Focusing public attention on emerging privacy and civil liberties issues

EPIC Alert 18.22

======================================================================= E P I C A l e r t ======================================================================= Volume 18.22 November 10, 2011 ----------------------------------------------------------------------- Published by the Electronic Privacy Information Center (EPIC) Washington, D.C. http://www.epic.org/alert/epic_alert_1822.html "Defend Privacy. Support EPIC." http://epic.org/donate ======================================================================= Table of Contents ======================================================================= [1] The Public Voice Hosts Civil Society Conference in Mexico [2] Privacy Experts Convene for Commissioners, OECD Meetings [3] Supreme Court Hears Oral Arguments in 4th Amendment GPS Case [4] EPIC Urges Court to Demand Radiation Docs, Public Comment from DHS [5] EPIC Files FTC Complaint re: Verizon Privacy Changes [6] News in Brief [7] Book Review: 'Taking Liberties' [8] Upcoming Conferences and Events TAKE ACTION: KWTK! - Know What Facebook Knows! Demand Your Data! - WATCH the Video: http://epic.org/redirect/102511-kwtw-video.html - DEMAND Your Facebook Data: http://epic.org/redirect/102511-kwtw.html - READ the Facebook Complaint: http://epic.org/redirect/102511-fb.html - SUPPORT EPIC: http://www.epic.org/donate/ ======================================================================= [1] The Public Voice Hosts Civil Society Conference in Mexico ======================================================================= The Public Voice coalition hosted "Privacy is Freedom," a privacy and consumer protection conference on October 31 in Mexico City. The event was held in conjunction with the 33rd Data Protection and Privacy Commissioners Conference, and the Organisation for Economic Cooperation and Development's annual symposium and celebration of the 30th anniversary of the OECD Privacy Guidelines. The Public Voice conference addressed the challenges associated with the promotion of privacy rights worldwide, with an emphasis on developments in Latin America. International panels of privacy experts examined such topics as "Cultures and Privacy Around the World," "Children's Online Privacy," and the "Right to Forget." The conference featured real-time video streaming in English and Spanish, Twitter and Facebook feeds in English, Spanish and French, and a multilingual "virtual meeting" to include participants who wished to retain their anonymity. Participation at the conference was fueled by civil society representatives from 16 countries, including Brazil, Tunisia, the UK, France, and China. EPIC Associate Director Lillie Coney chaired the event, which was EPIC and the Federal Institute for Access to Information and Data Protection (IFAI). Many NGOs from Latin America, Europe, and the United States helped organize the event. EPIC established The Public Voice Coalition in 1996 to promote public participation in decisions concerning the future of the Internet. The Public Voice has pursued issues ranging from privacy and freedom of expression to consumer protection and Internet governance. In cooperation with the OECD, UNESCO, and other international organizations, the Public Voice has brought civil society leaders face to face with government officials for constructive engagement about current policy issues. Public Voice events have been held in many cities around the world, including Buenos Aires, Cape Town, Dubai, Hong Kong, Honolulu, Jerusalem, Kuala Lumpur, Madrid, Ottawa, Paris, Washington, and Wroclaw. The 2012 Public Voice conference will be held in Montevideo. The Public Voice http://www.thepublicvoice.org http://twitter.com/#tpv http://facebook.com/thepublicvoice The Public Voice: Conference 2011: "Privacy is Freedom" http://thepublicvoice.org/events/mexicocity11/ The Public Voice: Prepared Conference Opening Remarks (Bi-Lingual) http://epic.org/redirect/110911-tpv11-opening-remarks.html The Public Voice: 2011 "Cultures and Privacy Around the World" Video http://www.youtube.com/watch?feature=player_embedded&v=B4VIjDaNoPU ======================================================================= [2] Privacy Experts Convene for Commissioners, OECD Meetings ======================================================================= The Mexican Federal Institute for Access to Information and Data Protection (IFAI) hosted the 33rd International Conference of Data Protection and Privacy Commissioners in Mexico City. Attendees included high-level officials from government, particularly privacy, agencies, and private and non-governmental organizations worldwide. In her opening remarks IFAI President Jacqueline Peschard