EPIC logo

  
========================================================================
                           E P I C  A l e r t
========================================================================
Volume 14.09                                                May 3, 2007
------------------------------------------------------------------------

                            Published by the
               Electronic Privacy Information Center (EPIC)
                            Washington, D.C.

             http://www.epic.org/alert/EPIC_Alert_14.09.html


========================================================================
Table of Contents
========================================================================
[1] More Than 50 Groups, 75 Blogs Join Campaign to Stop REAL ID
[2] EPIC Recommends Strong Privacy Safeguards for Breach Investigations
[3] Google Shareholder Group Urges Data Retention Policy Disclosure
[4] Privacy Board Releases Report, Privacy Act Missing in Action
[5] Spotlight: SAVE System Has 11-Year Record of Unreliability
[6] News in Brief
[7] EPIC Bookstore: "Illusions of Security"
[8] Upcoming Conferences and Events

========================================================================
[1] More Than 50 Groups, 75 Blogs Join Campaign to Stop REAL ID
========================================================================

This week, 54 organizations representing transpartisan, nonpartisan,
privacy, consumer, civil liberty, civil rights, and immigrant
organizations joined to launch a national campaign to solicit public
comments to stop the nation's first national ID system: REAL ID.

The groups joining in the anti-REAL ID campaign are concerned about the
increased threat of counterfeiting and identity theft, lack of security
to protect against unauthorized access to the document's machine
readable content, increased cost to taxpayers, diverting of state funds
intended for homeland security, increased costs for obtaining a license
or state issued ID card, and because the REAL ID would create a false
belief that it is secure and unforgeable.

The campaign is creating buzz on the Web. More than 75 blogs have
written about the campaign. Readers are being urged to speak out against
the national ID system. This effort builds on the momentum that is
signaling broad opposition to the REAL ID in the states. Montana has
become the fifth state, following Maine, Idaho, Arkansas, and
Washington, to reject implementation of the REAL ID national
identification system.

Under the Act, states and federal government would share access to a
vast national database that could include images of birth certificates,
marriage licenses, divorce papers, court ordered separations, medical
records, and detailed information on the name, date of birth, race,
religion, ethnicity, gender, address, telephone, e-mail address, Social
Security Number for more than 240 million with no requirements or
controls on how this database might be used. Many may not have the
documents required to obtain a REAL ID, or they may face added
requirements base on arbitrary and capricious decisions made by DMV
employees.

EPIC joins this group of 54 organizations in a fight against the
national identification system created by the Department of Homeland
Security. "Make no mistake, this is a national identification system
that will affect your everyday life," said Melissa Ngo, Director of
EPIC's Identification and Surveillance Project. "Critics of the REAL ID
scheme are called anti-security, but it is not anti-security to reject a
national identification system that will harm our national security and
make it easier for criminals to pretend to be law-abiding Americans."

The draft regulations to implement the REAL ID Act are open for comment
until 5 p.m. EST on May 8, 2007. To take action, submit comments against
the fundamentally flawed national identification scheme, under Docket
No. 2006-0030-0001.

Stop REAL ID Campaign site:

     http://www.privacycoalition.org/stoprealid

Department of Homeland Security's Notice of Proposed Rulemaking on REAL
ID:

     http://www.dhs.gov/xprevprot/laws/gc_1172765386179.shtm

Sample Text for Comments:

     http://www.privacycoalition.org/stoprealid/sampletext.html

EPIC's page on National ID Cards and REAL ID Act:

     http://www.epic.org/privacy/id_cards/

========================================================================
[2] EPIC Recommends Strong Privacy Safeguards for Breach Investigations
========================================================================

In comments to the Federal Trade Commission this week, EPIC urged the
FTC to limit the disclosure of personal information related to security
breach investigations. EPIC said that the Privacy Act exemption sought
by the Commission was far too broad, and the Commission should notify
individuals whose personal data may have been improperly disclosed in a
security breach before other government agencies are notified.

