EPIC logo

=======================================================================
                              E P I C   A l e r t
=======================================================================
Volume 16.12                                              June 22, 2009
-----------------------------------------------------------------------

                                Published by the
                   Electronic Privacy Information Center (EPIC)
                                Washington, D.C.

                 http://www.epic.org/alert/EPIC_Alert_16.12.html

			"Defend Privacy. Support EPIC."
			     http://epic.org/facebook


=======================================================================
Table of Contents
=======================================================================
[1] EPIC Testifies Before Congress on Identity Theft
[2] EPIC Announces 2009 Champion of Freedoms Winners
[3] Sotomayor Nomination Hearings to Begin July 13
[4] EPIC Submits Comments to FCC on US Broadband Infrastructure
[5] Privacy Legislation Moves Forward in Congress
[6] News in Brief
[7] EPIC Bookstore: "Schneier on Security"
[8] Upcoming Conferences and Events
        - Join EPIC on Facebook http://epic.org/facebook
  	- Privacy Policy
  	- About EPIC
  	- Donate to EPIC http://epic.org/donate
  	- Subscription Information

=======================================================================
[1] EPIC Testifies Before Congress on Identity Theft
=======================================================================

On June 17, 2009, EPIC President Marc Rotenberg testified before
the House Subcommittee on Information Policy, Census and National
Archives on "Identity Theft: Victims Bills of Rights." In his
testimony, Mr. Rotenberg outlined the elements of a more
comprehensive strategy to address the escalating problem of identity
theft.

The problem of identity theft in the United States is substantial,
growing and evolving, and according to the FTC, identity theft is the
number one concern of American consumers. "Several steps have been
taken to assist the victims of identity theft and to prosecute
criminals. But in our opinion, none of there efforts get to the
root causes of the problem," said Marc Rotenberg. EPIC's testimony
also pointed out that the loss of control over the credentials that
allow financial transactions and receive medical care poses a different
problem than the hazards associated with traditional theft. Identity
theft is both a crime by itself and also facilitates further crime.

Among other concerns, EPIC also highlighted the problem of medical
identity theft. Mr. Rotenberg stated "[i]t is particularly important to
implement safeguards against medical identity theft because the damage
arising from the crime is severe, and recent efforts to digitize all
medical records exposes increasing numbers of Americans to risk." The
Recovery Act provides for the expenditure of substantial federal funds
to enhance the infrastructure for electronic health records. Identity
thieves continue to succeed through phishing, pretexting, and spyware.
The lack of attention by consumers not having the knowledge of the true
dangers that may be present contributes to the situation.

The EPIC testimony made specific recommendations regarding Government's
need to consider privacy protections in the development of Web 2.0
services and in the outsourcing of government services. EPIC has made
specific recommendations to the Department of Homeland Security and to
the Office of Science and Technology Policy to address some of these
challenges. Another concern is the need to have enforceable privacy
rights that bind all private contractors that obtain personal
information from the federal government. EPIC recommended regular
audits to determine compliance with legal standards.

Mr. Rotenberg also supported the necessity of enacting a comprehensive
privacy legislation. Identity theft continues to escalate because it is
too easy for companies to collect personal information and too
difficult for individuals to safeguard their information once it is in
someone's else possession. To reduce the risk of identity theft, EPIC
recommended (1) adoption of privacy legislation that places greater
responsibilities on companies that collect and use personal
information, (2) data breach notifications, and (3) providing consumers
an opportunity to seek damages when companies failed to safeguard the
information they collected.

Mr. Rotenberg also advised the protection of personal information
through the cybersecurity policy and warned that the use of techniques
which enable monitoring by third parties expose data that could be
obtained and used for improper purposes. EPIC said that one of the key
goals for the federal government over the next several years should be
the development of an identity management system that is scalable,
robust and secure.

Other witnesses at the hearing were from Federal Trade Commission, the
Justice Department, Government Accountability Office, The Santa Fe
Group, Center for Identity Management and Information Protection,
Identity Theft Assistance Corporation, and the Identity Theft Resource
Center.

