Focusing public attention on emerging privacy and civil liberties issues

EPIC Alert 17.09


=======================================================================
                          E P I C   A l e r t
=======================================================================
 Volume 17.09                                               May 10, 2010
-----------------------------------------------------------------------

                           Published by the
                Electronic Privacy Information Center (EPIC)
                            Washington, D.C.

              http://www.epic.org/alert/epic_alert_1709.html

		    "Defend Privacy. Support EPIC."
			http://epic.org/donate
			
			 EPIC Awards Dinner
		with Reece Hirsch and Kashmir Hill
	 honoring Pamela Jones Harbour and the Rose Foundation
                            June 2, 2010
                           Washington, DC
                     http://www.epic.org/june2/


=======================================================================
Table of Contents
=======================================================================
[1] EPIC Urges Congress to Protect Children's Privacy Online
[2] Supreme Court Hears Arguments on Petitioner Privacy
[3] Privacy Groups Warn FTC of Facebook's Unfair and Deceptive Acts
[4] In Amicus Brief, EPIC Urges Federal Court to Stop Wiretap Abuse
[5] Government Wiretaps Up 26% in 2009
[6] News in Brief
[7] EPIC Bookstore: "The Insider"
[8] Upcoming Conferences and Events


TAKE ACTION: Stop Airport Strip Searches!
- JOIN Facebook Group "Stop Airport Strip Searches" and INVITE Friends
- DISPLAY the IMAGE http://thepublicvoice.org/nakedmachine.jpg
- SUPPORT EPIC http://www.epic.org/donate/

=======================================================================
[1] EPIC Urges Congress to Protect Children's Privacy Online
=======================================================================

EPIC President Marc Rotenberg testified before the Senate Commerce
Committee last week urging Congress to extend the Children's Online
Privacy Protection Act (COPPA) to teenagers and social network
services. He said that, "COPPA did not anticipate the immersive online
experience that a social network service would provide or the extensive
data collection of both the trivial and the intimate information that
children would share with friends." Emphasizing the emergence of social
network services since the adoption of COPPA, Mr. Rotenberg pointed out
"the increasingly opaque way that companies transfer user information
to third parties," as a concern for children's privacy.

Mr. Rotenberg also highlighted the Federal Trade Commission's failure
to enforce children's privacy rights despite clear-cut violations of
the federal law. For example, EPIC filed a complaint with the FTC
against Echometrix, a company selling "parental control" software that
secretly monitored children's online activity for marketing purposes.
The FTC ignored EPIC's complaint, but the Department of Defense shut
down sales of the product. At the hearing, EPIC recommended updates
that would expand COPPA protections to teens and clarify the law's
application to mobile and social network services.

EPIC has done extensive work in children's online privacy. Mr.
Rotenberg testified before the House Judiciary Committee in support of
the bill that eventually became COPPA. EPIC worked with the Center for
Media Education, which had published a groundbreaking study in 1996 on
children's privacy, to develop COPPA and help ensure enactment. EPIC
has also filed complaints with the FTC detailing unfair and deceptive
trade practices that put children's privacy at risk.

Rotenberg Testimony Before the Senate Commerce Committee
     http://epic.org/privacy/kids/EPIC_COPPA_Testimony_042910.pdf

EPIC: Press Release
     http://epic.org/press/EPIC_COPPA_04_29_10_Release.pdf

EPIC: Children's Online Privacy Protection Act (COPPA)
     http://epic.org/privacy/kids/default.html

EPIC: Echometrix
     http://epic.org/privacy/echometrix/default.html


=======================================================================
[2] Supreme Court Hears Arguments on Petitioner Privacy
=======================================================================

The U.S. Supreme Court held oral arguments in the case of Doe v. Reed
on April 28. The Court will determine whether the state of Washington
may force disclosure of the names of citizens who have signed petitions
for ballot initiatives. The case is on appeal from the Ninth Circuit,
where the court ruled in favor of the employee. EPIC filed a "friend of
the court" brief in the United States Supreme Court, urging the
Justices to protect the privacy of those who sign petitions.
Twenty-five technology experts and legal scholars joined EPIC in filing
the brief to bring attention to a number of issues.

