Focusing public attention on emerging privacy and civil liberties issues

EPIC Alert 17.10


=======================================================================
                            E P I C   A l e r t
=======================================================================
Volume 17.10                                              May 21, 2010
-----------------------------------------------------------------------

                           Published by the
               Electronic Privacy Information Center (EPIC)
                           Washington, D.C.

              http://www.epic.org/alert/epic_alert_1710.html

		      "Defend Privacy. Support EPIC."
			   http://epic.org/donate
			
			 EPIC Awards Dinner
                            June 2, 2010
                           Washington, DC
                     http://www.epic.org/june2/
                       REGISTRATION DEADLINE:
                           May 25, 2010
=======================================================================
Table of Contents
=======================================================================
[1] Google Reveals that "Street View" Scarfed Wi-Fi Data
[2] Senate Unanimously Passes Faster FOIA Act of 2010
[3] EPIC Opposes Efforts to Limit the Privacy Act
[4] President Obama Nominates Elena Kagan for Supreme Court 
[5] EPIC Urges New Jersey Supreme Court to Safeguard Privacy
[6] News in Brief
[7] EPIC Bookstore: Film Review: "Erasing David"
[8] Upcoming Conferences and Events


TAKE ACTION: Stop Airport Strip Searches!
- JOIN Facebook Group "Stop Airport Strip Searches" and INVITE Friends
- DISPLAY the IMAGE http://thepublicvoice.org/nakedmachine.jpg
- SUPPORT EPIC http://www.epic.org/donate/

=======================================================================
[1] Google Reveals that "Street View" Scarfed Wi-Fi Data
=======================================================================

Google has admitted that its Google Street View vehicles have been
capturing wireless internet data for years, while they have been
mapping the streets of more than 30 countries. In multiple previous
discussions and questions about the Street View program and privacy, no
disclosure of Wi-Fi data collection was ever made. Nevertheless, it has
now become clear that Google was capturing both metadata and content,
or payload data, from all open networks as the cars drove by.

The news of Google's Wi-Fi scanning was broken by Peter Schaar, the
German Commissioner for Data Protection and Freedom of Information, who
discovered that the vehicles were scanning networks to compile a
database of networks and their physical locations for use in their
location-aware products. Schaar demanded a full audit of the data
Google was collecting and the immediate removal of the scanners from
the cars.

As part of the audit, it was revealed that not only was Google mapping
the physical locations of the networks, but that the vehicles were
capturing payload data, meaning all unencrypted data flowing on those
networks. Whatever internet traffic that was taking place on a given
network as the Street View vehicle drove past was captured and stored
by Google.

Since the admission, Congressmen Joe Barton (R-TX) and Ed Markey (D-MA)
wrote a letter to Federal Trade Commission Chairman Jon Leibowitz
regarding the collection, asking the commission to investigate whether
Google's actions violate federal privacy laws or consumer protection
laws. Additionally, German prosecutors have launched a criminal
investigation.

EPIC wrote  to FCC Chairman Julius Genachowski to recommend that the
Commission open an investigation into the consumer data collected from
wi-fi hotspots by Google Street View.  In the letter,  EPIC stated that
Google routinely and secretly  intercepted and stored user
communications  data and routinely and secretly intercepted and stored
private  communications hotspots. EPIC said that this conduct appears
to violate federal wiretap laws and asked the Commission to begin an
investigation. EPIC noted that "The Commission plays a critical role 
in safeguarding the integrity of communications networks and the
privacy of American consumers." 

Press release from German Commissioner for Data Protection
     http://www.epic.org/redirect/052110germanpressrelease.html

Google's admission regarding payload data
     http://www.epic.org/redirect/052110googleadmission.html

Representatives' Letter to Chairman Leibowitz
     http://www.epic.org/redirect/052110repsletter.html

EPIC: Letter to FCC Chairman Regarding Google Street View
     http://epic.org/privacy/ftc/google/EPIC_StreetView_FCC_Letter.pdf


=======================================================================
[2] Senate Unanimously Passes Faster FOIA Act of 2010
=======================================================================

The Senate unanimously passed the Faster FOIA Act of 2010, introduced
by Senators Patrick Leahy (D-VT) and John Cornyn (R-TX).  The
legislation seeks to improve the processing of Freedom of Information
Act (FOIA) requests by establishing a 16-member commission to study
methods for reducing delays in processing FOIA requests.

