You are viewing an archived webpage. The information on this page may be out of date. Learn about EPIC's recent work at

EPIC Alert 17.08

                            E P I C   A l e r t
Volume 17.08                                            April 26, 2010

                           Published by the
               Electronic Privacy Information Center (EPIC)
                           Washington, D.C.


		     "Defend Privacy. Support EPIC."
			 EPIC Awards Dinner
                            June 2, 2010
                           Washington, DC

Table of Contents
[1] Broad Coalition Petitions DHS to Shut Down Body Scanners
[2] DHS Has 2000 Body Scanner Images, But Refuses to Disclose Them
[3] EPIC Demands Release of Classified Answers on Privacy and Internet
[4] No EU-US Agreement on Transfer of Financial Data or Body Scanners
[5] Supreme Court Hears Arguments in Text Message Privacy Case
[6] News in Brief
[7] EPIC Bookstore: "Can They Do That?"
[8] Upcoming Conferences and Events

TAKE ACTION: Stop Airport Strip Searches!
- JOIN Facebook Group "Stop Airport Strip Searches" and INVITE Friends

[1] Broad Coalition Petitions DHS to Shut Down Body Scanners

On April 21, 2010, EPIC and a broad coalition of organizations
submitted a formal petition to the Department of Homeland Security
demanding that the agency suspend the airport body scanner program. The
petition states that the "uniquely intrusive search" is unreasonable
and violates the Constitution. The petition further states the program
fails to comply with several federal laws, including the Religious
Freedom Restoration Act, the Privacy Act of 1974, and the
Administrative Procedures Act. The thirty organizations also argue that
the machines are ineffective and that there are better, less costly
security technologies. The filing observes that the TSA has routinely
misled the pubic about the ability of the devices to store and transmit
detailed images of travelers' naked bodies. In an ongoing Freedom of
Information Act lawsuit, EPIC has already obtained technical documents,
vendor contracts, and hundreds of traveler complaints.

The petition describes the TSA's “pattern, practice, and policy” of
using body scanners as primary, mandatory screening in airports where
the devices are installed. The petition notes that the TSA currently
aims to deploy approximately 1,000 machines, eventually using the
devices at all airport checkpoints. EPIC describes the body scanner
program as “enormously expensive,” costing taxpayers at least $2.4
billion dollars. Air travelers have described the scanners as “a
disgusting violation of civil liberties and privacy,” “for a bunch of
peeping toms,” “unconstitutional,” “intrusive and ridiculous” and “a

In the immediate wake of the filing, EPIC President Marc Rotenberg
said, "at this point, there is no question that the body scanner
program should be shut down. This is the worst type of government
boondoggle -- expensive, ineffective, and offensive to Constitutional
rights and deeply held religious beliefs.” Chip Pitts, President of the
Bill of Rights Defense Committee, added, “the program should be
suspended. The body scanners don't work for the purposes claimed and
actually harm true security by diverting scarce resources and offending
allies and populations critical for genuine intelligence." Margaret
Fung, Executive Director of the Asian American Legal Defense and
Education Fund, said: “The use of full body scanners, without any clear
alternative procedure, has violated and will continue to violate the
civil rights of Muslims and other religious groups."

Recently, three United States Senators wrote to DHS, urging the agency
to reconsider the body scanner program. Senators Collins (R-ME), Kyl
(R-AZ), and Chambliss (R-GA) encouraged DHS to consider
"auto-detection" devices instead of human screeners. The Senators noted
that the current technology allows airport officials to "view detailed
images of passengers' bodies" and also that other systems could "save
the government and airports money on physical space for screening." In
response to a Congressional inquiry led by Congressman Bennie Thompson,
the TSA acknowledged that images on body scanner machines could be
recorded but claimed that traveler's images “would” not be saved. EPIC
President Marc Rotenberg's testified before the Committee, urging
lawmakers to halt the plan to deploy body scanners in the nation's
airports. In March, EPIC asked President Obama to suspend the
deployment of digital strip search devices until a "comprehensive
evaluation of the devices' effectiveness, health impacts, and privacy
safeguards is completed by an independent review board."

EPIC and 29 Other Groups' Petition to Suspend Body Scanners:

EPIC: Whole Body Imaging Technology

EPIC: EPIC v. Department of Homeland Security

EPIC Testimony to House Committee on Homeland Security

Coalition Letter to President Obama

[2] DHS Has 2000 Body Scanner Images, But Refuses to Disclose Them

As a result of a Freedom of Information Act lawsuit against the
Department of Homeland Security, EPIC has obtained hundreds of pages of
documents from the Department. The lawsuit arose over two unfulfilled
FOIA requests that EPIC filed with the Department in 2009. 

