark Side is a valuable addition to anyone's library that seeks
to understand the past eight years – as unfortunately, "those that fail
to learn from history, are doomed to repeat it."

by Nicholas Janney



================================
EPIC Publications:

"Litigation Under the Federal Open Government Laws 2008," edited by
Harry A. Hammitt, Marc Rotenberg, John A. Verdi, and Mark S. Zaid
(EPIC 2008). Price: $60.

http://epic.org/bookstore/foia2008/
	
Litigation Under the Federal Open Government Laws is the most
comprehensive, authoritative discussion of the federal open access
laws. This updated version includes new material regarding the
substantial FOIA amendments enacted on December 31, 2007. Many of the
recent amendments are effective as of December 31, 2008. The standard
reference work includes in-depth analysis of litigation under Freedom
of Information Act, Privacy Act, Federal Advisory Committee Act,
Government in the Sunshine Act. The fully updated 2008 volume is the
24th edition of the manual that lawyers, journalists and researchers
have relied on for more than 25 years. 

================================

"Information Privacy Law: Cases and Materials, Second Edition" Daniel
J. Solove, Marc Rotenberg, and Paul Schwartz. (Aspen 2005). Price: $98.

http://www.epic.org/redirect/aspen_ipl_casebook.html

This clear, comprehensive introduction to the field of information
privacy law allows instructors to enliven their teaching of fundamental
concepts by addressing both enduring and emerging controversies. The
Second Edition addresses numerous rapidly developing areas of privacy
law, including: identity theft, government data mining and electronic
surveillance law, the Foreign Intelligence Surveillance Act,
intelligence sharing, RFID tags, GPS, spyware, web bugs, and more.
Information Privacy Law, Second Edition, builds a cohesive foundation
for an exciting course in this rapidly evolving area of law.

================================

"Privacy & Human Rights 2006: An International Survey of Privacy Laws
and Developments" (EPIC 2007). Price: $75.
http://www.epic.org/phr06/

This annual report by EPIC and Privacy International provides an
overview of key privacy topics and reviews the state of privacy in over
75 countries around the world. The report outlines legal protections,
new challenges, and important issues and events relating to privacy.
Privacy & Human Rights 2006 is the most comprehensive report on privacy
and data protection ever published.

================================

"The Public Voice WSIS Sourcebook: Perspectives on the World Summit on
the Information Society" (EPIC 2004). Price: $40.

http://www.epic.org/bookstore/pvsourcebook

This resource promotes a dialogue on the issues, the outcomes, and the
process of the World Summit on the Information Society (WSIS). This
reference guide provides the official UN documents, regional and
issue-oriented perspectives, and recommendations and proposals for
future action, as well as a useful list of resources and contacts for
individuals and organizations that wish to become more involved in the
WSIS process.

================================

"The Privacy Law Sourcebook 2004: United States Law, International Law,
and Recent Developments," Marc Rotenberg, editor (EPIC 2005). Price:
$40.

http://www.epic.org/bookstore/pls2004/

The Privacy Law Sourcebook, which has been called the "Physician's Desk
Reference" of the privacy world, is the leading resource for students,
attorneys, researchers, and journalists interested in pursuing privacy
law in the United States and around the world. It includes the full
texts of major privacy laws and directives such as the Fair Credit
Reporting Act, the Privacy Act, and the OECD Privacy Guidelines, as well
as an up-to-date section on recent developments. New materials include
the APEC Privacy Framework, the Video Voyeurism Prevention Act, and the
CAN-SPAM Act.

================================

"Filters and Freedom 2.0: Free Speech Perspectives on Internet Content
Controls" (EPIC 2001). Price: $20.

http://www.epic.org/bookstore/filters2.0

A collection of essays, studies, and critiques of Internet content
filtering. These papers are instrumental in explaining why filtering
threatens free expression.

================================

EPIC publications and other books on privacy, open government, free
expression, crypto and governance can be ordered at:

EPIC Bookstore
http://www.epic.org/bookstore

"EPIC Bookshelf" at Powell's Books
http://www.powells.com/bookshelf/epicorg.html

================================

EPIC also publishes EPIC FOIA Notes, which provides brief summaries of
interesting documents obtained from government agencies under the
Freedom of Information Act.

