EPIC logo


=======================================================================
                              E P I C   A l e r t
=======================================================================
Volume 16.10                                               May 26, 2009
-----------------------------------------------------------------------

                                Published by the
                   Electronic Privacy Information Center (EPIC)
                                Washington, D.C.

                 http://www.epic.org/alert/EPIC_Alert_16.10.html 

			"Defend Privacy. Support EPIC."
			     http://epic.org/donate" 


=======================================================================



EPIC 15th Anniversary Dinner and the
EPIC Champion of Freedom Awards
Cosmos Club, Washington, DC
June 9, 2009

EPIC@15 Invitation: http://www.epic.org/epic15/invite.pdf
Your Reply: http://epic.org/epic15/reply.pdf
Register (or donate to EPIC@15): http://epic.org/register

=======================================================================
Table of Contents
=======================================================================
[1] Campaign Underway to Stop Digital Strip Search of Passengers
[2] FBI's Use of FISA Increasing
[3] Multi-stakeholder Advisory Group to the UN IGF Meet in Geneva
[4] White House Seeks User Comments on Government Transparency
[5] European Commission Sets Out RFID Privacy Guidelines
[6] News in Brief
[7] EPIC Bookstore: "Moyers on Democracy"
[8] Upcoming Conferences and Events
        - Join EPIC on Facebook http://epic.org/facebook
  	- Privacy Policy
  	- About EPIC
  	- Donate to EPIC http://epic.org/donate
  	- Subscription Information

=======================================================================
[1] Campaign Underway to Stop Digital Strip Search of Passengers
=======================================================================
The Privacy Coalition is engaging local, state, and national
organizations in a campaign to suspend the use of "Whole Body Imaging"
-- devices that photograph the nude body of American air travelers. The
campaign is in response to a policy reversal by the TSA, which would
now make the "virtual strip search" mandatory requirement for all air
passengers without exception. EPIC and others say that there are
inadequate safeguards to prevent the misuse of the images. They are
asking Homeland Security Secretary Janet Napolitano to suspend the
program and allow for public comment.

Whole Body Imaging systems, such as backscatter x-ray and millimeter
wave, capture a detailed image of the subject stripped naked. Some
presentations of the image produced display the outline of
undergarments, while others do not stop there but reveal the nude body.
The agency is using the technology on persons suspected of no
wrongdoing.

Privacy advocates have expressed their frustration with the agency
after being assured that Whole Body Imaging would only be used in the
case of secondary screening that provide travelers with the option of
a pat-down search. Privacy groups engaged in the campaign believe that
the change in the agency's policy to make default a primary screening
tool opens the door on other options that could further undermine
passenger privacy.

The deadline for joining the letter to Department of Homeland Security
Secretary Janet Napolitano is May 31, 2009.

Airport security underwent significant changes following terrorist
attacks of September 11, 2001. TSA said it believes that whole body
imaging screening is less invasive than pat-down searches. However,
these machines, which show detailed images of a person's naked body,
are equivalent to a "virtual strip search" for all air travelers.

Whole body imaging systems have been in use at 19 US Airports around
the country: Albuquerque International, Hartsfield-Jackson Atlanta,
Baltimore/Washington International, Ronald Reagan Washington National,
Denver International, Dallas/Ft Worth International, Detroit Metro,
Indianapolis International, Jacksonville International, McCarran
International, Los Angeles International, Miami International,
Phoenix Sky Harbor International, Raleigh-Durham International,
Richmond International, San Francisco International, Salt Lake City
International, Tampa International, and Tulsa International Airports.

Privacy Coalition Campaign to Stop TSA's Use of Whole Body Imaging:
     http://privacycoalition.org/stopwholebodyimaging/

EPIC's Page on Whole body Imaging:
     http://epic.org/privacy/airtravel/backscatter/

EPIC's Spotlight on Surveillance on Whole Body Imaging:
     http://epic.org/privacy/surveillance/spotlight/0605/

Facebook Group: Stop Airport Strip Searches:
     http://www.facebook.com/group.php?gid=179598280013



=======================================================================
[2] FBI's Use of FISA Increasing
=======================================================================

In a report to the Congress, the Justice Department revealed a
substantial increase in the use of National Security Letters to acquire
information on American citizens without court order. National Security
Letters are an extraordinary search procedure which gives the FBI the
power to compel the disclosure of customer records held by banks,
telephone companies, Internet Service Providers, and others. These
entities are prohibited, or "gagged," from telling anyone about their
receipt of the NSL, which makes oversight difficult.

