Focusing public attention on emerging privacy and civil liberties issues

EPIC Alert 16.20

=======================================================================
                         E P I C   A l e r t
=======================================================================
Volume 16.20                                           October 23, 2009
-----------------------------------------------------------------------

                           Published by the
              Electronic Privacy Information Center (EPIC)
                           Washington, D.C.

            http://www.epic.org/alert/epic_alert_1620.html

		   "Defend Privacy. Support EPIC."
	                 http://epic.org/donate


=======================================================================
Table of Contents
=======================================================================
[1] EPIC Urges Court to Protect Speech of Privacy Advocate
[2] Agency Seeks Comments on Definition of Personal Data
[3] EPIC Recommends Safeguards for Voting Systems
[4] Privacy Groups Say Homeland Security Privacy Office Failing
[5] Privacy Groups Urge Google Books Judge to Protect User Privacy
[6] News in Brief
[7] EPIC Bookstore: "Delete"
[8] Upcoming Conferences and Events
 - Join EPIC on Facebook http://facebook.com/epicprivacy
	- Privacy Policy
	- About EPIC
	- Donate to EPIC http://epic.org/donate
	- Subscription Information

=======================================================================
[1] EPIC Urges Court to Protect Speech of Privacy Advocate
=======================================================================

On October 20, 2009, EPIC filed a "friend of the court" brief with the
Fourth Circuit Court of Appeals, urging the court to hold that the
First Amendment protects the speech of Betty Ostergren, a privacy
advocate.

Ostergren runs a Website calling for improved privacy rights and the
removal of private information from public records. Virginia provides
"secure remote access" to certain public records, including court
records that contain "several hundred million documents with SSNs."
Ostergren obtained unredacted public documents through the secure
remote access system and posted the documents, including Social
Security Numbers, on her Website. Ostergren argued that posting the
records informs the public about the online availability of personal
information, and increases transparency and oversight.

Under Virginia law, Ostergren could be prosecuted for publishing SSNs,
even though Virginia makes the numbers widely available. The Personal
Information Privacy Act provides that "a person shall not . . .
[i]ntentionally communicate another individual's social security number
to the general public." The previous version of the statute provided an
exception for "records required by law to be open to the public."
Before the revised provision went into effect, Ostergren filed a
complaint in the United States District Court for the Eastern District
of Virginia, alleging that the revised provision was unconstitutional
under the First Amendment and applicable Supreme Court precedent.

The District Court held that the provision was unconstitutional as
applied to her website. The court found that Ostergren's website
addressed a matter of public concern, and that Virginia did not appear
to regard the protection of SSNs as an "interest of the highest order"
because it made some records available online and did not fund the
redaction of the records.

The Virginia Attorney General appealed to the Court of Appeals for the
Fourth Circuit. EPIC's brief urges the appeals court to uphold the
lower court's ruling, arguing that her activity is pure speech intended
to call attention to the precise problems of SSN availability by
publishing the SSNs of the relevant Virginia state officials who make
the SSNs available. The Supreme Court has consistently held that such
speech may be punished only under extraordinary circumstances.
Moreover, protecting Ms. Ostergren's constitutional right to free
speech will not unduly interfere with the Commonwealth's ability to
protect its citizens' privacy against data mining and disclosure by
commercial interests because commercial speech is governed by a lower
standard.

EPIC Brief:
  http://epic.org/privacy/ostergren/Ostergren_EPIC_Amicus_Brief.pdf

Virginia Attorney General Brief:
  http://epic.org/privacy/ostergren/Appellant%27s%20opening%20brief.pdf

Ostergren's Website:
  http://www.thevirginiawatchdog.com/%20Lower%20Court

Decision:
  http://www.epic.org/redirect/102209ostergren.html

EPIC: Social Security Numbers:
  http://epic.org/privacy/ssn/

EPIC: Identity Theft:
  http://epic.org/privacy/idtheft/



=======================================================================
[2] Agency Seeks Comments on Definition of Personal Data
=======================================================================

The Department of Health and Human Services (HHS) plans to modify
sections of the federal Privacy Rule that was issued under HIPAA. The
Department issued an interim final rule that would ensure genetic
information is not considered in determining health care eligibility,
in hopes of encouraging more people to participate in genetic testing
to better detect and prevent illnesses. HHS Secretary Kathleen Sebelius
stated, "protect[ing] Americans undergoing genetic testing from having
the results of that testing used against them by their insurance
companies is one of the 'first major new civil rights' of the new
century." This rule will increase "[c]onsumer confidence in genetic
testing[, which] can now grow and help researchers get a better handle
on the genetic basis of diseases."

