EPIC logo

        @@@@  @@@@  @@@  @@@@      @    @     @@@@  @@@@  @@@@@
        @     @  @   @   @        @ @   @     @     @  @    @
        @@@@  @@@    @   @       @@@@@  @     @@@   @@@     @
        @     @      @   @       @   @  @     @     @  @    @
        @@@@  @     @@@  @@@@    @   @  @@@@  @@@@  @   @   @
    Volume 9.24                                  December 12, 2002
                             Published by the
               Electronic Privacy Information Center (EPIC)
                             Washington, D.C.

                         **  HAPPY HOLIDAYS!  **
Table of Contents

[1] EPIC Files Suit for "No-Fly List" Information
[2] EPIC Submits Comments on TCPA, ENUM, FCC Broadcast Flag Mandate
[3] DC Council Hearing on Camera Regs; 12/24 is World Sousveillance Day
[4] ICANN Task Force Issues New Policy Report on WHOIS Data
[5] CA Senators Introduce Financial Privacy Legislation
[6] Nominations Sought for 2003 PEN/Newman's Own First Amendment Award
[7] Subscribe - Access Reports
[8] Upcoming Conferences and Events

[1] EPIC Files Suit for "No-Fly List" Information

Seeking information about aviation security watchlists, EPIC yesterday
filed a Freedom of Information Act (FOIA) lawsuit against the
Transportation Security Administration (TSA) in federal court in
Washington.  The legislation creating TSA authorizes the agency to
maintain such lists, which reportedly have been used to interfere with
the travel of political activists.  EPIC's lawsuit seeks, among other
things, TSA's criteria for putting people on so-called "no-fly lists"
that apparently bar some passengers from flying and subject others to
extensive scrutiny.

The Aviation Security and Transportation Act, passed in the wake of
the September 11, 2001 terrorist attacks, authorizes TSA to maintain
watchlists and notify law enforcement, aviation and airline officials
of the names of people suspected of posing "a risk of air piracy or
terrorism or a threat to airline or passenger safety."  In a FOIA
request submitted to TSA in early October, EPIC requested information
about the number of names on all aviation-security watchlists,
procedures for posting and removing names and all complaints from
people who claim to have mistakenly been included on the lists.  TSA
failed to respond to the request within the legal time limit,
prompting EPIC's lawsuit.

EPIC has also sought information from TSA on its updated Computer
Assisted Passenger Pre-screening System (CAPPS-II).  The basic
structure of passenger profiling is to use an algorithm to determine
indicators of characteristics or patterns that are related to the
occurrence of certain behavior.  The CAPPS-II initiative will expand
the range of databases searched for suspicious activity so that each
airline passenger will be subjected to extensive profiling. Retired
Admiral John Poindexter's office in the Defense Department is
considering developing a similar "Total Information Awareness" system
(which is also the subject of pending EPIC FOIA requests).  See EPIC
Alert 9.23.

In another lawsuit involving the privacy impact of post-September 11
initiatives, a federal judge on November 26 ordered the Justice
Department to complete its processing of an EPIC information request
concerning the USA PATRIOT Act by January 15.  EPIC, joined by the
American Civil Liberties Union and library and booksellers'
organizations, filed the FOIA lawsuit seeking the disclosure of
information concerning implementation of the controversial
anti-terrorism law.  See EPIC Alert 9.20.

EPIC's "no-fly list" lawsuit is available at:


Background information is available at EPIC's Air Travel Privacy Page:


[2] EPIC Submits Comments on TCPA, ENUM, FCC Broadcast Flag Mandate

EPIC has recently filed comments on the Telephone Consumer Protection
Act (TCPA), Electronic Numbering (ENUM), and the Digital Television
Broadcast Flag.

