======================================================================= E P I C A l e r t ======================================================================= Volume 16.07 April 13, 2009 ----------------------------------------------------------------------- Published by the Electronic Privacy Information Center (EPIC) Washington, D.C. http://www.epic.org/alert/EPIC_Alert_16.07.html "Defend Privacy. Support EPIC." http://epic.org/donate ======================================================================= Table of Contents ======================================================================= [1] Whole-Body Imaging Set to Replace Metal Detectors at Airports [2] EU Commissioner Wants Consumer Rights to Adapt to Technology [3] US Trade Representative Office Releases ACTA Information [4] Five Country Study Finds Diminished Protection for Anonymity [5] Justice Department Publishes Annual Report on Internet Crime [6] News in Brief [7] EPIC Bookstore: Online Identity Theft [8] Upcoming Conferences and Events - Join EPIC on Facebook http://epic.org/facebook - Subscription Information - Privacy Policy - About EPIC - Donate to EPIC http://epic.org/donate ======================================================================= [1] Whole-Body Imaging Set to Replace Metal Detectors at Airports ======================================================================= The Transportation Security Administration has decided to replace the walkthrough metal detectors at airports with whole body imaging devices. Such devices enable a virtual strip search that produces detailed naked images of individuals, including females and young children. The technology provides little additional security beyond other screening techniques, including magnetometers, physical examination, and baggage inspection. It is an extraordinarily invasive technique that is disproportionate to its use. EPIC had recommended that the future funding of this program should be suspended. According to a report in the New York Times on April 6, 2009, Robin Kane, Acting Assistant administrator, Office of Process Technology, stated that "initial results from pilot tests at some checkpoints at 19 airports in the United States" was positive and the TSA wanted the devices to become the standard checkpoint detectors replacing the metal detectors. Kane has also stated that passengers had given positive feedback. The TSA had initially announced that millimeter wave passenger imaging technology would be a voluntary alternative to a pat-down during secondary screening. Earlier, in February this year, the TSA changed its stance by stating that the use of millimeter wave technology would be the default but it would continue to give the option of metal detector screening and a pat-down searches to passengers who do not wish to receive the millimeter wave screening. Although the TSA has stated that privacy is ensured through the anonymity of the image and it would never be stored, transmitted or printed, and it will be "deleted" immediately once viewed, the FAQs for the Secure 1000, one of the scanner models, state that the images acquired with the system can be saved on the system's hard disk or transferred to floppy disk for training and legal documentation and the stored images can be recalled and viewed on the system monitor or on any IBM compatible personal computer with color graphics. The Fact Sheet for the ProVision Whole Body Imager from September last year states that the scanner would soon to be deployed at Miami, Las Vegas, Atlanta, Indianapolis, La Guardia, Tampa, Newark, San Juan and O'Hare airports. Earlier this year, President Obama had signed the American Recovery & Reinvestment Act which contained a grant of $1 Billion for Aviation Security. The law granted the sum for the "procurement and installation of checked baggage explosives detection systems and checkpoint explosives detection equipment." Thereafter, the Secretary for the Department of Homeland Security, Janet Napolitano testified before the House Committees on Homeland Security. In her testimony, she stated that a directive had been issued towards reviewing transportation security. In October last year, while adopting a resolution on allowing the use body-scanners for the screening of persons, Members of the European Parliament stated that the draft measure could not be considered mere technical measures related to security as they have a serious impact on the fundamental rights of citizens and conditions for a decision had not been met due to lack of information. Attention was drawn to the fact that the technology had the potential to force air passengers to undergo "undignifying treatment" and the possible storage of data. The Members also asked the Commission to carry out a fundamental rights impact assessment as well as consult with the European Data Protections Supervisor, Article 29 Working Party and the EU Fundamental Rights Agency. TSA - Whole Body Imaging: http://www.tsa.gov/approach/tech/body_imaging.shtm Joe Sharkey, Whole-Body