EPIC's Testimony:
     http://epic.org/privacy/idtheft/epic_idtheft_rotenberg_6-09.pdf

Hearing Webcast:
     http://epic.org/redirect/062209_IDTheftHearingCast.html

"Identity Theft: Victims Bills of Rights:"
     http://informationpolicy.oversight.house.gov/story.asp?ID=2487

House Oversight Committee:
     http://informationpolicy.oversight.house.gov/

EPIC's comments to DHS on Use of Social Media:
     http://epic.org/privacy/socialnet/dhs_socialnetworking-6-09.pdf

EPIC's Page on Identity Theft:
     http://epic.org/privacy/idtheft



=======================================================================
[2] EPIC Announces 2009 Champion of Freedoms Winners
=======================================================================

EPIC's celebrated its 15th anniversary at The Fairfax on Embassy Row,
Washington, D.C. on June 9, 2009. On the occasion of the anniversary
dinner, EPIC awarded the 2009 Champion of Freedom Awards to Congressman
Edward Markey, Supreme Court litigator Paul M. Smith and Hollywood
director and producer D.J. Caruso. Slate Supreme Court correspondent
Dahlia Lithwick emceed the event.

Congressman Markey is a leading champion of privacy protections for all
Americans. A key leader on providing privacy protections for personal
information such as medical records, financial records, and purchases
on-line, Chairman Markey is the third-longest serving member of
Congress from New England. As chairman of the House Telecommunications
and the Internet Subcommittee, Rep. Markey has led efforts to protect
consumer privacy relating to wireless location information and the use
of cable, telephone, and satellite services. Congressman Markey has
also recently worked on the need to ensure encryption and security
obligations for online medical records information.

Paul Smith, a partner with Jenner & Block, has argued groundbreaking
cases before the Supreme Court. He appeared in Crawford v. Marion
County Election Board (2008), the Indiana Voter ID case; Lawrence v.
Texas (2003), involving the constitutionality of the Texas sodomy
statute; and United States v. American Library Ass'n (2003), involving
a First Amendment challenge to the Children's Internet Protection Act.

Daniel John "D.J." Caruso is an American director and producer. He has
directed films such as Disturbia, Two for the Money, Taking Lives, The
Salton Sea, and Eagle Eye. Produced by Steven Spielberg, Eagle Eye
explores the role of identification, automation, and surveillance in
Washington, D.C. But beneath the fast-paced, action packed plot are
looming questions about the future of technology and the importance of
government accountability.

Dahlia Lithwick, Senior Legal Correspondent of Slate, emceed the event.
She writes "Supreme Court Dispatches" and "Jurisprudence." Ms. Lithwick
was awarded the Online News Association's award for online commentary
in 2001.

EPIC also welcomed new members to the EPIC Advisory Board:
Grayson Barber, Fellow, Center for Information Technology Policy,
Princeton University; Aziz Huq, Lecturer, University of Chicago Law
School; Ian Kerr, Canada Research Chair in Ethics, Law, and Technology,
University of Ottawa; Pradeep K. Khosla, Dean, College of Engineering,
Carnegie Mellon University; Rebecca MackInnon, Assistant Professor,
University of Hong Kong Journalism and Media Studies Center; Founder,
Global Voices; Craig Newmark, Founder, Craig's List; Helen Nissenbaum,
Professor, Media, Culture & Communication, Computer Science; Senior
Fellow, Information Law Institute, NYU School of Law; Harriet Pearson,
Vice President, Security Counsel & Chief Privacy Office, IBM;
Georgetown Communication, Culture & Technology Program; Chris Soghoian,
Blogger, dubfire.net; Fellow, Berkman Center for Internet & Society.

EPIC also elected four new members to the EPIC Board of Directors
Charlie Firestone, Mary Minow, Pablo Molina, and Deborah Peel.


Congressman Ed Markey:
     http://markey.house.gov/

Paul M. Smith:
     http://www.jenner.com/people/bio.asp?id=278

D.J. Caruso:
     http://en.wikipedia.org/wiki/D.J._Caruso

Speech of D.J. Caruso:
     http://epic.org/linkedfiles/epic_speech_DJCaruso.pdf

Dahlia Lithwick, Slate Magazine:
     http://www.slate.com/?id=3944&qp=26373

EPIC - Advisory Board:
     http://epic.org/epic/advisory_board.html

EPIC - Board and Staff:
     http://epic.org/epic/staff_and_board.html

Eagle Eye - The Movie:
     http://www.eagleeyemovie.com/

Purchase "Eagle Eye" at Amazon.com:
     http://www.amazon.com/gp/product/B001L2ZSKS?tag=e03a6-20



=======================================================================
[3] Sotomayor Nomination Hearings to Begin July 13
=======================================================================

On May 26, 2009, President Obama nominated Judge Sonia Sotomayor to
replace Justice David H. Souter on the Supreme Court. In early June,
Senate Judiciary Committee Chairman Patrick Leahy (D-Vt.) announced
that hearings to consider the nomination of Judge Sonia Sotomayor to be
an Associate Justice of the U.S. Supreme Court will begin on July 13,
2009.

