EPIC Alert 18.18
E P I C A l e r t
Volume 18.18 September 13, 2011
Published by the
Electronic Privacy Information Center (EPIC)
"Defend Privacy. Support EPIC."
Table of Contents
 EPIC Prevails in FOIA Body Scanner Litigation
 EPIC Urges FTC to Examine Google's YouTube Search Rankings
 Germany Finds No Practical Use for Airport Full Body Scanners
 Documents Reveal New Details About DHS Mobile Body Scanners
 California Passes Updated Data Breach Legislation
 News in Brief
 Book Review: 'Top Secret America'
 Upcoming Conferences and Events
TAKE ACTION: Remember the Response to 9/11
- READ The Defense of Freedom Statement: http://indefenseoffreedom.org/
- READ EPIC's 9/11 Response: http://epic.org/alert/EPIC_Alert_8.17.html
- READ Editorial Responses: http://epic.org/alert/EPIC_Alert_8.18.html
- SUPPORT EPIC: http://www.epic.org/donate/
 EPIC Prevails in FOIA Body Scanner Litigation
A federal court ruled September 12 that EPIC "substantially prevailed"
in its open government lawsuit against the Department of Homeland
Security for information about the agency's airport body scanner
program, and has awarded attorneys' fees to EPIC. This lawsuit stems
from an April 2009 request for documents related to airport body
scanners. When the agency failed to comply with statutory deadlines,
EPIC filed suit in November 2009.
EPIC's Freedom of Information Act case led to the disclosure of
hundreds of pages of documents, including procurement specifications,
operational requirements, contracts, and traveler complaints, and
revealed that the body scanners are designed to store and transfer
In the ruling, the court found that "The records disclosed to the
plaintiff in the course of this litigation have provided a public
benefit in that they were covered extensively in the news and cited
frequently as a news source during the public debate surrounding the
use of whole body imaging devices in airports."
EPIC had also asked the court to reconsider an earlier ruling, in light
of a recent Supreme Court FOIA decision, Milner v. Dept. of Navy. The
Court denied that request for procedural reasons.
The documents obtained through this lawsuit served as the factual
underpinning for EPIC's subsequent lawsuit to suspend the airport body
scanner program. In response, the court required the Department of
Homeland Security to conduct a notice and comment rulemaking, which
will give the American public an opportunity to weigh in on the
US District Court for District of Columbia: Holding (Sept. 12, 2011)
EPIC v. DHS (FOIA, Body Scanners)
EPIC: Body Scanner Technology
EPIC v. DHS (Suspension of the Body Scanner Program)
 EPIC Urges FTC to Examine Google on YouTube Rankings
In a September 8 letter to the Federal Trade Commission, EPIC urged the
agency to investigate the extent to which Google has used its search
market dominance to influence the online video marketplace. EPIC's
letter specifically cites Google's acquisition of YouTube and the
resultant changes in YouTube search rankings, and recommends that the
Commission "investigate the extent to which Google's ratings preference
its own content and disfavor the content of others," adding, "Our
concern is not primarily about anti-competitive market practices; it is
about public access to information made available on the Internet."
EPIC futher explains that Google substituted its own subjective
"relevance" ranking in place of objective search criteria - such as
"Hits" or "Views" - to preference its own video material over non-
Google videos. As a result, EPIC contends, Google's own videos rank
higher in search results. EPIC's letter includes several detailed
examples of this outcome, using the search term "privacy."
Google has acknowledged that the Commission has opened an antitrust
investigation into the company's business practices. The investigation
likely focuses on whether Google uses its search market dominance to
inhibit competition in other areas.
In 2007, EPIC opposed Google's acquisition of online advertiser
DoubleClick, which was approved by the FTC over the objection of then-
Commissioner Pamela Harbour. EPIC later testified before the Senate
Judiciary Antitrust Subcommittee on Google's growing dominance of
essential Internet services. The Subcommittee's agenda in the current
Congress is said to include a focus on competition in online markets
and Internet search.
