Focusing public attention on emerging privacy and civil liberties issues

EPIC Alert 19.03

======================================================================= E P I C A l e r t ======================================================================= Volume 19.03 February 16, 2012 ----------------------------------------------------------------------- Published by the Electronic Privacy Information Center (EPIC) Washington, D.C. http://www.epic.org/alert/epic_alert_19.03.html "Defend Privacy. Support EPIC." http://epic.org/donate ======================================================================= Table of Contents ======================================================================= [1] EPIC Sues to Enforce Google Consent Decree [2] Google's Proposed Changes Trigger Privacy Investigations [3] EPIC Testifies Before Congress on Video Privacy Amendments [4] FAA to Assess Safety of Drones in US Airspace [5] DHS Disregards Public Comments, OKs 'Global Entry' Program [6] News in Brief [7] Book Review: 'The Daily You' [8] Upcoming Conferences and Events TAKE ACTION: Support Medical Privacy! Vote 'No' on Unique Patient IDs! - TAKE the WSJ Poll: http://epic.org/redirect/021612-wsj-idpoll.html - READ About Medical Record Privacy: http://epic.org/privacy/medical/ - SUPPORT EPIC: http://www.epic.org/donate/ ======================================================================= [1] EPIC Sues to Enforce Google Consent Decree ======================================================================= EPIC has filed a Complaint with the Federal Trade Commission as well as a Motion for Temporary Restraining Order and Preliminary Injunction in Washington, DC, federal district court. EPIC's motion seeks to compel the Commission to act prior to March 1, when Google officially changes its Terms of Service, thereby enabling the company to combine user data without user consent. EPIC alleges that Google's changes are in clear violation of the consent order that Google entered into in October 2011, which established new privacy safeguards for users of all Google products and services. The consent order arises from a complaint EPIC brought to the Commission in February 2010 over Google's Buzz online service, a similar attempt to combine user data without user consent. EPIC's 2010 complaint highlighted several aspects of Google Buzz that compromised Gmail users' privacy, particularly Buzz's compilation and publicly available display of Gmail users' social networking list. based on address book and Google Chat list contacts. The complaint also alleged that Google had engaged in "unfair and deceptive" trade practices by transforming the Gmail service into a social networking service without offering opt-in consent or other meaningful control over users' own information. On October 13, 2011, having determined that Google's actions violated Section 5 of the Federal Trade Commission Act, the FTC issued a consent order establishing new privacy safeguards for users of all Google products and services; requiring Google to implement a comprehensive privacy policy; and subjecting the company to regular privacy audits. EPIC's latest complaint and motion allege that Google has violated this consent order in several respects. According to EPIC, Google has misrepresented the new Privacy Policy changes by failing to explain the reasons for the company's aggregation of consumer data, nor has Google explained how those changes comply with the US-EU Safe Harbor Framework, which allows US companies to self-certify the transfer of personal data from the EU under EU privacy requirements. Google also failed to seek users' affirmative consent before "any new or additional sharing" of previously collected personal information with a third party. Finally, EPIC's complaint maintains that Google has not implemented a comprehensive privacy program for its products and services. In response to EPIC's complaint and motion to compel, a federal district court judge has ordered an accelerated briefing schedule. The Commission's response to the EPIC briefs is due February 17, and EPIC's subsequent reply is due February 21. The court's deadlines reflect Google's imminent and substantial changes to the company's business practices. Google's initial report detailing the company's compliance with the consent order has also been released. The report, which EPIC had sought under the Freedom of Information Act, raises new questions about Google's apparent failure to comply with the consent order. The order required Google to answer detailed questions about how it protects Google users' personal information; however, Google chose not to answer many of the questions, for example how it complies with the US-EU Safe Harbor Framework, as the consent order requires. Most significantly, Google did not explain to the Commission the user privacy impact of the proposed March 1 changes. EPIC: EPIC v. FTC Complaint re: Google (Feb. 8, 2012) http://epic.org/privacy/ftc/google/EPIC-Complaint-Final.pdf EPIC: Motion