Focusing public attention on emerging privacy and civil liberties issues

EPIC Alert 19.10

======================================================================= E P I C A l e r t ======================================================================= Volume 19.10 May 29, 2012 ----------------------------------------------------------------------- Published by the Electronic Privacy Information Center (EPIC) Washington, D.C. http://www.epic.org/alert/epic_alert_19.10.html "Defend Privacy. Support EPIC." http://epic.org/donate ======================================================================= Table of Contents ======================================================================= [1] Rejecting EPIC's Arguments, Federal Appeals Court Sides with NSA [2] EPIC Offers Privacy Act Update Recommendations to Senate [3] House Approves Measures Limiting Drone Surveillance [4] Privacy Board Approved by Judiciary Committee; Vote Moves to Senate [5] After Street View Decision, Sen. Durbin Calls for Wiretap Law Update [7] EPIC in the News [8] Book Review: 'Doing Recent History' [9] Upcoming Conferences and Events REGISTER NOW! EPIC Annual Champion of Freedom Awards Dinner, with Host Dahlia Lithwick and Champion of Freedom Award recipients Senator Al Franken, Judge Alex Kozinski, and Washington Post reporter Dana Priest. June 11, 2012, The Fairfax at Embassy Row, Washington, DC. For More Information: http://epic.org/june11/. To Register for the Dinner: http://epic.org/redirect/052912-2012-champions-dinner-registration. ======================================================================= [1] Rejecting EPIC's Arguments, Federal Appeals Court Sides with NSA ======================================================================= The DC Circuit Court of Appeals has ruled that the National Security Agency need neither "confirm nor deny" the existence of any records about the agency's relationship with Google, even after such a collaboration was widely reported in the national media in early 2010. EPIC filed a Freedom of Information Act request with the NSA following a cyber-attack in January 2010 that, according to news stories, led Google to contact the NSA. The NSA refused to perform the requested FOIA search, stating that it could "neither confirm nor deny" the existence of responsive records and claiming that such information is exempt from disclosure under the NSA Act. EPIC subsequently challenged this "Glomar" response in DC District Court, arguing that the agency had a responsibility to perform a search and locate all records subject to the request. The lower court, however, ruled in favor of the NSA. EPIC then sought the judgment of the DC Circuit Court of Appeals. In oral argument in March 2012, EPIC highlighted the public nature of the NSA's relationship with Google and the fact that the agency failed to perform any actual search for documents. EPIC Executive Director Marc Rotenberg argued that the NSA's "Glomar response" was improper in this case, and that the Freedom of Information Act requires the agency to search for and release responsive records. Rotenberg also contended that the NSA had previously made public its views on the security of Google services, and thus could not deny the existence of related records. The government's attorney argued that the agency can neither confirm nor deny the existence of responsive records because the NSA Act protects the agency's "functions and activities" from disclosure. The DC Appeals Court upheld the ruling in favor of the NSA, stating that "If NSA disclosed whether there are (or are not) records of a partnership or communications between Google and NSA regarding Google's security, that disclosure might reveal whether NSA investigated the threat, deemed the threat a concern to the security of U.S. Government information systems, or took any measures in response to the threat." EPIC has several other pending FOIA matters concerning the NSA, including "Perfect Citizen," Internet wiretapping, and even the NSA's own legal authority, which the agency has refused to release to the public. DC Circuit Court of Appeals: Opinion in EPIC v. NSA (May 11, 2012) http://epic.org/foia/nsa/EPIC-v-NSA-DCCir-2012.pdf EPIC: Reply Brief in EPIC v. NSA (Feb. 16, 2012) http://epic.org/privacy/nsa/foia/EPIC-v-NSA-Reply-Final.pdf EPIC: Opening Brief in EPIC v. NSA (Jan. 3, 2012) http://epic.org/privacy/nsa/foia/EPIC-v-NSA-OB-FINAL.pdf Joint Appendix (Jan. 3, 2012) http://epic.org/privacy/nsa/foia/EPIC-v-NSA-Joint-Appendix.pdf NSA's Opening Brief (Jan. 26, 2012) http://epic.org/privacy/nsa/foia/NSA-Brief.pdf EPIC: Brief Submitted in EPIC v. NSA (July 8, 2011) https://ecf.dcd.uscourts.gov/cgibin/show_public_doc?2010cv1533-15 EPIC: EPIC v. NSA (Sept. 13, 2010) http://epic.org/foia/epic_v_nsa_google.html