emphasized the need to apply privacy laws to new business practices and to consider the growing concentrations of personal data held by a few in the private sector. The privacy commissioners' conference promotes the goal of cross-border collaboration and the development of international privacy norms. The 2011 conference focused on the challenges faced by international policymakers and global citizens in an increasingly networked and technologically advanced world, and featured open sessions on topics including "Observation, Analytics, Innovation and Privacy" and "The Drivers for Data Protection Law in Latin America, Asia, and Africa." The hosting of the conference by the Mexican Data Protection Agency also marked a significant milestone in the history of the annual meeting of privacy officials. This was the first time the conference was held in Latin America, an acknowledgement of the recent adoption of comprehensive privacy legislation in Mexico and the significant role of the IFAI. Mexican President Felipe Calderon welcomed conference attendees to the nation's capital and spoke about the importance of protecting privacy in the modern age. Other top officials from the Mexican government described privacy as a fundamental human right and commended the work of IFAI. The OECD also held a one-day symposium on privacy and interoperability that focused on three international frameworks for privacy protection - the OECD Privacy Guidelines, the EU Data Protection Directive, and the Council of Europe Convention 108. Efforts are underway to strengthen all three frameworks. At the OECD, the focus is now on implementation and enforcement of the Privacy Guidelines. The revised EU Data Directive will likely include new enforcement powers, streamlined review, and coverage of criminal justice ("third pillar") data systems. At the Council of Europe, the aim is to both update the Convention and to expand coverage. Uruguay, the host of the 2012 Privacy Commissioners' meeting, is the most recent nation to ratify the Privacy Convention. As evidenced during the week of privacy meetings, much of the world is moving toward stronger, harmonized standards for privacy protection. Still, the position of the United States remains unclear. The architect of the "Fair Information Practices" framework that undergirds many of the international agreements had little to offer conference attendees beyond "self-regulation" and a long delayed "white paper." The country that helped push through the OECD Privacy Guidelines now struggles to enact the principles in its own laws. The European Union, which has repeatedly urged the US to update its privacy laws to take account of new business practices, has new allies. EPIC's Executive Director Marc Rotenberg and Associate Director Lillie Coney attended both conferences. ICDPPC: 33rd Annual Conference http://www.privacyconference2011.org/index.php?lang=Eng OECD: 2011 Privacy Conference http://epic.org/redirect/110911-oecd-2011.html EPIC: European Union Data Protection Directive http://epic.org/privacy/intl/eu_data_protection_directive.html ======================================================================= [3] Supreme Court Hears Oral Arguments in 4th Amendment GPS Case ======================================================================= The United States Supreme Court heard arguments November 8 in US v. Jones, a case set to determine whether the warrantless police use of a GPS tracking device violates the Fourth Amendment. Evidence against defendant Antoine Jones was gathered from a tracking device placed on the underside of Jones' car. The collected GPS location data was central to the government's case, and the defendant challenged his conviction based on the lack of a valid warrant. A three-judge appeals panel for the DC Circuit held that "the use of the GPS device violated [Jones'] 'reasonable expectation of privacy,' and was therefore a search subject to the reasonableness requirement of the Fourth Amendment." The arguments before the Court concerned the two interrelated aspects of Jones' Fourth Amendment challenge: whether persistent GPS tracking constitutes a "search" and also whether the installation of a GPS tracking device on a private vehicle is an unconstitutional "seizure." US Deputy Solicitor General Michael R. Dreeben argued on behalf of the United States, stressing that "[w]hat a person seeks to preserve as private . . . is a subject of Fourth Amendment protection. But what he reveals to the world, such as his movements in a car on a public roadway, is not." Defense Counsel Stephen Leckar argued that "[w]hat has been seized is [Mr. Jones'] data. Data is seized that is created by the GPS." EPIC filed a "friend of the court" brief in the case October 3, warning that "it is critical that police access to GPS tracking be subject to a warrant requirement." Supported by 30 legal scholars and technical experts, EPIC argued that 24-hour GPS surveillance by law enforcement constitutes a "search" under the Fourth Amendment. EPIC's brief urged the Court to consider the ubiquity of GPS technology and the privacy implications of its unchecked use by law enforcement. "If the Court overturns the decision below," the brief states, "it would severely restrict the privacy interests of drivers by allowing unchecked, continuous, surreptitious tracking and monitoring of individuals operating privately-owned vehicles." EPIC: US v. Jones http://epic.org/amicus/jones/default.html US Supreme Court: Oral Argument Transcript, US v. Jones (Nov. 8, 2011) http://epic.org/redirect/110911-usvjones-scotus-oral-transcript.html DC District Appeals Court: Ruling on US v. Jones (Aug. 2010) http://epic.org/amicus/jones/JonesOpinion08.06.10.pdf EPIC: Amicus Brief in US v. Jones (Oct. 3, 2011) http://epic.org/amicus/jones/EPIC_Jones_amicus_final.pdf EPIC: Locational Privacy http://epic.org/privacy/location_privacy/default.html ======================================================================= [4] EPIC Urges Court to Demand Radiation Docs, Public Comment from DHS ======================================================================= EPIC filed a motion for summary judgment October 31 in EPIC v. DHS, a pending Freedom of Information Act lawsuit against the Department of Homeland Security for information about the radiation risks posed by airport body scanners. EPIC's initial Freedom of Information Act request was filed in July 2010, but the agency failed to respond until EPIC filed suit in DC District Court in early 2011. EPIC's lawsuit resulted in the disclosure of over a thousand pages of documents, including studies detailing danger zones around the scanners and proper limits of employee exposure. Though the agency initially withheld radiation emission facts, EPIC was able to force disclosure. EPIC's motion asks the Court to force the agency to disclose further documents containing radiation testing results, agency fact sheets on body scanner radiation risks, and an image produced by the machines. EPIC also filed papers in federal court October 28, seeking to enforce an order that requires the Department of Homeland Security to provide greater detail about the body scanner program. As a result of EPIC's lawsuit against DHS, the DC Circuit Court of Appeals ruled that the agency violated federal law when it installed body scanners in airports for primary screening without first soliciting public comment. In July, the Court ordered Homeland Security to "promptly" seek public comment, but the agency has failed to respond. The Court's July 2011 decision holds that "the TSA has not justified its failure to initiate notice-and-comment rulemaking before announcing it would use AIT scanners for primary screening. None of the exceptions urged by the TSA justifies its failure to give notice of and receive comment upon such a rule, which is legislative and not merely interpretive, procedural, or a general statement of policy." The Court also observed, "Few, if any regulatory procedures impose directly and significantly upon so many members of the public." EPIC v. DHS: Full Body Scanner Radiation Risks http://epic.org/redirect/110911-epicvdhs-radiation.html EPIC: Motion for Summary Judgment (Oct. 31, 2011) http://epic.org/redirect/110911-epicvdhs-radiation-summary.html EPIC: Motion to Enforce Order on DHS (July 15, 2011) http://epic.org/redirect/110911-epicvdhs-motion-to-enforce.html DC Circuit Court: Opinion on EPIC v. DHS (July 15, 2011) http://epic.org/redirect/071911_circuit_opinion_epicvdhs.html EPIC: Petition for Review in EPIC v. DHS (May 2009) http://epic.org/privacy/litigation/EPIC_v_DHS_Petition.pdf EPIC: Motion for Emergency Stay of Body Scanner Program (July 2010) http://epic.org/privacy/litigation/EPIC_v_DHS_Motion.pdf EPIC: EPIC v. DHS (Suspension of Body Scanners) http://www.epic.org/redirect/031111EPICvDHS.html ======================================================================= [5] EPIC Files FTC Complaint over Verizon Privacy Changes ======================================================================= EPIC has filed a complaint with the Federal Trade Commission, charging that Verizon Wireless has engaged in unfair and deceptive trade practices in violation of consumer protection law. Verizon Wireless recently changed its business practices, which now include revealing detailed personal information about its customers - including location data, web browsing and search histories, and demographic data - to third parties. Even customers who previously signed long-term contracts