The report stated that during 2008, the Government made 2,082
applications to the Foreign Intelligence Surveillance Court for
authority to conduct electronic surveillance and physical searches for
foreign intelligence purposes. The applications include permission for
electronic surveillance, physical searches or both. During the year,
the FISC approved 2,083 applications. In 2008, the FBI issued 24,744
National Security Letters pertaining to 7,225 U.S. persons compared to
16,804 requests pertaining to 4,327 U.S. persons in 2007.

In March 2007 and in March 2008, the Inspector General released reports
detailing FBI's use of NSLs. The findings indicated that the manner in
which the FBI tracked NSLs resulted in inaccuracies in the statistics
reported to Congress. The report indicated that in an effort to redress
the deficiency, the FBI deployed the NSL subsystem of the FISA
Management System in all FBI field offices which is a "web-enabled
workflow manager that automatically tallies data points necessary for
accurate and timely Congressional reporting."

The report also stated that the FBI issued "corrective NSLs" to provide
legal authority to retain information it had previously received in
response to "exigent letters". These notices were letters to
communications service providers requesting production of toll or
subscriber records with the statement that exigent circumstances
existed and that legal process would follow. Additionally, the report
also highlighted concerns that upon legal review of some so-called
blanket NSLs, significant procedural and legal concerns were raised -
none of the blanket NSLs were accompanied by the required internal
security memorandum documenting the relevance of the information sought
to a national security investigation and statistics not reported to
Congress in 2007.

Previously, EPIC had written a letter to Senators Leahy and Specter
asking the statute which enhanced National Security Letter authority be
repealed. EPIC had uncovered evidence of past FBI misuse of Patriot
Act powers under its Freedom of Information Act requests. Documents
released to EPIC under the FOIA revealed forty-two cases in which the
FBI's Office of General Counsel investigated alleged FBI misconduct
during intelligence activities and found these matters serious enough
to report them to the Intelligence Oversight Board. EPIC, in a letter
to the Senate Committee on the Judiciary recommended that Congress hold
hearings to assess the allegations of unlawful intelligence activities.

Report of Justice Department under FISA and USA PATRIOT Act:
     http://www.fas.org/irp/agency/doj/fisa/2008rept.pdf

A Review of the FBI's Use of National Security Letters - Office of the
Inspector General, March 2008:
     http://www.usdoj.gov/oig/special/s0803b/final.pdf

A Review of the Federal Bureau of Investigation's Use of National
Security Letters - Office of the Inspector General, March 2007:
     http://www.usdoj.gov/oig/special/s0703b/final.pdf

EPIC's letter to Senators Leahy and Specter:
     http://www.epic.org/privacy/pdf/nsl_letter.pdf

Letter from Electronic Privacy Information Center to the
United States Senate Committee on the Judiciary:
     http://www.epic.org/privacy/surveillance/sen_iob_letter.pdf

EPIC's Page on Foreign Intelligence Surveillance Act:
     http://epic.org/privacy/terrorism/fisa/

EPIC's Page on National Security Letters:
     http://epic.org/privacy/nsl/default.html

EPIC's Page on Wiretapping:
     http://www.epic.org/privacy/wiretap/

US Justice Department:
     http://www.usdoj.gov



=======================================================================
[3] Multi-stakeholder Advisory Group to the UN IGF Meet in Geneva
=======================================================================

With the proposed slogan "Internet Governance ñ Creating Opportunities
for All", the fourth annual meeting of the United Nations Internet
Governance Forum will take place at Sharm el-Sheikh, Egypt on November
15-18, 2009.

The IGF was formed to support the United Nations Secretary-General in
carrying out the mandate from the World Summit on the Information
Society with regard to convening a new multi-stakeholder policy
dialogue forum to discuss issues related to key elements of Internet
governance. The IGF was established in July 2006 and since then three
annual forums have been organized.

On May 14-15, 2009, the United Nations Multi-stakeholder Advisory
Group to the Internet Governance Secretariat met in Geneva to discuss
the preparation of the Sharm el-Sheikh meeting.

Comments on the Substantive Program Agenda were one of the main topics
of discussion. "Internet governance ñ creating opportunities for all"
was chosen as the overall title.

The proposed agenda for the 2009 meeting will be as follows:

	- Managing critical Internet resources
	- Security, openness and privacy
	- Access and diversity
	- Internet governance in the light of WSIS principles
	- Emerging issues: Social Networks
	- Taking stock and the way forward ñ on the desirability of
	  the continuation of the Forum.

Many members of civil society, who are part of the Multi-stakeholder
Advisory Group to the Internet Governance Secretariat, proposed the
inclusion of human rights and principles in the information society as
an overall theme; however, this proposal did not reach consensus.

