EPIC Alert 21.11

======================================================================= E P I C A l e r t ======================================================================= Volume 21.11 June 16, 2014 ----------------------------------------------------------------------- Published by the Electronic Privacy Information Center (EPIC) Washington, D.C. http://www.epic.org/alert/epic_alert_21.11.html "Defend Privacy. Support EPIC." http://epic.org/support ========================================================================= Table of Contents ========================================================================= [1] EPIC v. NSA: EPIC Obtains Presidential Directive for Cybersecurity [2] EPIC Celebrates 20 Years of Protecting Privacy [3] EPIC Urges FTC to Protect Snapchat Users' Privacy [4] FTC Urges Court to Protect Student Privacy [5] EPIC Brief: Extend Relief for Driver Privacy Claims [6] News in Brief [7] EPIC in the News [8] EPIC Book Review: 'The Sting of the Drone' [9] Upcoming Conferences and Events ========================================================================= [1] EPIC v. NSA: EPIC Obtains Presidential Directive for Cybersecurity ========================================================================= After almost five years, EPIC has obtained National Security Presidential Directive (NSPD) 54 in response to a Freedom of Information Act request to the NSA. The Directive was issued by President George W. Bush in January 2008 and is the basis for all recent US cybersecurity policies. For the first time, the public has access to the document empowering federal agencies to share cybersecurity information, develop offensive cyber programs and improve automated and predictive cyber technologies. The previously Top Secret NSPD 54 reveals the underlying legal authority for significant changes to federal cybersecurity over the last five years, and is markedly different from overview previously released by the White House. The 15-page document, provided to EPIC with little redaction, reveals new information about the government's coordinated cybersecurity efforts, including the enumerated responsibilities of each involved federal agency, the establishment of a cyber-center and the National Cyber Investigative Task Force, and deployment of the Einstein cybersurveillance system. EPIC first sought public release of NSPD 54 in 2009. After the agency failed to disclose the document, EPIC filed suit. A federal district court ruled in 2013 that the Directive was not subject to the Freedom of Information Act, and EPIC subsequently filed an appeal in the US Court of Appeals for the DC Circuit. EPIC filed an opening brief in the Federal Appeals Court on March 31, 2014. On June 5, 2014, just a few days before the government's brief was due,the NSA released the document to EPIC and offered to settle the case. EPIC: Text of NSPD 54 (Jan. 9, 2008) http://epic.org/privacy/cybersecurity/EPIC-FOIA-NSPD54.pdf EPIC: EPIC v. NSA (NSPD 54) https://epic.org/privacy/nsa/epic_v_nsa.html EPIC: EPIC v. NSA (NSPD 54 Appeal) https://epic.org/foia/nsa/nspd-54/appeal/ EPIC: Cybersecurity https://epic.org/privacy/cybersecurity/ EPIC: Brief in NSPD 54 (Apr. 7, 2014) https://epic.org/foia/nsa/nspd-54/appeal/13-5369-EPIC-Brief.pdf Public Citizen et al.: "Friend of the Court" Brief (Apr. 7, 2014) https://epic.org/foia/nsa/nspd-54/appeal/Public-Citizen-Amicus.pdf ======================================================================== [2] EPIC Celebrates 20 Years of Protecting Privacy ======================================================================== EPIC celebrated 20 years of privacy advocacy at a June 2 awards dinner in Washington, DC. EPIC presented the 2014 Champions of Freedom Awards to Rep. Justin Amash (R-MI), newspaper The Guardian, and Edward Snowden for their roles in bringing to light and opposing the National Security Agency's mass telephone surveillance program. Bruce Schneier hosted the event and EPIC President Marc Rotenberg delivered remarks on the occasion of EPIC's 20th anniversary. Professor Anita Allen of the University of Pennsylvania received the EPIC Lifetime Achievement Award, based on her work over the years as the nation's leading privacy scholar. Allen has written and lectured widely on privacy law and ethics, and has been a member of EPIC's Advisory Board. Edward Snowden was unable to accept in person, but delivered a recorded message thanking EPIC for the award and for continuing to work on behalf of privacy. EPIC established the Champion of Freedom Awards in 2004 to recognize individuals and organizations that have helped safeguard the right of privacy with courage and integrity. Previous recipients include Senator Patrick Leahy (D-VT) (2004); Rep. Ed Markey (D-MA), Supreme Court litigator Paul Smith, and producer/director DJ Caruso (2009); Rep. Joe Barton (R-TX), privacy philanthropy The Rose Foundation, and former FTC Chair Pamela Jones Harbour (2010); Reps. Jason Chaffetz (R-UT) and Rush Holt (D-NJ), The Wall Street Journal, and former Miss USA Susie Castillo (2011); Sen. Al Franken (D-MN), Judge Alex Kozinski, journalist