You are viewing an archived webpage. The information on this page may be out of date. Learn about EPIC's recent work at

Epic Alert 17.19

======================================================================= E P I C A l e r t ======================================================================= Volume 17.19 October 1, 2010 ----------------------------------------------------------------------- Published by the Electronic Privacy Information Center (EPIC) Washington, D.C. "Defend Privacy. Support EPIC." ======================================================================= Table of Contents ======================================================================= [1] Virginia Court of Appeals Authorizes Warrantless GPS Tracking [2] Groups Urgs Supreme Court to Curtail Governmen Secrecy [3] EPIC Submits Comments to Council of Europe on Profiling [4] Ninth Circuit Strips Guidelines from Fourth Amendment Opinion [5] Tests in Italy Raise New Questions About Airport Body Scanners [6] News in Brief [7] EPIC Book Review: "Because it is Wrong" [8] Upcoming Conferences and Events TAKE ACTION: Stop Airport Strip Searches! - JOIN Facebook Group "Stop Airport Strip Searches" and INVITE Friends - DISPLAY the IMAGE - SUPPORT EPIC ======================================================================= [1] Virginia Court of Appeals Authorizes Warrantless GPS Tracking ======================================================================= On September 7, 2010, the Virginia Court of Appeals announced its opinion in Foltz v. Virginia, holding that law enforcement may place a Global Positioning System (GPS) tracking device on a vehicle without violating the Fourth Amendment. In the case, criminal defendant Foltz challenged the constitutionality of law enforcement's placement of a GPS device on the bumper of his work van. Police officers attached the GPS to the underside of the bumper while the van was parked in front of Foltz's home. The police did not obtain a warrant, nor did they seek the employer's permission to place the device on his van. The police had begun to monitor Foltz, a registered sex offender on probation, as a suspect in a series of sexual assaults in the surrounding area. He was charged with abduction with intent to defile. The location information gathered by the device was used as evidence in the criminal trial. Foltz argued that the police needed a warrant to attach the device and a warrant to use a GPS system to track him. The court rejected his arguments, reasoning that "[b]ecause the actual act of simply placing the GPS device in the bumper of [Foltz]'s work van conveyed no private information to the police and because [Foltz] did nothing to prevent the public from observing the bumper," he did not have a reasonable expectation of privacy in the van. Attaching the tracking device, therefore, did not require a warrant. The court also found that the GPS device was merely a technological supplement to police officers' own sensory capabilities. The device "could provide general information in any place with cell phone service and could send a signal through glass and plastic," which allowed police to track Foltz in real time. However, since the GPS device did not convey any private information to the police the court concluded that it was not a search subject to Fourth Amendment expectations of privacy issues. The court distinguished its ruling from Commonwealth v. Connolly, a recent Massachusetts case, which held that police must obtain a warrant before using GPS devices to monitor vehicles. The Massachusetts court found that GPS monitoring constituted a seizure. The Virginia court explained that Connolly was unpersuasive because the Virginia Constitution is co-extensive with the federal Fourth Amendment while the Massachusetts Constitution is more expansive. EPIC filed a "friend of the court" brief in Connolly, urging the court to adopt a warrant requirement before police covertly track drivers using concealed surveillance technology. EPIC said the proliferation of police tracking devices "creates a large, and largely unregulated, repository containing detailed travel profiles of American citizens." Foltz v. Virginia Commonwealth v. Connolly EPIC: Amicus Brief in Commonwealth v. Connolly EPIC: Commonwealth v Connolly ======================================================================= [2] Groups Urge Supreme Court to Curtail Government Secrecy ======================================================================= Non-profit advocacy group Public Citizen has filed a "friend of the court" brief in Milner v. Navy, a Freedom of Information Act (FOIA) case scheduled to be heard by the Supreme Court. Seven groups signed the brief, including the American Civil Liberties Union, the Electronic Frontier Foundation, and Citizens for Responsibility and Ethics in Washington. The legal outcome of this case will determine whether federal agencies can block disclosure of records FOIA otherwise mandates them to disclose. Milner revolves around a FOIA request for "arc maps," which measure the potential radius of an explosion's impact. Petitioner Glen Scott Milner requested the mocked up maps to discern effects to surrounding civilian land in the event of an explosion on a specific Navy base