for Restraining Order and Injunction (Feb. 8, 2012) http://epic.org/privacy/ftc/google/TRO-Motion-final.pdf Google: Privacy Compliance Report (Jan. 26, 2012) http://epic.org/redirect/021612-google-compliance.html Google: Blog Post on Updating Terms of Service (Jan. 24, 2012) http://epic.org/redirect/021612-google-blog-tos.html EPIC: EPIC v. FTC (Enforcement of Google Consent Order) http://epic.org/privacy/ftc/google/consent-order.html FTC: Press Release on Google Buzz Settlement (March 30, 2011) http://www.ftc.gov/opa/2011/03/google.shtm EPIC: In re Google Buzz http://epic.org/privacy/ftc/googlebuzz/ EPIC: Federal Trade Commission http://epic.org/privacy/internet/ftc/ ======================================================================= [2] Google's Proposed Changes Trigger Privacy Investigations ======================================================================= Leading European Union privacy officials have asked Google "for a pause" in the company's planned consolidation of user data "in the interests of ensuring that there can be no misunderstanding about Google's commitments to the information rights of their users and EU citizens . . ." The EU group has asked the French data protection authority, the CNIL, to take the lead in the effort and to be Google's EU point of contact. EU Commissioner Vivian Reding has also expressed support, tweeting, "Good that Europe's data protection authorities are ensuring @Google's new privacy policy complies with EU law." According to several news report, the Korea Communications Commission (KCC) has initiated an investigation to see if Google's planned policy changes contravene domestic laws on private information protection and open use of the Internet. The US federal government will remain unaffected by the proposed changes, as Google has acknowledged that to combine user data in the manner proposed would violate the terms of the agreements for users of Google Apps for Government (GAFG). The action followed an assessment that stated: "We recommend that Google immediately suspend the application of its new privacy policy to GAFG users. The default setting for GAFG and for all similar services from other vendors should be no information sharing at all between services. Furthermore, Google should clarify where its consumer product line ends and its enterprise products begin. "Government users want to be assured that the cloud services they use are tailored to the unique security and privacy requirements of the public sector. Google could address this concern by issuing Terms of Service for all Google online products guaranteeing public sector users their data will not be cross-referenced, data mined or otherwise used for purposes not originally collected in support of their public sector missions." Article 29 Working Party: Letter to Google (Feb. 2, 2012) http://epic.org/redirect/021612-EU-google-letter.html InformationWeek: Article on Google and EU (Feb. 3, 2012) http://www.informationweek.com/news/government/policy/232600239 Viviane Reding: Twitter Feed http://twitter.com/#!/@VivianeRedingEU Google: Blog Post on Updating Terms of Service (Jan. 24, 2012) http://epic.org/redirect/021612-google-blog-tos.html SafeGov: Blog Post on Google Cloud Security and GAFG (Jan. 25, 2012) http://epic.org/redirect/021612-safegov-gafg-cloud.html ======================================================================= [3] EPIC Testifies Before Congress on Video Privacy Amendments ======================================================================= EPIC Executive Director Marc Rotenberg testified January 31 before the Senate Judiciary Committee about HR 2471, a bill to revise the Video Privacy Protection Act of 1988 (VPPA) so as to make it easier for companies to collect and reuse personal data. EPIC opposed the legislation and recommended instead that an updated video privacy law cover all video service providers, allow users to inspect the information that video providers collect about them as well as the algorithms used to recommend video selections, treat IP addresses and user IDs as "Personally Identifiable Information," inflation-adjust damages provisions for video providers, and require companies to encrypt collected user data. The Video Privacy Protection Act was passed in 1988 in reaction to public disclosure of then-Supreme Court nominee Robert Bork's video rental records. In December 2011, without holding a public hearing, the US House of Representatives passed HR 2471. Supported by Netflix, which intends to disclose its users' rental selections on Facebook, the bill permits video service providers to obtain a one-time blanket consent from renters to disclose their Personally Identifiable Information. In his testimony, EPIC's Rotenberg urged the Senate not to adopt HR 2471 because the amendment "undermines meaningful consent" and does not protect consumer privacy. Rotenberg also warned that once Netflix users give the company blanket permission to disclose their information, Netflix could divulge this