Dana Priest, cryptographer Whitfield Diffie, and the late computer pioneer Willis Ware (2012); and Sens. Rand Paul (R-KY) and Ron Wyden (D-OR), journalist Martha Mendoza, consumer advocate Susan Grant, and legal scholar David Flaherty (2013). EPIC: 2014 Champion of Freedom Awards Dinner http://epic.org/june02/ EPIC: About Edward Snowden http://epic.org/privacy/nsa/snowden/ EPIC: Edward Snowden Accepting Award at Dinner (Jun. 2, 2014) http://vimeo.com/97370290 Bruce Schneier: Blog Post on Dinner (Jun. 4, 2014) https://www.schneier.com/blog/archives/2014/06/edward_snowden_.html EPIC: Remarks of EPIC President Marc Rotenberg at Dinner (Jun. 2, 2014) http://epic.org/june02/Marc-Remarks-EPICs-20th.pdf EPIC: Announcement of EPIC's Creation (1994) http://epic.org/epic/EPIC-Founding-1994.pdf ========================================================================= [3] EPIC Urges FTC to Protect Snapchat Users' Privacy ========================================================================= EPIC has submitted comments to the Federal Trade Commission over the agency's proposed consent agreement with photo-app maker Snapchat, urging the FTC to require Snapchat to safeguard consumer privacy. Following a 2013 EPIC complaint, the FTC investigated Snapchat and subsequently signed a consent order with the company. Snapchat's mobile app encourages users to share intimate photos and videos, claiming that pictures and videos would "disappear forever." In fact, this claim was false: As EPIC explained, "Snapchat photos and videos remain available to others even after users are informed that the photos and videos have been deleted." The FTC investigation into Snapchat not only confirmed the deceptive practice described in EPIC's complaint but unearthed additional deceptive practices. Snapchat claimed users would receive a notification if a recipient of a photo or video took a screenshot; the FTC found this not to be the case. The FTC also found that Snapchat collected location and contact information without properly notifying users. EPIC expressed support for the FTC's recent findings and recommended that the agency require Snapchat to implement the Consumer Privacy Bill of Rights, which would impose certain requirements on the collection and use of personal information in the social networking context. EPIC also recommended that the agency make Snapchat's independent privacy assessments publicly available. In 2007, EPIC pursued similar claims involving false promises about data deletion with AskEraser. EPIC has also made similar recommendation for other proposed FTC consumer privacy settlements. Previous EPIC complaints have lead to FTC consent agreements with various companies, including Google and Facebook. EPIC: Comments on Proposed Consent Snapchat Agreement (June 9, 2014) http://epic.org/privacy/ftc/FTC-Snapchat-Cmts.pdf FTC: Proposed Consent Order with Snapchat (May 8, 2014) http://epic.org/redirect/051614-ftc-snapchat-order.html EPIC: Complaint to FTC re: Snapchat (May 16, 2013) http://epic.org/privacy/ftc/EPIC-Snapchat-Complaint.pdf EPIC: AskEraser http://epic.org/privacy/ask/ EPIC: Federal Trade Commission http://epic.org/privacy/internet/ftc/ ========================================================================= [4] FTC Urges Court to Protect Student Privacy ========================================================================= The Federal Trade Commission is opposing the sale of student data in a bankruptcy proceeding for ConnectEDU, an educational technology website that amasses student data. The company's privacy policy promises to give students "reasonable notice and an opportunity to remove personally identifiable information" from the website. The FTC has said that the sale of student information "without reasonable notice to users and an opportunity to remove personal information would contradict the privacy statements originally made to users." The FTC letter also cites consent agreements with Snapchat, Google, and Facebook, each of which was a result of an EPIC complaint with the FTC. In 2013, EPIC filed an extensive complaint over Scholarships.com's business practices, which encourage students to divulge sensitive medical, sexual orientation, and religious data in order to obtain financial aid information. ConnectEDU and other private companies have been able to access student data after the US Department of Education amended the Family Educational Rights and Privacy Act, a federal student privacy law. In 2012, EPIC sued the Education Department over those changes, arguing that the changes significantly weakened student privacy protections and that the agency did not have statutory authority to amend the law. The FTC has recently made other strides to protect student information, including providing guidance for schools and private companies collecting student data for children under 13. Senators Edward Markey (D-MA) and Orrin Hatch (R-UT) have proposed a "Protecting Student Privacy Act." The draft bill: "(1) requires that data security safeguards be put in place to protect sensitive student data that is held by private companies; (2) prohibits