In comments to the Federal Communications Commission (FCC), ten
leading civil liberties and consumer groups joined EPIC in support of
greater protections against telemarketing under the TCPA.  The
comments support a national do-not-call (DNC) list that allows
Internet, telephone, and mail enrollment, and a requirement that sales
callers transmit caller ID information.  The comments also negate the
inflated statistics used by the telemarketing industry to stave off
consumer protections.  Earlier this year, the Federal Trade Commission
(FTC) had also requested comments on the creation of a DNC list.  The
FTC is expected to issue a rule on their telemarketing comments this

EPIC also filed comments with the ENUM Forum, a group charged with
implementation of ENUM in the United States.  ENUM is a system that
links phone numbers to IP addresses.  In doing so, users can store
contact information that can be accessed by another person through the
use of one phone number.  The comments warn that ENUM presents
significant risks to privacy, especially with regard to receiving
unsolicited commercial messages, and that the ENUM Forum has not
considered issues surrounding law enforcement access to ENUM data, nor
incorporated substantive privacy protections for users.

In comments to the FCC, EPIC recommended against the creation of a
digital television broadcast flag unless it incorporates affirmative
privacy protections and ensures the ability of individuals to consume
television content anonymously.  The broadcast flag initiative is
designed to quicken the adoption of digital broadcasting, and to
protect content transmitted digitally.  The comments argue that the
broadcast flag is unnecessary to facilitate this transition, and that
piracy risks do not justify creation of the flag.

Comments on Rules and Regulations Implementing the Telephone Consumer
Protection Act of 1991:


EPIC's Telemarketing Page:


Comments on ENUM:




Comments on the Digital Broadcast Flag:


EPIC's Digital Rights Management and Privacy Page:


[3] DC Council Hearing on Camera Regs; 12/24 is World Sousveillance Day

A hearing on "Issues Concerning the Use of Video Surveillance in the
District of Columbia" was held today before the DC Council, at which
EPIC Executive Director Marc Rotenberg testified.  The hearing
considered DC Council member Kathy Patterson's new bill to regulate
the Metropolitan Police Department's surveillance cameras, and an
alternative bill proposed by the ACLU.  Witnesses included George
Radwanski, the Canadian Privacy Commissioner; a law enforcement
expert; and several privacy specialists and representatives from civil
liberties organizations.

Patterson's bill (the "Limited Authorization of Video Surveillance and
Privacy Protection Act of 2002"), in its current form, authorizes the
police cameras already in place for specified law enforcement,
security and management purposes.  It also provides for an elaborate
procedure requiring a court order for law enforcement use of video
surveillance in cases where individuals' privacy is most prone to
abuse.  A second bill (the "District of Columbia Anti-Surveillance Act
of 2002") prohibits "general video surveillance," defined as any video
surveillance of outdoor public areas that differs from surveillance
used in the context of criminal investigations or for traffic
monitoring and building security purposes.  EPIC has proposed a draft
bill for the DC City Council (the "District of Columbia Anti-
Surveillance and Privacy Protection Act of 2002") that combines the
procedural safeguards in the Patterson bill with the prohibition
against general video surveillance.

EPIC Alert readers, Washington residents, and other interested parties
can participate in the ongoing public debate over the proposed
legislation by continuing to send comments to Council members, either
by e-mail to: <dccouncil@dccouncil.washington.dc.us> or by postal mail
to: Ms. Phyllis Jones, Secretary to the Council, Suite 5, John A.
Wilson Building, 1350 Pennsylvania Avenue, N.W., Washington, DC 20004.

People around the world will be protesting surveillance cameras on
December 24, which has been declared "World Sousveillance Day" or
"World Subjectrights Day" by an international coalition of artists,
scientists, engineers, scholars, and others.  The idea of
"sousveillance" is in opposition to surveillance, and can be loosely
defined as "watchful vigilance from below."

On December 24, people are invited to call into question the growing
phenomenon of video surveillance in public and private spaces by
"watching the watchers": one may photograph, videotape, or otherwise
document video surveillance cameras in private places (stores,
shopping malls, buildings) and in public areas (parks, streets,
squares, building surroundings, etc.).  Government and corporation
officials, while they engage in video surveillance on a regular basis,
often prohibit others from taking pictures or video within their
establishments.  On World Sousveillance Day, however, many people will
be photographing these officials, their establishments, and their
security systems to show their vigilance and their opposition to the
sprawl of surveillance cameras into every aspect of life.

For people interested in documenting surveillance in the District of
Columbia, more information on the location of the DC police cameras is
available at the Observing Surveillance Web site (URL below).

