You are viewing an archived webpage. The information on this page may be out of date. Learn about EPIC's recent work at

EPIC Alert 17.14

                            E P I C   A l e r t
Volume 17.14                                              July 22, 2010

                           Published by the
               Electronic Privacy Information Center (EPIC)
                           Washington, D.C.


		      "Defend Privacy. Support EPIC."

Table of Contents
[1] EPIC Urges Court to Suspend DHS's Full Body Scanner Program
[2] EPIC Testifies Before Congress on Smartgrid Privacy
[3] EPIC Urges FTC to Strengthen Children's Privacy Rule
[4] EPIC Testifies in Congress on Cybersecurity
[5] EPIC Requests Records Regarding NSA's "Perfect Citizen" Program
[6] Privacy Polls Pose Problems for DHS and Facebook
[7] News in Brief
[8] Upcoming Conferences and Events

TAKE ACTION: Stop Airport Strip Searches!
- JOIN Facebook Group "Stop Airport Strip Searches" and INVITE Friends

[1] EPIC Urges Court to Suspend DHS's Full Body Scanner Program

EPIC has filed an emergency stay and a petition for review urging the
District of Columbia Court of Appeals to suspend the Transportation
Security Administration's (TSA) Full Body Scanner program. EPIC has
criticized the body scanner program for its violations of passengers'
rights under the Fourth Amendment, the Religious Freedom Restoration
Act, and the Privacy Act. In addition, EPIC's filings demonstrate how
TSA has failed to comply with its obligations under the Administrative
Procedures Act.

The TSA has consistently failed to respond to EPIC's concerns regarding
the body scanner program. The TSA did not respond to an EPIC petition
for public rulemaking in May 2009; in April 2010, EPIC again petitioned
the TSA to suspend the program, but the TSA again failed to grant or
deny EPIC's request. In addition, the TSA has misrepresented the
capabilities of the body scanners in the past. The TSA initially
claimed that the scanners were unable to save images of scanned
passengers, which was later proven false by TSA photographs released
under a FOIA request filed by EPIC.

In response to EPIC's motion, the TSA filed an opposition. In its reply
to TSA's opposition, EPIC highlighted the growing concerns amongst
individuals and public interest groups in the United States regarding
the body scanner program, as reported by USA Today and other papers. By
escalating the body scanner program to a primary method of search, the
TSA is subjecting passengers to overly invasive, dangerous methods of
screening without cause. Such scans are also being inconsistently
applied by the TSA, which has failed to consistently provide
alternative screening methods.

EPIC's efforts to suspend the deployment of the full body scanner
program occur as USA Today reported in a front-page story growing
opposition  among travelers to the program. The article highlighted
traveler opposition to full body scanners on both health and privacy

EPIC: Petition for Review
EPIC: Motion for Emergency Stay of the Full Body Scanner Program

DHS: Opposition to EPIC's Motion for Emergency Stay
EPIC: Reply in EPIC v. DHS

EPIC and Coalition: Letter Urging House Committee on Homeland Security 
to Investigate DHS Privacy Office
EPIC: Petition to DHS to Suspend FBS Program

USA Today: Backlash Grows Against Full Body Scanners in Airports:

[2] EPIC Testifies Before Congress on Smartgrid Privacy

On July 1, 2010, Associate Director of EPIC Lillie Coney testified
before the House Committee on Science and Technology's Subcommittee on
Technology and Innovation. In her prepared remarks for the hearing,
“Smart Grid Architecture and Standards: Assessing Coordination and
Progress,” Ms. Coney made clear that the “basic architecture of the
Smart Grid presents several thorny privacy issues.” Not only do smart
meters and appliances transmitting user data wirelessly introduce
threats to consumer privacy, the absence of strong security and privacy
standards creates risk of identity theft, unauthorized access to
personal data, and individual surveillance.

The term “Smart Grid” encompasses a host of inter-related technologies
rapidly moving into public use to reduce or better manage electricity
consumption. These smart grid systems are multi-directional
communications and energy transfer networks that enable electricity
service providers, consumers, or third party energy management
assistance programs to access consumption data. As such there are
numerous privacy implications including identity theft, real-time
surveillance, targeted home invasions, activity censorship, and

On December 19, 2007, the Energy Independence and Security Act of 2007
was enacted as Public Law 110-140 and directed that Smart Grid
technology be studied for its potential "to maintain a reliable and
secure electricity infrastructure that can meet future demand growth."
The National Institute of Standards and Technology is currently in
charge of coordinating industry and governmental efforts to develop a
common framework and interoperability standards.