the use of students' personally identifiable information to advertise or market a product or service; (3) provides parents with the right to access the personal information about their children - and amend that information if it's incorrect -- that is held by private companies just as they would if the data were held by the school itself; (4) makes transparent the name of companies that have access to student information by directing school districts to maintain a record of all outside companies with which the school contracts; (5) minimizes the amount of personally identifiable information that is transferred from schools to private companies; (6) ensures private companies cannot maintain dossiers on students in perpetuity by requiring the companies to later delete personally identifiable information." The proposed legislation also highlights many of the protections EPIC endorsed in its Student Privacy Bill of Rights. FTC: Statement in ConnectEdu Bankruptcy (May 22, 2014) http://epic.org/redirect/061614-ftc-connectedu.html ConnectEdu.com http://www.connectedu.com/ ConnectEdu: Bankruptcy Filing (Apr. 28, 2014) http://epic.org/privacy/student/Connectedu-Bankrupt-Petition.pdf ConnectEdu: Privacy Policy http://www.connectedu.com/privacypolicy EPIC: FTC Complaint re: Scholarships.com (Dec. 12, 2013) http://epic.org/privacy/student/EPIC-FTC-Compl-Scholarships.com.pdf FTC: In the Matter of Snapchat, Inc. (May 14, 2014) http://epic.org/redirect/051614-ftc-snapchat-order.html FTC: In the Matter of Google, Inc. (Oct. 24, 2011) http://epic.org/redirect/061614-ftc-google.html FTC: In the Matter of Facebook, Inc. (Aug. 10, 2012) http://www.ftc.gov/os/caselist/0923184/111129facebookagree.pdf EPIC: EPIC v. U.S. Department of Education http://epic.org/apa/ferpa/ Sen. Ed Markey: Release on Student Privacy Legislation (May 14, 2014) http://epic.org/redirect/061614-markey-student-privacy.html EPIC: Federal Trade Commission http://epic.org/privacy/internet/ftc/ The Washington Post: "Why a 'Student Privacy Bill of Rights' is Desperately Needed" (Mar. 6, 2014) http://www.washingtonpost.com/blogs/answer-sheet/wp/2014/03/06/why-a- student-privacy-bill-of-rights-is-desperately-needed/ EPIC: Student Privacy http://epic.org/privacy/student/ ========================================================================= [5] EPIC Brief: Extend Relief for Driver Privacy Claims ========================================================================= EPIC has filed a "friend of the court" brief in McDonough v. Anoka County, a case involving the Driver's Privacy Protection Act. The DPPA was enacted by Congress in 1994 to protect the privacy of motor vehicle information held by state Department of Motor Vehicles and prohibits the disclosure, except in narrow circumstances, of sensitive personal information that individuals are required to provide to state DMVs. EPIC's brief argues that the previous rule applied by a lower court was wrong and would limit the ability of many DPPA victims to seek redress in federal court by cutting off their claims before they had a chance to discover them. Rather, EPIC advocates different a legal rule, the "discovery rule," so the statute of limitations on these claims does not begin running until victims know, or have reason to know, their information has been impermissibly accessed. "Because SSNs and other sensitive personal data obtained by DMVs," EPIC's brief states, "[and] are used in such a wide variety of contexts, it may be months or years before an individual becomes aware that their data has been misused or that their identity has been stolen. Special protections are necessary for driver records because of the increasing risk of identity theft." EPIC has been a frequent defender of DPPA and filed several "friend of the court" briefs in DPPA cases, including two in the US Supreme Court, urging federal courts to uphold the intent of the Act. EPIC: Brief in McDonough v. Anoka County (Jun. 4, 2014) https://epic.org/amicus/dppa/bass/EPIC-Amicus-McDonough.pdf EPIC: McDonough v. Anoka County http://epic.org/amicus/dppa/bass/ EPIC: DPPA http://epic.org/privacy/drivers/ EPIC: Reno v. Condon (1999) http://epic.org/privacy/drivers/epic_dppa_brief.pdf EPIC: Maracich v. Spears http://epic.org/amicus/dppa/maracich/ EPIC: Gordon v. Softech Int'l http://epic.org/amicus/dppa/softech/ ======================================================================== [6] News in Brief ======================================================================== Facebook to Profile User Browsing, May Violate FTC Consent Order Facebook has announced that it will begin collecting detailed browser history on users for advertising purposes. Users who object were told to opt-out. Facebook's plan may violate a Federal Trade Commission order that prohibits the company from changing business practices without users' express consent. The FTC order follows from complaints filed by EPIC and other consumer privacy organizations in 2009 and 2010. In issuing the order, the FTC found that Facebook "deceived consumers by telling them they could keep their information on Facebook