The Supreme Court of the United States exercises authority as the
highest appellate court in the federal judiciary. Under the
Constitution, Justices on the Supreme Court receive lifetime
appointments for which one must first be nominated by the President
and then confirmed by the Senate. An important role is also played
midway in the process — after the President selects, but before the
Senate as a whole considers the nominee — by the Senate Judiciary
Committee. The Committee initiates its own intensive investigation into
the nominee's background. Information is based on a committee
questionnaire to which the nominee responds in writing as well as
confidential FBI reports.

A confirmation hearing begins with a statement from the Committee
chairman followed by the nominee's opening statement. The chairman,
followed by the ranking minority member and then the rest of the
committee in descending order of seniority begins the questioning.
Within a week of the end of hearings, the committee meets in open
session to determine what recommendation to "report" to the full
Senate. A vote to confirm requires a simple majority of Senators
present and voting.

Judge Sonia Sotomayor, a student of Yale Law School, joined the New
York District Attorney's Office immediately upon graduating. Judge
Sotomayor then entered private practice, eventually becoming a
partner at Pavia & Harcourt. She specialized in intellectual property
litigation, international law, and arbitration. President George H. W.
Bush nominated Judge Sotomayor to the U.S. District Court for the
Southern District of New York in 1991. In 1997, President Bill Clinton
nominated her to the U.S. Court of Appeals for the Second Circuit. If
Sotomayor is successfully confirmed by the Senate, she may encounter
Constitutional and statutory issues in the area of privacy law during
her tenure on the Court which in the contemporary environment, is
more vital than ever.

Judge Sotomayor has ruled on several cases affecting the Fourth,
First Amendment, and open government issues. Her opinions have
included cases regarding the opening and reading of a prisoner's mail,
strip-searches of young girls at juvenile facilities and of adult males
in jails, concerning errors in police computer databases, addressing
the validity of a warrant based upon lies or questionable facts,
child pornography on the internet, search of state employee's computer,
investigations regarding FBI misconduct, inter-agency documents and tax
law administration, gag orders on the media from publishing jury names,
contract formation in cyberspace, and concerning the sale of illegal
wiretapping devices.


EPIC's Page on the Nomination of Judge Sotomayor:
     http://epic.org/privacy/sotomayor

Supreme Court Appointment Process: Roles of the President,
Judiciary Committee, and the Senate (CRS Report for Congress,
July 6, 2005):
     http://fpc.state.gov/documents/organization/50146.pdf

Sotomayor Confirmation Hearing To Begin July 13:
     http://leahy.senate.gov/press/200906/060909b.html 

Comments of Senator Patrick Leahy (D-Vt.). Chairman,
Senate Judiciary Committee, On The President's Nomination of
Sonia Sotomayor to the U.S. Supreme Court, May 26, 2009:
     http://leahy.senate.gov/press/200905/052609a.html

The President's Nominee: Judge Sotomayor, The White House Blog Post,
May 26, 2009:
     http://www.whitehouse.gov/sotomayor/



=======================================================================
[4] EPIC Submits Comments to FCC on US Broadband Infrastructure
=======================================================================

The American Recovery and Reinvestment Act of 2009 charged the Federal
Communications Commission with creating a national broadband plan that
would "ensure that every American has access to broadband capability
and establishes clear benchmarks for meeting that goal." The FCC sought
comments on the plan.

EPIC submitted comments stressing the importance of securing the
privacy interests and civil liberties of consumers and Internet users
in the development of the broadband plan. EPIC has long supported the
FCC's efforts to secure privacy, having previously advocated for the
FCC to require strong privacy safeguards for telephone customers'
personal information and to protect wireless subscribers from
telemarketing. EPIC urged the Commission to again exercise its
authority to ensure that the broadband plan includes robust privacy
safeguards.

EPIC noted that the goal of widespread adoption of broadband technology
depends on consumers being confident that their online activities will
not be monitored and their personal information will not be collected,
sold, and used in ways other than what they intended. Additionally,
EPIC recommended that the Commission exclude personally identifiable
information from data collected for the purposes of setting broadband
penetration benchmarks and analyzing progress toward these goals. 

Increased broadband adoption will also make deep packet inspection more
valuable. EPIC recommended that the Wiretap Act's prohibition on deep
packet inspection by Internet service providers be strictly enforced. A
clear legal prohibition on DPI must be maintained in order to safeguard
users' privacy. EPIC also recommended that the Commission regulate the
behavioral advertising practices of Internet companies instead of
continuing to rely on self-regulation by the industry.

