Focusing public attention on emerging privacy and civil liberties issues

EPIC Alert 19.02

======================================================================= E P I C A l e r t ======================================================================= Volume 19.02 February 2, 2012 ----------------------------------------------------------------------- Published by the Electronic Privacy Information Center (EPIC) Washington, D.C. http://www.epic.org/alert/epic_alert_19.02.html "Defend Privacy. Support EPIC." http://epic.org/donate ======================================================================= Table of Contents ======================================================================= [1] Supreme Court Upholds Fourth Amendment in GPS Tracking Case [2] EPIC Files Suit for Surveillance Documents of WikiLeaks Supporters [3] Google to Consolidate User Data; EPIC Launches 'Good to Really Know' [4] EU Data Commission Announces Comprehensive Privacy Law Revision [5] EPIC Participates in International Data Privacy Conference [6] News in Brief [7] Book Review: 'Configuring the Networked Self' [8] Upcoming Conferences and Events TAKE ACTION: Support EPIC's 'Good to Really Know' Education Campaign! - WATCH the GtRK Video: http://epic.org/redirect/020112-gtrk-video.html - READ EPIC's Letter to the FTC: http://epic.org/redirect/020112-f.html - SUPPORT EPIC: http://www.epic.org/donate/ ======================================================================= [1] Supreme Court Upholds Fourth Amendment in GPS Tracking Case ======================================================================= The US Supreme Court unanimously voted to uphold a lower court decision in US v. Jones, holding that the attachment and use of a GPS car- tracking device constitutes a "search" under the Fourth Amendment. Justice Antonin Scalia delivered the opinion of the Court, joined by Chief Justice John Roberts and Justices Anthony Kennedy, Sonia Sotomayor, and Clarence Thomas. Justice Sotomayor wrote a separate opinion in concurrence. Justice Samuel Alito, joined by Justices Stephen Breyer, Ruth Bader Ginsburg, and Elena Kagan, wrote a separate opinion concurring in the judgment without joining Scalia's majority. Justice Scalia's majority opinion stressed that the government's physical occupation of "private property for the purpose of obtaining information" would have been considered a search "within the meaning of the Fourth Amendment when it was adopted." Scalia emphasized that the holding, while narrow, made clear that the Fourth Amendment, at a minimum, protects from trespassory government searches. Scalia also noted that the property-based Fourth Amendment analysis does not foreclose a more expansive analysis based on the "reasonable expectation of privacy." Justice Alito's concurring opinion argued that the majority's reliance on "18th-century tort law" is ill-suited to the current legal and technological landscape, and concluded that "the use of longer term GPS monitoring in investigations of most offenses impinges on expectations of privacy." Justice Sotomayor's concurring opinion agreed with the majority's conclusion that the property-based analysis represents an "irreducible minimum" of Fourth Amendment protection, but also agreed with Alito's conclusion that "at the very least, 'longer term GPS monitoring in investigations of most offenses impinges on expectations of privacy.'" Sotomayor further noted that "cases involving even short-term monitoring ... require particular attention" because the "government can store such records and efficiently mine them for information years into the future ..." but concluded that the most pressing issue threatening Fourth Amendment protections is the "third party doctrine", which states that "an individual has no reasonable expectation of privacy in information voluntarily disclosed to third parties." EPIC filed a "friend of the court" brief in US v. Jones, urging the Court to limit the scope of pervasive GPS surveillance by upholding robust Fourth Amendment protections. Along with 30 legal and technical experts, EPIC argued that 24-hour GPS surveillance by law enforcement constitutes a "search" under the Fourth Amendment. EPIC argued, "it is critical that police access to GPS tracking [information] be subject to a warrant requirement." EPIC submitted a similar amicus brief in an earlier GPS tracking before the Massachusetts Supreme Judicial Court. In that case, Commonwealth v. Connolly, the Massachusetts high court ruled that police must obtain a warrant before using GPS devices to monitor vehicles. The court also imposed time limits on GPS monitoring, ruling that