private, and then repeatedly allowing it to be shared and made public." A recent Consumer Reports poll found that consumers overwhelmingly object to having their online activities tracked for advertising purposes. Facebook: Post on Advertising Changes (Jun. 12, 2014) https://www.facebook.com/help/585318558251813?ref=notif¬if_t=oba FTC: Facebook Order on User Consent (Aug. 10, 2012) http://www.ftc.gov/os/caselist/0923184/111129facebookagree.pdf EPIC: In re Facebook (Dec. 17, 2009) http://epic.org/privacy/inrefacebook/EPIC-FacebookComplaint.pdf EPIC: In re Facebook II (May 5, 2014) http://www.ftc.gov/os/caselist/0923184/111129facebookagree.pdf FTC: Press Release on Google Settlement (Nov. 29, 2011) http://ftc.gov/opa/2011/11/privacysettlement.shtm Consumer Reports: Poll on Privacy (May 27, 2014) http://epic.org/redirect/053014-CR-privacy-2014.html EPIC: Facebook Privacy http://epic.org/privacy/facebook/ EPIC: FTC Facebook Settlement http://epic.org/privacy/ftc/facebook/ EPIC: Online Tracking and Behavioral Profiling http://epic.org/privacy/consumer/online_tracking_and_behavioral.html EPIC: Practical Privacy Tools http://epic.org/privacy/tools.html EPIC Open Government Director Appointed to FOIA Advisory Committee EPIC Open Government Project Director Ginger McCall has been appointed to the federal government's Freedom of Information Act (FOIA) Modernization Committee, whose goal is advising on ways to improve the administration of FOIA. The Committee will have 20 members - 10 from within government and 10 from outside of government - and will chaired by Office of Government Information Services director Miriam Nisbet. The first meeting will be held at the National Archives and Records Administration in Washington, DC on June 24, from 10:00AM- 1:00PM EDT. EPIC: Ginger McCall http://epic.org/epic/staff_and_board.html#mccall National Archives FOIA Ombudsman: Committee Meeting (Jun. 4, 2014) http://epic.org/redirect/061614-foia-meeting.html OGIS: Federal FOIA Ombudsman https://ogis.archives.gov/?p=//ogis/index.html National Archives FOIA Ombudsman: "Modernizing FOIA" (Jan. 29, 2014) http://blogs.archives.gov/foiablog/2014/01/29/modernizing-foia/ EPIC: FOIA Cases http://epic.org/foia Senate Holds Hearing on Consumer Location Privacy Protection The US Senate Judiciary Committee held a June 4 hearing on the "Location Privacy Protection Act of 2014," authored by Senator Al Franken (D-MN). In an opening statement, Senator Franken stated that the "bill makes sure that if a company wants to get your location...they need to get your permission first." Director of the FTC Consumer Protection Bureau, Jessica Rich, testified that location data is "sensitive information" that "raises privacy concerns." The FTC recently signed a 20-year consent order with photo-sharing app Snapchat after finding that Snapchat was collecting location information in contradiction to the company's stated privacy policy. The FTC investigated Snapchat after EPIC filed a complaint with the agency detailing the company's deceptive practices. In 2012 EPIC filed a "friend of the court" brief in a State of New Jersey v. Earls, a location privacy case in which the New Jersey Supreme Court's landmark decision held that individuals have an expectation of privacy in their cell phone data. Senate Judiciary Committee: Hearing on Location Privacy (Jun. 4, 2014) http://epic.org/redirect/061614-senate-location-privacy.html GovTrack: Location Privacy Protection Act of 2014 (Mar. 27, 2014) https://www.govtrack.us/congress/bills/113/s2171/text FTC: Text of Snapchat Settlement (May 8, 2014) http://epic.org/redirect/051614-ftc-snapchat-order.html EPIC: Complaint to FTC re: Snapchat (May 16, 2013) http://epic.org/privacy/ftc/EPIC-Snapchat-Complaint.pdf EPIC: "Friend of the Court" Brief in State v. Earls (Mar. 19, 2012) http://epic.org/amicus/location/earls/EPIC-Earls-Amicus-NJ-SCt.pdf EPIC: State v. Earls http://epic.org/amicus/location/earls/ EPIC: Location Privacy http://epic.org/privacy/location_privacy/ Report: Half of US Adults' Data Hacked So Far in 2014 A new report finds that 432 million online accounts in the US have been hacked in the first half of 2014, affecting about 110 million users. In the last year, 70 million Target customers, 33 million Adobe users, 4.6 million Snapchat users, and potentially all 148 million eBay users had their personal information exposed by database breaches. The President's science advisors recently found little risk in the continued collection of personal data. However, the FTC's recent report on data brokers warned, "collecting and storing large amounts of data not only increases the risk of a data breach or other unauthorized access but also increases the potential harm that could be caused." Earlier in 2014, EPIC urged the White House to promote Privacy Enhancing Techniques that minimize or eliminate the collection of personally identifiable information. CNN/Ponemon Institute: Report on Hacked US Accounts in 2014 (May 2014) http://money.cnn.com/2014/05/28/technology/security/hack-data-breach Krebs on Security: Post on Target Hacks (Feb. 14, 