EPIC logo

=======================================================================
                              E P I C   A l e r t
=======================================================================
Volume 16.07                                             April 13, 2009
-----------------------------------------------------------------------

                                Published by the
                   Electronic Privacy Information Center (EPIC)
                                Washington, D.C.

                 http://www.epic.org/alert/EPIC_Alert_16.07.html

			"Defend Privacy. Support EPIC."
			     http://epic.org/donate

=======================================================================
Table of Contents
=======================================================================
[1] Whole-Body Imaging Set to Replace Metal Detectors at Airports
[2] EU Commissioner Wants Consumer Rights to Adapt to Technology
[3] US Trade Representative Office Releases ACTA Information
[4] Five Country Study Finds Diminished Protection for Anonymity
[5] Justice Department Publishes Annual Report on Internet Crime
[6] News in Brief
[7] EPIC Bookstore: Online Identity Theft
[8] Upcoming Conferences and Events
        - Join EPIC on Facebook http://epic.org/facebook
  	- Subscription Information
  	- Privacy Policy
  	- About EPIC
  	- Donate to EPIC http://epic.org/donate

=======================================================================
[1] Whole-Body Imaging Set to Replace Metal Detectors at Airports
=======================================================================

The Transportation Security Administration has decided to replace the
walkthrough metal detectors at airports with whole body imaging
devices. Such devices enable a virtual strip search that produces
detailed naked images of individuals, including females and young
children. The technology provides little additional security beyond
other screening techniques, including magnetometers, physical
examination, and baggage inspection. It is an extraordinarily invasive
technique that is disproportionate to its use. EPIC had recommended
that the future funding of this program should be suspended.

According to a report in the New York Times on April 6, 2009, Robin
Kane, Acting Assistant administrator, Office of Process Technology,
stated that "initial results from pilot tests at some checkpoints at
19 airports in the United States" was positive and the TSA wanted
the devices to become the standard checkpoint detectors replacing
the metal detectors. Kane has also stated that passengers had given
positive feedback.

The TSA had initially announced that millimeter wave passenger imaging
technology would be a voluntary alternative to a pat-down during
secondary screening. Earlier, in February this year, the TSA changed
its stance by stating that the use of millimeter wave technology
would be the default but it would continue to give the option of
metal detector screening and a pat-down searches to passengers who
do not wish to receive the millimeter wave screening.

Although the TSA has stated that privacy is ensured through the
anonymity of the image and it would never be stored, transmitted or
printed, and it will be "deleted" immediately once viewed, the FAQs for
the Secure 1000, one of the scanner models, state that the images
acquired with the system can be saved on the system's hard disk or
transferred to floppy disk for training and legal documentation and
the stored images can be recalled and viewed on the system monitor or
on any IBM compatible personal computer with color graphics. The Fact
Sheet for the ProVision Whole Body Imager from September last year
states that the scanner would soon to be deployed at Miami, Las Vegas,
Atlanta, Indianapolis, La Guardia, Tampa, Newark, San Juan and O'Hare
airports.

Earlier this year, President Obama had signed the American Recovery
& Reinvestment Act which contained a grant of $1 Billion for Aviation
Security. The law granted the sum for the "procurement and installation
of checked baggage explosives detection systems and checkpoint
explosives detection equipment." Thereafter, the Secretary for the
Department of Homeland Security, Janet Napolitano testified before the
House Committees on Homeland Security. In her testimony, she stated
that a directive had been issued towards reviewing transportation
security.

In October last year, while adopting a resolution on allowing the use
body-scanners for the screening of persons, Members of the European
Parliament stated that the draft measure could not be considered mere
technical measures related to security as they have a serious impact on
the fundamental rights of citizens and conditions for a decision had
not been met due to lack of information. Attention was drawn to the
fact that the technology had the potential to force air passengers to
undergo "undignifying treatment" and the possible storage of data. The
Members also asked the Commission to carry out a fundamental rights
impact assessment as well as consult with the European Data Protections
Supervisor, Article 29 Working Party and the EU Fundamental Rights
Agency.