EPIC criticized the FTC proposal to broadly expand a Privacy Act
exemption to allow disclosure of affected individuals' personal data to
the "vague groups that the FTC finds 'reasonably necessary to assist'
the agency in 'in connection with' its response to security breaches,
that are 'suspected or confirmed.'" EPIC said that a data breach, or
suspected breach, should not entitle even more people to view the
personal data of the individuals affected by the security breach. "Such
mass disclosure is especially questionable in light of the financial
nature of the data involved. Would the entire case file, including
Social Security Numbers and credit card information, be released to all
the 'agencies, entities, and persons' that the FTC finds 'reasonably
necessary to assist' in its investigations?

In response to a security breach, some specific disclosures of certain
information to other agencies for a particular purpose might be
necessary. However, identity theft is a crime of opportunity, so one
protective measure is to reduce opportunities for the compromise of
personal information. EPIC recommended that the FTC significantly narrow
the exemption by "creat[ing] tiers of access, allowing specific
categories of individuals limited access to the data, according to the
needs of the investigation."

EPIC also responded to the report released by the President's Identity
Theft Task Force released its recommendations on April 23. The Task
Force is co-chaired by Attorney General Alberto Gonzales and Federal
Trade Commission Chairman Deborah Platt Majoras and includes the heads
of other executive agencies. The plan recommended a national standard on
data security and breach notification, which would preempt state laws
that provide greater protection. The Task Force did not address fraud
prevention directly; instead, it called for workshops on authentication.

EPIC expressed surprise that the Task Force focused more on how to
expand law enforcement authority to combat identity theft after the
crime has been committed than on creating stronger privacy and security
practices to reduce the risk of identity theft being committed. This
approach is contrary to the one suggested by EPIC in January 2007
comments to the Task Force. In those comments, EPIC explained, "The best
long-term approach to the problem of identity theft is to minimize the
collection of personal information and to develop alternative
technologies and organizational practices." EPIC also recommended the
adoption of privacy enhancing technologies, data minimization, and
meaningful remedies when security breaches and privacy violations occur.

EPIC's Comments to the Federal Trade Commission (Apr. 30, 2007) (pdf):

     http://www.epic.org/privacy/idtheft/ftc_comm_043007.pdf

President's Identity Theft Task Force Strategic Plan (pdf):

     http://www.idtheft.gov/reports/StrategicPlan.pdf

EPIC's Comments to the Task Force (Jan. 2007) (pdf):

     http://www.epic.org/privacy/idtheft/EPIC_FTC_ID_Theft_Comments.pdf

EPIC's Page on Identity Theft:

     http://www.epic.org/privacy/idtheft/

========================================================================
[3] Google Shareholder Group Urges Data Retention Policy Disclosure
========================================================================

Last week, a Google shareholder group submitted a proposal to ban
censorship and protect user identity. The proposal was submitted by the
Office of Comptroller of New York City, which oversees retirement plans
for city employees, teachers, police officers, and firefighters.
Combined, these funds hold 486,617 shares of Google stock worth about
$228.2 million.

The proposal argues that the United Nation's Universal Declaration of
Human Rights guarantees the freedom to access information on the
Internet. Accordingly, the proposal urged Google to institute the
following "minimum standards" to protect freedom of Internet access in
human-rights challenged countries: (1) not hosting personally
identifiable information in counties that censor Internet access, where
political speech can be considered a crime; (2) not engaging in
pro-active censorship; (3) using all legal means to resist demands for
censorship, and only engage in censorship when legally required; (4)
informing users when Google has agreed to a government censorship
request; (5) informing users about Google's data retention and data
sharing policies; and (6) documenting all instances in which Google
complies with a legally binding censorship request, and make such
information publicly available.

In September 2006, EPIC sent a letter to Department of Commerce
Secretary Carlos Gutierrez, urging the Department to restrict the export
of high-tech surveillance equipment used for communications surveillance
and censorship to China. In its letter, EPIC cited the 2005 U.S. State
Department report and the Privacy and Human Rights report, which
document the role that surveillance and censorship technology play in
political repression.

