You are viewing an archived webpage. The information on this page may be out of date. Learn about EPIC's recent work at

EPIC Alert 17.03

                         E P I C   A l e r t
Volume 17.03                                          February 12, 2010
                         Published by the
             Electronic Privacy Information Center (EPIC)
                         Washington, D.C.
                  "Defend Privacy. Support EPIC."
Table of Contents
[1] EPIC Files suit for NSA Surveillance Authority
[2] EPIC Seeks Records on Google/NSA Relationship
[3] European Parliament Rejects US Bank Data Deal
[4] FTC Sets Out Priorities, but Lacks Strategy for Privacy Protection
[5] Federal Budget Plan for FY 2011 Announced
[6] News in Brief
[7] EPIC Bookstore: "You Are Not a Gadget"
[8] Upcoming Conferences and Events
 - TAKE ACTION: Stop Airport Strip Searches
           - JOIN Facebook Group "Stop Airport Strip Searches" and 
             INVITE Friends to JOIN
           - DISPLAY the IMAGE
           - SUPPORT EPIC
[1] EPIC Files Suit for NSA Surveillance Authority
EPIC has filed a lawsuit against the NSA and the National Security
Council, seeking a key document governing national cybersecurity
policy. The document, National Security Presidential Directive 54 (NSPD
54) grants the NSA broad authority over the security of American
computer networks.

NSPD 54 was issued by President Bush in 2008, and under this secret
Directive, the Comprehensive National Cybersecurity Initiative was
formed to "improve how the federal government protects sensitive
information from hackers and nation states trying to break into agency
networks." EPIC requested the document to determine the adequacy of
privacy and civil liberties safeguards within the plan.

The agencies violated the Freedom of Information Act by failing to make
public the Directive and related records in response to EPIC's request
and repeated appeals. EPIC's suit asks a federal judge to require the
release of the documents. Congress is currently debating cybersecurity
policy in the form of the Cybersecurity Act of 2009, still pending in
the Senate Committee on Commerce, Science, and Transportation.

EPIC Complaint EPIC v. NSA, No. 10-00196, (D.D.C. filed Feb. 4, 2010)

EPIC FOIA Administrative Appeal EPIC v. NSA, Administrative Appeal 

EPIC FOIA Litigation Docket

EPIC: Critical Infrastructure Protection 

[2] EPIC Seeks Records on Google/NSA Relationship

On February 4, 2010 EPIC filed a Freedom of Information Act (FOIA)
request with the National Security Agency, seeking records regarding
the relationship between Google and the NSA. The press reported that
Google and the NSA have entered into a partnership following a recent
hacker attack on Google originating from China. On January 12, 2010,
Google announced that hackers originating from China had attacked
Google's corporate infrastructure. According to Google, evidence
suggested "that a primary goal of the attackers was accessing the Gmail
accounts of Chinese human rights activists."

On February 4, 2010, the Washington Post reported that Google and the
NSA had entered into a "partnership" to help analyze the attack by
permitting them to "share critical information." The NSA and Google
have sought to maintain the secrecy of the agreement, as the Post
reported that "Google and the NSA declined to comment on the
partnership." But, the NSA acknowledged that it has worked with the
private sector on cybersecurity in the past: NSA spokeswoman Judi Emmel
stated that "as part of its information-assurance mission, NSA works
with a broad range of commercial partners and research associates to
ensure the availability of secure tailored solutions for Department of
Defense and national security systems customers."

In order to discover the details of the Google/NSA relationship, EPIC
filed a request under FOIA  for any records pertaining to the
agreement. EPIC believes that the public has a significant interest in
learning the details of the agreement in order to make informed
decisions regarding their online privacy and security.