It is important to highlight that in December 2003, the final
Declaration and Plan of Action of the World Summit of Information
Society, incorporated references to the Universal Declaration of
Human Rights as well as to the Vienna Declaration and the UN Charter.
The document also included the full extent of Article 19 of the UDHR.
This means that there might be a possibility to discuss those topics
in the main session on "Internet governance in the light of WSIS
principles."

For the first time, one of the main sessions will be "Security,
Openness and Privacy," though the specific details of the panel are
still unclear. Some clusters were identified, among others: "secure
the network (e.g. to fight spam)." Issues to be discussed in this
cluster might include the respect for privacy as a business advantage
and issues such as identity theft, identity fraud, and information
leakage. Another cluster includes "Web 2.0, social networks, cloud
computing and privacy, e.g. control of one's own personal data and
data retention." Some issues pertaining to openness were also
addressed, including ensuring the open architecture of the Internet
and Net Neutrality.

The last substantive session of the 2009 IGF meeting will be devoted to
emerging issues. The impact of social networks was chosen as the theme
for this session. It will be a forward-looking session with a focus on
policy instead of technology. Hopefully, those sessions tackle one of
the key privacy debates in social networks: Profiling and Behavioral
Targeted Advertising.

In the 2007 IGF meeting, privacy was subsumed under the main session
of "security" and other controversial topics including human rights
were avoided. 

In 2008, the right of privacy was discussed under the main title
"Promoting cyber-security and trust," where two panels were held.
The Chairman report of the second panel of this session "Fostering
Security, Privacy and Openness," highlighted that "[t]he increased
awareness of the importance of data protection was mentioned as
regards not only the protection of the private sphere of individuals,
but their very freedom." The first panel on the "Dimensions of
Cyber-Security and Cyber-crime" addressed problems concerning
jurisdiction and geographical boundaries that law enforcement
agencies face because of the borderless nature of the Internet.
However, the discussions did not address any public accountability
measures to oversee the legality and limit the use of the surveillance
in communications. There was no mention of the wiretapping abuses that
have been revealed around the world, sometimes involving thousands of
illegal wiretaps. 

At the Human Right Caucus reported in 2003, "much of the [WSIS]
Declaration focused on the creation of a "global culture of cyber-
security". The Caucus said in 2003, "the discussion around security
would have been enhanced by a clear understanding that true security
can only be achieved by measures that are fully compatible with
international human rights and particularly the right to privacy."  

In 2010, the United Nations General Assembly will decide if it
should extend the IGF's initial five-year mandate, based on a review
of its work as well as its achievements. 

Internet Governance Forum:
     http://www.intgovforum.org/

Submitted proposals for workshops sessions for the 2009 IGF meeting:
     http://epic.org/redirect/052609_IGF_2009_sub_proposals.html

The WSIS Declaration of Principles and Plan of Action:
     http://www.itu.int/wsis/

Summary Report of the Multistakeholder Advisory Group MeetingñMay 2009:
     http://www.intgovforum.org/cms/AGD/MAG.Summary.18.05.2009.rtf

IGF 2008 Chairman's Summary (pdf): 
     http://epic.org/redirect/122208_IGF_Chairman.html 

IGF "Promoting Cyber-Security and Trust" transcripts: 
     http://www.intgovforum.org/cms/index.php/hyderabadprogramme 

Comments on the Political Chapeau and the Operational Part Human Rights
Caucus Contribution to the Work of the Group of the Friends of the
Chair (March 4th, 2005):
     http://www.itu.int/wsis/docs2/pc3/contributions/co2.doc

The Public Voice:
     http://www.thepublicvoice.org



=======================================================================
[4] White House Seeks User Comments on Government Transparency
=======================================================================

The White House is seeking public comments on the open government
proposal. President Obama, on the second day in office, had issued a
memorandum promoting Transparency and Open Government in his
Administration. The memorandum directed the Chief Technology Officer,
the Office of Management and Budget, and the General Services
Administration to develop a set of recommendations that will inform an
Open Government Directive.

The memorandum had declared that Governments should be transparent as
it promoted accountability and provided information for citizens about
what their Government was doing. Promoting a participatory and
collaborative Government, President Obama wanted his Executive
departments and agencies in his administration to offer Americans
increased opportunities to participate in policymaking and to provide
their Government with the benefits of their collective expertise and
information. The President's Executive orders also included active
collaboration that engages citizens in the work of their Government,
innovation and public feedback as the bedrock of the new
administration.

Following the earlier memorandum and executive orders, members of the
public are now invited to participate in the process of developing
recommendations via email or the White House website offering comments,
ideas, and proposals about possible initiatives and about how to
increase openness and transparency in government. Comments on open
government may relate to government-wide or agency-specific policy,
project ideas, and relevant examples. The public inputs may address
topics on law, policy, technology, culture, and practice on issues and
the final feedback must be received by June 19, 2009. The first stage
involves an online brainstorming session to enable the White House
to receive the most important ideas relating to open government. This
stage of the session is open until May 28, 2009.

