You are viewing an archived webpage. The information on this page may be out of date. Learn about EPIC's recent work at

EPIC Alert 17.05

                            E P I C   A l e r t
Volume 17.05                                            March 11, 2010

                           Published by the
               Electronic Privacy Information Center (EPIC)
                           Washington, D.C.


		     "Defend Privacy. Support EPIC."

Table of Contents
[1] EPIC Files Amicus Brief in Petitioner Privacy Case
[2] Supreme Court to Decide if there is Right to Informational Privacy
[3] Agency Calls for Further Analysis Before Deploying Imaging Machines
[4] EPIC Files Amended Complaint on Google Buzz
[5] White House Publishes Outline of Cyber Security Policies
[6] News in Brief
[7] EPIC Bookstore: "The Watchers"
[8] Upcoming Conferences and Events

TAKE ACTION: Stop Airport Strip Searches!

- JOIN Facebook Group "Stop Airport Strip Searches" and INVITE Friends to JOIN

[1] EPIC Files Amicus Brief in Petitioner Privacy Case

EPIC has filed a "friend of the court" brief in the United States
Supreme Court, urging the Justices to protect the privacy of those who
sign petitions. In Doe v. Reed, the Court has been asked to determine
whether the state of Washington may force disclosure of the names of
citizens who have signed petitions for ballot initiatives. EPIC and
twenty-five technology experts and legal scholars filed a brief with the
Supreme Court to bring the Court's attention to a number of issues.

EPIC's brief first argues that revealing the names would subject
signatories to the risk of retribution, citing numerous instances
throughout history, both in the United States and abroad, of harassment
and retribution against those who sign petitions. These examples
include government retribution against petition signatories in such
places as China and Venezuela, as well as retribution against those who
signed so-called "Communist-inspired" civil rights petitions in the
United States in the 1950s.

The brief also argues that signing petitions constitutes anonymous
speech. It demonstrates the various ways in which anonymity is retained
through legal means even if it can not be perfectly preserved through
technical means. It also highlights the ways that Washington state law
indicates intent to preserve this anonymity.

Finally, EPIC's brief argues that signing petitions is similar to
casting a vote and should be protected accordingly. The brief argues
"that in some areas, a fundamental right to privacy is a necessary
safeguard against the consequences of the disclosure of personal
information. In few areas can this be more compelling than the
expression of support for causes that may be controversial, unpopular,
or simply abhorrent."

Several other briefs have been filed by interested parties. The
response from the state of Washington and its supporters are due to be
filed in late March, and the oral argument is scheduled to take place
on April 28, 2010.

EPIC, Amicus Brief

EPIC: Doe v. Reed

Supreme Court Docket for Doe v. Reed

[2] Supreme Court to Decide if there is Right to Informational Privacy

The Supreme Court announced on March 8, 2010, that it will review the
Ninth Circuit decision in National Aeronautics and Space Administration
(NASA) v. Nelson. On August 30, 2007, the plaintiffs in this case
(including scientists, engineers and administrative support personnel
at the Jet Propulsion Laboratory) sued NASA and the California
Institute of Technology, challenging NASA's requirement that "low risk"
contract employees undergo in-depth background investigations.

Under the policy, every employee was required to give information about
residential, educational, employment and military histories, three
references that know the applicant well, disclose any illegal drug use
within the past year, along with treatment or counseling received for
such use. Applicants were further required to sign a release that
authorized the government to collect information relating to academic,
achievement, performance, attendance, disciplinary history and criminal
history record information. Furthermore, each of the applicant's
references, employers and landlords was asked whether s/he has any
"adverse information" about the applicant's employment, residence or
activities. If employees did not agree to submit to the investigations,
they would not be employed.

On September 24, 2007, the plaintiffs moved for a preliminary
injunction to stop the enforcement of the policy, which would have
mandated that any employee who refused to complete the paperwork and
undergo an investigation by October 5, 2007 would be terminated. The
U.S. District Court for the Central District of California denied the
plaintiffs' motion and they appealed. The Ninth Circuit reversed the
district court's ruling and found that the appellants demonstrated
serious questions on their claims, and had a good chance of succeeding
on the merits.