TSA - Whole Body Imaging:
     http://www.tsa.gov/approach/tech/body_imaging.shtm

Joe Sharkey, Whole-Body Scans Pass First Airport Tests, April 6, 2009:
     http://www.nytimes.com/2009/04/07/business/07road.html

Electromax International, Inc. Rapiscan Secure 1000 FAQ's:
     http://www.electromax.com/rapiscan%20secure%201000%20faq.html

TSA Tests Second Passenger Imaging Technology:
     http://www.tsa.gov/press/releases/2007/press_release_10112007.shtm

TSA Continues Millimeter Wave Passenger Imaging Technology Pilot:
     http://www.tsa.gov/press/happenings/mwave_continues.shtm

ProVision Whole Body Imager Fact Sheet:
     http://www.dsxray.com/pdf/ProVisionFactSheetSEPT08.pdf

ProVision Whole Body Imager FAQs:
     http://www.dsxray.com/pdf/ProVisionFAQSEPT08.pdf

Testimony of Secretary Napolitano:
     http://www.dhs.gov/ynews/testimony/testimony_1235577134817.shtm

Body Scanners at airports:
MEPs say that fundamental rights are under threat:
     http://epic.org/redirect/041309_EU_MEP_BodyScanner.html

Draft EC Regulation Supplementing the Common Basic Standards on
Civil Aviation Security [Annex to Regulation (EC) No. 300/2008]:
     http://epic.org/redirect/041309_EC_DraftResoAviation.html

Spotlight on Surveillance- Plan to X-Ray Travelers Should Be
Stripped of Funding:
     http://epic.org/privacy/surveillance/spotlight/0605/

EPIC's Page on Air Travel Privacy:
     http://epic.org/privacy/airtravel/

X-Ray Backscatter Technology and Your Personal Privacy:
     http://www.tsa.gov/research/privacy/backscatter.shtm

TSA's page on Backscatter:
     http://www.tsa.gov/approach/tech/backscatter.shtm



=======================================================================
[2] EU Commissioner Wants Consumer Rights to Adapt to Technology
=======================================================================

The European Union Commissioner for Consumer Affairs, Meglena Kuneva,
delivered a keynote speech at the Roundtable on Online Data Collection,
Targeting and Profiling. Concerned over the explosion in the volume of
collected personal data and its use for commercial purposes, the
Commissioner called for a discussion on the newer business models that
employed commercial profiling and targeting. Commissioner Kuneva agreed
that consumer policy needed to go beyond the mere elimination of use of
personally identifiable information.

Calling personal data "the new oil of the internet and the new currency
of the digital world," the stress was laid on the need to promote trust
and confidence that will encourage people to participate in new
opportunities that grow and evolve online. Commissioner Kuneva agreed
that tools to balance the interests of businesses and consumers should
be developed and called for the respect of users' right to control
their public exposure; and the obligation to protect them against
abusive and risky practices. The Commissioner also stated a need for
constructive dialog for a common understanding of the rules for a
better market environment.

Firstly, the Commissioner addressed the issue of privacy policies and a
clear need to reassert users' trust by being more transparent about
data collection activities. She stated that paying for services with
personal data and exposure to ads amounted to a new form of commercial
exchange contractually established by the privacy policy. Privacy
policies must adhere to the same fairness and transparency standards
that are commonly accepted in commercial contracts. Commissioner
Kuneva also wanted privacy policies to contain clear language, opt-in
or opt-out options that are meaningful and easy to use.

Another area of concern in the speech was commercial communications and
the collection of data by the websites which led to profiling. Ensuring
that commercial communications should comply with the law, Commissioner
Kuneva stated that such communications could not deceive, mislead or
amount to excessive pressure. She further wanted to address the
blurring of commercial and non-commercial communications when a
seemingly innocuous advertisement was actually a result of detailed
profiling.

The Commissioner for Consumer Affairs agreed that the increase in
personal information online resulted in increased access to
customized services. However, she warned that such information could
also reveal the degree of interest of the consumer and the likelihood
of payment. The service could then be used to extract the maximum price
possible or to block access from certain services resulting in
commercial discrimination.

Expressing the need of trust from users, Commissioner Kuneva invited the
industry in developing a framework to apply consumer policy rules in
establishing principles of acceptable behavior. She referred to the
statement of the Chairman of US Federal Trade Commission and agreed
that reliance on the industry to improve the situation did not amount
to regulatory retreat, but rather a last chance given to businesses to
improve the situation. She closed her speech saying that consumer
rights must adapt to technology and not be crushed by it and the
current situation with regard to privacy, profiling and targeting was
not satisfactory.