In another memorandum, President Obama had also declared that Freedom
of Information should be administered with a clear presumption of
openness. In response to FOIA requests, executive branch agencies
should act promptly and in a spirit of cooperation, recognizing that
such agencies are servants of the public. Reiterating that transparency
promotes accountability and information maintained by the Federal
Government is a national asset, President Obama also declared that all
agencies should bring in a culture of open Government.

EPIC has submitted comments on numerous issues to various agencies,
submitted several FOIA requests to ensure government transparency and
accountability, and has been invited several times to testify at
Congressional hearings due to its knowledge and expertise on matters
relating to privacy and civil liberties. EPIC has also published the
FOIA Manual, "Litigation Under the Federal Open Government Laws," in
2008.


Open Government Initiative:
     http://www.whitehouse.gov/open

Open Government Dialogue:
     http://opengov.ideascale.com/

Executive Office of the President, Office of Science and Technology
Policy, May 21, 2009:
     http://edocket.access.gpo.gov/2009/pdf/E9-12026.pdf

Memorandum of January 21, 2009 - Transparency and Open Government:
     http://edocket.access.gpo.gov/2009/pdf/E9-1777.pdf

Memorandum of January 21, 2009 - Freedom of Information Act:
     http://edocket.access.gpo.gov/2009/pdf/E9-1773.pdf

EPIC - Open Government:
     http://epic.org/open_gov/

Freedom of Information Act Gallery:
     http://www.epic.org/open_gov/foiagallery/

EPIC's FOIA Litigation Docket:
     http://epic.org/privacy/litigation/

EPIC's Open Government Manual:
     http://epic.org/bookstore/foia2008/



=======================================================================
[5] European Commission Sets Out RFID Privacy Guidelines
=======================================================================

The European Commission announced recommendations on the implementation
of privacy and data protection safeguards in applications supported by
radio-frequency identification. These RFID applications are capable of
transferring personal data remotely between an embedded tag within an
ID card or product and a reader. Many privacy concerns have been
raised. Using such cards, it is possible to track movements and collect
data on products purchased.

The recommendation took notice of the increasing use of RFID in
everyday life, the ability to process information over short
distances without physical contact or visible interaction, and the
potential to monitor individuals through their possession of one or
more items that contain an RFID item number. The Commission recognized
the need for ensuring effective measures to safeguard personal data,
privacy and associated ethical principles.

Directives 95/46/EC and Directive 2002/58/EC of the European Parliament
prescribes the rights and obligations concerning the protection of
individuals with regard to processing of personal data and the free
flow of this data. The recommendations reaffirmed these privacy rights
and obligations and held them fully applicable to the use of RFID
applications that process personal data.

The EU recommendations attempts to supply guidance to Member States on
the design and operation of RFID in a "lawful, ethical, and socially
and politically acceptable way," respecting the right to privacy and
ensuring protection of personal data. The set of rules provide
guidance on measures to be taken for the deployment of RFID
applications to ensure that national legislation implementing
Directives 95/46/EC, 99/5/EC and 2002/58/EC is, where applicable,
respected when such applications are deployed.

The guidance directs Member States to ensure that industry, in
collaboration with civil society stakeholders, develops a framework for
privacy and data protection impact assessments. Such framework should
be submitted for endorsement to the Article 29 Data Protection Working
Party within 12 months. The notification also directs Member States to
support the Commission in identifying application that may raise
information security threats with implications for the general public
and ensure that operators develop and publish a policy for each of
their applications.

Recommendations to operators include informing individuals of the
presence of tags that are placed on or embedded in products, determine
if tags embedded in products sold constitute a likely threat to
privacy or the protection of personal data and perform deactivation
of tags as necessary. Both Member States as well as the industry are
asked to inform and raise awareness of potential benefits and risks
associated with the use of RFID technology; apply risk minimization
techniques; and stimulate and support the introduction of "security and
privacy by design" principle at an early stage in the development of
RFID applications.

In America, EPIC has urged strong consumer protections for RFID before
the Alaska and New Hampshire state legislatures, and the Federal Trade
Commission. EPIC also submitted comments to DHS on the use of RFID
embedded passports and urged the agency to abandon the use of such
technology in passports because of significant security and privacy
issues after obtaining reports showing government testing of the RFID-
enabled passports uncovered many problems with the program.