A letter to EPIC reveals that the government agency possesses about
2,000 body scanner photos from devices that the DHS said earlier "could
not store or record images." The Department of Homeland Security has
stated that these images are test images, of Transportation Security
Administration models, not of American citizens. But the Department
refuses to turn the images over because, it argues, public viewing of
the images would constitute a national security threat.

As part of the litigation agreement, the Department has released
several sets of documents to EPIC. The most recent set of documents
contained hundreds of pages of customer complaints, an updated
Procurement Specifications contract, several vendor contracts, and the
revelation that the Department possesses body scanner images. Previous
document sets included Operational Requirements, Procurement
Specifications, hundreds more pages of customer complaints, and vendor
contracts with Rapiscan and L3.

DHS: Letter to EPIC:

EPIC: EPIC v. Department of Homeland Security (including documents)

EPIC: Whole Body Imaging Technology

[3] EPIC Demands Release of Classified Answers on Privacy and Internet

EPIC has filed a Freedom of Information Act (FOIA) request with the
National Security Agency (NSA) seeking the "classified supplement" that
Director Lt. Gen. Keith Alexander filed with his answers to questions
from the Senate Armed Services Committee regarding his nomination to be
the Commander of the newly formed United States Cyber Command. The
Cyber Command, or USCYBERCOM, was established in June 2009 by Secretary
of Defense Robert Gates, with the plan to be fully operational by
October 2010. In October 2009, current NSA Director Alexander was
nominated for the new joint position of NSA Director and Commander of

On April 15, 2010, the Senate Armed Services Committee held a hearing
to consider the nomination of Lt. Gen. Alexander. In advance of that
hearing, the Committee submitted a list of questions to be answered by
Lt. Gen. Alexander. He provided his responses in written form. Many of
his answers are available to the public in unclassified form. However,
several of Lt. Gen. Alexander’s responses are instead contained in a
"classified supplement."

Several of Lt. Gen. Alexander's classified responses were to questions
regarding the privacy of Americans' communications. For example, the
entire answer to the question "What would the impact [of potential
modifications to the architecture of the internet] be on privacy, both
pro and con?" was deemed classified. EPIC's request urges the Agency to
make the full responses public. EPIC is also currently in litigation
with the NSA to obtain the secret presidential directive authorizing
NSA surveillance authority over the internet and cybersecurity.


Lt. Gen. Alexander's Unclassified Responses

EPIC vs. NSA, Civ. Action No. 10-0196(RMU) (D.D.C.)

[4] No EU-US Agreement on Transfer of Financial Data or Body Scanners

Top United States counter-terrorism officials and European counterparts
met in Madrid this month but did not come to an agreement to restart a
program that gave the US access to European financial data. The
Terrorist Finance Tracking Program, launched after September 11,
provided the US government with access to the SWIFT transaction
database, which houses data on international financial transfers. The
program operated in secret from 2001 to 2006 until the program became
known. An interim deal was in operation until late 2009, and in
February 2010, the European Parliament voted 378 to 196 to end the
deal, objecting to the program as a violation of EU privacy law.

Without an agreement in place, the US does not have access to European
banking data. However, data protection is the priority for the European
Parliament. The Parliament objects to the lack of legal protections for
the data on European citizens sought by the United States, as well as
the lack of clear standards for the use of data. European officials
have argued that Europeans should be given the right to appeal to
American authorities if their data is misused or abused.

There also appeared to be no EU support for the further deployment of
body scanners in European airports. EPIC has raised several objections
to the body scanner program, including sending a formal petition, with
the support of a broad coalition, to the Department of Homeland
Security to demand that the agency suspend the airport body scanner
program. Additionally, EPIC has objected to use of the body scanners in
a letter with Ralph Nader to the Obama Administration, in Congressional
Testimony, and in FOIA litigation, which revealed that the devices
store and record images.

EuroParliament: SWIFT - Civil Liberties Committee Recommends Rejecting
the Agreement

EuroParliament: EU-US SWIFT Agreement (June 28, 2007)  

EPIC: Spotlight on Surveillance on the SWIFT program   

European Parliament, Is Transatlantic Data Protected? (March 26,

Article 29 Working Group: opinion on the processing of personal data by
the Society for Worldwide Interbank Financial Telecommunication (SWIFT)

US Dept. of Treasury: Terrorist Finance Tracking Program

EPIC Petition to Suspend Full Body Scanner Program

EPIC and Nader Letter to the President

EPIC Congressional Testimony


[5] Supreme Court Hears Arguments in Text Message Privacy Case

The U.S. Supreme Court held oral arguments in the case of City of
Ontario v. Quon on April 19. The Court will determine whether a
government employer can review the contents of private text messages
sent from an employee's pager through a private communications company.
The case is on appeal from the Ninth Circuit, where the court ruled in
favor of the employee. EPIC filed a "friend of the court" brief in the
United States Supreme Court, urging the Justices to protect the privacy
of public employees who use electronic communications devices. Ten
technology experts and legal scholars joined EPIC in filing the brief
to bring attention to the importance of data minimization.