While most of the proposed standards pertain to censorship, the Office
of the Comptroller also included a requirement that Google inform its
users about its data retention policies. On April 20, 2007, EPIC, the
Center for Digital Democracy and the US Public Interest Research Group
filed a complaint with the Federal Trade Commission, urging the
Commission to open an investigation into Google's data retention
policies, specifically in light of its recent proposed acquisition of
DoubleClick. The complaint called on the Commission to force Google to
comply with internationally recognized privacy guidelines such as the
Organization for Economic Co-operation and Development (OECD) Guidelines
on the Protection of Privacy and Transborder Flows of Personal Data,
which recognized that "the right of individuals to access and challenge
personal data is generally regarded as perhaps the most important
privacy protection safeguard."

The Google Board of Directors has recommended that shareholders vote
against the proposal. Three members of the Board, Google CEO Eric
Schmidt and founders Larry Page and Sergey Brin, hold 66.2 percent of
Google's shares, and thus the proposal is unlikely to pass at the annual
shareholder's meeting on May 10. However, it may force Google to explain
how it intends to maintain its "do no evil" motto while simultaneously
engaging in complicity in foreign countries' censorship activities and
failing to comply with the U.N. Universal Declaration of Human Rights.

Proposal by the Office of the Comptroller of New York City:

     http://www.epic.org/redirect/nycomp0507.html

EPIC's September 2006 letter to Dept. of Commerce Secretary Gutierrez
(pdf):

      http://www.epic.org/privacy/intl/doc_china_letter.pdf

EPIC's "Filters and Freedom" (collection of essays, studies, and
critiques of Internet content filtering, explaining why filtering
threatens free expression):

     http://www.epic.org/bookstore/filters2.0/

EPIC and Privacy International, "Privacy and Human Rights 2005," China
Report (pdf):

     http://www.epic.org/redirect/phr0507.html

========================================================================
[4] Privacy Board Releases Report, Privacy Act Missing in Action
========================================================================

The President's Privacy and Civil Liberties Oversight Board has released
its first annual report to Congress. The report lists various activities
during the past year, but provides little insight as to the Board's
position on such key issues as the President's domestic surveillance
program, government watch lists, or the terrorist scoring that the
Department of Homeland Security assigns to US citizens. A search for
"Privacy Act," the primary federal law that safeguards the rights of
Americans, produces 0 hits.

The Privacy and Civil Liberties Board, which operates within the
Executive Office of the President, is intended to "[advise] the
President and other senior executive branch officials to ensure that
concerns with respect to privacy and civil liberties are appropriately
considered in the implementation of all laws, regulations, and executive
branch policies related to efforts to protect the Nation against
terrorism." Its five members are appointed by and serving at the
pleasure of the President.

The Board focused on a few specific issues in its first year. Among
these issues is the National Security Agency's controversial domestic
surveillance program. After review by the Board, consisting mainly of
briefings by the NSA itself, the Board determined that "the Executive
Branch's conduct of these surveillance activities protects the privacy
and civil liberties of U.S. persons." The Board's assessment is in
contrast to Congressional and public criticism of President Bush's
secret 2002 order allowing the NSA to conduct warrantless surveillance
of international telephone and Internet communications on American soil.

The Board also reported its efforts to coordinate a unified redress
procedure between the agencies that control the government's vast array
of watch lists. These efforts, the report states, have resulted in the
submission of a final draft of a Memorandum of Understanding (MOU) for
the signature of the heads of the various agencies involved. The MOU has
not yet been executed. EPIC and others have repeatedly criticized the
inadequate redress procedure, urging the Department of Homeland Security
fully apply Privacy Act requirements of notice, access, and correction
to the redress program and its underlying system of watch lists. EPIC
explained that full application of the Privacy Act requirements to
government record systems is the only way to ensure that data is
accurate and complete, which is especially important in the context of
watch lists, where mistakes and misidentifications are costly.

The Board's report provides few details on program operations or what
internal controls are in place to protect civil liberties in any of the
government programs evaluated. EPIC has published a detailed report
recommending changes to the Board. Legislation that aims to remedy some
of the issues currently preventing the Board from providing effective
oversight has passed in the Senate and the House.