2014) https://krebsonsecurity.com/tag/target-data-breach/ EPIC: "Snapchat Data Breach Exposes 4.6 Million Usernames" (Jan. 2, 2014) http://epic.org/2014/01/snapchat-data-breach-exposes-4.html The Washington Post: Article on eBay Breach (May 23, 2014) http://www.washingtonpost.com/blogs/the-switch/wp/2014/05/23/ebay- says-hackers-didnt-get-any-financial-information-but-its-data- breach-is-still-bad-news-for-consumers/ OSTP: President's Council of Advisors on Science and Technology http://www.whitehouse.gov/administration/eop/ostp/pcast PCAST: Report on Big Data and Privacy (May 14, 2014) http://epic.org/redirect/051614-pcast-big-data.html FTC: Report on Data Brokers (May 2014) http://epic.org/redirect/053014-FTC-data-broker-report.html EPIC: Report to OSTP on Big Data and Privacy (Apr. 4, 2014) http://epic.org/privacy/big-data/EPIC-OSTP-Big-Data.pdf EPIC: Big Data and the Future of Privacy http://epic.org/privacy/big-data/ EPIC: Identity Theft http://epic.org/privacy/idtheft/ EPIC: ChoicePoint http://epic.org/privacy/choicepoint/ EPIC, Partners Draft Model FOIA Regulations EPIC, in conjunction with Citizens for Responsibility and Ethics in Washington, the National Security Archive, and Openthegovernment.org, has drafted model Freedom of Information Act regulations. Under the "National Action Plan" for open government, the US Department of Justice has been tasked with creating a uniform set of FOIA regulations that would apply across the government. EPIC's model FOIA regulations are designed to make it easier for FOIA requesters to obtain agency documents, favorable fee status, and expedited processing. They would also create a balancing test that agencies would need to satisfy before asserting Exemption 5 for internal agency memos. The model FOIA regulations have received the endorsement of more than 25 transparency and accountability groups. Citizens for Responsibility and Ethics in Washington (CREW) http://www.citizensforethics.org/ George Washington University: The National Security Archive http://www2.gwu.edu/%7Ensarchiv/ openthegovernment.org http://www.openthegovernment.org/ EPIC et al.: Model FOIA Regulations http://www.modelfoiaregs.org/ US Justice Dept.: Open Government Plan 3.0 (June 2014) http://www.justice.gov/open/doj-open-government-plan.pdf EPIC: Open Government http://epic.org/open_gov/ EU Cites Progress on Data Protection Speaking in Luxembourg before the European Counsel of Justice, EU Commissioner Viviane Reding said that the EU Council had advanced two key data protection goals in 2014. First, Reding announced an "agreement on the rules that govern data transfers to third countries." Second, Reding said, "Ministers agreed on the territorial scope of the data protection regulation. In simple words: EU data protection law will apply to non-European companies if they do business on our territory." Reding also stated that the EU is on track to ensure "the completion of the Digital Single Market by 2015." European Commission: V. Reding on Data Protection Goals (Jun. 6, 2014) http://europa.eu/rapid/press-release_SPEECH-14-431_en.htm?locale=en EU Council: Conclusions of 2013 Report (Oct. 2013) http://epic.org/redirect/103113-eu-libe-vote.html EPIC: EU Data Protection Directive http://epic.org/privacy/intl/eu_data_protection_directive.html EPIC: Council of Europe Privacy Convention http://epic.org/privacy/intl/coeconvention/ EPIC: "23 US NGOs Support EU Data Protection Regulation" (Oct. 2013) http://epic.org/2013/10/23-us-ngos-support-eu-data-pro.html Apple Announces New Privacy-Enhancing Techniques in iOS 8 Apple has announced new privacy-enhancing techniques that will limit the ability of third parties to track Apple mobile devices. Specifically, iOS8 will use "random, locally administered MAC addresses," rather than unique device IDs, to connect to the Internet. Currently, law enforcement and private companies can track mobile phones because of the unique MAC address associated with each device. In 2004 EPIC recommended that MAC addresses in IPv6 be randomized to avoid tracking. The change in the Apple iOS implements this proposal. Apple WWDC: "User Privacy on iOS and OSX" (June 2014) http://epic.org/redirect/061614-ios8-privacy.html Quartz.com: Post on iOS8 (Jun. 9, 2014) http://epic.org/redirect/061614-quartz-ios8-privacy.html EPIC: Comments to NIST on IPv6 (Mar. 8, 2004) http://epic.org/privacy/internet/IPv6_comments.pdf EPIC: Practical Privacy Tools https://epic.org/privacy/tools.html EPIC: Location Privacy http://epic.org/privacy/location_privacy/ ======================================================================== [7] EPIC in the News ======================================================================== "Try a Little Common Sense: Some Material Ought to Be Delinked by Google." Op-Ed in The New York Times, June 13, 2014. http://www.nytimes.com/2014/06/14/opinion/joe-nocera-some- material-ought-to-be-delinked-by-google.html "The Hightower Report: Is it smart to connect smartphones with smart homes?" The Austin Chronicle, June 13, 2014. http://www.austinchronicle.com/news/2014-06-13/the-hightower- report-is-it-smart-to-connect-smartphones-to-smart-homes/ "Facebook to Target Ads Based on Web Browsing." The Wall Street Journal, June 12, 2014. http://online.wsj.com/articles/facebook-to-give-advertisers-data- about-users-web-browsing-1402561120 "Facebook Ad Targeting Will Use Even More Of Your Data." NPR, June 12, 2014. http://www.npr.org/blogs/alltechconsidered/2014/06/12/321325434/ facebook-ad-targeting-will-use-even-more-of-your-data "US pushing local cops to stay mum on surveillance." Bloomberg Business Week, June 12, 2014. http://www.businessweek.com/ap/2014-06-12/us-pushing-local-cops-to- stay-mum-on-surveillance "Facebook gets personal -- with your browsing data." Detroit Free Press, June 12, 2014. http://www.freep.com/article/20140612/FEATURES01/306120121/ Facebook-browsing-history-ads "Facebook will use your browsing history to target ads." KSDK St. Louis, June 12, 2014. http://www.ksdk.com/story/news/nation/2014/06/12/facebook- browsing-history-ad-targeting/10366555/ "Experts propose model to close loopholes in FOIA regulations." Federal News Radio, June 12, 2014. http://www.federalnewsradio.com/489/3640453/Experts-propose-model- to-close-loopholes-in-FOIA-regulations "Microsoft Wages Court Fight to Prevent U.S. Search of Overseas Data." EWeek, June 11, 2014. http://www.eweek.com/security/microsoft-wages-court-fight-to- prevent-us-search-of-overseas-data.html "EPIC Pushes FTC For Stronger Snapchat Privacy Pact." Law360, June 11, 2014. http://www.law360.com/articles/547075/epic-pushes-ftc-for-stronger- snapchat-privacy-pact "NSA Releases NSPD-54 on Cybersecurity Policy." Federation of American Scientists, June 10, 2014. http://fas.org/blogs/secrecy/2014/06/nspd-54/ "Internet connected 'things' worth billions to Canada." Calgary Herald, June 10, 2014. http://www.calgaryherald.com/technology/Internet+connected+things+ worth+billions+Canada/9924956/story.html "The EPIC FOIA Battle for NSPD-54." Politico, June 9, 2014. http://www.politico.com/morningcybersecurity/0614/ morningcybersecurity14218.html "A Public Advocate for Privacy." The National Law Review, June 6, 2014. http://www.natlawreview.com/article/public-advocate-privacy "N.H. Student Data Privacy Law 'One Of Most Comprehensive' In Nation." New Hampshire Public Radio, June 5, 2014. http://nhpr.org/post/nh-student-data-privacy-law-one-most- comprehensive-nation "Secret Service wants software that detects sarcasm on social media. (Yeah, good luck.)." The Washington Post, June 3, 2014. http://www.washingtonpost.com/politics/the-secret-service-wants- software-that-detects-sarcasm-yeah-good-luck/2014/06/03/ 35bb8bd0-eb41-11e3-9f5c-9075d5508f0a_story.html "FTC should raise the bar on use of data businesses sweep up on the Internet." The Buffalo News, June 2, 2014. http://www.buffalonews.com/opinion/buffalo-news-editorials/ ftc-should-raise-the-bar-on-use-of-data-businesses-sweep-up-on-the- internet-20140602 "Intruders for the Plugged-In Home, Coming In Through the Internet." The New York Times, June 1, 2014. http://bits.blogs.nytimes.com/2014/06/01/dark-side-to-internet-of- things-hacked-homes-and-invasive-ads/ "Facebook's next conquest: Kids?" Politico, May 30, 2014. http://www.politico.com/story/2014/05/facebook-patent-children- 107246.html For More EPIC in the News: http://epic.org/news/epic_in_news.html ======================================================================== [8] EPIC Book Review: 'Sting of the Drone' ======================================================================== "Sting of the Drone," Richard A. Clarke http://amzn.to/1l1dK4s White House National Security veteran Richard Clarke's new action thriller "Sting of the Drone" may establish a new genre for Washington policymakers. This book is not just a quick-paced novel about a clever plot to turn drone warfare against the United States, it is also a stinging critique of current US policy by a former Presidential advisor. Toss the briefing books and the PowerPoint presentations - if you want to get your point across in Washington, an action thriller may be the way to go. And it is an excellent thriller. Clarke brings us into the drone operations center outside of Las Vegas, where drone pilots track foreign targets and direct their weaponized flying machines. Clarke also takes us into a White House meeting for an agency head sign-off on the target list, a process that the President has claimed he oversees. Clark tells a different story. And then he takes us into DC hotel rooms for a little spy colleagues rendezvous: "I meant what I said that night at the Ritz. I like being single, too. I get that right now your career is central, mine is for me, too." The tradecraft also keeps clicking. Clarke takes us through IP mapping, GPS spoofing, data mining, signal jamming, and facial recognition. We learn a lot about the maneuverability of the Predator drone and the battery requirements of Stinger missiles. Clarke is very good on detail. How many of his specifics are, or could be, real is an interesting question, considering that he is intimately familiar with these techniques. Clarke's take on the drone program is damning. Collateral damage is significant