Meglena Kuneva, European Consumer Commissioner:
     http://ec.europa.eu/commission_barroso/kuneva/index_en.htm

Roundtable: Keynote Speech at Brussels, March 31, 2009:
     http://epic.org/redirect/041309_ECCA_Meglena_Roundtable.html

European Consumer Summit 2009, Brussels, 2 April 2009:
     http://epic.org/redirect/041309_ECCA_Meglena_ConsumerSummit.html

EPIC's page on Network Advertising Initiative: Principles not Privacy:
     http://epic.org/privacy/internet/NAI_analysis.html

EU Consumer Affairs:
     http://ec.europa.eu/consumers/index_en.htm



=======================================================================
[3] US Trade Representative Office Releases ACTA Information
=======================================================================

The Office of the U.S. Trade Representative released a summary of the
current state of the Anti-Counterfeiting Trade Agreement negotiations.
Previously, the USTR had deemed the negotiation texts classified in the
interest of National Security pursuant to Executive Order 12958. The
objective of the ACTA negotiations is to draft a new, state-of-the art
agreement to combat counterfeiting and piracy. The United States has
been working with several trading partners, including Australia, Canada,
the European Union and its 27 member states, Japan, Mexico, New Zealand,
Singapore, South Korea, and Switzerland, to negotiate the agreement.

The ACTA is intended to prevent the proliferation of counterfeit and
pirated goods in international trade which poses an ever-increasing
threat to the sustainable development of the world economy. However,
the illegal trade causes significant losses for the right-holders and
legitimate businesses. The released summary states that although
various groups had requested more information on the substance of the
negotiations and disclosure of the draft, it is accepted practice
during trade negotiations among sovereign states to not share
negotiating texts with the public at large.

In October last year, Senators Patrick Leahy and Arlen Specter of the
Senate Judiciary Committee expressed concern that the Anti-
Counterfeiting Trade Agreement may not have been drafted with sufficient
flexibility and could limit Congress's ability to make appropriate
refinements to intellectual property law in the future. The senators
questioned the lack of transparency and the quick deliberations
accompanying the negotiations. In a letter to the U.S. Trade
Representative Susan Schwab, the senators asked that the liability
of service providers or technological protection measures be left out
from the agreement. The letter also warned of a possibility of a 
Significant impact in intellectual property protections taking effect
without formal Congressional involvement.

ACTA was announced in October 2007, but the lack of transparency in the
negotiating process and a leaked discussion paper have caused alarm
among consumer rights groups and two of them have submitted a Freedom of
Information request in June last year asking for all the records. In
September 2008, EPIC alerted readers about public interest NGO's
expressing concern about the ACTA Draft Treaty and the possibility of
policies that may limit legitimate business activity, the participative
web, and e-government service delivery.

Additionally, The OECD Civil Society Seoul Paper recommended that
governments protect their citizens' privacy rights by upholding the
foundational principle that ISPs and Internet intermediaries are not
required to monitor communications on their networks under any
circumstances. Also, the Paper highlights the importance of the
end-to-end principle that is central to the Internet's open
architecture and conducive to innovation. In March, the European
Parliament had urged the European Commission to release documents
pertaining to the ACTA discussions.


USTR ACTA Summary:
     http://epic.org/redirect/041309_ACTA_Summary.html

Announcement of ACTA:
      http://epic.org/redirect/101008_USTR_acta.html

Senators' letter to USTR:
      http://ip-watch.org/files/acta_letter.pdf

Announcement of ACTA:
      http://epic.org/redirect/101008_USTR_acta.html

OECD Civil Society Seoul Declaration on ACTA (open for signature):
     http://www.petitiononline.com/iccp/petition.html

OECD Civil Society Background Paper (Section 2.2):
     http://thepublicvoice.org/events/seoul08/cs-paper.pdf

Wikileaks: ACTA discussion paper:
     http://epic.org/redirect/091308_ActaDiscussion.html

Letter to Anti-counterfeiting Trade Agreement Negotiators:
     http://epic.org/redirect/091308_ActaAgreement.html

Access to Documents: The European Parliament Demands More Transparency:
     http://epic.org/redirect/031709_EuroParlACTA.html

EPIC Alert 15.18 ACTA article:
      http://epic.org/alert/EPIC_Alert_15.18.html#acta

EPIC - Open Government:
     http://epic.org/open_gov/



=======================================================================
[4] Five Country Study Finds Diminished Protection for Anonymity
=======================================================================

Five Country Study Finds Diminished Protection for Anonymity

A new study by leading scholars from the USA, Canada, UK, Netherlands
and Italy has revealed that laws are reinforcing technology's ability
to undermine the anonymity of citizens. The project brought together
North American and European research talent from varying disciplines
and sectors. The twenty-three participants on the team included a
distinguished array of philosophers, ethicists, feminists, cognitive
scientists, lawyers, cryptographers, engineers, policy analysts,
government policy makers, privacy experts, business leaders, blue chip

companies, and successful start-ups. Our research partners include
institutions in the public, private and not-for-profit sectors.

