EPIC logo



=======================================================================
                             E P I C  A l e r t
=======================================================================
Volume 11.14                                              July 22, 2004
-----------------------------------------------------------------------

                              Published by the
                Electronic Privacy Information Center (EPIC)
                              Washington, D.C.

             http://www.epic.org/alert/EPIC_Alert_11.14.html

======================================================================
Table of Contents
======================================================================

[1] Ridge Declares CAPPS II Dead; Questions Remain
[2] 9/11 Commission Releases Final Report
[3] EPIC Testifies in Favor of RFID Privacy
[4] Appeals Court Urged to Reverse Ruling on PATRIOT Records
[5] EPIC Files Suit for Defense Data Mining Records
[6] News in Brief
[7] EPIC Bookstore: Privacy in the 21st Century
[8] Upcoming Conferences and Events

======================================================================
[1] Ridge Declares CAPPS II Dead; Questions Remain
======================================================================

Department of Homeland Security Secretary Tom Ridge recently indicated
that the controversial second generation Computer Assisted Passenger
Prescreening System, more commonly known as CAPPS II, has been
discontinued.  Asked by a reporter whether the program could be
considered dead, Ridge mimed driving a stake through its heart and
said, "yes."

David Stone, acting administrator of the Transportation Security
Administration (TSA), days earlier had stated that the agency would
not move forward with CAPPS II as originally envisioned, but would be
"reshaping and repackaging" the system.  Stone acknowledged that CAPPS
II's intrusion upon personal privacy contributed to his agency's
decision to rework the program.

CAPPS II would have relied upon private-sector database companies to
identify passengers and perform risk assessments using government
databases.  Each passenger would have been assigned a risk score that
might subject him to heightened security screening or detention.  The
system would have scanned not only for suspected terrorists, but also
for individuals wanted for violent crimes.  The government spent more
than $100 million to develop the program before its discontinuation.

Last year, Congress voted not to provide funding for CAPPS II'S
implementation until the General Accounting Office, Congress'
investigative arm, could certify that lingering worries about the
program had been allayed.  The GAO's subsequent report concluded that
TSA had failed to address fully seven of eight implementation and
operational concerns, including the accuracy of the data relied on by
the system; abuse prevention; overall privacy concerns; and the
redress process for people erroneously labeled as a threats or
targeted for additional scrutiny.

Questions remain about TSA's plans for passenger prescreening in the
wake of CAPPS II's demise.  Ridge indicated a new program with a
different name would likely be developed to take the system's place.

The General Accounting Office report on CAPPS II:

     http://www.epic.org/privacy/airtravel/gao-capps-rpt.pdf

For more information about CAPPS II, see EPIC's Passenger Profiling
page:

     http://www.epic.org/privacy/airtravel/profiling

======================================================================
[2] 9/11 Commission Releases Final Report
======================================================================

Today the National Commission on Terrorist Attacks Upon the United
States, also known as the 9/11 Commission, released its final report
on the circumstances surrounding the 9/11 terrorist attacks and
provided recommendations to guard against future attacks.  "Since the
[September 11] plotters were flexible and resourceful, we cannot know
whether any single step or series of steps would have defeated them,"
the unanimous ten-member panel concluded in its executive summary. 
"What we can say with confidence is that none of the measures adopted
by the U.S. government from 1998 to 2001 disturbed or even delayed the
progress of the al Qaeda plot.  Across the government, there were
failures of imagination, policy, capabilities and management."

The Commission's 567-page report recommends a major restructuring in
the U.S. national security framework, including an executive-level
intelligence director to oversee the activities of the CIA, the FBI,
and other intelligence agencies.  The report also details as many as
ten missed opportunities by both the Bush and Clinton administrations
to thwart the terrorist hijackings, but stops short of concluding that
the attacks could have been prevented.  The report also calls for
strengthening the ability of the House and Senate intelligence
committees to perform their oversight work.  The Commission's report
recommends that Congress give priority attention to improving the
ability of screening checkpoints to detect explosives on passengers.

EPIC supports the recommendation to target individuals who may be
carrying materials that threaten the safety of airline travel rather
than utilizing broad-sweeping profiling or data mining programs.

The Commission's report also asserts that responsibility lies with the
executive branch to justify the continued use of the USA PATRIOT Act's
authorities.  The report states, "The burden of proof for retaining a
particular governmental power should be on the executive, to explain
(a) that the power actually materially enhances security and (b) that
there is adequate supervision of the executive's use of the powers to
ensure protection of civil liberties.  If the power is granted, there
must be adequate guidelines and oversight to properly confine its
use."