Report from the White House Privacy and Civil Liberties Board (pdf):

     http://www.privacyboard.gov/reports/2007/congress2007.pdf

EPIC's Report Recommending Changes to the Board (pdf):

     http://epic.org/epic/ssrn-id933690.pdf

EPIC's Comments to the Department of Homeland Security about Redress
Program (pdf):

     http://www.epic.org/privacy/airtravel/profiling/trip_022007.pdf

EPIC Resources on Domestic Surveillance:

     http://www.epic.org/features/surveillance.html

EPIC's Spotlight on Surveillance: Legality of NSA's Secret Eavesdropping
Program Is Suspect and Cost is Unknown (Jan. 2006):

     http://www.epic.org/privacy/surveillance/spotlight/0106/

========================================================================
[5] Spotlight: SAVE System Has 11-Year Record of Unreliability
========================================================================

This month, EPIC's Spotlight on Surveillance program scrutinizes the
Department of Homeland Security's Systematic Alien Verification for
Entitlements ("SAVE") program. For Fiscal Year 2008, DHS seeks $21.6
million for the program run by Citizenship and Immigration Services. In
its 11-year history, the verification system has been plagued with
accuracy, reliability and management problems.

SAVE was created in response to the Immigration Reform and Control Act
of 1986, which required the creation of a system for verifying the
eligibility status of non-citizen applicants for federal benefits
programs. SAVE also is being used to verify employment eligibility
status in a pilot program called Basic Pilot. SAVE and Basic Pilot are
supported by the Verification Information System technical
infrastructure, "a nationally accessible database of selected
immigration status information containing in excess of 100 million
records." SAVE is used by more than 150,000 federal, state and local
agency personnel, according to Citizenship and Immigration Services. Of
the United States' 8 million employers, about 11,200 use Basic Pilot.

In its 11-year history, SAVE has been plagued with problems. A 1995
review of the system by the Inspector General of the Department of
Health and Human Services found several problems and admitted that she
could not determine the cost-effectiveness of the program. Among other
things, the Inspector General said that there were deficiencies the
design and operation of the SAVE system. "SAVE data is not always
provided in a timely manner; the SAVE data base is not current; INS
immigration status responses are not always clear; and SAVE is prone to
manual keying errors," said the Inspector General. In a 1997 report and
a 2002 follow-up review, the Inspector General of the Department of
Justice found that data from the Immigration and Naturalization Service
was unreliable and "flawed in content and accuracy."

In a report last year from the National Governors Association, the
National Conference of State Legislatures and the American Association
of Motor Vehicle Administrators, the groups assessed the SAVE system,
which is currently used by 21 states. The groups found SAVE still has
accuracy problems. "[I]nsufficient information is available for states
to reliably identify and validate an individual's 'pending' immigration
status. States also report real-time verification is not attainable
approximately one-quarter of the time, which necessitates a
time-consuming process to meet this requirement," according to the
report. Though the SAVE verifications should take up to 20 working days
at the most, it has taken two months for some verifications.

Under the Department of Homeland Security's draft regulations for the
national identification scheme created under the REAL ID Act, SAVE is
one of the four systems that States are required to use to verify
applicant information. The REAL ID system is supposed to be implemented
by May 2008, however SAVE is full of problems and it is unlikely that it
will be ready by then. The public is encouraged to submit comments on
the draft regulations, which are due by 5 p.m. EST on May 8, 2007.

