Focusing public attention on emerging privacy and civil liberties issues

EPIC Alert 18.14

======================================================================= E P I C A l e r t ======================================================================= Volume 18.14 July 19, 2011 ----------------------------------------------------------------------- Published by the Electronic Privacy Information Center (EPIC) Washington, D.C. http://www.epic.org/alert/epic_alert_1814.html "Defend Privacy. Support EPIC." http://epic.org/donate ======================================================================= Table of Contents ======================================================================= [1] US Appeals Court: TSA Violated Federal Law on Body Scanners [2] EPIC Testifies in Congress Against Data Retention [3] EPIC v. NSA: FOIA Cybersecurity Lawsuit Goes Forward [4] FCC Confirms Google Street View Investigation [5] Court-Approved Wiretaps Reach a New All-Time High [6] News in Brief [7] EPIC Book Review: "Digital Dead End" [8] Upcoming Conferences and Events TAKE ACTION: Facebook Privacy 2011! - READ EPIC's complaint to FTC: http://epic.org/redirect/062011FB.html - WATCH EPIC on ABC Nightline: http://epic.org/redirect/062011FB.html - SUPPORT EPIC http://www.epic.org/donate/ ======================================================================= [1] US Appeals Court: TSA Violated Federal Law on Body Scanners ======================================================================= In EPIC v. DHS, a federal court of appeals ruled July 15 that the Transportation Security Administration violated federal law by failing to solicit and consider public comment about its controversial airport body scanner program. EPIC first brought suit in July 2010, arguing that that the body scanners violated the Administrative Procedure Act, the Privacy Act, and the Fourth Amendment, in addition to other federal statutory claims. The Court granted EPIC's legal claim under the Administrative Procedure Act, holding that the agency failed to fulfill its duties under the statute. As the Court explained: In May 2009 more than 30 organizations, including the petitioner EPIC, sent a letter to the Secretary of Homeland Security, in which they objected to the use of AIT as a primary means of screening passengers. They asked that the TSA cease using AIT in that capacity pending "a 90-day formal public rulemaking process." The TSA responded with a letter addressing the organizations' substantive concerns but ignoring their request for rulemaking. Nearly a year later, in April 2010, the EPIC and a slightly different group of organizations sent the Secretary and her Chief Privacy Officer a second letter, denominated a "petitionfor the issuance, amendment, or repeal of a rule" pursuant to 5 U.S.C. S 553(e). They argued the use of AIT for primary screening violates the Privacy Act; a provision of the Homeland Security Act requiring the Chief Privacy Officer upon the issuance of a new rule to prepare a privacy impact assessment; the Religious Freedom Restoration Act (RFRA); and the Fourth Amendment. In May the TSA again responded by letter, clarifying some factual matters, responding to the legal challenges, and taking the position it is not required to initiate a rulemaking each time it changes screening procedures. In July, the EPIC, joined by two members of its advisory board who travel frequently and have been subjected to AIT screening by the TSA, petitioned this court for review. In the analysis, the Court went on to say: The petitioners focus their opening brief upon their substantive challenges to the TSA's decision to use AIT for initial screening. They raise all the legal claims foreshadowed in their request for rulemaking, as well as a claim under the Video Voyeurism Prevention Act. As explained below, however, our attention is most drawn to their procedural argument that the TSA should have engaged in notice-and- comment rulemaking. Rejecting the TSA's several arguments against the rulemaking, the court said: A construction of S 553(e) that excludes any petition with a goal beyond mere process is dubious at best, and the agency offers no authority for it. . . . Indeed, we would be surprised to find many petitions for rulemaking that do not identify the substantive outcome the petitioner wants the agency to reach. . . . The requirement that a passenger pass through a security checkpoint is hardly novel, the prohibition against boarding a plane with a weapon or an explosive device even less so. But this overly abstract account of the change in procedure at the checkpoint elides the privacy interests at the heart of the petitioners' concern with AIT. Despite the precautions taken by the TSA, it is clear that by producing an image of the unclothed passenger, an AIT scanner