In its opinion, the Ninth Circuit explained that the appellants could
succeed on their informational privacy claim, stating that the
background investigation forms asked open-ended questions "designed to
elicit a wide range of adverse, private information that 'is not
generally disclosed by individuals to the public,'" implicating the
right to informational privacy. The court found that the questions were
not narrowly tailored to meet any legitimate need, and that there were
no safeguards to limit the disclosures to information relevant to
specific interests. However, the Ninth Circuit refused to rehear the
case, and the Supreme Court is scheduled to hear the case this fall.

Nelson v. NASA, District Court Opinion

Nelson v. NASA, Ninth Circuit Opinion	
Petition for Writ of Certiorari

Opposition to Petition for Certiorari

[3] Agency Calls for Further Analysis Before Deploying Imaging Machines

The Government Accountability Office (GAO) recently released a report
regarding the deployment of body scanners. The GAO cited its 2009
recommendations to the Transportation Security Administration (TSA):
that the TSA conduct operational tests to ensure that the whole body
imaging machines are reliable, and the that TSA conduct an assessment
of the whole body imaging machines' vulnerabilities. The 2009
recommendations noted that "[w]ithout operationally testing
technologies prior to deployment, TSA does not have reasonable
assurance that technologies will perform as intended."

In its latest report, the GAO again warned TSA of the importance of
full operational tests, citing the "puffer machine" debacle as an
example of the government waste that results from insufficient
operational testing. The explosives trace-detection portal machines, or
"puffer machines," were purchased and installed in 34 airports before
the agency halted their installation and eventually their use due to
maintenance problems. The GAO also expressed concern over TSA's lack of
complete risk assessments and inability to "provide documentation to
show how they have addressed the concerns raised in the 2009 GAO report
regarding the susceptibility of the technology to terrorist tactics."

The recent report also criticized the TSA's handling of its watchlists,
including the no-fly list, stating that "the government lacks an
up-to-date strategy and implementation plan—supported by a clearly
defined leadership or governance structure--which are needed to enhance
the effectiveness of terrorist-related screening and ensure
accountability." The GAO concluded that it is unclear whether the body
scanners or other technologies would have detected the weapon used in
the December 25 attempted attack.

In a related matter, diplomats from Pakistan recently departed the
United States  abruptly after they were asked to undergo a body scan at
Ronald Regan National  Airport in Washington, DC. Pakistan is one of 14
Muslim countries for which the  United States has mandated enhanced
screening practices. The trip was arranged by the American Embassy in
Pakistan to promote goodwill between the countries.

The New York times described the incident as a "public relations

GAO 2010 Report

GAO 2009 Recommendations

EPIC Whole Body Imaging and Body Scanners
Upset by U.S. Security Pakistanis Return Home as Heroes, N.Y. Times,
Mar. 10, 2009

[4] EPIC Files Amended Complaint on Google Buzz

EPIC has filed a supplement to its earlier complaint with the Federal
Trade Commission, urging the FTC to investigate Google Buzz. EPIC's
original complaint cited clear harms to service subscribers, and
alleged that the change in business practices "violated user
expectations, diminished user privacy, contradicted Google's privacy
policy, and may have violated federal wiretap laws."

The FTC sent a letter to EPIC regarding the February 2010 EPIC
complaint. In the letter, the Bureau of Consumer Protection Director
states that the complaint "raises interesting issues that relate to
consumer expectations about the collection and use of their data."
Further, the FTC Director highlighted the importance of having
consumers "understand how their data will be used" and allowing
consumers the "opportunity to exercise meaningful control over such

EPIC's amended complaint, which was filed a few days after receiving
the FTC's letter, describes how Google Buzz violated Google's own
privacy policy for Gmail. EPIC states, "In whole and in part, the Gmail
Privacy Notice describes the collection and use of personal data for
the purpose of providing the Gmail email service." Creating Google
Buzz, a social networking tool, within this email service constitutes a
"clear contradiction between the Gmail policy in place at the time Buzz
was released and the use of Gmail account information by Google for the
Buzz service..."

EPIC urged the FTC to investigate Google's practices, compel Google to
make Google Buzz an opt-in service, and compel Google to cease using
Gmail users' private address book contacts to compile their Buzz social
networking lists.