EPIC: FOIA Request to NSA (Feb. 4, 2010) http://epic.org/privacy/nsa/foia/NSA-Google_FOIA_Request.pdf EPIC: EPIC v. NSA (Google/NSA Relationship) http://epic.org/foia/epic_v_nsa_google.html ======================================================================= [2] EPIC Offers Privacy Act Update Recommendations to Senate ======================================================================= Following the Supreme Court's recent decision in FAA v. Cooper, EPIC has recommended proposed changes to the Privacy Act that would compensate individuals for provable nonpecuniary harms caused by willful violations of the Act. Specifically, EPIC has proposed that the Privacy Act explicitly define "actual damages" to include provable mental and emotional distress. In the Cooper decision, the Court held that the Privacy Act "does not unequivocally authorize" compensatory damages for mental or emotional distress. EPIC's recommendation follows an earlier request from Senator Daniel Akaka (D-HI) for comment on S.B.1732, the "Privacy Act Modernization for the Information Age Act of 2011," which Senator Akaka had proposed before the FAA v. Cooper decision. The bill, which includes major updates to the Privacy Act, seeks to set remedies to issues caused by the "expansion of technology and the proliferation of personally identifiable information in the hands of government agencies," In light of the Court's FAA v. Cooper decision, however, EPIC advised that the Privacy Act Modernization bill unequivocally compensate individuals for provable nonpecuniary harms. EPIC's recommendations note that "[b]y not compensating for serious harms arising from Privacy Act violations, government agencies have little incentive to thwart willful and intentional violations that lead to mental and emotional distress." EPIC also stated that explicitly defining "actual damages" to include provable, nonpecuniary harms, or replacing "actual damages" with "provable damages, including nonpecuniary damages," would resolve any ambiguity regarding individuals' rights to compensatory damages under the Privacy Act Modernization bill. EPIC has a longstanding interest in defending Privacy Act rights. EPIC filed a "friend of the court" brief in FAA v. Cooper, arguing that Congress intended the Privacy Act to provide robust and comprehensive protections for individual privacy. EPIC also filed a brief in in the 2004 case Doe v. Chao, arguing that the award of actual damages in compensation for Social Security Number disclosure under the Privacy Act should be triggered not by a showing of specific monetary damages, but by a showing of adverse effect to the individual, defined as risk of SSN misuse. EPIC: Supplemental Letter on Privacy Act Bill (May 14, 2012) http://epic.org/redirect/052912-epic-privacy-act-supplement.html EPIC: Letter on Privacy Act Modernization Bill (Mar. 27, 2012) http://epic.org/redirect/052912-epic-privacy-act-letter.html US Senate: Privacy Act Modernization Bill of 2011 http://epic.org/redirect/052912-senate-privacy-update.html Senator Daniel Akaka (D-HI) http://akaka.senate.gov/ US Supreme Court: Decision in FAA v. Cooper (Mar. 28, 2012) http://www.supremecourt.gov/opinions/11pdf/10-1024.pdf EPIC: "Friend of the Court" Brief in FAA v. Cooper (Oct. 4, 2011) http://epic.org/amicus/cooper/Cooper-EPIC-Brief.pdf EPIC: FAA v. Cooper http://epic.org/amicus/cooper/ EPIC: The Privacy Act of 1974 http://epic.org/privacy/1974act/ EPIC: Doe v. Chao http://epic.org/privacy/chao/ EPIC: EPIC Administrative Procedure Act Comments http://epic.org/apa/comments/default.html ======================================================================== [3] House Approves Measures Limiting Drone Surveillance ======================================================================== The US House of Representatives has approved an amendment, introduced by Congressman Jeff Landry (R-LA), to the National Defense Authorization Act, prohibiting warrantless information collected by Department of Defense drones from being used as evidence in court. The House amendment was introduced shortly after the US Air Force published an updated oversight manual. The manual indicated that the Air Force might retain, at least temporarily, information collected "accidentally" by drones inside the US. According to the manual, if the Air Force is not able to retain the information permanently, the procedures allow it to transfer information to other government agencies, even if the receiving entity would be legally unable to collect the data independently. New legislation requires the Federal Aviation Administration to develop rules governing the operation of drones in US national airspace. However, to date the FAA has failed to establish privacy safeguards for drone use. In February, EPIC, joined by