In its brief, EPIC's asserted that while the Government may undertake
reasonable searches of public employees, they may not pursue unbounded
searches of personal communications devices. Such searches run contrary
to best practices in the security industry and expose public employees
to unnecessary risks. EPIC argued that data minimization practices
should be applied to public sector searches and detailed the various
ways employer-issued devices collect and store detailed personal
information, including Internet search history, text messages, emails,
and locational data. EPIC urged the court to consider the standards set
out in the Ninth Circuit case Comprehensive Drug Testing v. United
States, which instructs a government agency about how to undertake
appropriate searches without unnecessarily violating privacy interests.

In the oral argument, the Justices focused on the factual issues in the
case, and whether the plaintiff had a reasonable expectation of
privacy, given the circumstances surrounding his use of the device.
Lawyers representing both the city and the federal government argued
that there was no reasonable expectation, even though the disclosure by
the wireless carrier was prohibited by the Stored Communications Act.
The Court is likely to rule on the case before the end of the term in

EPIC City of Ontario v. Quon
EPIC Amicus Brief

ScotusWiki City of Ontario v. Quon

EPIC Workplace Privacy

Transcript of Oral Arguments: City of Ontario v. Quon

[6] News In Brief

Faster FOIA Act Heading for Senate Vote

A bill to improve the speed at which the government processes requests
under the Freedom of Information Act, called the Faster FOIA Act of
2010, was passed by the Senate Judiciary Committee late last week and
has been reported to the full Senate for a vote. The bill was
introduced in March by Senators Leahy (D-VT) and Cornyn (R-TX) and will
establish a 16-member commission to conduct a study to determine the
methods for reducing delays in processing FOIA requests. The commission
will then make recommendations to Congress and the President to
facilitate the efficient processing of FOIA requests. EPIC frequently
uses the FOIA to obtain information from the government about
surveillance and privacy policy.

Faster FOIA Act 2010

EPIC: FOIA Litigation Docket

EPIC FOIA Litigation Manuel

Facebook Fails Stanford Privacy Test, a Stanford based project, reviews online and mobile
applications and the platforms they run on for privacy, openness and
security. The site rated Facebook's privacy significantly lower than
that of other platforms like Twitter, MySpace, and the iPhone. For
privacy, security and openness, Facebook is rated at 2 points out of 5,
with 5 being the highest score. The scores are based on expert reviews
of an application or platform, which consist of answers to nine
questions related to consumer values. In addition to expert ratings and
reviews, users can also comment and compare privacy settings. EPIC and
several other groups have filed a complaint and supplemental complaint
with the FTC against Facebook in late 2009 for changes in its privacy
policy that result in unfair and deceptive trade practices.

WhatApp? Website

EPIC Facebook Complaint

EPIC Supplement Facebook Complaint

EPIC: In re Facebook

EPIC: Facebook Privacy

NTIA to Hold Public Meeting on Information Privacy

The National Telecommunications and Information Administration (NTIA)
will hold a public meeting on "Information Privacy and Innovation in
the Internet Economy" on May 7. The NTIA is seeking comments from "all
Internet stakeholders, including the commercial, academic, and civil
society sectors, on the impact of current privacy laws in the United
States and around the world on the pace of innovation in the
information economy." The discussion will center around whether current
privacy laws serve consumer interests and fundamental democratic
values. EPIC has previously recommended comprehensive privacy standards
for NTIA privacy working groups. EPIC has also filed friend of the
court brief against the NTIA's disclosure of domain holder personal

NTIA: Public Meeting Announcement
EPIC: Recommendations to NTIA Regarding Comprehensive Privacy Standards
EPIC: Amicus Brief Against NTIA's Disclosure of Domain Holder Personal 
Senator Leahy Urges Attorney General to Implement Patriot Act Reforms

Senate Judiciary Committee Chairman Patrick Leahy (D-Vt.) has sent a
letter to Attorney General Eric Holder regarding key privacy safeguards
for the PATRIOT Act. The Senate Judiciary Committee passed the PATRIOT
Act Sunset Extension Act earlier in the year, which included many
reforms, but the full Senate did not act on the measure Because the
administration supported the reforms within the bill, Sen. Leahy
advised the Attorney General that he can voluntarily adopt many of the
reforms even without Congressional action. Senator Leahy expressed
particular concern about the possible misuse of National Security
Letter authority.

