You are viewing an archived webpage. The information on this page may be out of date. Learn about EPIC's recent work at

EPIC Alert 17.25

                            E P I C   A l e r t
Volume 17.25                                         December 17, 2010

                           Published by the
               Electronic Privacy Information Center (EPIC)
                           Washington, D.C.


                    "Defend Privacy. Support EPIC."

                  Report All Screening Experiences at
                   EPIC Body Scanner Incident Report

Table of Contents
[1] U.S. Government Pressures Companies to Cut Off Wikileaks
[2] EPIC Submits Comments on DHS Fusion Center Proposals
[3] Congress, FTC Privacy Report Examine Possibilities of Do Not Track 
[4] Briefing Schedule Announced in EPIC v. DHS, the Body Scanners Case
[5] Google's Street View Practices Face Continued Legal Scrutiny 
[6] News in Brief
[7] EPIC's Holiday Wish List: Gift Ideas
[8] Upcoming Conferences and Events

TAKE ACTION: Stop Airport Strip Searches!
- JOIN Facebook Group "Stop Airport Strip Searches" and INVITE Friends

[1] U.S. Government Pressures Companies to Cut Off Wikileaks

The release of thousands of leaked diplomatic cables by WIkileaks has
prompted the United States government to pressure Internet companies to
discontinue hosting and donation services for the organization.
Wikileaks allegedly obtained over 250,000 cables after they were leaked
by a member of the United States military.

The cables contain details about controversial activities of United
States diplomats and corporations overseas. After pressure from the
United State's officials, including Senator Joe Lieberman (I-CN),
companies such as Amazon and Tableau stopped hosting the Wikileaks
documents. Financial companies, including Visa, Mastercard, and Paypal
also bowed to government pressure and cut off Internet users' ability to
donate to Wikileaks.

In response to Internet companies' decision to cut off hosting and
donation services for Wikileaks, a large, disbursed group of hackers,
calling themselves "Anonymous"; launched a series of "Denial of Service"
attacks on sites such as Mastercard and Amazon. Anonymous, which is
unaffiliated with Wikileaks, dubbed the attacks "Operation: Payback" and
vowed to target websites of any company that tried to censor Wikileaks.

In light of the government's action, EPIC has submitted Freedom of
Information Act requests to several government agencies to determine
whether confidential donor information was improperly released by Visa,
Mastercard, or Paypal. This information concerns First Amendment
protected activity and its disclosure to the government, absent adequate
legal process, could be unlawful.


Tableau Statement Regarding Wikileaks Documents

Senator Lieberman and Senator Collin's Statement Regarding Wikileaks
Senator Lieberman's Statement Regarding Wikileaks

[2] EPIC Submits Comments on DHS Fusion Center Proposals

EPIC has submitted comments to the National Protection and Programs
Directorate and the Office of Operations, two components of the
Department of Homeland Security that wish to establish the first federal
fusion center. As required by federal laws, the components published a
notice of the proposed program in the federal register and allowed
thirty days for public comment. The components also published separate
notices to announce an intention to exempt the program from key
protections in the Federal Privacy Act of 1974, including provisions
that require the government to notify an individual about whom
information is collected and to give that individual a chance to correct
any erroneous data.

Fusion centers are digital intelligence databases that compile
information on individuals from a variety of different sources,
including government agencies, private sector firms, and anonymous
tipsters. These programs often have a substantial impact on individual
privacy due limited safeguards on the accuracy and retention of the
large amounts information that they retain. Congress had suspended
funding for a similar program, Total Information Awareness, that sought
to aggregate large amounts of information on Americans suspected of no

EPIC urged the Department to comply with Privacy Act
protections and to improve accountability and oversight of the programs.
EPIC noted that "in order to preserve privacy rights, enumerated in the
U.S. Constitution and expanded on by statute, the DHS should narrow its
claimed exemptions from the Privacy Act of 1974 and provide for specific
procedures and requirements to adequately notify, inform, and protect
the American public." Among other things, EPIC specifically recommended
that the Department "provide individuals with judicially enforceable
rights of access and correction" and "limit the mission and goals of the
proposed [program] to enumerate standards to guide the collection of

In the past, the federal government had continually asserted that fusion
centers were strictly state and local entities, though federal funding
and staff were provided. A 2008 Freedom of Information Act request from
EPIC to the Virginia State Police revealed that the Federal Bureau of
Investigation, as a condition to funding, had required the state fusion
center to comply with regulations restricting the disclosure of records
that would have otherwise been available to the public under state laws.