and understated by the White House. The key players are out of their depth. The oversight is weak. The legal boundaries are not clear. And for every target the US successfully takes out the blowback is greater. Pushbutton warfare has consequences. Clarke pushes the premise further by describing a world in which the targets are fed up and decide to change the rules of the game. This premise is all the more frightening because it has probably occurred, and the US is about to embark on a significant expansion of drone deployment within our borders. Clarke speaks not only to our policy abroad but also to the flying machine here at home. Unfortunately, Clark's skepticism about drone warfare does not extend to some of the other military technologies that have made their way to US shores. Facial recognition turns out to be surprisingly effective in one key sequence, using a remarkable data mining tool codenamed Minerva that pretty much knows everything about everything. And it's always right. Perhaps someone will write a novel about a crowd-sourced effort to identify a bombing suspect. A good twist would include a hi-tech company trying to establish its bona fides as a press organization and a college student with a foreign name who commits suicide. In the meantime, EPIC will continue to help the ACLU and The New York Times force the release of the legal memo that justified the killing of American citizens by drone. Whatever the legal theory is for shooting down Americans with Flying Killer Robots, it should be made public. -- Marc Rotenberg ======================================= EPIC Book Store ======================================= "Litigation Under the Federal Open Government Laws 2010," edited by Harry A. Hammitt, Marc Rotenberg, John A. Verdi, Ginger McCall, and Mark S. Zaid (EPIC 2010). Price: $75. http://epic.org/bookstore/foia2010/ Litigation Under the Federal Open Government Laws is the most comprehensive, authoritative discussion of the federal open access laws. This updated version includes new material regarding President Obama's 2009 memo on Open Government, Attorney General Holder's March 2009 memo on FOIA Guidance, and the new executive order on declassification. The standard reference work includes in-depth analysis of litigation under: the Freedom of Information Act, the Privacy Act, the Federal Advisory Committee Act, and the Government in the Sunshine Act. The fully updated 2010 volume is the 25th edition of the manual that lawyers, journalists and researchers have relied on for more than 25 years. ================================ "Information Privacy Law: Cases and Materials, Second Edition" Daniel J. Solove, Marc Rotenberg, and Paul Schwartz. (Aspen 2005). Price: $98. http://www.epic.org/redirect/aspen_ipl_casebook.html This clear, comprehensive introduction to the field of information privacy law allows instructors to enliven their teaching of fundamental concepts by addressing both enduring and emerging controversies. The Second Edition addresses numerous rapidly developing areas of privacy law, including: identity theft, government data mining and electronic surveillance law, the Foreign Intelligence Surveillance Act, intelligence sharing, RFID tags, GPS, spyware, web bugs, and more. Information Privacy Law, Second Edition, builds a cohesive foundation for an exciting course in this rapidly evolving area of law. ================================ "Privacy & Human Rights 2006: An International Survey of Privacy Laws and Developments" (EPIC 2007). Price: $75. http://www.epic.org/phr06/ This annual report by EPIC and Privacy International provides an overview of key privacy topics and reviews the state of privacy in over 75 countries around the world. The report outlines legal protections, new challenges, and important issues and events relating to privacy. Privacy & Human Rights 2006 is the most comprehensive report on privacy and data protection ever published. ================================ "The Public Voice WSIS Sourcebook: Perspectives on the World Summit on the Information Society" (EPIC 2004). Price: $40. http://www.epic.org/bookstore/pvsourcebook This resource promotes a dialogue on the issues, the outcomes, and the process of the World Summit on the Information Society (WSIS). This reference guide provides the official UN documents, regional and issue-oriented perspectives, and recommendations and proposals for future action, as well as a useful list of resources and contacts for individuals and organizations that wish to become more involved in the WSIS process. ================================ "The Privacy Law Sourcebook 2004: United States Law, International Law, and Recent Developments," Marc Rotenberg, editor (EPIC 2005). Price: $40. http://www.epic.org/bookstore/pls2004/ The Privacy Law Sourcebook, which has been called the "Physician's Desk Reference" of the privacy world, is the leading resource for students, attorneys, researchers, and journalists interested in pursuing privacy law in the United States and around the world. It includes the full texts of major privacy laws and directives such as the Fair