EPIC Alert 17.14
======================================================================= E P I C A l e r t ======================================================================= Volume 17.14 July 22, 2010 ----------------------------------------------------------------------- Published by the Electronic Privacy Information Center (EPIC) Washington, D.C. http://www.epic.org/alert/epic_alert_1714.html "Defend Privacy. Support EPIC." http://epic.org/donate ======================================================================= Table of Contents ======================================================================= [1] EPIC Urges Court to Suspend DHS's Full Body Scanner Program [2] EPIC Testifies Before Congress on Smartgrid Privacy [3] EPIC Urges FTC to Strengthen Children's Privacy Rule [4] EPIC Testifies in Congress on Cybersecurity [5] EPIC Requests Records Regarding NSA's "Perfect Citizen" Program [6] Privacy Polls Pose Problems for DHS and Facebook [7] News in Brief [8] Upcoming Conferences and Events TAKE ACTION: Stop Airport Strip Searches! - JOIN Facebook Group "Stop Airport Strip Searches" and INVITE Friends - DISPLAY the IMAGE http://thepublicvoice.org/nakedmachine.jpg - SUPPORT EPIC http://www.epic.org/donate/ ======================================================================= [1] EPIC Urges Court to Suspend DHS's Full Body Scanner Program ======================================================================= EPIC has filed an emergency stay and a petition for review urging the District of Columbia Court of Appeals to suspend the Transportation Security Administration's (TSA) Full Body Scanner program. EPIC has criticized the body scanner program for its violations of passengers' rights under the Fourth Amendment, the Religious Freedom Restoration Act, and the Privacy Act. In addition, EPIC's filings demonstrate how TSA has failed to comply with its obligations under the Administrative Procedures Act. The TSA has consistently failed to respond to EPIC's concerns regarding the body scanner program. The TSA did not respond to an EPIC petition for public rulemaking in May 2009; in April 2010, EPIC again petitioned the TSA to suspend the program, but the TSA again failed to grant or deny EPIC's request. In addition, the TSA has misrepresented the capabilities of the body scanners in the past. The TSA initially claimed that the scanners were unable to save images of scanned passengers, which was later proven false by TSA photographs released under a FOIA request filed by EPIC. In response to EPIC's motion, the TSA filed an opposition. In its reply to TSA's opposition, EPIC highlighted the growing concerns amongst individuals and public interest groups in the United States regarding the body scanner program, as reported by USA Today and other papers. By escalating the body scanner program to a primary method of search, the TSA is subjecting passengers to overly invasive, dangerous methods of screening without cause. Such scans are also being inconsistently applied by the TSA, which has failed to consistently provide alternative screening methods. EPIC's efforts to suspend the deployment of the full body scanner program occur as USA Today reported in a front-page story growing opposition among travelers to the program. The article highlighted traveler opposition to full body scanners on both health and privacy grounds. EPIC: Petition for Review http://epic.org/privacy/litigation/EPIC_v_DHS_Petition.pdf EPIC: Motion for Emergency Stay of the Full Body Scanner Program http://epic.org/privacy/litigation/EPIC_v_DHS_Motion.pdf DHS: Opposition to EPIC's Motion for Emergency Stay http://epic.org/privacy/body_scanners/EPIC_Motion_DHS_Opp.pdf EPIC: Reply in EPIC v. DHS http://epic.org/privacy/backscatter/EPIC_reply_final.pdf EPIC and Coalition: Letter Urging House Committee on Homeland Security to Investigate DHS Privacy Office http://epic.org/security/DHS_CPO_Priv_Coal_Letter.pdf EPIC: Petition to DHS to Suspend FBS Program http://epic.org/privacy/airtravel/backscatter/petition_042110.pdf USA Today: Backlash Grows Against Full Body Scanners in Airports: http://www.epic.org/redirect/072210usatodayarticle.html ======================================================================= [2] EPIC Testifies Before Congress on Smartgrid Privacy ======================================================================= On July 1, 2010, Associate Director of EPIC Lillie Coney testified before the House Committee on Science and Technology's Subcommittee on Technology and Innovation. In her prepared remarks for the hearing, “Smart Grid Architecture and Standards: Assessing Coordination and Progress,” Ms. Coney made clear that the “basic architecture of the Smart Grid presents several thorny privacy issues.” Not only do smart meters and appliances transmitting user data wirelessly introduce threats to consumer privacy, the absence of strong security and privacy standards creates risk of identity