warrants will expire 15 days after they are issued. US Supreme Court: Opinion in US v. Jones (Jan. 23, 2012) http://www.supremecourt.gov/opinions/11pdf/10-1259.pdf EPIC: US v. Jones http://epic.org/amicus/jones/ EPIC: US v. Jones, "Friend of the Court" Brief http://epic.org/amicus/jones/EPIC_Jones_amicus_final.pdf EPIC: Commonwealth v. Connolly http://epic.org/privacy/connolly/ Jeffrey Rosen: Article in New Republic on Samuel Alito (Jan. 24, 2012) http://epic.org/redirect/020112-nr-rosen-alito.html ======================================================================= [2] EPIC Files Suit for Surveillance Documents of WikiLeaks Supporters ======================================================================= EPIC has filed suit against the Department of Justice and the Federal Bureau of Investigation under the Freedom of Information Act for documents detailing surveillance of WikiLeaks supporters. EPIC is seeking documents that expose government requests for information about users of Facebook, Twitter, PayPal and Visa. After WikiLeaks' November 2010 publication of diplomatic cables, the US government opened investigations of WikiLeaks supporters and pressured many online donation systems, including Amazon and PayPal, to cease processing donations to WikiLeaks. In some cases, the US government attempted to identify users who accessed WikiLeaks documents and to restrict access to the documents. In June 2011, EPIC filed Freedom of Information Act requests with the Department of Justice and the Federal Bureau of Investigation. EPIC sought documents that detailed surveillance of WikiLeaks supporters as well as evidence of law enforcement access to the financial or social networking data of those supporters. EPIC filed suit on January 25, 2012, after the agencies failed to comply with the Freedom of Information Act deadlines. EPIC: EPIC v. DOJ Complaint (Jan. 25, 2011) http://epic.org/redirect/020112-wikileaks-doj-complaint.html EPIC: In re: Twitter (re: WikiLeaks Supporters) http://epic.org/amicus/twitter/wikileaks/default.html EPIC: EPIC v. DHS FOIA Request re: WikiLeaks Supporters (June 2011) http://epic.org/redirect/020112-wikileaks-DHS-foia.html EPIC: Open Government http://epic.org/open_gov/ ======================================================================== [3] Google to Consolidate User Data; EPIC Launches 'Good to Really Know' ======================================================================== Following Google's launch of the "Good to Know" advertising campaign, EPIC has posted "Good to Really Know," a short YouTube video offering viewers practical advice about Internet privacy. The "Good to Really Know" video discusses the basics of Internet tracking and profiling, explaining that search companies track users' IP addresses every time they conduct a search, and that advertisers employ persistent identifiers, or "cookies," to track users on the Internet. EPIC's video also reminds viewers that "It's Your Data" and provides information on how to improve online privacy - for example by avoiding creating user accounts wherever possible. The video also encourages users to protest corporate misuse of their data and press advertisers to ask users' permission before profiling them. The EPIC campaign is a response to Google's multi-million dollar advertising blitz called "Good to Know." EPIC: "Good to Really Know" Video https://www.youtube.com/watch?v=VaxXcENLfWI&feature=youtu.be Google: "Good to Know" http://www.google.com/goodtoknow/ ======================================================================= [4] EU Data Commission Announces Comprehensive Privacy Law Revision ======================================================================= The European Union has announced modernized data protection regulations that will create new privacy rights for EU citizens and raise privacy standards around the world. The previous EU regulations were implemented in 1995, and the new laws will address the technological advancements that have occurred in the intervening 17 years. The updated regulations also will replace the existing patchy data- protection framework, the result of a single legal instrument attempting to address privacy rights for all EU member states. EU Justice Commissioner Viviane Reding explained, "[the] proposal will help build trust in online services because people will be better informed about their rights and in more control of their information." A "mini website," New data protection rules for the digital age," created by the European Commission to explain the new regulations, asserts that 82% of Europeans feel "uneasy about transmitting their data over the