============================================================== @@@@ @@@@ @@@ @@@@ @ @ @@@@ @@@@ @@@@@ @ @ @ @ @ @ @ @ @ @ @ @ @@@@ @@@ @ @ @@@@@ @ @@@ @@@ @ @ @ @ @ @ @ @ @ @ @ @ @@@@ @ @@@ @@@@ @ @ @@@@ @@@@ @ @ @ ============================================================== Volume 9.24 December 12, 2002 -------------------------------------------------------------- Published by the Electronic Privacy Information Center (EPIC) Washington, D.C. http://www.epic.org/alert/EPIC_Alert_9.24.html ** HAPPY HOLIDAYS! ** ======================================================================= Table of Contents ======================================================================= [1] EPIC Files Suit for "No-Fly List" Information [2] EPIC Submits Comments on TCPA, ENUM, FCC Broadcast Flag Mandate [3] DC Council Hearing on Camera Regs; 12/24 is World Sousveillance Day [4] ICANN Task Force Issues New Policy Report on WHOIS Data [5] CA Senators Introduce Financial Privacy Legislation [6] Nominations Sought for 2003 PEN/Newman's Own First Amendment Award [7] Subscribe - Access Reports [8] Upcoming Conferences and Events ======================================================================= [1] EPIC Files Suit for "No-Fly List" Information ======================================================================= Seeking information about aviation security watchlists, EPIC yesterday filed a Freedom of Information Act (FOIA) lawsuit against the Transportation Security Administration (TSA) in federal court in Washington. The legislation creating TSA authorizes the agency to maintain such lists, which reportedly have been used to interfere with the travel of political activists. EPIC's lawsuit seeks, among other things, TSA's criteria for putting people on so-called "no-fly lists" that apparently bar some passengers from flying and subject others to extensive scrutiny. The Aviation Security and Transportation Act, passed in the wake of the September 11, 2001 terrorist attacks, authorizes TSA to maintain watchlists and notify law enforcement, aviation and airline officials of the names of people suspected of posing "a risk of air piracy or terrorism or a threat to airline or passenger safety." In a FOIA request submitted to TSA in early October, EPIC requested information about the number of names on all aviation-security watchlists, procedures for posting and removing names and all complaints from people who claim to have mistakenly been included on the lists. TSA failed to respond to the request within the legal time limit, prompting EPIC's lawsuit. EPIC has also sought information from TSA on its updated Computer Assisted Passenger Pre-screening System (CAPPS-II). The basic structure of passenger profiling is to use an algorithm to determine indicators of characteristics or patterns that are related to the occurrence of certain behavior. The CAPPS-II initiative will expand the range of databases searched for suspicious activity so that each airline passenger will be subjected to extensive profiling. Retired Admiral John Poindexter's office in the Defense Department is considering developing a similar "Total Information Awareness" system (which is also the subject of pending EPIC FOIA requests). See EPIC Alert 9.23. In another lawsuit involving the privacy impact of post-September 11 initiatives, a federal judge on November 26 ordered the Justice Department to complete its processing of an EPIC information request concerning the USA PATRIOT Act by January 15. EPIC, joined by the American Civil Liberties Union and library and booksellers' organizations, filed the FOIA lawsuit seeking the disclosure of information concerning implementation of the controversial anti-terrorism law. See EPIC Alert 9.20. EPIC's "no-fly list" lawsuit is available at: http://www.epic.org/privacy/airtravel/tsa_foia_suit.pdf Background information is available at EPIC's Air Travel Privacy Page: http://www.epic.org/privacy/airtravel/ ======================================================================= [2] EPIC Submits Comments on TCPA, ENUM, FCC Broadcast Flag Mandate ======================================================================= EPIC has recently filed comments on the Telephone Consumer Protection Act (TCPA), Electronic Numbering (ENUM), and the Digital Television Broadcast Flag. In comments to the Federal Communications Commission (FCC), ten leading civil liberties and consumer groups joined EPIC in support of greater protections against telemarketing under the TCPA. The comments support a national do-not-call (DNC) list that allows Internet, telephone, and mail enrollment, and a requirement that sales callers transmit caller ID information. The comments also negate the inflated statistics used by the telemarketing industry to stave off consumer protections. Earlier this year, the Federal Trade Commission (FTC) had also requested comments on the creation of a DNC list. The FTC is expected to issue a rule on their telemarketing comments this month. EPIC also filed comments with the ENUM Forum, a group charged with implementation of ENUM in the United States. ENUM is a system that links phone numbers to IP addresses. In doing so, users can store contact information that can be accessed by another person through the use of one phone number. The comments warn that ENUM presents significant risks to privacy, especially