in Washington State. The Navy refused the request, and Milner took the case to federal court. The law in dispute is known as "High 2," a broad judicial interpretation of Exemption 2, which removes certain documents from the disclosure requirements of the FOIA. Public Citizen's position is that there is no "High 2" exemption, because the statutory language of Exemption 2 only permits federal agencies to withhold requested records concerning their "personnel rule[s] or internal practice[s].” "High 2" is a judge-made test that expands the range of documents agencies can withhold beyond that statutory language. In Milner's case, the Ninth Circuit expanded the "High 2" test to "shield[] those personnel materials which are predominantly internal and disclosure of which would present a risk of circumvention of agency regulation". It then held that the maps in question were "predominantly internal." EPIC is currently challenging the Department of Homeland Security's use of "High 2" to block a FOIA request. EPIC seeks disclosure of 2,000 stored images the Transportation Security Administration produced with Whole Body Imaging machines at airport checkpoints, in addition to employee manuals that discuss key practices. These images are neither personnel rules nor internal records, but the Ninth Circuit held that they fall under "High 2" exemption. The Supreme Court's decision in the Milner case will therefore significantly influence the fate of EPIC's efforts. Public Citizen's "Friend of the Court" Brief EPIC: EPIC v. DHS (FOIA) Ninth Circuit Opinion in Milner v. Dept. of Navy EPIC: Open Government EPIC: Milner v. Dept. of Navy ======================================================================= [3] EPIC Submits Comments to Council of Europe on Profiling ======================================================================= On September 14, 2010 EPIC submitted comments regarding a proposed appendix to the Council of Europe Convention on the Protection of Individuals with regard to Automatic Processing Personal Data in the Context of Profiling. Better known as the Privacy Convention, the measure was adopted by the Council of Europe in June 2010 by the Consultative Committee of the Convention 108 for the Protection of Individuals with regard to Automatic Processing of Personal Data. The convention's primary purpose is to strengthen data protection. In its comments, EPIC urged the Committee to strengthen the legal protection of individuals with regard to automatic processing of personal information in the context of profiling. EPIC addressed three issues from the draft recommendation that raised concern, including the absence of a definition for "Privacy Enhancing Technology" and the omission of "sex" as part of the definition of "Sensitive Data," and the lack of a research framework to monitor profiling from the private and public sector. EPIC stated that individuals must be able to freely exchange information without risk that improper profiles will be established and concluded that failure to protect the fundamental right of privacy thus adversely impacts the free flow of information. EPIC strongly supports Council of Europe Convention 108, and has launched a campaign urging the United States Government to support the Council of Europe Privacy Convention. On January 28, 2010, twenty-nine members of the EPIC Advisory Board wrote to Secretary of State Hillary Rodham Clinton to urge that the United States begin the process of ratification of Council of Europe Convention 108. As an advocate for the Madrid Privacy Declaration, EPIC acknowledged in its comments, that States must establish a comprehensive legal framework for privacy protection and an independent data protection authority that aids in assessing any adverse effect in individual privacy. The Madrid Declaration reminds the European Union member countries and Organization for Economic Co-operation and Development member countries of their obligations to protect the civil rights of their citizens under national constitutions and laws. Council of Europe: Convention on Privacy Council of Europe: Draft Recommendation EPIC: Comments to Council of Europe EPIC: Letter to Secretary of State Hillary Rodham Clinton Resolution to the U.S. Senate Madrid Declaration Website Universal Declaration of Human Rights ======================================================================= [4] Ninth Circuit Strips Guidelines from Fourth Amendment Opinion ======================================================================= A new opinion from the United States Court of Appeals for the Ninth Circuit raises many questions about procedures to be followed in electronic searches. Last year in Comprehensive Drug Testing v. United States, the Ninth Circuit established specific data minimization requirements for electronic data searches by law enforcement officers. The framework established by the court included principles for digital searches that would allow the government to pursue appropriate investigations while ensuring that access to electronic data does not become unbounded. These principles included a set of guidelines for electronic searches and seizures, attempting to limit the "plain view" doctrine in order to prevent electronic fishing expeditions. This