intrudes upon his or her personal privacy in a way a magnetometer does not. . . . For these reasons, the TSA's use of AIT for primary screening has the hallmark of a substantive rule and, therefore, unless the rule comes within some other exception, it should have been the subject of notice and comment. . . . Although the statute, 49 U.S.C. S 44925, does require the TSA to develop and test advanced screening technology, it does not specifically require the TSA to deploy AIT scanners let alone use them for primary screening. . . . The TSA seems to think it significant that there are no AIT scanners at some airports and the agency retains the discretion to stop using the scanners where they are in place. More clearly significant is that a passenger is bound to comply with whatever screening procedure the TSA is using on the date he is to fly at the airport from which his flight departs. . . . To be sure, he can opt for a patdown but, as the TSA conceded at oral argument, the agency has not argued that option makes its screening procedures nonbinding and we therefore do not consider the possibility. We are left, then, with the argument that a passenger is not bound to comply with the set of choices presented by the TSA when he arrives at the security checkpoint, which is absurd. The court concluded its analysis of the rulemaking requirement: In sum, the TSA has advanced no justification for having failed to conduct a notice-and-comment rulemaking. We therefore remand this matter to the agency for further proceedings. Because vacating the present rule would severely disrupt an essential security operation, however, and the rule is, as we explain below, otherwise lawful, we shall not vacate the rule, but we do nonetheless expect the agency to act promptly on remand to cure the defect in its promulgation. Separately, the court dismissed several other statutory claims. In response to EPIC's claim that the airport body scanners violate the Fourth Amendment, which prohibits unreasonable search and seizure, the court said that "considering the measures taken by the TSA to safeguard personal privacy, we hold AIT screening does not violate the Fourth Amendment." The court concluded the opinion with the following: To sum up, first, we grant the petition for review insofar as it claims the TSA has not justified its failure to initiate notice-and-comment rulemaking before announcing it would use AIT scanners for primary screening. None of the exceptions urged by the TSA justifies its failure to give notice of and receive comment upon such a rule, which is legislative and not merely interpretive, procedural, or a general statement of policy. Second, we deny the petition with respect to the petitioners' statutory arguments and their claim under the Fourth Amendment, except their claim under the RFRA, which we dismiss for lack of standing. Finally, due to the obvious need for the TSA to continue its airport security operations without interruption, we remand the rule to the TSA but do not vacate it, and instruct the agency promptly to proceed in a manner consistent with this opinion. As a result of the decision in EPIC v. DHS, the TSA will be required to set out for the public the legal basis for the airport screening program and the procedures it intends to follow. It will then be required to receive comments from the public, including from travelers and experts in such topics as radiation exposure, about its proposal. Then the agency will issue a final rule which can then be challenged and review by the court. D.C. Circuit Opinion: EPIC v. DHS (July 15, 2011) http://epic.org/redirect/071911_circuit_opinion_epicvdhs.html EPIC: Petition for Review (May 2009) http://epic.org/privacy/litigation/EPIC_v_DHS_Petition.pdf EPIC: Motion for Emergency Stay of Body Scanner Program (July 2010) http://epic.org/privacy/litigation/EPIC_v_DHS_Motion.pdf EPIC: EPIC v. DHS (Suspension of Body Scanners) http://www.epic.org/redirect/031111EPICvDHS.html EPIC v. DHS Opening Brief (Nov. 2010) http://epic.org/EPIC_Body_Scanner_OB.pdf EPIC v. DHS Reply Brief (Jan. 2011) http://www.epic.org/redirect/031111EPICvDHS_reply.html ======================================================================= [2] EPIC Testifies in Congress Against Data Retention ======================================================================= EPIC Executive Director Marc Rotenberg testified before the House Judiciary Subcommittee on Crime, Terrorism and Homeland Security at a July 12 hearing to evaluate H.R. 1918, the "Protecting Children From Internet Pornographers Act of 2011". Rotenberg opposes several provisions of the bill, which would require Internet Service Providers (ISPs) to retain customer Internet Protocol (IP) addresses for 18 months. Rotenberg stated that the proposal to retain identifying