EPIC's brief first argues that revealing the names would subject
signatories to the risk of retribution, citing numerous instances
throughout history, both in the United States and abroad, of harassment
and retribution against those who sign petitions. These examples
include government retribution against petition signatories in such
places as China and Venezuela, as well as retribution against those who
signed so-called "Communist-inspired" civil rights petitions in the
United States in the 1950s.

The brief also argues that signing petitions constitutes anonymous
speech. It demonstrates the various ways in which anonymity is retained
through legal means even if it can not be perfectly preserved through
technical means. It also highlights the ways that Washington state law
indicates intent to preserve this anonymity.

Finally, EPIC's brief argues that signing petitions is similar to
casting a vote and should be protected accordingly. The brief argues
"that in some areas, a fundamental right to privacy is a necessary
safeguard against the consequences of the disclosure of personal
information. In few areas can this be more compelling than the
expression of support for causes that may be controversial, unpopular,
or simply abhorrent."

Several other briefs were filed by interested parties. In the oral
argument, the justices focused on the question of whether signing a
petition was more like a vote or more like a legislative act, and
compared the issue to that of disclosing campaign contributions. The
Court is likely to rule on the case before the end of the term in June.

EPIC Amicus Brief
     http://epic.org/privacy/reed/EPIC_amicus_Reed.pdf

EPIC Doe v. Reed
     http://epic.org/privacy/reed/

Supreme Court Docket for Doe v. Reed
     http://www.supremecourtus.gov/docket/09-559.htm


=======================================================================
[3] Privacy Groups Warn FTC of Facebook's Unfair and Deceptive Acts
=======================================================================

EPIC, along with a host of privacy and consumer protection
organizations, filed a complaint with the Federal Trade Commission
against Facebook this week. The complaint is concerned with Facebook's
most recent privacy changes, which "disclose personal information to
the public that was previously restricted," and "disclose personal
information to third parties that was previously not available." The
complaint states that these privacy changes, including Facebook's
social plugins and "Instant Personalization" feature, "violate user
expectations, diminish user privacy, and contradict Facebook's own
representations." The complaint also cites widespread opposition from
Facebook users, Senators, bloggers, and news organizations.

EPIC also wrote a letter to the Senate and House Committees with
jurisdiction over the FTC, bringing attention to the complaint and the
FTC's failure to enforce clear-cut consumer protection violations. "The
complaint speaks for itself," EPIC said in its letter to the senators,
"Facebook continues to manipulate the privacy settings of users and its
own privacy policy so that it can take personal information provided by
users for a limited purpose and make it widely available for commercial
purposes.

Senators Charles Schumer, Michael Bennet, Mark Begich, and Al Franken,
have also opposed the recent privacy changes made by Facebook. The
senators sent a letter to Facebook CEO Mark Zuckerberg to express
concern about "recent changes to the Facebook privacy policy and the
use of personal data by third-party websites." Senator Schumer has also
asked the FTC to establish guidelines for social networking sites. He
states, "Previously, users had the ability to determine what
information they chose to share and what information they wanted to
keep private."

EPIC and nine other privacy and consumer organizations filed a previous
complaint with the FTC in December 2009, urging the FTC to open an
investigation regarding changes to Facebook's privacy settings. In
January 2010, EPIC and several other groups filed a supplement to the
original complaint, providing additional evidence of Facebook's unfair
and deceptive trade practices relating to Facebook CEO's public
statements, the most recent version of the Facebook for iPhone
application, Facebook Connect, and "web-suicide" applications. The FTC
sent a letter regarding the 2009 complaint wherein the Bureau of
Consumer Protection Director stated that the complaint "raises issues
of particular interest" for the FTC. However, to date, the FTC has
announced no action in any of the pending complaints concerning
Facebook.