is the approach that is routinely used for electronic surveillance, though never mandated. Last year, in City of Ontario v. Quon, EPIC submitted an extensive "friend of the court" brief, arguing for the extension of the CDT guidelines to searches of all electronic media. However, on rehearing, the Ninth Circuit has omitted these guidelines from its opinion, though it still concluded that the search at issue was impermissible. The new opinion reiterates that law enforcement cannot use seized materials in a computer search that are beyond the scope of the warrant, but the absence of the guiding principles creates ambiguity regarding proper procedures for future investigations. Despite this, the court warns that the “need of law enforcement for broad authorization to examine electronic records create[s] a serious risk that every warrant for electronic information will become, in effect, a general warrant, rendering the Fourth Amendment irrelevant.” The case involved a government warrant authorizing the search of Comprehensive Drug Testing records pertaining to ten players who had tested positive for steroids in tests administered by the company. However, when the search was executed, the government actually seized and reviewed drug-testing records for hundreds of players in Major League Baseball. United States v. Comprehensive Drug Testing, Inc. (2009) United States v. Comprehensive Drug Testing, Inc. (2010) EPIC: City of Ontario v. Quon ======================================================================= [5] Tests in Italy Raise New Questions About Airport Body Scanners ======================================================================= Following field tests at international airports in Rome, Milan, Palermo, and Venice, the Italian Civil Aviation Authority (ENAC) has decided not to use airport body scanners. In their tests of different types of body scanners, the Agency has decided that they take more time than manual inspections. ENAC president, Vito Riggio, also cited the inaccuracy of the scanners and their tendency to break as reasons not to use them in Italian airports. Recently, other countries have also expressed concern over airport body scanners. In the United Kingdom, the Equality and Human Rights Commission said that the scanners might violate privacy rights under the Human Rights Act as well as anti-discrimination laws. Trevor Phillips, chair of the Commission, warned that "national security policies are intended to protect our lives and our freedoms; but it would be the ultimate defeat if that protection destroyed our other liberties." Last year Canada began installing full body scanners at major airports, citing terrorism concerns. However, according to the Canadian Health Ministry, only scanners with millimeter wave technology are being used. These type of scanners, as opposed to those using backscatter technology installed in United States airports, emit only non-ionizing radiation and therefore pose less of a health risk. Earlier this year, the European Commission stated that body scanners have "raised several serious fundamental rights and health concerns," such as the "creation of body images and the use of x-ray radiation" that may not comply with fundamental rights and health standards protected by the laws of the European Union. The report suggested that less intrusive measures be used, such as millimeter wave imaging and teraherz imaging. The European Parliament Committee on Civil Liberties, Justice, and Home Affairs has announced a hearing on the Body Scanner program for October 6, 2010. In July 2010, EPIC filed a lawsuit to suspend the deployment of body scanners at US airports. The United States Court of Appeals for the District of Columbia Circuit has set a briefing schedule for this case. As part of a related Freedom of Information Act (FOIA) lawsuit, EPIC has obtained documents establishing that the DHS possessed about 2,000 body scanner photos from devices that DHS had previously said "could not store or record images." In a separate FOIA lawsuit against the Department of Justice, EPIC obtained evidence of over 35,000 stored images. EPIC has a pending FOIA request for documents related to body scanner radiation risks. Italian Civil Aviation Authority Italian Civil Aviation Authority announcement on airport body scanners UK Equality Human Rights Commission: warning to UK Government Canadian Health Ministry: Body Scanners European Commission European Commission: Body Scanner Report European Parliament Committee: Hearings EPIC v. DHS (FOIA) EPIC v. DOJ (USMS) EPIC: FOIA Request to DHS Regarding Body Scanners and Radiation EPIC v. DHS (Suspension of Body Scanner Program) EPIC: Airport Body Scanners ======================================================================= [6] News In Brief ======================================================================= DHS Privacy Office Releases 2010 Annual Report The Department of Homeland Security has released the Privacy Office 2010 Annual Report. The Agency's Chief Privacy Officer must prepare an annual report to Congress that details activities of the Department that affect privacy, including complaints of privacy violations, and DHS compliance with the Privacy Act of 1974. This year’s report details