information would put "99.9% of Internet users" at risk. With the increasing numberof data breach and identity theft cases, Rotenberg said, cybersecurity best practices now utilize data minimization rather than data retention. He argued that retaining IP addresses creates more data available for hackers to steal, including the tracking and targeting of individual users. Rotenberg also pointed out that the bill "immunizes" ISPs from any liability for problems in storing or improperly sharing the information, thereby eliminating incentives to store the data securely and leaving customers without means of redress. Rotenberg pointed out that the current disclosure system for consumer electronic information under the Electronic Communications Privacy act (ECPA) already provides an effective means for law enforcement to access Iinternet user information like IP addresses. A law enforcement agency can request an ISP to retain customer information for 90 days and renew its request for another 90 days, providing time to obtain a warrant. Rotenberg also compared H.R. 1918 to a similar European Union directive that was found unconstitutional in European court. Furthermore, the bill provides an exception for wireless ISPs. Committee member Representative John Conyers Jr. (D-MI) commented that this loophole makes the data retention requirement nearly useless, and would merely encourage criminals to migrate to wireless service. Chairman James Sensenbrenner (R-WI) also strongly opposed the measure, stating that ISPs, not the government, should determine data retention procedures, and that the bill "needs a lot of fixing up . . . before it's ready for prime time." Rotenberg emphasized that the "seriousness of the crime, and the importance of prosecuting offenders, is beyond doubt," but that H.R. 1918 is not the solution. Representative Robert Scott (D-VA) also opposed the bill because he said it would contribute to the already extensive backlog in computer forensic investigations, and that simply compiling more data is not the solution to investigation difficulties. EPIC's Rotenberg and Rep. Conyers agreed that the bill would make the data available for any type of law enforcement, not just child pornography investigations. Rotenberg pointed out that narrowing the bill to those investigations would be a start in improving its scope and security. Rep. Conyers observed that if the bill were serious about pursuing child pornographers, it would both close the wireless loophole and limit its scope: The bill currently allows IP data to be accessed with an administrative subpoena, allowing FBI agents to obtain it without a warrant or judicial supervision. Chairman Sensenbrenner voiced his dissent by observing "this bill runs roughshod over the privacy rights of millions." EPIC: Testimony Before the US House Judiciary Committee (July 12, 2011) http://epic.org/redirect/071911_EPIC_testimony_hr1981.html House Judiciary Committee: Hearing Information (July 12, 2011) http://judiciary.house.gov/hearings/hear_07122011.html Library of Congress: H.R. 1981 http://thomas.loc.gov/cgi-bin/query/z?c112:h1981 EPIC - Data Retention http://epic.org/privacy/intl/data_retention.html ======================================================================= [3] EPIC v. NSA: FOIA Cybersecurity Lawsuit Goes Forward ======================================================================= A District of Columbia federal court ordered EPIC's Freedom of Information Act (FOIA) lawsuit against the National Security Agency (NSA) to proceed, holding that EPIC can "pursue its claim against the NSA for wrongfully withholding an agency record in its possession." EPIC's suit seeks disclosure of National Security Presidential Directive 54 - the document providing the legal basis for the NSA's cybersecurity activities. The NSA failed to disclose the document in response to EPIC's original 2009 FOIA request, instead forwarding the request to the National Security Council. The Court held that the Council is not subject to FOIA, but that the NSA's transfer of EPIC's request does not absolve the agency of its responsibility to respond to EPIC. In January 2008, President George W. Bush issued National Security Presidential Directive 54, which grants the NSA broad authority over the security of American computer networks. The Directive created the Comprehensive National Cybersecurity Initiative, a "multi-agency, multi-year plan that lays out twelve steps to securing the federal government's cyber networks." The Directive was not released to the public, but the White House did publish a description of the Initiative while the EPIC case was pending in March 2010. The Initiative covers a wide range of government activity, from cyber-education to intrusion detection. However, the text of the underlying