The Subcommittee Chairman David Wu (D-OR) recognized the importance of
coordinating and setting interoperability standards that will ensure
the security of a smart grid system. In a press release for the
hearing, Representative Wu said that because of “the scale and
complexity” of the nation's electric grid, it is “imperative that those
involved in developing and using the smart grid share a common
technical view-or framework-of the system.”

EPIC previously submitted comments to the National Institute of
Standards and Technology and to the Public Utility Commission of
California on urging them to implement robust privacy protections in
the Smart Grid. 

EPIC: The Smart Grid and Privacy

Subcommittee Discusses Progress in Smart Grid Standards

EPIC: Comments to Subcommittee

EPIC: Comments to National Institute of Standards and Technology

Comments to the Public Utility of the State of California

Energy Independence and Security Act of 2007 / Public Law 110-140

[3] EPIC Urges FTC to Strengthen Children's Privacy Rule

On July 9, EPIC filed comments urging the Federal Trade Commission to
improve the Children's Online Privacy Protection Act (COPPA) Rule. The
COPPA Rule is the principal federal protection for children's privacy,
and limits how companies may collect and disclose children's personal
information. Currently, the COPPA Rule applies to operators of websites
directed at or collecting information from children under 13 years old.
It requires operators to post privacy policies, inform parents about
data gathering practices, provide access to such data, and allow
parents to opt-out of data collection entirely.

In the comments, EPIC lauds the COPPA Rule for benefitting children,
parents, and operators alike. However, changing technology has
undermined aspects of it. "The need for the COPPA Rule has become
increasingly urgent in light of new business practices and recent
technological developments, such as social networking sites and mobile
devices," EPIC wrote. "Existing provisions need to be strengthened and
new provisions need to be added."

EPIC makes several concrete recommendations. In particular, the burden
of interpreting the operators' policies should be shifted from
consumers to operators. The FTC should pursue COPPA violators with more
vigor. And existing definitions should be updated to include new
technologies like social networking sites and the accessibility of
geolocation data. Furthermore, rather than preempting state laws, the
"Rule should be structured to encourage state initiatives that protect
children's privacy."

In April, EPIC testified before Congress concerning children's privacy.
Stressing that "the single biggest change impacting the privacy of
children since the adoption of COPPA has been the emergence of social
network services," Executive Director Marc Rotenberg called for
Congress to update legislation and for the FTC to strengthen its
enforcement of COPPA.

Childrens' Online Privacy Protection Act Rule

EPIC: Comments on COPPA

EPIC: April 2010 Congressional Testimony:



[4] EPIC Testifies in Congress on Cybersecurity

On Thursday, EPIC Executive Director Marc Rotenberg testified before
the House Committee on Science and Technology on Planning for the
Future of Cyber Attack Attribution. The hearing was one in a series
that the Subcommittee on Technology & Innovation has held on ways to
protect the US's cyber infrastructure.

Prior to the hearing, the subcommittee expressed concern that the
country's growing reliance on networks has made it more vulnerable to
cyber attacks. The purpose of Thursday's hearing was to hear from
experts about whether attribution technologies can play a role in
deterring potential cyber aggressors. The subcommittee was also
interested in how widespread deployment of attribution technologies
might harm the anonymity and privacy of internet users.

The witnesses at the hearing took a generally cautious stance on
further deployment of attribution technologies. Robert Knake, an
International Affairs Fellow at the Council on Foreign Relations,
testified that the attribution problem has been overstated. In most
cases, the source of an attack can be determined relatively and what is
lacking are response options. Other witnesses noted that the ability to
pinpoint a specific cyber assailant is not a realistic possibility in
the foreseeable future and, even if it were, the privacy concerns
raised by the solution would be untenable to many Americans.

In his prepared statement, Mr. Rotenberg discussed how attribution
requirements implicate human rights and online freedom, and questioned
the constitutionality of such measures. He explained that while
attribution requirements might be used to address cyber security
concerns, they could also be used to track the activities of citizens
and crack down on controversial political views, violating the First
Amendment's right to speak anonymously. Mr. Rotenberg also pointed out
that attribution will most likely fail to identify sophisticated cyber
attackers who obscure their trail by routing their online activities
through multiple countries.

