You are viewing an archived webpage. The information on this page may be out of date. Learn about EPIC's recent work at

EPIC Alert 17.04

                         E P I C   A l e r t
Volume 17.04                                          February 25, 2010
                         Published by the
             Electronic Privacy Information Center (EPIC)
                         Washington, D.C.
                  "Defend Privacy. Support EPIC."
Table of Contents
[1] EPIC Urges Court to Reject Google Books Settlement
[2] Lawsuit Alleges School Used Laptops to Spy on Students at Home
[3] EPIC Submits Statement on Location Privacy
[4] EPIC Urges FTC to Investigate Google Buzz
[5] EPIC Submits Statement to Congress on Google, NSA, Cybersecurity
[6] News in Brief
[7] EPIC Bookstore: "The Peep Diaries"
[8] Upcoming Conferences and Events
 - TAKE ACTION: Stop Airport Strip Searches
           - JOIN Facebook Group "Stop Airport Strip Searches" and 
             INVITE Friends to JOIN
           - DISPLAY the IMAGE
           - SUPPORT EPIC

[1] EPIC Urges Court to Reject Google Books Settlement

On February, 18, 2010, the federal district court in New York heard
arguments from opponents and supporters at the Google Books Settlement
Fairness Hearing. The Settlement had previously undergone amendments
after a variety of parties, including EPIC, the DOJ, and Privacy
Authors, had objected to it on copyright, antitrust, and privacy
grounds. Even after revisions, the Google Books Settlement still failed
to address antitrust, privacy, and copyright concerns, according the
the US Justice Department, privacy advocates, and academic authors.

On February 4, the Justice Department filed a brief and issued a
statement opposing the revised settlement. The Department said the
revisions still ran afoul of authors' copyrights and did not fix
antitrust problems. EPIC also continued to object to the settlement
because it does not contain adequate privacy protections for readers.
On February 4, EPIC informed the court of its intent to appear at the
Fairness Hearing on behalf of users' privacy interests.

At the Fairness Hearing, EPIC President, Marc Rotenberg, urged Judge
Denny Chin to reject the revised settlement now before the court in
Authors Guild v. Google. Mr. Rotenberg said that the settlement would
"turn upside down" well established safeguards for reader privacy,
including state privacy laws, library confidentiality obligations, and
the development of techniques that minimize privacy intrusions. Mr.
Rotenberg warned that the settlement would eviscerate legal safeguards
for library patrons, commercialize access to information, consolidate
Google's control of the Internet, and put in place an elaborate system
of user authentication and watermarking. "A person at any library or
any university in the United States that attempted to retrieve
information from Google's digital library would be uniquely tagged and
tracked. There is simply no precedent for the creation of such power."

Judge Chin said  at the beginning of the hearing "To end the suspense,
I am not going to rule today. There is just too much to digest. And
however I come out, I want to write an opinion that explains my

Rotenberg's Argument (transcript excerpt)

Complete hearing transcript

The Laboratorium (Grimmelman site on Google Book Settlement)
Google Books, Proposed Settlement (Revised) 

Academic Authors', Objections to Revised Settlement 

Justice Department, Brief 

Justice Department, Statement (February 4, 2010) 

EPIC: Google Books and Privacy 

EPIC: Google Books Litigation 

EPIC: Google Books: Policy Without Privacy 

[2] Lawsuit Alleges School Used Laptops to Spy on Students at Home

Parents of a student attending Harriton High School filed a lawsuit
against the Lower Merion School District in Pennsylvania for using
school-issued laptop web cameras to spy on students. Court papers
charge that the school district is in violation of the Electronic
Communications Privacy Act, the Fourth Amendment, the Pennsylvania
Wiretapping and Electronic Surveillance Act and Pennsylvania common

The lawsuit arose when the high school's assistant principle, Lindy
Matsko, informed one of the students that the School District believed
he was engaged in improper behavior in his home. Ms. Matsko then cited
evidence of a photograph from the students' laptop webcam as evidence
of his wrongdoing.

Lower Merion School District acknowledges that it did install web
camera spyware on laptops issued to students and provided no notice to
parents or students regarding the district’s ability to remotely
access, capture images of the surroundings, and screenshot information
on users. The technology also allowed global positioning data, IP
address capture, domain name service logging, as well as recording of
date, and times information. The school district states that it only
used this capability 42 times during the 2009-2010 academic school year
to located reported "stolen" laptops.