The study, which was unveiled on April 8th in Ottawa, revealed the
scant protection of anonymity, a preference for laws requiring people
to be identified and an increasing encroachment of the law into areas
where there were previously no rules prohibiting anonymity. The
research findings are outlined in the recently published book, "Lessons
from the Identity Trail: Anonymity, Privacy and Identity in a
Networked Society." The authors were part of a collaborative research
initiative, On the Identity Trail.

The project consisted of three streams: (1) Nature and Value of
Identity, Anonymity and Authentication; (2) Constitutional and Legal
Aspects of Anonymity; and (3) Technologies that Identify, Anonymize
and Authenticate. The specific aims of the project was to have an
impact on the public and private sector, the individual as a consumer,
and the individual as citizen, affecting the way the public
communicates and transacts business with one another, the moral
discourse, and the approach to law reform and social policy. The
project desired to influence a variety of research outcomes across the
social sciences and humanities, in the fields of law and policy, and
within the technology sector.

The scholars stated that the exercise of privacy rights involves the
capacity to control personal information, which often requires citizens
to gain access to information about themselves and government. Part of
the project, which is still ongoing involves collecting and analyzing
empirical data about how people experience anonymity online, what it
means to them and the behavioral implications of their perceived
anonymity online and off. EPIC was a partner in the project.

Lessons from the Identity Trail: Anonymity, Privacy and Identity
in a Networked Society:
     http://idtrail.org/content/view/799

EPIC's Role in the Anonymity Project:
     http://www.idtrail.org/content/view/54/33/

EPIC's page on Free Speech and Anonymity:
     http://epic.org/free_speech/default.html#anonymity

EPIC's page on Internet Anonymity
     http://epic.org/privacy/anonymity/

Amazon Bookstore - "Lessons from the Identity Trail":
     http://www.amazon.com/gp/product/0195372476?ie=UTF8&tag=e03a6-20



=======================================================================
[5] Justice Department Publishes Annual Report on Internet Crime
=======================================================================

The Internet Crime Complaint Center has published the 2008 Internet
Crime Report. It is the eighth annual compilation of information on
complaints received and referred by the IC3 to law enforcement or
regulatory agencies for appropriate action. The IC3 is a result of a
partnership between the Justice Department and the National White Collar
Crime Center. The IC3 gives cybercrime victims a reporting mechanism
that alerts authorities of suspected criminal or civil violations. The
results provide a study of key characteristics of complaints,
perpetrators, complainants, interactions between the complainants and
the perpetrators, and success stories involving complainants referred
by IC3. 

In 2008, the number of complaints increased by 33 percent to 275,284.
The filings were primarily related to fraudulent and non-fraudulent
issues on the Internet. The complainants were from all fifty states
and in dozens of countries worldwide. The report lists non-delivery
of merchandise as the highest committed crime at 28.6 percent, followed
by auction fraud at 16.3 percent and confidence fraud at 14.4 percent.
The credit/debit card fraud has been significantly reduced to 4.7
percent with a median loss per complainant at $223.00

The report provided statistics on reported perpetrator location -
over 75 percent of the perpetrators were male and over half resided in
California, Florida, New York, Texas, Washington, and the District of
Columbia. Internationally, perpetrator locations have been identified
as the United Kingdom, Nigeria, Canada, Romania and Italy. The vast
majority of the victims were contacted by the culprits by email or
through websites. The United States led the list with the highest
number of criminals at 66.1 percent followed by the UK at 10.5 percent.
The top countries having the maximum number of victims were the United
States, Canada, United Kingdom, Australia, India and France. 

The majority of the scams reported to the IC3 consisted of fraudulent,
unsolicited e-mails for committing identity theft. Another scam
reported was the use of combined computer intrusion techniques with
social engineering with fraudsters gaining unauthorized access to email
accounts. Overpayment scams also featured in the report where victims
received payments through fraudulent instruments but were asked to
return the excess before clearing of the original instrument.

