======================================================================= E P I C A l e r t ======================================================================= Volume 16.12 June 22, 2009 ----------------------------------------------------------------------- Published by the Electronic Privacy Information Center (EPIC) Washington, D.C. http://www.epic.org/alert/EPIC_Alert_16.12.html "Defend Privacy. Support EPIC." http://epic.org/facebook ======================================================================= Table of Contents ======================================================================= [1] EPIC Testifies Before Congress on Identity Theft [2] EPIC Announces 2009 Champion of Freedoms Winners [3] Sotomayor Nomination Hearings to Begin July 13 [4] EPIC Submits Comments to FCC on US Broadband Infrastructure [5] Privacy Legislation Moves Forward in Congress [6] News in Brief [7] EPIC Bookstore: "Schneier on Security" [8] Upcoming Conferences and Events - Join EPIC on Facebook http://epic.org/facebook - Privacy Policy - About EPIC - Donate to EPIC http://epic.org/donate - Subscription Information ======================================================================= [1] EPIC Testifies Before Congress on Identity Theft ======================================================================= On June 17, 2009, EPIC President Marc Rotenberg testified before the House Subcommittee on Information Policy, Census and National Archives on "Identity Theft: Victims Bills of Rights." In his testimony, Mr. Rotenberg outlined the elements of a more comprehensive strategy to address the escalating problem of identity theft. The problem of identity theft in the United States is substantial, growing and evolving, and according to the FTC, identity theft is the number one concern of American consumers. "Several steps have been taken to assist the victims of identity theft and to prosecute criminals. But in our opinion, none of there efforts get to the root causes of the problem," said Marc Rotenberg. EPIC's testimony also pointed out that the loss of control over the credentials that allow financial transactions and receive medical care poses a different problem than the hazards associated with traditional theft. Identity theft is both a crime by itself and also facilitates further crime. Among other concerns, EPIC also highlighted the problem of medical identity theft. Mr. Rotenberg stated "[i]t is particularly important to implement safeguards against medical identity theft because the damage arising from the crime is severe, and recent efforts to digitize all medical records exposes increasing numbers of Americans to risk." The Recovery Act provides for the expenditure of substantial federal funds to enhance the infrastructure for electronic health records. Identity thieves continue to succeed through phishing, pretexting, and spyware. The lack of attention by consumers not having the knowledge of the true dangers that may be present contributes to the situation. The EPIC testimony made specific recommendations regarding Government's need to consider privacy protections in the development of Web 2.0 services and in the outsourcing of government services. EPIC has made specific recommendations to the Department of Homeland Security and to the Office of Science and Technology Policy to address some of these challenges. Another concern is the need to have enforceable privacy rights that bind all private contractors that obtain personal information from the federal government. EPIC recommended regular audits to determine compliance with legal standards. Mr. Rotenberg also supported the necessity of enacting a comprehensive privacy legislation. Identity theft continues to escalate because it is too easy for companies to collect personal information and too difficult for individuals to safeguard their information once it is in someone's else possession. To reduce the risk of identity theft, EPIC recommended (1) adoption of privacy legislation that places greater responsibilities on companies that collect and use personal information, (2) data breach notifications, and (3) providing consumers an opportunity to seek damages when companies failed to safeguard the information they collected. Mr. Rotenberg also advised the protection of personal information through the cybersecurity policy and warned that the use of techniques which enable monitoring by third parties expose data that could be obtained and used for improper purposes. EPIC said that one of the key goals for the federal government over the next several years should be the development of an identity management system that is scalable, robust and secure. Other witnesses at the hearing were from Federal Trade Commission, the Justice Department, Government Accountability Office, The Santa Fe Group, Center for Identity Management and Information Protection, Identity Theft Assistance Corporation, and the Identity Theft Resource Center. EPIC's Testimony: http://epic.org/privacy/idtheft/epic_idtheft_rotenberg_6-09.pdf Hearing Webcast: http://epic.org/redirect/062209_IDTheftHearingCast.html "Identity Theft: Victims Bills of Rights:" http://informationpolicy.oversight.house.gov/story.asp?ID=2487 