DHS, Systematic Alien Verification for Entitlements (SAVE) Program:

     http://www.epic.org/redirect/save0507.html

EPIC, Spotlight on Surveillance: SAVE System Can't Save Itself From
11-Year History of Inaccuracy, Unreliability (Apr. 2007):

     http://www.epic.org/privacy/surveillance/spotlight/0407/

Department of Homeland Security's Notice of Proposed Rulemaking on REAL
ID:

     http://www.dhs.gov/xprevprot/laws/gc_1172765386179.shtm

Stop REAL ID Campaign site:

     http://www.privacycoalition.org/stoprealid

========================================================================
[6] News in Brief
========================================================================

EPIC Urges Court Review of Surveillance Program

EPIC, in cooperation with the Stanford Constitutional Law Center, filed
a "friend-of-the-court" brief in "Hepting v. AT&T." This lawsuit alleges
that AT&T allowed the government to wiretap calls and e-mails without
judicial authority. The U.S. government and AT&T seek to dismiss this
case. The EPIC brief states, "The statutes and constitutional provisions
relied upon in the complaint are designed to interpose the courts
between citizens and the government when government conducts
surveillance that it naturally would prefer to conduct in secret and
wholly at its own discretion . . . . This litigation should thus
proceed, lest the privacy claims here be made effectively unreviewable."

"Friend-of-the-Court" Brief (pdf):

     http://www.epic.org/privacy/terrorism/fisa/hepting_ab0507.pdf

EPIC Page on "Hepting v. AT&T":

     http://www.epic.org/privacy/hepting/


Colorado Court Limits Release of Phone Records in Harassment Case

A Colorado judge overturned an order that would have forced a victim of
harassment to release her telephone records to her harasser. The order
was part of a discovery request in a divorce case, and entailed
releasing complete telephone records for five years, even though the
marriage only lasted four years. EPIC filed an amicus brief in the case
supporting the protection of the phone records. EPIC's brief identified
the growing public policy that protects the privacy of telephone
records, including the Federal Communications Commission's recent order
improving the protection of calling records. EPIC also highlighted
privacy advances in the Violence Against Women Act of 2005, which added
"placing under surveillance" to the definition of stalking. Lastly, EPIC
urged the court to consider such privacy interests as security and use
limitation.

EPIC's Amicus Brief (pdf):

     http://www.epic.org/privacy/dom_violence/cellrecord_amicus.pdf

EPIC's Page on Telephone Record Privacy:

     http://www.epic.org/privacy/iei/


UPI/Zogby Poll: Americans Value Privacy Rights

A majority of Americans, 53.4 percent, polled by United Press
International and Zogby International said they did not agree that "the
government could suspend privacy laws to enable the sharing of
counter-terror information that could include private data on U.S.
citizens." More than one-third, 35 percent, strongly disagreed with that
statement. The April 13-16 survey included 5,932 U.S. residents and had
a margin of error of 1.3 percentage points. The poll comes as senior
Bush administration officials told Congress that they believed the
president had the authority to decide whether to conduct surveillance
without warrants, despite the Foreign Intelligence Surveillance Act. The
1978 law requires court-approved warrants for the wiretapping of
American citizens and others inside the United States. President Bush
has been repeatedly criticized for a secret 2002 order allowing the NSA
to conduct warrantless surveillance of international telephone and
Internet communications on American soil.

UPI/Zogby Poll (Apr. 13-16, 2007):

     http://www.epic.org/redirect/poll0507.html

EPIC Resources on Domestic Surveillance:

     http://www.epic.org/features/surveillance.html


Pentagon Ends Controversial Data-Gathering Program.

The Pentagon will end its Threat and Local Observation Notices (TALON)
Program, said Undersecretary of Defense for Intelligence, James R.
Clapper Jr. The program collects unvalidated reports of activities that
are alleged to be threats to the Defense Department. However, Clapper
also said that the department would continue "to document and assess
potential threats to Defense Department resources." The program was
heavily criticized, and the Pentagon had to apologize, after documents
revealed that TALON collected data on peaceful anti-war and anti-nuclear
meetings and protests. The documents were obtained under the Freedom of
Information Act by the Servicemembers Legal Defense Network and the
ACLU. The department admitted that it had maintained the information
after it was determined that there was no threat from the protests and
past the 90 days its guidelines provided for. The department also
monitored student speech and e-mails at several universities across the
country, tracking students involved in protesting military policies.