Facebook Complaint (May 2010)
     http://epic.org/privacy/facebook/EPIC_FTC_FB_Complaint.pdf

Letter to Senate and House Committees
     http://epic.org/privacy/facebook/EPIC_FB_FTC_Complaint_Letter.pdf
     
Senators' Letter to Mark Zuckerberg
     http://www.epic.org/redirect/051010senatorsletter.html
     
Senator Schumer's Request to FTC
     http://schumer.senate.gov/record.cfm?id=324175&

EPIC: Facebook Supplement Complaint (Jan. 2010)
     http://epic.org/privacy/inrefacebook/EPIC-FacebookComplaint.pdf

EPIC: Facebook Complaint (Dec. 2009)
     http://epic.org/privacy/inrefacebook/EPIC-FacebookComplaint.pdf

EPIC: In re Facebook
     http://epic.org/privacy/inrefacebook/



=======================================================================
[4] In Amicus Brief, EPIC Urges Federal Court to Stop Wiretap Abuse 
=======================================================================

EPIC filed a "friend of the court" brief, urging a federal appeals
court to protect the privacy of innocent individuals who were
inadvertently recorded on federal wiretaps. In SEC v. Rajaratnam, a
trial court judge ordered disclosure of all wiretaps conducted in a
criminal investigation, even though a court has yet to rule on the
recordings' legality or relevance.

Ordinarily, wiretap recordings introduced in a criminal must go through
a number of processes. These processes include minimization, in which
the calls are restricted such that only those containing incriminating
statements remain; and suppression hearings, in which the defendant may
argue that the wiretaps were illegally obtained and must be excluded.
Additionally, wiretap evidence, like all evidence, must be excluded if
it bears no relevance to the case. In this case, even though none of
those processes have been followed in the criminal case, a trial judge
ordered the defendants to turn over more than 18,000 wiretaps of their
personal and business conversations to the SEC in a related civil suit.

EPIC's brief, filed with the federal appeals court that agreed to hear
the matter, noted that "hundreds of thousands of individuals are
recorded on wiretaps every year," and "80% of those personal
communications are wholly unrelated to criminal activity." EPIC urged
the court to take note of the dramatic privacy harms that would take
place if this practice became widespread. Permitting this would allow
civil litigants to compromise the otherwise very strict restrictions on
the release of law enforcement wiretap recordings.

EPIC Brief in SEC v. Rajaratnam
     http://epic.org/amicus/EPIC_brief_Rajaratnam.pdf

EPIC Wiretapping
     http://epic.org/privacy/wiretap/
	
Securities and Exchange Commission
     http://www.sec.gov/


=======================================================================
[5] Government Wiretaps Up 26% in 2009
=======================================================================
     
The 2009 Wiretap Report has been released by the Administrative Office
of the United States Courts, and it reveals a significant increase in
federal and state court-authorized wiretaps in the last year. According
to the report, federal and state courts issued 2,376 orders for the
interception of wire, oral or electronic communications in 2009, up
from 1,891 in 2008, an increase of more than 25%. With the exception of
2008, the total number of authorized wiretaps has grown in each of the
past seven calendar years, and the number of orders authorized each
year has followed a general rising trend since 1982.

For the fourth year in a row, the report indicates that no applications
for electronic intercept orders under Title III of the Omnibus Crime
Control and Safe Streets Act of 1968 were denied by any court. In fact,
over the last two decades, only 5 such applications have been denied,
while more than 28,000 have been approved.

The overwhelming majority of the wiretaps were authorized for narcotics
investigations, and more than 95% of them were for mobile devices. The
statistics do not include interceptions regulated by the Foreign
Intelligence Surveillance Act or interceptions approved by the
President outside the exclusive authority of the federal wiretap law
and the FISA. Notably, despite widely available public encryption
tools, the report states that encryption was encountered in only a
single state wiretap, and that the encryption " did not prevent
officials from obtaining the plain text of the communications."