Laptops were only allowed to contain software installed by the school
district, which purchased the Apple Laptops. The Lower Merion School
District student handbook states that the laptops was to be used for
"educational purposes." The list of "Laptop Capabilities at home"
enabled a wide range of Macintosh social networking and user engaging
applications such as ichat, iTunes, iweb, ichat, iphoto. The school
district nor the school is reported to have used Apple parental
controls to limit the time of day the computer would be available nor
the use of Apple social networking features. The "Getting Started
Guide" states that the same laptop would be issued to the same students
throughout their time at the school.


EPIC: Children's Privacy

Lower Merion School District: Statement 2/19/2010

Lower Merion School District: Student Guide

Lower Merion School District: Getting Started Guide

Lower Merion School District, Laptop Capabilities (Screenshot)

[3] EPIC Submits Statement on Location Privacy

EPIC submitted statements for a February 24  joint hearing on "The
Collection and Use of Location Information for Commercial Purposes."
The hearing was held by House Subcommittee on Communications,
Technology, and the Internet and the Subcommittee on Commerce, Trade,
and Consumer Protection.

EPIC argued that as mobile devices have become ubiquitous in modern
society and their use becomes common among younger children, it is
important that clear standards are formulated in order to protect the
privacy of users. EPIC cited the growing uses of location data for
advertising and tracking purposes, typically without any legal
protections, and noted widespread support among US and European
consumer organizations for clear protections.

EPIC recommended that Congress establish strong rules, similar to those
in the European Union Eprivacy Directive, that would give users
meaningful control over their locational data. Specifically, EPIC
recommended that the government create regulations to require that
location information not be collected or shared with out affirmative
user consent, that users be informed about the type and purpose of the
data being collected, that location data not be stored beyond delivery
of location-based services unless it is being kept for billing purposes
or being anonymized.

EPIC had previously recommended that the FCC establish guidelines for
the protection of users' locational privacy. In its previous comments, 
EPIC recognized that locational tracking technologies "enable the
creation of detailed daily itineraries for millions of consumers, [and]
have the potential to fundamentally alter the nature and use of
wireless communications systems." EPIC encouraged the FCC to enact
rules that would give consumers "meaningful control over the collection
and use of location data."

EPIC: Statement for the Record

Hearing Notice

Eprivacy Directive

EPIC: Previous Comments to FCC

EPIC: Consumer Proprietary Network Information

[4] EPIC Urges FTC to Investigate Google Buzz

EPIC has filed a complaint with the Federal Trade Commission (FTC),
urging the FTC to open an investigation into Google Buzz. Google tried
to transform its popular email service, Gmail, into an untested social
networking service. As a consequence, Google transformed users' most
frequent address book contacts into publicly viewable social networking

The change to Google's email service was widely opposed by users, and
prompted Google to undergo two rounds of modifications to the Buzz
service. Despite these changes, Google Buzz is still an opt-out
service. EPIC filed its complaint on February 16, 2010, arguing that
the changes to Buzz are not sufficient to protect the privacy of Gmail

EPIC's complaint cites clear harms to service subscribers, and alleges
that the change in business practices "violated user expectations,
diminished user privacy, contradicted Google's privacy policy, and may
have violated federal wiretap laws." EPIC asserts that email providers
have a responsibility to safeguard the personal information that users
provide and Google has failed to fulfill this responsibility.

The complaint urges the FTC to require Google to make the Buzz service
fully opt-in, to stop using Gmail users' private address book contacts
to compile social networking lists, and to give Google users meaningful
control over their personal data. EPIC also noted that the FTC has
failed to take action in response to EPIC's previous complaint,
involving Google and Cloud Computing services.

EPIC: FTC Complaint: In re Google Buzz

Google: About Google Buzz

EPIC: Google and Cloud Computing Services

EPIC: In re Google Buzz
[5] EPIC Submits Statement to Congress on Google, NSA, Cybersecurity

EPIC submitted a statement for the record for a House Foreign Affairs
Committee hearing on Google and U.S. Cyberspace Policy. The hearing was
titled "The Google Predicament: Transforming U.S. Cyberspace Policy to
Advance Democracy, Security, and Trade" and was scheduled for February
10, 2010. EPIC's statement recommended investigation into the
newly-announced partnership between Google and the National Security
Agency. It also urged the committee to call for the public release of
National Security Presidential Directive 54, the secret document that
grants the NSA broad surveillance authority in cyberspace.

The EPIC statement urged the Congressional Committee to support US
ratification of the Council of Europe Convention on Privacy, also known
as Convention 108. Twenty-nine experts in privacy and technology
recently sent a letter to Secretary of State Clinton regarding this
issue and encouraging United States ratification of the treaty.

