EPIC logo




=======================================================================
                         E P I C  A l e r t
=======================================================================
Year in Review                                         January 11, 2005
-----------------------------------------------------------------------

                          Published by the
            Electronic Privacy Information Center (EPIC)
                          Washington, D.C.
                           
           http://www.epic.org/alert/EPIC_Alert_yir2004.html

======================================================================
       2 0 0 4   P R I V A C Y   Y E A R   I N   R E V I E W
======================================================================

Privacy debates continued in the United States in 2004 as proposals
for passenger profiling and new identity cards provoked public protest
and legislation.  Google announced a new email service that offered
lots of free storage while also peeking at the users' private
messages.  ID theft continued to be a national problem.  And some
states, most notably California, adopted new laws to safeguard
personal privacy.

Here are the Top Ten Privacy Stories of 2004 from the Electronic
Privacy Information Center (EPIC):

*  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *

Foreign Opposition to USA PATRIOT Act

The USA PATRIOT Act, which gave government new authority to collect
information about American citizens and visitors to the United States,
came under increasing criticism from foreign governments in 2004.
Latin American countries objected to sending census data and voter
records to U.S. law enforcement agencies.  Canadian officials warned
that the Patriot Act would violate Canadian law.

*  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *

Google Datamines Private Email

Apparently, there is a shortage of advertising on the Internet.  At
least that must be part of the thinking behind Google's Gmail.  The
new email service links keywords in private messages with web-based
advertising.  Messages to business colleagues, family members, and
loved ones now produce discount travel offers and 10% off restaurant
deals.  Question to Google CEO Eric Schmidt: do we get to read your
email?

*  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *

Expansion of US-VISIT

US-VISIT, an entry-exit border control system, launched in 2004.
Europeans bristled when fingerprinted at U.S. airports.  In Brazil a
judge retaliated.  He okayed the fingerprinting of U.S. tourists,
citing the U.S. government's treatment of visitors. US-VISIT expanded
rapidly following the award of a $15 billion contract to Accenture, a
Bermuda-based corporation that entered the U.S. to take the money and
then exited the country to avoid the corporate taxes. How about better
border control for corporate outsourcing?

*  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *

Death of Airline Passenger Profiling . . . Maybe

At a press conference in Washington, DC earlier in the year, Secretary
of Homeland Security Tom Ridge raised his hand as if to put a wooden
stake through the heart of "CAPPS II," the much-criticized passenger
profiling system.  An independent government review decided that
assigning a "terrorist threat index" was not a great idea.  Congress
and civil liberties groups slammed the program.  The funding was
pulled.  However, by year-end, a new passenger-screening program
called Secure Flight was moving forward. Next time, use garlic.

*  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *

U.S. Medical Records Go Overseas

Offshore outsourcing dramatically increases privacy risks, said a
government report in 2004.  So U.S. accountants proposed corporate
disclosure of outsourcing practices.  California passed a law to
notify consumers when their personal information went abroad.  But
elsewhere, countries expressed concern about privacy protections in
the United States. Canada pulled out of a contract with a U.S. company
that would have provided services for the 2006 Canadian census.

*  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *

Data Disclosures -- Mission Creep Continues

The IRS reported that it made 3.7 billion disclosures of tax return
information in 2003 for tax and non-tax law enforcement and
statistical purposes.  Meanwhile, the Pentagon proposed to use tax
returns to find "out-of-touch" reservists.  The General Accounting
Office and the Technology and Privacy Advisory Committee issued
reports on government data mining and sharing of public and private
sector personal information data.  The Census Bureau revised its
information sharing policy when it came to light that it has provided
information to Homeland Security on persons identifying themselves as
being of Arab ancestry.

*  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *

States Pull Out of Mini-Total Information Awareness Project

Of the thirteen states originally agreeing to participate in the
Multistate Anti-Terrorism Information Exchange (MATRIX), only five
remain.  The program was an effort to establish a state-level data
mining project similar to the Total Information Awareness project
killed by Congress in 2003.  State governors and attorneys cited their
own states' privacy laws.

*  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *

ID Theft a Growing Problem; Laws Stiffen Penalties

ID theft was the number one consumer complaint received by the Federal
Trade Commission in 2004.  In response, Congress enacted laws to
provide stronger penalties for ID theft and "phishing," the use of
fake email addresses to lure sensitive personal information such as
credit card numbers from people.

*  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *

Prevent More Stringent ID Requirements for Voters

The Help America Vote Act placed greater identification requirements
on voters registering for the first time.  This meant an excessive
burden was placed on those who wished to vote, but did not drive or
have a need for a state-issued identification card.  However, charges
of voter fraud during the 2004 election season persisted, which may
spur Congress and state legislatures to make greater identification
demands on current and newly registered voters as well as anyone
attempting to vote.

*  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *

California Continues Privacy Reforms

While lawmakers in Washington dined with lobbyists, legislators in
Sacramento were enacting some of the best new privacy laws in the
United States.  Among the new safeguards from the country's leading
privacy state -- laws that limit electronic surveillance in rental
cars, controls on the Social Security Number, a crackdown on spam and
spyware, and new protections for wireless phone numbers.

======================================================================
ISSUES TO WATCH IN 2005
======================================================================

The USA PATRIOT Act is up for renewal, state drivers licenses may
become national identity cards, big companies will go after privacy
laws, and new tags in your food may be telling your refrigerator when
you need to buy more OJ.  George Orwell may have been off by a few
years, but privacy and technology are prepared to do battle again as a
new year unfolds.

*  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *

National ID

The queen of England has proposed that her subjects need a biometric
identifier, but the rest of the world is not so certain.  The United
States took a half step toward national ID with federal mandates for
the states' drivers licenses, but stopped short of a full-blown
domestic passport.  Expect a debate focused on the links between an
upgraded state drivers licenses and federal agency databases.

