=======================================================================
E P I C A l e r t
=======================================================================
Year in Review December 30, 2005
-----------------------------------------------------------------------
Published by the
Electronic Privacy Information Center (EPIC)
Washington, D.C.
http://www.epic.org/alert/EPIC_Alert_yir2005.html
======================================================================
2 0 0 5 P R I V A C Y Y E A R I N R E V I E W
======================================================================
It's been an eventful year in privacy, right up to the end, with
revelations of government surveillance of activists, warrantless
wiretaps by the National Security Agency, and a Congressional staring
contest over the renewal of the Patriot Act. And the months preceding
this one were no less impressive, with data security laws, RFID, and
voter privacy making headlines.
Here are the Top Ten Privacy Stories of 2005 from the Electronic
Privacy Information Center (EPIC):
* * * * * * * * * * * * * * * * * * * * * * * *
PATRIOT Act Reauthorization Falls Short
This year ended with one of the biggest Congressional cliffhangers in
memory, with House and Senate leaders agreeing to a last-minute
temporary extension of the Patriot Act. The controversial law was set
to expire at the end of the year without Congressional authorization.
The debate leading up to December's last-minute brinksmanship centered
around the different versions of the Patriot Act reauthorization in
the House and Senate, with the Senate version including more oversight
for the most embattled surveillance provisions. Fierce debate is
expected to carry over into next year.
* * * * * * * * * * * * * * * * * * * * * * * *
Security Breaches on the Rise
This past year, more than 130 security breaches exposed at least 55
million Americans to ID theft. Culprits included poor security
practices, malicious insiders, and in some cases, even selling
information directly to identity thieves. The breaches came to light
only because of state laws that required companies to let consumers
know what had happened. This year, a gaggle of Congressional bills
came forward to address the problem. Some might have helped, adding
protections on a federal level. Some would have made the problem far
worse, by eliminating state protections and giving companies
incentives to hide their privacy and security failures.
* * * * * * * * * * * * * * * * * * * * * * * *
Defense Department Ignores Privacy Laws
Uncle Sam not only wants you, he wants your data, too. Earlier this
year, the Department of Defense proposed a joint marketing and
recruiting database that would track students and target them for
recruitment into the armed forces. Among the information kept on
students were ethnicity, phone numbers, e-mail addresses, intended
fields of study and extracurricular activities. The record system
even included parents' attitudes about military recruitment. The
Defense Department eventually revealed that it set up the system
before notifying the public, a clear violation of the Privacy Act.
* * * * * * * * * * * * * * * * * * * * * * * *
In Federal Court, a Good E-mail Privacy Decision
In August, a federal appeals court ruled that intercepting e-mails
violates the Wiretap Act, overturning a 2004 ruling by a three-judge
panel. The earlier decision said that if someone intercepted e-mails
when they were momentarily stored on a server before they were
received, the Wiretap Act didn't apply, since the Wiretap Act only
covers communications "in transit." The full panel disagreed,
protecting in-transit e-mails under the Wiretap Act, whether they are
on a server or being transmitted from one place to another.
* * * * * * * * * * * * * * * * * * * * * * * *
Privacy for Voters
The privacy of voters gained attention in 2005, as government agencies
tried to hammer out a set of guidelines for electronic voting systems.
Ensuring that the systems allow open auditing of the process, while
preserving the confidentiality of a person's vote, is fundamental to
any e-voting system. Voter privacy also won out in a recent Georgia
case, where a law requiring voters to present a state-issued photo ID
at the polls was struck down as unconstitutional. The ID law, which
did nothing to decrease registration fraud, would have discouraged
voter turnout among the poor, the elderly, and minority communities.
* * * * * * * * * * * * * * * * * * * * * * * *
State Department Drops Hi-Tech Passport Plan, But Problems Remain
The State Department planned to require small ID tags in new hi-tech
passports, until technical experts realized that the passports would
paint a bullseye on US citizens traveling overseas. The State
Department withdrew the original plan and added a few security
safeguards, but technology experts say travelers with the new
passports are still vulnerable. Projects are also underway to embed
the chips in immigration documents, government-issued ID, credit
cards, and a variety of consumer products and packaging. Aluminum
foil, anyone?