The promotion of the national broadband plan will also improve access
to electronic medical records, but it must be accompanied by robust
privacy protections. In the past, EPIC has identified the importance of
and established principles for federal privacy protection for medical
records. EPIC urged the Commission to require protections for all
electronic medical records to prevent sensitive patient information
from being compromised. 


American Recovery and Reinvestment Act of 2009:
     http://epic.org/redirect/022309_Stimulus_Act.html

FCC Notice of Inquiry:
     http://hraunfoss.fcc.gov/edocs_public/attachmatch/FCC-09-31A1.pdf 

FCC Launches Development of National Broadband Plan:
     http://hraunfoss.fcc.gov/edocs_public/attachmatch/DOC-289900A1.pdf

Federal Communications Commission:
     http://www.fcc.gov

EPIC's Comments to the FCC:
     http://epic.org/privacy/pdf/fcc_broadband_6-8-09.pdf 

EPIC's Page on NCTA v. FCC:
     http://epic.org/privacy/nctafcc/

EPIC's Comments to FCC against Cellphone Marketing:
     http://epic.org/privacy/telemarketing/fcc_aca_05-11-06.html

EPIC's Page on Deep Packet Inspection:
     http://epic.org/privacy/dpi/

EPIC's Page on Medical Record Privacy:
     http://epic.org/privacy/medical/ 



=======================================================================
[5] Privacy Legislation Moves Forward in Congress
=======================================================================

The Data Accountability and Trust Act was introduced in Congress on
April 30, 2009 and sponsored by Congressman Bobby Rush. The bill aims
to protect consumers by requiring information brokers that possess
personal identification information, to implement security information
practices to keep personal consumer information secure from public
access. 

EPIC, in a testimony before the Subcommittee on Commerce, Trade, and
Consumer Protection of the House Committee on Energy and Commerce, had
urged Congress to make clear fundamental obligations on companies and
organizations that collect and use personal data on consumers and
Internet users. Marc Rotenberg, Executive Director had said, "[i]t is
simply too easy for firms today to capture the benefits of data
collection and ignore the risks." Mr. Rotenberg recommended that the
bill adopt a broader definition of personally identifiable information
to include any information that "identifies or could identify a
particular person." He also advised Congress to require that companies
comply with security obligations even if information disclosed was
"public record" and it appeared that there was no immediate harm to the
individual whose information was acquired, since it was likely a breach
would reoccur if the problem was left uncorrected. EPIC also suggested
that a private right of action be added to the bill with a stipulated
damage award against a company who might improperly leak personal data,
and that Congress refrain, in crafting the bill, from preempting more
effective individual state legislation on the matter.  

On June 3, 2009, the subcommittee amended the bill by a voice vote in a
mark-up session. The amendments alter the application and function of
the bill in several ways. First, the amendment broadens the scope of
the applicability so that it applies to all forms of personal data, and
not merely that contained in electronic form. Next, it provides that in
order to conform with the bill, information brokers must implement
policies and procedures that include a standard method for destroying 
obsolete paper documents and non-electronic data containing personal
information if the Federal Trade Commission finds that such a standard
is appropriate. 

Other additions raise the level of care expected from information
brokers in their treatment of personal information. The newer version
of the bill requires an information broker to correct an inaccuracy in
his record if an individual provides proof that the broker was reporting
incorrect information. Nonetheless, the amendments increase the number
of situations in which an information broker may refrain from allowing a
consumer to view his or her own personal information. The amendment,
however, enables the FTC to issue regulations on the matter in
circumstances it deems appropriate. With respect to notifying
individuals of unauthorized access of their personal information, the
new bill allows law enforcement officers to delay notification of an
individual if such notification would impede upon a civil or criminal
investigation. 

The amendments also alter the definition of various terms contained
within the bill. The newer version expand the definitions of "breach of
security" to include "unauthorized access to data in electronic form."
The definition of "personal information" now explicitly includes 
driver's license number, passport numbers, military identification
numbers, or other similar government issued numbers as one of its
elements. Although the original bill was slated to sunset ten years
from the date of enactment, the new bill removes such provision.

