You are viewing an archived webpage. The information on this page may be out of date. Learn about EPIC's recent work at

Epic Alert 17.20

======================================================================= E P I C A l e r t ======================================================================= Volume 17.20 October 14, 2010 ----------------------------------------------------------------------- Published by the Electronic Privacy Information Center (EPIC) Washington, D.C. "Defend Privacy. Support EPIC." ======================================================================= Table of Contents ======================================================================= [1] Supreme Court to Examine Personal Privacy Rights of Corporations [2] EPIC Seeks Details on New Government Crypto Regulations [3] Senate Considers Data Security and Breach Notification Bill [4] EPIC Submits Comments on Foreign Intelligence Surveillance Court [5] Federal Court Protects Innocent Targets of Government Surveillance [6] News in Brief [7] EPIC Book Review: "Keeping Faith with the Constitution" [8] Upcoming Conferences and Events TAKE ACTION: Stop Airport Strip Searches! - JOIN Facebook Group "Stop Airport Strip Searches" and INVITE Friends - DISPLAY the IMAGE - SUPPORT EPIC ======================================================================= [1] Supreme Court to Examine Personal Privacy Rights of Corporations ======================================================================= The Supreme Court has agreed to review AT&T v. FCC, a case in which the Third Circuit Court of Appeals held that corporations have personal privacy rights. The case will determine the fate of a Freedom of Information Act request from 2005. An industry group named CompTel filed the request for the details about AT&T's government contract work in New London, Connecticut. The work was regulated by the Federal Communications Commission. AT&T wrote to the Commission, arguing that it qualifies for FOIA Exemption 7(C). Congress designed the exemption in question to prevent any public disclosure of law enforcement records which "could constitute an unwarranted invasion of personal privacy." The Commission dismissed the company's argument, holding that corporations do not qualify for personal privacy rights. AT&T appealed to the Third Circuit. On September 22, 2009, The Third Circuit overturned the FCC's decision, and the Supreme Court granted review of the case on Sep. 28, 2010. The case hinges on FOIA Exemption 7(C) and the breadth of the term "personal privacy." The Third Circuit reasoned that "personal" derives from "person," and that "person" is defined in the Freedom of Information Act to include corporations. The court did not address if "personal" has any special meaning, such as "intimate," or if the complete phrase "personal privacy" derives from "person." EPIC, which advocates both for privacy and open government, is likely to file an amicus brief. Supreme Court Grant of Certiorari for FCC v. AT&T, Inc. Third Circuit Court of Appeals Opinion EPIC: FCC v. AT&T EPIC: Open Government ======================================================================= [2] EPIC Seeks Details on New Government Crypto Regulations ======================================================================= EPIC has sent Freedom of Information Act (FOIA) requests to the Department of Justice, the Federal Bureau of Investigation, and the National Security Agency for information about a proposal to expand Internet surveillance and deploy weakened security standards. Federal law enforcement and national security officials are pushing for these changes, and the Obama administration plans to submit a bill to Congress next year. The proposal requires Internet companies to develop network services that will enable government access to private communications, including those on peer-to-peer networks, such as Skype. In order to comply, companies would be forced to develop ways to unscramble all encrypted messages, preventing delay in pursuing government wiretaps. The new regulations would apply to "communication service providers" located in the U.S., as well as to foreign-based providers that do business here. Critics of the proposal worry that requiring companies to intercept and decrypt data could create a "back door" for hackers, and could "raise costly impediments to innovation by small startups." Additionally, providers of encryption services will likely object to this proposal as it will inhibit their ability to globally market their products. In 1996, the National Resource Council (NRC) concluded that such technical standards make network communications more vulnerable to cyber attack. The NRC highlighted the importance of strong encryption for electronic information: "It is true that the spread of encryption technologies will add to the burden of those in government who are charged with carrying out certain law enforcement and intelligence activities. But the many benefits to society of widespread commercial and private use of cryptography outweigh the disadvantages." This is not the first time the U.S. government has sought crypto regulations. In 1994, the White House announced the adoption of the Clipper Chip, a cryptographic device intended to protect private communications while permitting government agents to obtain the decryption keys upon presentation of what was vaguely characterized as "legal authorization." Through a FOIA request, EPIC obtained previously unreleased documents about the Clipper Chip. The Clipper Chip died after substantial public backlash. Freedom of Information Act EPIC: FOIA request to DOJ New York Times: U.S. Tries to Make It Easier to Wiretap the Internet National Resource Council Report EPIC: Cryptography Policy EPIC: Clipper Chip EPIC: The Clipper Papers ======================================================================= [3] Senate