You are viewing an archived webpage. The information on this page may be out of date. Learn about EPIC's recent work at

EPIC Alert 17.11

                            E P I C   A l e r t
Volume 17.11                                                June 4, 2010

                           Published by the
               Electronic Privacy Information Center (EPIC)
                           Washington, D.C.


		      "Defend Privacy. Support EPIC."

Table of Contents
[1] EPIC, Congress Urge Investigation of Google Street View
[2] TSA Responds to EPIC, Claims Body Scanners Okay
[3] Facebook makes privacy changes, Questions remain
[4] EPIC Honors 2010 Champions of Freedom
[5] Canadian Privacy Commissioner Launches Street View Investigation
[6] News in Brief
[7] EPIC Bookstore: 
[8] Upcoming Conferences and Events

TAKE ACTION: Stop Airport Strip Searches!
- JOIN Facebook Group "Stop Airport Strip Searches" and INVITE Friends

[1] EPIC, Congress Urge Investigation of Google Street View

Last week, Congressmen Henry Waxman (D-CA), Joe Barton (R-TX), and
Edward Markey (D-MA) wrote a detailed letter to Google CEO Eric Schmidt
requesting specific details on the type and scope of information
collected by Google's Street View vehicles. This letter follows a May
18, 2010 letter from EPIC to Federal Communications Commission (FCC)
Chairman Julius Genachoski, recommending the Commission open an
investigation into the significant communications privacy issues
arising from the data collected by Google's Street View vehicles and a
May 19, 2010 letter from Congressmen Joe Barton (R-TX) and Edward
Markey (D-MA) to the Federal Trade Commission (FTC) Chairman Liebowitz
inquiring into the legality of Google's actions and asking the
Commission to investigate.

Over the past two months it has been made public that Google's Street
View vehicles have been collecting more than just a 360 degree
photographic street view for Google Maps when they drove through cities
worldwide. Google was also collecting data on wi-fi signal strength,
level of encryption, unique identifiers associated to open (i.e.
non-password-protected) wi-fi signals known as SSIDs and MAC addresses,
and the actual data being sent over the wi-fi connections (payload
data). All of this data was collected intentionally to support Google's
location services, with the exception of the payload data, which Google
claims was captured in error.

Google admits it has been collecting this communication data for years,
but never disclosed this activity prior to the audit request. In its
letter, EPIC highlighted Google's invasion of privacy and possible
violation of the Wiretap Act, which states, in part: "No person not
being authorized by the sender shall intercept any radio communications
and divulge or publish the existence, contents, substance, purport,
effect, or meaning of such intercepted communications to any person."

On request by each respective data protection authority, Google has
deleted payload data collected for Ireland, Austria, and Denmark and
has kept data by request for Belgium, France, Italy, Spain, Germany,
Switzerland, and the Czech Republic. However, Google has stated that it
believes that all other collected data is legal because the data is
publicly broadcasted information. In response to the public outcry,
Google has stated that its Street View vehicles will no longer collect
any wi-fi data.

House Members' Letter to Google

EPIC Letter to FCC

House Members' Letter to FTC

German Federal Commissioner for Data Protection and Freedom of 
Information Statement

Google Blog: WifFi data collection: An update

[2] TSA Responds to EPIC, Claims Body Scanners Okay

The Transportation Security Administration (TSA) has responded to
EPIC's petition to suspend the Full Body Scanner (FBS) program. The
program scans air travelers at security and produces graphic, detailed
images of passengers' bodies. The FBS machines are capable of storing
and transmitting those images. The collection of this information makes
it possible for the TSA to aggregate body scan images with names,
addresses, and other personal information, creating highly detailed
profiles that may invade individuals' privacy.

EPIC and several other privacy, civil rights, and consumer rights
organizations submitted the petition to TSA in April 2010, arguing that
the FBS program infringes travelers' constitutional rights under the
Administrative Procedures Act, the Fourth Amendment, the Privacy Act,
and the Religious Freedom Restoration Act. The petition also argued
that the FBS program may have unforeseen effects on travelers' health,
and that the scans do not effectively detect concealed explosives.