legal authority for cybersecurity still remains undisclosed. EPIC submitted a FOIA request to the NSA in June 2009, asking for copies of the Directive, the Initiative and privacy policies related to either. The request specifically asked for the text of the National Security Presidential Directive 54; the full text of the Initiative, including unreported sections and any executing protocols distributed to the agencies in charge of its implementation; and any privacy policies related to the Directive or the Initiative, including contracts or other documents describing privacy policies with information shared with private contractors to facilitate the Initiative. In October 2009, the NSA identified three relevant documents to the EPIC FOIA request, but refused to disclose any of them. One document, relating to the text of the Directive, was not disclosed because the record "did not originate with" the NSA, and "has been referred to the National Security Council for review and direct response to" EPIC. Two other documents relating to privacy policies were withheld allegedly pursuant to a FOIA exemption. In November 2009, EPIC appealed the NSA's determination. The NSA acknowledged receipt of this appeal in December, but failed to provide any further communication. EPIC subsequently filed a lawsuit against the NSA and the National Security Council to compel the disclosure of documents relating to the Directive. One of EPIC's counts against the NSA included an Administrative Procedures Act violation because the NSA referred EPIC's FOIA request to the Council, which is not subject to FOIA. In response, the NSA and the National Security Council filed a partial motion to dismiss the alleged FOIA violation against the Council and the alleged APA violation against the NSA. On July 7, the court granted the motion and held that EPIC can still "pursue its claim against the NSA for wrongfully withholding an agency record in its possession." While the Council is not subject to FOIA, the NSA's transfer of EPIC's request does not absolve the agency of its responsibility to respond to EPIC. The FOIA lawsuit against the NSA is ongoing. EPIC: EPIC v. NSA (District Court Opinion) (July 7, 2011) http://epic.org/privacy/nsa/foia/EPIC_v_NSA_Opinion_07_07_11.pdf EPIC: EPIC v. NSA (Public Disclosure of NSA's Cybersecurity Authority) http://epic.org/privacy/nsa/epic_v_nsa.html ======================================================================= [4] FCC Confirms Google Street View Investigation ======================================================================= Federal Communications Commission (FCC) Chairman Julius Genachowski has confirmed that the Commission is investigating the legality of Google's "collateral" data capture during its Street View deployment. Writing in response to letters from Congressmen Tom Graves (R-GA), Mike Rogers (R-AL), John Barrow (D-GA), and Steve Scalise (R-LA), Genachowski said, "the [Enforcement] Bureau's inquiry seeks to determine whether Google's actions were inconsistent with any rule or law within the Commission's jurisdiction." Genachowski declined to provide specifics on the scope or depth of the inquiry, though there is growing frustration in Congress about the perceived slowness of the investigation. Google Street View is a Web application that provides views of streets and locations throughout the world from multiple perspectives, with images taken from specially adapted vehicles. For three years and in thirty countries, Google's Street View cars also collected and retained data, including the content of personal emails, from wireless routers located in private homes and businesses. Several countries, including the UK, Germany, Spain, and Canada, have conducted investigations and determined that Google violated national privacy laws. In 2010, EPIC filed a complaint with the FCC, urging it to open an investigation into Google Street View. The complaint stated that Google's collection of private wireless access (Wi-Fi) communications as a part of the program could constitute a violation of the US Wiretap Act. On June 29, U.S. District Judge James Ware rejected Google's motion to dismiss the case, finding that Google's "purposeful and secretive" collection of Wi-Fi data as part of its Street View activities could in fact constitute illegal wiretapping. Google has subsequently asked to file an interlocutory appeal. Earlier in 2011, EPIC had filed a "friend of the court" brief in the case, detailing the manner in which Google's Street View activities were potential contraventions of both federal and state wiretap statutes. FCC Chairman: Response to Reps. Rogers, Barrow et al. (June 22, 2011) http://epic.org/redirect/071911_fcc_streetview_response.html Reps. Rogers, Barrow, et al.: Letter to FCC on Street View (Feb. 