The EPIC FOIA request also seeks NSA communications with Google
regarding Google's failure to encrypt Gmail and cloud computing
services. On January 13, 2010 Google set as a default the encryption of
all traffic to and from its Gmail email servers. Complete traffic
encryption was available to users beginning in 2008, but was not
enabled by default. Due in part to the lack of encryption in Google's
cloud computing services, EPIC filed a complaint before the Federal
Trade Commission on March 17, 2009, petitioning the Commission to
investigate the adequacy of Google's privacy and security safeguards.
Despite the cybersecurity risk to the millions of Gmail users, Google
did not enable complete encryption until after the hacker attack
originating from China. The timing of Google's decision to enable
traffic encryption suggests a connection between that decision and
Google's relationship with the NSA regarding the hacker attacks. EPIC
also recently filed a lawsuit against the National Security Agency and
the National Security Council, seeking a key document governing
national cybersecurity policy.

EPIC, FOIA Request to NSA Concerning NSA/Google Relationship (Feb. 4,

EPIC: FOIA Litigation

EPIC: Cloud Computing Privacy 

[3] European Parliament Rejects US Bank Data Deal

On Wednesday, February 10, 2010, rejected an agreement to permit the
continued transfer of data on European citizens, maintained by the
SWIFT  financial clearing service, to the United States. The vote was
376 to 198, with 31 abstentions. Members of the parliament stated the
proposed agreement  lacked adequate privacy safeguards, and was a
disproportionat response  to US concerns about terrorism that also
lacked reciprocity.

The European Parliament Civil Liberties Committee head earlier
recommended rejecting the data sharing agreement between the United
States and Europe.  "Parliament should withhold its consent to the EU's
interim agreement on banking data transfers to the USA via the SWIFT
network," the Civil Liberties Committee suggested.  While the United
States authorities argue that access to this information is key to
counterterrorism efforts, the EU Civil Liberties Committee rejects this
invasion of privacy, and objects to the lack of adequate protection of
personal data. According to Deutsche Welle, "The United States has
warned that it may stop working with EU institutions on terrorist data
exchange if the European Parliament next week blocks a bilateral deal
on the issue." The deal will be put to a plenary vote in Strasbourg on
February 11, 2010.

In September 2009, the EU Parliament reaffirmed that personal data
should be gathered only for the purposes of fighting terrorism, a right
balance must be found between security measures and the protection of
civil liberties, and the same access and judicial redress mechanisms -
including compensation in the event of unlawful processing of personal
data - should be in place for EU citizens.

The first agreement between the US and EU concerned the US acquisition
and use of financial data from Society for Worldwide Interbank
Financial Telecommunication (SWIFT). The deal allowed the United States
to access information collected by SWIFT. In the agreement, the US
restricts its use of any data received from SWIFT to exclusively
counter-terrorism purposes.

In 2006 Privacy International launched a campaign in 33 European
countries, urging close scrutiny of the original SWIFT banking deal
shortly after it came to light that United States officials routinely
accessed financial records of European citizens without appropriate
legal authority.

  The second agreement concerned the transfer of passenger name record
information for travelers on all flights originating in the EU and
landing in the US. The European Court of Justice declared a 2004
agreement on the same subject invalid in 2006. Although the Court's
decision did not address the privacy issues of passenger name record
data transfer, EU officials have expressed concern over the amount of
data collected, the length of time for which the data is retained, and
the lack of access and redress for EU citizens.

EuroParliament: SWIFT VOTE : European Parliament votes down agreement
with the US

EuroParliament: SWIFT - Civil Liberties Committee Recommends Rejecting
the Agreement

EuroParliament: EU-US SWIFT Agreement (June 28, 2007)  

EPIC: Spotlight on Surveillance on the SWIFT program   

European Parliament, Is Transatlantic Data Protected? (March 26,

Article 29 Working Group: opinion on the processing of personal data by
the Society for Worldwide Interbank Financial Telecommunication (SWIFT)

EPIC: EU-US Airline Passenger Data Disclosure 

Privacy International Launches Campaign to Suspend Unlawful Activities
of Finance Giant

[4] FTC Sets Out Priorities, but Lacks Strategy for Privacy Protection

The Federal Trade Commission released the Congressional budget
justification summary for FY 2011 and performance plan for FY 2010-11.
The agency requests $314 million, an increase of over $22 million from 
the FTC's FY 2010 budget request.