Radio Frequency IDentification and the Internet of Things:
     http://ec.europa.eu/information_society/policy/rfid/index_en.htm

Commission Recommendation:
     http://epic.org/redirect/052609_RFID_EU_Recco.html

Radio-Frequency Identification:
     http://en.wikipedia.org/wiki/RFID

Citizens' Summary:
     http://epic.org/redirect/052609_RFID_EU_CitizenSummary.html

EPIC's Testimony before Alaska Legislature:
     http://www.epic.org/privacy/rfid/ngo_test_031708.pdf

EPIC's Testimony before New Hampshire Legislature:
     http://epic.org/privacy/rfid/epic_clegg_hb686.pdf

EPIC - Guidelines on Commercial Use of RFID Technology:
     http://www.epic.org/privacy/rfid/rfid_gdlnes-070904.pdf

EPIC's Page on Radio Frequency Identification (RFID) Systems:
     http://epic.org/privacy/rfid/

EPIC's comments on RFID use on Western Hemisphere Travel Initiative:
     http://epic.org/privacy/rfid/whti_080107.pdf

DHS WHTI Final Rule:
     http://www.dhs.gov/xlibrary/assets/whti_landseafinalrule.pdf



=======================================================================
[6] News in Brief
=======================================================================


DHS Secretary Testifies Before Senate Committee on the Judiciary

DHS Secretary Janet Napolitano testified before the Senate Committee
on the Judiciary. While discussing several issues facing DHS,
Napolitano stated that DHS was strengthening the E-Verify program and
its growth was continuing with an average of 1,000 employers signing-up
each week. She further stated that E-Verify was continuously improving
its accuracy with 96 percent of all cases queried found to be
employment authorized. EPIC has noted that E-Verify could deny many
eligible individuals the opportunity to work, and is ineffective as a
solution to U.S. immigration problems. Last year, EPIC had filed a
Freedom of Information request with the DHS seeking documents
concerning promotion of E-Verify. The DHS Secretary also commented on
a various issues involving travel through secure identification,
and the use of Real-ID.


Testimony of DHS Secretary Janet Napolitano:
     http://epic.org/redirect/052609_Napolitano_Senate_JudCom.html

Statement of Senator Patrick Leahy:
     http://epic.org/redirect/052609_Leahy_Napolitano_Testify.html

DHS E-Verify program:
     http://www.dhs.gov/e-verify

Spotlight on Surveillance- E-Verify System:
     http://epic.org/privacy/surveillance/spotlight/0707/default.html

EPIC's Page on Air Travel Privacy:
     http://epic.org/privacy/airtravel/

Enhanced Drivers Licenses: What Are They?:
     http://www.dhs.gov/xtrvlsec/crossingborders/gc_1197575704846.shtm

National ID Cards and REAL ID Act:
     http://epic.org/privacy/id-cards/ 

Profile of Janet Napolitano:
     http://www.dhs.gov/xabout/structure/gc_1232568253959.shtm



Bill Introduced to Restore Privacy Rights

Rep. Carol Shea-Porter (D-N.H.) introduced a bill which attempts to
restore privacy rights under the Family and Medical Leave Act. The
previous law allowed an employer to directly contact an employee's
medical provider. The new law prevents such direct contact. Instead,
now, other employer representatives may contact the employee's health
care provider to confirm eligibility for Family and Medical Leave.
The bill has been referred to the Committee on Education and Labor,
and in addition to the Committees on Oversight and Government Reform,
and House Administration.


H.R. 2161 - Family and Medical Leave Act of 1993 Amendments:
     http://thomas.loc.gov/cgi-bin/bdquery/z?d111:h.r.02161:

Family and Medical Leave Restoration Act (Introduced in House):
     http://thomas.loc.gov/cgi-bin/query/z?c111:H.R.2161:

Family and Medical Leave Act:
     http://www.dol.gov/whd/fmla/

Family and Medical Leave Act of 1993 (29 U.S.C. 2611 et seq.):
     http://law.onecle.com/uscode/29/2611.html

EPIC's Bill Track Page (111th Congress):
     http://epic.org/privacy/bill_track-111.html

EPIC's Page on Medical Privacy:
     http://epic.org/privacy/medical



New Red Flags Rule Guidance for Low Risk Creditors

The Federal Trade Commission issued a guidance for small businesses
about complying with the new identity theft Red Flags Rule. The
guidance applies to businesses which may be termed "creditors" within
the definition of the rule, but have a low risk of identity theft.
The rule sets out how businesses and organizations must develop,
implement, and administer their Identity Theft Prevention Programs.
The Rule requires a business to conduct a periodic risk assessment to
determine if there are "covered accounts" and then implement a written
program. Covered accounts are described as any account that a financial
institution or creditor offers or maintains for which there is a
reasonably foreseeable risk to customers or to the safety and
soundness of the financial institution or creditor from identity theft, 
including financial, operational, compliance, reputation, or litigation
risks.