2011) http://epic.org/redirect/071911_reps_letter_to_fcc.html EPIC: Google Street View Complaint (May 18, 2010) http://epic.org/redirect/071911_epic_streetview_complaint.html EPIC: Google Street View Amicus (April 11, 2011) http://epic.org/privacy/streetview/EPICStreetviewAmicus.pdf In re: Google Street View: Denial of Motion to Dismiss (June 29, 2011) http://epic.org/privacy/streetview/GoogleStreetViewJudgment.pdf EPIC: Google Street View http://epic.org/privacy/streetview/ ======================================================================= [5] Court-Approved Wiretaps Reach a New All-Time High ======================================================================= According to the newly released 2010 Wiretap Report, federal and state courts issued 3,194 orders for the interception of wire, oral, or electronic communications in 2010, up 34% from 2009. 2010 is the third consecutive year in which the number of both federal and state authorized wiretaps increased. Of the reported wiretaps in 2010, federal judges authorized 1,207 and state judges authorized 1,987. California, New York and New Jersey had the largest number of applications for state authorization, accounting for 68% of all applications approved by state judges. 96% of authorized wiretaps in 2010 were for portable devices like cell phones and digital pagers. Only one request for wiretap authorization was denied. The average number of persons whose communications were intercepted rose from 113 per wiretap order in 2009 to 118 per wiretap order in 2010. Only 26% of intercepted communications in 2010 were incriminating. The report also indicated that there were six cases in which law enforcement encountered encryption during a state wiretap; however, officials were able to obtain the plaintext of the encrypted communications. In 2010, each authorized wiretap was in operation for an average of 40 days, down two days from the previous year. The average cost for intercept devices in 2010 was $50,085, down 4% from 2009. At the federal level, the average cost for wiretaps for which expenses were reported was up 2% from 2009, to $63,566. The 2010 Wiretap Report does not include interceptions regulated by the Foreign Intelligence Surveillance Act or interceptions approved by the President outside the exclusive authority of the federal wiretap law or the Foreign Intelligence Surveillance Act (FISA). In April 2011, the Department of Justice reported to the Senate that the government applied for 1,579 authorizations to conduct electronic surveillance or physical search pursuant to the Foreign Intelligence Surveillance Act. Of those applications, the government withdrew five, and the Foreign Intelligence Surveillance Court denied zero. The Wiretap Report is required by law. Title 18, Section 2519 of the United States Code mandates that each federal and state judge file a written report to the Administrative Office of the United States Courts every time an application for a wiretap authorization is filed. The Administrative Office is then required to submit an annual report to Congress on all wiretap activity. In 2010, EPIC submitted comments to the Foreign Intelligence Surveillance Court recommending greater accountability. In 2011, EPIC submitted a "friend of the court" brief for a federal court case considering the Federal Wiretap Act. Administrative Office of the United States Courts: 2010 Wiretap Report http://epic.org/redirect/071911_2010_wiretap_report.html US Office of the Law: Law Requiring the Wiretap Report http://epic.org/redirect/071911_US_law_require_wiretap_report.html EPIC: Foreign Intelligence Surveillance Act http://epic.org/privacy/terrorism/fisa/ EPIC: Wiretapping http://epic.org/privacy/wiretap/ EPIC: Title III Wiretap Orders 1968-2010 http://epic.org/privacy/wiretap/stats/wiretap_stats.html EPIC: Comments to FISA Court on Proposed Ruling (Oct. 2010) http://epic.org/redirect/071911_epic_comments_fisa_court.html US DoJ: Letter to Sen. Reid re: FISA http://www.fas.org/irp/agency/doj/fisa/2010rept.pdf ======================================================================= [6] News in Brief ======================================================================= European Parliament Takes Stance Against Airport Body Scanners The European Parliament has adopted a resolution establishing strict safeguards for all airport body scanners used within the European Union. The Parliament also cited concerns to be addressed before the technology is implemented, including health risks, human rights, and data protection. The resolution requires European Union member states only to "deploy technology which is the least harmful for human health"; that only stick figures, rather than body images, be captured and that those images immediately be destroyed; and that the monitors' safety and efficacy