theft, unauthorized access to personal data, and individual surveillance. The term “Smart Grid” encompasses a host of inter-related technologies rapidly moving into public use to reduce or better manage electricity consumption. These smart grid systems are multi-directional communications and energy transfer networks that enable electricity service providers, consumers, or third party energy management assistance programs to access consumption data. As such there are numerous privacy implications including identity theft, real-time surveillance, targeted home invasions, activity censorship, and profiling. On December 19, 2007, the Energy Independence and Security Act of 2007 was enacted as Public Law 110-140 and directed that Smart Grid technology be studied for its potential "to maintain a reliable and secure electricity infrastructure that can meet future demand growth." The National Institute of Standards and Technology is currently in charge of coordinating industry and governmental efforts to develop a common framework and interoperability standards. The Subcommittee Chairman David Wu (D-OR) recognized the importance of coordinating and setting interoperability standards that will ensure the security of a smart grid system. In a press release for the hearing, Representative Wu said that because of “the scale and complexity” of the nation's electric grid, it is “imperative that those involved in developing and using the smart grid share a common technical view-or framework-of the system.” EPIC previously submitted comments to the National Institute of Standards and Technology and to the Public Utility Commission of California on urging them to implement robust privacy protections in the Smart Grid. EPIC: The Smart Grid and Privacy http://epic.org/privacy/smartgrid/smartgrid.html Subcommittee Discusses Progress in Smart Grid Standards http://science.house.gov/press/PRArticle.aspx?NewsID=2873 EPIC: Comments to Subcommittee http://www.epic.org/redirect/072210smartgridtest.html EPIC: Comments to National Institute of Standards and Technology http://www.epic.org/redirect/072210smartgridcmmt.html Comments to the Public Utility of the State of California http://www.epic.org/redirect/072210epicsmgrdcmmts.html Energy Independence and Security Act of 2007 / Public Law 110-140 http://www.epic.org/redirect/072210energyact.html ======================================================================= [3] EPIC Urges FTC to Strengthen Children's Privacy Rule ======================================================================= On July 9, EPIC filed comments urging the Federal Trade Commission to improve the Children's Online Privacy Protection Act (COPPA) Rule. The COPPA Rule is the principal federal protection for children's privacy, and limits how companies may collect and disclose children's personal information. Currently, the COPPA Rule applies to operators of websites directed at or collecting information from children under 13 years old. It requires operators to post privacy policies, inform parents about data gathering practices, provide access to such data, and allow parents to opt-out of data collection entirely. In the comments, EPIC lauds the COPPA Rule for benefitting children, parents, and operators alike. However, changing technology has undermined aspects of it. "The need for the COPPA Rule has become increasingly urgent in light of new business practices and recent technological developments, such as social networking sites and mobile devices," EPIC wrote. "Existing provisions need to be strengthened and new provisions need to be added." EPIC makes several concrete recommendations. In particular, the burden of interpreting the operators' policies should be shifted from consumers to operators. The FTC should pursue COPPA violators with more vigor. And existing definitions should be updated to include new technologies like social networking sites and the accessibility of geolocation data. Furthermore, rather than preempting state laws, the "Rule should be structured to encourage state initiatives that protect children's privacy." In April, EPIC testified before Congress concerning children's privacy. Stressing that "the single biggest change impacting the privacy of children since the adoption of COPPA has been the emergence of social network services," Executive Director Marc Rotenberg called for Congress to update legislation and for the FTC to strengthen its enforcement of COPPA. Childrens' Online Privacy Protection Act Rule http://www.ftc.gov/privacy/privacyinitiatives/childrens.html EPIC: Comments on COPPA http://epic.org/privacy/ftc/COPPA_070910.pdf EPIC: April 2010 Congressional Testimony: http://epic.org/privacy/kids/EPIC_COPPA_Testimony_042910.pdf EPIC: COPPA http://epic.org/privacy/kids/ EPIC: FTC http://epic.org/privacy/internet/ftc/ ======================================================================= [4] EPIC Testifies in Congress on Cybersecurity ======================================================================= On Thursday, EPIC Executive Director Marc Rotenberg testified before the House Committee on Science and Technology on Planning for the Future of Cyber Attack Attribution. The hearing was one in a series that the Subcommittee on Technology & Innovation has held on ways to protect the US's cyber infrastructure. Prior to the hearing, the subcommittee expressed concern that the country's growing reliance on networks has made it more vulnerable to cyber attacks. The purpose of Thursday's hearing was to hear from experts about whether attribution technologies can play a role in deterring potential cyber aggressors. The subcommittee was also interested in how widespread deployment of attribution technologies might harm the anonymity and privacy of internet users. The witnesses at the hearing took a generally cautious stance on further deployment of attribution technologies. Robert Knake, an International Affairs Fellow at the Council on Foreign Relations, testified that the attribution problem has been overstated. In most cases, the source of an attack can be determined relatively and what is lacking are response options. Other witnesses noted that the ability to pinpoint a specific cyber assailant is not a realistic possibility in the foreseeable future and, even if it were, the privacy concerns raised by the solution would be untenable to many Americans. In his prepared statement, Mr. Rotenberg discussed how attribution requirements implicate human rights and online freedom, and questioned the constitutionality of such measures. He explained that while attribution requirements might be used to address cyber security concerns, they could also be used to track the activities of citizens and crack down on controversial political views, violating the First Amendment's right to speak anonymously. Mr. Rotenberg also pointed out that attribution will most likely fail to identify sophisticated cyber attackers who obscure their trail by routing their online activities through multiple countries. EPIC recommended that cybersecurity efforts continue to focus on improving security standards, deploying encryption, and requiring federal agencies to remain transparent as they develop cyber security policies. EPIC Testimony to House Committee on Science and Technology http://www.epic.org/redirect/072210epictestimony.html Hearing on Planning for the Future of Cyber Attack Attribution http://www.epic.org/redirect/072210househearing.html House Committee on Science and Technology http://science.house.gov/ EPIC: Cybersecurity Privacy Practical Implications http://epic.org/privacy/cybersecurity/ ======================================================================= [5] EPIC Requests Records Regarding NSA's "Perfect Citizen" Program ======================================================================= On July 15, 2010, EPIC filed a Freedom of Information Act request with the National Security Agency seeking records regarding its recently discovered "Perfect Citizen" surveillance program. "Perfect Citizen" was first revealed to the public in a July 8th Wall Street Journal articled entitled "U.S. Plans Cyber Shield for Utilities, Companies." According to the article's anonymous sources, the National Security Agency recently completed a contract with Raytheon Corporation for the initial phase of the program to develop "a set of sensors deployed in computer networks for critical infrastructure that would be triggered by unusual activity suggesting an impending cyber attack." Although one anonymous U.S. military official said the program's intrusion into privacy is "no greater than what the public already endures from traffic cameras," the article also quotes an internal email from Raytheon stating "Perfect Citizen is Big Brother." In response to the Wall Street Journal article, the National Security Agency released a short public statement, telling the press that the program is "purely a vulnerabilities-assessment and capabilities-development contract." The statement, from agency spokeswoman Judith Emmel, continued: "There is no monitoring activity involved, and no sensors are employed in this endeavor." In light of the conflict between this statement and the Wall Street Journal's third-party reporting, EPIC filed this Freedom of Information Act request to shed light on the true nature of the "Perfect Citizen" program. EPIC's request seeks copies of all contracts with the Raytheon Corporation, all analyses, and all legal memoranda regarding "Perfect Citizen." The controversy over "Perfect Citizen" comes as Congress considers legislation to establish a new model for cybersecurity in the United States. This legislation, if passed, would assign responsibility for cybersecurity with respect to civilian networks and "critical infrastructure" to the Department of Homeland Security rather than the Department of Defense, of which the National Security Agency is a part. The