information to any party - including law enforcement - at any time. EPIC's testimony underscored that the 1988 Video Privacy Protection Act was a "smart, forward- looking, technology neutral" privacy law that could be modernized to ensure protection of "the collection and use of personal information by companies offering new video services." EPIC has a strong interest in supporting the rights of Internet users to control private companies' disclosure of user data. In 2011, EPIC wrote to House members, urging careful consideration of HR 2471's impact on users of Internet-based services. In 2010, EPIC wrote to the US District Court of Northern California, strongly recommending that the court reject the proposed settlement in Lane v. Facebook, which would have deprived Facebook users of remedies under VPPA; in that same letter EPIC also observed that the settlement would have deprived users of meaningful privacy protections by directing all settlement funds to a Facebook-controlled entity. In 2009, EPIC filed a "friend of the court" brief in Harris v. Blockbuster, advocating that the Fifth Circuit Court of Appeals enforce the VPPA's protections for Facebook users who rented videos from Blockbuster, a Facebook business partner. Facebook users filed the lawsuit after Blockbuster made public consumers' private video rental information. EPIC: Testimony Before US Senate on VPPA (Jan. 31, 2012) http://epic.org/privacy/vppa/EPIC-Senate-VPPA-Testimony.pdf C-SPAN: Senate Judiciary Committee Hearing on VPPA (Jan. 31, 2012) http://epic.org/redirect/021612-senate-vppa-hearing.html EPIC: Video Privacy Protection Act of 1988 http://epic.org/privacy/vppa/ Video Privacy Protection Act of 1988 http://www.law.cornell.edu/uscode/18/2710.html HR 2471: Full Text http://thomas.loc.gov/cgi-bin/query/z?c112:H.R.2471: Netflix: Petition on Facebook/Netflix Sharing http://netflix.www.capwiz.com/netflix/home/ EPIC: Letter to Rep. Mel Watt (D-NC) re: HR 2471 (Dec. 5, 2011) http://epic.org/privacy/vppa/EPIC-on-HR-2471-VPPA.pdf EPIC: Letter to Judge Seeborg re: Lane v. Facebook (Jan. 15, 2010) http://epic.org/privacy/facebook/EPIC_Beacon_Letter.pdf EPIC: Harris v. Blockbuster "Friend of the Court" Brief http://epic.org/amicus/blockbuster/Blockbuster_amicus.pdf ======================================================================= [4] FAA to Assess Safety of Drones in US Airspace ======================================================================= In a 2012 re-authorization bill for the Federal Aviation Administration, Congress has required the agency to develop rules governing the operation of unmanned drones within US national airspace. The FAA's official duties include requirements to promulgate regulations that will ensure a safe and efficient US airspace. The FAA Modernization and Reform Act of 2012 requires the FAA to conduct a public rulemaking that will assess public safety concerns, licensing requirements, flight standards, and air traffic requirements. The FAA Secretary will also undertake safety studies and develop standards for "safe operation" of drones in US airspace. However, the legislation does not consider it necessary to assess the privacy risks of drone deployment. Currently, anyone can apply for a license to operate a drone; the only barriers to operation of unmanned aircraft are procedural requirements that oblige drone operators to obtain operation certificates. The FAA is required to take safety into account when promulgating regulations, and, in some limited circumstances, also must consider the public interest. Additionally, the FAA may, but need not, choose to consider other elements, such as privacy, when implementing regulations. Drones may be equipped with high-resolution cameras and camcorders, license plate readers, and infrared sensors. Many drones possess weapons capabilities. Currently, technology is being developed to outfit drones with facial recognition technology. Domestic drone use has increased dramatically in recent years; the cities of Miami, FL, and Conroe, TX, outside of Houston, have acquired drones for use by law enforcement. The US Bureau of Customs and Border Protection operates 10 Predator drones along US borders. In late 2011, the Bureau found itself embroiled in controversy when it was reported that a drone was loaned to North Dakota law enforcement to locate missing livestock. EPIC: Unmanned Aerial Vehicles (UAVs) and Drones http://epic.org/privacy/drones/ FAA: 2012 Air Transportation Modernization and Safety Improvement Act http://thomas.loc.gov/cgi-bin/bdquery/z?d112:h.r.658: US Customs and Border Protection: Unmanned Aircraft Systems Overview http://epic.org/redirect/0216120-uscbp-uav-overview.html FAA: Fact Sheet on Unmanned Aircraft Systems (UAS) http://www.faa.gov/news/fact_sheets/news_story.cfm?newsId=6287 ======================================================================= [5] DHS Disregards Public Comments, OKs 'Global Entry' Program ======================================================================= The