Considers Data Security and Breach Notification Bill ======================================================================= On September 22, 2010, the Senate Commerce Committee Subcommittee on Consumer Protection, Product Safety, and Insurance held a hearing on S. 3742, The Data Security and Breach Notification Act of 2010. The Subcommittee oversees consumer protection efforts of the Federal Trade Commission (FTC), the National Highway Traffic Safety Administration, and the Consumer Product Safety Commission. The bill focuses mainly on businesses and organizations, including non-profits, which maintain large consumer databases, requiring them to implement protocols to protect these databases. In the case of a breach, the organizations will have to notify all those affected in a timely manner. The bill also regulates "information brokers," companies that collect and sell personal information to third parties for profit, by giving consumers the ability to access and correct that information. Additionally, the bill creates a national data protection standard, pre-empting existing state laws. The bill is co-sponsored by Senators Pryor(D-AR) and Rockefeller(D-WV). Senator Rockefeller, in his prepared statement, explained that the bill represents a "carefully crafted compromise between consumer groups and the business community." Witnesses testified at the hearing on behalf of the FTC, Consumers Union, and multiple industry trade groups. The witnesses generally supported the bill, but disagreed on a few key points: the rebuttable presumption that encrypted data is not subject to the bill's requirements, the pre-emption issue, and potential overlap with other federal data protection laws. A similar bill, H.R. 2221, passed the House last year. EPIC director Marc Rotenberg testified in support of the House bill, also recommending that lawmakers strengthen the proposed law by adopting a broader definition of "personally identifiable information" and permitting stronger state laws to remain. The Senate has not yet addressed these concerns. Senate Commerce Committee Consumer Protection Subcommittee Hearing Announcement and Testimony Sen. Pryor Statement S.3742 H.R. 2221 EPIC: House Testimony EPIC: Identity Theft ======================================================================= [4] EPIC Submits Comments on Foreign Intelligence Surveillance Court ======================================================================= EPIC has submitted comments on the proposed amendments to the Rules of Procedure for the Foreign Intelligence Surveillance Court (FISC). Created by the Foreign Intelligence Surveillance Act (FISA) of 1978, the FISC hears applications and grants orders for electronic surveillance and physical searches of foreign nationals living in the United States to gather foreign intelligence. The FISC is a secret court and is largely non-adversarial, though electronic communications service providers may appear to challenge or modify an order. The subject of an order is likely to neither learn that he is under surveillance nor have an opportunity to appear before the FISC. The government needs only to present evidence of probable cause that the target is a foreign power or an agent of one in order to receive a surveillance order. FISA also created the Foreign Intelligence Surveillance Court of Review to handle appeals from applications denied by FISC. The current Rules of Procedure were promulgated in 2006. EPIC’s comments on the proposed amendments focused on judicial independence, congressional oversight and transparency. The proposed amendments make a cognizable effort towards these ends. EPIC has frequently drawn attention to the constitutional role of the courts as a check on the Executive Branch. To preserve its independence and create greater transparency, EPIC urged the FISC to regularly publish its opinions and allow the government to release copies of Court orders and records to Congress. The public must be given more extensive reporting about the types of applications presented, approved, and denied by the Court. Therefore, EPIC also urged the FISC to enhance its annual reporting, increase information available to the public, and establish a web presence. EPIC: Comments on Proposed FISC Rules of Procedure FISC: 2010 Proposed Rules of Procedure FISC: 2006 Rules of Procedure EPIC: Foreign Intelligence Surveillance Court EPIC: Foreign Intelligence Surveillance Act ======================================================================= [5] Federal Court Protects Innocent Targets of Government Surveillance ======================================================================= A federal appeals court in New York overruled a lower court order that would have disclosed thousands of wiretapped conversations to the Security and Exchange Commission. The Commission is suing Raj Rajaratnam in a civil suit for insider trading. Mr. Rajaratnam is the founder of the Galleon Group, a hedge fund management firm. The Commission sought recordings and transcripts of 18,150 private conversations between more than 500 different individuals, which had been compiled by the Federal Bureau of Investigation. The SEC alleges that the communications reveal Rajaratnam and other defendants' involvement in insider trading. The wiretaps also include private communications, including conversations between Rajaratnam and his wife, his daughter, other family members, and his doctor. The court granted the Commission's request to turn over all recordings before any determination was made on whether the interceptions were relevant or lawful. At the time of the order, a hearing was pending in a related criminal case to decide the legality of the wiretaps. EPIC filed a "friend of the court" brief on behalf of "the privacy rights of hundreds of individuals" who had no involvement in the case. The appeals court