be periodically reevaluated. The European Parliament intends to prohibit the use of backscatterx-ray devices, which have raised several health concerns among radiation experts. EPIC is currently pursuing a lawsuit to suspend the use of body scanners in the US, citing several federal laws and the US Constitution. EPIC has called the US airport body scanner program "invasive, ineffective, and unlawful." EUP: Resolution: Aviation Security & Security Scanners (July 6, 2011) http://epic.org/redirect/070511_EUP_bodyscanner_resolution.html EUP: Press Release on Airport Body Scanner Safeguards (July 6, 2011) http://epic.org/redirect/070511_EUP_bodyscanner_pressrelease.html European Commission: Resolution on Body Scanners at EU Airports http://epic.org/redirect/070511_resolution_scanner_EU_airports.html EPIC: Whole Body Imaging Technology http://epic.org/privacy/airtravel/backscatter/ EPIC: EPIC v. DHS (Suspension of Body Scanner Program) http://epic.org/redirect/070511_epic_v_dhs_suspension_of_body.html CA Governor Signs Library-Backed California Public Records Act On July 12, California Governor Jerry Brown signed into law an amendment to the California Public Records Act that protects library patron privacy. The bill establishes that library patron records for a library thatretrieves any public support "shall remain confidential and shall not be disclosed" by the library, or by a private actor that maintains or stores records on behalf of the library, to "any person, local agency, or state agency except" in a few circumstances. Permissible exceptions include appropriate administrative use by library personnel, with the consent of the individual, by court order, or for statistical purposes. The bill sets out an expansive definition of patron records. The bill was drafted by EPIC Board Member Mary Minow and sponsored by California Representative Joe Simitain State of California: Amendment to Senate Bill No. 445 http://epic.org/redirect/071911_ca_library_amend.html EPIC: Privacy and Public Records http://epic.org/privacy/publicrecords Open Government Groups Petition Senate over Defense Bill FOIA Exemption A coalition, led by OpenTheGovernment.org, is urging the Senate to oppose two new exemptions to the Freedom of Information Act contained in the National Defense Authorization Act of 2012. The provisions contained in the spending measure would allow the US government to exempt from FOIA requests data about US critical infrastructure and flight information. Concurrently, the Senate Armed Services Committee voted 17-9 to keep its deliberations on the bill closed to the public. US Senate: National Defense Authorization Act for Fiscal Year 2012 http://www.govtrack.us/congress/bill.xpd?bill=s112-981 Senate Armed Services Committee: Roll Call Votes (June 21, 2011) http://epic.org/redirect/071911_senate_armed_services_rollcall.html OpenTheGovernment.org: Fight for Narrow Info Disclosure Provisions http://www.openthegovernment.org/node/3134#section6 EPIC: Open Government http://epic.org/open_gov/ ======================================================================= [7] EPIC Book Review: "Digital Dead End" ======================================================================= "Digital Dead End: Fighting for Social Justice in the Information Age," Virginia Eubanks http://epic.org/redirect/071911_eubanks_digital_dead_end.html In her memoir, "Digital Dead End," "cyberfeminist" Virginia Eubanks argues that technology activists should expand their focus beyond concerns about the "digital divide" - a skills gap between those who are computer literate and those who are not. For 15 years, Eubanks ran a social justice organization out of the YWCA in Troy, NY, aiming to empower local residents by educating them about information technology. The experience transformed her worldview, and in unexpected ways. Eubanks' conclusions are surprising and insightful. As she puts it, "My own understandings of high-tech equity had been so colonized by digital divide theory that I couldn't hear past my own assumptions." Eubanks now believes that characterizing some as "haves" and others as "have-nots" in the context of computer literacy is overly simplistic. She also suggests that the residents of Troy had particularly rational reasons for steering clear of computing technology, which she terms "critical ambivalence." Chief among these reasons is that her socioeconomically marginalized research subjects were acutely aware of privacy risks. Eligible recipients of government aid understand that "dozens of widely dispersed and largely invisible people and agencies" are charged with accessing and monitoring their personally identifiable information. Intentional access to accurate information is scary enough. Social service systems expose recipients' information to a range of