the establishment of privacy officers within each component of the Agency. The report also provides updates on Fusion Centers, Cybersecurity, and Cloud Computing activities of the agency. DHS: 2010 Annual Report EPIC: Fusion Centers EPIC: Cybersecurity EPIC: Cloud Computing EPIC: DHS Chief Privacy Officer NIST Publishes Smart Grid Privacy Guidelines Guidelines for Smart Grid Cyber Security: Privacy and the Smart Grid is now available from the National Institute of Standards and Technology. The NIST Smart Grid Guidelines address privacy concerns that arise from the "many new data collection, communication, and information sharing capabilities related to energy usage." EPIC coordinated a group of 23 NGOs, legal, and technology experts to produce extensive comments for the agency. EPIC also worked closely with the NIST Cyber Security Working Group's subcommittee on Privacy on the project. NIST: Guidelines for Smart Grid Cyber Security August 2010 NIST: Guidelines for Smart Grid Cyber Security Vol.2 EPIC: House Testimony on Smart Grid EPIC: Comments to NIST Echometrix Settles Case Involving Consumer Privacy The New York Attorney General announced a settlement in a case against Echometrix, a software company that sold “Parental control software” that collected data on kids using the Internet for marketing purposes. EPIC filed a complaint with the FTC in 2009 alleging that Echometrix had engaged in unfair and deceptive trade practices and violated the Children's Online Privacy Protection Act. EPIC's complaint highlighted several aspects of Echometrix products that threatened consumer privacy. Documents obtained by EPIC, pursuant to a Freedom of Information Act request, revealed that the Defense Department canceled a contract with Echometrix following the EPIC FTC complaint. Under the settlement with the New York Attorney General's Office, Echometrix will pay a $100,000 penalty to the state of New York, and has agreed not to "analyze or share with third parties any private communications, information, or online activity to which they have access." New York Attorney General Announcement EPIC: FTC Echometrix Complaint EPIC: DOD Echometrix FOIA Request EPIC: Echometrix Google Street View Blocked Again The Czech Office for Personal Data Protection turned down Google's application to collect personal data for its Street View service. Street View is controversial mapping tool that has allowed Google to capture Wi-Fi signals in addition to street level imagery in thirty countries over a three-year period. Google obtained Wi-Fi data, including email passwords and content, from receivers that were concealed in the Street View vehicles. Many countries and several US states are currently investigating Google Street View. In May, EPIC urged the Federal Communications Commission to open an investigation into Street View, as Google’s practices appear to violate U.S. federal wiretap laws as well as the U.S. Communications Act. EPIC: Street View Google: Street View Wi-Fi Data Collection EPIC: FCC Street View Letter Federal Wiretap Act U.S. Communications Act EPIC, Privacy Groups Comment on Draft Cybersecurity Policies EPIC has joined other Privacy Groups, including the American Library Association and the Center for Media and Democracy, in order to submit comments on the "National Strategy for Trusted Identities in Cyberspace," (NS-TIC). The NS-TIC is a recently released draft on policies designed to confront fraud and identity theft on the Internet. In comment, the groups focus on "the most pressing issues for privacy, civil liberties, and consumer rights," maintaining that policies should be "designed in a manner that does not discourage lawful, constitutionally protected activity." Privacy Coalition DHS: National Strategy for Trusted Identities in Cyberspace Privacy Comments on NS-CIT EPIC: Cybersecurity and Privacy ======================================================================= [7] EPIC Book Review: "Because it is Wrong" ======================================================================= Because It Is Wrong: Torture, Privacy and the Presidential Power in the Age of Terror," Charles Fried, Gregory Fried A 1991 survey of the most popular articles in the Yale Journal placed Professor Charles Fried's 1968 contribution "Privacy" at #26. I suspect that if the survey were done today, Professor Fried's article would have risen in the standings. I say this partly because it was a substantial contribution to the modern understanding of privacy, but also because privacy has increasingly attracted the interest of legal scholars. In 1968, Professor Fried embraced a notion of privacy, now familiar to many, as "the control we have over information about ourselves." It is an expansive definition that is described as the basis of love, trust, and friendship. It is grounded in the strong foundational rights theories of Kant and Rawls. Privacy, according to Fried, safeguards freedom, constrains the state, and is essential to our modern life. Forty years later, Charles Fried returns to the topic in a new book "Because It Is Wrong: Torture, Privacy and the Presidential Power in the Age of Terror." Combing moral argument, art history, and some sympathies to a President in office after 9/11, Fried assessest