EPIC: Letter to Federal Trade Commission (Sept. 8, 2011)
Google: "Supporting Choice, Insuring Economic Opportunity" (June 2011)
EPIC: Complaint in re: Google DoubleClick (April 20, 2007)
Pamela Harbour: Dissenting Statement in re Google/DoubleClick
EPIC: Senate Testimony (Sept. 27, 2007)
Senator Herb Kohl (D-WI): Antitrust Annoucement (March 10, 2011)
 Germany Finds No Practical Use for Airport Full Body Scanners
After extensive testing, the German government has decided not to
deploy body scanners at the nation's airports. Officials from Germany's
Interior Ministry field-tested the scanners at Hamburg Airport,
screening more than 800,000 passengers between September 2010 and July
2011. German Interior Minister Hans-Peter Friedrich said in an official
statement that the tests demonstrated that the body scanners were not
effective enough for nationwide rollout, citing that the devices
produced too many false alarms.
Italy also removed the scanners from its airports in late 2010.
Following field tests in Rome, Milan, Palermo, and Venice, the Italian
Civil Aviation Authority determined that the scanners were both
inconvenient and inaccurate. Similarly, the European Commission has
stated that body scanners raise "several serious fundamental rights and
health concerns," and has recommended less intrusive security measures.
In the US, former 9-11 Study Commission Chairs Lee Hamilton and Thomas
Keen have released a "Tenth Anniversary Report Card," assessing the
status of the recommendations made by the 9-11 Commission. The report
finds that even "with significant federal funding . . . explosive
detection technology lacks reliability" and that "the next generation
of whole body scanning machines are not effective at detecting
explosives hidden within the body and raise privacy and health concerns
that DHS has not fully addressed."
EPIC has petitioned a federal appeals court to rehear EPIC's challenge
to the Transportation Security Administration's controversial body
scanner program. In the petition, EPIC cited erroneous findings that
the devices would detect liquid and powdered explosives, contrary to
the evidence on the record. However, the court denied the petition
In the July 2011 opinion, the appeals court ruled that the TSA violated
federal law when it installed airport body scanners without first
soliciting public comment. However, the court also stated that the
machines were not in violation of the Fourth Amendment, as EPIC had
contended. In an interview with ABC News, EPIC Senior Counsel John
Verdi said, "When [the body scanners] can't distinguish between body
sweat and explosives, they aren't making anyone safer."
German Interior Ministry: Press Release on Scanners (Sept. 2, 2011)
ABC News: Airport Scanner Manufacturer Under Scrutiny (Sept. 2, 2011)
Italian Civil Aviation Authority
9-11 Commission: 10th Anniversary Report (Sept. 2011)
EPIC v. DHS: Petition for Rehearing En Banc (July 15, 2011)
EPIC: EPIC v. DHS (Suspension of Body Scanner Program)
 Documents Reveal New Details About DHS Mobile Body Scanners
EPIC has obtained more than 150 pages of documents detailing the
Department of Homeland Security's development of mobile body scanners
and other crowd surveillance technologies. The documents were obtained
as a result of a Freedom of Information Act lawsuit brought by EPIC
against the agency.
According to the acquired documents, vehicles known as "Z Backscatter
Vans" can be equipped with mobile body scanners designed to examine
crowds and pedestrians. Scanners on Z Backscatter Vans can penetrate
bags, clothing, and even other vehicles. The documents also reveal that
due to the high level of radiation output, Z Backscatter Vans are not
and will never be American National Standards Institute-approved
"certified people scanners."
The Department of Homeland Security has tested other mobile body
scanners at surface transportation stations in both the US and abroad.
In the summer of 2009, the PATH train system, in conjunction with DHS,
tested body scanner technology on PATH travelers. According to the
documents, the "inexpensive, high resolution" mobile body scanners used
in the tests are powerful enough to "employ multiple sensors to
determine the presence of explosives on people, including observing and
following individuals, identifying explosive residues or heat
signatures on the outer surface of their clothing."