EPIC: Comments to the National Protection and Programs Directorate

EPIC: Comments to the Office of Operations Coordination and Planning

DHS: Local and State Fusion Centers

Privacy Act of 1974
EPIC: Information Fusion Centers and Privacy

EPIC: Total Information Awareness

EPIC v. Virginia Department of State Police (Fusion Center Secrecy Bill)

[3] Congress, FTC Privacy Report Examine Possibilities of Do Not Track

The Federal Trade Commission has released a preliminary staff report on
privacy and the Internet, following a series of public roundtable
discussions. The report recommends the establishment of a Do Not Track
mechanism, based in Internet browsers, which would enable users to
opt-out of third-party web tracking, including behavioral advertising.
The report also calls for simplified consumer privacy notices and
recommends that "companies . . . adopt a 'privacy by design' approach by
building privacy protections into their everyday business practices."

EPIC participated in the roundtable discussions preceding the report,
and submitted a statement on the privacy implications of cloud computing
and social networking. However, the Commission's report did not address
that issue. The Commission also did not consider the need for a U.S.
privacy agency, or a comprehensive federal privacy law based on "Fair
Information Practices," as EPIC and other privacy groups had urged.

Congress considered various proposals for a Do Not Track mechanism in a
hearing entitled "Do Not Track Legislation: Is Now the Right Time?" The
House Energy and Commerce Committee Subcommittee on Commerce, Trade, and
Consumer Protection conducted the hearing, which included witnesses from
the Department of Commerce, Federal Trade Commission, Consumer
Federation of America, TimeWarner, and Symantec.

EPIC submitted a statement to the Committee following this hearing,
recommending that Congress review the lessons learned from the history
of the Do Not Call List and the Telephone Consumer Protection Act. EPIC
said that an effective Do Not Track initiative must ensure that a
consumer's decision to opt-out is "enforceable, persistent, transparent,
and simple."

FTC Privacy Report

FTC Privacy Roundtables

EPIC: Statement to FTC on Cloud Computing/Social Networking

EPIC: Statement on Do Not Track (December 2010)
House Energy and Commerce Committee: Do Not Track Hearing (December 2010)
National Do Not Call Registry

Telephone Consumer Protection Act

EPIC: Online Tracking and Behavioral Advertising
EPIC: Federal Trade Commission

[4] Briefing Schedule Announced in EPIC v. DHS, the Body Scanners Case

In EPIC's suit against the Department of Homeland Security to strike
down the body scanner program, the Court of Appeals has ordered a new
briefing schedule, following multiple motions by the government to delay
the case.

The court set December 23, 2010 as the government's deadline for filing
a response to EPIC's opening brief, which was filed on November 1, 2010.
EPIC's final reply brief is due on January 27, 2011.

As the case progresses, evidence continues to mount that TSA's full-body
scanners are not designed to detect certain explosives or other
low-density materials that pose a threat to airline safety. Leon Kaufman
and Joseph W. Carlson's new study finds that "Even if exposure were to
be increased significantly, normal anatomy would make a dangerous amount
of plastic explosives with tapered edges difficult, if not impossible to
detect."; Kaufman and Carlson's study examined the imaging and device
specifications of the backscatter machines to estimate the body's
penetration and exposure from the x-ray beam, as well as the machines'
sensitivity to contraband. The study also echoes concerns about the
health risks associated with the devices.

The previous Congressional spending legislation for hiring and training
screeners to implement the body scanners program expires on December 18,
2010. Lawmakers are considering an omnibus appropriations package that
will allocate approximately three billion dollars to the agency for the
purchase of an additional five thousand screeners.