with the company are affected. EPIC's complaint also charges that Verizon Wireless has failed to establish adequate techniques to de-identify its customers. Verizon Wireless previously promised users, 88 percent of whom are locked into long-term contracts, that the company would provide "clear and meaningful notice" and obtain users' "affirmative consent" before collecting their web browsing data. The company also represented to users that it would not collect or disclose users' location data, demographic information, or mobile device usage information. Verizon's subsequent changes not only disclose those details but do so without affirmative user consent. Verizon Wireless claims that the information it discloses cannot be used to personally identify users. However, the FTC recognizes location data as personally identifiable information. EPIC's complaint also cites AOL and Netflix as companies that released improperly anonymized data sets consisting of users' Web search terms and video ratings, only to discover that such information was in fact personally identifiable. "Such practices are unfair and deceptive, contrary to the privacy and security interests of Verizon Wireless customers, and actionable by the Federal Trade Commission," EPIC's complaint states. The complaint asks the FTC to "require Verizon Wireless to immediately cease its unfair and deceptive data collection and disclosure practices," and to require that the company "implement an opt-in consent model for all future changes to the company's data collection and disclosure practices." EPIC: Complaint to FTC Against Verizon (Oct. 28, 2011) http://epic.org/privacy/ftc/EPIC-Verizon-FTC-Complaint-final.pdf Verizon: Data Disclosure Policy www22.verizon.com/privacy/ EPIC: Re-identification http://epic.org/privacy/reidentification/ EPIC: Locational Privacy http://epic.org/privacy/location_privacy/default ======================================================================= [6] News in Brief ======================================================================= Institute of Medicine: Health Information Technology Still Not Safe According to a study conducted by the Institute of Medicine, software errors and defects in electronic health records pose threats to patient safety, and can even result in death. To combat the problem, the Institute recommends the establishment of an investigative agency, to be charged with examining and charting the safety performance of electronic health records in use, according to a press release from the National Academies panel. The Institute also recommends that clauses purported to "hold harmless" electronic health record suppliers be removed from their sales contracts. Although experts in the medical field acknowledge that the study is a positive step in regulating health information technology, The New York Times reports that some experts believe the Food and Drug Administration should regulate the safety of electronic health records. EPIC participated in a 2009 IOM study on Privacy and Medical Research. Institute of Medicine: Study on Technology and Patient Safety http://www.nap.edu/openbook.php?record_id=13269&page=R1 National Academies: Press Release on IOM Study (Nov. 8, 2011) http://epic.org/redirect/110911-national-academies-iom-release.html NY Times: Article on Digital Health Records Safety (Nov. 9, 2011) http://epic.org/redirect/110911-nyt-iom-study.html IOM: Study on Medical Records Safety (Jan. 2009) http://epic.org/redirect/110911-2009-iom-study.html EPIC: Medical Record Privacy http://epic.org/privacy/medical/ Congress, #KWTK Press Facebook to Disclose Secret Profiles US Representatives Joe Barton (R-TX), Edward Markey (D-MA), Marsha Blackburn (R-TN), and Carolyn Maloney (D-NY) have sent a letter to Facebook CEO Mark Zuckerberg, requesting information on Facebook's data retention practices. The October 28 letter asked in-depth questions about the types of personal data that Facebook collects as well as Facebook's data storage, retention, and deletion policies, and requested that Facebook provide the committee with relevant information within 15 days of the letter's receipt. The inquiry followed a news report that a single Austrian Facebook user requested and obtained more than 1,200 pages of his own personal data from the company, including information he had previously deleted. As part of its new "Know What They Know" ("KWTK") campaign, EPIC is now urging Facebook users to obtain their complete "data dossiers." Bipartisan Privacy Caucus: Letter to Mark Zuckerberg (Oct. 29, 2011) http://markey.house.gov/docs/facebook_caucus_letter_10.29.11.pdf EPIC: #kwtk http://epic.org/privacy/kwtk/default.html EPIC: Facebook Privacy http://epic.org/privacy/facebook/ WSJ: 'Europeans to Facebook: "Where's