You are viewing an archived webpage. The information on this page may be out of date. Learn about EPIC's recent work at

EPIC Alert 17.21

======================================================================= E P I C A l e r t ======================================================================= Volume 17.21 October 21, 2010 ----------------------------------------------------------------------- Published by the Electronic Privacy Information Center (EPIC) Washington, D.C. "Defend Privacy. Support EPIC." ======================================================================= Table of Contents ======================================================================= [1] EPIC Launches Privacy 2010 Campaign [2] Obama Administration Receives Harsh Reviews in 2010 Report Card [3] EPIC Receives Documents on DHS Biometric Plans [4] Public Voice Meeting to be Held in Jerusalem [5] Investigation of Google Street View Moves Forward in Spain [6] News in Brief [7] EPIC Book Review: "The Silent State" [8] Upcoming Conferences and Events TAKE ACTION: Stop Airport Strip Searches! - JOIN Facebook Group "Stop Airport Strip Searches" and INVITE Friends - DISPLAY the IMAGE - SUPPORT EPIC ======================================================================= [1] EPIC Launches Privacy 2010 Campaign ======================================================================= The Electronic Privacy Information Center (EPIC) launched the Privacy 2010 campaign at a press conference at the Mott House, next to the Supreme Court on Capitol Hill. EPIC released a Privacy Platform with recommended positions on ten key privacy issues. The event featured speakers from EPIC, the Center for Digital Democracy, Consumer Action, the Council on American-Islamic Relations, and the Liberty Coalition. The speakers discussed a range of topics at the event, including government surveillance and consumer protection. Aaron Titus, Information Privacy Director of the Liberty Coalition, delivered a spellbinding speech on the forces eroding public awareness of privacy. "Elected officials have done little to advance the public discourse. Instead, the public discussion has been dominated by DHS, the TSA, Google, Facebook, and others. These entities have drastically narrowed the definition of privacy, often attempting to narrow it to nothing more than 'security.'" Jeff Chester, the Executive Director of the Center for Digital Democracy, provided a rigorous analysis of "the business model created by online marketers that continually expands the data collection and profiling and targeting of consumers around the world." After addressing the audience in attendance the speakers took questions from the press. As part of the Privacy 2010 campaign, EPIC launched a Facebook Cause page. The Cause page allows people to sign on to show their support, donate, discuss emerging privacy issues regarding the upcoming elections, and also features photographs from events association with the Campaign. As part of the campaign, EPIC released a Privacy Report Card for the Obama administration with grades on medical privacy, cyber security, consumer privacy, and civil liberties. EPIC: Privacy 2010 Campaign Platform EPIC: Privacy 2010 Facebook Cause Page EPIC: Body Scanners EPIC: Medical Privacy EPIC: Cloud Computing ======================================================================= [2] Obama Administration Receives Harsh Reviews in 2010 Report Card ======================================================================= In a special event as part of the Privacy 2010 Campaign, the Electronic Privacy Information Center (EPIC) has released the 2010 Privacy Report Card for the Obama Administration. The Report Card focuses on developments over the past year in the areas of medical privacy, civil liberties, consumer protection, and cyber-security. The report card was formerly unveiled at the Mott House, on Capital Hill. EPIC's executive director, Marc Rotenberg, briefly discussed the grades from 2009 and the rationale for the new marks. 2010 grades include two B's (medical privacy and cyber-security), a C (consumer privacy), and a D (civil liberties). These were significant drops from 2009, when the Administration received an Incomplete (consumer privacy), an A- (medical privacy), a B (cyber-security), and a C+ (civil liberties). After the unveiling, a panel composed of privacy experts in each area discussed their own views on the Administration. The panel included: prominent consumer attorney Philip Friedman, Dr. Latanya Sweeney of Carnegie Mellon University, Paul Smith from Jenner and Block, and Georgetown's Pablo G. Molina. Following the presentations, guests asked questions and engaged the speakers in a dialogue. When asked what they would like to see the Administration do over the coming year to improve grades in 2011, each panelist offered recommendations, such as the creation of private rights of action for consumer privacy violations, cessation of the full body scanner program, and the development of a more robust privacy infrastructure. The Privacy Report Card is a tradition that EPIC started in 2009 to raise awareness of how privacy issues are handled by the President and his Administration. The Privacy 2010 Campaign encourages citizens to question candidates on key privacy issues before the November elections. EPIC: Privacy 2010 Campaign Platform EPIC: Privacy 2010 Facebook Cause Page EPIC: 2009 Privacy Report Card EPIC: 2010 Privacy Report Card ======================================================================= [3] EPIC Receives Documents on DHS