House Oversight Committee: http://informationpolicy.oversight.house.gov/ EPIC's comments to DHS on Use of Social Media: http://epic.org/privacy/socialnet/dhs_socialnetworking-6-09.pdf EPIC's Page on Identity Theft: http://epic.org/privacy/idtheft ======================================================================= [2] EPIC Announces 2009 Champion of Freedoms Winners ======================================================================= EPIC's celebrated its 15th anniversary at The Fairfax on Embassy Row, Washington, D.C. on June 9, 2009. On the occasion of the anniversary dinner, EPIC awarded the 2009 Champion of Freedom Awards to Congressman Edward Markey, Supreme Court litigator Paul M. Smith and Hollywood director and producer D.J. Caruso. Slate Supreme Court correspondent Dahlia Lithwick emceed the event. Congressman Markey is a leading champion of privacy protections for all Americans. A key leader on providing privacy protections for personal information such as medical records, financial records, and purchases on-line, Chairman Markey is the third-longest serving member of Congress from New England. As chairman of the House Telecommunications and the Internet Subcommittee, Rep. Markey has led efforts to protect consumer privacy relating to wireless location information and the use of cable, telephone, and satellite services. Congressman Markey has also recently worked on the need to ensure encryption and security obligations for online medical records information. Paul Smith, a partner with Jenner & Block, has argued groundbreaking cases before the Supreme Court. He appeared in Crawford v. Marion County Election Board (2008), the Indiana Voter ID case; Lawrence v. Texas (2003), involving the constitutionality of the Texas sodomy statute; and United States v. American Library Ass'n (2003), involving a First Amendment challenge to the Children's Internet Protection Act. Daniel John "D.J." Caruso is an American director and producer. He has directed films such as Disturbia, Two for the Money, Taking Lives, The Salton Sea, and Eagle Eye. Produced by Steven Spielberg, Eagle Eye explores the role of identification, automation, and surveillance in Washington, D.C. But beneath the fast-paced, action packed plot are looming questions about the future of technology and the importance of government accountability. Dahlia Lithwick, Senior Legal Correspondent of Slate, emceed the event. She writes "Supreme Court Dispatches" and "Jurisprudence." Ms. Lithwick was awarded the Online News Association's award for online commentary in 2001. EPIC also welcomed new members to the EPIC Advisory Board: Grayson Barber, Fellow, Center for Information Technology Policy, Princeton University; Aziz Huq, Lecturer, University of Chicago Law School; Ian Kerr, Canada Research Chair in Ethics, Law, and Technology, University of Ottawa; Pradeep K. Khosla, Dean, College of Engineering, Carnegie Mellon University; Rebecca MackInnon, Assistant Professor, University of Hong Kong Journalism and Media Studies Center; Founder, Global Voices; Craig Newmark, Founder, Craig's List; Helen Nissenbaum, Professor, Media, Culture & Communication, Computer Science; Senior Fellow, Information Law Institute, NYU School of Law; Harriet Pearson, Vice President, Security Counsel & Chief Privacy Office, IBM; Georgetown Communication, Culture & Technology Program; Chris Soghoian, Blogger, dubfire.net; Fellow, Berkman Center for Internet & Society. EPIC also elected four new members to the EPIC Board of Directors Charlie Firestone, Mary Minow, Pablo Molina, and Deborah Peel. Congressman Ed Markey: http://markey.house.gov/ Paul M. Smith: http://www.jenner.com/people/bio.asp?id=278 D.J. Caruso: http://en.wikipedia.org/wiki/D.J._Caruso Speech of D.J. Caruso: http://epic.org/linkedfiles/epic_speech_DJCaruso.pdf Dahlia Lithwick, Slate Magazine: http://www.slate.com/?id=3944&qp=26373 EPIC - Advisory Board: http://epic.org/epic/advisory_board.html EPIC - Board and Staff: http://epic.org/epic/staff_and_board.html Eagle Eye - The Movie: http://www.eagleeyemovie.com/ Purchase "Eagle Eye" at Amazon.com: http://www.amazon.com/gp/product/B001L2ZSKS?tag=e03a6-20 ======================================================================= [3] Sotomayor Nomination Hearings to Begin July 13 ======================================================================= On May 26, 2009, President Obama nominated Judge Sonia Sotomayor to replace Justice David H. Souter on the Supreme Court. In early June, Senate Judiciary Committee Chairman Patrick Leahy (D-Vt.) announced that hearings to consider the nomination of Judge Sonia Sotomayor to be an Associate Justice of the U.S. Supreme Court will begin on July 13, 2009. The Supreme Court of the United States exercises authority as the highest appellate court in the federal judiciary. Under the Constitution, Justices on the Supreme Court receive lifetime appointments for which one must first be nominated by the President and then confirmed by the Senate. An important role is also played midway in the process — after the President selects, but before the Senate as a whole considers the nominee — by the Senate Judiciary