my data?"' (Sept. 29, 2011) http://epic.org/redirect/110911-wsj-facebook-eu.html Europe-v-Facebook http://europe-v-facebook.org/EN/en.html FTC Enforces COPPA Against Kids' Facebook-Like Web Site The Federal Trade Commission has settled a complaint against Web site Skid-e-kids after the owner violated both the Commission's Children's Online Privacy Protection Act (COPPA) Rule and the Web site's own privacy policy by collecting personal information from approximately 5,600 children without obtaining prior parental consent. The settlement bars future violations of COPPA and misrepresentations about the collection and use of children's information. It also requires site owner Jones O. Godwin to destroy information collected in violation of the Rule, and to allow for oversight of future Web sites. Godwin was also directed to pay a $100,000 fine, which will be reduced to $1,000 if he complies with the order's oversight provision. Skid-e-kids is a social networking site that allows children ages 7-14 to create profiles, upload pictures and videos, and become friends with and send messages to other members. COPPA requires that Web site operators obtain parental consent before they collect, use or disclose personal information from children under 13. EPIC's complaints against Facebook's facial recognition system and changes to its privacy settings are still pending before the FTC. Federal Trade Commission: Settlement with Skidekids.com http://www.ftc.gov/opa/2011/11/skidekids.shtm FTC: Judgment Against Skidekids.com (Nov. 9, 2011) http://www.ftc.gov/os/caselist/1123033/111108skidekidscmpt.pdf EPIC: Complaint Against Facebook's Facial Recognition System http://epic.org/redirect/110911-epic-fb-facial-complaint.html EPIC: Complaint Against Facebook's Privacy Policies http://epic.org/privacy/facebook/EPIC_FTC_FB_Complaint.pdf EPIC: Kids' Online Privacy http://epic.org/privacy/kids/default.html Justice Department Revises FOIA Proposal, But Problems Remain In response to widespread criticism from EPIC and other open-government groups, the Department of Justice has agreed to withdraw one of its proposed Freedom of Information Act revisions, which would have allowed the agency to make misrepresentations about the existence of documents subject to the FOIA. In extensive comments to the Justice Department, EPIC stated that the agency's proposal would undermine the FOIA and is contrary to law as well as the views expressed by President Obama and Attorney General Holder. EPIC also pointed to proposed changes that would place new burdens on FOIA requesters, make it more difficult to qualify for educational and news media fee status, allow the Justice Department to terminate FOIA requests, and even destroy records subject to FOIA. EPIC: Comments to DoJ on FOIA Changes (Oct. 18, 2011) http://epic.org/foia/EPIC-DOJ-FOIA-Comments-FINAL.pdf DoJ: Notice of Proposed FOIA Revisions (Sept. 19, 2011) http://www.gpo.gov/fdsys/pkg/FR-2011-09-19/html/2011-23903.htm EPIC: Open Government http://epic.org/privacy/litigation FTC's Final Google Buzz Settlement Fails to Adopt Proposed Safeguards The Federal Trade Commission has finalized a settlement with Google over Google Buzz, the social network service launched by Google in early 2010. The Commission's action against Google followed EPIC's previous complaint, filed on behalf of GMail subscribers and other Internet users. The Google Buzz settlement is far-reaching and bars Google from future privacy misrepresentations, requires Google to implement a comprehensive privacy program, and calls for regular, independent privacy audits for the next 20 years. However, the Commission failed to adopt any of the recommendations submitted during the 30--day public comment process, which generated hundreds of comments. In a letter to EPIC and to others who submitted suggestions, the FTC wrote "the Commission has determined that the public interest would best be served by issuing the Decision and Order in final form without any modifications." EPIC: Google Buzz Complaint http://epic.org/privacy/ftc/googlebuzz/GoogleBuzz_Complaint.pdf FTC: In Re Google Buzz, Decision and Order (Oct. 13, 2011) http://ftc.gov/os/caselist/1023136/111024googlebuzzdo.pdf FTC: Response to EPIC's Google Buzz Settlement Comment (Oct. 13, 2011) http://ftc.gov/os/caselist/1023136/111024googlebuzzepic.pdf EPIC: In re Google Buzz http://epic.org/privacy/ftc/googlebuzz/default.html EPIC: Fix Google Privacy http://epic.org/fixgoogleprivacy/default.php EPIC, Tech Experts Urge Gov't 'Common Rule,' De-identification Research In extensive comments to the US Department of Health and Human Services, Professor Latanya Sweeney, Director of Harvard University's Data Privacy Lab, EPIC, Patient Privacy Rights, and 50 data privacy