2009 Wiretap Report
     http://www.uscourts.gov/wiretap09/contents.html
	
EPIC: Wiretapping
     http://www.epic.org/privacy/wiretap
	
EPIC: Title III Order Statistics
     http://epic.org/privacy/wiretap/stats/wiretap_stats.html

EPIC: Title III Order Charts
     http://epic.org/privacy/wiretap/stats/wiretapping_graphs.html


=======================================================================
[6] News In Brief
=======================================================================

White House Issues Rules for Security Reporting

A new White House memo sets out the Federal Information Security
Management Act of 2002 standards for federal agencies. All agencies
must comply with the Act's standards and report security practices for
information under agency control. The standard also extends obligations
to agency contractors. By November 15, 2010, all agencies must be
capable of monitoring all information traffic on their networks; and
make reports to CyberScope, a platform launched last year to provide a
single government-wide security management tool for reports. The
Memorandum included requirements to respond to breaches of personal
information. Agency Inspectors General will provide oversight of agency
compliance with this Act.

White House Memo
     http://epic.org/privacy/cybersecurity/WH_memo_4-21.pdf
	
CyberScope Launch
     http://www.govinfosecurity.com/articles.php?art_id=1894
	
EPIC Cybersecurity
     http://epic.org/privacy/cybersecurity/



Advertising Privacy Bill Released

Representatives Rick Boucher (D, Va) and Cliff Stearns (R, Fl), the
Chairman and Ranking Member respectively of the House Subcommittee on
Communications, Technology, and the Internet, have released a draft
bill on internet consumer privacy. The bill seeks to provide
"meaningful privacy protections for Internet users" by mandating
disclosure of privacy practices, regulating the collection and use of
information, and requiring affirmative, opt-in consent for sharing of
information with unaffiliated third parties. The bill grants authority
to the Federal Trade Commission and state consumer protection agencies
to implement and enforce its requirements.

Rep. Boucher Press Release
     http://boucher.house.gov/index.php?option=com_content&id=1957
	
Draft Privacy Bill
     http://boucher.house.gov/images/stories/Privacy_Draft_5-10.pdf
	
Executive Summary
     http://www.epic.org/redirect/051010execsummary.html



Congress Passes Bill Banning Caller ID Spoofing

On April 15, the House of Representatives passed the Truth in Caller ID
Act of 2010, which bans the transmission of misleading or inaccurate
caller ID information, "with the intent to defraud, cause harm, or
wrongfully obtain anything of value." This change will affect "any real
time voice communications service, regardless of the technology or
network utilized." EPIC recommended this intent requirement in
testimony before the House in 2006 and 2007, and before the Senate in
2007 so that privacy techniques would be protected. This bill has
passed the Senate and will likely be enacted into law.

Truth in Caller ID Act of 2010
     http://www.epic.org/redirect/051010acttext.html

EPIC 2007 Senate Testimony
     http://epic.org/privacy/iei/s704test.pdf

EPIC 2007 House Testimony
     http://epic.org/privacy/iei/hr251test.pdf

EPIC 2006 House Testimony
     http://epic.org/privacy/iei/hr5126test.pdf

EPIC: Caller ID
     http://epic.org/privacy/caller_id/



American Library Association Launches Choose Privacy Week

The American Library Association's Office of Intellectual Freedom has
announced its first ever Choose Privacy Week, taking place May 2 - 8,
which invites library users into the conversation about privacy rights
in a digital age. The campaign gives libraries resources to educate and
engage users, and gives citizens the resources to think critically and
make informed choices about their privacy. In 2006, the American
Library Association Council decided to commence a national conversation
about privacy as an American value, and in 2008, the Open Society
Institute provided a 3-year, $350,000 seed grant for this initiative.
Association's initiative is in line with EPIC's work in raising
awareness of online privacy protection.

Choose Privacy Week Information and Resources
     http://www.privacyrevolution.org/

EPIC: Social Networking Privacy
     http://epic.org/privacy/socialnet/

EPIC: Children's Online Privacy
     http://epic.org/privacy/kids/default.html



=======================================================================
[7] EPIC Bookstore: "The Insider"
=======================================================================

"The Insider" by Reece Hirsch

Reece Hirsh's first book is an ambitious legal thriller that mixes the Sopranos
with John Grisham-style law firm intrigue. Hirsh even manages several
well-placed Godfather references and more than one shout-out to EPIC.