Fighting Fraud With the Red Flags Rule:
     http://www.ftc.gov/bcp/edu/pubs/business/idtheft/bus23.pdf

Federal Register Notice Issuing "Red Flags" ID Theft Rules:
     http://ftc.gov/os/fedreg/2007/november/071109redflags.pdf

Agencies Issue Final Rules on Identity Theft Red Flags,
October 31, 2007:
     http://ftc.gov/opa/2007/10/redflag.shtm

EPIC's Page on Identity Theft:
     http://epic.org/privacy/idtheft



Wireless Association Urges Federal Agency to Help Combat Mobile Spam

The Wireless Association has urged the Federal Communications
Commission to work with wireless carriers to increase enforcement
efforts against third parties sending unsolicited commercial messages
to wireless customers. Highlighting existing mechanisms which protect
consumers from unsolicited commercial calls and messages, the
association demanded more aggressive investigation and prosecution of
erring companies in order to deter the growth of fraudulent and
oppressive third party conduct and for meaningful FCC enforcement under
the Communications Act. Previously, EPIC had submitted comments to the
FCC regarding unwanted mobile service commercial messages and the
CAN-SPAM Act.


Letter to the Federal Communications Commission:
     http://epic.org/redirect/052609_CTIA_letter_FCC.html

Report on Informal Consumer Inquiries and Complaints Released:
     http://epic.org/privacy/telemarketing/wsspamcomm4.30.04.html

Section 501 under the Communications Act (47 U.S.C. 503)
     http://law.onecle.com/uscode/47/503.html

EPIC's Comments to the FCC:
     http://epic.org/privacy/telemarketing/wsspamcomm4.30.04.html



EU Group Updates FAQs on Binding Corporate Rules

The European Article 29 Working Group has revised its Frequently
Answered Questions to the Binding Corporate Rules. BCRs are a legal
means for providing adequate protection to personal data which is
covered by Directive 95/46/EC and transferred out of the European
Union to countries that are not considered to provide an adequate
level of protection. This new revision clarifies that compliance with
binding corporate rules is not a substitute for complying with EEA
national data protection laws, applying to the processing of personal
data in EEA Member States. The new guidance also states that "where
data subjects can demonstrate that they have suffered damage and
establish facts which show it is likely that the damage has occurred
because of the breach of BCR, it will be for the member of the group 
in Europe that accepted liability to prove that the member of the
corporate group outside of Europe was not responsible for the breach
of the BCR giving rise to those damages or that no such breach took 
place."


Art.29 Data Protection Working Party:
     http://epic.org/redirect/040109_A29WP.html

FAQs on Binding Corporate Rules (BCR):
     http://epic.org/redirect/052609_BCR_FAQ_WP155_Rev4.html

Working Document on Frequently Asked Questions (FAQs) related to
Binding Corporate Rules:
     http://epic.org/redirect/022309_BCR_framework.html

Privacy & Human Rights (2006):
     http://epic.org/phr06/



Spanish Data Protection Authority Publishes Social Network Privacy Study

The National Institute of Communication Technology and the Spanish Data
Protection Authority released the report "Privacy of personal data and
the security of the information in online social networks." The
publication studied the most relevant legal aspects of privacy in social
networks and made recommendations directed to the business sector, the
social network operators, the internet service providers, the security 
providers, the users and the public administration. The report analyses
the legal framework of social networks in order to determine the
obligations and responsibilities of the social networks operators in
Spain. The studies also made an analysis of the privacy and security
challenges of the protection of the users' personal information with
special focus on children's personal data.

Estudio AEPD - INTECO sobre riesgos para la privacidad y seguridad en
redes sociales (Risks to Privacy and Social Networks Security:
     http://epic.org/redirect/052609_SpanishDPA_PrivSocNetSec.html

EPIC - Social Networking Web Sites
     http://epic.org/privacy/socialnet/default.html

EPIC - Facebook Privacy Page
     http://epic.org/privacy/facebook/default.html



=======================================================================
[7] EPIC Bookstore: "Moyers on Democracy"
=======================================================================

"Moyers on Democracy"
by Bill Moyers
     http://www.amazon.com/gp/product/0385523807?tag=e03a6-20

When journalist and former White House Press Secretary, Bill Moyers,
published his notions on democracy, one is justified in expecting a
memoir laced with personal experiences and a sense of wisdom. "Moyers
on democracy" certainly does deliver. And perhaps exceeds. In what
could have been a blueprint for Barack Obama's presidential campaign
speeches, but probably wasn't, this narrative was published a few
years ago, and while some of the facts may have lost their lustre,
their purport certainly has not.