Committee. The Committee initiates its own intensive investigation into the nominee's background. Information is based on a committee questionnaire to which the nominee responds in writing as well as confidential FBI reports. A confirmation hearing begins with a statement from the Committee chairman followed by the nominee's opening statement. The chairman, followed by the ranking minority member and then the rest of the committee in descending order of seniority begins the questioning. Within a week of the end of hearings, the committee meets in open session to determine what recommendation to "report" to the full Senate. A vote to confirm requires a simple majority of Senators present and voting. Judge Sonia Sotomayor, a student of Yale Law School, joined the New York District Attorney's Office immediately upon graduating. Judge Sotomayor then entered private practice, eventually becoming a partner at Pavia & Harcourt. She specialized in intellectual property litigation, international law, and arbitration. President George H. W. Bush nominated Judge Sotomayor to the U.S. District Court for the Southern District of New York in 1991. In 1997, President Bill Clinton nominated her to the U.S. Court of Appeals for the Second Circuit. If Sotomayor is successfully confirmed by the Senate, she may encounter Constitutional and statutory issues in the area of privacy law during her tenure on the Court which in the contemporary environment, is more vital than ever. Judge Sotomayor has ruled on several cases affecting the Fourth, First Amendment, and open government issues. Her opinions have included cases regarding the opening and reading of a prisoner's mail, strip-searches of young girls at juvenile facilities and of adult males in jails, concerning errors in police computer databases, addressing the validity of a warrant based upon lies or questionable facts, child pornography on the internet, search of state employee's computer, investigations regarding FBI misconduct, inter-agency documents and tax law administration, gag orders on the media from publishing jury names, contract formation in cyberspace, and concerning the sale of illegal wiretapping devices. EPIC's Page on the Nomination of Judge Sotomayor: http://epic.org/privacy/sotomayor Supreme Court Appointment Process: Roles of the President, Judiciary Committee, and the Senate (CRS Report for Congress, July 6, 2005): http://fpc.state.gov/documents/organization/50146.pdf Sotomayor Confirmation Hearing To Begin July 13: http://leahy.senate.gov/press/200906/060909b.html Comments of Senator Patrick Leahy (D-Vt.). Chairman, Senate Judiciary Committee, On The President's Nomination of Sonia Sotomayor to the U.S. Supreme Court, May 26, 2009: http://leahy.senate.gov/press/200905/052609a.html The President's Nominee: Judge Sotomayor, The White House Blog Post, May 26, 2009: http://www.whitehouse.gov/sotomayor/ ======================================================================= [4] EPIC Submits Comments to FCC on US Broadband Infrastructure ======================================================================= The American Recovery and Reinvestment Act of 2009 charged the Federal Communications Commission with creating a national broadband plan that would "ensure that every American has access to broadband capability and establishes clear benchmarks for meeting that goal." The FCC sought comments on the plan. EPIC submitted comments stressing the importance of securing the privacy interests and civil liberties of consumers and Internet users in the development of the broadband plan. EPIC has long supported the FCC's efforts to secure privacy, having previously advocated for the FCC to require strong privacy safeguards for telephone customers' personal information and to protect wireless subscribers from telemarketing. EPIC urged the Commission to again exercise its authority to ensure that the broadband plan includes robust privacy safeguards. EPIC noted that the goal of widespread adoption of broadband technology depends on consumers being confident that their online activities will not be monitored and their personal information will not be collected, sold, and used in ways other than what they intended. Additionally, EPIC recommended that the Commission exclude personally identifiable information from data collected for the purposes of setting broadband penetration benchmarks and analyzing progress toward these goals. Increased broadband adoption will also make deep packet inspection more valuable. EPIC recommended that the Wiretap Act's prohibition on deep packet inspection by Internet service providers be strictly enforced. A clear legal prohibition on DPI must be maintained in order to safeguard users' privacy. EPIC also recommended that the Commission regulate the behavioral advertising practices of Internet companies instead of continuing to rely on self-regulation by the industry. The promotion of the national broadband plan will also improve access to electronic medical records, but it must be accompanied by robust privacy protections. In the past, EPIC has identified the importance of and established principles for federal privacy protection for