US Bureau of Customs and Border Protection (CBP), a law enforcement agency of the Department of Homeland Security, has issued a final rule approving Global Entry, a traveler-screening program, despite the substantial privacy and security risks brought to the agency's attention. Under the Global Entry program, the CBP would collect detailed personal information about airline passengers, including Social Security numbers and biometric information such as iris scans, which normally would be subject to Privacy Act safeguards. Global Entry allows travelers to expedite their entry into the United States at US partner airports. To participate in the program, travelers must meet specific requirements and undergo pre-screening by the CBP, which will use biometrics "to validate identity." The CBP claims to have legal authority to share travelers' personal information with US law enforcement agencies. In public comments submitted to the agency in 2010, EPIC stressed that the Global Entry program should "(1) provide individuals judicially enforceable rights of access and correction; (2) create suitable retention and disposal standards; (3) limit the distribution of information to only those necessary for the screening process; (4) and respect individuals' rights to their information that is collected and maintained by the agency." EPIC also noted that implementing the Global Entry program without first conducting a Privacy Impact Assessment would violate federal law. Finally, EPIC underscored the importance of a Privacy Impact Assessment, "particularly in light of the fiasco encountered under Clear, a similar registered traveler program." The CPB's final rulemaking, however, rejected EPIC's recommendation that the agency comply with the Privacy Act by limiting the distribution of passenger information to those who need it for screening purposes. Fed. Digital System: Final Rule on Global Entry Program (Feb. 6, 2012) http://www.gpo.gov/fdsys/pkg/FR-2012-02-06/pdf/2012-2470.pdf US Customs and Border Protection: Global Entry http://globalentry.gov/ EPIC: Comments on Establishment of Global Entry (Jan. 19, 2010) http://epic.org/redirect/021612-epic-global-entry-2010.html EPIC: Global Entry http://epic.org/privacy/global_entry/default.html ======================================================================= [6] News in Brief ======================================================================= EPIC Asks Congress to Suspend DHS Social Network Monitoring Program In a Statement for the Record, EPIC has asked the House Committee on Homeland Security to suspend a DHS program that has permitted the agency to gather comments critical of the agency and the government by monitoring social networks and media organizations. The hearing on "DHS Monitoring of Social Networking and Media: Enhancing Intelligence Gathering and Ensuring Privacy" was called after EPIC obtained nearly 3,000 pages of documents detailing the Department of Homeland Security's activities. The documents, obtained via EPIC's Freedom of Information Act lawsuit, include instructions from the DHS to General Dynamics to monitor media reports that "reflect adversely" on the agency or the federal government. EPIC: Statement on DHS Social Media Monitoring (Feb. 16, 2012) http://epic.org/redirect/021612-epic-statement-dhs-media.html US House: Hearing on DHS Social Media Monitoring (Feb. 16, 2012) http://epic.org/redirect/021612-hearing-dhs-media.html EPIC: FOIA Docs on DHS Social Media Monitoring http://epic.org/redirect/021612-epic-foia-dhs-social.html EPIC: EPIC v. DHS (Social Media Monitoring) http://epic.org/foia/epic-v-dhs-media-monitoring/ EPIC Calls for Moratorium on Facial Recognition Technology In detailed comments to the Federal Trade Commission, EPIC has recommended the suspension of facial recognition technology deployment until adequate safeguards and privacy standards are established. EPIC's comments state that the technology poses a risk to privacy and personal security because it "automates the detection and recognition of human faces" and allows strangers to "identify people in circumstances in which they may not choose to reveal their actual identity." EPIC also noted that some companies have adopted techniques that are more favorable to privacy because they allow users to control the image database, while others undermine privacy because the image database is centrally maintained. In 2011, EPIC submitted a complaint to the FTC about Facebook's use of facial recognition technology to build a secret database of users' biometric data and automatically tag users in photos. EPIC's comments also follow an FTC workshop exploring the privacy and security issues raised by facial recognition technology. EPIC: Comments to FTC on Facial Recognition Technology (Jan. 31, 2012) http://epic.org/privacy/facerecognition/EPIC-Face-Facts-Comments.pdf EPIC: Complaint to FTC re: Facebook Facial Recognition (June 10, 2011) http://epic.org/redirect/021612-epic-ftc-fb.html FTC: Workshop on Facial Recognition