Scans Pass First Airport Tests, April 6, 2009: http://www.nytimes.com/2009/04/07/business/07road.html Electromax International, Inc. Rapiscan Secure 1000 FAQ's: http://www.electromax.com/rapiscan%20secure%201000%20faq.html TSA Tests Second Passenger Imaging Technology: http://www.tsa.gov/press/releases/2007/press_release_10112007.shtm TSA Continues Millimeter Wave Passenger Imaging Technology Pilot: http://www.tsa.gov/press/happenings/mwave_continues.shtm ProVision Whole Body Imager Fact Sheet: http://www.dsxray.com/pdf/ProVisionFactSheetSEPT08.pdf ProVision Whole Body Imager FAQs: http://www.dsxray.com/pdf/ProVisionFAQSEPT08.pdf Testimony of Secretary Napolitano: http://www.dhs.gov/ynews/testimony/testimony_1235577134817.shtm Body Scanners at airports: MEPs say that fundamental rights are under threat: http://epic.org/redirect/041309_EU_MEP_BodyScanner.html Draft EC Regulation Supplementing the Common Basic Standards on Civil Aviation Security [Annex to Regulation (EC) No. 300/2008]: http://epic.org/redirect/041309_EC_DraftResoAviation.html Spotlight on Surveillance- Plan to X-Ray Travelers Should Be Stripped of Funding: http://epic.org/privacy/surveillance/spotlight/0605/ EPIC's Page on Air Travel Privacy: http://epic.org/privacy/airtravel/ X-Ray Backscatter Technology and Your Personal Privacy: http://www.tsa.gov/research/privacy/backscatter.shtm TSA's page on Backscatter: http://www.tsa.gov/approach/tech/backscatter.shtm ======================================================================= [2] EU Commissioner Wants Consumer Rights to Adapt to Technology ======================================================================= The European Union Commissioner for Consumer Affairs, Meglena Kuneva, delivered a keynote speech at the Roundtable on Online Data Collection, Targeting and Profiling. Concerned over the explosion in the volume of collected personal data and its use for commercial purposes, the Commissioner called for a discussion on the newer business models that employed commercial profiling and targeting. Commissioner Kuneva agreed that consumer policy needed to go beyond the mere elimination of use of personally identifiable information. Calling personal data "the new oil of the internet and the new currency of the digital world," the stress was laid on the need to promote trust and confidence that will encourage people to participate in new opportunities that grow and evolve online. Commissioner Kuneva agreed that tools to balance the interests of businesses and consumers should be developed and called for the respect of users' right to control their public exposure; and the obligation to protect them against abusive and risky practices. The Commissioner also stated a need for constructive dialog for a common understanding of the rules for a better market environment. Firstly, the Commissioner addressed the issue of privacy policies and a clear need to reassert users' trust by being more transparent about data collection activities. She stated that paying for services with personal data and exposure to ads amounted to a new form of commercial exchange contractually established by the privacy policy. Privacy policies must adhere to the same fairness and transparency standards that are commonly accepted in commercial contracts. Commissioner Kuneva also wanted privacy policies to contain clear language, opt-in or opt-out options that are meaningful and easy to use. Another area of concern in the speech was commercial communications and the collection of data by the websites which led to profiling. Ensuring that commercial communications should comply with the law, Commissioner Kuneva stated that such communications could not deceive, mislead or amount to excessive pressure. She further wanted to address the blurring of commercial and non-commercial communications when a seemingly innocuous advertisement was actually a result of detailed profiling. The Commissioner for Consumer Affairs agreed that the increase in personal information online resulted in increased access to customized services. However, she warned that such information could also reveal the degree of interest of the consumer and the likelihood of payment. The service could then be used to extract the maximum price possible or to block access from certain services resulting in commercial discrimination. Expressing the need of trust from users, Commissioner Kuneva invited the industry in developing a framework to apply consumer policy rules in establishing principles of acceptable behavior. She referred to the statement of the Chairman of US Federal Trade Commission and agreed that reliance on the industry to improve the situation did not amount to regulatory retreat, but rather a last chance given to businesses to improve the situation. She closed her speech saying that consumer rights must adapt to technology and not be crushed by it and the current situation with regard to privacy, profiling and targeting was not satisfactory. Meglena Kuneva, European Consumer