Observing Surveillance:


New "DC Police Cameras" Slide Show (updated 12/11):


EPIC's Video Surveillance Page:


"World Sousveillance Day" Web site:


[4] ICANN Task Force Issues New Policy Report on WHOIS Data

On November 30, 2002, ICANN's WHOIS Task Force issued a Policy Report
containing consensus recommendations on the Accuracy and Marketing of
WHOIS Data.  The WHOIS Task Force was created by ICANN's Domain Name
Supporting Organization's (DNSO) Names Council in February 2001 to
give advice on WHOIS Policy and to review whether any changes should
be made to ICANN's WHOIS policy for the .com/.net/.org domains as set
out under the Registrar Accreditation Agreement (RAA).

In its report, the Task Force suggested a number of changes with
respect to marketing of WHOIS data.  First, it recommended that the
provisions of the RAA allowing for use of bulk access data for
marketing purposes be eliminated -- or at the very least altered -- to
require registrars to grant individuals the right to decide whether
they want to be included in such marketing.  Currently, the RAA states
that registrars may (rather than must) allow individuals to opt-out of
bulk access for marketing purposes.  Secondly, it recommended
increased enforcement of any new provisions on bulk access.  It
raised, but did not decide, the question of whether licensees of bulk
access data who breach a bulk access agreement (for example, by using
the data for mass unsolicited marketing) should be prohibited from
entering into any future bulk access agreement.  Finally, it
recommended further study on whether there are any legitimate uses of
bulk access data or whether it should simply be eliminated.

The Task Force acknowledged that many other privacy issues relating to
ordinary WHOIS data still exist, such as who should get access to this
data, in what form and under what conditions.  It recommended that the
Names Council continue to allow it to address these issues.  EPIC has
previously advocated stronger privacy protections for individuals
registering domain names.  In 2001, EPIC sent two letters to Congress
arguing that there should be restrictions on the secondary use and
sale of WHOIS data; that personal information, beyond that which is
necessary for contacting systems administrators about network or
security problems, should not be included in the publicly accessible
database; and that there should be a way for individuals to
anonymously or pseudonymously register domain names.

The Task Force will ask the Names Council to endorse its
recommendations on accuracy and marketing at ICANN's annual meeting,
which is taking place this year in Amsterdam on December 14-15, 2002.
Members of the public are invited to attend an open forum on December
14 from 1:30 to 5:00 p.m.

The Task Force report is available at:


Information about ICANN's Amsterdam meeting is available at:


EPIC's 2001 letters to are available at:


[5] CA Senators Introduce Financial Privacy Legislation

California Senator Jackie Speier (D-San Mateo) and Senate President
John Burton (D-San Francisco) have introduced SB 1, The California
Financial Information Privacy Act.  The Act requires financial
institutions to obtain opt-in consent from customers before they can
exploit personal information by transmitting it to non-affiliated
companies.  Financial institutions could transmit personal information
to affiliates under an opt-out standard.  The law also creates civil
penalties with liquidated damages for violations.

Speier's bill would significantly improve Californians' financial
privacy rights.  Currently, under the Gramm-Leach-Bliley Act (a
federal law passed in 1999), consumers cannot opt out of affiliate
information transmission at all, and have only opt-out protections for
non-affiliate information use.  To defeat Speier's earlier attempts in
enacting financial privacy protections, the banking, insurance, and
brokerage industries spent more than $20 million in lobbying

Two weeks ago, Speier sent a letter to financial institutions,
requesting them to reveal the nature and extent of consumer
information use.  The letter attempts to track, among other things,
whether institutions are employing joint marketing agreement loophole
in federal law in order to exploit personal financial information.

California Senate Bill 1, the Financial Information Privacy Act:


Letter from Senator Speier to Financial Institutions:


EPIC Gramm-Leach-Bliley Page:


[6] Nominations Sought for 2003 PEN/Newman's Own First Amendment Award

PEN American Center and Newman's Own annually honor an individual who
has fought to safeguard the First Amendment right of freedom of
expression in the United States.