The independent, bipartisan 9/11 Commission was established by
Congress in late 2002 to investigate the circumstances surrounding the
September 11, 2001 terrorist attacks.  In public hearings from March
2003 to June 2004, the panel heard from members of the Clinton and
Bush administrations, New York City emergency personnel and victims'
families.

In testimony before the Commission in December 2003, EPIC Executive
Director Marc Rotenberg emphasized the important history of privacy
protection, the problems with new systems of surveillance, and the
specific need to preserve Constitutional checks and balances.  EPIC
urged the Commission to consider the important role of public
oversight in evaluating the federal government's intelligence
gathering authority rather than focusing exclusively on Congressional
oversight.  EPIC also stressed the importance of protecting
traditional civil liberties safeguards to ensure that new
anti-terrorism legislation develops in accordance with U.S. law and
American values concerning privacy and civil liberties.

Several of the recommendations of the 9/11 Commision reflected views
expressed by EPIC and others.  For example, EPIC supports the
recommendation to target individuals who may be carrying materials
that threaten the safety of airline travel rather than utilizing
sweeping profiling or data mining programs.  EPIC also supports the
recommendation of the Commission that there be a careful review of the
USA PATRIOT Act, including an assessment of both whether the Act
"actually materially enhances security" and also whether there is
adequate supervision to safeguard civil liberties.

At the same time, several of the proposals may raise civil liberties
and privacy concerns.  The Commission calls for the continued
expansion of the No-Fly and Automatic Selectee lists even as questions
remain about the accuracy and civil liberties impact of passenger
profiling. EPIC said, "Significant errors have been found in both the
no-fly watchlists and the automatic selectee system. This is a
particularly serious problem for U.S. persons who travel within the
United States. There should be an independent evaluation of how best
to operate these screening systems and still safeguard basic rights."

On the proposed expansion of oversight authority by the Intelligence
Committees, EPIC noted that "streamlining the oversight of
intelligence agencies is sensible," but warned that the Congressional
intelligence committees "have a tradition of secrecy and extensive
classification that may frustrate public oversight and press reporting
on matters of national interest."

The 9/11 Commission has recommended the creation of secure
identification in the United States with the federal government
setting standards for "the issuance of birth certificates, and sources
of identification, such as drivers licenses."  EPIC commented that
"Some steps should be taken to reduce the risk of fraud and identity
theft.  Identification documents should be made more secure.  However,
the integration of secure identity cards with interconnected databases
raises substantial privacy risks that will require new legislation and
new forms of oversight."

The 9/11 Commission's final report:

     http://www.epic.org/privacy/terrorism/911report.pdf

EPIC's testimony before the 9/11 Commission:

     http://www.epic.org/privacy/terrorism/911commtest.pdf

For more information about the report, see EPIC's 9/11 Commission
page:

     http://www.epic.org/privacy/terrorism/911comm.html#comment

======================================================================
[3] EPIC Testifies in Favor of RFID Privacy
======================================================================

EPIC Policy Counsel CÚdric Laurant recently testified before the House
Committee on Energy and Commerce Subcommittee on Commerce, Trade, and
Consumer Protection, in a hearing on radio frequency identification
(RFID) technology.  RFID facilitates the electronic tagging of
physical objects for a wide range of applications.  Although the use
of RFID is likely to increase efficiency in the supply chain and
improve management of inventory in retail stores, its use in
individual consumer products poses serious privacy implications.  Nine
witnesses from the RFID and retail industries as well as citizen and
consumer advocacy groups testified at the hearing.

Representatives from the retail industry, which is beginning to use
RFID in supply chains and on a limited basis on individual consumer
products, asserted that no legislation is needed to regulate RFID.
Wal-Mart's Chief Information Officer dismissed concerns that retailers
will gather data about individual consumers, arguing that the
technology does not exist to collect such information, and retailers
have no interest in data collected through RFID.  She further noted
that widespread use of RFID tags on consumer products is, in her
estimate, at least ten years away.  A representative of Procter &
Gamble argued that legislation for RFID would be premature because
companies are being responsible about data collection.