Technology (Dec. 8, 2011) http://ftc.gov/bcp/workshops/facefacts/ EPIC: Face Recognition http://epic.org/privacy/facerecognition/ EPIC: Facebook and Face Recognition http://epic.org/privacy/facebook/facebook_and_facial_recognitio.html EPIC: Federal Trade Commission http://epic.org/privacy/internet/ftc/ NIST Proposes Governance Structure for Internet User Identities The National Institute of Standards and Technology (NIST) has released a report detailing the governance structure for the White House's National Strategy for Trusted Identities in Cyberspace, or NSTIC. In 2011, EPIC, joined by the Liberty Coalition, submitted comments on the original proposal, emphasizing the need for transparency and balanced representation. NIST adopted many of EPIC's suggestions, including the establishment of a Privacy Coordination Committee. However, the final document disregarded EPIC's recommendation that legislation be enacted to safeguard privacy. NIST: Document on Governance Structure (Feb. 6, 2012) http://www.nist.gov/nstic/2012-nstic-governance-recs.pdf NIST: Press Release on NSTIC Recommendations (Feb. 7, 2012) http://www.nist.gov/itl/nstic-governance-020712.cfm NIST: National Strategy for Trusted Identities in Cyberspace http://www.nist.gov/nstic/ EPIC: Comments on NSTIC Governance Notice of Inquiry (July 22, 2011) http://epic.org/privacy/cybersecurity/NSTICgovNOI_072211_EPIC-LC.pdf EPIC: National Strategy for Trusted Identities in Cyberspace http://epic.org/privacy/nstic.html DHS Privacy Office Recruiting Deputy Chief Privacy Officer The DHS Deputy Chief Privacy Officer leads the development of policies and procedures, and serves as a primary representative to DHS partners and stakeholders with regard to privacy policies at the Department. The Deputy Chief Privacy Officer is responsible for advising the Chief Privacy Officer on department-wide policies and program objectives on matters that pertain to domestic implementation of the requirements of Section 222 of the Homeland Security Act, as amended; the Privacy Act of 1974, as amended; the E-Government Act of 2002; the Recommendations of the 911 Commission Act of 2007; and DHS policies, programs and agreements that promote adherence to fair information practice principles. The incumbent assists the Chief Privacy Officer in overseeing department-wide programs, including responsibilities of reporting to the Secretary and to Congress on privacy initiatives/matters at the Department. The Deputy Chief Privacy Officer contributes expert and authoritative advice to the Chief Privacy Officer, the Secretary, the Deputy Secretary, and other senior Department leadership, as well as to other Federal government leadership on privacy policy development and implementation. The vacancy will close March 14, 2012. Please read the vacancy announcement in its entirety for instructions on how to apply. DHS: Vacancy Announcement for Deputy Chief Privacy Officer http://www.usajobs.gov/GetJob/ViewDetails/308845200 EPIC: DHS Privacy Office http://epic.org/privacy/dhs-cpo.html NYU Privacy Research Fellowship Available for 2012-13 Academic Year The Information Law Institute of NYU's Engelberg Center on Innovation Law and Policy is accepting applications for one or more one-year fellowships in the area of privacy law and policy to begin in Fall 2012. The fellowship is open to law school graduates or PhDs in relevant disciplines with excellent credentials. Additional legal or policy experience is a plus, particularly if in a related field. While in residence at NYU School of Law, the fellow will be expected to devote time to joint projects, pursue his or her own privacy-related research agenda, and help with programming of topical events. Joint research may be supervised by Professors Florencia Marotta-Wurgler, Helen Nissenbaum, Katherine Strandburg, or ILI Senior Fellow Ira Rubinstein. The fellow will have the opportunity to participate in Information Law Institute activities, including the multidisciplinary Privacy Research Group, interact with other faculty associated with the ILI and Engelberg Center, and take part in many other activities at NYU School of Law. Applications should be sent via email to ILI assistant Nicole Arzt (nicole.arzt@nyu.edu) and should include a cover letter, curriculum vitae, copies of or links to any relevant publications, and the names and contact information of three references. We will begin reviewing applications March 10 and continue until the position is filled. The fellowship is made possible by a generous grant from Microsoft Corporation. NYU Information Law Institute: Information about Fellowship http://www.law.nyu.edu/centers/ili/index.htm ======================================================================= [7] Book Review: 'The Daily You' ======================================================================= "The Daily You: How the New Advertising Industry Is Defining Your Identity and Your Worth," Joseph Turow http://epic.org/redirect/021612-the-daily-you-turow.html Are you a