The report states that the best way to guard against Internet related
crimes was to stay informed on the latest modus operandi of the
criminals which may enable users to recognize and report the scams. An
effective method of learning about these scams was to periodically
check the websites of IC3, FBI and the FTC for the latest updates.

According to the report, the data indicated instances of cybercrime
were on the increase and the research indicated that only one in seven
incidents of fraud ever made their way to the attention of enforcement
or regulatory agencies. However, the report also warned that the
statistics provided only a snapshot of the prevalence and impact of
Internet fraud and did not represent all victims of Internet crime, or
fraud in general as it relied solely on the filing of complaints. The
report is intended to enhance public knowledge about the scope and
prevalence of Internet crime in America.


The 2008 Internet Crime Report:
     http://www.ic3.gov/media/annualreport/2008_IC3Report.pdf

Internet Crime Complaint Center (IC3):
     http://www.ic3.gov/default.aspx

National White Collar Crime Center (NW3C):
     http://www.nw3c.org

Bureau of Justice Assistance (BJA):
     http://www.ojp.usdoj.gov/BJA

FBI - Cyber Investigations:
     http://www.fbi.gov/cyberinvest/cyberhome.htm

Federal Trade Commission: Identity Theft:
     http://www.ftc.gov/bcp/edu/microsites/idtheft

EPIC's Page on Identity Theft:
     http://epic.org/privacy/idtheft/



=======================================================================
[6] News in Brief
=======================================================================

Federal Trade Commission to Review EPIC Cloud Computing Complaint

The Federal Trade Commission has agreed to review EPIC's March 17, 2009
complaint, which describes Google's unfair and deceptive business
practices concerning the firm's Cloud Computing Services. The letter
advises that all FTC investigations remain non-public until a decision
is made to issue a formal complaint or the investigation is closed.
EPIC's complaint describes numerous data breaches involving user-
generated information stored by Google, including the breach of Google
Docs early last month. EPIC's complaint "raises a number of concerns
about the privacy and security of information collected from consumers
online," the federal agency said. EPIC urged the Commission to take
"such measures as are necessary" to ensure the safety and security of
information submitted to Google. Previous EPIC complaints have led the
Commission to order Microsoft to revise the security standards for
Passport and to require Choicepoint to change its business practices
and pay $15 million in fines.

FTC letter to EPIC:
     http://epic.org/privacy/cloudcomputing/google/031809_ftc_ltr.pdf

EPIC's complaint to FTC on Google Cloud Computing Services:
     http://epic.org/privacy/cloudcomputing/google/ftc031709.pdf

In re Google and Cloud Computing:
     http://epic.org/privacy/cloudcomputing/google/

EPIC's Page on Cloud Computing:
     http://epic.org/privacy/cloudcomputing/default.html



Red Flags Rule Guide Issued by the Federal Trade Commission

The Federal Trade Commission issued guidelines for helping businesses
comply with the new identity theft prevention requirements as required
under the FTC Red Flag Rules. The rules are intended to spur better
identification of patterns and activities that are "red flags"
signaling identity theft. The Commission will begin enforcing the
"red flags" rule on May 1, 2009. The rules require financial
institutions and creditors to maintain identity theft prevention
programs that identify, detect, and respond to patterns, practices, or
specific activities that could indicate identity theft. Such patterns
and activities include: alerts, notifications, or warnings from a
consumer reporting agency; suspicious documents; suspicious personally
identifying information, such as a suspicious address; unusual use of
- or suspicious activity relating to - a covered account; and notices
from customers, victims of identity theft, law enforcement authorities,
or other businesses about possible identity theft in connection with
covered accounts. The rules are intended to curb identity theft, which
consumers consistently cite as a top concern, and which results in
billions of dollars in losses each year. The federal rules were
developed pursuant to the Fair and Accurate Credit Transactions Act
of 2003.