over 100 organizations, technical experts, and members of the public, submitted a petition to the FAA requesting a public rulemaking on the privacy impact of drone use in US airspace. The petition is still pending with the agency. According to EPIC's petition, drones pose a unique threat to privacy because of their small size and sophisticated technical capabilities. Many drones have been outfitted with surveillance equipment, including ultra-high definition cameras, thermal and infrared imaging, and automated license plate readers. "[T]he privacy threat posed by the deployment of drone aircraft in the United States is great. The public should be given the opportunity to comment on this developments," EPIC's petition asserts. EPIC: Petition to the FAA on Drones and Privacy (Feb. 24, 2012) http://epic.org/privacy/drones/FAA-553e-Petition-03-08-12.pdf EPIC: Unmanned Aerial Vehicles (UAVs) and Drones http://epic.org/privacy/drones/ FAA: 2012 Air Transportation Modernization and Safety Improvement Act http://thomas.loc.gov/cgi-bin/query/z?c112:H.R.658: FAA: "FAA Makes Progress with UAS Integration" (May 14, 2012) http://www.faa.gov/news/updates/?newsId=68004 US House: National Defense Authorization Act of 2013 http://epic.org/redirect/052912-house-2013-defense-auth.html US Air Force: Oversight of Intelligence Activities (Apr. 23, 2012) http://www.fas.org/irp/doddir/usaf/afi14-104.pdf ======================================================================= [4] Privacy Board Approved by Judiciary Committee, Vote Moves to Senate ======================================================================= The US Senate Judiciary Committee has approved President Obama's five nominees for the Privacy and Civil Liberties Oversight Board (PCLOB). The PCLOB is an independent oversight board responsible for analyzing and reviewing the privacy and civil liberties implications of executive and congressional actions designed to protect the nation from terrorism. PCLOB's mandate is to ensure that privacy and civil liberties interests are properly weighed in governmental national security decisions. The PCLOB was established inside the executive branch in 2004, but was reconstituted as an independent agency in 2007. As currently configured, the PCLOB consists of a five-member board, subject to Senate approval, which will serve six-year terms. The PCLOB is responsible for a broad range of oversight tasks, including reviewing and advising the President on all proposed and existing laws, regulations, and policies related to terrorism. Three members were nominated to the PCLOB in February 2008, but the 110th Congress took no action on these nominations. As a result, PCLOB has been dormant since 2007. President Obama nominated five new members in 2011, and the Senate Judiciary Committee has approved them. The nominations will now move to the Senate floor for a final vote. Senator Patrick Leahy (D-VT) has stated that the PCLOB "is an important guardian of Americans' privacy rights and civil liberties," adding that Senate approval of the PCLOB members is essential to "ensure that our fundamental rights and liberties would be preserved," and the Senate should move quickly to confirm the nominees. Sen. Patrick Leahy: Statement on PCLOB (May 17, 2012) http://epic.org/redirect/052912-leahy-pclob-statement.html US Senate Judiciary Committee: PCLOB Nominees (May 17, 2012) http://www.judiciary.senate.gov/ Congressional Research Service: Status of PCLOB (Nov. 14, 2011) http://www.fas.org/sgp/crs/misc/RL34385.pdf Marc Rotenberg: Paper on Institutional Privacy Oversight (Sept. 2006) http://papers.ssrn.com/sol3/papers.cfm?abstract_id=933690 ======================================================================== [5] After Street View Decision, Sen. Durbin Calls for Wiretap Law Update ======================================================================== During a May 9 hearing with Federal Communications Commission Chairman Julius Genachowski, Sen. Dick Durbin (D-IL) criticized the agency's decision to issue a fine of only $25,000 against Google, following the investigation of Google's Street View data collection. Both Durbin and Genachowski agreed, however, that Google's interception and collection of private Wi-Fi communication was a clear violation of privacy. Senator Durbin also asked the FCC to provide the legal memoranda supporting the FCC's decision to find Google not guilty of violating the Communications Act. Beginning in May 2007 Google deployed vehicles equipped with digital cameras and other devices to capture images in designated locations in 30 countries worldwide. Using hidden Internet receivers, Google "Street View" vehicles also collected a vast amount of data from users of private Wi-Fi networks in homes and businesses. Google collected MAC