Any individual who has worked to protect freedom of expression in the
United States as it applies to the written word -- such as a writer,
publisher, journalist, editor, bookseller, schoolteacher, or librarian
-- is eligible.  Especially sought are those whose achievements have
not otherwise garnered recognition through institutional affiliation
or public visibility.  For example, a candidate may have:

     * worked to restore a banned book to the classrooms or
     library shelves of a school;

     * called for the reinstatement of a newspaper or magazine
     editor fired as a result of his or her writing;

     * published a controversial book despite unjustified
     threats of libel action;

     * overcome harassment by a hostile section of a community
     while mobilizing a project against censorship;

     * waged a costly and time-consuming lawsuit in defense of
     the First Amendment; or

     * performed any other extraordinary act to defend freedom
     of the written word.

The actions for which the candidate is nominated must have occurred
within the past five years.

Each individual candidate should be suggested by a nominator, who may
or may not be affiliated with the literary, journalistic, educational,
legal, or human rights communities.

A cash award of $25,000, accompanied by a limited-edition artwork,
will be presented to the winner at the PEN Benefit Dinner in spring

The deadline for submitting nominations is December 31, 2002.

The nomination form is available online at:


[7] Subscribe - Access Reports

The top newsletter for open government and the Freedom of Information
Act is Access Reports, published by Harry A. Hammitt.  A typical issue
includes information on recent court decisions, legislative
developments, and opinion and analysis.  Access Reports also provides
an extensive index on open government and FOIA issues.  Available by
e-mail and postal mail, Access Reports also provides a Reference File

EPIC recently joined with Access Reports to publish "Litigation Under
the Federal Open Government Laws" (see "EPIC Publications" below).  We
highly recommend the Access Reports newsletter to our readers as an
excellent source of up-to-date information.

For subscription information, contact Access Reports, 1624 Dogwood
Lane, Lynchburg VA 24503. 434/384-5334 (tel); 434/384-8272 (fax);
hhammitt@accessreports.com (e-mail); http://www.accessreports.com/


EPIC Publications:

"The Privacy Law Sourcebook 2002: United States Law, International
Law, and Recent Developments," Marc Rotenberg, editor (EPIC 2002).
Price: $40. http://www.epic.org/bookstore/pls2002/

The "Physicians Desk Reference of the privacy world."  An invaluable
resource for students, attorneys, researchers and journalists who need
an up-to-date collection of U.S. and International privacy law, as
well as a comprehensive listing of privacy resources.


"FOIA 2002: Litigation Under the Federal Open Government Laws," Harry
Hammitt, David Sobel and Mark Zaid, editors (EPIC 2002). Price: $40.

This is the standard reference work covering all aspects of the
Freedom of Information Act, the Privacy Act, the Government in the
Sunshine Act, and the Federal Advisory Committee Act.  The 21st
edition fully updates the manual that lawyers, journalists and
researchers have relied on for more than 25 years.  For those who
litigate open government cases (or need to learn how to litigate
them), this is an essential reference manual.

"Privacy & Human Rights 2002: An International Survey of Privacy Laws
and Developments" (EPIC 2002). Price: $25.

This survey, by EPIC and Privacy International, reviews the state of
privacy in over fifty countries around the world.  The survey examines
a wide range of privacy issues including data protection, telephone
tapping, genetic databases, video surveillance, location tracking, ID
systems and freedom of information laws.


"Filters and Freedom 2.0: Free Speech Perspectives on Internet Content
Controls" (EPIC 2001). Price: $20.

A collection of essays, studies, and critiques of Internet content
filtering.  These papers are instrumental in explaining why filtering
threatens free expression.


"The Consumer Law Sourcebook 2000: Electronic Commerce and the Global
Economy," Sarah Andrews, editor (EPIC 2000). Price: $40.

The Consumer Law Sourcebook provides a basic set of materials for
consumers, policy makers, practitioners and researchers who are
interested in the emerging field of electronic commerce.  The focus is
on framework legislation that articulates basic rights for consumers
and the basic responsibilities for businesses in the online economy.