Finally, the EPIC statement for the record directed the Committee's
attention to the actions by the European Parliament civil liberties
committee, which had, shortly before the hearing, declined to make
permanent an agreement with the United States regarding access to
electronic bank transfer information. In the days after EPIC's
statement was submitted, the European Parliament voted to end the
agreement, citing violations of European privacy laws.

EPIC: Statement for the Record

House Foreign Affairs Committee Hearing

Council of Europe Privacy Convention

Experts' Letter to Secretary Clinton

[6] News in Brief

EPIC and Ralph Nader Urge President Obama to Suspend Body Scanners

EPIC's Marc Rotenberg and consumer advocate Ralph Nader have sent a
letter to President Obama, urging the suspension of funding for the
body scanner program pending an assessment by an independe board of
review. The recommendation follows a joint workshop sponsored by EPIC
and Center for Study of Response Law. The event included two panels,
the first of which focused on the problems with body scanners, and the
second of which dealt with the political opportunities that exist to
combat the widespread utilization of the scanners. The event included
talks by experts on radiation, airport security, religious and
constitutional ramifications of whole body imaging, and the
international response to whole body imaging machines. EPIC Staff
Counsel, Ginger McCall, discussed documents that EPIC recently received
that reveal that the machines can store and transmit images. Katitiza
Rodriguez, director of EPIC's International Privacy Project, discussed
the EU's decision to postpone the use of these machines until a full
privacy and health risk assessment can be completed.

EPIC, Ralph Nader, Letter (Feb. 25, 2010)

Center for Study of Responsive Law

Ralph Nader

EPIC: Whole Body Imaging

EPIC: Air Travel Privacy
Pew Research Center Releases New Report on Future of the Internet 

The Pew Research Center has released its fourth annual "The Future of
the Internet" report. The report, part of the Center's Internet and
American Life Project, surveyed the views of technology experts,
stakeholders, and critics regarding their expectations about the
changes and the future of the internet. When asked to share his view
"about the future of anonymous activity online," EPIC Executive
Director Marc Rotenberg explained, "The privacy and civil liberties
battles over the next decade will increasingly focus on the growing
demands for identity credentials. New systems for authentication will
bring new problems as more identity information will create new
opportunities for criminals."

Pew Research Center
Pew Research Center: "The Future of the Internet" Report

Internet and American Life Project

European Parliament Rejects Data Disclosure Deal 

EPIC and Privacy International praised a vote in the European
Parliament that rejected the transfer of finacial records to the United
States under an interim agreement. Members of the parliament stated the
proposed agreement lacked adequate privacy safeguards, and was a
disproportionate response to U.S. concerns about terrorism that also
lacked reciprocity. Simon Davies, Director General of Privacy
International in London, said that the vote offered hope that political
insitutions could respond effectively to new privacy challenges. "It
has taken several years to gather the political will to stop this
massive violation of privacy in Europe. But today is a very good day, a
milestone in the long history of privacy campaigning." In 2006 Privacy
International launched a campaign in 33 European countries, urging
close scrutiny of the original SWIFT banking deal shortly after it came
to light that United States officials routinely accessed financial
records of European citizens without appropriate legal
authority. Several national Parliaments, as well as the US Congress,
will soon be facing similar votes on security measures involving
international data transfers, and proposals for systems of biometric
identification and airport body scanners. Both organisations vowed to
scrutinise any further proposed deals between the US and Europe.

EuroParliament: SWIFT VOTE : European Parliament votes down agreement
with the US

EPIC: Spotlight on Surveillance on the SWIFT program   

European Parliament, Is Transatlantic Data Protected? (March 26,

Article 29 Working Group: opinion on the processing of personal data by
the Society for Worldwide Interbank Financial Telecommunication (SWIFT)

Privacy International Launches Campaign to Suspend Unlawful Activities
of Finance Giant

Federal Appeals Court Hears Arguments in Location Privacy Case

The Third Circuit Court of Appeals considered this week whether the
government must obtain a warrant prior to obtaining location data from
an electronic communications service provider. The case centers on
access to cell phone records that were used to help crack a bank
robbery investigation. In a related case, the Massachusetts Supreme
Court recently held that a warrant would be required for the use of a
GPS tracking device. EPIC filed an amicus brief in that case. 