The proposed changes would clarify the scope of privacy and
confidentiality of genetic information. According to Labor Department
Secretary Hilda L. Solis, "Today's genetic technologies yield data that
are vital to helping Americans make personal, medical decisions. It is
essential that we protect such information and ensure it is not misused
by health plans or insurers. The rules issued today protect individuals
against the unwarranted use of information related to their personal
health, because no one should have to fear that disclosure of their
medical data will put their job or health coverage at risk."

Specifically, HHS proposes to modify the Privacy Rule, pursuant to the
Genetic Information Nondiscrimination Act Title I, to prohibit
group health plans from using or disclosing personally identifiable
health information. This would explicitly include genetic information,
for underwriting purposes. Thus, group health plans and issuers cannot
increase premiums, deny enrollment, or impose pre-existing condition
exclusions based on the results of an enrollee's genetic information.
These prohibitions already apply to the individual health insurance
market, as regulated by the Act.

Public comments on the proposed rule are due December 7, 2009. EPIC is
recommending that HHS pay particular attention to the problem of data
reidentification.

Department of Health and Human Services:
  http://www.hhs.gov

Privacy Rule:
  http://www.epic.org/redirect/102209privrule.html

Genetic Information Nondiscrimination Act:
  http://www.epic.org/redirect/102209geninfoact.html

HHS Press Release: New Rules Protect Patients' Genetic information:
  http://www.hhs.gov/news/press/2009pres/10/20091001b.html

HHS Proposed Rule Modifying HIPAA:
  http://edocket.access.gpo.gov/2009/pdf/E9-22492.pdf

EPIC: Reidentification:
  http://www.epic.org/privacy/reidentification


=======================================================================
[3] EPIC Recommends Safeguards for Voting Systems
=======================================================================

The Election Assistance Commission (EAC) recently closed its latest
request for public input into the process of developing new federal
guidelines on voting system technology to be used federal elections.
The standards, when final, would replace the 2005 version and be the
first major rewrite of voting systems standards in more than five
years.

The most recent comment period marked the second 120-day comment
period for the Commission's work to redraft standards for federal
voting system testing and certification. The "Draft Standards" document
released for the most recent comment period had significant,
unexplained changes from the document released for the first 120-day
comment period held in 2008. The document released by the EAC in 2008
for that comment period included provisions for "software independence"
and an "innovation class" for voting systems. Both of these proposals
are missing from the 2009 opportunity to comment on the Election
Assistance Commission's efforts to update standards for voting systems.

EPIC's comments to the agency raised questions about transparency in
the drafting process for the next iteration of the Voluntary Voting
System Guidelines. EPIC questioned why the Technical Guidelines
Development Committee currently lacks a role in the drafting. The
Technical Guidelines Development Committee was established to inform
the agency on the drafting of voting system standards, but has not met
since August 2007 and was officially disbanded in 2009. Additionally,
EPIC's comment noted that past public comments submitted on earlier
iterations of the Voluntary Voting System Guidelines are not available
on the agency's Web site and that differences between versions of the
document are not explained. In its comments, EPIC stressed the
importance of protection of the secret ballot cast in public elections.

EPIC urged the Commission to include in its guidelines strong support
of open government procedures that allow public access to the election
administration process. EPIC also urged the Commission to include
guidance that addresses the need to minimize and, when possible,
eliminate the threat to voters' privacy. Finally, EPIC reiterated its
support for "software independence" and the "innovation class as
recommended by the Technical Guidelines Development Committee.

EPIC 2009 Comments to the EAC:
  http://epic.org/privacy/voting/EPIC_VVSG_v.1.1-9_28_2009.pdf

Voluntary Voting System Guidelines 2009 120-Day Comment Period
Document:
  http://epic.org/privacy/voting/VVSG_1-1_Volume_1.pdf

Voluntary Voting System Guidelines 2008 120-Day Comment Period
Document:
  http://epic.org/privacy/voting/final_tgdc2007.pdf

EPIC 2008 Comments to the EAC:
  http://www.epic.org/privacy/voting/2007vvsg_5508.pdf

EPIC Voting Privacy Page:
  http://epic.org/privacy/voting/


=======================================================================
[4] Privacy Groups Say Homeland Security Privacy Office Failing
=======================================================================

EPIC and a number of other privacy and civil liberties groups have sent
a letter to the House Committee on Homeland Security, in response to
the Annual Report recently issued by the Chief Privacy Officer of the
Department of Homeland Security. The annual report discusses all of the
activities of the Privacy Office from July 2008 to June 2009. Notably
absent from the report were ways in which the Office had performed its
statutory obligation to assure "that the use of technologies sustain,
and do not erode, privacy protections."