FTC Red Flags Guide and other documents:
      http://www.ftc.gov/redflagsrule

FTC Grants Delay in Enforcement of "Red Flags" ID Theft Rules,
October 22, 2008:
      http://www.ftc.gov/opa/2008/10/redflags.shtm

FTC Enforcement Policy Statement Regarding "Red Flags" ID Theft Rules,
October 22, 2008:
      http://www.ftc.gov/os/2008/10/081022idtheftredflagsrule.pdf

EPIC's Testimony in Congress Regarding the Fair and Accurate Credit
Transactions (FACTA) Act of 2003, July 9, 2003:
      http://epic.org/privacy/fcra/2622testimony.html

FTC Business Alert to Companies Covered by "Red Flags" ID Theft Rule,
June 2008:
      http://www.ftc.gov/bcp/edu/pubs/business/alerts/alt050.shtm

EPIC's Page on Identity Theft:
      http://epic.org/privacy/idtheft



Drug Companies Petition Supreme Court in Medical Privacy Case

In November 2008, the First Circuit Court of Appeals upheld a New
Hampshire law that banned the sale of prescriber-identifiable
prescription drug data for marketing purposes. Now, the prescription
mining companies IMS Health Inc. and Verispan LLC have filed cert.
petitions before the U.S. Supreme Court praying for a reversal of
the Appeals Court arguing that the New Hampshire law prohibited a class
of speech which constituted an evaluation and publication of important
factual information that was protected under the First Amendment to the
US Constitution. In August 2008, EPIC and 16 experts in privacy and
technology filed a "friend of the court" brief urging the federal
appellate court to reverse a lower court ruling that delayed
enforcement of the New Hampshire Prescription Confidentiality Act. The
experts said the lower court should be reversed because there is a
substantial privacy interest in patient data that the lower court
failed to consider. The New Hampshire Attorney General also defended
the law, calling pharmaceutical representatives "invisible intruder[s]
in the physician's examination room." Data mining companies challenged
the law, claiming that the privacy measure violated their free speech
rights.


IMS Health cert. petition - U.S. Supreme Court:
     http://www.imshealth.com/scpetition

First Circuit Court of Appeals decision:
     http://epic.org/privacy/imshealth/11_18_08_order.pdf

EPIC's friend of the court brief:
     http://epic.org/privacy/imshealth/epic_ims.pdf

New Hampshire Prescription Confidentiality Act:
     http://www.gencourt.state.nh.us/legislation/2006/HB1346.html

EPIC's Page on IMS Health v. Ayotte:
     http://epic.org/privacy/imshealth/



New Report on Identity Theft Debates the Costs of Services

Consumer Federation of America recently published a report analyzing
the costs of for-profit identity theft services. The report found that
descriptions of services were often confusing, unclear, and
unambiguous. Also, the services may not always offer the protection
that consumers were led to believe they would get. The new report,
"To Catch a Thief: Are Identity Theft Services Worth the Cost?"
explores the types of services in the market, the fees charged, the
descriptions, the claims of benefits, and whether the performance of
the services can be carried out by the consumers themselves. The CFA
recommended ten steps to protect personal information and detect
fraud. The CFA also found some practices it considered "troublesome"
including overbroad assertions by identity theft services websites.
The organization expressed a strong preference for discouraging
services from requesting consumers' free annual reports on their
behalf and believed that consumers should have stronger rights
regarding their credit reports.

CFA Press Release:
     http://www.consumerfed.org/pdfs/ID_theft_study_PR_3-18-09.pdf

To Catch a Thief: Are Identity Theft Services Worth the Cost?
     http://www.consumerfed.org/pdfs/ID_THEFT_REPORT.pdf




EU Approves Amendment to e-Privacy Directive

The European Parliament ratified amendments to the EU e-Privacy
Directive (2002/58/EC) which requires websites to ensure the
consent of the user before storing information on a computer or
accessing user information already stored on a computer. The amendment
requires operators to clearly inform users that the site uses a cookie.
The amendment also empowers the Commission to adopt measures on the
security of data processing. The amendment directs that when adopting
such measures, the Commission should consult all relevant European
authorities and organizations, such as ENISA, the European Data
Protection Supervisor and the Article 29 Working Party in order to
be informed of the best available technical and economic methods
for improving the implementation of Directive 2002/58/EC.


Draft Recommendation for Second Reading:
     http://epic.org/redirect/041309_EU_e-Privacy_Amend.html

Directive 2002/58/EC on data protection and privacy:
     http://epic.org/redirect/091208_eu.html

Article 29 Working Party:
     http://epic.org/redirect/040109_A29WP.html

European Network and Information Security Agency:
     http://www.enisa.europa.eu/



=======================================================================
[7] EPIC Bookstore: Online Identity Theft
=======================================================================

     "Online Identity Theft"
     by Organization for Economic Co-operation and Development (OECD)

     http://www.amazon.com/gp/product/9264056580?tag=e03a6-20

The growth of Internet and e-commerce has taken ID theft to new
levels. Using widely available Internet tools, thieves trick
unsuspecting computer users into providing personal data, which
they then use for illicit purposes.