addresses (unique device IDs for Wi-Fi hotspots), network SSIDs (user- assigned network ID names) tied to location information for private wireless networks, and Wi-Fi "payload" data, which included emails, passwords, usernames and website URLs. EPIC wrote to the FCC in May 2010, urging the Commission to undertake an investigation into Street View collection practices. EPIC's letter explained that, but for the efforts of German data protection authorities, Google's Wi-Fi interception might never have been revealed, and that Google's actions "could easily constitute a violation of Title III of the [Wiretap Act]." Earlier in 2012 the FCC closed the investigation by fining Google $25,000 for delaying the "search for and production of responsive emails and other communications, . . . failing to identify employees, and . . . withholding verification of the completeness and accuracy of its submissions." Following the FCC's determination, EPIC wrote a letter to Attorney General Eric Holder asking the Department of Justice to investigate Google's collection of private Wi-Fi data. In response to Durbin's criticism, Genachowski defended the agency's decision but agreed that "'the law should protect people even if they have unencrypted Wi-Fi.'" Durbin said that he would consider changes to the Wiretap Act if necessary. A California district court has already applied the Wiretap Act's protections to home Wi-Fi transmissions: In the case Joffe v. Google, Google argued that the Wiretap Act prohibitions should not apply to the company's interception of Wi-Fi payload data because the networks were unencrypted and thus "configured so that such electronic communication is readily accessible to the general public." The California court rejected Google's argument and held that unencrypted wireless network communications are not exempt from protection under the Wiretap Act. EPIC provided a detailed amicus brief in Joffe v. Google, explaining the significant privacy interests in residential Wi-Fi networks and also how the Congress that adopted the 1986 "ECPA" amendments to the federal wiretap act intended to protect such communications. EPIC is also pursuing a Freedom of Information Act request with the FCC to determine why the agency failed to find that Google had violated the privacy provisions in the federal Communications Act. US Senate Appropriations Committee: FCC Budget (begins at 64:20) http://epic.org/redirect/052912-senate-fcc-budget.html FCC: Notice of Apparent Liability (Apr. 13, 2012) http://epic.org/privacy/streetview/FCC-Google-SV-Enforcement.pdf FCC: Notice of Apparent Liability (unredacted) (Apr. 13, 2012) http://www.latimes.com/media/acrobat/2012-04/69642037.pdf EPIC: Letter to DOJ re: Street View (Apr. 17, 2012) http://epic.org/redirect/042512-epic-doj-letter-sv.html EPIC: FCC FOIA Request to FCC re: Street View (Apr. 18, 2012) http://epic.org/foia/EPIC-FCC-Google-Request-04-18-12.pdf Google: Response to FCC re: Street View (Apr. 26, 2012) http://epic.org/redirect/052912-google-fcc-response.html EPIC: Letter to FCC Requesting Street View Investigation (May 21, 2010) http://epic.org/redirect/052912-epic-2010-streetview-letter.html EPIC: FCC Investigation of Google Street View http://epic.org/privacy/google/fcc_investigation_of_google_st.html EPIC: Investigations of Google Street View http://epic.org/privacy/streetview/ EPIC: Ben Joffe v. Google http://epic.org/amicus/google-street-view/ ======================================================================== [6] News in Brief ======================================================================== EPIC Calls for Genetic Privacy Protections EPIC has submitted comments to the Presidential Commission for the Study of Bioethical Issues, urging the advisory panel to protect genetic privacy in large-scale human genome sequencing data. The Commission requested comments pertaining to the "privacy of individuals, research subjects, patients, and their families" as the government moves closer to large-scale human genome sequencing. EPIC Advisory Board member Professor Anita L. Allen serves as a Commissioner for the Presidential advisory panel. EPIC recommended that the Commission build upon genetic privacy and medical laws such as the Genetic Information Nondiscrimination Act (GINA) and the Health Insurance Portability and Accountability (HIPAA) Privacy Rule to protect genetic data. EPIC also recommended that individuals should be given property rights over their genetic data. EPIC: Comments to Bioethics Commission on Genetic Privacy (May 25, 2012) http://epic.org/privacy/genetic/EPIC-Human-Gene-Seq-Data-Comments.pdf Presidential Commission for the Study of Bioethical Issues http://www.bioethics.gov/ Federal Register: RFC on Bioethics of Genome Project (Mar. 27, 