In his testimony, Laurant noted several RFID applications in use today
that explicitly feature the tracking and monitoring of individuals and
use passive (non-self-powered) tags similar to ones that might be used
on consumer products.  He also noted that although simple passive RFID
tags are not capable of storing data other than their unique
Electronic Product Code, a significant portion of data generated over
a product's lifetime will be stored in a centrally managed,
Internet-accessible database known as the Object Name Service.  If
information in this database is associated with personally
identifiable information, the potential for abuses of consumer data
and individual privacy will dwarf that posed by any technology
currently in use.

EPIC recommended that Congress, in keeping with its tradition of
extending privacy rights to new forms of technology, draft legislation
targeting the use of RFID in the retail sector.  This legislation,
based upon guidelines EPIC recently presented at a Federal Trade
Commission workshop on RFID, should require clear labeling and easy
removal of all RFID tags on consumer-level products.  Further,
legislation should  require users of RFID systems to refrain from
linking personally identifiable to RFID tag data whenever possible and
only with the individual's written consent.  Legislation should also
prohibit the tracking or profiling of individuals via RFID in the
retail environment.

EPIC's testimony to Congress:

     http://www.epic.org/privacy/rfid/rfidtestimony0704.html

EPIC's guidelines for use of RFID technology:

     http://www.epic.org/privacy/rfid/rfid_gdlnes-062104.pdf

For more information about RFID technology, see EPIC's RFID Page:

     http://www.epic.org/privacy/rfid

======================================================================
[4] Appeals Court Urged to Reverse Ruling on PATRIOT Records
======================================================================

EPIC has submitted a brief to the U.S. Court of Appeals for the D.C.
Circuit seeking reversal of a lower court's refusal to expedite
processing of a Freedom of Information Act request seeking information
about the coordinated lobbying efforts of federal prosecutors to
oppose legislation affecting the controversial USA PATRIOT Act.

In August 2003, the Executive Office for U.S. Attorneys sent a
memorandum to all federal prosecutors, urging them to lobby
Congressional representatives in response to a recent vote in the
House of Representatives.  The House overwhelmingly approved an
appropriations bill amendment, known as the Otter Amendment, to deny
funding for "sneak and peek" search warrants authorized by the USA
PATRIOT Act. The memorandum attracted media attention nationwide and
was addressed by major newspaper editorials.  In September 2003, EPIC
asked the Department of Justice for information about the memorandum
and the progress of the prosecutors' lobbying campaign.  EPIC also
sought expedited processing of the request.

The DOJ refused to expedite processing on the grounds that there was
no urgency to inform the public about issues raised by the memorandum,
and that the memorandum was not a subject of exceptional media
interest.  EPIC filed suit in federal court, moving for partial
summary judgment on the issue of expedited processing.  In December
2003, U.S. District Judge James Robertson ruled that EPIC's request
was not entitled to expedited processing.  EPIC appealed the ruling.

In its brief to the Court of Appeals, EPIC argues that at the time of
the request, the substantial news media interest in the Otter
Amendment and USA PATRIOT Act served as evidence of the matter's
exigency to the public.  EPIC's request concerned legislation that was
the subject of extensive public debate  and sought to answer basic
questions about government activities central to this discourse.  In
addition, EPIC argues that delays in processing compromised public
participation in the discussion of a controversial policy issue.
Because the Otter Amendment was under active legislative
consideration, there was a limited window of time during which the
requested information could potentially influence an ongoing
Congressional debate.

EPIC also argues that the prosecutors' lobbying efforts were a matter
of widespread and exceptional media interest and raised questions
about government integrity.  EPIC provided evidence of extensive and
geographically diverse news coverage of the lobbying campaign, and
showed that the matter had attracted editorial comment in news sources
of all sizes.  EPIC also argued that the lobbying efforts presented
actual questions of government integrity, including the propriety of
the prosecutor memorandum and allegations of potential illegality
raised by members of Congress.

EPIC's appellate brief:

     http://www.epic.org/open_gov/otter/otter_brief.pdf

For more information about the case, see the EPIC v. DOJ Page:

     http://www.epic.org/open_gov/otter

======================================================================
[5] EPIC Files Suit for Defense Data Mining Records
======================================================================

EPIC has filed a lawsuit against the Department of Defense to force
the expedited release of records concerning the Defense Intelligence
Agency's use of Verity K2 Enterprise, a program that reportedly mines
data from the intelligence community and Internet searches to identify
foreign terrorists and U.S. citizens connected to foreign terrorism
activities.