Subscribe to EPIC FOIA Notes at:
https:/mailman.epic.org/mailman/listinfo/foia_notes


=======================================================================
[8] Upcoming Conferences and Events
=======================================================================

Department of Homeland Security Data Privacy and Integrity Advisory
Committee, Public Meeting, 9:00a.m. - noon, and 1:30p.m. to 4:00p.m.
February 26, 2009 at Galleries I and II of the Hilton Arlington
Hotel, 950 North Stafford Street, Arlington, Virginia
For more information,
http://edocket.access.gpo.gov/2009/pdf/E9-2318.pdf

2009 Freedom Forum Freedom of Information conference:
"Freedom and Information: Looking Back and Looking Forward,"
11th annual National FOI Day Conference, Freedom Forum’s Newseum,
March 13, 2009.
Contact: ahampton@freedomforum.org or call 202/292-6288

The IAPP Privacy Summit 2009 will be held between March 11-13, 2009,
at Washington, D.C. For more information, http://www.privacysummit.org

"Conference on International Aspects of Securing Personal Data,"
The Federal Trade Commission, Washington, D.C., March 16-17, 2009.
For more information, http://ftc.gov/opa/2008/12/datasec.shtm

Notice and Request for Public Comments by the Federal Trade Commission
on Digital Rights Management Technologies.
Event: Wednesday, March 25, 2009, Seattle, WA.
For more information,
http://www.ftc.gov/bcp/workshops/drm/index.shtml

"2nd Privacy OS Conference," MediaCentre, Berlin, Germany, April 1-3,
2009. For more information, http://www.privacyos.eu

"THE FUTURE OF PRIVACY: What’s Next?" - a one day seminar.
April 28, 2009, Cartier Suites Hotel, 180 Cooper Street,
Ottawa, Canada. For more information,
http://www.rileyis.com/seminars/

"2nd Annual Research Symposium for the Identity, Privacy and
Security Initiative," , May 6, 2009, University of Toronto.
For more information, http://www.ipsi.utoronto.ca/site4.aspx

IEEE Symposium on Security and Privacy, May 17-20, 2009,
The Claremont Resort, Oakland, California. For more information,
http://oakland09.cs.virginia.edu/

Web 2.0 Security & Privacy 2009, Thursday, May 21,
The Claremont Resort, Oakland, California. For more information,
http://w2spconf.com/2009/

Computers, Freedom, and Privacy, 19th Annual Conference, Washington,
D.C., June 1-4, 2009. For more information,
http://www.cfp2009.org/wiki/index.php/Main_Page


"The Transformation of Privacy Policy," Institutions, Markets
Technology Institute for Advanced Studies (IMT)Lucca, Italy, July 2-4,
2009.


=======================================================================
Subscription Information
=======================================================================

Subscribe/unsubscribe via web interface:
https://mailman.epic.org/mailman/listinfo/epic_news

Back issues are available at:
http://www.epic.org/alert


The EPIC Alert displays best in a fixed-width font, such as Courier.

=======================================================================
Privacy Policy
=======================================================================

The EPIC Alert mailing list is used only to mail the EPIC Alert and to
send notices about EPIC activities. We do not sell, rent or share our
mailing list. We also intend to challenge any subpoena or other legal
process seeking access to our mailing list. We do not enhance (link to
other databases) our mailing list or require your actual name.

In the event you wish to subscribe or unsubscribe your e-mail address
from this list, please follow the above instructions under "subscription
information."

=======================================================================
About EPIC
=======================================================================

The Electronic Privacy Information Center is a public interest research
center in Washington, DC. It was established in 1994 to focus public
attention on emerging privacy issues such as the Clipper Chip, the
Digital Telephony proposal, national ID cards, medical record privacy,
and the collection and sale of personal information. EPIC publishes the
EPIC Alert, pursues Freedom of Information Act litigation, and conducts
policy research. For more information, see http://www.epic.org or write
EPIC, 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009. +1 202
483 1140 (tel), +1 202 483 1248 (fax).

=======================================================================
Donate to EPIC
=======================================================================

If you'd like to support the work of the Electronic Privacy Information
Center, contributions are welcome and fully tax-deductible. Checks
should be made out to "EPIC" and sent to 1718 Connecticut Ave., NW,
Suite 200, Washington, DC 20009. Or you can contribute online at:

http://www.epic.org/donate

Your contributions will help support Freedom of Information Act and
First Amendment litigation, strong and effective advocacy for the right
of privacy and efforts to oppose government regulation of encryption and
expanding wiretapping powers.

Thank you for your support.




------------------------- END EPIC Alert 16.02-------------------------

.