other perils as well, including drastic penalties for data errors that are beyond their control. From management information systems and closed- circuit televisions to electronic benefits transfer cards and biometric fingerprinting data, their lives are stripped bare, measured, and locked down. In this context, Eubanks' alternative account for the gap in computer literacy represents a rational explanation that does not rely on problematic assumptions about class. Despite her original project design, Eubanks never shies away from such counterintuitive findings. What unites the overwhelming majority of Americans, it turns out, is not a yearning for computer literacy, but rather for electronic privacy. Regardless of income, all of us have a deep and abiding interest in staving off government surveillance. What Eubank's story demonstrates is how powerful such a common cause might be in the hands of activists who listen. -- Conor Kennedy ================================ EPIC Publications: "Litigation Under the Federal Open Government Laws 2010," edited by Harry A. Hammitt, Marc Rotenberg, John A. Verdi, Ginger McCall, and Mark S. Zaid (EPIC 2010). Price: $75 http://epic.org/bookstore/foia2010/ Litigation Under the Federal Open Government Laws is the most comprehensive, authoritative discussion of the federal open access laws. This updated version includes new material regarding President Obama's 2009 memo on Open Government, Attorney General Holder's March 2009 memo on FOIA Guidance, and the new executive order on declassification. The standard reference work includes in-depth analysis of litigation under: the Freedom of Information Act, the Privacy Act, the Federal Advisory Committee Act, and the Government in the Sunshine Act. The fully updated 2010 volume is the 25th edition of the manual that lawyers, journalists and researchers have relied on for more than 25 years. ================================ "Information Privacy Law: Cases and Materials, Second Edition" Daniel J. Solove, Marc Rotenberg, and Paul Schwartz. (Aspen 2005). Price: $98. http://www.epic.org/redirect/aspen_ipl_casebook.html This clear, comprehensive introduction to the field of information privacy law allows instructors to enliven their teaching of fundamental concepts by addressing both enduring and emerging controversies. The Second Edition addresses numerous rapidly developing areas of privacy law, including: identity theft, government data mining and electronic surveillance law, the Foreign Intelligence Surveillance Act, intelligence sharing, RFID tags, GPS, spyware, web bugs, and more. Information Privacy Law, Second Edition, builds a cohesive foundation for an exciting course in this rapidly evolving area of law. ================================ "Privacy & Human Rights 2006: An International Survey of Privacy Laws and Developments" (EPIC 2007). Price: $75. http://www.epic.org/phr06/ This annual report by EPIC and Privacy International provides an overview of key privacy topics and reviews the state of privacy in over 75 countries around the world. The report outlines legal protections, new challenges, and important issues and events relating to privacy. Privacy & Human Rights 2006 is the most comprehensive report on privacy and data protection ever published. ================================ "The Public Voice WSIS Sourcebook: Perspectives on the World Summit on the Information Society" (EPIC 2004). Price: $40. http://www.epic.org/bookstore/pvsourcebook This resource promotes a dialogue on the issues, the outcomes, and the process of the World Summit on the Information Society (WSIS). This reference guide provides the official UN documents, regional and issue-oriented perspectives, and recommendations and proposals for future action, as well as a useful list of resources and contacts for individuals and organizations that wish to become more involved in the WSIS process. ================================ "The Privacy Law Sourcebook 2004: United States Law, International Law, and Recent Developments," Marc Rotenberg, editor (EPIC 2005). Price: $40. http://www.epic.org/bookstore/pls2004/ The Privacy Law Sourcebook, which has been called the "Physician's Desk Reference" of the privacy world, is the leading resource for students, attorneys, researchers, and journalists interested in pursuing privacy law in the United States and around the world. It includes the full texts of major privacy laws and directives such as the Fair Credit Reporting Act, the Privacy Act, and the OECD Privacy Guidelines, as well as an up-to-date section on recent developments. New materials include the APEC Privacy Framework, the Video Voyeurism Prevention Act, and the CAN-SPAM Act. ================================ "Filters and Freedom 2.0: Free Speech Perspectives on Internet Content Controls" (EPIC 