Internet." In 2009, EPIC joined 110 other civil society groups and 106 technical and legal experts in endorsing the Madrid Privacy Declaration, which called for the establishment of "a new international framework for privacy protection . . . based on the rule of law, respect for fundamental human rights, and support for democratic institutions." The Declaration also supports Convention 108 of the Council of Europe, which itself seeks to "secure . . . respect for [individual] rights and fundamental freedoms," particularly with respect to privacy. EPIC: EU Data Protection Directive http://epic.org/privacy/intl/eu_data_protection_directive.html European Commission: Web Site on New Data Protection Rules http://ec.europa.eu/justice/data-protection/minisite/users.html European Commission: Press Release on New Rules (Jan. 25, 2012) http://epic.org/redirect/020112-ec-data-press-release.html European Commission: Draft Data Protection Regulation (Jan. 25, 2012) http://epic.org/redirect/020112-ec-draft-regs.html European Commission: Study on EU Data Privacy (Feb. 2008) http://ec.europa.eu/public_opinion/flash/fl_225_sum_en.pdf The Public Voice: Madrid Privacy Declaration (Nov. 2009) http://www.thepublicvoice.org/madrid-declaration/ Council of Europe: Convention 108 (Aug. 2005) http://conventions.coe.int/Treaty/en/Treaties/html/108.htm ======================================================================= [5] EPIC Participates in International Data Privacy Conference ======================================================================= In conjunction with January 28's International Privacy Day, EPIC participated in the Fifth Annual International Computers, Privacy and Data Protection (CPDP) Conference in Brussels, which brings together privacy stakeholders in academia, civil society, government, and industry to discuss the future of international privacy issues. 2012's CDCP Conference focused heavily on the new proposed European data protection regulations. EPIC Executive Director Marc Rotenberg participated in a panel discussion on the proposed modernization of the so-called Convention 108, or the "Convention for the Protection of Individuals with Regard to Automatic Processing of Personal Data," in the face of the IT revolution. Rotenberg reiterated EPIC's support for Convention 108 and also called attention to recent changes that modernize and update the international privacy framework. In 2010, EPIC advisory board members sent a letter to US Secretary of State Hillary Clinton urging the US ratification of the Council of Europe Convention on Privacy. Other panels at CPDP covered topics that included drone surveillance, risk profiling, e-discovery, and breach notification. The conference also featured the presentation of EPIC's 2012 International Privacy Champion Awards, presented to Canadian Privacy Commissioner Jennifer Stoddart and American privacy technologist and activist Christopher Soghoian. Computers, Privacy, and Data Protection Conference 2012 http://www.cpdpconferences.org/ CPDP Conference Program Guide http://www.cpdpconferences.org/Resources/CPDP2012.pdf European Privacy Day 2012 http://europeanprivacyday.org/ EPIC: Press Release on 2012 Int'l Privacy Awards (Jan. 26, 2012) http://epic.org/press/Stoddart-Release-EPIC-Award.pdf EPIC: EU Data Protection Directive http://epic.org/privacy/intl/eu_data_protection_directive.html ======================================================================= [6] News in Brief ======================================================================= EPIC Presents 2012 International Privacy Champion Awards EPIC has awarded the 2012 International Privacy Champion Awards to Canadian Privacy Commissioner Jennifer Stoddart and privacy technologist Christopher Soghoian. EPIC praised Stoddart as a "steadfast defender of privacy" and cited her work to strengthen international collaboration amongst privacy officials. EPIC acknowledged Soghoian as "an expert technologist dedicated to privacy," and cited his ability to combine technical know-how, legal expertise, and clever campaign tactics. Previous award recipients include MEP Sophie in't Veld and digital civil liberties activist Jeff Chester (2011), Australian justice Michael Kirby and Privacy Rights Clearinghouse founder Beth Givens (2010), and Italian jurist and professor Stefano Rodota (2009). EPIC: Champion of Freedom Press Release (Jan. 26, 2012) http://epic.org/press/Stoddart-Release-EPIC-Award.pdf Jennifer Stoddart: Video of Award Acceptance Speech (Jan. 26, 2012) http://epic.org/events/JS-Thank-You.mov Senator Leahy Expresses Support for International Privacy Day Senator Patrick Leahy (D-VT), Chair of the Senate Judiciary Committee, offered a statement commemorating International Privacy Day, which took place January 28. Leahy urged Congress to adopt comprehensive data privacy legislation to "better protect Americans' sensitive personal data and reduce the risk of data security breaches." Leahy also recommended changes to the Electronic Privacy Communications Act, or EPCA, to "reflect the realities of our time" and to "keep us safe from cyber threats." EPIC Executive Director Marc Rotenberg recommended similar updates to EPICA at a January 31 hearing before the Senate Judiciary Committee. Sen. Patrick Leahy: Remarks re: Data Privacy Day (Jan. 24, 2012) http://epic.org/redirect/020112-leahy-privacy-release.html International Computers, Privacy, and Data Protection 2012 Conference http://www.cpdpconferences.org/ International Privacy Day http://www.facebook.com/pages/International-Privacy-Day/264341804606 EPIC: Testimony before Judiciary Committee on ECPA (Jan. 31, 2012) http://epic.org/redirect/020112-epic-ecpa-testimony.html EPIC: Electronic Privacy Communications Act http://epic.org/privacy/ecpa/default.html Supreme Court to Hear 'Dog Sniff' Case on Enhanced Search Techniques The US Supreme Court has decided to review a recent Florida Supreme Court decision, Jardines v. State, which held that law-enforcement's use of a drug-sniffing dog around a suspect's home requires probable cause under the Fourth Amendment. The Court must consider in this case whether previous "dog-sniff" decisions apply equally in the context of the home, which has traditionally enjoyed heightened Fourth Amendment protections. EPIC has argued, particularly in the recent Supreme Court case US v. Jones, that the Fourth Amendment "probable cause" standard should apply in cases where the government uses "enhanced" investigative techniques designed to detect contraband, but are nevertheless imperfect and likely to lead to the exposure of non- contraband and legal conduct. Florida Supreme Court: Decision in Jardines v. State (Apr. 14, 2011) http://www.floridasupremecourt.org/decisions/2011/sc08-2101.pdf US Supreme Court: Certiorari for Jardines v. State (Jan. 6, 2012) http://www.supremecourt.gov/orders/courtorders/010612zr.pdf volokh.com: Article on 'Dog Sniff' Legality (Dec. 27, 2011) http://epic.org/redirect/020112-volokh-dog-sniff.html EPIC: US v. Jones http://epic.org/amicus/jones/ EPIC: US v. Pool http://epic.org/amicus/pool/default.html EPIC: Doe v. Luzerne County http://epic.org/amicus/luzerne/default.html ======================================================================= [7] Book Review: 'Configuring the Networked Self' ======================================================================= "Configuring the Networked Self: Law, Code, and the Play of Everyday Practice," Julie E. Cohen http://epic.org/redirect/020112-configuring-the-networked-cohen.html "Configuring The Networked Self" is a dense, complex, sometimes intellectually frustrating, and highly original book. Georgetown Law School professor Julie Cohen employs the vocabulary and rhetoric of postmodern theory to discuss identity, interpersonal relations, and consciousness - the building blocks of the "self" referred to in the title - in the bodiless space of the online world. The results, particularly around the issue of copyright, are sometimes bewilderingly academic for an audience not well-versed on both legal and social theory; her insights are also frequently refreshing and unexpected. Regardless, readers will come away with a new vantage point on how information is perceived, constructed, and legally codified. Cohen's premise is twofold. First, she asserts, the traditional Internet-based dualities (copyright vs. free information, surveillance and data collection vs. privacy rights) are artificially constructed and outdated. Second, in order to move beyond these constructs we must break down the very essence of what it means to have an identity, or "self", in a society where the boundaries of on-and offline existence are increasingly blurred. Only then can policy makers and scholars provide a solid and rational basis for laws on pressing issues like copyright, identity theft, and privacy. Legally oriented readers skeptical of cultural theoreticians like Michel Foucault and Gilles DeLouze may not be amused by Cohen's liberal usage of postmodern and deconstructionist theories and terminology. Those with little patience for terms like "semantic discontinuity" and "deontological political philosophy" should nevertheless barrel through the rhetoric to get to Cohen's important and original contributions to more accessible theories