EPIC's interest in Verity K2 Enterprise was sparked in part by a
report made public in May by the Technology and Privacy Advisory
Committee (TAPAC), which was established to review Defense Department
data mining initiatives after Congress killed funding for the Total
Information Awareness program last year.  The report concluded that
the Defense Department "should safeguard the privacy of U.S. persons
when using data mining to fight terrorism," and also urged that "rapid
action is necessary to address the host of government programs that
involve data mining concerning U.S. persons and to provide clear
direction to the people responsible for developing, procuring,
implementing, and overseeing those programs."  A General Accounting
Office report on data mining released shortly thereafter identified
Verity K2 Enterprise as one such Defense Department data mining
program.

In May, EPIC submitted a Freedom of Information Act request seeking
the expedited release of all Defense Intelligence Agency records
related to Verity K2 Enterprise.  In response, the agency merely
acknowledged that it had received EPIC's request, effectively denying
the request for expedited processing by failing to make a
determination within the legally mandated time frame of ten days. 
EPIC responded to the agency's denial by filing a complaint in the
U.S. District Court for the District of Columbia earlier this week.

EPIC's complaint:

     http://www.epic.org/open_gov/verityk2/complaint.pdf

The TAPAC report on Defense Department data mining:

     http://www.sainc.com/tapac/TAPAC_Report_Final_5-10-04.pdf

The General Accounting Office report on government data mining
activity:

     http://www.gao.gov/new.items/d04548.pdf

For more information about Defense Department data mining, see the
EPIC Total Information Awareness Page:

     http://www.epic.org/privacy/profiling/tia

======================================================================
[6] News in Brief
======================================================================

NEW LAW ADDS TIME TO PRISON SENTENCES FOR IDENTITY THEFT

President Bush has signed into law the Identify Theft Penalty
Enhancement Act, adding two years to prison sentences for people
convicted of using stolen credit card numbers, social security
numbers, and other personal information to commit crimes.  The new law
creates two categories of aggravated identity theft.  The first
imposes a five-year sentence for identity theft carried out in
connection with "terrorist offenses," and the second requires a
two-year sentence for identity theft committed in connection with
other felonies.  The extensive list of crimes that require the
sentence increase when combined with identity theft includes mail,
bank, or wire fraud, theft from employee benefit plans, and
immigration law violations.  The bill specifies that the enhanced
penalty may not be reduced by judges or made to run concurrently with
penalties not related to identity theft. In addition, the new law may
be used to prosecute individuals for using false identification
documents to receive federal benefits such as Social Security,
Medicare, and disability benefits.

Identity theft topped the list of consumer fraud complaints to the
Federal Trade Commission in 2003, accounting for more than half the
complaints tracked by the agency.  The Commission recorded 214,905
cases of identity theft in 2003, up from 161,836 in 2002.  The U.S.
Attorney General's office states that the new law will be used to
pursue "phishers" who use fake e-mail addresses and fraudulent
websites to fool recipients into divulging personal data such as
credit card numbers, account usernames and passwords, and social
security numbers.

For information about the role of social security numbers in identity
theft, see EPIC's Social Security Number Page:

     http://www.epic.org/privacy/ssn

EPIC's testimony to the House Ways and Means Subcommittee on Social
Security urging Congress to enact legislative protections for the
Social Security Number:

     http://www.epic.org/privacy/ssn/ssntestimony6.15.04.html


MATRIX TO BE REWORKED ON PRIVACY AND LEGAL GROUNDS

The Multistate Anti-Terrorism Information Exchange (MATRIX) is being
revised in an attempt to address privacy and legal concerns that have
led several states to withdraw from the project.  Built by a
consortium of state law enforcement agencies, MATRIX combines public
records and private record data from multiple databases with data
analysis tools, providing a wealth of personal information in
near-real time.  Eight of the original thirteen states in the pilot
have dropped out of the program citing privacy problems and the
potential for abuse of the system.  The remaining states --
Connecticut, Florida, Michigan, Ohio and Pennsylvania -- recently
announced a re-engineering effort to alleviate the problem of sending
personal data on citizens to the private company Seisint, a practice
that violates the states' data protection laws.