EPIC's Amended Complaint in In re Google Buzz

EPIC's original complaint in In re Google Buzz

Letter from FTC to EPIC regarding Google Buzz complaint

EPIC: In re Google Buzz

[5] White House Publishes Outline of Cyber Security Policies

The White House has made a description of the Comprehensive National
Cybersecurity Initiative available online for public viewing. The
Initiative has three major goals: "to establish a front line of defense
against today's immediate threats[,] to defend against the full
spectrum of threats[,] and to strengthen the future cybersecurity
environment." President Obama plans to incorporate the Initiative as a
key element in a national U.S. cybersecurity strategy.

The Initiative was developed with the help of privacy experts within
the government. According to the National Security Council,
safeguarding "civil liberties and privacy rights remain fundamental
objectives in the implementation of the Comprehensive National
Cybersecurity Initiative." President Obama also identified "enhanced
information sharing" as one of the central components of cybersecurity.

The 12 initiatives cover a wide range of government activity, from
cyber education to intrusion detection. More specifically, the
initiatives include "connecting current cyber ops centers to enhance
situational awareness," heightening security of classified networks,
and implementing a "government-wide cyber counterintelligence plan."
However, the text of the underlying legal authority for cybersecurity
still remains secret.

EPIC has been involved in ongoing litigation regarding a Freedom of
Information Act request for the text of the critical cybersecurity
document NSPD 54 that President Bush signed in 2008.

Comprehensive National Cybersecurity Initiative

White House announcement regarding Transparent Cybersecurity

EPIC: NSPD-54 FOIA complaint

EPIC: NSPD-54 FOIA request

EPIC: EPIC Sues NSA to Force Disclosure of Cyber Security Authority

EPIC: EPIC Seeks Records on Google-NSA Relationship

[6] News in Brief

Study Ranks Top 20 Companies for Privacy in 2010, Facebook Off the List

Ponemon Institute released its annual study identifying the top twenty
companies that are most trusted for privacy. American Express was
ranked first, earning the Most Trusted for Privacy distinction for the
fifth year in a row. Facebook suffered several privacy missteps over
the last year, including a recent change in privacy settings at the end
of 2009. As a result, Facebook failed to make the 2010 list. Google,
however, returned to the Top 20, ranked at 13. The survey also produced
significant findings regarding consumer attitudes towards privacy,
including the finding that consumers feel they are losing control over
their personal information. Further, the responses revealed that
consumers' fear of identity theft is the main factor for brand trust
diminishment, while a company's implementation of privacy features
contribute to brand trust. Other significant positive factors were
limits on the collection of personal information and online anonymity.

Ponemon Institute

Ponemon Institute's Annual Study on Most Trusted Sites

EPIC: Complaint in In re Facebook

Congress Renews PATRIOT Act without Privacy Amendments

After months of debate, Congress has voted to extend the three expiring
provisions of the USA PATRIOT Act for one year with no alteration. The
provisions, concerning business records, roving wiretaps, and "lone
wolf" investigations, give federal law enforcement agencies broad
powers to gather information on Americans. The Senate bill passed by
voice vote, and the House bill as an amendment to the Medicare
Physician Payment Reform Act of 2009, by a vote of 315-97. Both the
Senate and House Judiciary committees proposed bills to renew these
provisions with reforms that would establish greater oversight, but
neither bill went to a floor vote.

Medicare Physician Payment Reform Act of 2009


EPIC: PATRIOT Act Extension

Judge Waits to Decide on Proposed Settlement in Facebook Privacy Case

Following a hearing last week, U.S. District Court Judge Seeborg
reserved decision about the approval of Facebook's proposed 9.5 million
dollar settlement in a case involving Facebook Beacon. According to the
settlement terms, Facebook would contribute about $6 million to the
establishment of a privacy organization. Facebook, however, would
maintain control over this organization, as Facebook's top lobbyist
would become co-President and all significant decisions would require a
unanimous vote. EPIC and several other privacy organizations, including
the Consumer Federation of America and the Privacy Rights
Clearinghouse, have written a letter to Judge Seeborg, ask him to
reject the settlement as proposed