To help the Officer achieve these goals, Congress granted considerable
investigative authority, including access to nearly all documentation
relating to Department programs, the power to conduct investigations
into any program or operation, the power to take sworn affidavits, and
the power to issue subpoenas with the approval of the Secretary. Yet
the section of the annual report entitled "Compliance" only briefly
discusses ways in which the Office has affected Department policy.
Instead, it focuses almost entirely on the conducting of assessments.

The letter from EPIC and the other organizations focused on four major
programs within the Department and highlighted the Privacy Office's
lack of action on each one:

-Fusion Centers and the Information Sharing Environment
-Whole Body Imaging
-Closed-Circuit Television Surveillance
-Suspicionless Electronic Border Searches

As the letter states, in each of the above cases, the Privacy Office
"has written Privacy Impact Assessments, but these Assessments have no
force, no meaningful effect on the Department’s activities." Also, in
each case, the Office has focused on justifying the legality of
Department behavior, made recommendations with no force, or used the
Assessment process as an outreach tool in an attempt to explain away
violations of privacy. The letter states that the job of the Chief
Privacy Officer, "as defined in the statute is to protect the privacy
of American citizens, through investigation and oversight.  If this
cannot be achieved by an internal office, then the situation calls for
an independent office that can truly evaluate these programs and make
recommendations in the best interests of the American public."

The letter ends by urging the Committee to open an investigation into
the Privacy Office and to consider replacing it with an independent
office.

EPIC and Other Groups' Letter:
  http://epic.org/security/DHS_CPO_Priv_Coal_Letter.pdf

DHS Privacy Office 2009 Annual Report:
  http://www.epic.org/redirect/102209privrpt.html

DHS Privacy Office:
  http://www.dhs.gov/privacy

Statutory Obligations of CHS Chief Privacy Officer:
  http://www.epic.org/redirect/102209statob.html


=======================================================================
[5] Privacy Groups Urge Google Books Judge to Protect User Privacy
=======================================================================

In hopes of influencing the revision of the Google Books Settlement
several organizations and experts issued an October 9, 2009 letter to
Google regarding the Settlement. The writers included EPIC, library
associations, nonprofit organization, and privacy authors and
publishers (represented by the Electronic Frontier Foundation, the
American Civil Liberties Union Foundation, and the Samuelson Law,
Technology & Public Policy Clinic). The letter was written to urge
Google to include enforceable privacy protections along with the
amended settlement agreement that the company is currently negotiating.

The letter cited the failure of the settlement to ensure that readers
using the Google Book Search services will have their privacy protected
as much as readers using physical books. This failure, the letter said,
is not only the basis for some objections to the settlement, but has
also been raised as a concern by those who support the settlement.
"Providing real, enforceable privacy protections may help reduce the
number of objections that the court must consider as the case moves
forward," the letter writers argued.

The letter writers also stated that current Google Books Privacy Policy
does not go far enough, saying "We believe that it is vital that Google
commit to additional privacy protections and that such commitments be
enforceable by the court presiding over the settlement."

EPIC has been consistently involved in the Google Books settlement. On
September 4, 2009, EPIC filed papers in federal district court on the
proposed settlement between Google, authors, and publishers. The Google
Books Settlement would create a single digital library, operated by
Google, but currently fails to limit Google's use of the personal
information collected. EPIC stated that the settlement "mandates the
collection of the most intimate personal information, threatens
well-established standards that safeguard intellectual freedom, and
imperils longstanding Constitutional rights, including the right to
read anonymously." EPIC further warned that the Google Books deal
"threatens to eviscerate state library privacy laws that safeguard
library patrons in the United States."

EPIC has also conducted an in-depth analysis of the Google Books
privacy policy and found it to be lacking in satisfactory privacy
safeguards. EPIC cited several provisions in the policy that allow for
the collection, storage, and sharing of massive amounts of personally
identifiable user information. EPIC advocated for the inclusion of
privacy provisions in the Google Books Settlement and urged Google to
fix the privacy policy and improve privacy protection.