District of Columbia Circuit Court of Appeals Briefing Schedule Order

EPIC's Opposition to Government's Motion to Extend Filing Deadline

Evaluation of Airport X-ray Backscatter Units
[5] Google's Street View Practices Face Continued Legal Scrutiny 

Connecticut Attorney General and Senator-elect Richard Blumenthal issued
a "civil investigative demand," similar to a subpoena, for access to the
data collected from homes and businesses in Connecticut by Google's
Street View cars. Google has been purposefully and secretively
collecting wi-fi data in thirty countries over a three-year period
through its Street View vehicles, which Google originally maintained
merely collected images. "Google's story changed," Blumenthal said,
"first claiming only fragments were collected, then acknowledging entire

The Federal Communications Commission (FCC) opened an investigation into
Google's actions after EPIC filed a complaint asking the Commission to
investigate Google's possible violations of federal wiretap law and the
U.S. Communications Act. The Federal Trade Commission (FTC) recently
ended its "inquiry" into Street View. Despite requests from Members of
Congress, the FTC never pursued an independent investigation of Street
View, examined the data collected by Google in the United States, or
even acknowledged the findings of other agencies. The Representatives
asked the FTC to determine whether Google's actions "form the basis of
an unfair or deceptive act or practice that constitutes harm to
consumers" and whether Google's actions are "illegal under federal law."
EPIC has requested documents from the FTC under the Freedom of
Information Act to determine the scope of inquiry and the reason it was

Google's wi-fi data collection practices have fun afoul of privacy laws
in other countries as well. The New Zealand Privacy Commissioner found
that Google had "failed to tell people that it was collecting the open
wi-fi information and what it was going to use it for." She added,
"Google also breached our privacy law when it collected the content of
people's communications."

British officials recently announced that Google's Street View wi-fi
data collection violated UK data protection laws. The UK Information
Commissioner stated, "the collection of this information was not fair or
lawful and constitutes a significant breach of the first principle of
the Data Protection Act." Google practices have also been found to
violate Canadian law, and the Spanish Data Protection Agency has filed
suit against Google for five violations of Spanish law.

Connecticut Attorney General Announcement   

Wall Street Journal: FCC Investigation  

EPIC: Letter to FCC (May 21, 2010)  

FTC: Letter to Google (Oct. 27, 2010)  

Letter from Markey and Barton to FTC (May 19, 2010)  

New Zealand Privacy Commission: Press Release
Spanish DPA: Press Release     

Office of the Privacy Commissioner of Canada: Press Release 

EPIC: Google Street View 

[6] News in Brief

Vermont Urges Supreme Court to Overturn Medical Privacy Decision

The State of Vermont has petitioned the Supreme Court to review a Court
of Appeals decision striking down the state's prescription
confidentiality law. The law regulates data mining companies that sell
or use doctors' prescribing records containing personal information on
patients. EPIC had filed a "friend of the court" brief in support of the
law. The decision, issued by the Second Circuit, diverged significantly
with two previous decisions upholding similar laws in the First Circuit.
Vermont's brief emphasized the importance of consistency across state
boundaries, listing twenty-six other states considering proposed
prescription confidentiality laws. The Vermont Attorney General wrote,
"As the ability to amass volumes of information about prospective
customers - including health care providers - grows, States and other
regulators need guidance as to the scope of their ability to allow
individual Americans to control access to and use of their information."

Petition for Certiorari by State of Vermont

EPIC "Friend of the Court" Brief in Second Circuit Case

EPIC: IMS Health v. Sorrell

EPIC: IMS Health v. Ayotte

European Union Opens Anti-Trust Investigation of Google
The European Commission announced it is investigating Google for
potential anti-trust violations. The Commission decided to initiate
formal proceedings against Google after complaints from search-service
providers "about unfavorable treatment of their services in Google's
unpaid and sponsored search results coupled with an alleged preferential
placement of Google's own services." EPIC previously filed a complaint
with the Federal Trade Commission regarding Google's proposed merger
with the advertising company DoubleClick and its implications for
consumer privacy. EPIC Executive Director Marc Rotenberg also testified
in Congress during the review of this merger, urging the Federal Trade
Commission to establish privacy safeguards as a condition of the merger.
When the Agency approved the merger without this conditions, EPIC
charged that the Agency had "reason to act, and authority to act, but
failed to do so."
European Commission Announcement
EPIC FTC Complaint (April 2007)