The potential for fraud is a major hurdle in the evolution and
growth of online commerce. E-payment and e-banking services -- the
focus of this book -- suffer substantially from public mistrust.

Given the growth of online ID theft, many OECD member countries have
taken steps to ensure that consumers and Internet users are
adequately protected. These steps encompass various measures:
consumer and user-awareness campaigns, new legislative frameworks,
private-public partnerships, and industry-led initiatives focused
on technical responses.

According to the OECD, the purpose of this report is threefold: to
define ID theft, both online and off-line, and to study how it is
perpetrated; to outline what is being done to combat the major
types of ID theft; and to recommend specific ways that ID theft
can be addressed in an effective, global manner.


================================
EPIC Publications:

"Litigation Under the Federal Open Government Laws 2008," edited by
Harry A. Hammitt, Marc Rotenberg, John A. Verdi, and Mark S. Zaid
(EPIC 2008). Price: $60.

http://epic.org/bookstore/foia2008/
	
Litigation Under the Federal Open Government Laws is the most
comprehensive, authoritative discussion of the federal open access
laws. This updated version includes new material regarding the
substantial FOIA amendments enacted on December 31, 2007. Many of the
recent amendments are effective as of December 31, 2008. The standard
reference work includes in-depth analysis of litigation under Freedom
of Information Act, Privacy Act, Federal Advisory Committee Act,
Government in the Sunshine Act. The fully updated 2008 volume is the
24th edition of the manual that lawyers, journalists and researchers
have relied on for more than 25 years. 

================================

"Information Privacy Law: Cases and Materials, Second Edition" Daniel
J. Solove, Marc Rotenberg, and Paul Schwartz. (Aspen 2005). Price: $98.

http://www.epic.org/redirect/aspen_ipl_casebook.html

This clear, comprehensive introduction to the field of information
privacy law allows instructors to enliven their teaching of fundamental
concepts by addressing both enduring and emerging controversies. The
Second Edition addresses numerous rapidly developing areas of privacy
law, including: identity theft, government data mining and electronic
surveillance law, the Foreign Intelligence Surveillance Act,
intelligence sharing, RFID tags, GPS, spyware, web bugs, and more.
Information Privacy Law, Second Edition, builds a cohesive foundation
for an exciting course in this rapidly evolving area of law.

================================

"Privacy & Human Rights 2006: An International Survey of Privacy Laws
and Developments" (EPIC 2007). Price: $75.
http://www.epic.org/phr06/

This annual report by EPIC and Privacy International provides an
overview of key privacy topics and reviews the state of privacy in over
75 countries around the world. The report outlines legal protections,
new challenges, and important issues and events relating to privacy.
Privacy & Human Rights 2006 is the most comprehensive report on privacy
and data protection ever published.

================================

"The Public Voice WSIS Sourcebook: Perspectives on the World Summit on
the Information Society" (EPIC 2004). Price: $40.

http://www.epic.org/bookstore/pvsourcebook

This resource promotes a dialogue on the issues, the outcomes, and the
process of the World Summit on the Information Society (WSIS). This
reference guide provides the official UN documents, regional and
issue-oriented perspectives, and recommendations and proposals for
future action, as well as a useful list of resources and contacts for
individuals and organizations that wish to become more involved in the
WSIS process.

================================

"The Privacy Law Sourcebook 2004: United States Law, International Law,
and Recent Developments," Marc Rotenberg, editor (EPIC 2005). Price:
$40.

http://www.epic.org/bookstore/pls2004/

The Privacy Law Sourcebook, which has been called the "Physician's Desk
Reference" of the privacy world, is the leading resource for students,
attorneys, researchers, and journalists interested in pursuing privacy
law in the United States and around the world. It includes the full
texts of major privacy laws and directives such as the Fair Credit
Reporting Act, the Privacy Act, and the OECD Privacy Guidelines, as well
as an up-to-date section on recent developments. New materials include
the APEC Privacy Framework, the Video Voyeurism Prevention Act, and the
CAN-SPAM Act.

================================

"Filters and Freedom 2.0: Free Speech Perspectives on Internet Content
Controls" (EPIC 2001). Price: $20.

http://www.epic.org/bookstore/filters2.0

A collection of essays, studies, and critiques of Internet content
filtering. These papers are instrumental in explaining why filtering
threatens free expression.