Facebook Beacon Settlement Terms

Facebook's Proposed Bylaws for the Privacy Foundation

EPIC: Letter to Judge Seeborg regarding Facebook Beacon Settlement

EPIC: Facebook Privacy
President Obama Nominates Brill and Ramirez to be FTC Commissioners

President Obama nominated Julie Brill and Edith Ramirez to be
commissioners of the Federal Trade Commission, filling seats left
vacant by Deborah Majoras and Pamela Jones Harbor. Brill, North
Carolina's top consumer advocate, serves as the senior deputy attorney
general and chief of consumer protection and antitrust for the North
Carolina Department of Justice. Ramirez, who specializes in
intellectual property and complex litigation matters, is a partner in a
Los Angeles, California law firm and has experience representing
companies like Mattel, Inc. and Northrop Grumman Corp. In a press
release, President Obama stated, "These individuals bring a depth of
experience to their respective roles, and I am confident they will
serve my administration and the American people well. I look forward to
working with them in the months and years ahead."

Julie Brill Biography

Edith Ramirez Biography

Statement of Jon Leibowitz on Senate Confirmation of new FTC

Privacy Violations Occur with Collecting Stop-and-Frisk Data in New York

On February 16, 2010, the New York Police Department released data for
2009 showing a ten percent rise in the number of New Yorkers being
stopped by police. A total of 575,304 individuals were stopped, and 87
percent were Black and Hispanic. Of these stops, only 1.3 percent
resulted in discovery of a weapon, and 6 percent resulted in arrests. 
Under the state's stop, question and frisk policy, police officers are
authorized to stop, question and possibly frisk an individual they
reasonably believe is about to commit, is committing or has committed a
crime. Personal information is collected on a UF-250 form, which
requires an officer to document an individual's name, address, age,
gender, race and physical description. Consequently, innocent
individuals who are stopped, questioned or frisked have their personal
information stored in a Police Department database, even if the
individual is not arrested. 

Center for Constitutional Rights, Press Release on NYPD 2009 Stop,
Question and Frisk Data

New York Police Dept. 2009 Stop, Question and Frisk Data

New York Police Dept. 2005-2008 Stop, Question and Frisk Data

New York Police Dept., What is a stop, question, and frisk encounter?

Senate Holds Hearing on Internet Freedom

On March 2, 2010, the Judiciary Subcommittee on Human Rights and the
Law held a hearing on "Global Internet Freedom and the Rule of Law,"
which focused on information technology industry business practices in
countries that restrict the Internet. The Senate hearing come one month
after Secretary Clinton delivered a speech on Internet freedom.
Following the speech, EPIC and 29 experts of technology and privacy
wrote a letter to Secretary Clinton, urging the United States to begin
the process of ratifying the Council of Europe Convention on Privacy,
which seeks to protect fundamental human rights as technology advances.
EPIC made the same recommendation in statements for the record for a
House hearing on Google and U.S. Cyberspace Policy, and for the Senate
hearing on Internet Freedom.

Secretary Clinton's Speech on Internet Freedom

EPIC: Letter to U.S. Secretary of State Clinton

U.S. Department of State Letter regarding Clinton Letter

National Security Presidential Directive-54 Complaint

Massachusetts Data Protection Law Goes into Effect

Massachusetts’s new data protection law went into effect at the
beginning of March. The law applies to all companies that own or
license the personal information of Massachusetts residents. According
to the new regulations, companies are now required to create a
comprehensive security program that details how personal information
will be safeguarded. Governor Deval Patrick stated, "Consumers should
feel confident that their personal information is protected, and not
exposed to loss or theft. These regulations improve the safety of
personal information, while giving businesses the flexibility to secure
that information without undue burden." 