like the social construct of online privacy and the effect of the "creative commons" on individual productivity. The book is divided into five parts. Part I, "Locating the Networked Self" establishes the basic concept of self, society, and what Cohen calls "play" inside the "networked information society." Parts II-IV, according to Cohen, "investigate . . . legal theory's failure to generate convincing accounts of the relationships between copyright and culture (Part II), privacy and subjectivity (Part III), and network architecture and social ordering (Part IV)." Part V, "Human Flourishing in a Networked World," attempts to draw together these sometimes overly abstract and intellectual concepts into a useable framework that will actually produce policy and legislation. Cohen calls this framework "cultural environmentalism," and saving the networked world's ecosystem from the devastation of monetized identity and creativity won't be easy or immediate; rather, it will require "sweeping changes in the theory and practice of valuing information so that market logics will not push quite as inexorably towards commodification, transparency, and exposure." While this great transformation" currently "seems unthinkable," she concludes, "it is within our reach." -- EC Rosenberg ================================ EPIC Publications: "Litigation Under the Federal Open Government Laws 2010," edited by Harry A. Hammitt, Marc Rotenberg, John A. Verdi, Ginger McCall, and Mark S. Zaid (EPIC 2010). Price: $75 http://epic.org/bookstore/foia2010/ Litigation Under the Federal Open Government Laws is the most comprehensive, authoritative discussion of the federal open access laws. This updated version includes new material regarding President Obama's 2009 memo on Open Government, Attorney General Holder's March 2009 memo on FOIA Guidance, and the new executive order on declassification. The standard reference work includes in-depth analysis of litigation under: the Freedom of Information Act, the Privacy Act, the Federal Advisory Committee Act, and the Government in the Sunshine Act. The fully updated 2010 volume is the 25th edition of the manual that lawyers, journalists and researchers have relied on for more than 25 years. ================================ "Information Privacy Law: Cases and Materials, Second Edition" Daniel J. Solove, Marc Rotenberg, and Paul Schwartz. (Aspen 2005). Price: $98. http://www.epic.org/redirect/aspen_ipl_casebook.html This clear, comprehensive introduction to the field of information privacy law allows instructors to enliven their teaching of fundamental concepts by addressing both enduring and emerging controversies. The Second Edition addresses numerous rapidly developing areas of privacy law, including: identity theft, government data mining and electronic surveillance law, the Foreign Intelligence Surveillance Act, intelligence sharing, RFID tags, GPS, spyware, web bugs, and more. Information Privacy Law, Second Edition, builds a cohesive foundation for an exciting course in this rapidly evolving area of law. ================================ "Privacy & Human Rights 2006: An International Survey of Privacy Laws and Developments" (EPIC 2007). Price: $75. http://www.epic.org/phr06/ This annual report by EPIC and Privacy International provides an overview of key privacy topics and reviews the state of privacy in over 75 countries around the world. The report outlines legal protections, new challenges, and important issues and events relating to privacy. Privacy & Human Rights 2006 is the most comprehensive report on privacy and data protection ever published. ================================ "The Public Voice WSIS Sourcebook: Perspectives on the World Summit on the Information Society" (EPIC 2004). Price: $40. http://www.epic.org/bookstore/pvsourcebook This resource promotes a dialogue on the issues, the outcomes, and the process of the World Summit on the Information Society (WSIS). This reference guide provides the official UN documents, regional and issue-oriented perspectives, and recommendations and proposals for future action, as well as a useful list of resources and contacts for individuals and organizations that wish to become more involved in the WSIS process. ================================ "The Privacy Law Sourcebook 2004: United States Law, International Law, and Recent Developments," Marc Rotenberg, editor (EPIC 2005). Price: $40. http://www.epic.org/bookstore/pls2004/ The Privacy Law Sourcebook, which has been called the "Physician's Desk Reference" of the privacy world, is the leading resource for students, attorneys, researchers, and journalists interested