the claims that President Bush could engage in illegal wiretapping and the torture of prisoners. This book is less about the FISA and the Geneva Convention and more about moral philosophy, though the clear defense of rule in Rawls and Kant is now replaced by the justifications for exceptions set out by Aristotle and Locke. This is a more pragmatic discussion than the one in the 1968 article. Lincoln did, after all, suspend the writ of habeas corpus. Which leads to the central question: Whether President Bush's warrantless wiretapping program can be defended. Noting that moral theory tells us that laws must sometimes be placed aside, Fried considers if the post 9-11 world requires political leaders to now heed Machiavelli's advice and "learn how not to be good," or, in other words, to find what some might describe as their inner Dick Cheney. Fried is well aware where this path leads. "There is a great danger to secret executive lawbreaking. What is done in secret, with all the powers of the executive behind it, could metastasize into the arbitrary power of the tyrant -- as it did in the Weimar Republic, ..." Or as Jack Goldsmith, another Harvard Law School Professor, who once served a conservative President, suggested in the title for his book on the Bush years, in"The Terror Presidency." Ultimately, Fried concludes that President Bush's violations of the law were neither the husband speeding to the hospital with his pregnant wife or the protester engaging in civil disobedience. "Whenever we admit that executive authorities can break the laws they are entrusted to uphold," Fried writes, "we are in dangerous territory." The book suggests that executive lawbreakers should be held accountable for their bad acts, at least in some circumstances. Professor Fried concluded his 1968 essay with a plea that privacy be grounded in the rule of law, to makes clear "how seriously we take this right." It was only a few years later that President Nixon resigned following the Watergate scandal and the illegal surveillance of his political opponents. But with the present Administration granting immunity to telephone companies and asserting the state secrets doctrine in court, it seems unlikely that Fried's argument will be given legal force. -- Marc Rotenberg ================================ EPIC Publications: "Litigation Under the Federal Open Government Laws 2008," edited by Harry A. Hammitt, Marc Rotenberg, John A. Verdi, and Mark S. Zaid (EPIC 2008). Price: $60. Litigation Under the Federal Open Government Laws is the most comprehensive, authoritative discussion of the federal open access laws. This updated version includes new material regarding the substantial FOIA amendments enacted on December 31, 2007. Many of the recent amendments are effective as of December 31, 2008. The standard reference work includes in-depth analysis of litigation under Freedom of Information Act, Privacy Act, Federal Advisory Committee Act, Government in the Sunshine Act. The fully updated 2008 volume is the 24th edition of the manual that lawyers, journalists and researchers have relied on for more than 25 years. ================================ "Information Privacy Law: Cases and Materials, Second Edition" Daniel J. Solove, Marc Rotenberg, and Paul Schwartz. (Aspen 2005). Price: $98. This clear, comprehensive introduction to the field of information privacy law allows instructors to enliven their teaching of fundamental concepts by addressing both enduring and emerging controversies. The Second Edition addresses numerous rapidly developing areas of privacy law, including: identity theft, government data mining and electronic surveillance law, the Foreign Intelligence Surveillance Act, intelligence sharing, RFID tags, GPS, spyware, web bugs, and more. Information Privacy Law, Second Edition, builds a cohesive foundation for an exciting course in this rapidly evolving area of law. ================================ "Privacy & Human Rights 2006: An International Survey of Privacy Laws and Developments" (EPIC 2007). Price: $75. This annual report by EPIC and Privacy International provides an overview of key privacy topics and reviews the state of privacy in over 75 countries around the world. The report outlines legal protections, new challenges, and important issues and events relating to privacy. Privacy & Human Rights 2006 is the most comprehensive report on privacy and data protection ever published. ================================ "The Public Voice WSIS Sourcebook: Perspectives on the World Summit on the Information Society" (EPIC 2004). Price: $40. This resource promotes a dialogue on the issues, the outcomes, and the process of the World Summit on the Information Society (WSIS). This reference guide provides the official UN documents, regional and issue-oriented perspectives, and recommendations and proposals for future action, as well as a useful list of resources and contacts for individuals and organizations that wish to become more involved in the WSIS process. ================================ "The Privacy Law Sourcebook 2004: United States Law, International Law, and Recent Developments," Marc Rotenberg, editor (EPIC 2005). Price: $40. The Privacy Law Sourcebook, which has been called the "Physician's Desk