2012) http://epic.org/redirect/052912-fed-rfc-bioethics.html EPIC: Genetic Privacy http://epic.org/privacy/genetic/ EPIC: Medical Record Privacy http://epic.org/privacy/medical/ EPIC to Testify Before House on Foreign Intelligence Surveillance Act EPIC Executive Director Marc Rotenberg is scheduled to testify May 31 before the House Judiciary Committee at a hearing about the FISA Amendments Act of 2008. EPIC has been a vocal critic of FISA, the Foreign Intelligence Surveillance Court (FISC) and the PATRIOT Act since their passage in the early 2000s, and has frequently suggested amendments and modifications to the laws. House Judiciary Committee: Hearing on FISA Amendments (May 31, 2012) http://epic.org/redirect/052912-epic-house-fisa.html US House Judiciary Committee: http://judiciary.house.gov/ FISA Amendments Act of 2008 (HR 6304) http://thomas.loc.gov/cgi-bin/query/z?c110:H.R.6304: EPIC: Foreign Intelligence Surveillance Act (FISA) http://epic.org/privacy/terrorism/fisa/ EPIC: Foreign Intelligence Surveillance Court http://epic.org/privacy/terrorism/fisa/fisc.html EPIC: Wiretapping http://epic.org/privacy/wiretap/ Facebook Users Force Vote on Privacy Changes Facebook users have registered enough comments on Facebook's proposed privacy changes to force a vote on the issue. A provision in Facebook's Statement of Rights and Responsibilities states that Facebook will allow users to vote on proposed alternatives if more than 7,000 users comment on a proposed change. The vote is binding if "more than 30 percent of all active registered users as of the date of the notice vote." Facebook's Data Use Policy accumulated 10,500 comments in English, while the group Europe v. Facebook generated 30,000 comments on the German-language version of the page. In 2011 the FTC issued a proposed settlement with Facebook, following complaints filed by EPIC and other consumer and privacy organizations in 2009 and 2010. The settlement bars Facebook from changing privacy settings without users' affirmative consent or misrepresenting the privacy or security of users' personal information. CNET: "Vote Likely on Facebook Changes" (May 21, 2012) http://epic.org/redirect/052912-fb-privacy-petition.html Facebook: Statement of Rights and Responsibilities https://www.facebook.com/legal/terms Europe v. Facebook http://www.europe-v-facebook.org/ FTC: Facebook Settlement (Nov. 29. 2011) http://ftc.gov/opa/2011/11/privacysettlement.shtm EPIC: 2009 FTC Complaint re: Facebook (Dec. 17, 2009) http://epic.org/privacy/inrefacebook/EPIC-FacebookComplaint.pdf EPIC: 2010 FTC Complaint re: Facebook (May 5, 2010) http://epic.org/privacy/facebook/EPIC_FTC_FB_Complaint.pdf EPIC: Facebook Privacy http://epic.org/privacy/facebook/ EPIC: Facebook Settlement http://epic.org/privacy/ftc/facebook/ EPIC Supports Geolocation Privacy Act, Suggests Improvements EPIC has submitted a statement to the House Judiciary Committee's Subcommittee on Crime, Terrorism, and Homeland Security about the importance of protecting the location information of increasingly ubiquitous mobile devices. The topic of the Subcommittee's hearing, the "Geolocational Privacy and Surveillance Act of 2011" (also known as the "GPS Act"), establishes legal protections against the unauthorized interception, use, and disclosure of location information. EPIC's statement noted that the law establishes a warrant requirement for law enforcement collection of location information. The statement also stresses that the Act should have provisions for the "private right of action" in order to ensure compliance and enforcement, and recommends that the Act include use limitations on collected data, as well as a clarification of consent and public information exceptions. US House Judiciary Committee: Hearing on "GPS Act" (May 17, 2012) http://epic.org/redirect/052912-house-gps-act.html EPIC: Statement on GPS Act (May 17, 2012) http://epic.org/redirect/052912-epic-gps-statement.html EPIC: Locational Privacy http://epic.org/privacy/locaiton_privacy/ EPIC: United States v. Jones http://epic.org/amicus/jones/ EPIC: In re Historic Cell-Site Location Information http://epic.org/amicus/location/cell-phone-tracking/ EPIC Calls for Privacy Protections in Advance of FTC Mobile Ad Workshop EPIC has submitted comments to the Federal Trade Commission for the agency's May 30 workshop on mobile advertising disclosures. EPIC's comments recommend that the workshop focus on the development of substantive privacy protections similar to the White House's 2012 "Consumer Privacy Bill of Rights." The comments also encourage workshop participants to address the limitations of the "notice and consent" approach to mobile privacy, as well as the merits of innovative consumer-psychology-based and nonverbal approaches proposed by privacy scholars. The workshop follows