Amendment in the Nature of a Substitute to H.R. 2221:
     http://energycommerce.house.gov/Press_111/20090603/hr2221_ans.pdf

H.R. 2221, the Data Accountability and Trust Act (as introduced):
     http://epic.org/redirect/051509_HR2221.html

Marc Rotenberg - Testimony, May 5, 2009:
     http://epic.org/linkedfiles/rotenberg_house_ctcp2221_1319.pdf

EPIC's Testimony on Identity Theft (June 17, 2008):
     http://epic.org/privacy/idtheft/epic_idtheft_rotenberg_6-09.pdf

House Committee on Energy and Commerce, Subcommittee on Commerce, Trade
and Consumer Protection - Hearings, May 5, 2009:
     http://epic.org/redirect/051509_House_CTCP_0505.html

FTC Page on Identity Theft:
     http://www.ftc.gov/bcp/edu/microsites/idtheft/

EPIC's Page on Identity Theft:
     http://epic.org/privacy/idtheft



=======================================================================
[6] News in Brief
=======================================================================

White Open Government Initiative - "Discussion"

In the First Phase of its open government proposal, "Brainstorming,"
the White House received several public comments. EPIC made five
recommendations to promote government transparency and accountability.
The next phase, "Discussion," invited comments focusing on several
transparency themes: principles, governance, access, data, and
operations, to be followed by a series of posts on participation and
collaboration. The White House is requesting comments on 18 categories
which include: Prizes as Incentives for Public-Private Partnerships;
Enhancing Online Citizen Participation Through Policy; New
Technologies and Participation; Improving Online Public Participation
in Agency Rulemaking; Strengthening Civic Participation; Transparency
in Principles, Access to Information, Open Government Operations and in
Governance; Enhancing Citizen Participation in Decision-Making; Data
Transparency via Data.gov; and Presidential Memo on Scientific Integrity
outlined in his memoranda on for the Heads of Executive Departments
and Agencies. The Collaboration Discussion will continue through this
week. The Third Phase, "Drafting," begins on Monday, June 22, 2009.

Open Government Initiative:
     http://www.whitehouse.gov/open/

Office of Science and Technology Policy, Executive Office of the
President, Transparency and Open Government:
     http://edocket.access.gpo.gov/2009/pdf/E9-12026.pdf

Phase II: Discussion:
     http://blog.ostp.gov/

OSTP: Requests for Comments:
     http://blog.ostp.gov/category/requests-for-comment/

Brainstorming Session:
     http://opengov.ideascale.com/

EPIC's Comments in the Brainstorming Phase:
     http://opengov.ideascale.com/akira/pmd/6537-4049

EPIC's Submission: Users Are Not Tracked on Government Sites:
     http://opengov.ideascale.com/akira/dtd/3544-4049

EPIC's Submission: Promoting Open Government:
     http://opengov.ideascale.com/akira/dtd/3533-4049

EPIC's Submission: Allowing Meaningful Public Participation:
     http://opengov.ideascale.com/akira/dtd/3536-4049

EPIC's Submission: Stopping Commercialization of Personal Data:
     http://opengov.ideascale.com/akira/dtd/3538-4049

EPIC's Submission: Application of Privacy Act to Data Collected:
     http://opengov.ideascale.com/akira/dtd/3540-4049

EPIC's Page on Open Government:
     http://epic.org/open_gov/

EPIC's FOIA Litigation Manual 2008:
     http://epic.org/bookstore/foia2008/
  


European Advisory Group Issues Opinion on Social Networking

The Article 29 Working Party, which is the European advisory expert
group on data protection and privacy, issued a guidance to Social
Network Service providers on measures needed to ensure compliance
with EU law. Directives 95/46/EC and Directive 2002/58/EC of the
European Parliament prescribes the rights and obligations concerning
the protection of individuals with regard to processing of personal
data and the free flow of this data. The key concern of the group is
the dissemination and use of information available on such networks
for secondary, unintended purposes. The opinion recommended robust
security and privacy-friendly default settings. Topics included
processing of sensitive data and images, advertising and direct
marketing, and data retention. In January, EPIC suggested regulation
of Social Network Service partners, including advertisers and
application developers.

Guidance on Social Networks:
     http://epic.org/privacy/socialnet/Opinion_SNS_090316_Adopted.pdf

Article 29 Working Party:
     http://epic.org/redirect/040109_A29WP.html

Directive 95/46/EC:
     http://epic.org/redirect/062209_EU9546EC.html

Directive 2002/58/EC on data protection and privacy:
     http://epic.org/redirect/091208_eu.html

EPIC Suggestions:
     http://www.cpdpconferences.org/L-Z/rotenberg.html

EPIC's Page on Social Networking Privacy:
     http://epic.org/privacy/socialnet/default.html



Expert Group Asks Google to Improve Cloud Computing Privacy

A letter signed by 38 researchers and academics in the fields of
computer science, information security and privacy law was sent to
Google's CEO. The letter asks Google to uphold privacy promises made
to users of Google Cloud Computing services. In March, EPIC filed a
complaint with the FTC urging an investigation into Cloud Computing
services, such as Google Docs, to determine "the adequacy of the
privacy and security safeguards." The EPIC complaint specifically
recommended the adoption of encryption to help safeguard privacy and
security. Addressing concerns about data vulnerability and
interception, the expert group has asked Google to enable HTTPS
(web-based encryption) by default in several Google apps, including
Gmail. Google in its blog responded by stating that it was planning a
trial in which it will move small samples of different types of Gmail
users to HTTPS to see what their experience is, and whether it affects
the speed and performance of their email.