* * * * * * * * * * * * * * * * * * * * * * * *
NSA Domestic Spying Disclosed
Some of the biggest news in the privacy world waited until the very
end of 2005. In December, the New York Times reported that President
Bush had authorized the National Security Agency to spy on Americans
after September 11, 2001. The secretive agency is generally not
authorized to conduct domestic surveillance, and the Foreign
Intelligence Surveillance Act requires judicial review of wiretaps
related to national security. Now the White House is investigating the
New York Times for running the story.
* * * * * * * * * * * * * * * * * * * * * * * *
Problems Remain with Travel Screening Plans
Government agencies that profile airline passengers came under
increased scrutiny in 2005. Reports revealed that airlines disclosed
passenger information to the FBI and other government agencies. The
TSA attempted to expand its no-fly and selectee lists, despite the
fact that passengers often have no reliable way of finding out how to
correct errors on their records.
* * * * * * * * * * * * * * * * * * * * * * * *
Credit Freeze Laws on the Rise
Identity theft isn't just a problem of people having their information
stolen; it's a problem of creditors giving out accounts to thieves,
without checking to see if they are who they say they are. With this
in mind, states like New York and Maryland moved forward "credit
freeze" laws, which would let consumers stop credit grantors from
opening new accounts without their permission.
* * * * * * * * * * * * * * * * * * * * * * * *
Surveillance of Activists Revealed
The Defense Department is busy keeping America safe from the Quakers,
apparently. Recently revealed documents showed that an anti-war
meeting at a Quaker meeting house was considered by the Pentagon to be
a "threat." Other "threats" included a protest at the University of
California in Santa Cruz and a number of other protests of military
recruiting. The documents show the increasing role of the military in
domestic policing and surveillance.
======================================================================
ISSUES TO WATCH IN 2006
======================================================================
The USA PATRIOT Act is yet again up for renewal, biometric
technologies are on the rise, and students are being used as the
guinea pigs for the next generation of privacy-invading policies.
Issues both new and familiar will be making their way into the privacy
debate in 2006.
* * * * * * * * * * * * * * * * * * * * * * * *
Nomination of Samuel Alito
2006 begins with the hearings for Supreme Court nominee Samuel Alito.
But which Alito will testify? Will it be the Princeton student who
wrote a remarkable report on the need to safeguard privacy in America,
or will it be the Justice Department attorney who said that the
Attorney General should be immune from lawsuits for unlawful
surveillance? Members of the Senate Judiciary Committee will be eager
for answers.
* * * * * * * * * * * * * * * * * * * * * * * *
Future of REAL ID
In 2005 Congress quietly passed a law to turn the state drivers
license into a national ID card without a hearing or a vote. But
REALID opponents are gathering support and the Department of Homeland
Security may face a real battle when federal officials start saying to
US citizens, "your papers, please."
* * * * * * * * * * * * * * * * * * * * * * * *
"Welcome to the US. Fingerprints, please."
The United States is dramatically expanding the collection of
fingerprints, particularly for visitors to the United States. The
US-VISIT program is set to take the fingerprints of every foreign
visitor to the United States. But the inaccuracies of fingerprint
identification, and the ease with which fingerprint scanners can be
fooled, continue to plague fingerprint ID systems.
* * * * * * * * * * * * * * * * * * * * * * * *
Workplace Privacy
The computer you use at work belongs to your employer; the time you
spend at work belongs to your employer--who does your privacy belong
to? Increasingly, companies are placing surveillance measures in the
workplace, either to provide security or to monitor productivity. In
2006, the high court of Massachusetts will decide whether a public
employer could secretly install video cameras to watch its employees.
As cameras become more ubiquitous inside and outside the workplace, it
will be come more and more likely that some Little Brother will be
watching you as well.
* * * * * * * * * * * * * * * * * * * * * * * *
Student Privacy
Schools are becoming the new frontline in the battle over privacy.
RFID vendors are pressing schools to mandate spychip-equipped student
IDs. Metal detectors, cameras, and more invasive searches are also
becoming more commonplace. Nor is students' information privacy safe
from invasion. Increasingly, students are encouraged to give up their
personal information in school where it is relayed to third parties
for marketing and recruiting purposes. But students and parents are
fighting back. Last year a spychip plan in California failed and
parents rallied against the Defense Department recruitment database.