The FTC documents list three strategic goals: protect consumers,
maintain competition, and advance performance. Most of the agency's
budget will be devoted to stopping "fraud, deception, unfairness and
other unlawful practices through law enforcement" and taking "actions
against anticompetitive mergers and practices that may cause
significant consumer injury."

Objectives related to protecting consumers and maintaining competition
include increasing consumer education, conducting more research,
reports, rulemaking, and advocacy, and protecting Americans in the
"global marketplace." The FTC seeks to advance performance through
"organizational, individual, and management excellence."

The FTC Implementation Plan includes the development of approaches to
implement OECD Guidelines on consumer protection in the context of
electronic commerce, although there is no mention of implementing OECD
Guidelines on privacy protection. Further, the plan mentions consulting
with international authorities, including the OECD, in order to develop
"new approaches to privacy and cross-border data transfers," but still
makes no mention of implementing the established OECD guidelines on
privacy and transborder flows of personal data.

FTC: FY 2011 Congressional Budget Justification Summary 

FTC: FY 2010-11 Performance Plan 

OECD Guidelines on Consumer Protection in the Context of E-Commerce

OECD Guidelines on Privacy Protection 

[5] Federal Budget Plan for FY 2011 Announced

The Office of Management and Budget has released the federal budget for
fiscal year 2011. The budget proposes funding for several new
surveillance initiatives, including over $700 million to the Department
of Homeland Security for "Passenger Aviation Security". The Department
would like to purchase 500 body scanner machines for U.S. airports,
bringing the projected total number of machines to 1,000 at a cost of
over $200 million by the end of 2011.

The DHS Privacy Office is also expanding, with an increase of almost $1
million to support six new positions (four full-time).  According to
the Office's budget request, "[t]he additional staff will ensure
intelligence and incident-related information reaches the right
individuals at the right time while creating a culture of awareness for
privacy, civil rights, and civil liberties."

The new budget also includes several hundred million dollars for the
Department of Justice's national security programs, which were recently
the subject of a critical Inspector-General's report for improper use
of authority. The Inspector-General found that "the FBI sought and
acquired reporters' telephone toll billing records and calling activity
information" through improper means.

OMB Federal Budget

DHS Budget and Finance Documents

EPIC DHS and Privacy

EPIC Whole Body Imaging

DOJ Inspector General Report 

[6] News in Brief

DHS Issues Final Rule on Secret Traveler Profiling Program

On February 3, the Department of Homeland Security issued a final rule
exempting data used by the Automated Targeting System (ATS) from
various requirements of the Privacy Act. ATS was originally established
to assess cargo that may pose a threat to the United States, but the
Department of Homeland Security now uses the system to establish a
secret terrorism risk profile for millions of people. EPIC submitted
comments to DHS in 2007, urging the agency to either suspend ATS or to
fully apply all Privacy Act safeguards to any individual subject to
ATS. Despite the erosion of privacy, DHS issued the final rule without
making any changes to the proposed exemptions.

EPIC, Comments on ATS (September 5, 2007) 

EPIC: Automated Targeting System 

EPIC: Air Travel Privacy

DHS, Text of Final Rule (February 3, 2010) 

EU Commissioner Viviane Reding Sets Out Privacy Priorities

EU Information Society Commissioner, Viviane Reding, delivered a
Keynote Speech at the European Parliament on January 28, International
Privacy Day. Ms. Reding made a strong call to protect personal data
against any unauthorized use and emphasized that citizens have the
right to decide how their data will be processed. "It is my firm belief
that we cannot expect citizens to trust Europe if we are not serious in
defending the right to privacy," she said. Commissioner Reding affirmed
that the protection of the right of personal data should be respected
at all times, even when performing simple operations like transferring
money, booking a flight ticket, or passing a security check at the
airport. Commissioner Reding rejected the installation of body scanners
unless studies are performed to determine whether the devices are
effective and safe. "I am convinced that body scanners have a
considerable privacy-invasive potential. Their usefulness is still to
be proven. Their impact on health has not yet been fully assessed.
Therefore I cannot imagine this privacy-intrusive technique being
imposed on us without full consideration of its impact," she noted. The
European position in the current dispute is strengthened by the recent
adoption of the Lisbon Treaty and the entry into force of the Charter
of Fundamental Rights.