EPIC's amicus brief before the Supreme Court in Hiibel v. Nevada
describing MATRIX:

     http://www.epic.org/privacy/hiibel/hiibel_amicus.pdf


MARYLAND HIGH COURT OKS COMPELLED DNA PRODUCTION

The Maryland Court of Appeals has reversed a lower court's decision
that it is unconstitutional for the State of Maryland to compel
production of a DNA sample for law enforcement purposes unrelated to a
particular investigation.  In April EPIC submitted a "friend of the
court" brief in the case, arguing that it is unconstitutional to
compel a DNA sample for the state's DNA database, which in turn feeds
into the FBI's vast national DNA database.  EPIC pointed out that DNA
contains far more information than a fingerprint and that, in the
absence of privacy safeguards, a DNA sample collected for one purpose
could be used in the future for unrelated purposes.

Court order in Maryland v. Raines:

     http://www.epic.org/privacy/genetic/raines_order.pdf

EPIC's amicus brief in Maryland v. Raines:

     http://www.epic.org/privacy/genetic/raines_amicus.pdf

For more information about DNA privacy, see EPIC's Genetic Privacy
Page:

     http://www.epic.org/privacy/genetic


SPAMMER CHARGED WITH HACKING ACXIOM DATABASE

Scott Levine, a high-level employee of Internet advertising company
Snipermail.com, has been charged in a 144-count indictment with
hacking into a database owned and operated by Acxiom, one of the
country's largest data aggregators, and stealing 8.2 gigabytes of
personal data between April 2002 and August 2003.  The charges against
Levine include conspiracy, unauthorized access of a protected
computer, access device fraud, money laundering and obstruction of
justice.  The data, acquired through 137 separate intrusions, was
allegedly used by Snipermail.com to conduct spamming campaigns.  The
case stems from an investigation conducted last July into an unrelated
matter that resulted in the indictment an Ohio man who was also
accused of stealing personal data from Acxiom.

Department of Justice press release:

     http://www.usdoj.gov/opa/pr/2004/July/04_crm_501.htm


COMMERCE DEPT. APPOINTS CHIEF PRIVACY OFFICER

The U.S. Department of Commerce has announced the appointment of Dan
Caprio as the agency's new Chief Privacy Officer.  Caprio currently
serves as a deputy assistant secretary for technology policy, and will
continue to do so alongside his new role as privacy officer.  Caprio
will oversee all Commerce Department activities involving the
development and implementation of federal privacy laws, policies and
practices.  Before joining the Commerce Department, Caprio was
principal technology policy adviser at the Federal Trade Commission,
participated in a working group to revise Organization for Economic
Cooperation and Development guidelines for IT security, and served as
co-chairman of the National Cyber Security Partnership Awareness Task
Force.

Statement by Commerce Secretary Donald L. Evans on Caprio's
appointment:

     http://www.epic.org/redirect/caprio.html

======================================================================
[7] EPIC Bookstore: Privacy in the 21st Century
======================================================================

Privacy in the 21st Century, Daren Bakst and Sylvia Burgess, eds.
(CLHE 2004).

     https://www.clhe.org/privacy21stcentury

The Council on Law in Higher Education has published a new book for
educators and administrators interested in privacy issues.  Privacy in
the 21st Century is the first installment of an annual publication
that will address a wide range of privacy issues relevant in the
college and university setting.  This first edition contains papers on
law enforcement requests for personal information under the USA
PATRIOT Act, identity theft, the Family Educational Rights and Privacy
Act, and media access to student records.

It also contains a paper by EPIC Associate Director Chris Hoofnagle
covering college and university student privacy issues.  In it,
Hoofnagle argues that privacy is important for student safety, the
development of autonomy, and for academic freedom.  He explains that
institutions can be more privacy-sensitive by taking steps to reduce
reliance on Social Security Numbers, limiting marketing on campus,
avoiding biometric identification systems, encouraging good password
habits, providing avenues of anonymous expression, and reviewing
network monitoring practices.

Hoofnagle's paper calls attention to the rise of the use of student
identification cards for access to all campus services.  These systems
create ubiquitous student tracking infrastructures and acclimate young
people to lifestyle where carrying identification is always necessary.
Additionally, certain systems such as BlackBoard's Bb One track and
control students' purchases and enable direct marketing to students
and parents.

                      ================================

EPIC Publications:

"The Public Voice WSIS Sourcebook: Perspectives on the World Summit on
the Information Society" (EPIC 2004). Price: $40.
http://www.epic.org/bookstore/pvsourcebook

This resource promotes a dialogue on the issues, the outcomes, and the
process of the World Summit on the Information Society (WSIS).  This
reference guide provides the official UN documents, regional and
issue-oriented perspectives, as well as recommendations and proposals
for future action, as well as a useful list of resources and contacts
for individuals and organizations that wish to become more involved in
the WSIS process.