In March 2010, the Obama Administration released a "Surface
Transportation Security Priority Assessment," which detailed plans to
utilize both the private and public sectors in implementing new body
scanner technologies on US surface transportation systems, including
"mass transit, commuter and long-distance passenger rail, freight rail,
commercial vehicles (including intercity buses) . . . and roads and
In November 2010 EPIC submitted a written FOIA request to Homeland
Security for agency records detailing federal law enforcement plans to
implement body scanner technology on surface transportation. In April
2011 EPIC filed an administrative appeal challenging DHS's partial
withholding of documents requested by the FOIA request; in August 2011,
DHS sent documents complying with EPIC's administrative appeal.
EPIC: Mobile Body Scanner FOIA Documents (Aug. 15, 2011)
EPIC: Mobile Body Scanner Complaint (May 20, 2011)
White House: Surface Transportation Priority Assessment (Mar. 2010)
EPIC: DHS FOIA Request (Nov. 2010)
 California Passes Updated Data Breach Legislation
California has enacted Senate Bill 24, which strengthens the state's
existing 2002 data breach notification law. Senate Bill 24 specifies
the information that data holders should provide to individuals in the
event of a breach, including instructions on how to contact credit
agencies. The law also requires that the state Attorney General be
notified in the event of breaches affecting more than 500 California
Since 2002, California law has required data holders to notify
individuals if their data is lost or stolen. Prior law did not provide
for a standardized list of information to be included in notifications.
The new law, however, requires each notice to contain in "plain
language" the name and contact information of the data holder, the
types of personal information compromised by the breach, a brief
description of the incident, contact information for the major credit
reporting agencies, and whether the notification was delayed as a
result of an investigation by law enforcement.
Senate Bill 24 will become effective on January 1, 2012. Forty-five
other states, as well as the District of Columbia, Puerto Rico, and the
US Virgin Islands, also have data breach notification laws, many of
which similarly regulate the content of their notifications.
EPIC has testified before Congress on several occasions on the subject
of national data breach legislation. Executive Director Marc Rotenberg
has praised state breach notification bills like CA Senate Bill 24,
stating that such laws help "ensure that companies carry the
responsibility for their data practices."
State of California: Senate Bill 24 (Aug. 2011)
State of California: Original data breach legislation (2002)
Nat. Conf. of State Legislatures: State Breach Notification Laws
EPIC: US House Testimony on Federal Breach Legislation (June 15, 2011)
EPIC: US House Testimony on Federal Breach Legislation (May 2009)
 News in Brief
DC Circuit Court Grants Access to Cell Phone Surveillance Records
The Circuit Court for the District of Columbia ruled September 6 that
the Department of Justice must release information regarding government
surveillance of cell phone location data. In 2008, the American Civil
Liberties Union filed a Freedom of Information Act request for
information regarding current and past cases in which the Department of
Justice had accessed cell phone location data without a warrant. The
agency sought to keep this information secret, claiming that releasing
cell phone tracking data could affect the privacy of investigation
subjects. The court, however, disagreed, stating: "The disclosure
sought by the plaintiffs would inform this ongoing public policy
discussion by shedding light on the scope and effectiveness of cell
phone tracking as a law enforcement tool."
ACLU v. DOJ: Court Ruling (Sept. 6, 2011)
American Civil Liberties Union
EPIC: Electronic Surveillance 1968-2010
Federal Appeals Court Says Individuals Have Right to Record Officials
The First Circuit Court of Appeals has held that the First Amendment
protects "the filming of government officials engaged in their duties
in a public place." In Glik v. City of Boston - a case in which a man
using his cell phone to film a police arrest was himself arrested - the
court found that members of the public enjoy the same rights as
credentialed members of the press, emphasizing that "the public's right
of access to information is coextensive with the press." The court
further held that, in arresting Glik, the City of Boston violated the
Fourth Amendment's probable cause requirement, given there was no
reason to believe that Gilk had violated any state law. EPIC agreed
that the Massachusetts state wiretap law was not intended to limit the
public's ability to record police activity, but did not file an amicus,
or "friend of the court," brief in the case.