October 9, 2009 Letter Issued to Google Regarding Settlement:
  http://www.epic.org/redirect/102209gbletter.html

EPIC: Google Books Settlement and Privacy:
  http://epic.org/privacy/googlebooks/default.html

EPIC: Google Books Litigation:
  http://epic.org/privacy/googlebooks/litigation.html

EPIC: Google Books: Policy Without Privacy:
  http://epic.org/privacy/googlebooks/policy.html#policy

Google Books Privacy Policy:
  http://books.google.com/googlebooks/privacy.html


=======================================================================
[6] News in Brief
=======================================================================

TSA Expands Passenger Electronic Strip Search Program

The Transportation Security Administration has plans to greatly
expand its use of whole body imaging machines at airports around the
country. The x-ray machines, which each cost over $100,000, capture
detailed, graphic images of passengers' naked bodies. In June, the
House of Representatives overwhelmingly passed a measure that would
restrict Administrations's use of these machines. The measure is pending in the
Senate. The Privacy Coalition has urged the Department of Homeland
Security to suspend the program until privacy and security risks can be
fully evaluated. EPIC has also filed Freedom of Information Act
requests for the contracts with the vendor Rapiscan.

EPIC: Whole Body Imaging:
  http://epic.org/privacy/airtravel/backscatter/

EPIC: Spotlight on Surveillance:
  http://mail.privacy.org/privacy/surveillance/spotlight/0605/

House Bill HR 2027:
  http://www.epic.org/redirect/102209hb.html

TSA's Website on Whole Body Imaging:
  http://www.tsa.gov/approach/tech/imaging_technology.shtm



California Governor Vetoes Consumer Privacy Bill, but Signs Bill to
Strengthen Celebrity Privacy

Governor Schwarzenegger has terminated S.B. 20, a bill that would have
strengthened California's data breach laws by requiring that consumers
be notified every time their privacy was compromised. But just days
later, the Governor signed A.B. 524, an amendment to California's
current anti-paparazzi law that will protect the privacy of celebrities
by making it easier to sue photographers and media outlets for taking
or purchasing unauthorized pictures. For more information about privacy
in California, see the California Office of Information Security and
Privacy Protection.

Data Breach Bill: S.B. 20:
  http://www.epic.org/redirect/102209databrbill.html

Anti-Paparazzi Amendment: A.B. 524:
  http://www.epic.org/redirect/102209antipap.html

California's Current Anti-paparazzi Law:
  http://www.epic.org/redirect/102209currentantipap.html

California Office of Information Security and Privacy Protection:
  http://www.oispp.ca.gov/default.asp





EPIC Meets with Spanish Delegation on Freedom of Information Laws

Last week, EPIC met with a delegation from Spain, which included
professors, journalists, and lawyers, to offer advice on drafting a
Spanish freedom of information law. Currently, Spain is the only major
country in the European Union that does not have such a law Delegates
from Spain traveled to the U.S. to meet with several FOIA experts and
discuss the details of FOIA law, in hopes that this would inform the
creation of their own open government law. EPIC assisted the delegation
by discussing important advantages and disadvantages of United States
open government laws.

EPIC: Open Government:
  http://epic.org/open_gov/

US Freedom of Information Act:
  http://www.epic.org/redirect/102209FOIA.html

EPIC FOIA Litigation Manual 2008:
  http://epic.org/bookstore/foia2008/



European Commissioner Calls for Privacy Safeguards for Internet

Commissioner Viviane Reding, Member of the European Commission in
charge of Information Society and Media, reaffirmed support for an open
Internet and called for new initiatives for "the protection of privacy
and personal data in the online environment." Reding cited three
commercial developments that require close attention: social
networking, behavioral advertising and RFID "smart chips." EPIC will be
hosting an international conference on privacy protection in Madrid (in
conjunction with the annual meeting of the Data Protection
Commissioners) that will explore these topics and other related issues.