Servicemembers Legal Defense Network Documents Revealing Student
Monitoring (pdf):

     http://www.sldn.org/binary-data/SLDN_ARTICLES/pdf_file/3028.pdf

FOIA Documents about the Database Obtained by the ACLU: 

     http://www.aclu.org/safefree/spyfiles/27050prs20061012.html


National Institute of Standards and Technology Releases RFID Guidelines

The National Institute of Standards and Technology (NIST) issued its
Guidelines for Securing Radio Frequency Identification (RFID) Systems
last week. NIST urged retailers, federal agencies, and other
organizations to evaluate the potential security and privacy risks of
RFID technology and use best practices to reduce them. "Personal privacy
rights or expectations may be compromised if an RFID system uses what is
considered personally identifiable information for a purpose other than
originally intended or understood," NIST said. "As people possess more
tagged items and networked RFID readers become ever more prevalent,
organizations may have the ability to combine and correlate data across
applications to infer personal identity and location and build personal
profiles in ways that increase the privacy risk." NIST detailed how to
address, in the context of an RFID system, the basic principles of the
Organization for Economic Co-operation and Development's Guidelines on
the Protection of Privacy and Transborder Flows of Personal Data. EPIC
has repeatedly warned that RFID technology increases the risk of
clandestine tracking and unauthorized access to data.

NIST Guidelines for Security of RFID Systems (pdf):

     http://www.epic.org/redirect/nist0507.html

EPIC's Page on RFID:

     http://www.epic.org/privacy/rfid/


Banks Sue TJX Over Security Breach Affecting 46 Million Cards

Bank associations in Connecticut, Massachusetts and Maine, representing
nearly 300 banks, have filed a class action lawsuit in Boston against
TJX Companies over the data security breach in which more than 45
million credit and debit card numbers were stolen by hackers. The
computer system breaches began in July 2005 but weren't discovered until
December 2006. The suit seeks to recover damages in the "tens of
millions of dollars," the cost, the banks say, to replace cards and
cover fraudulent charges from the security breach. The banks allege that
TJX failed to adequately protect sensitive data and misrepresented how
it handled data, which they say constitutes an unfair trade practice
under Massachusetts law. The TJX breach is just the latest in numerous
data and security scandals. More than 153 million data records of U.S.
residents have been exposed due to security breaches since January 2005,
according to a report from the Privacy Rights Clearinghouse.

Bank Associations' Press Release About Suit (pdf):

     https://www.massbankers.org/pdfs/DataBreachSuitNR5.pdf

Privacy Rights Clearinghouse, Chronology of Data Breaches:

     http://www.privacyrights.org/ar/ChronDataBreaches.htm

EPIC's Page on Identity Theft:

     http://www.epic.org/privacy/idtheft/

========================================================================
[7] EPIC Bookstore: "Illusions of Security"
========================================================================

"Illusions of Security: Global Surveillance and Democracy in the
Post-9/11 World," by Maureen Webb (City Lights Books, 2007).

     http://www.powells.com/partner/24075/biblio/9780872864764

"Illusions of Security" provides a comprehensive, detailed, and
disturbing review of a decade of mass surveillance activities, with
particular focus on the worldwide shift in investigative techniques in
the post-9/11 world. The real-life impacts of these programs come into
sharp focus in Webb's many examples of personal experiences, including
the story of Maher Arar, the Canadian who, based on Canadian and
American intelligence misinformation, was detained in the U.S. and sent
to Syria, where he was interrogated and tortured.

From this "cautionary tale of our times," Webb proceeds to outline the
various mass surveillance systems and proposals that have recently come
into existence in the US and around the globe. The programs, ranging
from new passport requirements, RFID technology, and biometrics, to the
tracking of financial information, air travel information, and
communications monitoring all demonstrate a shift in law enforcement
towards "preemption of risk" that given large enough amounts of data,
patterns of culpability can be discovered from innocuous details. A
preemption model of security reverses the presumption of innocence and
wrongly assumes that criminal and terrorist activity could be curtailed
by increased access to infinite quantities of information.  The
preemption model has allowed governments to manipulate, in the name of
preventative policing, legislative constraints on government
surveillance, and has been used to justify such extreme measures as
extraordinary rendition, outsourcing of interrogation and torture in the
race to gather information.