*  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *

USA PATRIOT Act Renewal

The USA PATRIOT Act passed not long after the Senate was evacuated
because of anthrax.  Now it's 2005 and Congress will need to decide
whether the Constitutional rollback will be permanent.  At issue are
the electronic surveillance provisions that minimized the role of the
courts and gave the Attorney General broad new powers.  Note to
Congress: real patriots defend the Constitution.  And question to the
FBI: who was responsible for the anthrax?

*  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *

Telemarketers Attack Privacy Rules

The telemarketers are gearing up in 2005 to go after the most popular
privacy rules in the Unites States.  The federal Do Not Call list now
includes more than 80 million subscribers who have just said no to
telemarketing calls at dinnertime.  But the direct marketers have a
new strategy to open up loopholes in the rules and resume the calls.
Also, watch the opt-in privacy safeguards for the wireless phone
directories collapse unless Congress passes legislation.  "Can you
hear me now?" "Yes, and please take me off your list."

*  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *

Google Tracks Reading?

The Net's number one search engine (and number one advertiser) is now
planning to convert many of the nation's libraries into digital
format.  A tremendous boon for the public domain, but the cost may be
the loss of reader privacy.  Remember to delete those Google cookies.

*  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *

Is it a Phone?  Is it the Internet?  It's VOIP!

Internet-based telephone service -- "VOIP" as the geeks and the policy
wonks say -- was expected to reach one million users by the end of
2004.  But is VOIP a telecommunications service or an information
service?  There are high stakes for privacy protection.  Will the Do
Not Call Registry apply to it?  Will providers be required to help law
enforcement access it?  And will we be able to prevent "spit" -- the
new term for unsolicited commercial messages delivered to VOIP users?
Stay tuned!

*  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *

Smart Barcodes, RFID, and Products that Spy

Now that the next-generation standard for RFIDs has been agreed to and
adopted, we'll see an expansion of RFID products developed for the
market and more organizations beginning to switch to RFID tracking
systems for their own convenience.  It will be necessary to develop
guidelines outlining the duties of RFID-using organizations and
setting out the rights of individuals who are exposed to RFID-enabled
products.  Must wonder if such guidelines are needed to address RFIDs
in biometric passports approved by the International Civil Aviation
Organization . . .

*  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *

Internet Privacy

Expect a continuing state of flux when it comes to Internet
communications and your privacy.  With spyware legislation, the
ongoing battles against spam, and the development of "spit," questions
about VOIP regulation and the application of law, not to mention the
upcoming decision in United States v. Councilman expected in spring
2005, the boundaries keep shifting.

*  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *

Outsourcing:  Frying Pan or Fire?

Outsourcing continues to be an issue on both the domestic and
international front.  Americans continue to be concerned about privacy
and security of offshore/outsourced data processing, tax return
preparation and call centers.  Meanwhile, Canada and other countries
are reviewing their own outsourcing to the U.S. after concerns were
raised about the capacity of U.S. authorities to access such records.
It is ironic to recollect that one of the motivating factors of data
protection schemes was concern about facilitating international
relationships -- will the USA PATRIOT Act and its consequences put an
end to such profitable relations?

*  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *

Centralized Voter Registration Databases

The Help America Vote Act requires that all states develop and
implement centralized voter registration databases by 2006.  The lack
of technical expertise on the part of state election administrators
may leave the centralization of voter registration lists to private
contractors or very insecure systems with poor administration.  Either
case will make it difficult to ensure that personally identifiable
information of registered voters will be protected from misuse or
abuse. Expect Congress to take a closer look at the privacy standards
for voter registration records.

*  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *

WHOIS Directory

WHOIS, the online database of the millions of people who registered
web sites, still lacks basic privacy safeguards.  After years of
review, the Internet Corporation for Assigned Names and Numbers
(ICANN), the folks who demand the data, should make 2005 the year it
finally establishes safeguards.  Note to ICANN: self-regulation does
not mean no regulation.

======================================================================
Privacy Policy
======================================================================

The EPIC Alert mailing list is used only to mail the EPIC Alert and to
send notices about EPIC activities.  We do not sell, rent or share our
mailing list.  We also intend to challenge any subpoena or other legal
process seeking access to our mailing list.  We do not enhance (link
to other databases) our mailing list or require your actual name.

In the event you wish to subscribe or unsubscribe your e-mail address
from this list, please follow the above instructions under
"subscription information."

======================================================================
About EPIC
======================================================================

The Electronic Privacy Information Center is a public interest
research center in Washington, DC.  It was established in 1994 to
focus public attention on emerging privacy issues such as the Clipper
Chip, the Digital Telephony proposal, national ID cards, medical
record privacy, and the collection and sale of personal information.
EPIC publishes the EPIC Alert, pursues Freedom of Information Act
litigation, and conducts policy research.  For more information, visit
http://www.epic.org or write EPIC, 1718 Connecticut Ave., NW, Suite
200, Washington, DC 20009. +1 202 483 1140 (tel), +1 202 483 1248
(fax).

If you'd like to support the work of the Electronic Privacy
Information Center, contributions are welcome and fully
tax-deductible.  Checks should be made out to "EPIC" and sent to 1718
Connecticut Ave., NW, Suite 200, Washington, DC 20009. Or you can
contribute online at:

      http://www.epic.org/donate

Your contributions will help support Freedom of Information Act and
First Amendment litigation, strong and effective advocacy for the
right of privacy and efforts to oppose government regulation of
encryption and expanding wiretapping powers.

Thank you for your support.

------------------ End EPIC 2004 Year in Review  ------------------

.