TSA's response came on the same day that Ralph Nader and ten privacy
organizations submitted two letters to House and Senate leaders
expressing grave concerns about FBS devices. In letters addressed to
Congressman Bennie Thompson (D-MS) and Senator Joe Lieberman (I-CT),
the organizations urged the represenatives to demand that the
Department of Homeland Security cease deployment of FBS devices in US
airports pending an independent review of the devices' health effects,
effectiveness and privacy safeguards. The organizations cited
scientists' concerns regarding the health implications of radiation
exposure, as well as passengers' objections based on religious, health
and privacy concerns.

The TSA response contains cut and paste answers from previous TSA
statements and unsubstantiated assurances that there are no privacy
harms or health risks. The  TSA also provided incomplete legal
analysis in support of its views that the program  is lawful. 

EPIC and its coalition partners will continue to press to have the body
scanner program shut down.

TSA: Response
EPIC's Petition for Suspensions of the TSA Full Body Scanner Program

Letters Urging House and Senate Leaders to Suspend Deploying FBS 

2009 Petition to Undertake a Formal Request for Public Comments on FBS 

EPIC Whole Body Imaging Page

[3] Facebook makes privacy changes, Questions remain

In response to growing user unrest and a complaint filed at the Federal
Trade Commission by EPIC and a coalition of privacy and consumer
organizations, Facebook announced that it  would roll back several
changes to Facebook privacy settings that had made personal information
more widely available than users intended.

Facebook has reduced the  enormous number of privacy settings that
users were previously required to click through. Facebook has also
agreed not forceably publish the basic profile information of users.
And Facebook will give users some control over disclosure of their data
to Facebook's business partners. 

But questions still remain about the default settings, access to user
data by third parties, and whether Facebook will continue to push users
settings to the "everyone" position at some point in the future.

EPIC President Marc Rotenberg told NPR that the new privacy settings 
addressed several of the concerns raised in the complaint EPIC and
others filed with the FTC. Nonetheless, he said, "It is time now for 
Congress to move forward and update privacy laws for the digital age."
EPIC and others have also urged the FTC to complete its investigation
of Facebook and to publish its findings.

EPIC objected to the last several changes to Facebook's privacy
policies. EPIC filed a complaint in December of 2009 when Facebook
reclassified certain user data as "publically available information," a
supplemental complaint in January, and then a new complaint on May 5
when Facebook forced users' profile information to become publicly
available links instead of private data. Additionally, EPIC has filed a
Freedom of Information Act request with the FTC seeking communications
with Facebook discussing the site's recent privacy changes.

Facebook Blog announcing privacy control changes

EPIC, "Facebook Privacy"                

The American Prospect, "The Case for Staying with Facebook"

NPR, "Facebook's Privacy Shift: How To Protect Yourself"

NPR, "On Point" (with EPIC President Marc Rotenberg)

EPIC: In re Facebook

EPIC: In re Facebook II

[4] EPIC Honors 2010 Champions of Freedom

On June 2, EPIC held its annual Champion of Freedom Awards Dinner. This
year's honorees included Pamela Jones Harbour, the Rose Foundation, and
Representative Joe Barton. The Award is given to outstanding
individuals and organizations who have helped to safeguard freedom.
Kashmir Hill, co-editor of the legal blog Above the Law and founder of
The Not-So Private Parts blog, emceed the event. Reece Hirsh, a San
Francisco attorney and author of The Insider, spoke as a special guest.

Honoree Pamela Jones Harbour served as Commissioner of the Federal
Trade Commission from 2003 until April 2010.  A champion of consumer
privacy, Ms. Harbour advocated for victims of identity theft and
security breaches. She vigorously opposed consolidation of the online
advertising industry, urged the adoption of privacy and data security
safeguards for Internet users, and pushed for a global privacy
framework regarding cross-border data transfers. In accepting the
award, Ms. Harbour repeatedly emphasized her view that consumer privacy
protections are both necessary and appropriate. After stating her
belief that good privacy and good data security is good business, Ms.
Harbour closed by saying that privacy is a key value, an intrinsic
right, and a reasonable expectation of every individual.

The Rose Foundation Consumer Rights Fund is the largest privacy donor
in the United States. The Fund was created in 2002 after a series of
legal settlements involving consumer privacy issues were directed to
the Rose Foundation. Since its creation, the Fund has awarded more than
$4.5 million dollars to support privacy-related research, education,
advocacy, and policy development. Tim Little, who accepted the award,
shared the honor with the Fund's grantees and applauded them for their
continuing passion and commitment to protecting constitutional rights
to privacy.