Massachusetts Statute, 201 CMR 17.00: Standards for the Protection of
Personal Information of Residents of the Commonwealth

Statute's FAQ page

Press Release from MA Governor

EPIC: Privacy and Identity Theft

[7] EPIC Bookstore: "The Watchers"

"The Watchers: The Rise of America's Surveillance State"
by Shane Harris

Journalist Shane Harris's new book The Watchers attempts to present a
comprehensive chronicle of the last twenty-five years in the world of
electronic surveillance conducted by the American federal government.
He traces the careers of five men who have been integral to that story:
National Security Advisor Admiral John Poindexter, Army Major Erik
Kleinsmith of the Special Operations Command, Director of the NSA and
CIA, and Principal Deputy Director of National Intelligence Gen.
Michael Hayden, and Director of National Intelligence Vice Adm. Mike
McConnell. Through the lives of these men, Harris tells how massive
data-mining programs were born in shadows, thrust into the spotlight,
and then pulled back into secrecy.

Harris mostly tells the story chronologically, reconstructed from
personal interviews, congressional testimony, old emails, and other
records. He focuses significantly more attention on Poindexter than on
his other subjects, so that at times the book reads like a biography,
rather than a study of a history, although this may be the result of
Poindexter's direct involvement in so many of the relevant events.
Harris's presentation of Poindexter is cautiously sympathetic, and
paints a portrait of a man loyal to his country and sure of his own
ideas, sometimes lacking the ability to see the objections or reasons
not to move forward.

Poindexter got his start in the data analysis business shortly after
the 1983 attack on the Marine barracks in Beirut, when he and a young
Oliver North determined that more effective combination of existing
intelligence could have predicted and prevented the attacks. From that
moment forward, Harris describes Poindexter's singleminded pursuit of
the goal that eventually became the name of his 2002 surveillance
program: Total Information Awareness. Harris chronicles Poindexter's
repeated clashes with privacy advocates and members of Congress over
his programs, including EPIC Executive Director Marc Rotenberg.
Poindexter believed that independent oversight would be unnecessary
because he developed his system to monitor its own users.

Ultimately, The Watchers ends ominously. The story is not one of
government actors who tried to set up extensive electronic
surveillance, met with resistance, and backed down. Rather, it is the
story of systems of surveillance that currently exist in unknown form.
As the book portrays them, nearly every major spying program developed
in the last twenty-five years lives on in some way or another. For
instance, according to Harris, the widely-denounced Total Information
Awareness program was shut down within DARPA by congressional action,
but almost certainly lives on within the NSA. Thus, Poindexter may be
out of the picture, but his legacy remains with us.

--Jared Kaprove

EPIC Publications:

"Litigation Under the Federal Open Government Laws 2008," edited by
Harry A. Hammitt, Marc Rotenberg, John A. Verdi, and Mark S. Zaid
(EPIC 2008). Price: $60.
Litigation Under the Federal Open Government Laws is the most
comprehensive, authoritative discussion of the federal open access
laws. This updated version includes new material regarding the
substantial FOIA amendments enacted on December 31, 2007. Many of the
recent amendments are effective as of December 31, 2008. The standard
reference work includes in-depth analysis of litigation under Freedom
of Information Act, Privacy Act, Federal Advisory Committee Act,
Government in the Sunshine Act. The fully updated 2008 volume is the
24th edition of the manual that lawyers, journalists and researchers
have relied on for more than 25 years.


"Information Privacy Law: Cases and Materials, Second Edition" Daniel
J. Solove, Marc Rotenberg, and Paul Schwartz. (Aspen 2005). Price: $98.

This clear, comprehensive introduction to the field of information
privacy law allows instructors to enliven their teaching of fundamental
concepts by addressing both enduring and emerging controversies. The
Second Edition addresses numerous rapidly developing areas of privacy
law, including: identity theft, government data mining and electronic
surveillance law, the Foreign Intelligence Surveillance Act,
intelligence sharing, RFID tags, GPS, spyware, web bugs, and more.
Information Privacy Law, Second Edition, builds a cohesive foundation
for an exciting course in this rapidly evolving area of law.


"Privacy & Human Rights 2006: An International Survey of Privacy Laws
and Developments" (EPIC 2007). Price: $75.

This annual report by EPIC and Privacy International provides an
overview of key privacy topics and reviews the state of privacy in over
75 countries around the world. The report outlines legal protections,
new challenges, and important issues and events relating to privacy.
Privacy & Human Rights 2006 is the most comprehensive report on privacy
and data protection ever published.


"The Public Voice WSIS Sourcebook: Perspectives on the World Summit on
the Information Society" (EPIC 2004). Price: $40.