EPIC recommended that cybersecurity efforts continue to focus on
improving security standards, deploying encryption, and requiring
federal agencies to remain transparent as they develop cyber security

EPIC Testimony to House Committee on Science and Technology

Hearing on Planning for the Future of Cyber Attack Attribution

House Committee on Science and Technology
EPIC: Cybersecurity Privacy Practical Implications

[5] EPIC Requests Records Regarding NSA's "Perfect Citizen" Program

On July 15, 2010, EPIC filed a Freedom of Information Act request with
the National Security Agency seeking records regarding its recently
discovered "Perfect Citizen" surveillance program. "Perfect Citizen"
was first revealed to the public in a July 8th Wall Street Journal
articled entitled "U.S. Plans Cyber Shield for Utilities, Companies."
According to the article's anonymous sources, the National Security
Agency recently completed a contract with Raytheon Corporation for the
initial phase of the program to develop "a set of sensors deployed in
computer networks for critical infrastructure that would be triggered
by unusual activity suggesting an impending cyber attack." Although one
anonymous U.S. military official said the program's intrusion into
privacy is "no greater than what the public already endures from
traffic cameras," the article also quotes an internal email from
Raytheon stating "Perfect Citizen is Big Brother."

In response to the Wall Street Journal article, the National Security
Agency released a short public statement, telling the press that the
program is "purely a vulnerabilities-assessment and
capabilities-development contract." The statement, from agency
spokeswoman Judith Emmel, continued: "There is no monitoring activity
involved, and no sensors are employed in this endeavor."

In light of the conflict between this statement and the Wall Street
Journal's third-party reporting, EPIC filed this Freedom of Information
Act request to shed light on the true nature of the "Perfect Citizen"
program. EPIC's request seeks copies of all contracts with the Raytheon
Corporation, all analyses, and all legal memoranda regarding "Perfect

The controversy over "Perfect Citizen" comes as Congress considers
legislation to establish a new model for cybersecurity in the United
States. This legislation, if passed, would assign responsibility for
cybersecurity with respect to civilian networks and "critical
infrastructure" to the Department of Homeland Security rather than the
Department of Defense, of which the National Security Agency is a part.
The Department of Defense would retain cybersecurity authority over
military networks.

"Perfect Citizen" is being funded as part of the Comprehensive National
Cybersecurity Initiative, a program the legal authority for which
remains secret. EPIC is engaged in ongoing litigation with the National
Security Agency over a previous Freedom of Information Act request to
disclose the full text of the Comprehensive National Cybersecurity
Initiative. EPIC is also seeking further information regarding
classified statements about cybersecurity and privacy made by General
Keith Alexander, director of the National Security Agency and commander
of the U.S. Cyber Command.

WSJ: U.S. Plans Cyber Shield for Utilities, Companies

NSA Denies It Will Spy on Utilities


EPIC: Cybersecurity

[6] Privacy Polls Pose Problems for DHS and Facebook

Two new studies show DHS and Facebook performing miserably in the minds
of consumers and the public as a whole. According to a new study by the
Ponemon Institute, public trust in the United States government's
commitment to protect privacy has fallen to a new all-time low with the
average privacy trust score across the United States government at 38
percent, a 12 point drop from 50 percent in 2009.

The least-trusted agencies were the National Security Agency, the
Department of Homeland Security, and the Department of Justice, while
the top-rated government entities included the Postal Service, the
Federal Trade Commissions, and the Internal Revenue Service.

A study by Foresee Results and the University of Michigan also show
Facebook struggling with consumer confidence issues in the privacy
area, scoring a measly 64. The score puts Facebook "in the bottom 5
percent of all measured private sector companies and in the same range
as airlines and cable companies."

The polling company attributed Facebook's low scores to "privacy
concerns, frequent changes to the website, and commercialization and
advertising." Both polls indicate the value of privacy to citizens and
highlight trust as an issue that both government and private companies
must address.