researchers warned the agency that medical privacy standards for de-identification are "gravely inadequate" and that proposed changes to the Common Rule would deprive the public and policymakers of information about the risks of re-identification. The coalition urged support for stronger techniques for de-identification based on recent a dvances in theoretical computer science. Earlier in 2011, EPIC filed a "friend of the court" brief in the US Supreme Court case IMS Health v. Sorrell, warning that the de-identification technique adopted by data- mining companies was not sufficient to protect patient privacy. Harvard University: Data Privacy Lab Comments (Oct. 26, 2011) http://dataprivacylab.org/projects/irb/DataPrivacyResearchers.pdf Data Privacy Lab: Proposed Changes to the Common Rule http://dataprivacylab.org/prjects/irb.index.html DHHS: Advanced Notice of Proposed Rulemaking http://www.gpo.gov/fdsys/pkg/FR-2011-07-26/pdf/2011-18792.pdf Harvard Center for Computation and Society: Comments (Oct. 26, 2011) http://dataprivacylab.org/projects/irb/Vadhan.pdf EPIC: IMS Health v. Sorrell Amicus Brief http://epic/org/amicus/sorrell/EPIC_amicus_Sorrell_final.pdf EPIC: IMS Health v. Sorrell http://epic.org/privacy/ims_sorrell/ EPIC: Privacy and The Common Rule http://epic.org/privacy/privacy_and_the_common_rule.html EPIC: Medical Record Privacy http://epic.org/privacy/medical/ Report: Internet Privacy Tools Generally Fail to Protect Privacy A recent report by Carnegie Mellon University finds that Internet privacy tools designed to protect consumers from online behavioral advertising are ineffective because they are too difficult to understand and configure. CMU researchers investigated whether users could protect themselves from online tracking by utilizing the privacy settings on popular Web browsers Firefox and Internet Explorer. The report also analyzed the efficacy of four privacy tools, including Adblock Plus and IE9 Tracking Protection. The researchers determined that the browser settings are too confusing for users to make informed decisions on how to use them most effectively. Further, unbeknownst to most users, Internet privacy tools' default settings largely fail at blocking online tracking. "Users' expectations and abilities are not supported by existing approaches," the report concludes, adding that researchers' "results suggest that the current approach for advertising industry self-regulation through opt-out mechanisms is fundamentally flawed." Carnegie Mellon University CyLab: Usability Study (Oct. 31, 2011) http://www.cylab.cmu.edu/files/pdfs/tech_reports/CMUCyLab11017.pdf EPIC: Online Tracking and Behavioral Profiling http://epic.org/privacy/consumer/online_tracking_and_behavioral.html ======================================================================= [7] EPIC Book Review: 'Taking Liberties' ======================================================================= "Taking Liberties: The War on Terror and the Erosion of American Democracy," Susan N. Herman http://epic.org/redirect/110911-taking-liberties-susan-herman.html In her stunning new book, ACLU president Susan Herman personalizes the erosion of post-9/11 US civil liberties into intimate, horrifying stories of Americans caught in the high beams of the so-called "war on terror." Herman never lets her audience forget that assaults on the US Constitution are intimately connected to the fate of individual Americans inadvertently ensnared in the vast, desperate sweep of recent lawmaking and policy. Some of these wrenching and infuriating stories (the former football player locked in solitary confinement after converting to Islam) are familiar to most readers of this book. Others (the college student detained and interrogated for five hours because Arabic flash cards were found in his carry-on) have been less publicized. Herman is a good storyteller and a good moralist; each vignette drives home at least one aspect of the "war on terror's" frenzied overreaching. Herman faults both how post-9/11 policies have been "stretched and exploited" to their breaking points, and the fundamental secrecy and circularity of such policies, which result in Americans forbidden to know what charges are being brought against them or even see evidence of their wrongdoing. As expected, the George W. Bush Administration is the book's primary malefactor. Herman, however, does not absolve Obama's continuation of Bush-era policies; similarly she blames the Clinton Administration for taking the "baby steps" necessary to create and implement the surveillance state of 2011. In fact, Herman is surprisingly sympathetic to Bush et al.'s desperate scramble to create a new national security framework in order to prevent what were perceived as imminent attacks on