behavioral marketer's advertising "target"? Or are you socioeconomic "waste," force-fed a diet of downwardly mobile online content - or perhaps no content at all? Behavioral marketing is based on binary decisions, and it's not a privilege to have your Facebook pages advertising-free. In "The Daily You," University of Pennsylvania Communications professor Joseph Turow stresses that in the Web's increasingly transactional universe, your perceived worth, based in part on your age, income, gender, race, and zip code, your friends, your likes, your worries - basic components of your very identity - are being fractured into innumerable, commodifiable bits. The microtargeting industry - monetizing who, not where, you are online in order to sell to you - is too consolidated, opaque, omnipresent, and lucrative to be easily changed or dismissed. Part of the "creepiness," Turow maintains, is the illusion that having ads and content seemingly created just for you is "exploitation" in the name of "liberation," the result of "a fundamental lack of audience respect on the part of the media-buying system even as its practitioners use the rhetoric of consumer power to hide it." Marketing surveillance is so pervasive, he says, that only years of consumer education and activism will begin to loosen the stranglehold of data brokers, real-time auctioneers, and advertising posing as legitimate content even on "high-end" Web sites. Turow's examples of the dehumanization and disingenuousness of Web marketers desperate for just a few more click-throughs are chilling and deservedly anger-provoking. When new mothers, for instance, visit pampers.com to ask for advice or post photos of their offspring, every keyword and keystroke reduce their maternal anxiety or pride into new real-time opportunities to sell them product, then sell that data to more third parties. Turow's research and reporting are for the most part spot-on, and yet another reminder that our lives, on- or offline, are increasingly not our own. -- EC Rosenberg ================================ EPIC Publications: "Litigation Under the Federal Open Government Laws 2010," edited by Harry A. Hammitt, Marc Rotenberg, John A. Verdi, Ginger McCall, and Mark S. Zaid (EPIC 2010). Price: $75 http://epic.org/bookstore/foia2010/ Litigation Under the Federal Open Government Laws is the most comprehensive, authoritative discussion of the federal open access laws. This updated version includes new material regarding President Obama's 2009 memo on Open Government, Attorney General Holder's March 2009 memo on FOIA Guidance, and the new executive order on declassification. The standard reference work includes in-depth analysis of litigation under: the Freedom of Information Act, the Privacy Act, the Federal Advisory Committee Act, and the Government in the Sunshine Act. The fully updated 2010 volume is the 25th edition of the manual that lawyers, journalists and researchers have relied on for more than 25 years. ================================ "Information Privacy Law: Cases and Materials, Second Edition" Daniel J. Solove, Marc Rotenberg, and Paul Schwartz. (Aspen 2005). Price: $98. http://www.epic.org/redirect/aspen_ipl_casebook.html This clear, comprehensive introduction to the field of information privacy law allows instructors to enliven their teaching of fundamental concepts by addressing both enduring and emerging controversies. The Second Edition addresses numerous rapidly developing areas of privacy law, including: identity theft, government data mining and electronic surveillance law, the Foreign Intelligence Surveillance Act, intelligence sharing, RFID tags, GPS, spyware, web bugs, and more. Information Privacy Law, Second Edition, builds a cohesive foundation for an exciting course in this rapidly evolving area of law. ================================ "Privacy & Human Rights 2006: An International Survey of Privacy Laws and Developments" (EPIC 2007). Price: $75. http://www.epic.org/phr06/ This annual report by EPIC and Privacy International provides an overview of key privacy topics and reviews the state of privacy in over 75 countries around the world. The report outlines legal protections, new challenges, and important issues and events relating to privacy. Privacy & Human Rights 2006 is the most comprehensive report on privacy and data protection ever published. ================================ "The Public Voice WSIS Sourcebook: Perspectives on the World Summit on the Information Society" (EPIC 2004). Price: $40. http://www.epic.org/bookstore/pvsourcebook This resource promotes a dialogue on the issues, the outcomes, and the process of the World Summit on the Information Society (WSIS). This reference guide provides the official UN documents, regional and issue-oriented perspectives, and recommendations and proposals for future action, as well as a useful list of resources and contacts for individuals and organizations that wish to become more involved in the WSIS process. ================================ "The