Commissioner: http://ec.europa.eu/commission_barroso/kuneva/index_en.htm Roundtable: Keynote Speech at Brussels, March 31, 2009: http://epic.org/redirect/041309_ECCA_Meglena_Roundtable.html European Consumer Summit 2009, Brussels, 2 April 2009: http://epic.org/redirect/041309_ECCA_Meglena_ConsumerSummit.html EPIC's page on Network Advertising Initiative: Principles not Privacy: http://epic.org/privacy/internet/NAI_analysis.html EU Consumer Affairs: http://ec.europa.eu/consumers/index_en.htm ======================================================================= [3] US Trade Representative Office Releases ACTA Information ======================================================================= The Office of the U.S. Trade Representative released a summary of the current state of the Anti-Counterfeiting Trade Agreement negotiations. Previously, the USTR had deemed the negotiation texts classified in the interest of National Security pursuant to Executive Order 12958. The objective of the ACTA negotiations is to draft a new, state-of-the art agreement to combat counterfeiting and piracy. The United States has been working with several trading partners, including Australia, Canada, the European Union and its 27 member states, Japan, Mexico, New Zealand, Singapore, South Korea, and Switzerland, to negotiate the agreement. The ACTA is intended to prevent the proliferation of counterfeit and pirated goods in international trade which poses an ever-increasing threat to the sustainable development of the world economy. However, the illegal trade causes significant losses for the right-holders and legitimate businesses. The released summary states that although various groups had requested more information on the substance of the negotiations and disclosure of the draft, it is accepted practice during trade negotiations among sovereign states to not share negotiating texts with the public at large. In October last year, Senators Patrick Leahy and Arlen Specter of the Senate Judiciary Committee expressed concern that the Anti- Counterfeiting Trade Agreement may not have been drafted with sufficient flexibility and could limit Congress's ability to make appropriate refinements to intellectual property law in the future. The senators questioned the lack of transparency and the quick deliberations accompanying the negotiations. In a letter to the U.S. Trade Representative Susan Schwab, the senators asked that the liability of service providers or technological protection measures be left out from the agreement. The letter also warned of a possibility of a Significant impact in intellectual property protections taking effect without formal Congressional involvement. ACTA was announced in October 2007, but the lack of transparency in the negotiating process and a leaked discussion paper have caused alarm among consumer rights groups and two of them have submitted a Freedom of Information request in June last year asking for all the records. In September 2008, EPIC alerted readers about public interest NGO's expressing concern about the ACTA Draft Treaty and the possibility of policies that may limit legitimate business activity, the participative web, and e-government service delivery. Additionally, The OECD Civil Society Seoul Paper recommended that governments protect their citizens' privacy rights by upholding the foundational principle that ISPs and Internet intermediaries are not required to monitor communications on their networks under any circumstances. Also, the Paper highlights the importance of the end-to-end principle that is central to the Internet's open architecture and conducive to innovation. In March, the European Parliament had urged the European Commission to release documents pertaining to the ACTA discussions. USTR ACTA Summary: http://epic.org/redirect/041309_ACTA_Summary.html Announcement of ACTA: http://epic.org/redirect/101008_USTR_acta.html Senators' letter to USTR: http://ip-watch.org/files/acta_letter.pdf Announcement of ACTA: http://epic.org/redirect/101008_USTR_acta.html OECD Civil Society Seoul Declaration on ACTA (open for signature): http://www.petitiononline.com/iccp/petition.html OECD Civil Society Background Paper (Section 2.2): http://thepublicvoice.org/events/seoul08/cs-paper.pdf Wikileaks: ACTA discussion paper: http://epic.org/redirect/091308_ActaDiscussion.html Letter to Anti-counterfeiting Trade Agreement Negotiators: http://epic.org/redirect/091308_ActaAgreement.html Access to Documents: The European Parliament Demands More Transparency: http://epic.org/redirect/031709_EuroParlACTA.html EPIC Alert 15.18 ACTA article: http://epic.org/alert/EPIC_Alert_15.18.html#acta EPIC - Open Government: http://epic.org/open_gov/ ======================================================================= [4] Five Country Study Finds Diminished Protection for Anonymity ======================================================================= Five Country Study Finds Diminished Protection for Anonymity A new study by leading scholars from the