found the order "clearly exceeded its discretion by failing to limit the disclosure of the wiretapped conversations to relevant conversations." It also held that "the more prudent course in the instant case may have been to adjourn" until after the question of legality was settled. SEC v. Galleon EPIC: SEC v. Galleon: "Friend of the Court" Brief EPIC: SEC v. Galleon EPIC: Wiretapping ======================================================================= [6] News In Brief ======================================================================= National Academies Releases New Report on Biometrics The National Academies of Science has released a report entitled "Biometric Recognition: Challenges and Opportunities." The report concluded that biometric recognition technologies are inherently probabilistic and inherently fallible. Sources of uncertainty in biometric systems include variation within persons, sensors, feature extraction and matching algorithms, and data integrity. The report recommends a more comprehensive systems level approach to the contexts, design, and use of biometric technologies as well as peer-reviewed testing and evaluation of the technologies. EPIC has urged the Department of Defense to establish privacy safeguards for the biometric database the US established of Iraqis. The National Academies of Science Report: "Biometric Recognition: Challenges and Opportunities" EPIC: Letter to Secretary Gates EPIC: Biometric Identifiers EPIC: Iraqi Biometric Identification System Five Billion Have Right to Information Human rights organization Article 19 reported that over 90 countries have adopted laws, constitutional amendments or regulations protecting the right to freedom of information. Additionally, over 50 countries are considering proposals to adopt laws that will protect citizens’ right to know. Article 19 commends the World Bank for its transparency policy, the United Nation’s Environmental Programme for enhanced access to environmental information, and the efforts of the U.S. and UK governments to launch open data sites. Article 19 Five Billion Have Right to Know Statement EPIC: Open Government Senator Collins Responds to EPIC`s Letter on Airport Body Scanners Senator Susan Collins has sent a letter to EPIC Director Marc Rotenberg and consumer advocate Ralph Nader regarding airport body scanners. Senator Collins stated in the letter "I agree wholeheartedly that TSA must ensure that this new security technology is proven effective and comes with sufficient protections to the health and privacy of all persons." Mr. Rotenberg and Mr. Nader had sent Senator Collins a request for a public hearing about the security agency's body scanner program. The US Senate has not yet scheduled such a hearing, but leaders in the European Parliament will examine the issue of body scanners on October 6, 2010. EPIC will be participating in that hearing. EPIC: Letter to Senator Collins and Senator Lieberman EPIC: Senator Collins' Response Alliance of Liberals and Democrats for Europe Google Adds Two-Factor Authentication to Google Apps Google announced today that it is adding two-factor verification for Google Applications. This will allow users to set up a one-time code delivered to a mobile phone, in addition to a regular password. Currently this option is only available for paid Google apps, although it will be available to all users in the coming months. If an administrator of a paid Google Apps account enables two-factor verification, then all users will be required to submit their mobile phone number. Google Apps operate by using cloud computing. In March 2009, EPIC filed a complaint with the Federal Trade Commission over Google's lack of adequate safeguards for its Cloud Computing Services. Google: Announcement Google: Two-Factor Verification Google Applications EPIC: Cloud Computing EPIC: FTC Complaint Privacy Groups Object to Google's "Simplified" Privacy Policy EPIC and 14 other privacy and consumer protection groups sent a letter to Google CEO Eric Schmidt about Google's revised privacy policy. Under this new policy, twelve specific Google privacy policies will be replaced by a single policy that will enable greater data sharing within the corporation. EPIC previously raised similar concerns about Google Buzz in a complaint to the Federal Trade Commission. In the complaint, EPIC argued that Google's Gmail-specific privacy policy was more protective of users than their general privacy policy. EPIC: Letter to Google Google: Privacy Policy Google: Google Buzz EPIC: FTC Complaint EPIC: Google Buzz EPIC, Privacy Groups Comment on Draft Cybersecurity Policies EPIC has joined other Privacy Groups, including the American Library Association and the Center for Media and Democracy, in order to submit comments on the "National Strategy for Trusted Identities in Cyberspace," (NS-TIC). The NS-TIC is a recently released draft on policies designed to confront fraud and identity theft on the Internet. In comment, the groups focus on "the most pressing issues for privacy, civil liberties, and consumer rights," maintaining that policies should be "designed in a manner that does not discourage lawful, constitutionally protected activity." American Library Association Center for Media and Democracy DHS: National Strategy for Trusted Identies in Cyberspace EPIC: Statement on National Strategy for Trusted Identies in Cyberspace EPIC: Cybersecurity Privacy Practical Implications ======================================================================= [7] EPIC Book Review: "Keeping Faith with the Constitution" ======================================================================= "Keeping Faith with the Constitution," Goodwin Liu, Pamela S. Karlan, Christopher H. Schroeder In this accessible theoretical and legal discussion of constitutional fidelity, law professors Goodwin Liu (also a nominee to the