Ironically, Webb's analysis succeeds where the very programs she is
describing fails: her ability to gather dispersed and incomplete clues
on the scope and extent of various surveillance initiatives unveils
patterns of disproportionate erosion of civil liberties in exchange for
few law enforcement benefits. As the author states, "Sifting through an
ocean of flawed information with a net of bias and faulty logic, the
initiatives described in this book yield a tidal wave of false leads and
useless information." The consequences of such false leads, says Webb,
is far more serious than inefficiencies in intelligence operations.
Trawling vast quantities of largely irrelevant data wrongly diverts
resources from more effective investigative techniques, exacerbates
global insecurity, and threatens our liberty and democracy.

-- Allison Knight

================================

EPIC Publications:

"Information Privacy Law: Cases and Materials, Second Edition" Daniel J.
Solove, Marc Rotenberg, and Paul Schwartz. (Aspen 2005). Price: $98.
http://www.epic.org/redirect/aspen_ipl_casebook.html

This clear, comprehensive introduction to the field of information
privacy law allows instructors to enliven their teaching of fundamental
concepts by addressing both enduring and emerging controversies. The
Second Edition addresses numerous rapidly developing areas of privacy
law, including: identity theft, government data mining and electronic
surveillance law, the Foreign Intelligence Surveillance Act,
intelligence sharing, RFID tags, GPS, spyware, web bugs, and more.
Information Privacy Law, Second Edition, builds a cohesive foundation
for an exciting course in this rapidly evolving area of law.

================================

"Privacy & Human Rights 2005: An International Survey of Privacy Laws
and Developments" (EPIC 2006). Price: $60.
http://www.epic.org/bookstore/phr2005/phr2005.html

This annual report by EPIC and Privacy International provides an
overview of key privacy topics and reviews the state of privacy in over
70 countries around the world. The report outlines legal protections,
new challenges, and important issues and events relating to privacy.
Privacy & Human Rights 2005 is the most comprehensive report on privacy
and data protection ever published.

================================

"FOIA 2004: Litigation Under the Federal Open Government Laws," Harry
Hammitt, David Sobel and Tiffany Stedman, editors (EPIC 2004). Price:
$40.
http://www.epic.org/bookstore/foia2004

This is the standard reference work covering all aspects of the Freedom
of Information Act, the Privacy Act, the Government in the Sunshine Act,
and the Federal Advisory Committee Act.  The 22nd edition fully updates
the manual that lawyers, journalists and researchers have relied on for
more than 25 years.  For those who litigate open government cases (or
need to learn how to litigate them), this is an essential reference
manual.

================================

"The Public Voice WSIS Sourcebook: Perspectives on the World Summit on
the Information Society" (EPIC 2004). Price: $40.
http://www.epic.org/bookstore/pvsourcebook

This resource promotes a dialogue on the issues, the outcomes, and the
process of the World Summit on the Information Society (WSIS).  This
reference guide provides the official UN documents, regional and
issue-oriented perspectives, and recommendations and proposals for
future action, as well as a useful list of resources and contacts for
individuals and organizations that wish to become more involved in the
WSIS process.

================================

"The Privacy Law Sourcebook 2004: United States Law, International Law,
and Recent Developments," Marc Rotenberg, editor (EPIC 2005). Price:
$40.
http://www.epic.org/bookstore/pls2004/

The Privacy Law Sourcebook, which has been called the "Physician's Desk
Reference" of the privacy world, is the leading resource for students,
attorneys, researchers, and journalists interested in pursuing privacy
law in the United States and around the world. It includes the full
texts of major privacy laws and directives such as the Fair Credit
Reporting Act, the Privacy Act, and the OECD Privacy Guidelines, as well
as an up-to-date section on recent developments. New materials include
the APEC Privacy Framework, the Video Voyeurism Prevention Act, and the
CAN-SPAM Act.