US soil. As every chapter points out, however, policies created out of fear and good intentions quickly spiral out of control. Herman stresses the personal and intimate aspects of her stories by including photographs of her subjects, as well as copies of official documents, including the now-infamous "naked" body scanner images. It's another means of "putting a human face" on large policy issues, including what an acquaintance of hers called "'that Guantanamo stuff'" and "'that Patriot Act stuff'." In less skilled hands, "Taking Liberties" might leave readers with a feeling of infuriated hopelessness. That's not what Herman wants; an emboldened citizenry is more willing than an embittered one to affect change. Having galvanized her readers, she finally urges them to action: "If we want to keep our privacy, our freedom of speech and thought, and our right to talk back to the government, we need to recommit ourselves to . . . doing our own part to protect and defend the Constitution. After all," she concludes, "any worthwhile relationship takes work." -- EC Rosenberg ================================ EPIC Publications: "Litigation Under the Federal Open Government Laws 2010," edited by Harry A. Hammitt, Marc Rotenberg, John A. Verdi, Ginger McCall, and Mark S. Zaid (EPIC 2010). Price: $75 http://epic.org/bookstore/foia2010/ Litigation Under the Federal Open Government Laws is the most comprehensive, authoritative discussion of the federal open access laws. This updated version includes new material regarding President Obama's 2009 memo on Open Government, Attorney General Holder's March 2009 memo on FOIA Guidance, and the new executive order on declassification. The standard reference work includes in-depth analysis of litigation under: the Freedom of Information Act, the Privacy Act, the Federal Advisory Committee Act, and the Government in the Sunshine Act. The fully updated 2010 volume is the 25th edition of the manual that lawyers, journalists and researchers have relied on for more than 25 years. ================================ "Information Privacy Law: Cases and Materials, Second Edition" Daniel J. Solove, Marc Rotenberg, and Paul Schwartz. (Aspen 2005). Price: $98. http://www.epic.org/redirect/aspen_ipl_casebook.html This clear, comprehensive introduction to the field of information privacy law allows instructors to enliven their teaching of fundamental concepts by addressing both enduring and emerging controversies. The Second Edition addresses numerous rapidly developing areas of privacy law, including: identity theft, government data mining and electronic surveillance law, the Foreign Intelligence Surveillance Act, intelligence sharing, RFID tags, GPS, spyware, web bugs, and more. Information Privacy Law, Second Edition, builds a cohesive foundation for an exciting course in this rapidly evolving area of law. ================================ "Privacy & Human Rights 2006: An International Survey of Privacy Laws and Developments" (EPIC 2007). Price: $75. http://www.epic.org/phr06/ This annual report by EPIC and Privacy International provides an overview of key privacy topics and reviews the state of privacy in over 75 countries around the world. The report outlines legal protections, new challenges, and important issues and events relating to privacy. Privacy & Human Rights 2006 is the most comprehensive report on privacy and data protection ever published. ================================ "The Public Voice WSIS Sourcebook: Perspectives on the World Summit on the Information Society" (EPIC 2004). Price: $40. http://www.epic.org/bookstore/pvsourcebook This resource promotes a dialogue on the issues, the outcomes, and the process of the World Summit on the Information Society (WSIS). This reference guide provides the official UN documents, regional and issue-oriented perspectives, and recommendations and proposals for future action, as well as a useful list of resources and contacts for individuals and organizations that wish to become more involved in the WSIS process. ================================ "The Privacy Law Sourcebook 2004: United States Law, International Law, and Recent Developments," Marc Rotenberg, editor (EPIC 2005). Price: $40. http://www.epic.org/bookstore/pls2004/ The Privacy Law Sourcebook, which has been called the "Physician's Desk Reference" of the privacy world, is the leading resource for students, attorneys, researchers, and journalists interested in pursuing privacy law in the United States and around the world. It includes the full texts of major privacy laws and directives such as the Fair Credit Reporting Act, the Privacy Act, and the OECD Privacy Guidelines, as well as an up-to-date section on recent developments. New materials include the APEC Privacy