                      ================================

"The Privacy Law Sourcebook 2003: United States Law, International
Law, and Recent Developments," Marc Rotenberg, editor (EPIC 2003).
Price: $40. http://www.epic.org/bookstore/pls2003

The "Physicians Desk Reference of the privacy world."  An invaluable
resource for students, attorneys, researchers and journalists who need
an up-to-date collection of U.S. and International privacy law, as
well as a comprehensive listing of privacy resources.

                      ================================

"FOIA 2002: Litigation Under the Federal Open Government Laws," Harry
Hammitt, David Sobel and Mark Zaid, editors (EPIC 2002). Price: $40.
http://www.epic.org/bookstore/foia2002

This is the standard reference work covering all aspects of the
Freedom of Information Act, the Privacy Act, the Government in the
Sunshine Act, and the Federal Advisory Committee Act.  The 21st
edition fully updates the manual that lawyers, journalists and
researchers have relied on for more than 25 years.  For those who
litigate open government cases (or need to learn how to litigate
them), this is an essential reference manual.

                      ================================

"Privacy & Human Rights 2003: An International Survey of Privacy Laws
and Developments" (EPIC 2002). Price: $35.
http://www.epic.org/bookstore/phr2003

This survey, by EPIC and Privacy International, reviews the state of
privacy in over fifty-five countries around the world.  The survey
examines a wide range of privacy issues including data protection,
passenger profiling, genetic databases, video surveillance, ID systems
and freedom of information laws.

                      ================================

"Filters and Freedom 2.0: Free Speech Perspectives on Internet Content
Controls" (EPIC 2001). Price: $20.
http://www.epic.org/bookstore/filters2.0

A collection of essays, studies, and critiques of Internet content
filtering.  These papers are instrumental in explaining why filtering
threatens free expression.

                      ================================

"The Consumer Law Sourcebook 2000: Electronic Commerce and the Global
Economy," Sarah Andrews, editor (EPIC 2000). Price: $40.
http://www.epic.org/cls

The Consumer Law Sourcebook provides a basic set of materials for
consumers, policy makers, practitioners and researchers who are
interested in the emerging field of electronic commerce.  The focus is
on framework legislation that articulates basic rights for consumers
and the basic responsibilities for businesses in the online economy.

                      ================================

"Cryptography and Liberty 2000: An International Survey of Encryption
Policy," Wayne Madsen and David Banisar, authors (EPIC 2000). Price:
$20.  http://www.epic.org/bookstore/crypto00&

EPIC's third survey of encryption policies around the world.  The
results indicate that the efforts to reduce export controls on strong
encryption products have largely succeeded, although several
governments are gaining new powers to combat the perceived threats of
encryption to law enforcement.

                      ================================

EPIC publications and other books on privacy, open government, free
expression, crypto and governance can be ordered at:

      EPIC Bookstore
      http://www.epic.org/bookstore

      "EPIC Bookshelf" at Powell's Books
      http://www.powells.com/features/epic/epic.html

======================================================================
[8] Upcoming Conferences and Events
======================================================================

O'Reilly Open Source Convention.  July 26-30, 2004.  Portland, OR.
For more information: http://conferences.oreilly.com/oscon.

2004 UK Big Brother Awards.  Privacy International.  July 28, 2004.
London, UK.  For more information:
http://www.privacyinternational.org/bigbrother/uk2004.

First Conference on Email and Anti-Spam.  American Association for
Artificial Intelligence and IEEE Technical Committee on Security and
Privacy.  July 30-31, 2004.  Mountain View, CA.  For more information:
http://www.ceas.cc.

Crypto 2004: The Twenty-Fourth Annual IACR Crypto Conference.
International Association for Cryptologic Research, IEEE Computer
Society Technical Committee on Security and Privacy, and the Computer
Science Department of the University of California, Santa Barbara.
August 15-19, 2004.  Santa Barbara, CA.  For more information:
http://www.iacr.org/conferences/crypto2004.

Ninth National HIPAA Summit.  September 12-14, 2004.  Baltimore, MD.
For more information: http://www.HIPAASummit.com.