in pursuing privacy law in the United States and around the world. It includes the full texts of major privacy laws and directives such as the Fair Credit Reporting Act, the Privacy Act, and the OECD Privacy Guidelines, as well as an up-to-date section on recent developments. New materials include the APEC Privacy Framework, the Video Voyeurism Prevention Act, and the CAN-SPAM Act. ================================ "Filters and Freedom 2.0: Free Speech Perspectives on Internet Content Controls" (EPIC 2001). Price: $20. http://www.epic.org/bookstore/filters2.0 A collection of essays, studies, and critiques of Internet content filtering. These papers are instrumental in explaining why filtering threatens free expression. ================================ EPIC publications and other books on privacy, open government, free expression, and constitutional values can be ordered at: EPIC Bookstore http://www.epic.org/bookstore ================================ EPIC also publishes EPIC FOIA Notes, which provides brief summaries of interesting documents obtained from government agencies under the Freedom of Information Act. Subscribe to EPIC FOIA Notes at: http://mailman.epic.org/mailman/listinfo/foia_notes ======================================================================= [8] Upcoming Conferences and Events ======================================================================= Platts Smart Grid Data Privacy Symposium. Las Vegas, NV, 16-17 February 2012. For More Information: http://www.platts.com/ConferenceDetail/ 2012/pc217/index. ======================================================================= Join EPIC on Facebook and Twitter ======================================================================= Join the Electronic Privacy Information Center on Facebook and Twitter: http://facebook.com/epicprivacy http://epic.org/facebook http://twitter.com/epicprivacy Join us on Twitter for #privchat, Tuesdays, 11:00am ET. Start a discussion on privacy. Let us know your thoughts. Stay up to date with EPIC's events. Support EPIC. ======================================================================= Privacy Policy ======================================================================= The EPIC Alert mailing list is used only to mail the EPIC Alert and to send notices about EPIC activities. We do not sell, rent or share our mailing list. We also intend to challenge any subpoena or other legal process seeking access to our mailing list. We do not enhance (link to other databases) our mailing list or require your actual name. In the event you wish to subscribe or unsubscribe your e-mail address from this list, please follow the above instructions under "subscription information." ======================================================================= About EPIC ======================================================================= The Electronic Privacy Information Center is a public interest research center in Washington, DC. It was established in 1994 to focus public attention on emerging privacy issues such as the Clipper Chip, the Digital Telephony proposal, national ID cards, medical record privacy, and the collection and sale of personal information. EPIC publishes the EPIC Alert, pursues Freedom of Information Act litigation, and conducts policy research. For more information, see http://www.epic.org or write EPIC, 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009. +1 202 483 1140 (tel), +1 202 483 1248 (fax). ======================================================================= Donate to EPIC ======================================================================= If you'd like to support the work of the Electronic Privacy Information Center, contributions are welcome and fully tax-deductible. Checks should be made out to "EPIC" and sent to 1718 Connecticut Ave. NW, Suite 200, Washington, DC 20009. Or you can contribute online at: http://www.epic.org/donate Your contributions will help support Freedom of Information Act and First Amendment litigation, strong and effective advocacy for the right of privacy and efforts to oppose government regulation of encryption and expanding wiretapping powers. Thank you for your support. ======================================================================= Subscription Information ======================================================================= Subscribe/unsubscribe via web interface: http://mailman.epic.org/mailman/listinfo/epic_news Back issues are available at: http://www.epic.org/alert The EPIC Alert displays best in a fixed-width font, such as Courier. ------------------------- END EPIC Alert 19.02 ------------------------