District Court Opinion: In re The Application of the United States of
America for an Order Directing a Provider of Electronic Communication
Service to Disclose Records to the Government

Massachusetts Supreme Court Opinion in Commonwealth v. Connolly
EPIC: Amicus Brief in Commonwealth v. Connolly
EPIC: Commonwealth v. Connoll

[7] EPIC Bookstore: "The Peep Diaries" by Hal Niedzviecki

Overshare (verb): to divulge excessive personal information, as in a
blog or broadcast interview, prompting reactions ranging from alarmed
discomfort to approval. 
     -Word of the year 2008, Webster's New World Dictionary

In Hal Niedzviecki's The Peep Diaries, Niedzviecki explores this
concept of "oversharing" information. He describes the increasing
popularity of divulging sometimes mundane, sometimes grotesque images
and stories to an audience of strangers. In today's "peeping tom"
society, Americans use blogs, Facebook, Twitter, and You Tube as
outlets to share information about themselves, while indulging in
reality television to stare into the lives of others. For four
chapters, Niedzviecki describes "peep culture," and argues that this
oversharing on the internet leads to a disconnect between people, and a
breakdown of the notion of community. This idea is further illustrated
in his final chapter, where Niedzviecki invites his 700 Facebook
friends to a bar, and only one decides to show.

Niedzviecki's arguments fall short, however, in Chapters 5 and 6, with
his discussions of domestic surveillance and privacy. In Chapter 5,
Niedzviecki reflects on "spying" on his wife's daily travels via a
camera installed in her car. He fails to discuss government
surveillance in any real depth, apart from a brief history of CCTV
cameras, but rather focuses on using cameras to survey neighbors,
nannies, and loved ones. According to Niedzviecki, "We're not afraid
of the surveillance state. We're afraid of the gaps in our culture of
surveillance … We embrace surveillance because we're terrified of
disappearing 'without a trace.'"

In Chapter 6, Niedzviecki makes clear he is of the mindset of Dave
Sifry (Technorati CEO who claimed "privacy is dead") and Scott McNealy
(Sun Microsystems CEO who famously said, "You already have zero
privacy-get over it"). According to Niedzviecki, privacy "isn't much
of a priority for us... many of us don't value our privacy nearly
as much as the possibility of meaningful connection, convenience, and
rewards like attention and even remuneration." While people are
increasingly using social networking sites and sharing information
online, Niedzviecki fails to consider that users do maintain an
expectation of privacy while using these sites. Users do care about
their privacy, and this is made clear by examples such as Facebook
Beacon, Facebook's February 2009 change in Terms of Service, and Google
Buzz - all of which were met with widespread user opposition causing
the companies to make changes to increase privacy protections.

While Niedzviecki's reflections throughout the book were interesting,
his analyses seemed superficial and incomplete. The last few sentences
of Chapter 6 summed up the book well. Niedzviecki writes, "What's the
moral of this story? There isn't a clear one."

--Kim Nguyen

EPIC Publications:

"Litigation Under the Federal Open Government Laws 2008," edited by
Harry A. Hammitt, Marc Rotenberg, John A. Verdi, and Mark S. Zaid (EPIC
2008). Price: $60.

Litigation Under the Federal Open Government Laws is the most
comprehensive, authoritative discussion of the federal open access
laws. This updated version includes new material regarding the
substantial FOIA amendments enacted on December 31, 2007. Many of the
recent amendments are effective as of December 31, 2008. The standard
reference work includes in-depth analysis of litigation under Freedom
of Information Act, Privacy Act, Federal Advisory Committee Act,
Government in the Sunshine Act. The fully updated 2008 volume is the
24th edition of the manual that lawyers, journalists and researchers
have relied on for more than 25 years.


"Information Privacy Law: Cases and Materials, Second Edition" Daniel
J. Solove, Marc Rotenberg, and Paul Schwartz. (Aspen 2005). Price: $98.

This clear, comprehensive introduction to the field of information
privacy law allows instructors to enliven their teaching of fundamental
concepts by addressing both enduring and emerging controversies. The
Second Edition addresses numerous rapidly developing areas of privacy
law, including: identity theft, government data mining and electronic
surveillance law, the Foreign Intelligence Surveillance Act,
intelligence sharing, RFID tags, GPS, spyware, web bugs, and more.
Information Privacy Law, Second Edition, builds a cohesive foundation
for an exciting course in this rapidly evolving area of law.


"Privacy & Human Rights 2006: An International Survey of Privacy Laws
and Developments" (EPIC 2007). Price: $75.