Letter from Senator Leahy to Attorney General Holder

Senator Leahy Press Release
EPIC National Security Letters

Congress Passes Bill Banning Caller ID Spoofing

On April 15, the House of Representatives passed the Truth in Caller ID
Act of 2010, which bans the transmission of misleading or inaccurate
caller ID information "with the intent to defraud, cause harm, or
wrongfully obtain anything of value." EPIC recommended this intent
requirement in testimony before the House in 2006 and 2007, and before
the Senate in 2007 so that privacy techniques would be protected. The
bill has already passed the Senate and will likely be enacted into law.

H.R. 1258, Truth in Caller ID Act of 2010

EPIC House Testimony, 2006

EPIC House Testimony, 2007

EPIC Senate Testimony, 2007

[7] EPIC Bookstore: "Can They Do That?"

“Can They Do That?" looks at the workplace through the lens of the 21st
Century, where hidden cameras, drug testing,  background checks, credit
checks, and genetic data can lead to immediate termination.
Employees should beware of employers bearing gifts. The digital
information age has given employers new tools to “better manage
employees," such as requiring employees to carry cell phones with GPS
or assigning employees laptops for weekend use that are monitored  Many
employers use automated means to screen employee communications for key
words or phrases and flag message for reading. Even when employees
access personal e-mail while at work the privacy of those messages is
not protected. Work Internet access or communications using employer
provided devices are not a free speech zone.  Unflattering comments
(even if true) about your boss or company can get you fired.

Employers can require that employees take a psychological test that
asks very personal questions. According  to Maltby one of the worst and
most privacy invasive psychological tests is the Minnesota Mutiphasic
Personality Inventory, which measures your answers to questions with a
control group. The test was developed in 1942 at a state mental
hospital in Minnesota as an effort to diagnose “deep-seated and serious
mental conditions.” The control group was all white Minnesotans most
were married and had an eight-grade education. Failing to answer
questions on the test as the control group responded means you would
fail the test. Maltby did praise the Myers-Briggs Type Indicator as a
good psychological test for employment screening.

He contends that workers do need human rights and legal protection from
the crazy things that some employers might want use to fire employees. 
Dismissals short of unethical, illegal, dangerous, or threatening
behavior by employees should come under very strict scrutiny.  Labor
unions have proven adequate at developing a governance structure
designed to protect union members and fellow employees from abuse, and
arbitrary action by employers. But many workers do not belong to
unions, so much more remains to be done to protect employee privacy.

--Lillie Coney

EPIC Publications:

"Litigation Under the Federal Open Government Laws 2008," edited by
Harry A. Hammitt, Marc Rotenberg, John A. Verdi, and Mark S. Zaid
(EPIC 2008). Price: $60.
Litigation Under the Federal Open Government Laws is the most
comprehensive, authoritative discussion of the federal open access
laws. This updated version includes new material regarding the
substantial FOIA amendments enacted on December 31, 2007. Many of the
recent amendments are effective as of December 31, 2008. The standard
reference work includes in-depth analysis of litigation under Freedom
of Information Act, Privacy Act, Federal Advisory Committee Act,
Government in the Sunshine Act. The fully updated 2008 volume is the
24th edition of the manual that lawyers, journalists and researchers
have relied on for more than 25 years.


"Information Privacy Law: Cases and Materials, Second Edition" Daniel
J. Solove, Marc Rotenberg, and Paul Schwartz. (Aspen 2005). Price: $98.

This clear, comprehensive introduction to the field of information
privacy law allows instructors to enliven their teaching of fundamental
concepts by addressing both enduring and emerging controversies. The
Second Edition addresses numerous rapidly developing areas of privacy
law, including: identity theft, government data mining and electronic
surveillance law, the Foreign Intelligence Surveillance Act,
intelligence sharing, RFID tags, GPS, spyware, web bugs, and more.
Information Privacy Law, Second Edition, builds a cohesive foundation
for an exciting course in this rapidly evolving area of law.


"Privacy & Human Rights 2006: An International Survey of Privacy Laws
and Developments" (EPIC 2007). Price: $75.

This annual report by EPIC and Privacy International provides an
overview of key privacy topics and reviews the state of privacy in over
75 countries around the world. The report outlines legal protections,
new challenges, and important issues and events relating to privacy.
Privacy & Human Rights 2006 is the most comprehensive report on privacy
and data protection ever published.