================================

"Filters and Freedom 2.0: Free Speech Perspectives on Internet Content
Controls" (EPIC 2001). Price: $20.
http://www.epic.org/bookstore/filters2.0

A collection of essays, studies, and critiques of Internet content
filtering.  These papers are instrumental in explaining why filtering
threatens free expression.

================================

EPIC publications and other books on privacy, open government, free
expression, crypto and governance can be ordered at:

EPIC Bookstore http://www.epic.org/bookstore

"EPIC Bookshelf" at Powell's Books
http://www.powells.com/features/epic/epic.html

================================

EPIC also publishes EPIC FOIA Notes, which provides brief summaries of
interesting documents obtained from government agencies under the
Freedom of Information Act.

Subscribe to EPIC FOIA Notes at:
https://mailman.epic.org/cgi-bin/control/foia_notes


========================================================================
[8] Upcoming Conferences and Events
========================================================================

Symposium on Internet Governance and Security: Exploring Global and
National Solutions. Swiss Embassy. May 17, 2007. Washington, DC. For
more information: http://internetgovernance.org/events.html

Conference on Interdisciplinary Studies in Information Privacy and
Security. Rutgers University. May 22, 2007. New Brunswick. For more
information: http://www.scils.rutgers.edu/ci/isips/

Privacy Compliance Conference. The Canadian Institute.  May 30-31, 2007.
Toronto, Canada.  For more information:
http://www.privcom.gc.ca/events/index_e.asp

2007 ALA Annual Conference. Washington Convention Center. June 23-26,
2007. Washington, DC. For more information:
http://www.ala.org/ala/eventsandconferencesb/annual/2007a/home.htm

Civil Society Privacy Conference: Privacy Rights in a World Under
Surveillance. September 25, 2007. Montreal, Canada. For more
information:
http://www.thepublicvoice.org/events/montreal07/default.html

29th International Conference of Data Protection and Privacy
Commissioners. September 25-28, 2007.  Montreal, Canada. For more
information:
http://www.privacyconference2007.gc.ca/Terra_Incognita_home_E.html

Future of the Internet Economy - OECD Ministerial Meeting. June 14-18,
2008. Seoul, Korea. For more information:
http://www.oecd.org/document/19/0,2340,en_2649_37441_38051667
_1_1_1_37441,00.html

======================================================================
Subscription Information
======================================================================

Subscribe/unsubscribe via web interface:

https://mailman.epic.org/cgi-bin/mailman/listinfo/epic_news

Back issues are available at:

http://www.epic.org/alert

The EPIC Alert displays best in a fixed-width font, such as Courier.

========================================================================
Privacy Policy
========================================================================

The EPIC Alert mailing list is used only to mail the EPIC Alert and to
send notices about EPIC activities.  We do not sell, rent or share our
mailing list.  We also intend to challenge any subpoena or other legal
process seeking access to our mailing list.  We do not enhance (link to
other databases) our mailing list or require your actual name.

In the event you wish to subscribe or unsubscribe your e-mail address
from this list, please follow the above instructions under "subscription
information."

========================================================================
About EPIC
========================================================================

The Electronic Privacy Information Center is a public interest research
center in Washington, DC.  It was established in 1994 to focus public
attention on emerging privacy issues such as the Clipper Chip, the
Digital Telephony proposal, national ID cards, medical record privacy,
and the collection and sale of personal information. EPIC publishes the
EPIC Alert, pursues Freedom of Information Act litigation, and conducts
policy research.  For more information, see http://www.epic.org or write
EPIC, 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009. +1 202
483 1140 (tel), +1 202 483 1248 (fax).

If you'd like to support the work of the Electronic Privacy Information
Center, contributions are welcome and fully tax-deductible.  Checks
should be made out to "EPIC" and sent to 1718 Connecticut Ave., NW,
Suite 200, Washington, DC 20009.  Or you can contribute online at:

http://www.epic.org/donate

Your contributions will help support Freedom of Information Act and
First Amendment litigation, strong and effective advocacy for the right
of privacy and efforts to oppose government regulation of encryption and
expanding wiretapping powers.

Thank you for your support.

------------------------- END EPIC Alert 14.09 -------------------------

.