medical records. EPIC urged the Commission to require protections for all electronic medical records to prevent sensitive patient information from being compromised. American Recovery and Reinvestment Act of 2009: http://epic.org/redirect/022309_Stimulus_Act.html FCC Notice of Inquiry: http://hraunfoss.fcc.gov/edocs_public/attachmatch/FCC-09-31A1.pdf FCC Launches Development of National Broadband Plan: http://hraunfoss.fcc.gov/edocs_public/attachmatch/DOC-289900A1.pdf Federal Communications Commission: http://www.fcc.gov EPIC's Comments to the FCC: http://epic.org/privacy/pdf/fcc_broadband_6-8-09.pdf EPIC's Page on NCTA v. FCC: http://epic.org/privacy/nctafcc/ EPIC's Comments to FCC against Cellphone Marketing: http://epic.org/privacy/telemarketing/fcc_aca_05-11-06.html EPIC's Page on Deep Packet Inspection: http://epic.org/privacy/dpi/ EPIC's Page on Medical Record Privacy: http://epic.org/privacy/medical/ ======================================================================= [5] Privacy Legislation Moves Forward in Congress ======================================================================= The Data Accountability and Trust Act was introduced in Congress on April 30, 2009 and sponsored by Congressman Bobby Rush. The bill aims to protect consumers by requiring information brokers that possess personal identification information, to implement security information practices to keep personal consumer information secure from public access. EPIC, in a testimony before the Subcommittee on Commerce, Trade, and Consumer Protection of the House Committee on Energy and Commerce, had urged Congress to make clear fundamental obligations on companies and organizations that collect and use personal data on consumers and Internet users. Marc Rotenberg, Executive Director had said, "[i]t is simply too easy for firms today to capture the benefits of data collection and ignore the risks." Mr. Rotenberg recommended that the bill adopt a broader definition of personally identifiable information to include any information that "identifies or could identify a particular person." He also advised Congress to require that companies comply with security obligations even if information disclosed was "public record" and it appeared that there was no immediate harm to the individual whose information was acquired, since it was likely a breach would reoccur if the problem was left uncorrected. EPIC also suggested that a private right of action be added to the bill with a stipulated damage award against a company who might improperly leak personal data, and that Congress refrain, in crafting the bill, from preempting more effective individual state legislation on the matter. On June 3, 2009, the subcommittee amended the bill by a voice vote in a mark-up session. The amendments alter the application and function of the bill in several ways. First, the amendment broadens the scope of the applicability so that it applies to all forms of personal data, and not merely that contained in electronic form. Next, it provides that in order to conform with the bill, information brokers must implement policies and procedures that include a standard method for destroying obsolete paper documents and non-electronic data containing personal information if the Federal Trade Commission finds that such a standard is appropriate. Other additions raise the level of care expected from information brokers in their treatment of personal information. The newer version of the bill requires an information broker to correct an inaccuracy in his record if an individual provides proof that the broker was reporting incorrect information. Nonetheless, the amendments increase the number of situations in which an information broker may refrain from allowing a consumer to view his or her own personal information. The amendment, however, enables the FTC to issue regulations on the matter in circumstances it deems appropriate. With respect to notifying individuals of unauthorized access of their personal information, the new bill allows law enforcement officers to delay notification of an individual if such notification would impede upon a civil or criminal investigation. The amendments also alter the definition of various terms contained within the bill. The newer version expand the definitions of "breach of security" to include "unauthorized access to data in electronic form." The definition of "personal information" now explicitly includes driver's license number, passport numbers, military identification numbers, or other similar government issued numbers as one of its elements. Although the original bill was slated to sunset ten years from the date of enactment, the new bill removes such provision. Amendment in the Nature of a Substitute to H.R. 2221: http://energycommerce.house.gov/Press_111/20090603/hr2221_ans.pdf H.R. 2221, the Data Accountability and Trust Act (as introduced): http://epic.org/redirect/051509_HR2221.html Marc Rotenberg - Testimony, May 5, 2009: http://epic.org/linkedfiles/rotenberg_house_ctcp2221_1319.pdf EPIC's Testimony on Identity Theft (June 17, 2008): http://epic.org/privacy/idtheft/epic_idtheft_rotenberg_6-09.pdf House Committee on Energy