Viviane Reding, Keynote Speech, Privacy: the challenges ahead for the
European Union (January 28, 2010) 

EPIC: Whole Body Imaging Technology

EPIC: Event Materials and Handouts on Whole Body Imaging 

EPIC: The Lisbon Treaty 

The Public Voice: Stop Digital Strip Searches in Airports 

Madrid Privacy Declaration 

Facebook Users Object to Beacon Settlement

Facebook users filed papers in federal court objecting to a proposed
deal that would extinguish the company's liability for disclosing
personal information in violation of federal law. Users criticized the
class action settlement, stating "the class receives no meaningful
relief." Other objectors alleged "in effect, Facebook is paying itself
the benefit but class members are releasing their individual privacy
claims." EPIC previously submitted a letter to the judge hearing the
case. EPIC's letter opposes the settlement and proposes alternatives
that would enable stronger privacy safeguards for Facebook users in the

Facebook Objector's Brief 

Second Facebook Objector's Brief 

Facebook, Proposed Settlement 

EPIC: Social Networking Privacy

EPIC: Facebook Privacy

EPIC: Harris v. Blockbuster 

FCC Commits to Protecting Consumers in FY 2011 Performance Plan

The FCC released its FY 2011 budget request and performance plan. The
FCC requests funding for furthering cybersecurity, implementing the
National Broadband Plan, revamping the FCC's data systems and
processes, and modernizing the agency's communications tools and
expertise. The FCC prioritizes implementation of the National Broadband
Plan and protection of consumers in the agency's performance goals.
Objectives regarding consumers include: addressing 100% of complaints
alleging violations of the Communications Act and taking appropriate
action within 15 months; rigorously enforcing the Telephone Consumer
Protection Act; and ensuring "through litigation where necessary, that
consumers are protected from anticompetitive practices."

FCC: 2011 Congressional Budget Justification and Summary 

National Broadband Plan

Communications Act of 1934

Telephone Consumer Protection Act 

New DHS Civil Rights & Civil Liberties Officer Appointed

Department of Homeland Security Secretary Janet Napolitano announced
the appointment of Prof. Margo Schlanger to lead the Office for Civil
Rights and Civil Liberties.  Prior to her appointment, Schlanger was a
professor of law at the University of Michigan, and she has researched
extensively in the areas of civil rights and civil liberties. She was
also Founding Director of the Civil Rights Litigation Clearinghouse. 
In her new position, Schlanger will be responsible for reviewing
existing and forthcoming Department of Homeland Security programs for
civil liberties issues, as well as for investigating complaints filed
by members of the public.

DHS Press Release 

DHS Office of Civil Rights & Civil Liberties 

Civil Rights Litigation Clearinghouse 

Prof. Schlanger's Bio 

Revised Google Books Settlement Fails to Fix Key Problems

Even after revisions, the Google Books Settlement still fails to
address antitrust, privacy, and copyright concerns, according the the
US Justice Department, privacy advocates, and academic authors.On
February 4, the Justice Department filed a brief and issued a statement
opposing the revised settlement. The Department said the revisions
still ran afoul of authors' copyrights and did not fix antitrust
problems. EPIC also continues to object to the settlement because it
does not contain adequate privacy protections for readers. On February
4, EPIC informed the court of its intent to appear at the February 18
Fairness Hearing on behalf of users' privacy interests.

Google Books, Proposed Settlement (Revised) 

Academic Authors', Objections to Revised Settlement 

Justice Department, Brief 

Justice Department, Statement (February 4, 2010) 

EPIC: Google Books and Privacy 

EPIC: Google Books Litigation 

EPIC: Google Books: Policy Without Privacy 

[7] EPIC Bookstore: "You Are Not a Gadget" by Jaron Lanier

"In my view, people have often respected bits too much, resulting in a
creeping degradation of their own qualities as human beings."