This resource promotes a dialogue on the issues, the outcomes, and the
process of the World Summit on the Information Society (WSIS). This
reference guide provides the official UN documents, regional and
issue-oriented perspectives, and recommendations and proposals for
future action, as well as a useful list of resources and contacts for
individuals and organizations that wish to become more involved in the
WSIS process.


"The Privacy Law Sourcebook 2004: United States Law, International Law,
and Recent Developments," Marc Rotenberg, editor (EPIC 2005). Price:

The Privacy Law Sourcebook, which has been called the "Physician's Desk
Reference" of the privacy world, is the leading resource for students,
attorneys, researchers, and journalists interested in pursuing privacy
law in the United States and around the world. It includes the full
texts of major privacy laws and directives such as the Fair Credit
Reporting Act, the Privacy Act, and the OECD Privacy Guidelines, as
well as an up-to-date section on recent developments. New materials
include the APEC Privacy Framework, the Video Voyeurism Prevention Act,
and the CAN-SPAM Act.


"Filters and Freedom 2.0: Free Speech Perspectives on Internet Content
Controls" (EPIC 2001). Price: $20.

A collection of essays, studies, and critiques of Internet content
filtering. These papers are instrumental in explaining why filtering
threatens free expression.


EPIC publications and other books on privacy, open government, free
expression, crypto and governance can be ordered at:

EPIC Bookstore


EPIC also publishes EPIC FOIA Notes, which provides brief summaries of
interesting documents obtained from government agencies under the
Freedom of Information Act.

Subscribe to EPIC FOIA Notes at:

[8] Upcoming Conferences and Events

"IAPP 10th Anniversary Webcast"
National Press Club, Washington, DC, March 16, 2010
For more information:

"Third Annual Freedom of Information Day Celebration:
Washington College of Law, Washington, DC, March 16, 2010
For more information:

"Privacy 2010"
Stanford, CA, March 23 - 25, 2010.
For more information:

"Smartgrid Policy Summit"
Washington, DC, April 8, 2010
For more information:

"Computers, Freedom, and Privacy"
San Jose, June 15-18, 2010. 
For more information:

"32nd Int'l Conference of Data Protection and Privacy Commissioners" 
Jerusalem, October 2010. 
For more information:

Join EPIC on Facebook

Join the Electronic Privacy Information Center on Facebook


Start a discussion on privacy. Let us know your thoughts.
Stay up to date with EPIC's events.
Support EPIC.

Privacy Policy

The EPIC Alert mailing list is used only to mail the EPIC Alert and to
send notices about EPIC activities. We do not sell, rent or share our
mailing list. We also intend to challenge any subpoena or other legal
process seeking access to our mailing list. We do not enhance (link to
other databases) our mailing list or require your actual name.

In the event you wish to subscribe or unsubscribe your e-mail address
from this list, please follow the above instructions under "subscription

About EPIC

The Electronic Privacy Information Center is a public interest research
center in Washington, DC. It was established in 1994 to focus public
attention on emerging privacy issues such as the Clipper Chip, the
Digital Telephony proposal, national ID cards, medical record privacy,
and the collection and sale of personal information. EPIC publishes the
EPIC Alert, pursues Freedom of Information Act litigation, and conducts
policy research. For more information, see or write
EPIC, 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009. +1 202
483 1140 (tel), +1 202 483 1248 (fax).

Donate to EPIC

If you'd like to support the work of the Electronic Privacy Information
Center, contributions are welcome and fully tax-deductible. Checks
should be made out to "EPIC" and sent to 1718 Connecticut Ave., NW,
Suite 200, Washington, DC 20009. Or you can contribute online at:

Your contributions will help support Freedom of Information Act and
First Amendment litigation, strong and effective advocacy for the right
of privacy and efforts to oppose government regulation of encryption and
expanding wiretapping powers.

Thank you for your support.

Subscription Information

Subscribe/unsubscribe via web interface:

Back issues are available at:

The EPIC Alert displays best in a fixed-width font, such as Courier.

------------------------- END EPIC Alert 17.05 ------------------------


Share this page:

Defend Privacy. Support EPIC.
US Needs a Data Protection Agency
2020 Election Security