The Ponemon Institute Study

The study by Foresee Results and the University of Michigan on Facebook

EPIC: Public Opinion on Privacy

EPIC: Facebook Privacy

[7] News in Brief

Federal Trade Commission Invites Public Comment on Twitter Settlement

The Federal Trade Commission is calling for public comments on the
recent Twitter Settlement. The Commission's complaint against Twitter
charged that "serious lapses in the company's data security allowed
hackers to obtain administrative control of Twitter." The Federal Trade
Commission found that the lax practices allowed access to nonpublic
tweets even though the company assured users in its privacy policy that
it was "very concerned about safeguarding the confidentiality of your
personally identifiable information." Under the terms of the
settlement, "Twitter will be barred for 20 years from misleading
consumers about the extent to which it maintains and protects the
security, privacy, and confidentiality of nonpublic consumer
information." Comments are due on July 26, 2009, and may be submitted
electronically or in paper form.
Federal Trade Commission Press Release

Federal Trade Commission Call for Comments

Twitter Settlement

Federal Trade Commission Complaint

EPIC: Social Networking Privacy

EPIC Seeks DHS Records on Body Scanner Health Impacts:
EPIC filed a Freedom of Information Act request with the
Department of Homeland Security for studies conducted by the agency and
third parties concerning radiation and health testing of body scanners.
The EPIC request follows a recent report by Dr. David Brenner to the
Congressional Biomedical Caucus that radiation exposure may be up
to twenty times greater than the DHS acknowledged. In April 2010,
several scientists urged Presidential Science Adviser Dr. John P.
Holdren to conduct further evaluation of the health risks of body
scanners. EPIC is pursuing FOIA litigation against the DHS regarding
full body scanners, and has also filed a lawsuit to halt the use of the
EPIC Freedom of Information Act Request

EPIC: Whole Body Imaging Technology (Body Scanners) 

Brenner Report
Holdren Letter of Concern

Federal Court to Hear Oral Argument in Wiretap Abuse Case

On July 8, a federal court in New York heard oral arguments in SEC v.
Galleon, a case involving the disclosure of federal wiretap recordings.
EPIC filed a "friend of the court" brief, urging the court to protect
the privacy of innocent individuals who were inadvertently recorded on
the wiretaps. A trial court judge ordered disclosure of all wiretaps
conducted in a criminal investigation, even though no court has ruled
on the recordings' legality or relevance. EPIC noted that "hundreds of
thousands of individuals are recorded on wiretaps every year," and "80%
of those personal communications are wholly unrelated to criminal

EPIC: SEC v. Galleon

EPIC: Amicus Brief in SEC v. Galleon

EPIC: Wiretapping

United States Court of Appeals for the Second Circuit


EPIC Publications:

"Litigation Under the Federal Open Government Laws 2008," edited by
Harry A. Hammitt, Marc Rotenberg, John A. Verdi, and Mark S. Zaid
(EPIC 2008). Price: $60.
Litigation Under the Federal Open Government Laws is the most
comprehensive, authoritative discussion of the federal open access
laws. This updated version includes new material regarding the
substantial FOIA amendments enacted on December 31, 2007. Many of the
recent amendments are effective as of December 31, 2008. The standard
reference work includes in-depth analysis of litigation under Freedom
of Information Act, Privacy Act, Federal Advisory Committee Act,
Government in the Sunshine Act. The fully updated 2008 volume is the
24th edition of the manual that lawyers, journalists and researchers
have relied on for more than 25 years.


"Information Privacy Law: Cases and Materials, Second Edition" Daniel
J. Solove, Marc Rotenberg, and Paul Schwartz. (Aspen 2005). Price: $98.

This clear, comprehensive introduction to the field of information
privacy law allows instructors to enliven their teaching of fundamental
concepts by addressing both enduring and emerging controversies. The
Second Edition addresses numerous rapidly developing areas of privacy
law, including: identity theft, government data mining and electronic
surveillance law, the Foreign Intelligence Surveillance Act,
intelligence sharing, RFID tags, GPS, spyware, web bugs, and more.
Information Privacy Law, Second Edition, builds a cohesive foundation
for an exciting course in this rapidly evolving area of law.


"Privacy & Human Rights 2006: An International Survey of Privacy Laws
and Developments" (EPIC 2007). Price: $75.

This annual report by EPIC and Privacy International provides an
overview of key privacy topics and reviews the state of privacy in over
75 countries around the world. The report outlines legal protections,
new challenges, and important issues and events relating to privacy.
Privacy & Human Rights 2006 is the most comprehensive report on privacy
and data protection ever published.