Privacy Law Sourcebook 2004: United States Law, International Law, and Recent Developments," Marc Rotenberg, editor (EPIC 2005). Price: $40. http://www.epic.org/bookstore/pls2004/ The Privacy Law Sourcebook, which has been called the "Physician's Desk Reference" of the privacy world, is the leading resource for students, attorneys, researchers, and journalists interested in pursuing privacy law in the United States and around the world. It includes the full texts of major privacy laws and directives such as the Fair Credit Reporting Act, the Privacy Act, and the OECD Privacy Guidelines, as well as an up-to-date section on recent developments. New materials include the APEC Privacy Framework, the Video Voyeurism Prevention Act, and the CAN-SPAM Act. ================================ "Filters and Freedom 2.0: Free Speech Perspectives on Internet Content Controls" (EPIC 2001). Price: $20. http://www.epic.org/bookstore/filters2.0 A collection of essays, studies, and critiques of Internet content filtering. These papers are instrumental in explaining why filtering threatens free expression. ================================ EPIC publications and other books on privacy, open government, free expression, and constitutional values can be ordered at: EPIC Bookstore http://www.epic.org/bookstore ================================ EPIC also publishes EPIC FOIA Notes, which provides brief summaries of interesting documents obtained from government agencies under the Freedom of Information Act. Subscribe to EPIC FOIA Notes at: http://mailman.epic.org/mailman/listinfo/foia_notes ======================================================================= [8] Upcoming Conferences and Events ======================================================================= Platts Smart Grid Data Privacy Symposium. Las Vegas, NV, 16-17 February 2012. For More Information: http://www.platts.com/ConferenceDetail/ 2012/pc217/index. ======================================================================= Join EPIC on Facebook and Twitter ======================================================================= Join the Electronic Privacy Information Center on Facebook and Twitter: http://facebook.com/epicprivacy http://epic.org/facebook http://twitter.com/epicprivacy Join us on Twitter for #privchat, Tuesdays, 11:00am ET. Start a discussion on privacy. Let us know your thoughts. Stay up to date with EPIC's events. Support EPIC. ======================================================================= Privacy Policy ======================================================================= The EPIC Alert mailing list is used only to mail the EPIC Alert and to send notices about EPIC activities. We do not sell, rent or share our mailing list. We also intend to challenge any subpoena or other legal process seeking access to our mailing list. We do not enhance (link to other databases) our mailing list or require your actual name. In the event you wish to subscribe or unsubscribe your e-mail address from this list, please follow the above instructions under "subscription information." ======================================================================= About EPIC ======================================================================= The Electronic Privacy Information Center is a public interest research center in Washington, DC. It was established in 1994 to focus public attention on emerging privacy issues such as the Clipper Chip, the Digital Telephony proposal, national ID cards, medical record privacy, and the collection and sale of personal information. EPIC publishes the EPIC Alert, pursues Freedom of Information Act litigation, and conducts policy research. For more information, see http://www.epic.org or write EPIC, 1718 Connecticut Ave. NW, Suite 200, Washington, DC 20009. +1 202 483 1140 (tel), +1 202 483 1248 (fax). ======================================================================= Donate to EPIC ======================================================================= If you'd like to support the work of the Electronic Privacy Information Center, contributions are welcome and fully tax-deductible. Checks should be made out to "EPIC" and sent to 1718 Connecticut Ave. NW, Suite 200, Washington, DC 20009. Or you can contribute online at: http://www.epic.org/donate Your contributions will help support Freedom of Information Act and First Amendment litigation, strong and effective advocacy for the right of privacy and efforts to oppose government regulation of encryption and expanding wiretapping powers. Thank you for your support. ======================================================================= Subscription Information ======================================================================= Subscribe/unsubscribe via web interface: http://mailman.epic.org/mailman/listinfo/epic_news Back issues are available at: http://www.epic.org/alert The EPIC Alert displays best in a fixed-width font, such as Courier. ------------------------- END EPIC Alert 19.03 ------------------------