Biometric Plans ======================================================================= EPIC has obtained hundreds of pages of government biometrics plans as a result of a Freedom of Information Act (FOIA) Request. The documents, from DHS, detail the agency's plans to implement biometric technology, including facial recognition, DNA identifiers, and iris scans. These documents reveal that the agency plans to create vast biometric databases, which will be shared not only with other agencies, but also with other countries. The list of cooperating countries currently includes Australia, Canada, and the United Kingdom. DHS plans to expand this information sharing community to include Germany, Korea, Czech Republic, Latvia, Lithuania, Hungary, Slovakia, Estonia, Malta, Italy, Spain, Portugual, and Mexico. These biometrics databases will also be linked the terrorist watchlists. The documents also reveal the agency plans to implement several new technologies related to biometrics. The DHS will implement biometric technology on mobile devices and in crowd scanning technology. While the documents were otherwise quite detailed, privacy concerns were only briefly mentioned. EPIC has previously submitted comments on biometrics programs, including January 19, 2010 comments to the US Customs and Border Protection urging the agency to “to revise its establishment of the Global Entry program and to reconsider the privacy and security implications of the program.” EPIC: Biometrics DHS: Biometrics Program Documents EPIC: DHS Biometric Program EPIC: Comments to Customs and Border Protection (January 19, 2010) ======================================================================= [4] Public Voice Meeting to be Held in Jerusalem ======================================================================= On October 25, 2010 the Public Voice will host, "Next Generation Privacy Challenges and Opportunities" in Jerusalem, Israel. This event will be held in conjunction with the 32nd International Conference of Data Protection and Privacy Commissioners from Oct. 27-29th in Jerusalem. The Organization for Economic Cooperation and Development (OECD) has also scheduled a symposium on October 26th to celebrate the 30th anniversary of the OECD Privacy Guidelines. The Public Voice Coalition was established in 1996 by the Electronic Privacy Information Center (EPIC) to promote public participation in decisions concerning the future of the Internet. The Public Voice has pursued issues ranging from privacy and freedom of expression to consumer protection and Internet governance. Through international conferences, reports, and funding for travel, the Public Voice project seeks to increase the presence of Non-Governmental Organizations at meetings across the globe. In cooperation with the OECD, the United Nations Educational Scientific and Cultural Organizations (UNESCO), and other international organizations, the Public Voice brings civil society leaders face to face with government officials for constructive engagement about current policy issues. Public Voice events have been held in Buenos Aires, Cape Town, Dubai, Hong Kong, Honolulu, Kuala Lumpur, Ottawa, Paris, Washington, and Wroclaw. The conference in Jerusalem will review progress on the Madrid Declaration and examine topics such as airport full body scanners, biometric identity systems, and the establishment of international frameworks for privacy protection. The conference is co-sponsored by the Israeli Law, Information, and Technology Authority (ILTA). Lillie Coney, Associate Director of The Electronic Privacy Information Center, will chair the event. Many other groups from across the globe are participating, including the Palestinian Peace Society, Association for Civil Rights in Israel, Consumers Korea, Interfaith Encounter, Privacy International, Electronic Frontier Foundation, and the Australian Privacy Foundation. Public Voice Public Voice Jerusalem Conference 32nd Int'l Conference of Data Protection and Privacy Commissioners OECD Symposium ======================================================================= [5] Investigation of Google Street View Moves Forward in Spain ======================================================================= The Spanish Data Protection Agency has filed suit against Google, Inc. and Google Spain for five violations of Spanish law. The Agency found that Google's Street View service infringed the Spanish Data Protection Act by collecting personal data from Wi-Fi networks and transferring that data internationally. The suit followed an investigation begun in May 2010 by the Agency. The investigation discovered that Google collected and stored personal data, including names and addresses associated with email messages and social network accounts and websites, transmitted through open Wi-Fi networks. The investigation also found that Google collected location identification data of the wireless networks, such as Service Set Identifiers (SSIDs) and Media Access Control (MAC) addresses that contained subscribers' real names. Google was found not to have observed the Data Protection Act's compliance requirements for the authorization of international transfers of data. Many other countries are currently investigating Google Street View. The Office of the Privacy Commissioner of Canada concluded after its investigation of Google Street View that Google had violated Canadian law when Street View collected personally identifiable information. The Czech Office for Personal Data Protection turned down Google's application to collect