Department of Defense would retain cybersecurity authority over military networks. "Perfect Citizen" is being funded as part of the Comprehensive National Cybersecurity Initiative, a program the legal authority for which remains secret. EPIC is engaged in ongoing litigation with the National Security Agency over a previous Freedom of Information Act request to disclose the full text of the Comprehensive National Cybersecurity Initiative. EPIC is also seeking further information regarding classified statements about cybersecurity and privacy made by General Keith Alexander, director of the National Security Agency and commander of the U.S. Cyber Command. WSJ: U.S. Plans Cyber Shield for Utilities, Companies http://www.epic.org/redirect/072210wsjarticle.html NSA Denies It Will Spy on Utilities http://www.epic.org/redirect/072210nsadenial.html EPIC: EPIC v. NSA http://epic.org/privacy/nsa/epic_v_nsa.html EPIC: Cybersecurity http://epic.org/privacy/cybersecurity/default.html ======================================================================= [6] Privacy Polls Pose Problems for DHS and Facebook ======================================================================= Two new studies show DHS and Facebook performing miserably in the minds of consumers and the public as a whole. According to a new study by the Ponemon Institute, public trust in the United States government's commitment to protect privacy has fallen to a new all-time low with the average privacy trust score across the United States government at 38 percent, a 12 point drop from 50 percent in 2009. The least-trusted agencies were the National Security Agency, the Department of Homeland Security, and the Department of Justice, while the top-rated government entities included the Postal Service, the Federal Trade Commissions, and the Internal Revenue Service. A study by Foresee Results and the University of Michigan also show Facebook struggling with consumer confidence issues in the privacy area, scoring a measly 64. The score puts Facebook "in the bottom 5 percent of all measured private sector companies and in the same range as airlines and cable companies." The polling company attributed Facebook's low scores to "privacy concerns, frequent changes to the website, and commercialization and advertising." Both polls indicate the value of privacy to citizens and highlight trust as an issue that both government and private companies must address. The Ponemon Institute Study http://www.epic.org/redirect/072210privacystudy.html The study by Foresee Results and the University of Michigan on Facebook http://www.epic.org/redirect/072210facebook.html EPIC: Public Opinion on Privacy http://epic.org/privacy/survey/ EPIC: Facebook Privacy http://epic.org/privacy/facebook/ ======================================================================= [7] News in Brief ======================================================================= Federal Trade Commission Invites Public Comment on Twitter Settlement The Federal Trade Commission is calling for public comments on the recent Twitter Settlement. The Commission's complaint against Twitter charged that "serious lapses in the company's data security allowed hackers to obtain administrative control of Twitter." The Federal Trade Commission found that the lax practices allowed access to nonpublic tweets even though the company assured users in its privacy policy that it was "very concerned about safeguarding the confidentiality of your personally identifiable information." Under the terms of the settlement, "Twitter will be barred for 20 years from misleading consumers about the extent to which it maintains and protects the security, privacy, and confidentiality of nonpublic consumer information." Comments are due on July 26, 2009, and may be submitted electronically or in paper form. Federal Trade Commission Press Release http://www.ftc.gov/opa/2010/06/twitter.shtm Federal Trade Commission Call for Comments http://www.box.net/shared/sf9c9atsei Twitter Settlement http://ftc.gov/os/caselist/0923093/100624twitteragree.pdf Federal Trade Commission Complaint http://ftc.gov/os/caselist/0923093/100624twittercmpt.pdf EPIC: Social Networking Privacy http://epic.org/privacy/socialnet/ EPIC Seeks DHS Records on Body Scanner Health Impacts: EPIC filed a Freedom of Information Act request with the Department of Homeland Security for studies conducted by the agency and third parties concerning radiation and health testing of body scanners. The EPIC request follows a recent report by Dr. David Brenner to the Congressional Biomedical Caucus that radiation exposure may be up to twenty times greater than the DHS acknowledged. In April 2010, several scientists urged Presidential Science Adviser Dr. John P. Holdren to conduct further evaluation of the health risks of body scanners. EPIC is pursuing FOIA litigation against the DHS regarding full body scanners, and has also filed a lawsuit to halt the use of the devices. EPIC