Government reports reveal substantial delays in disclosing records
subject to the open government law, sometimes as long as fifteen years.
President Obama's recent Open Government Directive requires agencies to
put forth plans to reduce agency FOIA request backlogs by 10% each
year.

The commission created by the Faster FOIA Act will also be responsible
for examining the current FOIA fee structure and granting fee waivers
for FOIA requestors. Fees are often the subject of prolonged FOIA
appeals and litigation against agencies.

EPIC frequently uses the FOIA to obtain information about government
programs that impact privacy rights.  EPIC has several ongoing FOIA
cases, involving whole body imaging, national security letters, and
Inspector General's reports. 

The Faster FOIA Act of 2010
     http://www.epic.org/redirect/052110fasterfoiaact.html

Department of Justice: Annual FOIA Reports
     http://www.justice.gov/oip/04_6.html

EPIC: FOIA Litigation Docket
     http://epic.org/privacy/litigation/

EPIC: FOIA Litigation Manual
     http://epic.org/bookstore/foia2008/default.html


=======================================================================
[3] EPIC Opposes Efforts to Limit the Privacy Act
=======================================================================

EPIC has filed comments with the Office of the Director of National
Intelligence (ODNI) in response to a Federal Register notice and
proposed rule-making to establish fourteen new databases. The new
systems of records include such databases as the Executive Secretary
Action Management System Records, the Public Affairs Office Records,
the Office of General Counsel Records, and the Civil Liberties and
Privacy Office Complaint Records.

Ordinarily, such records held by a federal agency and containing data
on American citizens would be subject to the Privacy Act of 1974, which
provides a number of protections. These protections include the ability
of covered individuals to access information stored about them and a
mechanism by which people may submit corrections to inaccurate
information in their files. However, as part of its proposed
rule-making, the ODNI indicated its plan to exempt all fourteen new
databases from a number of vital Privacy Act provisions.

EPIC's comments sought to convince the agency that these exemptions
were contrary to the intent of the Privacy Act, and that the Act's
purpose, as the Senate report stated, is "to promote accountability,
responsibility, legislative oversight, and open government with respect
to the use of computer technology in the personal information systems
data banks of the Federal Government." EPIC drew particular attention
to the fact that exempting the complaint records of the Civil Liberties
and Privacy Office would "prevent effective oversight of the agency’s
own handling of privacy-related complaints."

EPIC: Comments
     http://epic.org/privacy/ODNI_Comments_2010-05-12.pdf

ODNI: Federal Register Notice
     http://www.epic.org/redirect/052110federalregisternotice.html

ODNI Proposed Rulemaking
     http://www.epic.org/redirect/052110proposedrulemkg.html

EPIC, The Privacy Act of 1974
     http://epic.org/privacy/1974act/


=======================================================================
[4] President Obama Nominates Elena Kagan for Supreme Court 
=======================================================================

President Obama has nominated Solicitor General Elena Kagan for the
seat on the United States Supreme Court that will be vacated by
Associate Justice John Paul Stevens when the term ends this June.
Justice Stevens served as a justice for 35 years, and participated in
many important privacy cases. Kagan, the former dean of Harvard Law
School, wrote about the Supreme Court confirmation process in 1995 that
Senators should insist on "evoking a nominee's comments on particular
issues—involving privacy rights, free speech, race and gender
discrimination, and so forth—that the Court regularly faces."

Elena Kagan was confirmed by the U.S. Senate to serve as Solicitor
General on March 19, 2009 and is expected to be confirmed by the Senate
to serve on the Supreme Court.  Her nomination if successful would
place the most number of women on the Supreme Court serving at the same
time to three out of 9 members.  Kagan served as a clerk for
fomer-Supreme Court Justice Thurgood Marshall and also as a counsel in
the Clinton White House.

Law Library of Congress, Materials By and About Elena Kagan
     http://www.loc.gov/law/find/kagan.php

The Supreme Court of the United States
     http://www.supremecourt.gov/

EPIC: Justice Stevens' Legacy
     http://epic.org/privacy/justice_stevens.html


=======================================================================
[5] EPIC Urges New Jersey Supreme Court to Safeguard Privacy
=======================================================================

EPIC has filed a "friend of the court" brief, urging the New Jersey
Supreme Court preserve the value of expungement and allow a privacy
case to go forward. In G.D. v. Kenny, a New Jersey court dismissed a
privacy claim involving publication of information about a prior
criminal act, even though the state had issued an expungement order.
The lower court held that truth was a defense not only to defamation
claims, which has historically been the dominant legal rule, but also
to privacy torts, where this has not been the case.