Honoree Joe Barton is Ranking Member of the House Committee on Energy
and Commerce. He has worked to promote America's financial and medical
privacy as well as to protect safety and privacy on the Internet.
Currently a co-chairman of the Congressional Privacy Caucasus,
Representative Barton has played a leading role in efforts to establish
privacy safeguards for electronic health records. Ron Wright, accepting
the award on his behalf, emphasized Representative Barton's commitment
to preserving individuals' right to be let alone, especially when it
comes to medical privacy and personal information.

The Champion of Freedom Award was established in 2004. Past honorees
include Senator Patrick J. Leahy, Professor Pamela Samuelson,
Congressman Edward Markey, attorney Paul M. Smith, director D.J.
Caruso, philanthropist Addison Fischer, Professor Stefano Rodotà,
privacy advocate Beth Givens, and jurist Michael Kirby.

EPIC: Champions of Freedom Awards Dinner

The Rose Foundation

Rep. Joe Barton

Reece Hirsch: The Insider (on

Kashmir Hill's Above the Law Blog

Hill's Not-So-Private Parts Blog

[5] Canadian Privacy Commissioner Launches Street View Investigation

On June 1, 2010, Jennifer Stoddart, the Canadian Privacy Commissioner
launched an investigation into Google Street View. The investigation
seeks to determine whether Google violated Canada's private sector
privacy law when its Street View vehicles collected consumer data from
wireless networks. The Privacy Commissioner noted that her office is
"very concerned about the privacy implications stemming from Google's
confirmation that it had been capturing [wireless] data in
neighborhoods across Canada and around the world over the past several

In order to equip a given area in Google Maps with Street View, Google
sends vehicles through the streets to take photographs of the area
while driving through.

In addition to photographs, Google's vehicles also collected data about
the location's wireless networks. In an April 27, 2010 blog post,
Google claimed that it collected basic information about wireless
networks but not "payload data," the actual content users send over the
network. However in a second blog post, dated May 14, Google admitted
that it had collected payload data from wireless networks accessible to
the general public. Payload data may include individual users'
sensitive personal information. Google has since grounded its Street
View vehicles. The Commissioner has asked Google to retain any user
data it collected in Canada.

Google is also facing pressure in the United States. Congressmen Joe
Barton (R-TX) and Edward Markey (D-MA) have written a letter to the
Chairman of the Federal Trade Commission asking the Commission to
investigate whether Google's actions violated federal privacy or
consumer protection laws. In addition, Congressmen Barton, Markey,
Henry Waxman (D-CA) have also sent a letter to Google CEO Eric Schmidt
seeking further answers about Google's data collection efforts.

EPIC has written a letter to the Chairman of the Federal Communications
Commission, Julius Genachowski, recommending that the Commission open
its own investigation of Street View. In its letter, EPIC asserted that
Google's routine secret interception and storage of user communication
data appears to violate both federal wiretap laws and the
Communications Act.  EPIC noted that "The Commission plays a critical
role in safeguarding the integrity of communications networks and the
privacy of American consumers."  

News Release from Canadian Privacy Office

Congressmen Barton and Markey's Letter to Chairman Leibowitz

Congressmen Barton, Markey, and Waxman's Letter to Eric Schmidt

EPIC's Letter to Chairman Genachowski

EPIC: Cloud Computing 

[6] News In Brief

New Study Shows Young Americans Value Privacy

A new study from the Pew Internet and American Life Project has found
that "[r]eputation management has now become a defining feature of
online life for many internet users, especially the young." The Pew
study, Reputation Management and Social Media, found that young adults
are far more likely than their older counterparts to take steps to
maintain control over their digital identities, including changing
their privacy settings, restricting access to their data, and removing
their names from tagged photographs. The report also found that these
privacy-protecting activities have become considerably more common
across all age groups than they were when a similar study was conducted
in 2006.

The Pew study Reputation Management and Social Media

EPIC: Public Opinion on Privacy

UC Davis, Yale Drop Gmail

On April 30, 2010, the University of California at Davis announced its
decision to discontinue consideration of a proposal to transfer 30,000
university email accounts to Google's Gmail. In an official statement
posted on the university website, administrators cited both potential
incompatibility with the University of California Electronic
Communications Policy and privacy-related concerns voiced by members of
the university community. The announcement followed close on the heels
of Yale University's similar decision to postpone their planned switch
to Gmail, pending more input from faculty and students. According to
the Yale Daily News, a computer science professor at the university
estimated the switch to Gmail could be made no earlier than spring 2011.