Having been well-versed in the power maneuvres of Washington, Moyers
was intimately familiar with the political chicaneries of
megalomaniacal charlatans attempting to remain in power at all costs.
And just as true as absolute power that corrupts absolutely, Moyers
saw the high ideals of people power being subverted into an oligarchy
that failed to transcend political lobbying and ran reverse to social
welfare.

Throughout the book, Moyers journeys through the annals of history of
American politics and draws out the history and its teachings. Having
worked within "the system," Moyers attempts to convey the true meaning
of democracy not only in letter, but also in spirit and affirms "why
politics should be everyone's business."

Bill Moyers does not hestitate to call a spade, a spade. Terming
politics as an arms race today, with money doing to work of missiles,
he is as vitriolic in his statements as he is passionate in the
arguments against those who corrupted the true meaning to democracy.
Having been exposed to abysmal realities from the Capitol and the idea
that the greed for power is good, Moyers chastises the public for being
"institutionalised and locked in separate realities; parochial loyalties
and fixed opinions." The former White House Press Secretary urges the
people to escape the bonds and pursue "a life of free and enriching
communion." He valiantly exhorts his readers to change the rules of
what has become the "cynical acceptance of falsehood as a way of
government and as a way of life."

Apart from being a commentary, this book can also be considered a
manual for journalists which might enable them to ask the right
questions that connect the dots between "we the people" and "of the
people, by the people, for the people." Moyer calls journalism "a job
of trying to tell the truth about people whose job it is to hide the
truth [and] is as complicated and difficult as trying to hide it in
the first place."

Looking from his viewpoint of witnessing the crumbling citadels of
democracy and a perverted sense of polity, Moyers conveys a sense
of helplessness in being part of the generation that could not pass on
the baton of good governance to the next. However, what he does convey
are his best wishes, the power of belief in the "struggle", and that
"hope" was a state of mind independent of the state of the nation.

-- Anirban Sen



================================
EPIC Publications:

"Litigation Under the Federal Open Government Laws 2008," edited by
Harry A. Hammitt, Marc Rotenberg, John A. Verdi, and Mark S. Zaid
(EPIC 2008). Price: $60.

http://epic.org/bookstore/foia2008/
	
Litigation Under the Federal Open Government Laws is the most
comprehensive, authoritative discussion of the federal open access
laws. This updated version includes new material regarding the
substantial FOIA amendments enacted on December 31, 2007. Many of the
recent amendments are effective as of December 31, 2008. The standard
reference work includes in-depth analysis of litigation under Freedom
of Information Act, Privacy Act, Federal Advisory Committee Act,
Government in the Sunshine Act. The fully updated 2008 volume is the
24th edition of the manual that lawyers, journalists and researchers
have relied on for more than 25 years. 

================================

"Information Privacy Law: Cases and Materials, Second Edition" Daniel
J. Solove, Marc Rotenberg, and Paul Schwartz. (Aspen 2005). Price: $98.

http://www.epic.org/redirect/aspen_ipl_casebook.html

This clear, comprehensive introduction to the field of information
privacy law allows instructors to enliven their teaching of fundamental
concepts by addressing both enduring and emerging controversies. The
Second Edition addresses numerous rapidly developing areas of privacy
law, including: identity theft, government data mining and electronic
surveillance law, the Foreign Intelligence Surveillance Act,
intelligence sharing, RFID tags, GPS, spyware, web bugs, and more.
Information Privacy Law, Second Edition, builds a cohesive foundation
for an exciting course in this rapidly evolving area of law.

================================

"Privacy & Human Rights 2006: An International Survey of Privacy Laws
and Developments" (EPIC 2007). Price: $75.
http://www.epic.org/phr06/

This annual report by EPIC and Privacy International provides an
overview of key privacy topics and reviews the state of privacy in over
75 countries around the world. The report outlines legal protections,
new challenges, and important issues and events relating to privacy.
Privacy & Human Rights 2006 is the most comprehensive report on privacy
and data protection ever published.

================================

"The Public Voice WSIS Sourcebook: Perspectives on the World Summit on
the Information Society" (EPIC 2004). Price: $40.

http://www.epic.org/bookstore/pvsourcebook

This resource promotes a dialogue on the issues, the outcomes, and the
process of the World Summit on the Information Society (WSIS). This
reference guide provides the official UN documents, regional and
issue-oriented perspectives, and recommendations and proposals for
future action, as well as a useful list of resources and contacts for
individuals and organizations that wish to become more involved in the
WSIS process.