and Commerce, Subcommittee on Commerce, Trade and Consumer Protection - Hearings, May 5, 2009: http://epic.org/redirect/051509_House_CTCP_0505.html FTC Page on Identity Theft: http://www.ftc.gov/bcp/edu/microsites/idtheft/ EPIC's Page on Identity Theft: http://epic.org/privacy/idtheft ======================================================================= [6] News in Brief ======================================================================= White Open Government Initiative - "Discussion" In the First Phase of its open government proposal, "Brainstorming," the White House received several public comments. EPIC made five recommendations to promote government transparency and accountability. The next phase, "Discussion," invited comments focusing on several transparency themes: principles, governance, access, data, and operations, to be followed by a series of posts on participation and collaboration. The White House is requesting comments on 18 categories which include: Prizes as Incentives for Public-Private Partnerships; Enhancing Online Citizen Participation Through Policy; New Technologies and Participation; Improving Online Public Participation in Agency Rulemaking; Strengthening Civic Participation; Transparency in Principles, Access to Information, Open Government Operations and in Governance; Enhancing Citizen Participation in Decision-Making; Data Transparency via Data.gov; and Presidential Memo on Scientific Integrity outlined in his memoranda on for the Heads of Executive Departments and Agencies. The Collaboration Discussion will continue through this week. The Third Phase, "Drafting," begins on Monday, June 22, 2009. Open Government Initiative: http://www.whitehouse.gov/open/ Office of Science and Technology Policy, Executive Office of the President, Transparency and Open Government: http://edocket.access.gpo.gov/2009/pdf/E9-12026.pdf Phase II: Discussion: http://blog.ostp.gov/ OSTP: Requests for Comments: http://blog.ostp.gov/category/requests-for-comment/ Brainstorming Session: http://opengov.ideascale.com/ EPIC's Comments in the Brainstorming Phase: http://opengov.ideascale.com/akira/pmd/6537-4049 EPIC's Submission: Users Are Not Tracked on Government Sites: http://opengov.ideascale.com/akira/dtd/3544-4049 EPIC's Submission: Promoting Open Government: http://opengov.ideascale.com/akira/dtd/3533-4049 EPIC's Submission: Allowing Meaningful Public Participation: http://opengov.ideascale.com/akira/dtd/3536-4049 EPIC's Submission: Stopping Commercialization of Personal Data: http://opengov.ideascale.com/akira/dtd/3538-4049 EPIC's Submission: Application of Privacy Act to Data Collected: http://opengov.ideascale.com/akira/dtd/3540-4049 EPIC's Page on Open Government: http://epic.org/open_gov/ EPIC's FOIA Litigation Manual 2008: http://epic.org/bookstore/foia2008/ European Advisory Group Issues Opinion on Social Networking The Article 29 Working Party, which is the European advisory expert group on data protection and privacy, issued a guidance to Social Network Service providers on measures needed to ensure compliance with EU law. Directives 95/46/EC and Directive 2002/58/EC of the European Parliament prescribes the rights and obligations concerning the protection of individuals with regard to processing of personal data and the free flow of this data. The key concern of the group is the dissemination and use of information available on such networks for secondary, unintended purposes. The opinion recommended robust security and privacy-friendly default settings. Topics included processing of sensitive data and images, advertising and direct marketing, and data retention. In January, EPIC suggested regulation of Social Network Service partners, including advertisers and application developers. Guidance on Social Networks: http://epic.org/privacy/socialnet/Opinion_SNS_090316_Adopted.pdf Article 29 Working Party: http://epic.org/redirect/040109_A29WP.html Directive 95/46/EC: http://epic.org/redirect/062209_EU9546EC.html Directive 2002/58/EC on data protection and privacy: http://epic.org/redirect/091208_eu.html EPIC Suggestions: http://www.cpdpconferences.org/L-Z/rotenberg.html EPIC's Page on Social Networking Privacy: http://epic.org/privacy/socialnet/default.html Expert Group Asks Google to Improve Cloud Computing Privacy A letter signed by 38 researchers and academics in the fields of computer science, information security and privacy law was sent to Google's CEO. The letter asks Google to uphold privacy promises made to users of Google Cloud Computing services. In March, EPIC filed a complaint with the FTC urging an investigation into Cloud Computing services, such as Google Docs, to determine "the adequacy of the privacy and security safeguards." The EPIC complaint specifically recommended the adoption of encryption to help safeguard privacy and security. Addressing concerns about data vulnerability and interception, the expert group has asked Google to enable HTTPS (web-based encryption) by default in several Google apps, including Gmail. Google in its blog responded by stating that it was planning a trial in which it will move small samples of different types of Gmail users to HTTPS to see