EPIC Senate Testimony (September 2007)

EPIC Letter to FTC (December 2007)

EPIC: Google/Double Click Merger

ACLU Publishes of Location-Based Services: Time for a Privacy Check-In

The ACLU of Northern California released a report examining privacy
considerations for mobile location-based services. Location-based
services (LBS) include navigation tools, social networking, local
searches for businesses and events, and applications linking a user's
location to other activities. Smartphones, laptops, and in-car GPS
devices, as well as other location-aware devices, can make use of LBS.
Companies offering LBS assemble significant profiles of users; the
profiles are vulnerable to privacy breaches and are highly sought by law
enforcement. In addition to the report, the ACLU of Northern California
provides a side-by-side comparison of the most popular LBSs (Foursquare,
Facebook Places, Yelp, Gowall, Twitter and Loopt). They urge Congress to
update the Electronic Communications Privacy Act (ECPA) to better
protect consumers from the significant risks associated with LBS.

ACLU of Northern California
LBS Report: "Location-Based Services: Time for a Privacy Check-In"

Location-Based Services: Side-by-Side Comparison

Electronic Communications Privacy Act (ECPA)

EPIC: Locational Privacy

EPIC: Commonwealth v. Connolly

Healthcare Technology Panel Releases Report on Medical Privacy

The President's Council of Advisors on Science and Technology has
released a report entitled "Realizing the Full Potential of Health
Information Technology to Improve Healthcare for Americans: The Path
Forward." The report culls advice from industry and technology experts,
privacy groups, healthcare professionals and other experts to offer
recommendations for adoption of a "universal exchange language" allowing
health care professionals to gain real-time access to patient data while
maximizing privacy protections and patient control. Among other
recommendations, the report suggests embedding privacy rules, policies
and patient preferences in the metadata that will travel with patient
records as they are exchanged. The Council further recommends that
patient records be protected by regulation and criminal law as technical
protections alone would not provide sufficient security against misuse.
The report finds that the Health Insurance Portability and
Accountability Act (HIPAA) insufficiently protects patient privacy and
control, in part because most patients do not fully understand their
rights under the Act.

The President's Council of Advisors on Science and Technology

President's Council of Advisors on Science and Technology Report
Health Insurance Portability and Accountability Act (HIPAA) of 1996

U.S. Department of Health & Human Services, Health Information Privacy

EPIC: Medical Record Privacy

DOJ Agrees to Minimize Information in National Security Letters

The Department of Justice has volunteered to implement civil liberties
protections that Senator Patrick Leahy (D-VT) originally requested as
amendments to the USA Patriot Act Reauthorization Bill. According to the
Attorney General, the Federal Bureau of Investigation will minimize the
collection, use, and storage of information derived from National
Security Letters. The minimization measure was approved in committee,
but had not yet cleared the full Senate when Sen. Leahy advised the
Attorney General that he could voluntarily adopt many of the reforms
even without Congressional action. The Attorney General then sent a
letter to the Senator to announce that the Bureau has formalized the
procedures. After receiving the letter on December 9, 2010, Senator
Leahy praised the move. 

Letter from Attorney General to Senator Patrick Leahy
S. 1692: U.S. PATRIOT Act Sunset Extension of 2009
EPIC: National Security Letters

EPIC FOIA Request Reveals DOJ Security Lapses and Impairment

EPIC has published government records it retrieved under a Freedom of
Information Act request. The request sought all documents relating to an
Intelligence Oversight Board audit of the FBI. The disclosure reveals
failures to secure sensitive information stored on the Bureau's
classified network and failures comply with Department of Justice
oversight. Chief among the incidents discussed in the audit is a
reported security breach by a clerical support employee at the Bureau.
At the request of two supervisory special agents, the unnamed employee
distributed classified documents "to 126 email recipients, both within
and outside of the FBI." The audit also contains numerous reports of
failures to comply with reporting requirements. The audit report
considers those failures to have substantial impaired DOJ oversight of
certain FBI investigations. The report states "[w]here, as here, there
is no notice whatsoever of the existence of the investigation, there can
be no oversight."