EPIC's brief urges the state supreme court to overrule the lower court
and allow the privacy claim to move forward, because the truth of
released information does not reduce, and may in fact enhance, the harm
that one suffers from its disclosure. It reminds the court that the law
affords protection to private citizens who wish to keep aspects of
their lives private.

In the brief, EPIC notes that "data mining companies ignore judicial
determinations and attempt to make conviction records live forever."
EPIC's brief also argues that "after someone has been rehabilitated,
having paid the prescribed debt to society, he or she should not be
penalized in perpetuity."

The brief was filed with co-counsel Grayson Barber, a New Jersey
attorney specializing in privacy and open government issues.

EPIC: Brief in G.D. v. Kenny
     http://epic.org/amicus/KennyMeritsBrief.pdf

EPIC, G.D. v. Kenny
     http://epic.org/amicus/gd_v_kenny.html

EPIC Expungement
     http://epic.org/privacy/expungement/


=======================================================================
[6] News In Brief
=======================================================================

Report Says School Officials At Fault in High School Spycam Episode

An independent report finds the Lower Merion School District at fault
for the remote monitoring of laptop computers that the District issued
to high school students. The report followed a complaint filed by Blake
J. Robbins, a student at Harriton High School, alleging that school
officials used the laptops to spy on students. The report concluded
that 30,564 webcam photographs and 27,428 screen shot images were
captured because of "the District's failure to implement policies,
procedures, and record-keeping requirements and the overzealous and
questionable use of technology" by personnel "without any apparent
regard for privacy considerations or sufficient consultation with
administrators." 

Ballard Spahr Report
     http://lmsd.org/documents/news/100503_ballard_spahr_report.pdf

Robbins v. Lower Merion School District, Complaint
     http://safekids.com/robbins17.pdf

EPIC: Student Privacy
     http://epic.org/privacy/student/



Social Networking Companies Leak User Data

Facebook, MySpace and several other social-networking sites have
admitted to sending user information to advertising companies that
could be used to find consumers' names and other personal details. This
is contradictory to the sites' promises that they will not share user
information without the users' consent. After questions were raised by
The Wall Street Journal, Facebook and MySpace moved to make changes. By
Thursday morning Facebook had rewritten some of the offending computer
code. EPIC has two pending complaints to the Federal Trade Commission
regarding Facebook's unfair and deceptive trade practice of sharing
user information and changing its privacy policy.

EPIC: Facebook Privacy
     http://epic.org/privacy/facebook/

EPIC: Social Networking Privacy
     http://epic.org/privacy/socialnet/

EPIC: In re Facebook II
     http://epic.org/privacy/facebook/in_re_facebook_ii.html



Letter Results in Meeting with White House Cybersecurity Coordinator

EPIC, joined by over 30 organizations, launched a campaign to obtain a
meeting with Howard Schmidt, the White House Cybersecurity Coordinator.
Groups joining the letter included the ACLU, American Library
Association, Bill of Rights Defense Committee, Liberty Coalition,
NAACP, OpenTheGovernment.org, and the Lawyers Committee for Civil
Rights Under Law. The White House has agreed to the meeting, which
follows Senate confirmation of Keith B. Alexander, director of the
National Security Agency, to lead the U.S Cyber Command. Civil society
organizations have expressed concern about the growing role of the NSA
in cyber security. EPIC is currently in litigation with the NSA to
obtain the secret policy for NSA surveillance authority.

EPIC: Letter to Howard Schmidt
     http://www.epic.org/redirect/052110lettertoschmidt.html

Confirmation of Keith B. Alexander
     http://www.epic.org/redirect/052110confirmation.html

EPIC: Cybersecurity Privacy: Practical Implications
     http://epic.org/privacy/cybersecurity/

EPIC Sues NSA to Force Disclosure of Cybersecurity Authority
     http://epic.org/2010/02/epic-sues-nsa-to-force-disclos.html

=======================================================================
[7] EPIC Bookstore: Film Review: "Erasing David"
=======================================================================
Documentary: "Erasing David"

Erasing David is a recent documentary produced by the United Kingdom's
Channel 4, which follows director David Bond as he attempts to
disappear for 30 days in modern England. Bond describes the UK as "one
of the top three surveillance states in the world--third only to China
and Russia." To determine the extent of this surveillance, he embarks
on a number of projects. Primary to the film's narrative structure is
his attempt to go off the grid and evade a pair of private
investigators for 30 days, in a project very similar to that undertaken
by Wired magazine's Evan Ratliff, who attempted the same feat in the
United States, tracked by readers seeking to claim a $5000 prize
(Ratliff appears to have made his attempt after Bond, but before the
release of the film).