Public Voice Symposium: Privacy in a New Era: Challenges,
Opportunities and Partnerships.  Electronic Privacy Information
Center, European Digital Rights Initiative (EDRi), and Privacy
International.  September 13, 2004.  Wroclaw, Poland.  For more
information:
http://www.thepublicvoice.org/events/wroclaw04/default.html.

The Right to Personal Data Protection -- the Right to Dignity.  26th
International Conference on Data Protection and Privacy Commissioners.
September 14-16, 2004.  Wroclaw, Poland.  For more information:
http://26konferencja.giodo.gov.pl.

Health Privacy Seminar.  Riley Information Services.  September 17,
2004.  Ottawa, Ontario.  For more information:
http://www.rileyis.com/seminars/index.html.

Nethead/Bellhead: The FCC Takes on the Internet.  Cardozo Law School
Florsheimer Center for Constitutional > Democracy and the Yale Law
School > Information Society Project.  September 28, 2004.  New York,
NY.  For more information: http://www.cardozobellhead.net.

2004 Telecommunications Policy Research Conference.  National Center
for Technology & Law, George Mason University School of Law.  October
1-3, 2004.  Arlington, VA.  For more information:
http://www.tprc.org/TPRC04/call04.htm.

Health Privacy Conference.  Office of the Information and Privacy
Commissioner of Alberta.  October 4-5, 2004.  Calgary, Alberta,
Canada.  For more information:
http://www.oipc.ab.ca/home/DetailsPage.cfm?ID=1453.

Privacy and Identity: The Promise and the Perils of a Technological
Age.  DePaul University Center for Intellectual Property Law and
Information Technology and  School of Computer Science,
Telecommunications and Information Systems.  October 14-15, 2004.
Chicago, IL.  For more information:
http://facweb.cs.depaul.edu/research/vc/CIPLIT2004.

IAPP Privacy and Data Security Academy & Expo.  International
Association of Privacy Professionals.  October 27-29, 2004. New
Orleans, LA.  For more information:
http://www.privacyassociation.org/html/conferences.html.

Privacy and Security: Seeking the Middle Path.  Office of the
Information & Privacy Commissioner of Ontario; Centre for Innovation
Law and Policy, University of Toronto; and Center for Applied
Cryptographic Research, University of Waterloo.  Toronto, Ontario,
Canada.  October 28-29, 2004.  For more information:
http://www.epic.org/redirect/uwaterloo_conf.html.

CFP2005: Fifteenth Annual Conference on Computers, Freedom and
Privacy.  April 12-15, 2005.  Seattle, WA.  For more information:
http://www.cfp2005.org.

======================================================================
Subscription Information
======================================================================

Subscribe/unsubscribe via web interface:

      https://mailman.epic.org/cgi-bin/mailman/listinfo/epic_news

Back issues are available at:

      http://www.epic.org/alert

The EPIC Alert displays best in a fixed-width font, such as Courier.

======================================================================
Privacy Policy
======================================================================

The EPIC Alert mailing list is used only to mail the EPIC Alert and to
send notices about EPIC activities.  We do not sell, rent or share our
mailing list.  We also intend to challenge any subpoena or other legal
process seeking access to our mailing list.  We do not enhance (link
to other databases) our mailing list or require your actual name.

In the event you wish to subscribe or unsubscribe your e-mail address
from this list, please follow the above instructions under
"subscription information."

======================================================================
About EPIC
======================================================================

The Electronic Privacy Information Center is a public interest
research center in Washington, DC.  It was established in 1994 to
focus public attention on emerging privacy issues such as the Clipper
Chip, the Digital Telephony proposal, national ID cards, medical
record privacy, and the collection and sale of personal information.
EPIC publishes the EPIC Alert, pursues Freedom of Information Act
litigation, and conducts policy research.  For more information, see
http://www.epic.org or write EPIC, 1718 Connecticut Ave., NW, Suite
200, Washington, DC 20009. +1 202 483 1140 (tel), +1 202 483 1248
(fax).

If you'd like to support the work of the Electronic Privacy
Information Center, contributions are welcome and fully
tax-deductible.  Checks should be made out to "EPIC" and sent to 1718
Connecticut Ave., NW, Suite 200, Washington, DC 20009.  Or you can
contribute online at:

      http://www.epic.org/donate

Your contributions will help support Freedom of Information Act and
First Amendment litigation, strong and effective advocacy for the
right of privacy and efforts to oppose government regulation of
encryption and expanding wiretapping powers.

Thank you for your support.

---------------------- END EPIC Alert 11.14 ----------------------

.