Reference" of the privacy world, is the leading resource for students, attorneys, researchers, and journalists interested in pursuing privacy law in the United States and around the world. It includes the full texts of major privacy laws and directives such as the Fair Credit Reporting Act, the Privacy Act, and the OECD Privacy Guidelines, as well as an up-to-date section on recent developments. New materials include the APEC Privacy Framework, the Video Voyeurism Prevention Act, and the CAN-SPAM Act. ================================ "Filters and Freedom 2.0: Free Speech Perspectives on Internet Content Controls" (EPIC 2001). Price: $20. A collection of essays, studies, and critiques of Internet content filtering. These papers are instrumental in explaining why filtering threatens free expression. ================================ EPIC publications and other books on privacy, open government, free expression, crypto and governance can be ordered at: EPIC Bookstore ================================ EPIC also publishes EPIC FOIA Notes, which provides brief summaries of interesting documents obtained from government agencies under the Freedom of Information Act. Subscribe to EPIC FOIA Notes at: https:/ ======================================================================= [8] Upcoming Conferences and Events ======================================================================= "The Invisible Man: Detection and Recognition Technologies," European Parliament, 6 October 2010. For More Information: "The Constitution in the 2020: The Future of Criminal Justice," Florida State University, 7-8 October, 2010. For More Information: "W3C Worksop on Privacy and Data Usage Control" MIT, 4-5 October 2010. For More Information: "he Public Voice Civil Society Meeting: "Next Generation Privacy Challenges and Opportunities." Jerusalem, Israel, 25 October 2010. For More Information: Conference on the Evolving Role of the Individual in Privacy Protection: "30 Years after the OECD Privacy Guidelines" Jerusalem, Israel, 26 October 2010. For More Information: "32nd Int'l Conference of Data Protection and Privacy Commissioners" Jerusalem, Israel, October 2010. For More Information: "Computers, Privacy, and Data Protection Conference European Data Protection: In Good Health?" Brussels, Belgium, 25-28 January 2011. For More Information: ======================================================================= Join EPIC on Facebook ======================================================================= Join the Electronic Privacy Information Center on Facebook http// Start a discussion on privacy. Let us know your thoughts. Stay up to date with EPIC's events. Support EPIC. ======================================================================= Privacy Policy ======================================================================= The EPIC Alert mailing list is used only to mail the EPIC Alert and to send notices about EPIC activities. We do not sell, rent or share our mailing list. We also intend to challenge any subpoena or other legal process seeking access to our mailing list. We do not enhance (link to other databases) our mailing list or require your actual name. In the event you wish to subscribe or unsubscribe your e-mail address from this list, please follow the above instructions under "subscription information." ======================================================================= About EPIC ======================================================================= The Electronic Privacy Information Center is a public interest research center in Washington, DC. It was established in 1994 to focus public attention on emerging privacy issues such as the Clipper Chip, the Digital Telephony proposal, national ID cards, medical record privacy, and the collection and sale of personal information. EPIC publishes the EPIC Alert, pursues Freedom of Information Act litigation, and conducts policy research. For more information, see or write EPIC, 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009. +1 202 483 1140 (tel), +1 202 483 1248 (fax). ======================================================================= Donate to EPIC ======================================================================= If you'd like to support the work of the Electronic Privacy Information Center, contributions are welcome and fully tax-deductible. Checks should be made out to "EPIC" and sent to 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009. Or you can contribute online at: Your contributions will help support Freedom of Information Act and First Amendment litigation, strong and effective advocacy for the right of privacy and efforts to oppose government regulation of encryption and expanding wiretapping powers. Thank you for your support. ======================================================================= Subscription Information ======================================================================= Subscribe/unsubscribe via web interface: Back issues are available at: The EPIC Alert displays best in a fixed-width font, such as Courier. ------------------------- END EPIC Alert 17.19 ------------------------

Share this page:

Defend Privacy. Support EPIC.
US Needs a Data Protection Agency
2020 Election Security