Intelligence Oversight Board Matter 2007-2099

Intelligence Oversight Board Mattes 2008-102, 2008-128 to 2008-136

EPIC: Open Government

[7] EPIC's Holiday Wish List: Gift Ideas

The Insider, Reece Hirsch
Fast-paced thriller featuring a San Francisco law firm, a crypto
company, the NSA, the Russian mafia, and a former EPIC clerk.

The Social Network (Two-Disc Collector's Edition) (2010)
You've seen the movie. Now see it again. And then check your privacy

Fair Game, Valerie Plame Wilson
Imagine what fun Dick Cheney might have had with Wikileaks.

RADTriage 2.0 Personal Radiation Detector
A U.S. Military-grade personal radiation detector that instantly detects
radiation exposure in the event of a dirty bomb, nuclear reactor
accident and other sources of radiation. This always-on wallet
card/badge radiation detector does not require batteries or calibration.
The white sensor bar instantly turns blue when it detects harmful levels
of radiation. The darker the sensor bar turns, the higher the radiation
dose. (

Privacy: The Game
A Ballot Box of Fun! This secret ballot game will keep you guessing so
vote early and vote often! Players vote by answering a question and
placing a Yes or No reply disc in the secret envelope and dropping it
into the ballot box. Honesty counts, so answer truthfully. Then predict
how many Yes answers are in the box. Guessing the correct number or
coming closest to it wins you big points. So get out and rock the vote!

ScreenGuardZ 4-Way Privacy Screen Protector for iPhone 4
Keep those prying eyes away from your iPhone .  . .

Privacy Screen Filter for Blackberry Bold 9000
. . . and your Blackberry.

Photo Radar Blocker License Plate Privacy Cover 
Blocks the photo radar camera from seeing your license plate number from
cameras along the side of the road. (

Don't Touch My Junk! TSA X-Ray T-Shirt
Display prominently in airports and other places where TSA agents may be

EPIC Publications:

"Litigation Under the Federal Open Government Laws 2010," edited by
Harry A. Hammitt, Marc Rotenberg, John A. Verdi, Ginger McCall, and Mark
S. Zaid (EPIC 2010). Price: $75

Litigation Under the Federal Open Government Laws is the most
comprehensive, authoritative discussion of the federal open access laws.
This updated version includes new material regarding President Obama's
2009 memo on Open Government, Attorney General Holder's March 2009 memo
on FOIA Guidance, and the new executive order on declassification. The
standard reference work includes in-depth analysis of litigation under:
the Freedom of Information Act, the Privacy Act, the Federal Advisory
Committee Act, and the Government in the Sunshine Act. The fully updated
2010 volume is the 25th edition of the manual that lawyers, journalists
and researchers have relied on for more than 25 years.


"Information Privacy Law: Cases and Materials, Second Edition" Daniel
J. Solove, Marc Rotenberg, and Paul Schwartz. (Aspen 2005). Price: $98.

This clear, comprehensive introduction to the field of information
privacy law allows instructors to enliven their teaching of fundamental
concepts by addressing both enduring and emerging controversies. The
Second Edition addresses numerous rapidly developing areas of privacy
law, including: identity theft, government data mining and electronic
surveillance law, the Foreign Intelligence Surveillance Act,
intelligence sharing, RFID tags, GPS, spyware, web bugs, and more.
Information Privacy Law, Second Edition, builds a cohesive foundation
for an exciting course in this rapidly evolving area of law.


"Privacy & Human Rights 2006: An International Survey of Privacy Laws
and Developments" (EPIC 2007). Price: $75.

This annual report by EPIC and Privacy International provides an
overview of key privacy topics and reviews the state of privacy in over
75 countries around the world. The report outlines legal protections,
new challenges, and important issues and events relating to privacy.
Privacy & Human Rights 2006 is the most comprehensive report on privacy
and data protection ever published.