Letter from Experts Group to Google:
     http://files.cloudprivacy.net/google-letter-final.pdf

Signatories of the Letter:
     http://www.cloudprivacy.net/letter/#signers

The Official GMail Blog: Making Security Easier:
     http://gmailblog.blogspot.com/2008/07/making-security-easier.html

Google Public Policy Blog: HTTPS Security for Web Applications:
     http://epic.org/redirect/062209_Google_https.html

Tools to Steal Information:
     http://fscked.org/projects/cookiemonster

HTTPS (web-based encryption):
     http://en.wikipedia.org/wiki/Https

EPIC's page on Cloud Computing:
     http://epic.org/privacy/cloudcomputing/

EPIC's Page on In re Google and Cloud Computing:
     http://epic.org/privacy/cloudcomputing/google/



Senators Take a Pass on REAL ID

Senator Daniel K. Akaka (D-HI), George V. Voinovich (R-OH) and other
Senators have introduced the Providing for Additional Security in
States' Identification Act of 2009.  PASS ID, should it become law,
would replace the controversial REAL ID Act of 2005. The REAL ID Act
has faced ongoing criticisms from state governments, technical experts,
and privacy advocates. In 2007, EPIC and the Privacy Coalition
organized a national campaign against REAL ID implementation. The
PASS ID proponents say the bill follows the recommendations of the
9/11 Commission for improving the security of drivers licenses while
avoiding the problems of REAL ID. 


S.1261 - PASS ID Act
     http://thomas.loc.gov/cgi-bin/bdquery/z?d111:s.01261:

Providing for Additional Security in States' Identification Act of 2009:
     http://epic.org/privacy/id-cards/PASS%20ID%20-%20FINAL.pdf

Senator Daniel K. Akaka (D-HI):
     http://akaka.senate.gov/public/index.cfm

George V. Voinovich (R-OH):
     http://voinovich.senate.gov/public/index.cfm

REAL ID Act of 2005:
     http://epic.org/privacy/id-cards/real_id_act.pdf

National Campaign:
     http://privacycoalition.org/stoprealid/

EPIC's page on National ID and the REAL ID Act:
     http://epic.org/privacy/id-cards/



Justice Department Appoints New Privacy Officer

Nancy Libin, a former Senate Staff member, has been appointed the
Justice Department's Chief Privacy and Civil Liberties Officer. The
CPCLO's duties and responsibilities is supported by the Office of
Privacy and Civil Liberties. This main objective of this office is to
protect the privacy and civil liberties of the American people by
reviewing and overseeing the Department's privacy operations and
ensuring its privacy compliance, which includes compliance with the
Privacy Act of 1974 and the E-Government Act of 2002. Other duties
include oversight of various Privacy Impact Assessments; assisting
the Privacy Officer in developing Departmental privacy policies and
refining Department policies relating to the protection of civil
liberties of individuals, especially with regard to the Department's
counterterrorism and law enforcement efforts; representing the
Department with respect to international privacy policy issues;
oversight of privacy-related reporting to the President and Congress;
and coordinating the work of the Department relating to the protection
of privacy and civil liberties.


Justice Department: The Office of Privacy and Civil Liberties:
     http://www.usdoj.gov/opcl/




National Archives Names FOIA Ombudsman

The National Archives announced Wednesday it has filled the newly  
created position of FOIA ombudsman for the federal government.
Miram Nisbet was appointed to lead the Office of Government
Information Services, which is located at the National Archives and
Records Administration. The ombudsman's office was created by the 2007
amendments to the Freedom of Information Act to provide guidance and
mediation for FOIA activities within the government. The OGIS Director
is charged with reviewing policies and procedures of administrative
agencies under FOIA; reviewing compliance with FOIA by administrative
agencies; recommending policy changes to Congress and the President to
improve the administration of FOIA; and is responsible for offering
mediation services to resolve disputes between FOIA requestors and
administrative agencies, and may also issue advisory opinions if
mediation fail to resolve the dispute.