This annual report by EPIC and Privacy International provides an
overview of key privacy topics and reviews the state of privacy in over
75 countries around the world. The report outlines legal protections,
new challenges, and important issues and events relating to privacy.
Privacy & Human Rights 2006 is the most comprehensive report on privacy
and data protection ever published.


"The Public Voice WSIS Sourcebook: Perspectives on the World Summit on
the Information Society" (EPIC 2004). Price: $40.

This resource promotes a dialogue on the issues, the outcomes, and the
process of the World Summit on the Information Society (WSIS). This
reference guide provides the official UN documents, regional and
issue-oriented perspectives, and recommendations and proposals for
future action, as well as a useful list of resources and contacts for
individuals and organizations that wish to become more involved in the
WSIS process.


"The Privacy Law Sourcebook 2004: United States Law, International Law,
and Recent Developments," Marc Rotenberg, editor (EPIC 2005). Price:

The Privacy Law Sourcebook, which has been called the "Physician's Desk
Reference" of the privacy world, is the leading resource for students,
attorneys, researchers, and journalists interested in pursuing privacy
law in the United States and around the world. It includes the full
texts of major privacy laws and directives such as the Fair Credit
Reporting Act, the Privacy Act, and the OECD Privacy Guidelines, as
well as an up-to-date section on recent developments. New materials
include the APEC Privacy Framework, the Video Voyeurism Prevention Act,
and the CAN-SPAM Act.


"Filters and Freedom 2.0: Free Speech Perspectives on Internet Content
Controls" (EPIC 2001). Price: $20.

A collection of essays, studies, and critiques of Internet content
filtering. These papers are instrumental in explaining why filtering
threatens free expression.


EPIC publications and other books on privacy, open government, free
expression, crypto and governance can be ordered at:

EPIC Bookstore


EPIC also publishes EPIC FOIA Notes, which provides brief summaries of
interesting documents obtained from government agencies under the
Freedom of Information Act.

Subscribe to EPIC FOIA Notes at:

[8] Upcoming Conferences and Events

Limiting Knowledge in a Democracy, The New School, New York City,
February 24-26, 2010. For more information:

Fourth Law and Information Society Symposium: Hate Versus Democracy on
the Internet, Fordham University, New York City, February 26, 2010. For
more information:

RSA 2010, San Francisco, March 1-5, 2010. For more information:

Association for Practical and Professional Ethics, Cincinnati, March 5,
2010. For more information:

Privacy 2010, Stanford, March 23 - 25, 2010. For more information:

Computers, Freedom, and Privacy, San Jose, June 15-18, 2010. For more

32nd International Conference of Data Protection and Privacy
Commissioners, Jerusalem, October 2010. For more information:

Join EPIC on Facebook

Join the Electronic Privacy Information Center on Facebook


Start a discussion on privacy. Let us know your thoughts. Stay up to
date with EPIC's events. Support EPIC.

Privacy Policy

The EPIC Alert mailing list is used only to mail the EPIC Alert and to
send notices about EPIC activities. We do not sell, rent or share our
mailing list. We also intend to challenge any subpoena or other legal
process seeking access to our mailing list. We do not enhance (link to
other databases) our mailing list or require your actual name.

In the event you wish to subscribe or unsubscribe your e-mail address
from this list, please follow the above instructions under
"subscription information."

About EPIC

The Electronic Privacy Information Center is a public interest research
center in Washington, DC. It was established in 1994 to focus public
attention on emerging privacy issues such as the Clipper Chip, the
Digital Telephony proposal, national ID cards, medical record privacy,
and the collection and sale of personal information. EPIC publishes the
EPIC Alert, pursues Freedom of Information Act litigation, and conducts
policy research. For more information, see or write
EPIC, 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009. +1
202 483 1140 (tel), +1 202 483 1248 (fax).

Donate to EPIC

If you'd like to support the work of the Electronic Privacy Information
Center, contributions are welcome and fully tax-deductible. Checks
should be made out to "EPIC" and sent to 1718 Connecticut Ave., NW,
Suite 200, Washington, DC 20009. Or you can contribute online at:

Your contributions will help support Freedom of Information Act and
First Amendment litigation, strong and effective advocacy for the right
of privacy and efforts to oppose government regulation of encryption
and expanding wiretapping powers.

Thank you for your support.

Subscription Information

Subscribe/unsubscribe via web interface:

Back issues are available at:

  The EPIC Alert displays best in a fixed-width font, such as Courier.

  ------------------------- END EPIC Alert 17.04------------------------


Share this page:

Defend Privacy. Support EPIC.
US Needs a Data Protection Agency
2020 Election Security