"The Public Voice WSIS Sourcebook: Perspectives on the World Summit on
the Information Society" (EPIC 2004). Price: $40.

This resource promotes a dialogue on the issues, the outcomes, and the
process of the World Summit on the Information Society (WSIS). This
reference guide provides the official UN documents, regional and
issue-oriented perspectives, and recommendations and proposals for
future action, as well as a useful list of resources and contacts for
individuals and organizations that wish to become more involved in the
WSIS process.


"The Privacy Law Sourcebook 2004: United States Law, International Law,
and Recent Developments," Marc Rotenberg, editor (EPIC 2005). Price:

The Privacy Law Sourcebook, which has been called the "Physician's Desk
Reference" of the privacy world, is the leading resource for students,
attorneys, researchers, and journalists interested in pursuing privacy
law in the United States and around the world. It includes the full
texts of major privacy laws and directives such as the Fair Credit
Reporting Act, the Privacy Act, and the OECD Privacy Guidelines, as
well as an up-to-date section on recent developments. New materials
include the APEC Privacy Framework, the Video Voyeurism Prevention Act,
and the CAN-SPAM Act.


"Filters and Freedom 2.0: Free Speech Perspectives on Internet Content
Controls" (EPIC 2001). Price: $20.

A collection of essays, studies, and critiques of Internet content
filtering. These papers are instrumental in explaining why filtering
threatens free expression.


EPIC publications and other books on privacy, open government, free
expression, crypto and governance can be ordered at:

EPIC Bookstore


EPIC also publishes EPIC FOIA Notes, which provides brief summaries of
interesting documents obtained from government agencies under the
Freedom of Information Act.

Subscribe to EPIC FOIA Notes at:

[8] Upcoming Conferences and Events

"Computers, Privacy, and Data Protection Conference European Data
Protection: In Good Health?" Brussels, Belgium, 25-28 January 2011. For
More Information:

"The Tenth Workshop on Economics of Information Security." The George
Mason University, 14-15 June 2011. For More Information:

"Computers, Freedom, and Privacy 2011." Georgetown Law Center,
Washington D.C., 14-16 June 2011. For More Information:

Join EPIC on Facebook

Join the Electronic Privacy Information Center on Facebook

Start a discussion on privacy. Let us know your thoughts.
Stay up to date with EPIC's events.
Support EPIC.

Privacy Policy

The EPIC Alert mailing list is used only to mail the EPIC Alert and to
send notices about EPIC activities. We do not sell, rent or share our
mailing list. We also intend to challenge any subpoena or other legal
process seeking access to our mailing list. We do not enhance (link to
other databases) our mailing list or require your actual name.

In the event you wish to subscribe or unsubscribe your e-mail address
from this list, please follow the above instructions under "subscription

About EPIC

The Electronic Privacy Information Center is a public interest research
center in Washington, DC. It was established in 1994 to focus public
attention on emerging privacy issues such as the Clipper Chip, the
Digital Telephony proposal, national ID cards, medical record privacy,
and the collection and sale of personal information. EPIC publishes the
EPIC Alert, pursues Freedom of Information Act litigation, and conducts
policy research. For more information, see or write
EPIC, 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009. +1 202
483 1140 (tel), +1 202 483 1248 (fax).

Donate to EPIC

If you'd like to support the work of the Electronic Privacy Information
Center, contributions are welcome and fully tax-deductible. Checks
should be made out to "EPIC" and sent to 1718 Connecticut Ave., NW,
Suite 200, Washington, DC 20009. Or you can contribute online at:

Your contributions will help support Freedom of Information Act and
First Amendment litigation, strong and effective advocacy for the right
of privacy and efforts to oppose government regulation of encryption and
expanding wiretapping powers.

Thank you for your support.

Subscription Information

Subscribe/unsubscribe via web interface:

Back issues are available at:

The EPIC Alert displays best in a fixed-width font, such as Courier.

------------------------- END EPIC Alert 17.25 ------------------------

Share this page:

Defend Privacy. Support EPIC.
US Needs a Data Protection Agency
2020 Election Security