USA, Canada, UK, Netherlands and Italy has revealed that laws are reinforcing technology's ability to undermine the anonymity of citizens. The project brought together North American and European research talent from varying disciplines and sectors. The twenty-three participants on the team included a distinguished array of philosophers, ethicists, feminists, cognitive scientists, lawyers, cryptographers, engineers, policy analysts, government policy makers, privacy experts, business leaders, blue chip companies, and successful start-ups. Our research partners include institutions in the public, private and not-for-profit sectors. The study, which was unveiled on April 8th in Ottawa, revealed the scant protection of anonymity, a preference for laws requiring people to be identified and an increasing encroachment of the law into areas where there were previously no rules prohibiting anonymity. The research findings are outlined in the recently published book, "Lessons from the Identity Trail: Anonymity, Privacy and Identity in a Networked Society." The authors were part of a collaborative research initiative, On the Identity Trail. The project consisted of three streams: (1) Nature and Value of Identity, Anonymity and Authentication; (2) Constitutional and Legal Aspects of Anonymity; and (3) Technologies that Identify, Anonymize and Authenticate. The specific aims of the project was to have an impact on the public and private sector, the individual as a consumer, and the individual as citizen, affecting the way the public communicates and transacts business with one another, the moral discourse, and the approach to law reform and social policy. The project desired to influence a variety of research outcomes across the social sciences and humanities, in the fields of law and policy, and within the technology sector. The scholars stated that the exercise of privacy rights involves the capacity to control personal information, which often requires citizens to gain access to information about themselves and government. Part of the project, which is still ongoing involves collecting and analyzing empirical data about how people experience anonymity online, what it means to them and the behavioral implications of their perceived anonymity online and off. EPIC was a partner in the project. Lessons from the Identity Trail: Anonymity, Privacy and Identity in a Networked Society: http://idtrail.org/content/view/799 EPIC's Role in the Anonymity Project: http://www.idtrail.org/content/view/54/33/ EPIC's page on Free Speech and Anonymity: http://epic.org/free_speech/default.html#anonymity EPIC's page on Internet Anonymity http://epic.org/privacy/anonymity/ Amazon Bookstore - "Lessons from the Identity Trail": http://www.amazon.com/gp/product/0195372476?ie=UTF8&tag=e03a6-20 ======================================================================= [5] Justice Department Publishes Annual Report on Internet Crime ======================================================================= The Internet Crime Complaint Center has published the 2008 Internet Crime Report. It is the eighth annual compilation of information on complaints received and referred by the IC3 to law enforcement or regulatory agencies for appropriate action. The IC3 is a result of a partnership between the Justice Department and the National White Collar Crime Center. The IC3 gives cybercrime victims a reporting mechanism that alerts authorities of suspected criminal or civil violations. The results provide a study of key characteristics of complaints, perpetrators, complainants, interactions between the complainants and the perpetrators, and success stories involving complainants referred by IC3. In 2008, the number of complaints increased by 33 percent to 275,284. The filings were primarily related to fraudulent and non-fraudulent issues on the Internet. The complainants were from all fifty states and in dozens of countries worldwide. The report lists non-delivery of merchandise as the highest committed crime at 28.6 percent, followed by auction fraud at 16.3 percent and confidence fraud at 14.4 percent. The credit/debit card fraud has been significantly reduced to 4.7 percent with a median loss per complainant at $223.00 The report provided statistics on reported perpetrator location - over 75 percent of the perpetrators were male and over half resided in California, Florida, New York, Texas, Washington, and the District of Columbia. Internationally, perpetrator locations have been identified as the United Kingdom, Nigeria, Canada, Romania and Italy. The vast majority of the victims were contacted by the culprits by email or through websites. The United States led the list with the highest number of criminals at 66.1 percent followed by the UK at 10.5 percent. The top countries having the maximum number of victims were the United States, Canada, United Kingdom, Australia, India and France. The majority of the scams reported to the IC3 consisted of fraudulent, unsolicited e-mails for committing