personal data for Street View. The French National Commission on Computing and Liberty (CNIL) released a report on its investigation, finding that Google "saved passwords for access to mailboxes" and obtained electronic messages. Among U.S. states investigating Google Street View are Connecticut, Michigan, Illinois, Massachusetts, and Missouri. In May, EPIC urged the Federal Communications Commission to open an investigation into Street View, as Google's practices appear to violate U.S. federal wiretap laws as well as the U.S. Communications Act. Google has admitted that it intercepted and stored Wi-Fi transmission data. Spanish Data Protection Agency (APED) Spanish DPA: Press Release Office of the Privacy Commissioner of Canada, Press Release, Google Streetview EPIC: Letter to Jules Genachowski, FCC Chairmen (May 18, 2010) Google Official Blog: Wi-Fi Data Collection EPIC: Google Streetview ======================================================================= [6] News In Brief ======================================================================= Canada: Google Street View Violates Privacy Laws Canada's Privacy Commissioner has determined that Google violated Canadian privacy law when the company's Street View cars collected user information from wireless networks. The personal information Google captured included e-mails and the names, addresses, and home phone numbers of people suffering from a certain medical condition. The Commissioner called on Google to strengthen its controls and designate an individual to be responsible for privacy issues. In May, EPIC urged the Federal Communications Commission to open an investigation into Street View, as Google's practices appear to violate U.S. federal wiretap laws as well as the U.S. Communications Act. Privacy Commissioner of Canada: News Release on Google Street View EPIC: Google Street View U.S. Federal Wiretap Laws U.S. Communications Act New Social Networking Privacy Poll Released, Kids Privacy Campaign Launched According to a national poll from Common Sense Media, three out of four parents believe that social network services do not adequately protect children's online privacy. The Common Sense Media "Protect Our Privacy - Protect Our Kids" campaign calls for opt-in consent, clear and simple privacy statements, updated privacy laws, and a prohibition on behavioral marketing for kids. EPIC filed comments with the Federal Trade Commission aimed at improving the Children's Online Privacy Protection Act (COPPA). Marc Rotenberg, executive director of the Electronic Privacy Information Center, testified before the Senate Commerce Committee earlier this year, and urged Congress to extend COPPA to cover social networks and teens. Common Sense Media: Poll Results EPIC: Comments to FTC on COPPA Children's Online Privacy Protection Act EPIC: Marc Rotenberg COPAA Testimony Senate Commerce Committee: Consumer Products Subcommittee EPIC: COPPA Web Companies Defend Data Collection Practices, Google Absent Eleven Internet companies responded to Rep. Markey and Rep. Barton's request for information regarding their data collection practices. However, the companies said that it is "impossible" for them to eliminate online tracking of consumer behavior. Google refused to respond to the survey questions. At the same time, Microsoft, Intel Corp. and E-bay announced support for Rep. Rush's "Best Practices Act." This bill contains a private right of action as well as a safe harbor for companies that comply with a self-regulatory "Choice Program" approved by the Federal Trade Commission. Marc Rotenberg, executive director of the Electronic Privacy Information Center, recently testified before Chairman Rush's committee and recommended new safeguards for Internet users. Rep. Markey and Rep. Barton Request for Information Internet Companies' Responses to Rep. Markey and Rep. Barton H.R.5777: "Best Practices Act" EPIC: Marc Rotenberg Testimony at House Energy and Commerce Committee EPIC: Identity Theft Congressmen Question Facebook About Latest Privacy Breach Congressmen Ed Markey (D-MA) and Joe Barton (R-TX) sent a letter to Facebook about the news that Facebook's business partners transmitted personal user data to advertising and Internet tracking companies in violation of the company's policy. EPIC has two complaints pending at the Federal Trade Commission regarding Facebook's unfair and deceptive trade practices. Rep. Markey and Rep. Barton Letter to Facebook Facebook: Engineer Blog Post EPIC: FTC Facebook Complaint EPIC: FTC Facebook Complaint II EPIC: Facebook FTC Proposes Consent Decree in U.S. Search Case The FTC is asking for comments on a proposed settlement of the Agency's complaint against U.S. Search for deceptive practices. U.S. Search sold customers a "privacy lock" service which the company falsely claimed would prevent customers' personal information from appearing on the U.S. Search website. The proposed settlement requires U.S. Search to refund fees and bars the company from further deceptive practices, but does not stop them from charging for this type of opt-out service. FTC: News Release FTC: Proposed Consent Decree FTC: Complaint against U.S. Search U.S. Search EPIC: FTC ======================================================================= [7] EPIC Book Review: "The Silent State" ======================================================================= "The Silent State: Secrets, Surveillance and the Myth of British Democracy," Heather Brooke Heather Brooke's The Silent State is a scathing attack on British democracy, or, more