with regard to receiving unsolicited commercial messages, and that the ENUM Forum has not considered issues surrounding law enforcement access to ENUM data, nor incorporated substantive privacy protections for users. In comments to the FCC, EPIC recommended against the creation of a digital television broadcast flag unless it incorporates affirmative privacy protections and ensures the ability of individuals to consume television content anonymously. The broadcast flag initiative is designed to quicken the adoption of digital broadcasting, and to protect content transmitted digitally. The comments argue that the broadcast flag is unnecessary to facilitate this transition, and that piracy risks do not justify creation of the flag. Comments on Rules and Regulations Implementing the Telephone Consumer Protection Act of 1991: http://www.epic.org/privacy/telemarketing/tcpacomments.html EPIC's Telemarketing Page: http://www.epic.org/privacy/telemarketing/ Comments on ENUM: http://www.epic.org/privacy/enum/enumcomments11.02.html EPIC's ENUM Page: http://www.epic.org/privacy/enum/ Comments on the Digital Broadcast Flag: http://www.epic.org/privacy/drm/broadcastflagcomments.html EPIC's Digital Rights Management and Privacy Page: http://www.epic.org/privacy/drm/ ======================================================================= [3] DC Council Hearing on Camera Regs; 12/24 is World Sousveillance Day ======================================================================= A hearing on "Issues Concerning the Use of Video Surveillance in the District of Columbia" was held today before the DC Council, at which EPIC Executive Director Marc Rotenberg testified. The hearing considered DC Council member Kathy Patterson's new bill to regulate the Metropolitan Police Department's surveillance cameras, and an alternative bill proposed by the ACLU. Witnesses included George Radwanski, the Canadian Privacy Commissioner; a law enforcement expert; and several privacy specialists and representatives from civil liberties organizations. Patterson's bill (the "Limited Authorization of Video Surveillance and Privacy Protection Act of 2002"), in its current form, authorizes the police cameras already in place for specified law enforcement, security and management purposes. It also provides for an elaborate procedure requiring a court order for law enforcement use of video surveillance in cases where individuals' privacy is most prone to abuse. A second bill (the "District of Columbia Anti-Surveillance Act of 2002") prohibits "general video surveillance," defined as any video surveillance of outdoor public areas that differs from surveillance used in the context of criminal investigations or for traffic monitoring and building security purposes. EPIC has proposed a draft bill for the DC City Council (the "District of Columbia Anti- Surveillance and Privacy Protection Act of 2002") that combines the procedural safeguards in the Patterson bill with the prohibition against general video surveillance. EPIC Alert readers, Washington residents, and other interested parties can participate in the ongoing public debate over the proposed legislation by continuing to send comments to Council members, either by e-mail to: <dccouncil@dccouncil.washington.dc.us> or by postal mail to: Ms. Phyllis Jones, Secretary to the Council, Suite 5, John A. Wilson Building, 1350 Pennsylvania Avenue, N.W., Washington, DC 20004. People around the world will be protesting surveillance cameras on December 24, which has been declared "World Sousveillance Day" or "World Subjectrights Day" by an international coalition of artists, scientists, engineers, scholars, and others. The idea of "sousveillance" is in opposition to surveillance, and can be loosely defined as "watchful vigilance from below." On December 24, people are invited to call into question the growing phenomenon of video surveillance in public and private spaces by "watching the watchers": one may photograph, videotape, or otherwise document video surveillance cameras in private places (stores, shopping malls, buildings) and in public areas (parks, streets, squares, building surroundings, etc.). Government and corporation officials, while they engage in video surveillance on a regular basis, often prohibit others from taking pictures or video within their establishments. On World Sousveillance Day, however, many people will be photographing these officials, their establishments, and their security systems to show their vigilance and their opposition to the sprawl of surveillance cameras into every aspect of life. For people interested in documenting surveillance in the District of Columbia, more information on the location of the DC police cameras is available at the Observing Surveillance Web site (URL below). Observing Surveillance: http://www.observingsurveillance.org/ New "DC Police Cameras" Slide Show (updated 12/11): http://observingsurveillance.us/cgi-bin/show.pl EPIC's Video Surveillance Page: http://www.epic.org/privacy/surveillance/ "World Sousveillance Day" Web site: http://wearcam.org/wsd.htm ======================================================================= [4] ICANN Task Force Issues New Policy Report on WHOIS Data ======================================================================= On November 30, 2002, ICANN's WHOIS Task Force issued a