identity theft. Another scam reported was the use of combined computer intrusion techniques with social engineering with fraudsters gaining unauthorized access to email accounts. Overpayment scams also featured in the report where victims received payments through fraudulent instruments but were asked to return the excess before clearing of the original instrument. The report states that the best way to guard against Internet related crimes was to stay informed on the latest modus operandi of the criminals which may enable users to recognize and report the scams. An effective method of learning about these scams was to periodically check the websites of IC3, FBI and the FTC for the latest updates. According to the report, the data indicated instances of cybercrime were on the increase and the research indicated that only one in seven incidents of fraud ever made their way to the attention of enforcement or regulatory agencies. However, the report also warned that the statistics provided only a snapshot of the prevalence and impact of Internet fraud and did not represent all victims of Internet crime, or fraud in general as it relied solely on the filing of complaints. The report is intended to enhance public knowledge about the scope and prevalence of Internet crime in America. The 2008 Internet Crime Report: http://www.ic3.gov/media/annualreport/2008_IC3Report.pdf Internet Crime Complaint Center (IC3): http://www.ic3.gov/default.aspx National White Collar Crime Center (NW3C): http://www.nw3c.org Bureau of Justice Assistance (BJA): http://www.ojp.usdoj.gov/BJA FBI - Cyber Investigations: http://www.fbi.gov/cyberinvest/cyberhome.htm Federal Trade Commission: Identity Theft: http://www.ftc.gov/bcp/edu/microsites/idtheft EPIC's Page on Identity Theft: http://epic.org/privacy/idtheft/ ======================================================================= [6] News in Brief ======================================================================= Federal Trade Commission to Review EPIC Cloud Computing Complaint The Federal Trade Commission has agreed to review EPIC's March 17, 2009 complaint, which describes Google's unfair and deceptive business practices concerning the firm's Cloud Computing Services. The letter advises that all FTC investigations remain non-public until a decision is made to issue a formal complaint or the investigation is closed. EPIC's complaint describes numerous data breaches involving user- generated information stored by Google, including the breach of Google Docs early last month. EPIC's complaint "raises a number of concerns about the privacy and security of information collected from consumers online," the federal agency said. EPIC urged the Commission to take "such measures as are necessary" to ensure the safety and security of information submitted to Google. Previous EPIC complaints have led the Commission to order Microsoft to revise the security standards for Passport and to require Choicepoint to change its business practices and pay $15 million in fines. FTC letter to EPIC: http://epic.org/privacy/cloudcomputing/google/031809_ftc_ltr.pdf EPIC's complaint to FTC on Google Cloud Computing Services: http://epic.org/privacy/cloudcomputing/google/ftc031709.pdf In re Google and Cloud Computing: http://epic.org/privacy/cloudcomputing/google/ EPIC's Page on Cloud Computing: http://epic.org/privacy/cloudcomputing/default.html Red Flags Rule Guide Issued by the Federal Trade Commission The Federal Trade Commission issued guidelines for helping businesses comply with the new identity theft prevention requirements as required under the FTC Red Flag Rules. The rules are intended to spur better identification of patterns and activities that are "red flags" signaling identity theft. The Commission will begin enforcing the "red flags" rule on May 1, 2009. The rules require financial institutions and creditors to maintain identity theft prevention programs that identify, detect, and respond to patterns, practices, or specific activities that could indicate identity theft. Such patterns and activities include: alerts, notifications, or warnings from a consumer reporting agency; suspicious documents; suspicious personally identifying information, such as a suspicious address; unusual use of - or suspicious activity relating to - a covered account; and notices from customers, victims of identity theft, law enforcement authorities, or other businesses about possible identity theft in connection with covered accounts. The rules are intended to curb identity theft, which consumers consistently cite as a top concern, and which results in billions of dollars in losses each year. The federal rules were developed pursuant to the Fair and Accurate Credit Transactions Act of 2003. FTC Red Flags Guide and other documents: http://www.ftc.gov/redflagsrule FTC Grants Delay in Enforcement of "Red Flags" ID Theft Rules, October 22, 2008: http://www.ftc.gov/opa/2008/10/redflags.shtm FTC Enforcement Policy Statement Regarding "Red Flags" ID Theft Rules, October 