Ninth Circuit), Pamela S. Karlan, and Christopher H. Schroeder, analyze constitutional interpretation by highlighting the dynamism of the founding document. The authors argue that keeping faith with the Constitution means being "faithful to what the Constitution is: not a legal code, not a lawyer's contract, but a basic charter of government whose practical meaning arises from the continual adaptation of its enduring text and principles to the conditions and challenges facing each generation." The authors posit that the broad language chosen by the Framers to express constitutional principles reflects an intention that the "written enumeration of rights should not unduly limit the scope of inalienable rights and liberties we possess." The Framers did not intend the Constitution to be fossilized. Rather, they envisioned a document whose vitality is realized when its principles are applied to new contexts, thus providing opportunities for a more complete understanding of their ideals. Keeping Faith can be divided into three parts. The first third of the book discusses the history of the Constitution itself and the impact of certain amendments, like the Reconstruction Amendments. In fact, the authors describe the Reconstruction Amendments as the second founding of the United States, for it was in the Thirteenth, Fourteenth, and Fifteenth Amendments that the principles which guided the Framers were reaffirmed. The second part provides a critique of other forms of judicial interpretation, particularly that of originalism, strict constructionism, and the living Constitution. The final third, then, applies constitutional fidelity to broad principles— equality, freedom of speech, promoting the general welfare, separation of powers, democracy, criminal justice, and liberty—by analyzing the related case law to demonstrate how the broad language of the constitution is given weight and texture through judicial interpretation. The authors' critique of dominant forms of constitutional interpretation is grounded in a belief that the Constitution does not change unless properly amended. Nevertheless, the Constitution is responsive to the social changes and consequent legal challenges that affect successive generations of Americans (consider for example the application of the Fourth Amendment's 18th century language to twenty-first century electronic surveillance). Here we arrive at the subtle and very important point the authors are making. Strict constructionism and originalism fail as interpretive strategies because they result in too much uncertainty. How can we know which Framer's interpretation of the language should be given effect? The living Constitution perspective fails as well because it minimizes the fixed and enduring character of the written text. Context helps us understand meaning. Constitutional fidelity pays attention to how the principles of the Constitution are given meaning in new contexts. They explain, "attention to real-world consequences—or to the reasonableness of legislative judgments concerning real-world consequences—is an ordinary part of constitutional adjudication." Liu, Karlan, and Schroeder succeed in providing a measured alternative to competing forms of constitutional interpretation. They offer grounding in the significant cases that inform our contemporary understanding of rights, and present a theoretical framework which first situates the Constitution in its historical context, then explains how the intent of the Framers is realized when we carry the values embedded in the Constitution into our contemporary moment. The law is shaped not only by judicial interpretation but also by how the will of the people, as embodied in the laws passed by our legislatures. This dynamic interplay reflects a commitment to making the Constitution relevant to our times. -- Nichole Rustin-Paschal ================================ EPIC Publications: "Litigation Under the Federal Open Government Laws 2008," edited by Harry A. Hammitt, Marc Rotenberg, John A. Verdi, and Mark S. Zaid (EPIC 2008). Price: $60. Litigation Under the Federal Open Government Laws is the most comprehensive, authoritative discussion of the federal open access laws. This updated version includes new material regarding the substantial FOIA amendments enacted on December 31, 2007. Many of the recent amendments are effective as of December 31, 2008. The standard reference work includes in-depth analysis of litigation under Freedom of Information Act, Privacy Act, Federal Advisory Committee Act, Government in the Sunshine Act. The fully updated 2008 volume is the 24th edition of the manual that lawyers, journalists and researchers have relied on for more than 25 years. ================================ "Information Privacy Law: Cases and Materials, Second Edition" Daniel J. Solove, Marc Rotenberg, and Paul Schwartz. (Aspen 2005). Price: $98. This clear, comprehensive introduction to the field of information privacy law allows instructors to enliven their teaching of fundamental concepts by addressing both enduring and emerging controversies. The Second Edition addresses numerous rapidly developing areas of privacy law, including: identity theft, government data mining and electronic surveillance law, the Foreign Intelligence Surveillance Act, intelligence sharing, RFID tags, GPS, spyware, web bugs, and more. Information Privacy Law, Second Edition, builds a cohesive foundation for an exciting course in this rapidly evolving area of law. ================================ "Privacy & Human Rights 2006: An International Survey of Privacy Laws and Developments" (EPIC 2007). Price: $75. This annual report by EPIC and Privacy International provides an overview of key privacy topics and reviews the state of privacy in over 75 countries around the world. The report outlines legal protections, new challenges, and important