Policy Report containing consensus recommendations on the Accuracy and Marketing of WHOIS Data. The WHOIS Task Force was created by ICANN's Domain Name Supporting Organization's (DNSO) Names Council in February 2001 to give advice on WHOIS Policy and to review whether any changes should be made to ICANN's WHOIS policy for the .com/.net/.org domains as set out under the Registrar Accreditation Agreement (RAA). In its report, the Task Force suggested a number of changes with respect to marketing of WHOIS data. First, it recommended that the provisions of the RAA allowing for use of bulk access data for marketing purposes be eliminated -- or at the very least altered -- to require registrars to grant individuals the right to decide whether they want to be included in such marketing. Currently, the RAA states that registrars may (rather than must) allow individuals to opt-out of bulk access for marketing purposes. Secondly, it recommended increased enforcement of any new provisions on bulk access. It raised, but did not decide, the question of whether licensees of bulk access data who breach a bulk access agreement (for example, by using the data for mass unsolicited marketing) should be prohibited from entering into any future bulk access agreement. Finally, it recommended further study on whether there are any legitimate uses of bulk access data or whether it should simply be eliminated. The Task Force acknowledged that many other privacy issues relating to ordinary WHOIS data still exist, such as who should get access to this data, in what form and under what conditions. It recommended that the Names Council continue to allow it to address these issues. EPIC has previously advocated stronger privacy protections for individuals registering domain names. In 2001, EPIC sent two letters to Congress arguing that there should be restrictions on the secondary use and sale of WHOIS data; that personal information, beyond that which is necessary for contacting systems administrators about network or security problems, should not be included in the publicly accessible database; and that there should be a way for individuals to anonymously or pseudonymously register domain names. The Task Force will ask the Names Council to endorse its recommendations on accuracy and marketing at ICANN's annual meeting, which is taking place this year in Amsterdam on December 14-15, 2002. Members of the public are invited to attend an open forum on December 14 from 1:30 to 5:00 p.m. The Task Force report is available at: http://www.epic.org/redirect/dnso.html Information about ICANN's Amsterdam meeting is available at: http://www.icann.org/amsterdam/ EPIC's 2001 letters to are available at: http://www.epic.org/privacy/internet/whois_0701.html http://www.epic.org/privacy/internet/ICANN_privacy.html ======================================================================= [5] CA Senators Introduce Financial Privacy Legislation ======================================================================= California Senator Jackie Speier (D-San Mateo) and Senate President John Burton (D-San Francisco) have introduced SB 1, The California Financial Information Privacy Act. The Act requires financial institutions to obtain opt-in consent from customers before they can exploit personal information by transmitting it to non-affiliated companies. Financial institutions could transmit personal information to affiliates under an opt-out standard. The law also creates civil penalties with liquidated damages for violations. Speier's bill would significantly improve Californians' financial privacy rights. Currently, under the Gramm-Leach-Bliley Act (a federal law passed in 1999), consumers cannot opt out of affiliate information transmission at all, and have only opt-out protections for non-affiliate information use. To defeat Speier's earlier attempts in enacting financial privacy protections, the banking, insurance, and brokerage industries spent more than $20 million in lobbying expenditures. Two weeks ago, Speier sent a letter to financial institutions, requesting them to reveal the nature and extent of consumer information use. The letter attempts to track, among other things, whether institutions are employing joint marketing agreement loophole in federal law in order to exploit personal financial information. California Senate Bill 1, the Financial Information Privacy Act: http://www.epic.org/redirect/ca_senate.html Letter from Senator Speier to Financial Institutions: http://www.epic.org/privacy/glba/speierltr11.19.02.html EPIC Gramm-Leach-Bliley Page: http://www.epic.org/privacy/glba/ ======================================================================= [6] Nominations Sought for 2003 PEN/Newman's Own First Amendment Award ======================================================================= PEN American Center and Newman's Own annually honor an individual who has fought to safeguard the First Amendment right of freedom of expression in the United States. Any individual who has worked to protect freedom of expression in the United States as it applies to the written word -- such as a writer, publisher, journalist, editor, bookseller, schoolteacher, or librarian -- is eligible. Especially sought are those whose achievements have not otherwise garnered recognition through institutional affiliation or public