Commissioner Reding's Biography:
  http://ec.europa.eu/commission_barroso/reding/index_en.htm

Commissioner's Press Release:
  http://www.epic.org/redirect/102209commpr.html

EPIC: International Privacy Protection Conference:
  http://thepublicvoice.org/events/madrid09

Annual Meeting of Data Protection Commissioners:
  http://www.epic.org/redirect/102209procomm.html



EPIC Speaks on Google Books, Privacy at "D is for Digitize" Conference

On October 9, 2009, EPIC spoke at New York Law School's "D is for
Digitize" conference, highlighting the privacy threats posed by the
Google Books settlement. EPIC discussed its September motion to
intervene in the lawsuit, and explained why it has asked a New York
federal court to reject the proposed deal unless the parties add
meaningful privacy safeguards. The settlement would resolve a complaint
filed by rightsholders against Google, and arose from Google's
large-scale digitization of books. On September 23, 2009, the parties
withdrew the proposed settlement and announced plans to renegotiate
terms. The new settlement must be submitted for court review by
November 9, 2009. In July, the Department of Justice announced an
investigation of the proposed agreement. EPIC and other experts have
criticized the settlement on privacy and antitrust grounds.

EPIC Google Books Settlement and Privacy:
  http://epic.org/privacy/googlebooks/default.html

EPIC Google Books Litigation Page:
  http://epic.org/privacy/googlebooks/litigation.html

EPIC Google Books: Policy Without Privacy:
  http://epic.org/privacy/googlebooks/policy.html

"D is for Digitize" Conference:
  http://www.epic.org/redirect/102209digitize.html

=======================================================================
[7] EPIC Bookstore: "Delete"
=======================================================================
"Delete: the virtue of forgetting in the digital age" By Viktor
Mayer-Schönberger

To purchase: http://www.epic.org/redirect/102209book.html


	"For millennia, the relationship between remembering and
	forgetting remained clear.  Remembering was hard and costly, and
	humans had to choose deliberately what to remember.  The default
	was to forget.  In the digital age, in what is perhaps the most
	fundamental change for humans since our humble beginnings, that
	balance of remembering and forgetting has become inverted."

In "Delete," Viktor Mayer-Schönberger examines the role of remembering
and forgetting throughout human history. From early cave paintings to
the evolution of the written word, the act of remembering was a
laborious task, so by default most information was forgotten. However,
the advent of digital technology has stripped our natural ability to
forget, depriving us of important societal benefits.
Mayer-Schönberger, who is the director of the Information and
Innovation Policy Research Centre at the National University of
Singapore's Lee Kuan Yew School of Public Policy, deconstructs the
technological factors that facilitate our inability to forget, from
digitization to cheap storage. Although several other scholars and
experts have proposed solutions that would restore our ability to
forget, Mayer-Schönberger explains why those fixes are insufficient and
proposes an alternative - imposing expiration dates on information.

"Delete" begins by retracing the role of remembering and forgetting in
human history. For thousands of years, humans have tried to invent ways
to remember more and forget less. Beginning with language and simple
oral communication, humans soon developed the ability to store external
memory and pass memories on to others through paintings. By the fourth
millennium BCE, humans had developed script, and more economical means
of printing words would eventually follow. However, until recently,
forgetting has always been at least a little bit easier and cheaper
than remembering.  Therefore, humans always had to decide what was
important enough to remember.

In the digital age, however, remembering has become the norm: "Modern
technology has fundamentally altered what information can be
remembered, how it is remembered, and at what cost." Mayer-Schönberger
identifies four "main technological drivers" that have catalyzed the
change: digitization, cheap storage, easy retrieval, and global reach.
Digitization has allowed the "lossless, cheap, and easy copying of
digital information," which enables "a new generation of information
processing, storage, retrieval, and sharing that is vastly superior to
its analog counterparts."  Cheap storage allows for vast amounts of
information to be stored indefinitely, and it is likely that "storage
capacity will continue to double and storage costs to halve about every
eighteen to twenty-four months, leaving us with an abundance of cheap
digital storage."  Digital tools streamlining the easy retrieval of
information "strip[s] away original context," and even with
re-contextualization efforts, much of the original context of the
information is lost. Finally, as a result of global reach and sharing
over the Internet, "our capacity as individuals to control information
is vastly reduced."