"The Public Voice WSIS Sourcebook: Perspectives on the World Summit on
the Information Society" (EPIC 2004). Price: $40.

This resource promotes a dialogue on the issues, the outcomes, and the
process of the World Summit on the Information Society (WSIS). This
reference guide provides the official UN documents, regional and
issue-oriented perspectives, and recommendations and proposals for
future action, as well as a useful list of resources and contacts for
individuals and organizations that wish to become more involved in the
WSIS process.


"The Privacy Law Sourcebook 2004: United States Law, International Law,
and Recent Developments," Marc Rotenberg, editor (EPIC 2005). Price:

The Privacy Law Sourcebook, which has been called the "Physician's Desk
Reference" of the privacy world, is the leading resource for students,
attorneys, researchers, and journalists interested in pursuing privacy
law in the United States and around the world. It includes the full
texts of major privacy laws and directives such as the Fair Credit
Reporting Act, the Privacy Act, and the OECD Privacy Guidelines, as
well as an up-to-date section on recent developments. New materials
include the APEC Privacy Framework, the Video Voyeurism Prevention Act,
and the CAN-SPAM Act.


"Filters and Freedom 2.0: Free Speech Perspectives on Internet Content
Controls" (EPIC 2001). Price: $20.

A collection of essays, studies, and critiques of Internet content
filtering. These papers are instrumental in explaining why filtering
threatens free expression.


EPIC publications and other books on privacy, open government, free
expression, crypto and governance can be ordered at:

EPIC Bookstore


EPIC also publishes EPIC FOIA Notes, which provides brief summaries of
interesting documents obtained from government agencies under the
Freedom of Information Act.

Subscribe to EPIC FOIA Notes at:

[8] Upcoming Conferences and Events

"IAPP 10th Anniversary Webcast"
National Press Club, Washington, DC, March 16, 2010
For more information:

"Third Annual Freedom of Information Day Celebration:
Washington College of Law, Washington, DC, March 16, 2010
For more information:

"Privacy 2010"
Stanford, CA, March 23 - 25, 2010.
For more information:

"Smartgrid Policy Summit"
Washington, DC, April 8, 2010
For more information:

"Developing a Trusted Cyber-Infrastructure"
Toronto, ON, May 12, 2010
For more information:

EPIC Awards Dinner
June 2, 2010
Washington, DC
For more information:

"Computers, Freedom, and Privacy"
San Jose, June 15-18, 2010.
For more information:

"32nd Int'l Conference of Data Protection and Privacy Commissioners"
Jerusalem, October 2010.
For more information:

Join EPIC on Facebook

Join the Electronic Privacy Information Center on Facebook


Start a discussion on privacy. Let us know your thoughts.
Stay up to date with EPIC's events.
Support EPIC.

Privacy Policy

The EPIC Alert mailing list is used only to mail the EPIC Alert and to
send notices about EPIC activities. We do not sell, rent or share our
mailing list. We also intend to challenge any subpoena or other legal
process seeking access to our mailing list. We do not enhance (link to
other databases) our mailing list or require your actual name.

In the event you wish to subscribe or unsubscribe your e-mail address
from this list, please follow the above instructions under "subscription

About EPIC

The Electronic Privacy Information Center is a public interest research
center in Washington, DC. It was established in 1994 to focus public
attention on emerging privacy issues such as the Clipper Chip, the
Digital Telephony proposal, national ID cards, medical record privacy,
and the collection and sale of personal information. EPIC publishes the
EPIC Alert, pursues Freedom of Information Act litigation, and conducts
policy research. For more information, see or write
EPIC, 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009. +1 202
483 1140 (tel), +1 202 483 1248 (fax).

Donate to EPIC

If you'd like to support the work of the Electronic Privacy Information
Center, contributions are welcome and fully tax-deductible. Checks
should be made out to "EPIC" and sent to 1718 Connecticut Ave., NW,
Suite 200, Washington, DC 20009. Or you can contribute online at:

Your contributions will help support Freedom of Information Act and
First Amendment litigation, strong and effective advocacy for the right
of privacy and efforts to oppose government regulation of encryption and
expanding wiretapping powers.

Thank you for your support.

Subscription Information

Subscribe/unsubscribe via web interface:

Back issues are available at:

The EPIC Alert displays best in a fixed-width font, such as Courier.

------------------------- END EPIC Alert 17.01 ------------------------


Share this page:

Defend Privacy. Support EPIC.
US Needs a Data Protection Agency
2020 Election Security