22, 2008: http://www.ftc.gov/os/2008/10/081022idtheftredflagsrule.pdf EPIC's Testimony in Congress Regarding the Fair and Accurate Credit Transactions (FACTA) Act of 2003, July 9, 2003: http://epic.org/privacy/fcra/2622testimony.html FTC Business Alert to Companies Covered by "Red Flags" ID Theft Rule, June 2008: http://www.ftc.gov/bcp/edu/pubs/business/alerts/alt050.shtm EPIC's Page on Identity Theft: http://epic.org/privacy/idtheft Drug Companies Petition Supreme Court in Medical Privacy Case In November 2008, the First Circuit Court of Appeals upheld a New Hampshire law that banned the sale of prescriber-identifiable prescription drug data for marketing purposes. Now, the prescription mining companies IMS Health Inc. and Verispan LLC have filed cert. petitions before the U.S. Supreme Court praying for a reversal of the Appeals Court arguing that the New Hampshire law prohibited a class of speech which constituted an evaluation and publication of important factual information that was protected under the First Amendment to the US Constitution. In August 2008, EPIC and 16 experts in privacy and technology filed a "friend of the court" brief urging the federal appellate court to reverse a lower court ruling that delayed enforcement of the New Hampshire Prescription Confidentiality Act. The experts said the lower court should be reversed because there is a substantial privacy interest in patient data that the lower court failed to consider. The New Hampshire Attorney General also defended the law, calling pharmaceutical representatives "invisible intruder[s] in the physician's examination room." Data mining companies challenged the law, claiming that the privacy measure violated their free speech rights. IMS Health cert. petition - U.S. Supreme Court: http://www.imshealth.com/scpetition First Circuit Court of Appeals decision: http://epic.org/privacy/imshealth/11_18_08_order.pdf EPIC's friend of the court brief: http://epic.org/privacy/imshealth/epic_ims.pdf New Hampshire Prescription Confidentiality Act: http://www.gencourt.state.nh.us/legislation/2006/HB1346.html EPIC's Page on IMS Health v. Ayotte: http://epic.org/privacy/imshealth/ New Report on Identity Theft Debates the Costs of Services Consumer Federation of America recently published a report analyzing the costs of for-profit identity theft services. The report found that descriptions of services were often confusing, unclear, and unambiguous. Also, the services may not always offer the protection that consumers were led to believe they would get. The new report, "To Catch a Thief: Are Identity Theft Services Worth the Cost?" explores the types of services in the market, the fees charged, the descriptions, the claims of benefits, and whether the performance of the services can be carried out by the consumers themselves. The CFA recommended ten steps to protect personal information and detect fraud. The CFA also found some practices it considered "troublesome" including overbroad assertions by identity theft services websites. The organization expressed a strong preference for discouraging services from requesting consumers' free annual reports on their behalf and believed that consumers should have stronger rights regarding their credit reports. CFA Press Release: http://www.consumerfed.org/pdfs/ID_theft_study_PR_3-18-09.pdf To Catch a Thief: Are Identity Theft Services Worth the Cost? http://www.consumerfed.org/pdfs/ID_THEFT_REPORT.pdf EU Approves Amendment to e-Privacy Directive The European Parliament ratified amendments to the EU e-Privacy Directive (2002/58/EC) which requires websites to ensure the consent of the user before storing information on a computer or accessing user information already stored on a computer. The amendment requires operators to clearly inform users that the site uses a cookie. The amendment also empowers the Commission to adopt measures on the security of data processing. The amendment directs that when adopting such measures, the Commission should consult all relevant European authorities and organizations, such as ENISA, the European Data Protection Supervisor and the Article 29 Working Party in order to be informed of the best available technical and economic methods for improving the implementation of Directive 2002/58/EC. Draft Recommendation for Second Reading: http://epic.org/redirect/041309_EU_e-Privacy_Amend.html Directive 2002/58/EC on data protection and privacy: http://epic.org/redirect/091208_eu.html Article 29 Working Party: http://epic.org/redirect/040109_A29WP.html European Network and Information Security Agency: http://www.enisa.europa.eu/ ======================================================================= [7] EPIC Bookstore: Online Identity Theft ======================================================================= "Online Identity Theft" by Organization for Economic Co-operation and Development (OECD) http://www.amazon.com/gp/product/9264056580?tag=e03a6-20 The growth of Internet and e-commerce has taken ID theft to new