EPIC Gmail Privacy Page

Joint Statement from University of California, Davis

Yale Daily News Article

Google Apps for Education

FTC Delays Identity Theft Rule Yet Again

The Federal Trade Commission is delaying, for the fourth time, its
enforcement of the "Red Flags Rule." This rule requires creditors and
financial institutions to implement programs to identify, detect and
respond to the warning signs, or "red flags," that could indicate
identity theft. The FTC has decided to delay enforcement through the
end of the year in order to give Congress time to enact legislation
that could clarify what kind of entities would be considered
"creditors" under the rule.

FTC Extends Enforcement Deadline for Identity Theft Red Flags Rule

Fair Credit Reporting Act, containing the "Red Flags Rule"

EPIC: Identity Theft

[7] EPIC Bookstore: "Idiot's Guide to Recovering from Identity Theft"
"The Complete Idiot's Guide to Recovering from Identity Theft"
by Mari J. Frank

As anyone who has been the victim of identity theft knows, recovering
from it can be a daunting prospect. Mary J. Frank's Idiot's Guide book
is an excellent resource, with clear, step-by-step instructions and

Frank first helps readers pick out the common symptoms of identity
theft. She clearly explains what indicators readers should look for and
what identity theft is. Then she carefully explains how readers can
tackle the problem and restore their finances, criminal history, and
reputation. Frank educates readers on dealing with credit companies,
financial institutions, government bureaucracies, and civil court
matters. Along the way, she describes laws such as the Fair Credit
Reporting Act in easily understandable, efficient terms.

Frank also addresses the special issues that arise when a child or
deceased person's identity is stolen. She gives parents and surviving
relatives clear instructions on how to correct the special problems
associated with these situations, and she does it with understanding of
the emotional issues involved.

Frank's book is an excellent resource for readers who suspect, or have
confirmed, that they are victims of identity theft. It is welcome peace
of mind, a book long enough to be complete, but short enough to be
manageable, with clear explanations of complex laws and bureaucracies.

--Ginger McCall
EPIC Publications:

"Litigation Under the Federal Open Government Laws 2008," edited by
Harry A. Hammitt, Marc Rotenberg, John A. Verdi, and Mark S. Zaid
(EPIC 2008). Price: $60.
Litigation Under the Federal Open Government Laws is the most
comprehensive, authoritative discussion of the federal open access
laws. This updated version includes new material regarding the
substantial FOIA amendments enacted on December 31, 2007. Many of the
recent amendments are effective as of December 31, 2008. The standard
reference work includes in-depth analysis of litigation under Freedom
of Information Act, Privacy Act, Federal Advisory Committee Act,
Government in the Sunshine Act. The fully updated 2008 volume is the
24th edition of the manual that lawyers, journalists and researchers
have relied on for more than 25 years.


"Information Privacy Law: Cases and Materials, Second Edition" Daniel
J. Solove, Marc Rotenberg, and Paul Schwartz. (Aspen 2005). Price: $98.

This clear, comprehensive introduction to the field of information
privacy law allows instructors to enliven their teaching of fundamental
concepts by addressing both enduring and emerging controversies. The
Second Edition addresses numerous rapidly developing areas of privacy
law, including: identity theft, government data mining and electronic
surveillance law, the Foreign Intelligence Surveillance Act,
intelligence sharing, RFID tags, GPS, spyware, web bugs, and more.
Information Privacy Law, Second Edition, builds a cohesive foundation
for an exciting course in this rapidly evolving area of law.


"Privacy & Human Rights 2006: An International Survey of Privacy Laws
and Developments" (EPIC 2007). Price: $75.

This annual report by EPIC and Privacy International provides an
overview of key privacy topics and reviews the state of privacy in over
75 countries around the world. The report outlines legal protections,
new challenges, and important issues and events relating to privacy.
Privacy & Human Rights 2006 is the most comprehensive report on privacy
and data protection ever published.


"The Public Voice WSIS Sourcebook: Perspectives on the World Summit on
the Information Society" (EPIC 2004). Price: $40.