"The Insider" follows a very interesting and eventful week in the life
of one San Francisco firm lawyer. Will Connelly is a typical law firm
associate, gunning for partner and working on a large deal involving
the acquisition of an encryption software company. But after one of his
colleagues dies under very suspicious circumstances, Will is plunged
into the middle of a Russian mafia money-making scheme with far
reaching implications that include a dangerous terrorist plot against
San Francisco's public transit system.

Hirsh deftly develops an action packed storyline in which Will must
evade the Federal Government and the mafia (with a little help from
former EPIC employee, Claire Rowland). Along the way, Will discovers a
secret government program to install a backdoor decryption device in
the devices of unsuspecting Americans. Will and Claire race against
time to evade the mafia goons tracking them, to clear their names, and
to thwart the plans of a terrorist cell. 

This is a fast-paced thriller, with gripping action sequences,
interesting characters, and a fascinating and original government
conspiracy backdrop.


Fans can meet Hirsch at EPIC's June 2, 2010 Awards Dinner. For more 
information:  http://www.epic.org/june2/

--Ginger McCall

================================
EPIC Publications:

"Litigation Under the Federal Open Government Laws 2008," edited by
Harry A. Hammitt, Marc Rotenberg, John A. Verdi, and Mark S. Zaid
(EPIC 2008). Price: $60.

http://epic.org/bookstore/foia2008/
	
Litigation Under the Federal Open Government Laws is the most
comprehensive, authoritative discussion of the federal open access
laws. This updated version includes new material regarding the
substantial FOIA amendments enacted on December 31, 2007. Many of the
recent amendments are effective as of December 31, 2008. The standard
reference work includes in-depth analysis of litigation under Freedom
of Information Act, Privacy Act, Federal Advisory Committee Act,
Government in the Sunshine Act. The fully updated 2008 volume is the
24th edition of the manual that lawyers, journalists and researchers
have relied on for more than 25 years.

================================

"Information Privacy Law: Cases and Materials, Second Edition" Daniel
J. Solove, Marc Rotenberg, and Paul Schwartz. (Aspen 2005). Price: $98.

http://www.epic.org/redirect/aspen_ipl_casebook.html

This clear, comprehensive introduction to the field of information
privacy law allows instructors to enliven their teaching of fundamental
concepts by addressing both enduring and emerging controversies. The
Second Edition addresses numerous rapidly developing areas of privacy
law, including: identity theft, government data mining and electronic
surveillance law, the Foreign Intelligence Surveillance Act,
intelligence sharing, RFID tags, GPS, spyware, web bugs, and more.
Information Privacy Law, Second Edition, builds a cohesive foundation
for an exciting course in this rapidly evolving area of law.

================================

"Privacy & Human Rights 2006: An International Survey of Privacy Laws
and Developments" (EPIC 2007). Price: $75.
http://www.epic.org/phr06/

This annual report by EPIC and Privacy International provides an
overview of key privacy topics and reviews the state of privacy in over
75 countries around the world. The report outlines legal protections,
new challenges, and important issues and events relating to privacy.
Privacy & Human Rights 2006 is the most comprehensive report on privacy
and data protection ever published.

================================

"The Public Voice WSIS Sourcebook: Perspectives on the World Summit on
the Information Society" (EPIC 2004). Price: $40.

http://www.epic.org/bookstore/pvsourcebook

This resource promotes a dialogue on the issues, the outcomes, and the
process of the World Summit on the Information Society (WSIS). This
reference guide provides the official UN documents, regional and
issue-oriented perspectives, and recommendations and proposals for
future action, as well as a useful list of resources and contacts for
individuals and organizations that wish to become more involved in the
WSIS process.