accurately, the lack of it. Brooke is one of Britain's most prominent investigate journalists; she was the force behind the recent scandal that exposed the misuse of taxpayer funds by Members of Parliament. The book is written similar to a manifesto, exposing the myriad of ways in which the government of Britain attempts to hide and distort information that Brooke believes citizens have a right to know. Brooke begins with a discussion of how much information the government collects about each individual citizen, especially children. She describes in detail the various government databases and how they make up a massive "surveillance bureaucracy." This data the government collects can become "dangerous," according to Brooke, when the "state takes over your identity." "In secrecy," she writes, "bureaucracies grow large, ungainly and unaccountable to those they are meant to serve." Brooke then turns her attention to an examination of the government public relations machine and the way in which it manufactures reality. In contrast to the first part of the book, here she emphasizes the minimal information the government is willing to reveal to its citizens. Brooke points out how much more money is spent on public relations and spin, as opposed to actual action, and how official spokespeople are often quoted anonymously, allowing them to escape individual accountability for what they say. On the topic of police department public relations, Brooke analyzes how crime statistics are manipulated to give citizens a false sense of security. More importantly than the way the British government spins the information it reveals is how it hides even the most basic of information from its citizens. British citizens lack access to all kinds of information that we take for granted in the United States: for example, there is no easy way to find out school testing results or how a Member of Parliament voted on an issue. When citizens attempted to build websites publicizing civic information, Brooke's details how government officials stymied them at every turn. This type of secrecy extends to the judicial system in Britain as well, where you are not allowed to take notes during the proceedings and reporters have difficulty accessing information on cases. Brooke writes informally, as if she is talking, and often shouting, directly at the reader. This can be tiring at times, though it does not cloud the central theme of her work and how she has exposed the "myth of British democracy." The Silent State reminds us all that in order to function properly, democracies need the constant vigilance and activism of citizens like Brooke. -- Sharon Goott Nissim ================================ EPIC Publications: "Litigation Under the Federal Open Government Laws 2008," edited by Harry A. Hammitt, Marc Rotenberg, John A. Verdi, and Mark S. Zaid (EPIC 2008). Price: $60. Litigation Under the Federal Open Government Laws is the most comprehensive, authoritative discussion of the federal open access laws. This updated version includes new material regarding the substantial FOIA amendments enacted on December 31, 2007. Many of the recent amendments are effective as of December 31, 2008. The standard reference work includes in-depth analysis of litigation under Freedom of Information Act, Privacy Act, Federal Advisory Committee Act, Government in the Sunshine Act. The fully updated 2008 volume is the 24th edition of the manual that lawyers, journalists and researchers have relied on for more than 25 years. ================================ "Information Privacy Law: Cases and Materials, Second Edition" Daniel J. Solove, Marc Rotenberg, and Paul Schwartz. (Aspen 2005). Price: $98. This clear, comprehensive introduction to the field of information privacy law allows instructors to enliven their teaching of fundamental concepts by addressing both enduring and emerging controversies. The Second Edition addresses numerous rapidly developing areas of privacy law, including: identity theft, government data mining and electronic surveillance law, the Foreign Intelligence Surveillance Act, intelligence sharing, RFID tags, GPS, spyware, web bugs, and more. Information Privacy Law, Second Edition, builds a cohesive foundation for an exciting course in this rapidly evolving area of law. ================================ "Privacy & Human Rights 2006: An International Survey of Privacy Laws and Developments" (EPIC 2007). Price: $75. This annual report by EPIC and Privacy International provides an overview of key privacy topics and reviews the state of privacy in over 75 countries around the world. The report outlines legal protections, new challenges, and important issues and events relating to privacy. Privacy & Human Rights 2006 is the most comprehensive report on privacy and data protection ever published. ================================ "The Public Voice WSIS Sourcebook: Perspectives on the World Summit on the Information Society" (EPIC 2004). Price: $40. This resource promotes a dialogue on the issues, the outcomes, and the process of the World Summit on the Information Society (WSIS). This reference guide provides the official UN documents, regional and issue-oriented perspectives, and recommendations and proposals for future action, as well as a useful list of resources and contacts for individuals and organizations that wish to become more involved in the WSIS process. ================================ "The Privacy Law Sourcebook 2004: United States Law, International Law, and Recent Developments," Marc Rotenberg, editor (EPIC 2005). Price: $40. The Privacy Law Sourcebook, which has been called the "Physician's Desk Reference" of the privacy world, is the leading resource for students, attorneys, researchers, and journalists interested in pursuing privacy law in the United States and around the world. It includes the full texts of major privacy laws and directives such as the Fair Credit Reporting Act, the Privacy Act, and the OECD Privacy Guidelines, as well as an up-to-date section on recent developments. New materials include the APEC Privacy Framework, the Video Voyeurism Prevention Act, and the CAN-SPAM Act. ================================ "Filters and Freedom 2.0: Free Speech Perspectives on Internet Content Controls" (EPIC 2001). Price: $20. A collection of essays, studies, and critiques of Internet content filtering. These papers are instrumental in explaining why filtering threatens free expression. ================================ EPIC publications and other books on privacy, open government, free expression, crypto and governance can be ordered at: EPIC Bookstore ================================ EPIC also publishes EPIC FOIA Notes, which provides brief summaries of interesting documents obtained from government agencies under the Freedom of Information Act. Subscribe to EPIC FOIA Notes at: ======================================================================= [8] Upcoming Conferences and Events ======================================================================= "Future Tense." The New America Foundation, Washington, D.C., 25 October 2010. For More Information: Hearing: "Data Protection in a Transatlantic Perspective." European Parliament Committee on Civil Liberties, Justice, and Home Affairs (LIBE), Brussels, Belgium, 25 October 2010. For More Information: "The Public Voice Civil Society Meeting: Next Generation Privacy Challenges and Opportunities." Jerusalem, Israel, 25 October 2010. For More Information: Conference on the Evolving Role of the Individual in Privacy Protection: "30 Years after the OECD Privacy Guidelines" Jerusalem, Israel, 26 October 2010. For More Information: "32nd Int'l Conference of Data Protection and Privacy Commissioners" Jerusalem, Israel, October 2010. For More Information: "Broadband Networks and Smart Grid at the Crossroad Between ICT & Energy." Columbia Business School, New York, New York, 3 December 2010. For More Information: "Computers, Privacy, and Data Protection Conference European Data Protection: In Good Health?" Brussels, Belgium, 25-28 January 2011. For More Information: "The Tenth Workshop on Economics of Information Security." The George Mason University, 14-15 June 2011. For More Information: ======================================================================= Join EPIC on Facebook ======================================================================= Join the Electronic Privacy Information Center on Facebook Start a discussion on privacy. Let us know your thoughts. Stay up to date with EPIC's events. Support EPIC. ======================================================================= Privacy Policy ======================================================================= The EPIC Alert mailing list is used only to mail the EPIC Alert and to send notices about EPIC activities. We do not sell, rent or share our mailing list. We also intend to challenge any subpoena or other legal process seeking access to our mailing list. We do not enhance (link to other databases) our mailing list or require your actual name. In the event you wish to subscribe or unsubscribe your e-mail address from this list, please follow the above instructions under "subscription information." ======================================================================= About EPIC ======================================================================= The Electronic Privacy Information Center is a public interest research center in Washington, DC. It was established in 1994 to focus public attention on emerging privacy issues such as the Clipper Chip, the Digital Telephony proposal, national ID cards, medical record privacy, and the collection and sale of personal information. EPIC publishes the EPIC Alert, pursues Freedom of Information Act litigation, and conducts policy research. For more information, see or write EPIC, 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009. +1 202 483 1140 (tel), +1 202 483 1248 (fax). ======================================================================= Donate to EPIC ======================================================================= If you'd like to support the work of the Electronic Privacy Information Center, contributions are welcome and fully tax-deductible. Checks should be made out to "EPIC" and sent to 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009. Or you can contribute online at: Your contributions will help support Freedom of Information Act and First Amendment litigation, strong and effective advocacy for the right of privacy and efforts to oppose government regulation of encryption and expanding wiretapping powers. Thank you for your support. ======================================================================= Subscription Information ======================================================================= Subscribe/unsubscribe via web interface: Back issues are available at: The EPIC Alert displays best in a fixed-width font, such as Courier. ------------------------- END EPIC Alert 17.21 ------------------------

Share this page:

Defend Privacy. Support EPIC.
US Needs a Data Protection Agency
2020 Election Security