Freedom of Information Act Request http://epic.org/privacy/backscatter/Body_Scanner_Radiation_FOIA.pdf EPIC v. DHS http://epic.org/privacy/airtravel/backscatter/epic_v_dhs.html EPIC: Whole Body Imaging Technology (Body Scanners) http://epic.org/privacy/airtravel/backscatter/ Brenner Report http://blip.tv/file/3379880 Holdren Letter of Concern http://www.npr.org/assets/news/2010/05/17/concern.pdf Federal Court to Hear Oral Argument in Wiretap Abuse Case On July 8, a federal court in New York heard oral arguments in SEC v. Galleon, a case involving the disclosure of federal wiretap recordings. EPIC filed a "friend of the court" brief, urging the court to protect the privacy of innocent individuals who were inadvertently recorded on the wiretaps. A trial court judge ordered disclosure of all wiretaps conducted in a criminal investigation, even though no court has ruled on the recordings' legality or relevance. EPIC noted that "hundreds of thousands of individuals are recorded on wiretaps every year," and "80% of those personal communications are wholly unrelated to criminal activity." EPIC: SEC v. Galleon http://epic.org/amicus/sec_v_galleon.html EPIC: Amicus Brief in SEC v. Galleon http://epic.org/amicus/EPIC_brief_Rajaratnam.pdf EPIC: Wiretapping http://epic.org/privacy/wiretap/ United States Court of Appeals for the Second Circuit http://www.ca2.uscourts.gov/ ======================================================================= ================================ EPIC Publications: "Litigation Under the Federal Open Government Laws 2008," edited by Harry A. Hammitt, Marc Rotenberg, John A. Verdi, and Mark S. Zaid (EPIC 2008). Price: $60. http://epic.org/bookstore/foia2008/ Litigation Under the Federal Open Government Laws is the most comprehensive, authoritative discussion of the federal open access laws. This updated version includes new material regarding the substantial FOIA amendments enacted on December 31, 2007. Many of the recent amendments are effective as of December 31, 2008. The standard reference work includes in-depth analysis of litigation under Freedom of Information Act, Privacy Act, Federal Advisory Committee Act, Government in the Sunshine Act. The fully updated 2008 volume is the 24th edition of the manual that lawyers, journalists and researchers have relied on for more than 25 years. ================================ "Information Privacy Law: Cases and Materials, Second Edition" Daniel J. Solove, Marc Rotenberg, and Paul Schwartz. (Aspen 2005). Price: $98. http://www.epic.org/redirect/aspen_ipl_casebook.html This clear, comprehensive introduction to the field of information privacy law allows instructors to enliven their teaching of fundamental concepts by addressing both enduring and emerging controversies. The Second Edition addresses numerous rapidly developing areas of privacy law, including: identity theft, government data mining and electronic surveillance law, the Foreign Intelligence Surveillance Act, intelligence sharing, RFID tags, GPS, spyware, web bugs, and more. Information Privacy Law, Second Edition, builds a cohesive foundation for an exciting course in this rapidly evolving area of law. ================================ "Privacy & Human Rights 2006: An International Survey of Privacy Laws and Developments" (EPIC 2007). Price: $75. http://www.epic.org/phr06/ This annual report by EPIC and Privacy International provides an overview of key privacy topics and reviews the state of privacy in over 75 countries around the world. The report outlines legal protections, new challenges, and important issues and events relating to privacy. Privacy & Human Rights 2006 is the most comprehensive report on privacy and data protection ever published. ================================ "The Public Voice WSIS Sourcebook: Perspectives on the World Summit on the Information Society" (EPIC 2004). Price: $40. http://www.epic.org/bookstore/pvsourcebook This resource promotes a dialogue on the issues, the outcomes, and the process of the World Summit on the Information Society (WSIS). This reference guide provides the official UN documents, regional and issue-oriented perspectives, and recommendations and proposals for future action, as well as a useful list of resources and contacts for individuals and organizations that wish to become more involved in the WSIS process. ================================ "The Privacy Law Sourcebook 2004: United States Law, International Law, and Recent Developments," Marc Rotenberg, editor (EPIC 2005). Price: $40. http://www.epic.org/bookstore/pls2004/ The Privacy Law Sourcebook, which has been called the "Physician's Desk Reference" of the privacy world, is the leading resource for students, attorneys, researchers, and journalists interested in pursuing privacy law in the United States and around the world. It includes the full texts of major privacy laws and directives such as the Fair Credit Reporting Act, the Privacy Act, and the OECD