levels. Using widely available Internet tools, thieves trick unsuspecting computer users into providing personal data, which they then use for illicit purposes. The potential for fraud is a major hurdle in the evolution and growth of online commerce. E-payment and e-banking services -- the focus of this book -- suffer substantially from public mistrust. Given the growth of online ID theft, many OECD member countries have taken steps to ensure that consumers and Internet users are adequately protected. These steps encompass various measures: consumer and user-awareness campaigns, new legislative frameworks, private-public partnerships, and industry-led initiatives focused on technical responses. According to the OECD, the purpose of this report is threefold: to define ID theft, both online and off-line, and to study how it is perpetrated; to outline what is being done to combat the major types of ID theft; and to recommend specific ways that ID theft can be addressed in an effective, global manner. ================================ EPIC Publications: "Litigation Under the Federal Open Government Laws 2008," edited by Harry A. Hammitt, Marc Rotenberg, John A. Verdi, and Mark S. Zaid (EPIC 2008). Price: $60. http://epic.org/bookstore/foia2008/ Litigation Under the Federal Open Government Laws is the most comprehensive, authoritative discussion of the federal open access laws. This updated version includes new material regarding the substantial FOIA amendments enacted on December 31, 2007. Many of the recent amendments are effective as of December 31, 2008. The standard reference work includes in-depth analysis of litigation under Freedom of Information Act, Privacy Act, Federal Advisory Committee Act, Government in the Sunshine Act. The fully updated 2008 volume is the 24th edition of the manual that lawyers, journalists and researchers have relied on for more than 25 years. ================================ "Information Privacy Law: Cases and Materials, Second Edition" Daniel J. Solove, Marc Rotenberg, and Paul Schwartz. (Aspen 2005). Price: $98. http://www.epic.org/redirect/aspen_ipl_casebook.html This clear, comprehensive introduction to the field of information privacy law allows instructors to enliven their teaching of fundamental concepts by addressing both enduring and emerging controversies. The Second Edition addresses numerous rapidly developing areas of privacy law, including: identity theft, government data mining and electronic surveillance law, the Foreign Intelligence Surveillance Act, intelligence sharing, RFID tags, GPS, spyware, web bugs, and more. Information Privacy Law, Second Edition, builds a cohesive foundation for an exciting course in this rapidly evolving area of law. ================================ "Privacy & Human Rights 2006: An International Survey of Privacy Laws and Developments" (EPIC 2007). Price: $75. http://www.epic.org/phr06/ This annual report by EPIC and Privacy International provides an overview of key privacy topics and reviews the state of privacy in over 75 countries around the world. The report outlines legal protections, new challenges, and important issues and events relating to privacy. Privacy & Human Rights 2006 is the most comprehensive report on privacy and data protection ever published. ================================ "The Public Voice WSIS Sourcebook: Perspectives on the World Summit on the Information Society" (EPIC 2004). Price: $40. http://www.epic.org/bookstore/pvsourcebook This resource promotes a dialogue on the issues, the outcomes, and the process of the World Summit on the Information Society (WSIS). This reference guide provides the official UN documents, regional and issue-oriented perspectives, and recommendations and proposals for future action, as well as a useful list of resources and contacts for individuals and organizations that wish to become more involved in the WSIS process. ================================ "The Privacy Law Sourcebook 2004: United States Law, International Law, and Recent Developments," Marc Rotenberg, editor (EPIC 2005). Price: $40. http://www.epic.org/bookstore/pls2004/ The Privacy Law Sourcebook, which has been called the "Physician's Desk Reference" of the privacy world, is the leading resource for students, attorneys, researchers, and journalists interested in pursuing privacy law in the United States and around the world. It includes the full texts of major privacy laws and directives such as the Fair Credit Reporting Act, the Privacy Act, and the OECD Privacy Guidelines, as well as an up-to-date section on recent developments. New materials include the APEC Privacy Framework, the Video Voyeurism Prevention Act, and the CAN-SPAM Act. ================================ "Filters and Freedom 2.0: Free Speech Perspectives on Internet Content Controls" (EPIC 2001). Price: $20. http://www.epic.org/bookstore/filters2.0 A collection of essays, studies, and critiques of Internet content filtering. These papers are instrumental in explaining why filtering threatens free