"The Public Voice WSIS Sourcebook: Perspectives on the World Summit on
the Information Society" (EPIC 2004). Price: $40.

This resource promotes a dialogue on the issues, the outcomes, and the
process of the World Summit on the Information Society (WSIS). This
reference guide provides the official UN documents, regional and
issue-oriented perspectives, and recommendations and proposals for
future action, as well as a useful list of resources and contacts for
individuals and organizations that wish to become more involved in the
WSIS process.


"The Privacy Law Sourcebook 2004: United States Law, International Law,
and Recent Developments," Marc Rotenberg, editor (EPIC 2005). Price:

The Privacy Law Sourcebook, which has been called the "Physician's Desk
Reference" of the privacy world, is the leading resource for students,
attorneys, researchers, and journalists interested in pursuing privacy
law in the United States and around the world. It includes the full
texts of major privacy laws and directives such as the Fair Credit
Reporting Act, the Privacy Act, and the OECD Privacy Guidelines, as
well as an up-to-date section on recent developments. New materials
include the APEC Privacy Framework, the Video Voyeurism Prevention Act,
and the CAN-SPAM Act.


"Filters and Freedom 2.0: Free Speech Perspectives on Internet Content
Controls" (EPIC 2001). Price: $20.

A collection of essays, studies, and critiques of Internet content
filtering. These papers are instrumental in explaining why filtering
threatens free expression.


EPIC publications and other books on privacy, open government, free
expression, crypto and governance can be ordered at:

EPIC Bookstore


EPIC also publishes EPIC FOIA Notes, which provides brief summaries of
interesting documents obtained from government agencies under the
Freedom of Information Act.

Subscribe to EPIC FOIA Notes at:

[8] Upcoming Conferences and Events

Privacy and Identity Management for Life
(PrimeLife/IFIP Summer School 2010)
Helsingborg, Sweden, August 2-6, 2010.
For more information:

Privacy and Security in the Future Internet
3rd Network and Information Security (NIS'10) Summer School
Crete, Greece, September 13-17 2010.
For more information:

Internet Governance Forum 2010
Vilnius, Lithuania, 14-16 September 2010.
For more information:

"32nd Int'l Conference of Data Protection and Privacy Commissioners"
Jerusalem, October 2010.
For more information:

Join EPIC on Facebook

Join the Electronic Privacy Information Center on Facebook


Start a discussion on privacy. Let us know your thoughts.
Stay up to date with EPIC's events.
Support EPIC.

Privacy Policy

The EPIC Alert mailing list is used only to mail the EPIC Alert and to
send notices about EPIC activities. We do not sell, rent or share our
mailing list. We also intend to challenge any subpoena or other legal
process seeking access to our mailing list. We do not enhance (link to
other databases) our mailing list or require your actual name.

In the event you wish to subscribe or unsubscribe your e-mail address
from this list, please follow the above instructions under "subscription

About EPIC

The Electronic Privacy Information Center is a public interest research
center in Washington, DC. It was established in 1994 to focus public
attention on emerging privacy issues such as the Clipper Chip, the
Digital Telephony proposal, national ID cards, medical record privacy,
and the collection and sale of personal information. EPIC publishes the
EPIC Alert, pursues Freedom of Information Act litigation, and conducts
policy research. For more information, see or write
EPIC, 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009. +1 202
483 1140 (tel), +1 202 483 1248 (fax).

Donate to EPIC

If you'd like to support the work of the Electronic Privacy Information
Center, contributions are welcome and fully tax-deductible. Checks
should be made out to "EPIC" and sent to 1718 Connecticut Ave., NW,
Suite 200, Washington, DC 20009. Or you can contribute online at:

Your contributions will help support Freedom of Information Act and
First Amendment litigation, strong and effective advocacy for the right
of privacy and efforts to oppose government regulation of encryption and
expanding wiretapping powers.

Thank you for your support.

Subscription Information

Subscribe/unsubscribe via web interface:

Back issues are available at:

The EPIC Alert displays best in a fixed-width font, such as Courier.

------------------------- END EPIC Alert 17.14 ------------------------


Share this page:

Defend Privacy. Support EPIC.
US Needs a Data Protection Agency
2020 Election Security