This resource promotes a dialogue on the issues, the outcomes, and the
process of the World Summit on the Information Society (WSIS). This
reference guide provides the official UN documents, regional and
issue-oriented perspectives, and recommendations and proposals for
future action, as well as a useful list of resources and contacts for
individuals and organizations that wish to become more involved in the
WSIS process.


"The Privacy Law Sourcebook 2004: United States Law, International Law,
and Recent Developments," Marc Rotenberg, editor (EPIC 2005). Price:

The Privacy Law Sourcebook, which has been called the "Physician's Desk
Reference" of the privacy world, is the leading resource for students,
attorneys, researchers, and journalists interested in pursuing privacy
law in the United States and around the world. It includes the full
texts of major privacy laws and directives such as the Fair Credit
Reporting Act, the Privacy Act, and the OECD Privacy Guidelines, as
well as an up-to-date section on recent developments. New materials
include the APEC Privacy Framework, the Video Voyeurism Prevention Act,
and the CAN-SPAM Act.


"Filters and Freedom 2.0: Free Speech Perspectives on Internet Content
Controls" (EPIC 2001). Price: $20.

A collection of essays, studies, and critiques of Internet content
filtering. These papers are instrumental in explaining why filtering
threatens free expression.


EPIC publications and other books on privacy, open government, free
expression, crypto and governance can be ordered at:

EPIC Bookstore


EPIC also publishes EPIC FOIA Notes, which provides brief summaries of
interesting documents obtained from government agencies under the
Freedom of Information Act.

Subscribe to EPIC FOIA Notes at:

[8] Upcoming Conferences and Events

"The Cyber War Threat has Been Grossly Exaggerated"
Washington, DC, June 8, 2010
For more information:

"Computers, Freedom, and Privacy"
San Jose, June 15-18, 2010.
For more information:

Privacy and Identity Management for Life 
(PrimeLife/IFIP Summer School 2010)
Helsingborg, Sweden, August 2-6, 2010.
For more information:

Privacy and Security in the Future Internet
3rd Network and Information Security (NIS'10) Summer School
Crete, Greece, September 13-17 2010.
For more information:

Internet Governance Forum 2010
Vilnius, Lithuania, 14-16 September 2010.
For more information:

"32nd Int'l Conference of Data Protection and Privacy Commissioners"
Jerusalem, October 2010.
For more information:

Join EPIC on Facebook

Join the Electronic Privacy Information Center on Facebook


Start a discussion on privacy. Let us know your thoughts.
Stay up to date with EPIC's events.
Support EPIC.

Privacy Policy

The EPIC Alert mailing list is used only to mail the EPIC Alert and to
send notices about EPIC activities. We do not sell, rent or share our
mailing list. We also intend to challenge any subpoena or other legal
process seeking access to our mailing list. We do not enhance (link to
other databases) our mailing list or require your actual name.

In the event you wish to subscribe or unsubscribe your e-mail address
from this list, please follow the above instructions under "subscription

About EPIC

The Electronic Privacy Information Center is a public interest research
center in Washington, DC. It was established in 1994 to focus public
attention on emerging privacy issues such as the Clipper Chip, the
Digital Telephony proposal, national ID cards, medical record privacy,
and the collection and sale of personal information. EPIC publishes the
EPIC Alert, pursues Freedom of Information Act litigation, and conducts
policy research. For more information, see or write
EPIC, 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009. +1 202
483 1140 (tel), +1 202 483 1248 (fax).

Donate to EPIC

If you'd like to support the work of the Electronic Privacy Information
Center, contributions are welcome and fully tax-deductible. Checks
should be made out to "EPIC" and sent to 1718 Connecticut Ave., NW,
Suite 200, Washington, DC 20009. Or you can contribute online at:

Your contributions will help support Freedom of Information Act and
First Amendment litigation, strong and effective advocacy for the right
of privacy and efforts to oppose government regulation of encryption and
expanding wiretapping powers.

Thank you for your support.

Subscription Information

Subscribe/unsubscribe via web interface:

Back issues are available at:

The EPIC Alert displays best in a fixed-width font, such as Courier.

------------------------- END EPIC Alert 17.11 ------------------------


Share this page:

Defend Privacy. Support EPIC.
US Needs a Data Protection Agency
2020 Election Security