Press Release, The National Archives:
     http://www.archives.gov/press/press-releases/2009/nr09-93.html


=======================================================================
[7] EPIC Bookstore: "Schneier on Security"
=======================================================================

"Schneier on Security"
by Bruce Schneier

     http://www.amazon.com/gp/product/0470395354?tag=e03a6-20

The public perception about security today revolves largely around
notions of long lines in front of metal detectors and x-ray machines,
surveillance cameras and uniformed personnel following a rulebook and
asking questions. Schneier on Security journeys through a myriad of
topics, situations and apparatus which a person would identify with
security and makes us think about it in a way we are not used to and
logically leads us to conclude what often seems counter-intuitive.

The book, a collection of essays on security technologies, policies and
real-world applications, deconstructs the perceived notions of safety,
exposes the ludicrous adopted policy, and addresses the true
requirements for the prevention of harm. Covering most topics under the
sun - ranging from terrorism, national security, and surveillance, to
air travel, elections, disaster management, the selection of subjects
also focuses on the less understood but definitely essential topics of
economics, psychology and business behind security.

Making clear the point that "security is a trade-off," the author of
term "security theater" demonstrates that in this line of business
agency personnel blindly following rules and applying them to everyone
is unlikely to make anyone safer. Time and again Bruce Schneier proves
how in this arena hindsight bias may fool the foresight and give rise
to false perceived notions of safety. A reader of this book can easily
grasp the fallacy that a plethora of information collected from a
populace results in an improvement in security. On the other hand, it
makes one unsafe from the very people who collect the information, fail
to analyze it and store it in unsecure environments. The author clearly
makes the point that the debate between "security versus privacy" is,
well, pointless, and the hallowed choice is of "liberty versus
control." A citizen doesn't have to accept one to get more of the
other.

On a word of advice, Schneier urges that the only way to change
security is to step outside the system and negotiate with the people in
charge as it is only outside the system that each of us has power. He
advises three points on fighting back: having one-on-one negotiations,
avoiding naming and shaming; and taking advantage of political pressure
on elected officials. The emphasis is laid on creating the necessary
incentives for building the safeguards with the right, capable, entity
and at the right time.

Overall, this book is a fascinating read not only a read for citizens,
but also Congressional staff, members of Congress and other lawmaking
officials who desires to develop an understanding of what security
really means and how to implement and manage it.

-- Anirban Sen


================================
EPIC Publications:

"Litigation Under the Federal Open Government Laws 2008," edited by
Harry A. Hammitt, Marc Rotenberg, John A. Verdi, and Mark S. Zaid
(EPIC 2008). Price: $60.

http://epic.org/bookstore/foia2008/
	
Litigation Under the Federal Open Government Laws is the most
comprehensive, authoritative discussion of the federal open access
laws. This updated version includes new material regarding the
substantial FOIA amendments enacted on December 31, 2007. Many of the
recent amendments are effective as of December 31, 2008. The standard
reference work includes in-depth analysis of litigation under Freedom
of Information Act, Privacy Act, Federal Advisory Committee Act,
Government in the Sunshine Act. The fully updated 2008 volume is the
24th edition of the manual that lawyers, journalists and researchers
have relied on for more than 25 years. 

================================

"Information Privacy Law: Cases and Materials, Second Edition" Daniel
J. Solove, Marc Rotenberg, and Paul Schwartz. (Aspen 2005). Price: $98.

http://www.epic.org/redirect/aspen_ipl_casebook.html

This clear, comprehensive introduction to the field of information
privacy law allows instructors to enliven their teaching of fundamental
concepts by addressing both enduring and emerging controversies. The
Second Edition addresses numerous rapidly developing areas of privacy
law, including: identity theft, government data mining and electronic
surveillance law, the Foreign Intelligence Surveillance Act,
intelligence sharing, RFID tags, GPS, spyware, web bugs, and more.
Information Privacy Law, Second Edition, builds a cohesive foundation
for an exciting course in this rapidly evolving area of law.

================================

"Privacy & Human Rights 2006: An International Survey of Privacy Laws
and Developments" (EPIC 2007). Price: $75.
http://www.epic.org/phr06/

This annual report by EPIC and Privacy International provides an
overview of key privacy topics and reviews the state of privacy in over
75 countries around the world. The report outlines legal protections,
new challenges, and important issues and events relating to privacy.
Privacy & Human Rights 2006 is the most comprehensive report on privacy
and data protection ever published.

================================

"The Public Voice WSIS Sourcebook: Perspectives on the World Summit on
the Information Society" (EPIC 2004). Price: $40.

http://www.epic.org/bookstore/pvsourcebook

This resource promotes a dialogue on the issues, the outcomes, and the
process of the World Summit on the Information Society (WSIS). This
reference guide provides the official UN documents, regional and
issue-oriented perspectives, and recommendations and proposals for
future action, as well as a useful list of resources and contacts for
individuals and organizations that wish to become more involved in the
WSIS process.