US First Circuit Appeals Court: Glik v. City of Boston (Aug. 26, 2011)
EPIC: EPIC Amicus Curiae Briefs
Survey: Americans Still Favor Civil Liberties in Post-9/11 Era
The Center for Public Affairs Research, a joint project of the
Associated Press and the National Opinion Research Center, recently
published "Civil Liberties and Security: 10 Years After 9/11." The
detailed report analyzes public opinion on national security and civil
liberties issues a decade after 9/11. The survey, given to 1,087 US
adults in July and August 2011, found that Americans are divided on the
so-called "war on terror". Of those surveyed, 85% said that the events
following 9/11 have had some impact on their individual rights and
freedoms. A slim majority also said that the protection of civil
liberties should take priority over national security. Only 23% favored
the government's warrantless wiretapping program. Overall, however,
survey participants were closely divided over a number of civil
liberties issues, sometimes contradictorily. According to the report,
"While 60 percent of Americans think the government is doing enough to
protect the rights and freedoms of US citizens, the number in favor of
certain specific activities that may interfere with those rights . . .
Associated Press/NORC: Poll on Civil Liberties (Aug. 15, 2011)
EPIC: 9/11 Commission Report
EPIC: Public Opinon on Privacy
US, EU Consumer Groups Oppose New Industry Proposal on Self-Regulation
The Transatlantic Consumer Dialogue (TACD) has sent a letter to US and
European Union officials, requesting that they reject an advertising
industry proposal to protect online privacy through self-regulation.
The industry proposal relies on opt-out techniques that force consumers
to click on small, hard-to-locate icons on the websites they visit. The
TACD letter describes the icon regime as "inadequate," adding that the
icons are "an insufficient means of [giving] notice to a user about the
wide range of data collection that they routinely face." In 1998, EPIC
conducted the first evaluation of industry self-regulation to protect
online privacy, and concluded that "Notice is Not Enough."
TACD: Letter to Officials on Industry Self-Regulation (Sept. 8, 2011)
Behavioral Advertisers: Updated Self-Regulatory Program (June 2011)
EPIC: Consumer Guidance on Behavioral Profiling
EPIC: Online Tracking and Behavioral Profiling
 EPIC Book Review: 'Top Secret America'
"Secret America: The Rise of the New American Security State,"
Dana Priest and William M. Arkin
Prior to September 11, 2001, American national defense and
intelligence assets were overwhelmingly focused away from the
American shore. Post- 9/11, efforts have been trained towards US
citizens. Washington Post reporters Dana Priest and William Arkin
show their readers a thin but disturbing slice of the post-September
11, 2001 American security apparatus in their new book, "Top Secret
America: The Rise of the New American Security State."
The American security state generally keeps itself well hidden from
the eyes of the general American public; consequently, this book
provides so much new information on its creation and massive growth
that you should set aside time to read it with a highlighter and
In some respects, security efforts in post- 9/11 America seem
reasonable and prudent, given an enemy that proved it could strike
within US borders using unconventional means. According to Priest and
Arkin, however, the security overload we face today was the fault of
our elected leaders being unwilling or unable to engage in expectations
management: In the frightened national mood after 9/11, there was no
way to promise that under all conditions and circumstances the US
government could keep all of its citizens safe all of the time.
In an attempt to hide this fact, Congress and both the Bush and Obama
Administrations have feverishly spent taxpayer dollars in the most
aggressive defense buildup since the bombing of Pearl Harbor, in which,
seemingly, no cost has been too great and no program's replication and
overlap too excessive to fund. But who runs or even knows about all
these programs? Priest and Arkin lay out a chilling prospect: No single
individual or group in the federal government, including the secretive
clandestine community of old and new intelligence agencies, know
everything that should be known about the post-9/11 security
The Office of the Director National Intelligence (ODNI), Cyber Command,
the Northern Command (NorthCom), and fusion centers are just a few of
the new tools American taxpayers have purchased in the battle against
Al Qaeda. Warfare has changed forever; manned fighter jets and bans on
noncriminal domestic surveillance are now relics of the "good old
days". Too many entities that are not and may never be known are
installed in communities across the nation and they intend to stay in
business, war or no war.