an FTC report calling for privacy legislation and an investigation that documented privacy problems with mobile applications for children. EPIC: Comments on FTC Workshop (May 11, 2012) http://epic.org/privacy/ftc/EPIC-FTC-Ad-Disclosures-FINAL.pdf FTC: Press Release on Mobile Advertising Disclosure Workshop (May 2, 2012) http://www.ftc.gov/opa/2012/05/dotcom_ma.shtm The White House: 2012 Consumer Privacy Bill of Rights http://www.whitehouse.gov/sites/default/files/privacy-final.pdf FTC: 2012 Privacy Report (Mar. 26, 2012) http://www.ftc.gov/os/2012/03/120326privacyreport.pdf FTC: Investigation into Childrens' Mobile Apps (Mar. 26, 2012) http://www.ftc.gov/os/2012/03/120326privacyreport.pdf EPIC: Federal Trade Commission http://epic.org/privacy/internet/ftc/ EPIC: Children's Online Privacy http://epic.org/privacy/kids/default.html EPIC: Mobile and Locational Privacy http://epic.org/privacy/location_privacy/apple.html ======================================================================= [7] EPIC in the News ======================================================================= "Some Keywords Prompt Government Spying Online (Like 'Cloud' and 'Wave')." Gather.com, May 28, 2012. http://news.gather.com/viewArticle.action?articleId=281474981361102 "Dept. of Homeland Security Forced to Release List of Keywords Used to Monitor Social Networking Sites." Forbes, May 26, 2012. http://epic.org/redirect/052912-forbes-dhs-keywords.html "Study: Patriot Act gives US government no special acess to cloud data." PC Advisor UK, May 23, 2012. http://epic.org/redirect/052312-pcexaminer-patriot-cloud.html "Ten Myths About Drones." The Huffington Post, May 23, 2012. http://www.huffingtonpost.com/ryan-calo/drones-myths_b_1537040.html "EPIC Urges the Drug Enforcement Administration to Uphold Privacy Act Protections." JD Supra, May 22, 2012. http://epic.org/redirect/052912-jdsupra-epic-dea.html "Drones pose a threat to Americans' Privacy." The Washington Examiner, May 22, 2012. http://epic.org/redirect/052312-wexaminer-drones.html "Social Network Pumps Up Lobbying." The Wall Street Journal, May 19, 2012. http://epic.org/redirect/052312-wsj-google-lobby.html "Court Rules NSA Doesn't Have To Reveal Its Semi-Secret Relationship With Google." Forbes, May 11, 2012. http://epic.org/redirect/052312-forbes-google-nsa.html For More EPIC in the News: http://epic.org/news/epic_in_news.html ======================================================================= [8] Book Review: 'Doing Recent History' ======================================================================= "Doing Recent History: On Privacy, Copyright, Video Games, Institutional Review Boards, Activist Scholarship, and History that Talks Back," Claire Bond Potter and Renee C. Romano http://epic.org/redirect/052912-doing-recent-history-potter-romano.html Scholars of recent history are like adolescents, caught between the tight supervision of Institutional Review Boards and the freewheeling historical research only possible when everyone involved is dead. But when research subjects are still alive and research is digitized and made public, where does academic free speech leave off and a subject's privacy begin? Digital privacy is commonly viewed as a conflict between civil liberties and big government or big business, but the products of "big academia" - large research institutions desperate to retain grant money and intellectual prestige - can be just as damaging to long-term individual privacy. The editors and contributors of "Doing Recent History," all passionate modern historians themselves, have no good answers other than to welcome online documentation as both the vehicle and subject of modern history, and in so doing take a "first step toward opening fruitful conversations about both the difficulties and rewards" of writing living history in a previously analog world suddenly made digital. "Privacy" gets top billing in the book's subtitle, but actually very little of this academically oriented but lively and surprisingly light-handed volume is actually about privacy in the literal sense. Nevertheless, privacy issues are unavoidable in contemporary academia, the most pervasive being the increasing ubiquity and persistence of digital media at universities, and the resulting effects on researcher, subject, and archivist. While it's common knowledge (or should be) on campus that Facebook status messages and Google search histories are stored indefinitely on corporate servers, both academic researchers and their research subjects or "informants" - including professors exchanging disgruntled emails over research ownership - may not make the connection between the private sector and the university. This lack of foresight clearly has consequences. What if, as the chapter "The Presence of the