what their experience is, and whether it affects the speed and performance of their email. Letter from Experts Group to Google: http://files.cloudprivacy.net/google-letter-final.pdf Signatories of the Letter: http://www.cloudprivacy.net/letter/#signers The Official GMail Blog: Making Security Easier: http://gmailblog.blogspot.com/2008/07/making-security-easier.html Google Public Policy Blog: HTTPS Security for Web Applications: http://epic.org/redirect/062209_Google_https.html Tools to Steal Information: http://fscked.org/projects/cookiemonster HTTPS (web-based encryption): http://en.wikipedia.org/wiki/Https EPIC's page on Cloud Computing: http://epic.org/privacy/cloudcomputing/ EPIC's Page on In re Google and Cloud Computing: http://epic.org/privacy/cloudcomputing/google/ Senators Take a Pass on REAL ID Senator Daniel K. Akaka (D-HI), George V. Voinovich (R-OH) and other Senators have introduced the Providing for Additional Security in States' Identification Act of 2009. PASS ID, should it become law, would replace the controversial REAL ID Act of 2005. The REAL ID Act has faced ongoing criticisms from state governments, technical experts, and privacy advocates. In 2007, EPIC and the Privacy Coalition organized a national campaign against REAL ID implementation. The PASS ID proponents say the bill follows the recommendations of the 9/11 Commission for improving the security of drivers licenses while avoiding the problems of REAL ID. S.1261 - PASS ID Act http://thomas.loc.gov/cgi-bin/bdquery/z?d111:s.01261: Providing for Additional Security in States' Identification Act of 2009: http://epic.org/privacy/id-cards/PASS%20ID%20-%20FINAL.pdf Senator Daniel K. Akaka (D-HI): http://akaka.senate.gov/public/index.cfm George V. Voinovich (R-OH): http://voinovich.senate.gov/public/index.cfm REAL ID Act of 2005: http://epic.org/privacy/id-cards/real_id_act.pdf National Campaign: http://privacycoalition.org/stoprealid/ EPIC's page on National ID and the REAL ID Act: http://epic.org/privacy/id-cards/ Justice Department Appoints New Privacy Officer Nancy Libin, a former Senate Staff member, has been appointed the Justice Department's Chief Privacy and Civil Liberties Officer. The CPCLO's duties and responsibilities is supported by the Office of Privacy and Civil Liberties. This main objective of this office is to protect the privacy and civil liberties of the American people by reviewing and overseeing the Department's privacy operations and ensuring its privacy compliance, which includes compliance with the Privacy Act of 1974 and the E-Government Act of 2002. Other duties include oversight of various Privacy Impact Assessments; assisting the Privacy Officer in developing Departmental privacy policies and refining Department policies relating to the protection of civil liberties of individuals, especially with regard to the Department's counterterrorism and law enforcement efforts; representing the Department with respect to international privacy policy issues; oversight of privacy-related reporting to the President and Congress; and coordinating the work of the Department relating to the protection of privacy and civil liberties. Justice Department: The Office of Privacy and Civil Liberties: http://www.usdoj.gov/opcl/ National Archives Names FOIA Ombudsman The National Archives announced Wednesday it has filled the newly created position of FOIA ombudsman for the federal government. Miram Nisbet was appointed to lead the Office of Government Information Services, which is located at the National Archives and Records Administration. The ombudsman's office was created by the 2007 amendments to the Freedom of Information Act to provide guidance and mediation for FOIA activities within the government. The OGIS Director is charged with reviewing policies and procedures of administrative agencies under FOIA; reviewing compliance with FOIA by administrative agencies; recommending policy changes to Congress and the President to improve the administration of FOIA; and is responsible for offering mediation services to resolve disputes between FOIA requestors and administrative agencies, and may also issue advisory opinions if mediation fail to resolve the dispute. Press Release, The National Archives: http://www.archives.gov/press/press-releases/2009/nr09-93.html ======================================================================= [7] EPIC Bookstore: "Schneier on Security" ======================================================================= "Schneier on Security" by Bruce Schneier http://www.amazon.com/gp/product/0470395354?tag=e03a6-20 The public perception about security today revolves largely around notions of long lines in front of metal detectors and x-ray machines, surveillance cameras and uniformed personnel following a rulebook and asking questions. Schneier on Security journeys through a myriad of topics, situations and apparatus which a person would identify with security and makes us think about it in a way we are not used to and logically leads us to conclude what often seems counter-intuitive. The book, a collection of essays on security technologies, policies and real-world applications, deconstructs the perceived