US intelligence and defense agencies can be credited with finding the
masterminds of the 9/11 attacks. However, all is not well with the new
American security state: It is not a monolithic creation; it does not
speak the same language as other parts of the government; it produces
too much information to be consumed by those who need it. According to
the book, soldiers and commanders in the field judge much of the
collected data to be useless. The DoD, its components, and its
contractors create their own intelligence resources. Information is so
duplicative it often can be categorized as "busywork". In fact, there
is so much information out there that actionable items (knowing who,
and what) can be missed; two examples given are the Christmas Day 2009
attempted "underwear bombing" and the Fort Hood army psychiatrist who
killed fellow US soldiers.
One way to improve the US's overall financial health, the book
suggests, is to understand where federal funding is going and why it is
going there. However, a larger issue is to make sure the US "does the
right thing" after the troops in Iraq and Afghanistan have been drawn
down; in other words, we need a good gardener to pull the weeds, make
sure that the productive, healthy components have oversight and
accountability, and assure that the transition from war to peacetime
vigilance is orderly and transparent to the American people.
-- Lillie Coney
"Litigation Under the Federal Open Government Laws 2010," edited by
Harry A. Hammitt, Marc Rotenberg, John A. Verdi, Ginger McCall, and Mark
S. Zaid (EPIC 2010). Price: $75
Litigation Under the Federal Open Government Laws is the most
comprehensive, authoritative discussion of the federal open access laws.
This updated version includes new material regarding President Obama's
2009 memo on Open Government, Attorney General Holder's March 2009 memo
on FOIA Guidance, and the new executive order on declassification. The
standard reference work includes in-depth analysis of litigation under:
the Freedom of Information Act, the Privacy Act, the Federal Advisory
Committee Act, and the Government in the Sunshine Act. The fully updated
2010 volume is the 25th edition of the manual that lawyers, journalists
and researchers have relied on for more than 25 years.
"Information Privacy Law: Cases and Materials, Second Edition" Daniel
J. Solove, Marc Rotenberg, and Paul Schwartz. (Aspen 2005). Price: $98.
This clear, comprehensive introduction to the field of information
privacy law allows instructors to enliven their teaching of fundamental
concepts by addressing both enduring and emerging controversies. The
Second Edition addresses numerous rapidly developing areas of privacy
law, including: identity theft, government data mining and electronic
surveillance law, the Foreign Intelligence Surveillance Act,
intelligence sharing, RFID tags, GPS, spyware, web bugs, and more.
Information Privacy Law, Second Edition, builds a cohesive foundation
for an exciting course in this rapidly evolving area of law.
"Privacy & Human Rights 2006: An International Survey of Privacy Laws
and Developments" (EPIC 2007). Price: $75.
This annual report by EPIC and Privacy International provides an
overview of key privacy topics and reviews the state of privacy in over
75 countries around the world. The report outlines legal protections,
new challenges, and important issues and events relating to privacy.
Privacy & Human Rights 2006 is the most comprehensive report on privacy
and data protection ever published.
"The Public Voice WSIS Sourcebook: Perspectives on the World Summit on
the Information Society" (EPIC 2004). Price: $40.
This resource promotes a dialogue on the issues, the outcomes, and the
process of the World Summit on the Information Society (WSIS). This
reference guide provides the official UN documents, regional and
issue-oriented perspectives, and recommendations and proposals for
future action, as well as a useful list of resources and contacts for
individuals and organizations that wish to become more involved in the
"The Privacy Law Sourcebook 2004: United States Law, International Law,
and Recent Developments," Marc Rotenberg, editor (EPIC 2005). Price:
The Privacy Law Sourcebook, which has been called the "Physician's Desk
Reference" of the privacy world, is the leading resource for students,
attorneys, researchers, and journalists interested in pursuing privacy
law in the United States and around the world. It includes the full
texts of major privacy laws and directives such as the Fair Credit
Reporting Act, the Privacy Act, and the OECD Privacy Guidelines, as
well as an up-to-date section on recent developments. New materials
include the APEC Privacy Framework, the Video Voyeurism Prevention Act,
and the CAN-SPAM Act.