================================

EPIC publications and other books on privacy, open government, free
expression, crypto and governance can be ordered at:

EPIC Bookstore
http://www.epic.org/bookstore

"EPIC Bookshelf" at Powell's Books
http://www.powells.com/bookshelf/epicorg.html

================================

EPIC also publishes EPIC FOIA Notes, which provides brief summaries of
interesting documents obtained from government agencies under the
Freedom of Information Act.

Subscribe to EPIC FOIA Notes at:
https:/mailman.epic.org/mailman/listinfo/foia_notes


=======================================================================
[8] Upcoming Conferences and Events
=======================================================================

"THE FUTURE OF PRIVACY: What's Next?" - a one day seminar.
April 28, 2009, Cartier Suites Hotel, 180 Cooper Street,
Ottawa, Canada. For more information,
http://www.rileyis.com/seminars/

2009 FTC Workshop: Best Practices for Business: Protecting
Personal Information and Fighting Fraud with the Red Flags Rule:
Pope Auditorium, Lincoln Center Campus, Fordham School of Law's
Center for Law and Information Policy, 113 West 60th Street,
New York, NY 10023. For more information,
http://www.ftc.gov/bcp/workshops/infosecurity/index.shtml

"2nd Annual Research Symposium for the Identity, Privacy and
Security Initiative," , May 6, 2009, University of Toronto.
For more information, http://www.ipsi.utoronto.ca/site4.aspx


IEEE Symposium on Security and Privacy, May 17-20, 2009,
The Claremont Resort, Oakland, California. For more information,
http://oakland09.cs.virginia.edu/


Web 2.0 Security & Privacy 2009, Thursday, May 21,
The Claremont Resort, Oakland, California. For more information,
http://w2spconf.com/2009/


Computers, Freedom, and Privacy, 19th Annual Conference, Washington,
D.C., June 1-4, 2009. For more information,
http://www.cfp2009.org/wiki/index.php/Main_Page


"The Transformation of Privacy Policy," Institutions, Markets
Technology Institute for Advanced Studies (IMT)Lucca, Italy, July 2-4,
2009.



=======================================================================
Join EPIC on Facebook
=======================================================================

Join the Electronic Privacy Information Center on Facebook
http://epic.org/facebook

Start a discussion on privacy. Let us know your thoughts.
Stay up to date with EPIC's events.
Support EPIC.


=======================================================================
Subscription Information
=======================================================================

Subscribe/unsubscribe via web interface:
http://mailman.epic.org/mailman/listinfo/epic_news

Back issues are available at:
http://www.epic.org/alert


The EPIC Alert displays best in a fixed-width font, such as Courier.

=======================================================================
Privacy Policy
=======================================================================

The EPIC Alert mailing list is used only to mail the EPIC Alert and to
send notices about EPIC activities. We do not sell, rent or share our
mailing list. We also intend to challenge any subpoena or other legal
process seeking access to our mailing list. We do not enhance (link to
other databases) our mailing list or require your actual name.

In the event you wish to subscribe or unsubscribe your e-mail address
from this list, please follow the above instructions under "subscription
information."


=======================================================================
About EPIC
=======================================================================

The Electronic Privacy Information Center is a public interest research
center in Washington, DC. It was established in 1994 to focus public
attention on emerging privacy issues such as the Clipper Chip, the
Digital Telephony proposal, national ID cards, medical record privacy,
and the collection and sale of personal information. EPIC publishes the
EPIC Alert, pursues Freedom of Information Act litigation, and conducts
policy research. For more information, see http://www.epic.org or write
EPIC, 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009. +1 202
483 1140 (tel), +1 202 483 1248 (fax).

=======================================================================
Donate to EPIC
=======================================================================

If you'd like to support the work of the Electronic Privacy Information
Center, contributions are welcome and fully tax-deductible. Checks
should be made out to "EPIC" and sent to 1718 Connecticut Ave., NW,
Suite 200, Washington, DC 20009. Or you can contribute online at:

http://www.epic.org/donate

Your contributions will help support Freedom of Information Act and
First Amendment litigation, strong and effective advocacy for the right
of privacy and efforts to oppose government regulation of encryption and
expanding wiretapping powers.

Thank you for your support.



------------------------- END EPIC Alert 16.07 ------------------------

.