Credit Reporting Act, the Privacy Act, and the OECD Privacy Guidelines, as well as an up-to-date section on recent developments. New materials include the APEC Privacy Framework, the Video Voyeurism Prevention Act, and the CAN-SPAM Act. ================================ "Filters and Freedom 2.0: Free Speech Perspectives on Internet Content Controls" (EPIC 2001). Price: $20. http://www.epic.org/bookstore/filters2.0 A collection of essays, studies, and critiques of Internet content filtering. These papers are instrumental in explaining why filtering threatens free expression. ================================ EPIC publications and other books on privacy, open government, free expression, and constitutional values can be ordered at: EPIC Bookstore: http://www.epic.org/bookstore ================================ EPIC also publishes EPIC FOIA Notes, which provides brief summaries of interesting documents obtained from government agencies under the Freedom of Information Act. Subscribe to EPIC FOIA Notes at: http://mailman.epic.org/mailman/listinfo/foia_notes ======================================================================= [9] Upcoming Conferences and Events ======================================================================= Italian Parliament: "Toward an Internet Bill of Rights." Speaker: EPIC President Marc Rotenberg. Rome, June 16, 2014. For More Information: http://epic.org/2014/06/toward-an-internet-bill-of- rig.html. Practising Law Institute: Fifteenth Annual Institute on Privacy and Data Security Law. Speaker: EPIC Appellate Advocacy Counsel Alan Butler. New York, June 17, 2014. For More Information: http://www.pli.edu/Content/Seminar/Privacy_and_Data_Security_Law_ Institute_Fifteenth/_/N-4kZ1z12esj?ID=179946. OECD: "Internet Policy and Governance." Speaker: EPIC President Marc Rotenberg. Paris, June 20, 2014. For More Information: http://en.camera.it/. IEEE Presents "Reintroducing Norbert Wiener in the 21st Century." Boston, 24-26 June 2014. For More Information: http://21stcenturywiener.org. ======================================================================= Join EPIC on Facebook and Twitter ======================================================================= Join the Electronic Privacy Information Center on Facebook and Twitter: http://facebook.com/epicprivacy http://epic.org/facebook http://twitter.com/epicprivacy Start a discussion on privacy. Let us know your thoughts. Stay up to date with EPIC's events. Support EPIC. ======================================================================= Privacy Policy ======================================================================= The EPIC Alert mailing list is used only to mail the EPIC Alert and to send notices about EPIC activities. We do not sell, rent or share our mailing list. We also intend to challenge any subpoena or other legal process seeking access to our mailing list. We do not enhance (link to other databases) our mailing list or require your actual name. In the event you wish to subscribe or unsubscribe your e-mail address from this list, please follow the above instructions under "subscription information." ======================================================================= About EPIC ======================================================================= The Electronic Privacy Information Center is a public interest research center in Washington, DC. It was established in 1994 to focus public attention on emerging privacy issues such as the Clipper Chip, the Digital Telephony proposal, national ID cards, medical record privacy, and the collection and sale of personal information. EPIC publishes the EPIC Alert, pursues Freedom of Information Act litigation, and conducts policy research. For more information, see http://www.epic.org or write EPIC, 1718 Connecticut Ave. NW, Suite 200, Washington, DC 20009. +1 202 483 1140 (tel), +1 202 483 1248 (fax). ======================================================================= Support EPIC ======================================================================= If you'd like to support the work of the Electronic Privacy Information Center, contributions are welcome and fully tax-deductible. Checks should be made out to "EPIC" and sent to 1718 Connecticut Ave. NW, Suite 200, Washington, DC 20009. Or you can contribute online at: http://www.epic.org/support Your contributions will help support Freedom of Information Act and First Amendment litigation, strong and effective advocacy for the right of privacy and efforts to oppose government and private-sector infringement on constitutional values. ======================================================================= Subscription Information ======================================================================= Subscribe/unsubscribe via web interface: http://mailman.epic.org/mailman/listinfo/epic_news Back issues are available at: http://www.epic.org/alert The EPIC Alert displays best in a fixed-width font, such as Courier. ------------------------- END EPIC Alert 21.11------------------------

No TrackBacks

TrackBack URL: http://privacy.org/cgibin/mt/mt-tb.cgi/2814