expression. ================================ EPIC publications and other books on privacy, open government, free expression, crypto and governance can be ordered at: EPIC Bookstore http://www.epic.org/bookstore "EPIC Bookshelf" at Powell's Books http://www.powells.com/bookshelf/epicorg.html ================================ EPIC also publishes EPIC FOIA Notes, which provides brief summaries of interesting documents obtained from government agencies under the Freedom of Information Act. Subscribe to EPIC FOIA Notes at: https:/mailman.epic.org/mailman/listinfo/foia_notes ======================================================================= [8] Upcoming Conferences and Events ======================================================================= "THE FUTURE OF PRIVACY: What's Next?" - a one day seminar. April 28, 2009, Cartier Suites Hotel, 180 Cooper Street, Ottawa, Canada. For more information, http://www.rileyis.com/seminars/ 2009 FTC Workshop: Best Practices for Business: Protecting Personal Information and Fighting Fraud with the Red Flags Rule: Pope Auditorium, Lincoln Center Campus, Fordham School of Law's Center for Law and Information Policy, 113 West 60th Street, New York, NY 10023. For more information, http://www.ftc.gov/bcp/workshops/infosecurity/index.shtml "2nd Annual Research Symposium for the Identity, Privacy and Security Initiative," , May 6, 2009, University of Toronto. For more information, http://www.ipsi.utoronto.ca/site4.aspx IEEE Symposium on Security and Privacy, May 17-20, 2009, The Claremont Resort, Oakland, California. For more information, http://oakland09.cs.virginia.edu/ Web 2.0 Security & Privacy 2009, Thursday, May 21, The Claremont Resort, Oakland, California. For more information, http://w2spconf.com/2009/ Computers, Freedom, and Privacy, 19th Annual Conference, Washington, D.C., June 1-4, 2009. For more information, http://www.cfp2009.org/wiki/index.php/Main_Page "The Transformation of Privacy Policy," Institutions, Markets Technology Institute for Advanced Studies (IMT)Lucca, Italy, July 2-4, 2009. ======================================================================= Join EPIC on Facebook ======================================================================= Join the Electronic Privacy Information Center on Facebook http://epic.org/facebook Start a discussion on privacy. Let us know your thoughts. Stay up to date with EPIC's events. Support EPIC. ======================================================================= Subscription Information ======================================================================= Subscribe/unsubscribe via web interface: http://mailman.epic.org/mailman/listinfo/epic_news Back issues are available at: http://www.epic.org/alert The EPIC Alert displays best in a fixed-width font, such as Courier. ======================================================================= Privacy Policy ======================================================================= The EPIC Alert mailing list is used only to mail the EPIC Alert and to send notices about EPIC activities. We do not sell, rent or share our mailing list. We also intend to challenge any subpoena or other legal process seeking access to our mailing list. We do not enhance (link to other databases) our mailing list or require your actual name. In the event you wish to subscribe or unsubscribe your e-mail address from this list, please follow the above instructions under "subscription information." ======================================================================= About EPIC ======================================================================= The Electronic Privacy Information Center is a public interest research center in Washington, DC. It was established in 1994 to focus public attention on emerging privacy issues such as the Clipper Chip, the Digital Telephony proposal, national ID cards, medical record privacy, and the collection and sale of personal information. EPIC publishes the EPIC Alert, pursues Freedom of Information Act litigation, and conducts policy research. For more information, see http://www.epic.org or write EPIC, 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009. +1 202 483 1140 (tel), +1 202 483 1248 (fax). ======================================================================= Donate to EPIC ======================================================================= If you'd like to support the work of the Electronic Privacy Information Center, contributions are welcome and fully tax-deductible. Checks should be made out to "EPIC" and sent to 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009. Or you can contribute online at: http://www.epic.org/donate Your contributions will help support Freedom of Information Act and First Amendment litigation, strong and effective advocacy for the right of privacy and efforts to oppose government regulation of encryption and expanding wiretapping powers. Thank you for your support. ------------------------- END EPIC Alert 16.07 ------------------------ .