Mayer-Schönberger then argues that the immortality of digital memory
adversely affects the "power" and "time" of our information.
Information is power, but the accessibility, durability, and
comprehensiveness of the available digital information alter the
balance of power in a way that harms individuals and influences how
humans behave.  Moreover, he argues, "digital remembering negates time,
and thereby threatens our ability to decide rationally." After
explaining why forgetting is important in the digital age,
Mayer-Schönberger examines "six possible responses aimed at preventing
or mitigating the challenges of power and time posed by digital
memory." He considers three responses - digital abstinence, privacy
rights, and privacy digital rights management -  which "[focus] on the
ability of individuals to control the sharing of information with
others."  He also considers three others - cognitive adjustment,
information ecology, and full contextualization - which focus on "the
human process of using information for decision-making."  However,
none, he argues, "offered a silver bullet" because none addressed both
components. Mayer-Schönberger then suggests another solution:
"associating information we store in digital memory with expiration
dates that user set."  By setting expiration dates, people will be able
to both control the sharing of information with others, as well as be
more aware of the "finiteness of information."  He considers the
numerous methods and variations of expiration that would be possible,
and explains why the concept improves upon the six alternative
solutions. Mayer-Schönberger's book raises serious questions about the
role of forgetting in our society, and his solution is an elegant one
that addresses many of the problems associated with digital remembering.

--Matthew Phillips

================================
EPIC Publications:

"Litigation Under the Federal Open Government Laws 2008," edited by
Harry A. Hammitt, Marc Rotenberg, John A. Verdi, and Mark S. Zaid
(EPIC 2008). Price: $60.

http://epic.org/bookstore/foia2008/
	
Litigation Under the Federal Open Government Laws is the most
comprehensive, authoritative discussion of the federal open access
laws. This updated version includes new material regarding the
substantial FOIA amendments enacted on December 31, 2007. Many of the
recent amendments are effective as of December 31, 2008. The standard
reference work includes in-depth analysis of litigation under Freedom
of Information Act, Privacy Act, Federal Advisory Committee Act,
Government in the Sunshine Act. The fully updated 2008 volume is the
24th edition of the manual that lawyers, journalists and researchers
have relied on for more than 25 years.

================================

"Information Privacy Law: Cases and Materials, Second Edition" Daniel
J. Solove, Marc Rotenberg, and Paul Schwartz. (Aspen 2005). Price: $98.

http://www.epic.org/redirect/aspen_ipl_casebook.html

This clear, comprehensive introduction to the field of information
privacy law allows instructors to enliven their teaching of fundamental
concepts by addressing both enduring and emerging controversies. The
Second Edition addresses numerous rapidly developing areas of privacy
law, including: identity theft, government data mining and electronic
surveillance law, the Foreign Intelligence Surveillance Act,
intelligence sharing, RFID tags, GPS, spyware, web bugs, and more.
Information Privacy Law, Second Edition, builds a cohesive foundation
for an exciting course in this rapidly evolving area of law.

================================

"Privacy & Human Rights 2006: An International Survey of Privacy Laws
and Developments" (EPIC 2007). Price: $75.
http://www.epic.org/phr06/

This annual report by EPIC and Privacy International provides an
overview of key privacy topics and reviews the state of privacy in over
75 countries around the world. The report outlines legal protections,
new challenges, and important issues and events relating to privacy.
Privacy & Human Rights 2006 is the most comprehensive report on privacy
and data protection ever published.

================================

"The Public Voice WSIS Sourcebook: Perspectives on the World Summit on
the Information Society" (EPIC 2004). Price: $40.

http://www.epic.org/bookstore/pvsourcebook

This resource promotes a dialogue on the issues, the outcomes, and the
process of the World Summit on the Information Society (WSIS). This
reference guide provides the official UN documents, regional and
issue-oriented perspectives, and recommendations and proposals for
future action, as well as a useful list of resources and contacts for
individuals and organizations that wish to become more involved in the
WSIS process.

================================

"The Privacy Law Sourcebook 2004: United States Law, International Law,
and Recent Developments," Marc Rotenberg, editor (EPIC 2005). Price:
$40.

http://www.epic.org/bookstore/pls2004/

The Privacy Law Sourcebook, which has been called the "Physician's Desk
Reference" of the privacy world, is the leading resource for students,
attorneys, researchers, and journalists interested in pursuing privacy
law in the United States and around the world. It includes the full
texts of major privacy laws and directives such as the Fair Credit
Reporting Act, the Privacy Act, and the OECD Privacy Guidelines, as
well as an up-to-date section on recent developments. New materials
include the APEC Privacy Framework, the Video Voyeurism Prevention Act,
and the CAN-SPAM Act.

================================

"Filters and Freedom 2.0: Free Speech Perspectives on Internet Content
Controls" (EPIC 2001). Price: $20.

http://www.epic.org/bookstore/filters2.0

A collection of essays, studies, and critiques of Internet content
filtering. These papers are instrumental in explaining why filtering
threatens free expression.