visibility. For example, a candidate may have: * worked to restore a banned book to the classrooms or library shelves of a school; * called for the reinstatement of a newspaper or magazine editor fired as a result of his or her writing; * published a controversial book despite unjustified threats of libel action; * overcome harassment by a hostile section of a community while mobilizing a project against censorship; * waged a costly and time-consuming lawsuit in defense of the First Amendment; or * performed any other extraordinary act to defend freedom of the written word. The actions for which the candidate is nominated must have occurred within the past five years. Each individual candidate should be suggested by a nominator, who may or may not be affiliated with the literary, journalistic, educational, legal, or human rights communities. A cash award of $25,000, accompanied by a limited-edition artwork, will be presented to the winner at the PEN Benefit Dinner in spring 2003. The deadline for submitting nominations is December 31, 2002. The nomination form is available online at: http://www.pen.org/freedom/app2003.htm ======================================================================= [7] Subscribe - Access Reports ======================================================================= The top newsletter for open government and the Freedom of Information Act is Access Reports, published by Harry A. Hammitt. A typical issue includes information on recent court decisions, legislative developments, and opinion and analysis. Access Reports also provides an extensive index on open government and FOIA issues. Available by e-mail and postal mail, Access Reports also provides a Reference File service. EPIC recently joined with Access Reports to publish "Litigation Under the Federal Open Government Laws" (see "EPIC Publications" below). We highly recommend the Access Reports newsletter to our readers as an excellent source of up-to-date information. For subscription information, contact Access Reports, 1624 Dogwood Lane, Lynchburg VA 24503. 434/384-5334 (tel); 434/384-8272 (fax); hhammitt@accessreports.com (e-mail); http://www.accessreports.com/ ================================ EPIC Publications: "The Privacy Law Sourcebook 2002: United States Law, International Law, and Recent Developments," Marc Rotenberg, editor (EPIC 2002). Price: $40. http://www.epic.org/bookstore/pls2002/ The "Physicians Desk Reference of the privacy world." An invaluable resource for students, attorneys, researchers and journalists who need an up-to-date collection of U.S. and International privacy law, as well as a comprehensive listing of privacy resources. ================================ "FOIA 2002: Litigation Under the Federal Open Government Laws," Harry Hammitt, David Sobel and Mark Zaid, editors (EPIC 2002). Price: $40. http://www.epic.org/bookstore/foia2002/ This is the standard reference work covering all aspects of the Freedom of Information Act, the Privacy Act, the Government in the Sunshine Act, and the Federal Advisory Committee Act. The 21st edition fully updates the manual that lawyers, journalists and researchers have relied on for more than 25 years. For those who litigate open government cases (or need to learn how to litigate them), this is an essential reference manual. ================================ "Privacy & Human Rights 2002: An International Survey of Privacy Laws and Developments" (EPIC 2002). Price: $25. http://www.epic.org/bookstore/phr2002/ This survey, by EPIC and Privacy International, reviews the state of privacy in over fifty countries around the world. The survey examines a wide range of privacy issues including data protection, telephone tapping, genetic databases, video surveillance, location tracking, ID systems and freedom of information laws. ================================ "Filters and Freedom 2.0: Free Speech Perspectives on Internet Content Controls" (EPIC 2001). Price: $20. http://www.epic.org/bookstore/filters2.0/ A collection of essays, studies, and critiques of Internet content filtering. These papers are instrumental in explaining why filtering threatens free expression. ================================ "The Consumer Law Sourcebook 2000: Electronic Commerce and the Global Economy," Sarah Andrews, editor (EPIC 2000). Price: $40. http://www.epic.org/cls/ The Consumer Law Sourcebook provides a basic set of materials for consumers, policy makers, practitioners and researchers who are interested in the emerging field of electronic commerce. The focus is on framework legislation that articulates basic rights for consumers and the basic responsibilities for businesses in the online economy. ================================ "Cryptography and Liberty 2000: An International Survey of Encryption Policy," Wayne Madsen and David Banisar, authors (EPIC 2000). Price: $20. http://www.epic.org/crypto&/ EPIC's third survey of encryption policies around the world. The results indicate that the efforts to reduce export controls on strong encryption products have largely succeeded, although several governments are gaining new powers to combat the perceived threats of encryption to law enforcement. ================================ EPIC publications and other books on privacy, open government, free expression, crypto and governance can be ordered at: EPIC Bookstore