================================

"The Privacy Law Sourcebook 2004: United States Law, International Law,
and Recent Developments," Marc Rotenberg, editor (EPIC 2005). Price:
$40.

http://www.epic.org/bookstore/pls2004/

The Privacy Law Sourcebook, which has been called the "Physician's Desk
Reference" of the privacy world, is the leading resource for students,
attorneys, researchers, and journalists interested in pursuing privacy
law in the United States and around the world. It includes the full
texts of major privacy laws and directives such as the Fair Credit
Reporting Act, the Privacy Act, and the OECD Privacy Guidelines, as
well as an up-to-date section on recent developments. New materials
include the APEC Privacy Framework, the Video Voyeurism Prevention Act,
and the CAN-SPAM Act.

================================

"Filters and Freedom 2.0: Free Speech Perspectives on Internet Content
Controls" (EPIC 2001). Price: $20.

http://www.epic.org/bookstore/filters2.0

A collection of essays, studies, and critiques of Internet content
filtering. These papers are instrumental in explaining why filtering
threatens free expression.

================================

EPIC publications and other books on privacy, open government, free
expression, crypto and governance can be ordered at:

EPIC Bookstore
http://www.epic.org/bookstore

"EPIC Bookshelf" at Powell's Books
http://www.powells.com/bookshelf/epicorg.html

================================

EPIC also publishes EPIC FOIA Notes, which provides brief summaries of
interesting documents obtained from government agencies under the
Freedom of Information Act.

Subscribe to EPIC FOIA Notes at:
https:/mailman.epic.org/mailman/listinfo/foia_notes


=======================================================================
[8] Upcoming Conferences and Events
=======================================================================

"The Transformation of Privacy Policy," Institutions, Markets
Technology Institute for Advanced Studies (IMT), Lucca, Italy,
July 2-4, 2009.

Engaging Data: First International Forum on the Application and
Management of Personal Electronic Information hosted by
SENSEable City Lab, Massachusetts Institute of Technology. October
12-13, 2009. For more information,
http://senseable.mit.edu/engagingdata

Pan-European Dialogue on Internet Governance (EuroDIG), 
Geneva, Switzerland, September 14-15, 2009. For more information,
http://www.eurodig.org/

=======================================================================
Join EPIC on Facebook
=======================================================================

Join the Electronic Privacy Information Center on Facebook
http://epic.org/facebook

Start a discussion on privacy. Let us know your thoughts.
Stay up to date with EPIC's events.
Support EPIC.


=======================================================================
Privacy Policy
=======================================================================

The EPIC Alert mailing list is used only to mail the EPIC Alert and to
send notices about EPIC activities. We do not sell, rent or share our
mailing list. We also intend to challenge any subpoena or other legal
process seeking access to our mailing list. We do not enhance (link to
other databases) our mailing list or require your actual name.

In the event you wish to subscribe or unsubscribe your e-mail address
from this list, please follow the above instructions under "subscription
information."


=======================================================================
About EPIC
=======================================================================

The Electronic Privacy Information Center is a public interest research
center in Washington, DC. It was established in 1994 to focus public
attention on emerging privacy issues such as the Clipper Chip, the
Digital Telephony proposal, national ID cards, medical record privacy,
and the collection and sale of personal information. EPIC publishes the
EPIC Alert, pursues Freedom of Information Act litigation, and conducts
policy research. For more information, see http://www.epic.org or write
EPIC, 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009. +1 202
483 1140 (tel), +1 202 483 1248 (fax).

=======================================================================
Donate to EPIC
=======================================================================

If you'd like to support the work of the Electronic Privacy Information
Center, contributions are welcome and fully tax-deductible. Checks
should be made out to "EPIC" and sent to 1718 Connecticut Ave., NW,
Suite 200, Washington, DC 20009. Or you can contribute online at:

http://www.epic.org/donate

Your contributions will help support Freedom of Information Act and
First Amendment litigation, strong and effective advocacy for the right
of privacy and efforts to oppose government regulation of encryption and
expanding wiretapping powers.

Thank you for your support.


=======================================================================
Subscription Information
=======================================================================

Subscribe/unsubscribe via web interface:
http://mailman.epic.org/mailman/listinfo/epic_news

Back issues are available at:
http://www.epic.org/alert


The EPIC Alert displays best in a fixed-width font, such as Courier.


------------------------- END EPIC Alert 16.12 ------------------------

.