The footage Bond filmed of himself on the run is interspersed with
footage of the private investigators as they use various methods to
track him down, along with film from before the experiment, in which
Bond discusses his concerns with his wife and with various privacy
experts. Much of this pre-flight footage makes up the most interesting
parts of the film, both because of Bond's conversations with his wife,
who is comparatively unconcerned about the growing mountains of data
being collected about them and their young daughter, and because of
Bond's gradual realization that the problem is larger than he expected.

One excellent scene shows Bond playing with his daughter amidst stacks
of paper that he has obtained under the UK's Data Protection Act of
1998, which operates somewhat like the Privacy Act in the United
States, although it applies to private companies as well as government
organizations and requires them to provide all personal information on
a person upon request. He points to each stack and tells the
two-year-old at his knee which one is from the bank, which one is from
the government, and which is from private companies. The fourth stack,
of course, is all the data that already exists on young Ivy.

While the film misses some opportunities to highlight and delve into
the active surveillance that many modern people face, and spends less
time with state surveillance than the introduction would imply (Bond
himself notes that he must rely on private investigators because he
cannot get the state to actively track him down unless he commits a
crime), it still provides an excellent opportunity to show viewers how
much information is available, and how easily it may be obtained. The
most striking moment comes at the end of the film, after the experiment
has ended, when Bond and his wife are invited into the investigators'
office to examine the documents, photographs, and information about
them pinned to a wall. Visibly shaken, Bond leaves the room after only
a few minutes, and viewers are left to wonder how many walls their own
data would cover.

--Jared Kaprove

================================
EPIC Publications:

"Litigation Under the Federal Open Government Laws 2008," edited by
Harry A. Hammitt, Marc Rotenberg, John A. Verdi, and Mark S. Zaid
(EPIC 2008). Price: $60.

http://epic.org/bookstore/foia2008/
	
Litigation Under the Federal Open Government Laws is the most
comprehensive, authoritative discussion of the federal open access
laws. This updated version includes new material regarding the
substantial FOIA amendments enacted on December 31, 2007. Many of the
recent amendments are effective as of December 31, 2008. The standard
reference work includes in-depth analysis of litigation under Freedom
of Information Act, Privacy Act, Federal Advisory Committee Act,
Government in the Sunshine Act. The fully updated 2008 volume is the
24th edition of the manual that lawyers, journalists and researchers
have relied on for more than 25 years.

================================

"Information Privacy Law: Cases and Materials, Second Edition" Daniel
J. Solove, Marc Rotenberg, and Paul Schwartz. (Aspen 2005). Price: $98.

http://www.epic.org/redirect/aspen_ipl_casebook.html

This clear, comprehensive introduction to the field of information
privacy law allows instructors to enliven their teaching of fundamental
concepts by addressing both enduring and emerging controversies. The
Second Edition addresses numerous rapidly developing areas of privacy
law, including: identity theft, government data mining and electronic
surveillance law, the Foreign Intelligence Surveillance Act,
intelligence sharing, RFID tags, GPS, spyware, web bugs, and more.
Information Privacy Law, Second Edition, builds a cohesive foundation
for an exciting course in this rapidly evolving area of law.

================================

"Privacy & Human Rights 2006: An International Survey of Privacy Laws
and Developments" (EPIC 2007). Price: $75.
http://www.epic.org/phr06/

This annual report by EPIC and Privacy International provides an
overview of key privacy topics and reviews the state of privacy in over
75 countries around the world. The report outlines legal protections,
new challenges, and important issues and events relating to privacy.
Privacy & Human Rights 2006 is the most comprehensive report on privacy
and data protection ever published.

================================

"The Public Voice WSIS Sourcebook: Perspectives on the World Summit on
the Information Society" (EPIC 2004). Price: $40.

http://www.epic.org/bookstore/pvsourcebook

This resource promotes a dialogue on the issues, the outcomes, and the
process of the World Summit on the Information Society (WSIS). This
reference guide provides the official UN documents, regional and
issue-oriented perspectives, and recommendations and proposals for
future action, as well as a useful list of resources and contacts for
individuals and organizations that wish to become more involved in the
WSIS process.