================================

"The Privacy Law Sourcebook 2004: United States Law, International Law,
and Recent Developments," Marc Rotenberg, editor (EPIC 2005). Price:
$40.

http://www.epic.org/bookstore/pls2004/

The Privacy Law Sourcebook, which has been called the "Physician's Desk
Reference" of the privacy world, is the leading resource for students,
attorneys, researchers, and journalists interested in pursuing privacy
law in the United States and around the world. It includes the full
texts of major privacy laws and directives such as the Fair Credit
Reporting Act, the Privacy Act, and the OECD Privacy Guidelines, as
well as an up-to-date section on recent developments. New materials
include the APEC Privacy Framework, the Video Voyeurism Prevention Act,
and the CAN-SPAM Act.

================================

"Filters and Freedom 2.0: Free Speech Perspectives on Internet Content
Controls" (EPIC 2001). Price: $20.

http://www.epic.org/bookstore/filters2.0

A collection of essays, studies, and critiques of Internet content
filtering. These papers are instrumental in explaining why filtering
threatens free expression.

================================

EPIC publications and other books on privacy, open government, free
expression, crypto and governance can be ordered at:

EPIC Bookstore
http://www.epic.org/bookstore

"EPIC Bookshelf" at Powell's Books
http://www.powells.com/bookshelf/epicorg.html

================================

EPIC also publishes EPIC FOIA Notes, which provides brief summaries of
interesting documents obtained from government agencies under the
Freedom of Information Act.

Subscribe to EPIC FOIA Notes at:
https:/mailman.epic.org/mailman/listinfo/foia_notes


=======================================================================
[8] Upcoming Conferences and Events
=======================================================================

Computers, Freedom, and Privacy, 19th Annual Conference, Washington,
D.C., June 1-4, 2009. For more information,
http://www.cfp2009.org/wiki/index.php/Main_Page

http://www.facebook.com/event.php?eid=96415848361

EPIC 15th Anniversary Dinner and the EPIC Champion of Freedom Awards,
Cosmos Club, Washington, DC, June 9, 2009. For invitation, see
http://www.epic.org/epic15/invite.pdf. Register at
http://epic.org/register

IAPP - Practical Privacy Series - "Data Breach," "Data Governance,",
"Human Resources," and "Information Security and Privacy." 
Network Meeting Center at Techmart, Santa Clara, CA. June 17-18,
For more information, 
https://www.privacyassociation.org/index.php

"The Transformation of Privacy Policy," Institutions, Markets
Technology Institute for Advanced Studies (IMT)Lucca, Italy, July 2-4,
2009.

Engaging Data: First International Forum on the Application and
Management of Personal Electronic Information hosted by
SENSEable City Lab, Massachusetts Institute of Technology.
For more information,
http://senseable.mit.edu/engagingdata



=======================================================================
Join EPIC on Facebook
=======================================================================

Join the Electronic Privacy Information Center on Facebook
http://epic.org/facebook

Start a discussion on privacy. Let us know your thoughts.
Stay up to date with EPIC's events.
Support EPIC.


=======================================================================
Privacy Policy
=======================================================================

The EPIC Alert mailing list is used only to mail the EPIC Alert and to
send notices about EPIC activities. We do not sell, rent or share our
mailing list. We also intend to challenge any subpoena or other legal
process seeking access to our mailing list. We do not enhance (link to
other databases) our mailing list or require your actual name.

In the event you wish to subscribe or unsubscribe your e-mail address
from this list, please follow the above instructions under "subscription
information."


=======================================================================
About EPIC
=======================================================================

The Electronic Privacy Information Center is a public interest research
center in Washington, DC. It was established in 1994 to focus public
attention on emerging privacy issues such as the Clipper Chip, the
Digital Telephony proposal, national ID cards, medical record privacy,
and the collection and sale of personal information. EPIC publishes the
EPIC Alert, pursues Freedom of Information Act litigation, and conducts
policy research. For more information, see http://www.epic.org or write
EPIC, 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009. +1 202
483 1140 (tel), +1 202 483 1248 (fax).

=======================================================================
Donate to EPIC
=======================================================================

If you'd like to support the work of the Electronic Privacy Information
Center, contributions are welcome and fully tax-deductible. Checks
should be made out to "EPIC" and sent to 1718 Connecticut Ave., NW,
Suite 200, Washington, DC 20009. Or you can contribute online at:

http://www.epic.org/donate

Your contributions will help support Freedom of Information Act and
First Amendment litigation, strong and effective advocacy for the right
of privacy and efforts to oppose government regulation of encryption and
expanding wiretapping powers.

Thank you for your support.


=======================================================================
Subscription Information
=======================================================================

Subscribe/unsubscribe via web interface:
http://mailman.epic.org/mailman/listinfo/epic_news

Back issues are available at:
http://www.epic.org/alert


The EPIC Alert displays best in a fixed-width font, such as Courier.


------------------------- END EPIC Alert 16.10 ------------------------

.