Framework, the Video Voyeurism Prevention Act, and the CAN-SPAM Act. ================================ "Filters and Freedom 2.0: Free Speech Perspectives on Internet Content Controls" (EPIC 2001). Price: $20. http://www.epic.org/bookstore/filters2.0 A collection of essays, studies, and critiques of Internet content filtering. These papers are instrumental in explaining why filtering threatens free expression. ================================ EPIC publications and other books on privacy, open government, free expression, crypto and governance can be ordered at: EPIC Bookstore http://www.epic.org/bookstore ================================ EPIC also publishes EPIC FOIA Notes, which provides brief summaries of interesting documents obtained from government agencies under the Freedom of Information Act. Subscribe to EPIC FOIA Notes at: http://mailman.epic.org/mailman/listinfo/foia_notes ======================================================================= [8] Upcoming Conferences and Events ======================================================================= Securing Our Rights in the Information-Sharing Era. San Francisco, CA, 1-2 December 2011. For More Information: http://www.rightsworkinggroup.org/securing-our-rights. More Surveillance, More Security? The Landscape of Surveillance in Europe and Challenges to Data Protection and Privacy. Brussels, 4 January 2012. For More Information: sophie.intveld-office@europarl.europa.eu. Computers, Privacy, & Data Protection 2012: European Data Protection: Coming of Age. Brussels, Belgium, 25-27 January 2012, Call for Papers Abstracts Deadline 1 June 2011. For More Information: http://www.cpdpconferences.org. ======================================================================= Join EPIC on Facebook and Twitter ======================================================================= Join the Electronic Privacy Information Center on Facebook and Twitter: http://facebook.com/epicprivacy http://epic.org/facebook http://twitter.com/epicprivacy Join us on Twitter for #privchat, Tuesdays, 11:00am ET. Start a discussion on privacy. Let us know your thoughts. Stay up to date with EPIC's events. Support EPIC. ======================================================================= Privacy Policy ======================================================================= The EPIC Alert mailing list is used only to mail the EPIC Alert and to send notices about EPIC activities. We do not sell, rent or share our mailing list. We also intend to challenge any subpoena or other legal process seeking access to our mailing list. We do not enhance (link to other databases) our mailing list or require your actual name. In the event you wish to subscribe or unsubscribe your e-mail address from this list, please follow the above instructions under "subscription information." ======================================================================= About EPIC ======================================================================= The Electronic Privacy Information Center is a public interest research center in Washington, DC. It was established in 1994 to focus public attention on emerging privacy issues such as the Clipper Chip, the Digital Telephony proposal, national ID cards, medical record privacy, and the collection and sale of personal information. EPIC publishes the EPIC Alert, pursues Freedom of Information Act litigation, and conducts policy research. For more information, see http://www.epic.org or write EPIC, 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009. +1 202 483 1140 (tel), +1 202 483 1248 (fax). ======================================================================= Donate to EPIC ======================================================================= If you'd like to support the work of the Electronic Privacy Information Center, contributions are welcome and fully tax-deductible. Checks should be made out to "EPIC" and sent to 1718 Connecticut Ave. NW, Suite 200, Washington, DC 20009. Or you can contribute online at: http://www.epic.org/donate Your contributions will help support Freedom of Information Act and First Amendment litigation, strong and effective advocacy for the right of privacy and efforts to oppose government regulation of encryption and expanding wiretapping powers. Thank you for your support. ======================================================================= Subscription Information ======================================================================= Subscribe/unsubscribe via web interface: http://mailman.epic.org/mailman/listinfo/epic_news Back issues are available at: http://www.epic.org/alert The EPIC Alert displays best in a fixed-width font, such as Courier. ------------------------- END EPIC Alert 18.22 ------------------------