================================

"The Privacy Law Sourcebook 2004: United States Law, International Law,
and Recent Developments," Marc Rotenberg, editor (EPIC 2005). Price:
$40.

http://www.epic.org/bookstore/pls2004/

The Privacy Law Sourcebook, which has been called the "Physician's Desk
Reference" of the privacy world, is the leading resource for students,
attorneys, researchers, and journalists interested in pursuing privacy
law in the United States and around the world. It includes the full
texts of major privacy laws and directives such as the Fair Credit
Reporting Act, the Privacy Act, and the OECD Privacy Guidelines, as
well as an up-to-date section on recent developments. New materials
include the APEC Privacy Framework, the Video Voyeurism Prevention Act,
and the CAN-SPAM Act.

================================

"Filters and Freedom 2.0: Free Speech Perspectives on Internet Content
Controls" (EPIC 2001). Price: $20.

http://www.epic.org/bookstore/filters2.0

A collection of essays, studies, and critiques of Internet content
filtering. These papers are instrumental in explaining why filtering
threatens free expression.

================================

EPIC publications and other books on privacy, open government, free
expression, crypto and governance can be ordered at:

EPIC Bookstore
http://www.epic.org/bookstore


================================

EPIC also publishes EPIC FOIA Notes, which provides brief summaries of
interesting documents obtained from government agencies under the
Freedom of Information Act.

Subscribe to EPIC FOIA Notes at:
https:/mailman.epic.org/mailman/listinfo/foia_notes


=======================================================================
[8] Upcoming Conferences and Events
========================================================================

EPIC Awards Dinner
June 2, 2010
Washington, DC
For more information:
http://www.epic.org/june2/

"Computers, Freedom, and Privacy"
San Jose, June 15-18, 2010.
For more information:
http://cfp.acm.org/wordpress/?p=6

"32nd Int'l Conference of Data Protection and Privacy Commissioners"
Jerusalem, October 2010.
For more information:
http://www.justice.gov.il/MOJEng/RashutTech/News/conference2010.htm

=======================================================================
Join EPIC on Facebook
=======================================================================

Join the Electronic Privacy Information Center on Facebook

http//facebook.com/epicprivacy

http://epic.org/facebook

Start a discussion on privacy. Let us know your thoughts.
Stay up to date with EPIC's events.
Support EPIC.


=======================================================================
Privacy Policy
=======================================================================

The EPIC Alert mailing list is used only to mail the EPIC Alert and to
send notices about EPIC activities. We do not sell, rent or share our
mailing list. We also intend to challenge any subpoena or other legal
process seeking access to our mailing list. We do not enhance (link to
other databases) our mailing list or require your actual name.

In the event you wish to subscribe or unsubscribe your e-mail address
from this list, please follow the above instructions under "subscription
information."


=======================================================================
About EPIC
=======================================================================

The Electronic Privacy Information Center is a public interest research
center in Washington, DC. It was established in 1994 to focus public
attention on emerging privacy issues such as the Clipper Chip, the
Digital Telephony proposal, national ID cards, medical record privacy,
and the collection and sale of personal information. EPIC publishes the
EPIC Alert, pursues Freedom of Information Act litigation, and conducts
policy research. For more information, see http://www.epic.org or write
EPIC, 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009. +1 202
483 1140 (tel), +1 202 483 1248 (fax).

=======================================================================
Donate to EPIC
=======================================================================

If you'd like to support the work of the Electronic Privacy Information
Center, contributions are welcome and fully tax-deductible. Checks
should be made out to "EPIC" and sent to 1718 Connecticut Ave., NW,
Suite 200, Washington, DC 20009. Or you can contribute online at:

http://www.epic.org/donate

Your contributions will help support Freedom of Information Act and
First Amendment litigation, strong and effective advocacy for the right
of privacy and efforts to oppose government regulation of encryption and
expanding wiretapping powers.

Thank you for your support.


=======================================================================
Subscription Information
=======================================================================

Subscribe/unsubscribe via web interface:
http://mailman.epic.org/mailman/listinfo/epic_news

Back issues are available at:
http://www.epic.org/alert


The EPIC Alert displays best in a fixed-width font, such as Courier.


------------------------- END EPIC Alert 17.10 ------------------------

.