Privacy Guidelines, as well as an up-to-date section on recent developments. New materials include the APEC Privacy Framework, the Video Voyeurism Prevention Act, and the CAN-SPAM Act. ================================ "Filters and Freedom 2.0: Free Speech Perspectives on Internet Content Controls" (EPIC 2001). Price: $20. http://www.epic.org/bookstore/filters2.0 A collection of essays, studies, and critiques of Internet content filtering. These papers are instrumental in explaining why filtering threatens free expression. ================================ EPIC publications and other books on privacy, open government, free expression, crypto and governance can be ordered at: EPIC Bookstore http://www.epic.org/bookstore ================================ EPIC also publishes EPIC FOIA Notes, which provides brief summaries of interesting documents obtained from government agencies under the Freedom of Information Act. Subscribe to EPIC FOIA Notes at: https:/mailman.epic.org/mailman/listinfo/foia_notes ======================================================================= [8] Upcoming Conferences and Events ======================================================================= Privacy and Identity Management for Life (PrimeLife/IFIP Summer School 2010) Helsingborg, Sweden, August 2-6, 2010. For more information: http://www.cs.kau.se/IFIP-summerschool/ Privacy and Security in the Future Internet 3rd Network and Information Security (NIS'10) Summer School Crete, Greece, September 13-17 2010. For more information: http://www.nis-summer-school.eu Internet Governance Forum 2010 Vilnius, Lithuania, 14-16 September 2010. For more information: http://igf2010.lt/ "32nd Int'l Conference of Data Protection and Privacy Commissioners" Jerusalem, October 2010. For more information: http://www.justice.gov.il/MOJEng/RashutTech/News/conference2010.htm ======================================================================= Join EPIC on Facebook ======================================================================= Join the Electronic Privacy Information Center on Facebook http//facebook.com/epicprivacy http://epic.org/facebook Start a discussion on privacy. Let us know your thoughts. Stay up to date with EPIC's events. Support EPIC. ======================================================================= Privacy Policy ======================================================================= The EPIC Alert mailing list is used only to mail the EPIC Alert and to send notices about EPIC activities. We do not sell, rent or share our mailing list. We also intend to challenge any subpoena or other legal process seeking access to our mailing list. We do not enhance (link to other databases) our mailing list or require your actual name. In the event you wish to subscribe or unsubscribe your e-mail address from this list, please follow the above instructions under "subscription information." ======================================================================= About EPIC ======================================================================= The Electronic Privacy Information Center is a public interest research center in Washington, DC. It was established in 1994 to focus public attention on emerging privacy issues such as the Clipper Chip, the Digital Telephony proposal, national ID cards, medical record privacy, and the collection and sale of personal information. EPIC publishes the EPIC Alert, pursues Freedom of Information Act litigation, and conducts policy research. For more information, see http://www.epic.org or write EPIC, 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009. +1 202 483 1140 (tel), +1 202 483 1248 (fax). ======================================================================= Donate to EPIC ======================================================================= If you'd like to support the work of the Electronic Privacy Information Center, contributions are welcome and fully tax-deductible. Checks should be made out to "EPIC" and sent to 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009. Or you can contribute online at: http://www.epic.org/donate Your contributions will help support Freedom of Information Act and First Amendment litigation, strong and effective advocacy for the right of privacy and efforts to oppose government regulation of encryption and expanding wiretapping powers. Thank you for your support. ======================================================================= Subscription Information ======================================================================= Subscribe/unsubscribe via web interface: http://mailman.epic.org/mailman/listinfo/epic_news Back issues are available at: http://www.epic.org/alert The EPIC Alert displays best in a fixed-width font, such as Courier. ------------------------- END EPIC Alert 17.14 ------------------------ .
Share this page:
Subscribe to the EPIC Alert
The EPIC Alert is a biweekly newsletter highlighting emerging privacy issues.