notions of safety, exposes the ludicrous adopted policy, and addresses the true requirements for the prevention of harm. Covering most topics under the sun - ranging from terrorism, national security, and surveillance, to air travel, elections, disaster management, the selection of subjects also focuses on the less understood but definitely essential topics of economics, psychology and business behind security. Making clear the point that "security is a trade-off," the author of term "security theater" demonstrates that in this line of business agency personnel blindly following rules and applying them to everyone is unlikely to make anyone safer. Time and again Bruce Schneier proves how in this arena hindsight bias may fool the foresight and give rise to false perceived notions of safety. A reader of this book can easily grasp the fallacy that a plethora of information collected from a populace results in an improvement in security. On the other hand, it makes one unsafe from the very people who collect the information, fail to analyze it and store it in unsecure environments. The author clearly makes the point that the debate between "security versus privacy" is, well, pointless, and the hallowed choice is of "liberty versus control." A citizen doesn't have to accept one to get more of the other. On a word of advice, Schneier urges that the only way to change security is to step outside the system and negotiate with the people in charge as it is only outside the system that each of us has power. He advises three points on fighting back: having one-on-one negotiations, avoiding naming and shaming; and taking advantage of political pressure on elected officials. The emphasis is laid on creating the necessary incentives for building the safeguards with the right, capable, entity and at the right time. Overall, this book is a fascinating read not only a read for citizens, but also Congressional staff, members of Congress and other lawmaking officials who desires to develop an understanding of what security really means and how to implement and manage it. -- Anirban Sen ================================ EPIC Publications: "Litigation Under the Federal Open Government Laws 2008," edited by Harry A. Hammitt, Marc Rotenberg, John A. Verdi, and Mark S. Zaid (EPIC 2008). Price: $60. http://epic.org/bookstore/foia2008/ Litigation Under the Federal Open Government Laws is the most comprehensive, authoritative discussion of the federal open access laws. This updated version includes new material regarding the substantial FOIA amendments enacted on December 31, 2007. Many of the recent amendments are effective as of December 31, 2008. The standard reference work includes in-depth analysis of litigation under Freedom of Information Act, Privacy Act, Federal Advisory Committee Act, Government in the Sunshine Act. The fully updated 2008 volume is the 24th edition of the manual that lawyers, journalists and researchers have relied on for more than 25 years. ================================ "Information Privacy Law: Cases and Materials, Second Edition" Daniel J. Solove, Marc Rotenberg, and Paul Schwartz. (Aspen 2005). Price: $98. http://www.epic.org/redirect/aspen_ipl_casebook.html This clear, comprehensive introduction to the field of information privacy law allows instructors to enliven their teaching of fundamental concepts by addressing both enduring and emerging controversies. The Second Edition addresses numerous rapidly developing areas of privacy law, including: identity theft, government data mining and electronic surveillance law, the Foreign Intelligence Surveillance Act, intelligence sharing, RFID tags, GPS, spyware, web bugs, and more. Information Privacy Law, Second Edition, builds a cohesive foundation for an exciting course in this rapidly evolving area of law. ================================ "Privacy & Human Rights 2006: An International Survey of Privacy Laws and Developments" (EPIC 2007). Price: $75. http://www.epic.org/phr06/ This annual report by EPIC and Privacy International provides an overview of key privacy topics and reviews the state of privacy in over 75 countries around the world. The report outlines legal protections, new challenges, and important issues and events relating to privacy. Privacy & Human Rights 2006 is the most comprehensive report on privacy and data protection ever published. ================================ "The Public Voice WSIS Sourcebook: Perspectives on the World Summit on the Information Society" (EPIC 2004). Price: $40. http://www.epic.org/bookstore/pvsourcebook This resource promotes a dialogue on the issues, the outcomes, and the process of the World Summit on the Information Society (WSIS). This reference guide provides the official UN documents, regional and issue-oriented perspectives, and recommendations and proposals for future action, as well as a useful list of resources and contacts for individuals and organizations that wish to become more involved in the WSIS process. ================================ "The Privacy Law Sourcebook 2004: United States Law, International Law, and Recent Developments," Marc Rotenberg, editor (EPIC 2005). Price: $40. http://www.epic.org/bookstore/pls2004/ The Privacy Law Sourcebook, which has been called the "Physician's Desk Reference" of the privacy world, is the leading resource for students, attorneys, researchers, and journalists interested in pursuing privacy law in the United States and around the world. It includes the full texts of major privacy laws and directives such as the Fair Credit Reporting Act, the Privacy Act, and the OECD Privacy Guidelines, as well as an up-to-date section on recent developments. New materials include the APEC Privacy Framework, the Video Voyeurism Prevention Act, and the CAN-SPAM Act. ================================ "Filters and Freedom 2.0: Free Speech Perspectives on Internet Content Controls" (EPIC 2001). Price: $20. http://www.epic.org/bookstore/filters2.0 A collection of essays, studies, and critiques of Internet content filtering. These papers are instrumental in explaining why filtering threatens free expression. ================================ EPIC publications and other books on privacy, open government, free expression, crypto and governance can be ordered at: EPIC Bookstore http://www.epic.org/bookstore "EPIC Bookshelf" at Powell's Books http://www.powells.com/bookshelf/epicorg.html ================================ EPIC also publishes EPIC FOIA Notes, which provides brief summaries of interesting documents obtained from government agencies under the Freedom of Information Act. Subscribe to EPIC FOIA Notes at: https:/mailman.epic.org/mailman/listinfo/foia_notes ======================================================================= [8] Upcoming Conferences and Events ======================================================================= "The Transformation of Privacy Policy," Institutions, Markets Technology Institute for Advanced Studies (IMT), Lucca, Italy, July 2-4, 2009. Engaging Data: First International Forum on the Application and Management of Personal Electronic Information hosted by SENSEable City Lab, Massachusetts Institute of Technology. October 12-13, 2009. For more information, http://senseable.mit.edu/engagingdata Pan-European Dialogue on Internet Governance (EuroDIG), Geneva, Switzerland, September 14-15, 2009. For more information, http://www.eurodig.org/ ======================================================================= Join EPIC on Facebook ======================================================================= Join the Electronic Privacy Information Center on Facebook http://epic.org/facebook Start a discussion on privacy. Let us know your thoughts. Stay up to date with EPIC's events. Support EPIC. ======================================================================= Privacy Policy ======================================================================= The EPIC Alert mailing list is used only to mail the EPIC Alert and to send notices about EPIC activities. We do not sell, rent or share our mailing list. We also intend to challenge any subpoena or other legal process seeking access to our mailing list. We do not enhance (link to other databases) our mailing list or require your actual name. In the event you wish to subscribe or unsubscribe your e-mail address from this list, please follow the above instructions under "subscription information." ======================================================================= About EPIC ======================================================================= The Electronic Privacy Information Center is a public interest research center in Washington, DC. It was established in 1994 to focus public attention on emerging privacy issues such as the Clipper Chip, the Digital Telephony proposal, national ID cards, medical record privacy, and the collection and sale of personal information. EPIC publishes the EPIC Alert, pursues Freedom of Information Act litigation, and conducts policy research. For more information, see http://www.epic.org or write EPIC, 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009. +1 202 483 1140 (tel), +1 202 483 1248 (fax). ======================================================================= Donate to EPIC ======================================================================= If you'd like to support the work of the Electronic Privacy Information Center, contributions are welcome and fully tax-deductible. Checks should be made out to "EPIC" and sent to 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009. Or you can contribute online at: http://www.epic.org/donate Your contributions will help support Freedom of Information Act and First Amendment litigation, strong and effective advocacy for the right of privacy and efforts to oppose government regulation of encryption and expanding wiretapping powers. Thank you for your support. ======================================================================= Subscription Information ======================================================================= Subscribe/unsubscribe via web interface: http://mailman.epic.org/mailman/listinfo/epic_news Back issues are available at: http://www.epic.org/alert The EPIC Alert displays best in a fixed-width font, such as Courier. ------------------------- END EPIC Alert 16.12 ------------------------ .