"Cryptography and Liberty 2000: An International Survey of Encryption
Policy," Wayne Madsen and David Banisar, authors (EPIC 2000). Price:
$20. http://www.epic.org/crypto&/

EPIC's third survey of encryption policies around the world.  The
results indicate that the efforts to reduce export controls on strong
encryption products have largely succeeded, although several
governments are gaining new powers to combat the perceived threats of
encryption to law enforcement.
EPIC publications and other books on privacy, open government, free
expression, crypto and governance can be ordered at:
     EPIC Bookstore
     "EPIC Bookshelf" at Powell's Books
[8] Upcoming Conferences and Events

18th Annual Computer Security Applications Conference (ACSAC):
Practical Solutions to Real Security Problems. Applied Computer
Security Associates. December 9-13, 2002. Las Vegas, NV. For more
information: http://www.acsac.org/

Call for Proposals: December 13, 2002. O'Reilly Emerging Technology
Conference. April 22-25, 2003. Santa Clara, CA. For more information:

Government Convention on Emerging Technologies. Defending America
Together: The New Era. Government Emerging Technology Alliance (GETA).
January 8-10, 2003. Las Vegas, NV. For more information:

O'Reilly Bioinformatics Technology Conference. February 3-6, 2003.
San Diego, CA. For more information:

Politics of Code: Shaping the Future of the Next Internet. Oxford
University Programme in Comparative Media Law and Policy. February 6,
2003. Oxford, England. For more information:

Third Annual Privacy Summit. International Association of Privacy
Officers. February 26-28, 2003. Washington, DC. For more information:

Spectrum Policy: Property or Commons? Stanford Law School Center for
Internet and Society. March 1, 2003. For more information:

P&AB's Privacy Practitioners' Workshop and Ninth Annual National
Conference. Privacy & American Business. March 12-14, 2002.
Washington, DC. For more information:

CFP2003: 13th Annual Conference on Computers, Freedom, and Privacy.
Association for Computing Machinery (ACM). April 1-4, 2003. New York,
NY. For more information: http://www.cfp2003.org/

O'Reilly Open Source Convention. July 7-11, 2003. Portland, OR. For
more information: http://conferences.oreilly.com/oscon/

Subscription Information
Subscribe/unsubscribe via Web interface:

Subscribe/unsubscribe via e-mail:
     To: epic_news-request@mailman.epic.org
     Subject line: "subscribe" or "unsubscribe" (no quotes)
Help with subscribing/unsubscribing:

     To: epic_news-request@mailman.epic.org
     Subject: "help" (no quotes)
Back issues are available at:

The EPIC Alert displays best in a fixed-width font, such as Courier.
Privacy Policy
The EPIC Alert mailing list is used only to mail the EPIC Alert and to
send notices about EPIC activities.  We do not sell, rent or share our
mailing list.  We also intend to challenge any subpoena or other legal
process seeking access to our mailing list.  We do not enhance (link
to other databases) our mailing list or require your actual name.
In the event you wish to subscribe or unsubscribe your e-mail address
from this list, please follow the above instructions under
"subscription information".  Please contact info@epic.org if you would
like to change your subscription e-mail address, if you are
experiencing subscription/unsubscription problems, or if you have any
other questions.
About EPIC
The Electronic Privacy Information Center is a public interest
research center in Washington, DC.  It was established in 1994 to
focus public attention on emerging privacy issues such as the Clipper
Chip, the Digital Telephony proposal, national ID cards, medical
record privacy, and the collection and sale of personal information.
EPIC publishes the EPIC Alert, pursues Freedom of Information Act
litigation, and conducts policy research.  For more information,
e-mail info@epic.org, http://www.epic.org or write EPIC, 1718
Connecticut Ave., NW, Suite 200, Washington, DC 20009.
+1 202 483 1140 (tel), +1 202 483 1248 (fax).
If you'd like to support the work of the Electronic Privacy
Information Center, contributions are welcome and fully
tax-deductible.  Checks should be made out to "EPIC" and sent to
1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009.
Or you can contribute online at:

Drink coffee, support civil liberties, get a tax deduction, and learn
Latin at the same time!  Receive a free epic.org "sed quis custodiet
ipsos custodes?" coffee mug with donation of $75 or more.
Your contributions will help support Freedom of Information Act and
First Amendment litigation, strong and effective advocacy for the
right of privacy and efforts to oppose government regulation of
encryption and expanding wiretapping powers.
Thank you for your support.
   ---------------------- END EPIC Alert 9.24 -----------------------