================================

"The Privacy Law Sourcebook 2004: United States Law, International Law,
and Recent Developments," Marc Rotenberg, editor (EPIC 2005). Price:
$40.

http://www.epic.org/bookstore/pls2004/

The Privacy Law Sourcebook, which has been called the "Physician's Desk
Reference" of the privacy world, is the leading resource for students,
attorneys, researchers, and journalists interested in pursuing privacy
law in the United States and around the world. It includes the full
texts of major privacy laws and directives such as the Fair Credit
Reporting Act, the Privacy Act, and the OECD Privacy Guidelines, as
well as an up-to-date section on recent developments. New materials
include the APEC Privacy Framework, the Video Voyeurism Prevention Act,
and the CAN-SPAM Act.

================================

"Filters and Freedom 2.0: Free Speech Perspectives on Internet Content
Controls" (EPIC 2001). Price: $20.

http://www.epic.org/bookstore/filters2.0

A collection of essays, studies, and critiques of Internet content
filtering. These papers are instrumental in explaining why filtering
threatens free expression.

================================

EPIC publications and other books on privacy, open government, free
expression, crypto and governance can be ordered at:

EPIC Bookstore
http://www.epic.org/bookstore


================================

EPIC also publishes EPIC FOIA Notes, which provides brief summaries of
interesting documents obtained from government agencies under the
Freedom of Information Act.

Subscribe to EPIC FOIA Notes at:
https:/mailman.epic.org/mailman/listinfo/foia_notes


=======================================================================
[8] Upcoming Conferences and Events
=======================================================================

"Developing a Trusted Cyber-Infrastructure"
Toronto, ON, May 12, 2010
For more information:
http://www.ipsi.utoronto.ca/

EPIC Awards Dinner
June 2, 2010
Washington, DC
For more information:
http://www.epic.org/june2/

"Computers, Freedom, and Privacy"
San Jose, June 15-18, 2010.
For more information:
http://cfp.acm.org/wordpress/?p=6

"32nd Int'l Conference of Data Protection and Privacy Commissioners"
Jerusalem, October 2010.
For more information:
http://www.justice.gov.il/MOJEng/RashutTech/News/conference2010.htm

=======================================================================
Join EPIC on Facebook
=======================================================================

Join the Electronic Privacy Information Center on Facebook

http//facebook.com/epicprivacy

http://epic.org/facebook

Start a discussion on privacy. Let us know your thoughts.
Stay up to date with EPIC's events.
Support EPIC.


=======================================================================
Privacy Policy
=======================================================================

The EPIC Alert mailing list is used only to mail the EPIC Alert and to
send notices about EPIC activities. We do not sell, rent or share our
mailing list. We also intend to challenge any subpoena or other legal
process seeking access to our mailing list. We do not enhance (link to
other databases) our mailing list or require your actual name.

In the event you wish to subscribe or unsubscribe your e-mail address
from this list, please follow the above instructions under "subscription
information."


=======================================================================
About EPIC
=======================================================================

The Electronic Privacy Information Center is a public interest research
center in Washington, DC. It was established in 1994 to focus public
attention on emerging privacy issues such as the Clipper Chip, the
Digital Telephony proposal, national ID cards, medical record privacy,
and the collection and sale of personal information. EPIC publishes the
EPIC Alert, pursues Freedom of Information Act litigation, and conducts
policy research. For more information, see http://www.epic.org or write
EPIC, 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009. +1 202
483 1140 (tel), +1 202 483 1248 (fax).

=======================================================================
Donate to EPIC
=======================================================================

If you'd like to support the work of the Electronic Privacy Information
Center, contributions are welcome and fully tax-deductible. Checks
should be made out to "EPIC" and sent to 1718 Connecticut Ave., NW,
Suite 200, Washington, DC 20009. Or you can contribute online at:

http://www.epic.org/donate

Your contributions will help support Freedom of Information Act and
First Amendment litigation, strong and effective advocacy for the right
of privacy and efforts to oppose government regulation of encryption and
expanding wiretapping powers.

Thank you for your support.


=======================================================================
Subscription Information
=======================================================================

Subscribe/unsubscribe via web interface:
http://mailman.epic.org/mailman/listinfo/epic_news

Back issues are available at:
http://www.epic.org/alert


The EPIC Alert displays best in a fixed-width font, such as Courier.


------------------------- END EPIC Alert 17.01 ------------------------

.