"Filters and Freedom 2.0: Free Speech Perspectives on Internet Content
Controls" (EPIC 2001). Price: $20.
A collection of essays, studies, and critiques of Internet content
filtering. These papers are instrumental in explaining why filtering
threatens free expression.
EPIC publications and other books on privacy, open government, free
expression, crypto and governance can be ordered at:
EPIC also publishes EPIC FOIA Notes, which provides brief summaries of
interesting documents obtained from government agencies under the
Freedom of Information Act.
Subscribe to EPIC FOIA Notes at:
 Upcoming Conferences and Events
5th Annual International Right-to-Know Day Celebration. American
University Law School, Washington, DC, 28 September 2011. For More
EPIC Public Voice Conference. Mexico City, Mexico, 31 October 2011. For
More Information: http://www.thepublicvoice.org/.
33rd International Conference of Data Protection and Privacy
Commissioners (ICDPPC 2011). Mexico City, Mexico, 2-3 November 2011.
For more information: http://www.privacyconference2011.org/.
8th Conference on Privacy and Public Access to Court Records.
Sponsored by the College of William and Mary School of Law.
Williamsburg, VA, 3-4 November 2011. For More Information:
2nd Annual GridWise(R) Global Forum, Co-Hosted by the GridWise(R)
Alliance and the US Dept. of Energy. Washington, DC, 8-10 November
2011. For More Information: http://www.gridwiseglobalforum.org/.
Workshop on Cryptography for Emerging Technologies and Applications.
NIST Campus, Gaithersburg, MD, 7-8 November 2011. For More Information:
Computers, Privacy, & Data Protection 2012: European Data Protection:
Coming of Age. Brussels, Belgium, 25-27 January 2012, Call for Papers
Abstracts Deadline 1 June 2011. For More Information:
Join EPIC on Facebook and Twitter
Join the Electronic Privacy Information Center on Facebook and Twitter:
Join us on Twitter for #privchat, Tuesdays, 11:00am ET.
Start a discussion on privacy. Let us know your thoughts.
Stay up to date with EPIC's events.
The EPIC Alert mailing list is used only to mail the EPIC Alert and to
send notices about EPIC activities. We do not sell, rent or share our
mailing list. We also intend to challenge any subpoena or other legal
process seeking access to our mailing list. We do not enhance (link to
other databases) our mailing list or require your actual name.
In the event you wish to subscribe or unsubscribe your e-mail address
from this list, please follow the above instructions under "subscription
The Electronic Privacy Information Center is a public interest research
center in Washington, DC. It was established in 1994 to focus public
attention on emerging privacy issues such as the Clipper Chip, the
Digital Telephony proposal, national ID cards, medical record privacy,
and the collection and sale of personal information. EPIC publishes the
EPIC Alert, pursues Freedom of Information Act litigation, and conducts
policy research. For more information, see http://www.epic.org or write
EPIC, 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009. +1 202
483 1140 (tel), +1 202 483 1248 (fax).
Donate to EPIC
If you'd like to support the work of the Electronic Privacy Information
Center, contributions are welcome and fully tax-deductible. Checks
should be made out to "EPIC" and sent to 1718 Connecticut Ave., NW,
Suite 200, Washington, DC 20009. Or you can contribute online at:
Your contributions will help support Freedom of Information Act and
First Amendment litigation, strong and effective advocacy for the right
of privacy and efforts to oppose government regulation of encryption and
expanding wiretapping powers.
Thank you for your support.
Subscribe/unsubscribe via web interface:
Back issues are available at:
The EPIC Alert displays best in a fixed-width font, such as Courier.
------------------------- END EPIC Alert 18.18 ------------------------