In "You are not a gadget," Jaron Lanier assaults the foundations of the
Web 2.0 world, arguing that it promotes the collective "hive-mind"
above individuality and squelches intellectual achievement. He
maintains that a new "digital humanism" is needed to return basic
humanity to the digital world.

Lanier begins by observing that the internet and many other basic
concepts did not have to be designed the way they are. Drawing
analogues to UNIX, MIDI, and the very concept of a file, Lanier argues
that the Internet's first designers made crucial design decisions that
became locked-in as more design decisions were built upon it. For
instance, he argues that pervasive anonymity or pseudonymity on the
Internet are not necessarily a good thing.

However, a nearly locked-in faith in "cybernetic totalism," or "the
idea that the internet as a whole is coming alive and turning into a
superhuman creature," is bad for "spirituality, morality, and
business." One way in which ordinary people are degraded, he argues, is
through the reduction of friendship. Social networking sites like
Facebook remove the basic humanity of a real friendship. Moreover, he
argues that social networking sites exist primarily to benefit
advertisers by steering "the evolution of the net" in order to make
acceptable a "method of violating privacy and dignity." However, he
notes that the Facebook Beacon debacle proved that individuals can
still steer the design of the internet away from abusive and invasive

Cybernetic totalism is bad for business, he argues, because it "leads
to economic ideas that disfavor the loftiest human avocations." Rather
than valuing the cultural expression of artists, musicians, and
journalists, it singles out advertising, which is elevated by open
culture from its previous role as an accelerant and placed at the
center of the human universe. He then proposes several suggestions for
addressing the future of paid cultural expression.

Lanier doesn't provide perfect solutions to the problems he observes.
However, he concludes by outlining humanistic technology that would
allow humans to engage in "postsymbolic communication," which might
"provide a path to escaping the prison of predefined, locked-in

--Matt Phillips

  ================================ EPIC Publications:

"Litigation Under the Federal Open Government Laws 2008," edited by
Harry A. Hammitt, Marc Rotenberg, John A. Verdi, and Mark S. Zaid (EPIC
2008). Price: $60.

Litigation Under the Federal Open Government Laws is the most
comprehensive, authoritative discussion of the federal open access
laws. This updated version includes new material regarding the
substantial FOIA amendments enacted on December 31, 2007. Many of the
recent amendments are effective as of December 31, 2008. The standard
reference work includes in-depth analysis of litigation under Freedom
of Information Act, Privacy Act, Federal Advisory Committee Act,
Government in the Sunshine Act. The fully updated 2008 volume is the
24th edition of the manual that lawyers, journalists and researchers
have relied on for more than 25 years.


"Information Privacy Law: Cases and Materials, Second Edition" Daniel
J. Solove, Marc Rotenberg, and Paul Schwartz. (Aspen 2005). Price: $98.

This clear, comprehensive introduction to the field of information
privacy law allows instructors to enliven their teaching of fundamental
concepts by addressing both enduring and emerging controversies. The
Second Edition addresses numerous rapidly developing areas of privacy
law, including: identity theft, government data mining and electronic
surveillance law, the Foreign Intelligence Surveillance Act,
intelligence sharing, RFID tags, GPS, spyware, web bugs, and more.
Information Privacy Law, Second Edition, builds a cohesive foundation
for an exciting course in this rapidly evolving area of law.


"Privacy & Human Rights 2006: An International Survey of Privacy Laws
and Developments" (EPIC 2007). Price: $75.

This annual report by EPIC and Privacy International provides an
overview of key privacy topics and reviews the state of privacy in over
75 countries around the world. The report outlines legal protections,
new challenges, and important issues and events relating to privacy.
Privacy & Human Rights 2006 is the most comprehensive report on privacy
and data protection ever published.


"The Public Voice WSIS Sourcebook: Perspectives on the World Summit on
the Information Society" (EPIC 2004). Price: $40.