================================

EPIC publications and other books on privacy, open government, free
expression, crypto and governance can be ordered at:

EPIC Bookstore
http://www.epic.org/bookstore


================================

EPIC also publishes EPIC FOIA Notes, which provides brief summaries of
interesting documents obtained from government agencies under the
Freedom of Information Act.

Subscribe to EPIC FOIA Notes at:
https:/mailman.epic.org/mailman/listinfo/foia_notes


=======================================================================
[8] Upcoming Conferences and Events
=======================================================================

eChallenges 2009, Istanbul, Turkey, October 21-23, 2009.
For more information:
http://www.echallenges.org/e2009/default.asp

Big Brother Awards Switzerland, Zurich, Switzerland, October 24, 2009.
For more information:
http://www.bigbrotherawards.ch/2009/

3rd European Privacy Open Space, Vienna, Austria, October 24-25, 2009.
For more information:
http://www.privacyos.eu

Austrian Big Brother Awards Vienna, Austria, October 25, 2009.
For more information:
http://www.bigbrotherawards.at

Free Culture Forum: Organization and Action, Barcelona, Spain, October
29 - November 1, 2009.
For more information:
http://fcforum.net

Employee surveillance in Europe: Balancing privacy rights and management
control, Madrid, Spain, 3 November, 2009.
For more information:
http://www.privacylaws.com/templates/EventPage.aspx?id=1437

Global Privacy Standards in a Global World, The Public Voice, Madrid,
Spain, November 3, 2009.
For more information:
http://thepublicvoice.org/events/madrid09/

31st International Conference of Data Protection and Privacy
Commissioners, Madrid, Spain, November 4-6, 2009.
For more information:
http://epic.org/redirect/072009_31Conf_IntlDPA.html

Free Society Conference and Nordic Summit, Gothenburg, Sweden, November
13-15, 2009.
For more information:
http://www.fscons.org

UN Internet Governance Forum, Sharm El Sheikh, Egypt, November 15-18,
2009.
For more information:
http://www.intgovforum.org/

Privacy 2010, Stanford, March 23 - 25, 2010.
For more information:
http://codex.stanford.edu/privacy2010

=======================================================================
Join EPIC on Facebook
=======================================================================

Join the Electronic Privacy Information Center on Facebook

http//facebook.com/epicprivacy

http://epic.org/facebook

Start a discussion on privacy. Let us know your thoughts.
Stay up to date with EPIC's events.
Support EPIC.


=======================================================================
Privacy Policy
=======================================================================

The EPIC Alert mailing list is used only to mail the EPIC Alert and to
send notices about EPIC activities. We do not sell, rent or share our
mailing list. We also intend to challenge any subpoena or other legal
process seeking access to our mailing list. We do not enhance (link to
other databases) our mailing list or require your actual name.

In the event you wish to subscribe or unsubscribe your e-mail address
from this list, please follow the above instructions under "subscription
information."


=======================================================================
About EPIC
=======================================================================

The Electronic Privacy Information Center is a public interest research
center in Washington, DC. It was established in 1994 to focus public
attention on emerging privacy issues such as the Clipper Chip, the
Digital Telephony proposal, national ID cards, medical record privacy,
and the collection and sale of personal information. EPIC publishes the
EPIC Alert, pursues Freedom of Information Act litigation, and conducts
policy research. For more information, see http://www.epic.org or write
EPIC, 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009. +1 202
483 1140 (tel), +1 202 483 1248 (fax).

=======================================================================
Donate to EPIC
=======================================================================

If you'd like to support the work of the Electronic Privacy Information
Center, contributions are welcome and fully tax-deductible. Checks
should be made out to "EPIC" and sent to 1718 Connecticut Ave., NW,
Suite 200, Washington, DC 20009. Or you can contribute online at:

http://www.epic.org/donate

Your contributions will help support Freedom of Information Act and
First Amendment litigation, strong and effective advocacy for the right
of privacy and efforts to oppose government regulation of encryption and
expanding wiretapping powers.

Thank you for your support.


=======================================================================
Subscription Information
=======================================================================

Subscribe/unsubscribe via web interface:
http://mailman.epic.org/mailman/listinfo/epic_news

Back issues are available at:
http://www.epic.org/alert


The EPIC Alert displays best in a fixed-width font, such as Courier.


------------------------- END EPIC Alert 16.20 ------------------------

.