http://www.epic.org/bookstore/ "EPIC Bookshelf" at Powell's Books http://www.powells.com/features/epic/epic.html ======================================================================= [8] Upcoming Conferences and Events ======================================================================= 18th Annual Computer Security Applications Conference (ACSAC): Practical Solutions to Real Security Problems. Applied Computer Security Associates. December 9-13, 2002. Las Vegas, NV. For more information: http://www.acsac.org/ Call for Proposals: December 13, 2002. O'Reilly Emerging Technology Conference. April 22-25, 2003. Santa Clara, CA. For more information: http://conferences.oreilly.com/etcon/ Government Convention on Emerging Technologies. Defending America Together: The New Era. Government Emerging Technology Alliance (GETA). January 8-10, 2003. Las Vegas, NV. For more information: http://federalevents.com/govcon/ O'Reilly Bioinformatics Technology Conference. February 3-6, 2003. San Diego, CA. For more information: http://conferences.oreilly.com/macosxcon/ Politics of Code: Shaping the Future of the Next Internet. Oxford University Programme in Comparative Media Law and Policy. February 6, 2003. Oxford, England. For more information: http://pcmlp.socleg.ox.ac.uk/code/ Third Annual Privacy Summit. International Association of Privacy Officers. February 26-28, 2003. Washington, DC. For more information: http://www.privacyassociation.org/html/conferences.html Spectrum Policy: Property or Commons? Stanford Law School Center for Internet and Society. March 1, 2003. For more information: http://cyberlaw.stanford.edu/spectrum/ P&AB's Privacy Practitioners' Workshop and Ninth Annual National Conference. Privacy & American Business. March 12-14, 2002. Washington, DC. For more information: http://www.pandab.org/postcard.pdf CFP2003: 13th Annual Conference on Computers, Freedom, and Privacy. Association for Computing Machinery (ACM). April 1-4, 2003. New York, NY. For more information: http://www.cfp2003.org/ O'Reilly Open Source Convention. July 7-11, 2003. Portland, OR. For more information: http://conferences.oreilly.com/oscon/ ======================================================================= Subscription Information ======================================================================= Subscribe/unsubscribe via Web interface: http://mailman.epic.org/cgi-bin/mailman/listinfo/epic_news Subscribe/unsubscribe via e-mail: To: epic_news-request@mailman.epic.org Subject line: "subscribe" or "unsubscribe" (no quotes) Help with subscribing/unsubscribing: To: epic_news-request@mailman.epic.org Subject: "help" (no quotes) Back issues are available at: http://www.epic.org/alert/ The EPIC Alert displays best in a fixed-width font, such as Courier. ======================================================================= Privacy Policy ======================================================================= The EPIC Alert mailing list is used only to mail the EPIC Alert and to send notices about EPIC activities. We do not sell, rent or share our mailing list. We also intend to challenge any subpoena or other legal process seeking access to our mailing list. We do not enhance (link to other databases) our mailing list or require your actual name. In the event you wish to subscribe or unsubscribe your e-mail address from this list, please follow the above instructions under "subscription information". Please contact info@epic.org if you would like to change your subscription e-mail address, if you are experiencing subscription/unsubscription problems, or if you have any other questions. ======================================================================= About EPIC ======================================================================= The Electronic Privacy Information Center is a public interest research center in Washington, DC. It was established in 1994 to focus public attention on emerging privacy issues such as the Clipper Chip, the Digital Telephony proposal, national ID cards, medical record privacy, and the collection and sale of personal information. EPIC publishes the EPIC Alert, pursues Freedom of Information Act litigation, and conducts policy research. For more information, e-mail info@epic.org, http://www.epic.org or write EPIC, 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009. +1 202 483 1140 (tel), +1 202 483 1248 (fax). If you'd like to support the work of the Electronic Privacy Information Center, contributions are welcome and fully tax-deductible. Checks should be made out to "EPIC" and sent to 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009. Or you can contribute online at: http://www.epic.org/donate/ ======================================================================= Drink coffee, support civil liberties, get a tax deduction, and learn Latin at the same time! Receive a free epic.org "sed quis custodiet ipsos custodes?" coffee mug with donation of $75 or more. ======================================================================= Your contributions will help support Freedom of Information Act and First Amendment litigation, strong and effective advocacy for the right of privacy and efforts to oppose government regulation of encryption and expanding wiretapping powers. Thank you for your support. ---------------------- END EPIC Alert 9.24 ----------------------- .