issues and events relating to privacy. Privacy & Human Rights 2006 is the most comprehensive report on privacy and data protection ever published. ================================ "The Public Voice WSIS Sourcebook: Perspectives on the World Summit on the Information Society" (EPIC 2004). Price: $40. This resource promotes a dialogue on the issues, the outcomes, and the process of the World Summit on the Information Society (WSIS). This reference guide provides the official UN documents, regional and issue-oriented perspectives, and recommendations and proposals for future action, as well as a useful list of resources and contacts for individuals and organizations that wish to become more involved in the WSIS process. ================================ "The Privacy Law Sourcebook 2004: United States Law, International Law, and Recent Developments," Marc Rotenberg, editor (EPIC 2005). Price: $40. The Privacy Law Sourcebook, which has been called the "Physician's Desk Reference" of the privacy world, is the leading resource for students, attorneys, researchers, and journalists interested in pursuing privacy law in the United States and around the world. It includes the full texts of major privacy laws and directives such as the Fair Credit Reporting Act, the Privacy Act, and the OECD Privacy Guidelines, as well as an up-to-date section on recent developments. New materials include the APEC Privacy Framework, the Video Voyeurism Prevention Act, and the CAN-SPAM Act. ================================ "Filters and Freedom 2.0: Free Speech Perspectives on Internet Content Controls" (EPIC 2001). Price: $20. A collection of essays, studies, and critiques of Internet content filtering. These papers are instrumental in explaining why filtering threatens free expression. ================================ EPIC publications and other books on privacy, open government, free expression, crypto and governance can be ordered at: EPIC Bookstore ================================ EPIC also publishes EPIC FOIA Notes, which provides brief summaries of interesting documents obtained from government agencies under the Freedom of Information Act. Subscribe to EPIC FOIA Notes at: ======================================================================= [8] Upcoming Conferences and Events ======================================================================= "he Public Voice Civil Society Meeting: "Next Generation Privacy Challenges and Opportunities." Jerusalem, Israel, 25 October 2010. For More Information: Conference on the Evolving Role of the Individual in Privacy Protection: "30 Years after the OECD Privacy Guidelines" Jerusalem, Israel, 26 October 2010. For More Information: "32nd Int'l Conference of Data Protection and Privacy Commissioners" Jerusalem, Israel, October 2010. For More Information: "Computers, Privacy, and Data Protection Conference European Data Protection: In Good Health?" Brussels, Belgium, 25-28 January 2011. For More Information: ======================================================================= Join EPIC on Facebook ======================================================================= Join the Electronic Privacy Information Center on Facebook Start a discussion on privacy. Let us know your thoughts. Stay up to date with EPIC's events. Support EPIC. ======================================================================= Privacy Policy ======================================================================= The EPIC Alert mailing list is used only to mail the EPIC Alert and to send notices about EPIC activities. We do not sell, rent or share our mailing list. We also intend to challenge any subpoena or other legal process seeking access to our mailing list. We do not enhance (link to other databases) our mailing list or require your actual name. In the event you wish to subscribe or unsubscribe your e-mail address from this list, please follow the above instructions under "subscription information." ======================================================================= About EPIC ======================================================================= The Electronic Privacy Information Center is a public interest research center in Washington, DC. It was established in 1994 to focus public attention on emerging privacy issues such as the Clipper Chip, the Digital Telephony proposal, national ID cards, medical record privacy, and the collection and sale of personal information. EPIC publishes the EPIC Alert, pursues Freedom of Information Act litigation, and conducts policy research. For more information, see or write EPIC, 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009. +1 202 483 1140 (tel), +1 202 483 1248 (fax). ======================================================================= Donate to EPIC ======================================================================= If you'd like to support the work of the Electronic Privacy Information Center, contributions are welcome and fully tax-deductible. Checks should be made out to "EPIC" and sent to 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009. Or you can contribute online at: Your contributions will help support Freedom of Information Act and First Amendment litigation, strong and effective advocacy for the right of privacy and efforts to oppose government regulation of encryption and expanding wiretapping powers. Thank you for your support. ======================================================================= Subscription Information ======================================================================= Subscribe/unsubscribe via web interface: Back issues are available at: The EPIC Alert displays best in a fixed-width font, such as Courier. ------------------------- END EPIC Alert 17.20 ------------------------

Share this page:

Defend Privacy. Support EPIC.
US Needs a Data Protection Agency
2020 Election Security