Look for the protest to go online in 2006.
* * * * * * * * * * * * * * * * * * * * * * * *
Location Tracking
Highway administrators in the US and UK are looking for new ways to
measure traffic flow and decrease congestion, as well as collect taxes
on the use of roads. This has led to the development of many vehicle
tracking systems, based either on roadside license plate readers or on
tracking the movement of signals sent by drivers' phones. While some
programs delete the personally identifying data from the cell-tracking
systems, implications for "mission creep" are clear, since several
recent cases show that law enforcement is making more use of mobile
phone tracking as an investigative tool.
* * * * * * * * * * * * * * * * * * * * * * * *
New Revelations About Government Datamining
It was not long ago that John Poindexter's Total Information Awareness
was brought to an end. But datamining in the federal government
didn't stop. It went underground. In 2006 there will be new and
surprising revelations about the scope of government datamining and
the amount of personal information on American citizens that is being
collected by the private sector and handed over to the government.
* * * * * * * * * * * * * * * * * * * * * * * *
Wiretapping the Internet
2006 will see a major debate over wiretapping and the Internet. The
Federal Communications Commission wants to apply a 1994 law intended
for wiretapping the telephone network to new communication services on
the Internet. But privacy groups and communications companies object.
A federal court will have to decide next year whether the government
could some day regulate computer software.
* * * * * * * * * * * * * * * * * * * * * * * *
DNA Databases and Genetic Privacy Legislation
Police are stepping up efforts to build DNA profiling databases.
The hope is that these measures will allow investigators to compare
DNA found at a crime scene against a database of known individuals.
The danger is that the chance of false positives may be downplayed,
and that ordinary citizens would be forced to divulge their DNA
profiles with no evidence of any wrongdoing. In other matters, state
regulators are coming to grips with the risk that people's genetic
information may be used to discriminate against them, if their genes
show tendencies towards health problems or disabilities. Regulations
on genetic privacy could be forthcoming in the states next year, as
well as in the US Congress.
* * * * * * * * * * * * * * * * * * * * * * * *
Data Broker Regulation
With security breaches on the rise and the cost of identity theft
passing the $50b mark, Congress will almost certainly act in 2006 on
data broker legislation. Not only are legislators concerned with
requiring companies to disclose data breaches, many are arguing for
increased oversight of the largely unregulated data broker industry.
======================================================================
Privacy Policy
======================================================================
The EPIC Alert mailing list is used only to mail the EPIC Alert and to
send notices about EPIC activities. We do not sell, rent or share our
mailing list. We also intend to challenge any subpoena or other legal
process seeking access to our mailing list. We do not enhance (link
to other databases) our mailing list or require your actual name.
In the event you wish to subscribe or unsubscribe your e-mail address
from this list, please follow the above instructions under
"subscription information."
======================================================================
About EPIC
======================================================================
The Electronic Privacy Information Center is a public interest
research center in Washington, DC. It was established in 1994 to
focus public attention on emerging privacy issues such as the Clipper
Chip, the Digital Telephony proposal, national ID cards, medical
record privacy, and the collection and sale of personal information.
EPIC publishes the EPIC Alert, pursues Freedom of Information Act
litigation, and conducts policy research. For more information, visit
http://www.epic.org or write EPIC, 1718 Connecticut Ave., NW, Suite
200, Washington, DC 20009. +1 202 483 1140 (tel), +1 202 483 1248
(fax).
If you'd like to support the work of the Electronic Privacy
Information Center, contributions are welcome and fully
tax-deductible. Checks should be made out to "EPIC" and sent to 1718
Connecticut Ave., NW, Suite 200, Washington, DC 20009. Or you can
contribute online at:
http://www.epic.org/donate
Your contributions will help support Freedom of Information Act and
First Amendment litigation, strong and effective advocacy for the
right of privacy and efforts to oppose government regulation of
encryption and expanding wiretapping powers.
Thank you for your support.
------------------ End EPIC 2005 Year in Review ------------------
.