This resource promotes a dialogue on the issues, the outcomes, and the
process of the World Summit on the Information Society (WSIS). This
reference guide provides the official UN documents, regional and
issue-oriented perspectives, and recommendations and proposals for
future action, as well as a useful list of resources and contacts for
individuals and organizations that wish to become more involved in the
WSIS process.


"The Privacy Law Sourcebook 2004: United States Law, International Law,
and Recent Developments," Marc Rotenberg, editor (EPIC 2005). Price:

The Privacy Law Sourcebook, which has been called the "Physician's Desk
Reference" of the privacy world, is the leading resource for students,
attorneys, researchers, and journalists interested in pursuing privacy
law in the United States and around the world. It includes the full
texts of major privacy laws and directives such as the Fair Credit
Reporting Act, the Privacy Act, and the OECD Privacy Guidelines, as
well as an up-to-date section on recent developments. New materials
include the APEC Privacy Framework, the Video Voyeurism Prevention Act,
and the CAN-SPAM Act.


"Filters and Freedom 2.0: Free Speech Perspectives on Internet Content
Controls" (EPIC 2001). Price: $20.

A collection of essays, studies, and critiques of Internet content
filtering. These papers are instrumental in explaining why filtering
threatens free expression.


EPIC publications and other books on privacy, open government, free
expression, crypto and governance can be ordered at:

EPIC Bookstore


EPIC also publishes EPIC FOIA Notes, which provides brief summaries of
interesting documents obtained from government agencies under the
Freedom of Information Act.

Subscribe to EPIC FOIA Notes at:

[8] Upcoming Conferences and Events

Limiting Knowledge in a Democracy, The New School, New York City,
February 24-26, 2010. For more information:

Fourth Law and Information Society Symposium: Hate Versus Democracy on
the Internet, Fordham University, New York City, February 26, 2010. For
more information:

RSA 2010, San Francisco, March 1-5, 2010. For more information:

Association for Practical and Professional Ethics, Cincinnati, March 5,
2010. For more information:

Privacy 2010, Stanford, March 23 - 25, 2010. For more information:

Computers, Freedom, and Privacy, San Jose, June 15-18, 2010. For more

32nd International Conference of Data Protection and Privacy
Commissioners, Jerusalem, October 2010. For more information:

Join EPIC on Facebook

Join the Electronic Privacy Information Center on Facebook


Start a discussion on privacy. Let us know your thoughts. Stay up to
date with EPIC's events. Support EPIC.

Privacy Policy

The EPIC Alert mailing list is used only to mail the EPIC Alert and to
send notices about EPIC activities. We do not sell, rent or share our
mailing list. We also intend to challenge any subpoena or other legal
process seeking access to our mailing list. We do not enhance (link to
other databases) our mailing list or require your actual name.

In the event you wish to subscribe or unsubscribe your e-mail address
from this list, please follow the above instructions under
"subscription information."

About EPIC

The Electronic Privacy Information Center is a public interest research
center in Washington, DC. It was established in 1994 to focus public
attention on emerging privacy issues such as the Clipper Chip, the
Digital Telephony proposal, national ID cards, medical record privacy,
and the collection and sale of personal information. EPIC publishes the
EPIC Alert, pursues Freedom of Information Act litigation, and conducts
policy research. For more information, see or write
EPIC, 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009. +1
202 483 1140 (tel), +1 202 483 1248 (fax).

Donate to EPIC

If you'd like to support the work of the Electronic Privacy Information
Center, contributions are welcome and fully tax-deductible. Checks
should be made out to "EPIC" and sent to 1718 Connecticut Ave., NW,
Suite 200, Washington, DC 20009. Or you can contribute online at:

Your contributions will help support Freedom of Information Act and
First Amendment litigation, strong and effective advocacy for the right
of privacy and efforts to oppose government regulation of encryption
and expanding wiretapping powers.

Thank you for your support.

Subscription Information

Subscribe/unsubscribe via web interface:

Back issues are available at:

  The EPIC Alert displays best in a fixed-width font, such as Courier.

  ------------------------- END EPIC Alert 17.03------------------------


Share this page:

Defend Privacy. Support EPIC.
US Needs a Data Protection Agency
2020 Election Security