2001). Price: $20. http://www.epic.org/bookstore/filters2.0 A collection of essays, studies, and critiques of Internet content filtering. These papers are instrumental in explaining why filtering threatens free expression. ================================ EPIC publications and other books on privacy, open government, free expression, crypto and governance can be ordered at: EPIC Bookstore http://www.epic.org/bookstore ================================ EPIC also publishes EPIC FOIA Notes, which provides brief summaries of interesting documents obtained from government agencies under the Freedom of Information Act. Subscribe to EPIC FOIA Notes at: http://mailman.epic.org/mailman/listinfo/foia_notes ======================================================================= [8] Upcoming Conferences and Events ======================================================================= Privacy Platform Meeting on The Transatlantic Dimension of Data Protection. Brussels, Belgium, 7 September 2011. For More Information: sophie.bots@europarl.europa.eu. EPIC Public Voice Conference. Mexico City, Mexico, 31 October 2011. For More Information: http://www.thepublicvoice.org/. 33rd International Conference of Data Protection and Privacy Commissioners (ICDPPC 2011). Mexico City, Mexico, 2-3 November 2011. For more information: http://www.privacyconference2011.org/. 8th Conference on Privacy and Public Access to Court Records. Sponsored by the College of William and Mary School of Law. Williamsburg, VA, 3-4 November 2011. For More Information: http://www.legaltechcenter.net/aspx/conferences.aspx. Computers, Privacy, & Data Protection 2012: European Data Protection: Coming of Age. Brussels, Belgium, 25-27 January 2012, Call for Papers Abstracts Deadline 1 June 2011. For More Information: http://www.cpdpconferences.org. ======================================================================= Join EPIC on Facebook ======================================================================= Join the Electronic Privacy Information Center on Facebook http://facebook.com/epicprivacy http://epic.org/facebook Start a discussion on privacy. Let us know your thoughts. Stay up to date with EPIC's events. Support EPIC. ======================================================================= Privacy Policy ======================================================================= The EPIC Alert mailing list is used only to mail the EPIC Alert and to send notices about EPIC activities. We do not sell, rent or share our mailing list. We also intend to challenge any subpoena or other legal process seeking access to our mailing list. We do not enhance (link to other databases) our mailing list or require your actual name. In the event you wish to subscribe or unsubscribe your e-mail address from this list, please follow the above instructions under "subscription information." ======================================================================= About EPIC ======================================================================= The Electronic Privacy Information Center is a public interest research center in Washington, DC. It was established in 1994 to focus public attention on emerging privacy issues such as the Clipper Chip, the Digital Telephony proposal, national ID cards, medical record privacy, and the collection and sale of personal information. EPIC publishes the EPIC Alert, pursues Freedom of Information Act litigation, and conducts policy research. For more information, see http://www.epic.org or write EPIC, 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009. +1 202 483 1140 (tel), +1 202 483 1248 (fax). ======================================================================= Donate to EPIC ======================================================================= If you'd like to support the work of the Electronic Privacy Information Center, contributions are welcome and fully tax-deductible. Checks should be made out to "EPIC" and sent to 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009. Or you can contribute online at: http://www.epic.org/donate Your contributions will help support Freedom of Information Act and First Amendment litigation, strong and effective advocacy for the right of privacy and efforts to oppose government regulation of encryption and expanding wiretapping powers. Thank you for your support. ======================================================================= Subscription Information ======================================================================= Subscribe/unsubscribe via web interface: http://mailman.epic.org/mailman/listinfo/epic_news Back issues are available at: http://www.epic.org/alert The EPIC Alert displays best in a fixed-width font, such as Courier. ------------------------- END EPIC Alert 18.14 ------------------------