Past" suggests, researchers come to radically different conclusions during the course of their careers - and yet can't go online and erase the spread of their previous work? The chapter "Opening the Archives on the Recent American Past" is a disturbing example of the intimate privacy repercussions of digital archiving. In the 1960s, research was conducted on the familial configurations, employment, health, and sex lives of a group of African-American families in Birmingham, AL. Much of the data collected was personal and potentially embarrassing, and many of the individuals studied are still very much alive. Recently these nominally redacted documents (e.g., "'[redacted] is a very alert and curious boy . . . He sets a very good example for [redacted] and [redacted] . . . He is particularly good with [redacted].'") were placed on the University of North Carolina at Chapel Hill's website, largely without context. Were the subjects' academic records suddenly covered under FERPA, or their medical records under HIPAA? As is the case with bureaucracies and privacy policies, the solutions - at least for now - involve consent, privacy law, and long documents that no subjects ever expected to sign. "Doing Recent History" is edgy, involving, and, yes, very modern: Chapter topics include the importance of watching broadcast TV news, 21st-century history as told through violent video games, researching religious cults, and how the aging radical feminists of the 1970s have had to make peace with the Internet's male hegemony in order to preserve their own histories. Privacy, ownership, and the "self" presented in the public sphere have always been difficult components of human subjects research. Recording modern history while respecting its participants, editors Potter and Romano remind us - in fact, developing privacy policy as a whole - is based on ensuring that "neither access nor privacy can trump all other considerations, and no one can shoulder all the responsibility for upholding both ethics." -- EC Rosenberg ================================ EPIC Publications: "Litigation Under the Federal Open Government Laws 2010," edited by Harry A. Hammitt, Marc Rotenberg, John A. Verdi, Ginger McCall, and Mark S. Zaid (EPIC 2010). Price: $75 http://epic.org/bookstore/foia2010/ Litigation Under the Federal Open Government Laws is the most comprehensive, authoritative discussion of the federal open access laws. This updated version includes new material regarding President Obama's 2009 memo on Open Government, Attorney General Holder's March 2009 memo on FOIA Guidance, and the new executive order on declassification. The standard reference work includes in-depth analysis of litigation under: the Freedom of Information Act, the Privacy Act, the Federal Advisory Committee Act, and the Government in the Sunshine Act. The fully updated 2010 volume is the 25th edition of the manual that lawyers, journalists and researchers have relied on for more than 25 years. ================================ "Information Privacy Law: Cases and Materials, Second Edition" Daniel J. Solove, Marc Rotenberg, and Paul Schwartz. (Aspen 2005). Price: $98. http://www.epic.org/redirect/aspen_ipl_casebook.html This clear, comprehensive introduction to the field of information privacy law allows instructors to enliven their teaching of fundamental concepts by addressing both enduring and emerging controversies. The Second Edition addresses numerous rapidly developing areas of privacy law, including: identity theft, government data mining and electronic surveillance law, the Foreign Intelligence Surveillance Act, intelligence sharing, RFID tags, GPS, spyware, web bugs, and more. Information Privacy Law, Second Edition, builds a cohesive foundation for an exciting course in this rapidly evolving area of law. ================================ "Privacy & Human Rights 2006: An International Survey of Privacy Laws and Developments" (EPIC 2007). Price: $75. http://www.epic.org/phr06/ This annual report by EPIC and Privacy International provides an overview of key privacy topics and reviews the state of privacy in over 75 countries around the world. The report outlines legal protections, new challenges, and important issues and events relating to privacy. Privacy & Human Rights 2006 is the most comprehensive report on privacy and data protection ever published. ================================ "The Public Voice WSIS Sourcebook: Perspectives on the World Summit on the Information Society" (EPIC 2004). Price: $40. http://www.epic.org/bookstore/pvsourcebook This resource promotes a dialogue on the issues, the outcomes, and the process of the World Summit on the Information Society (WSIS). This reference guide provides the official UN documents, regional and issue-oriented perspectives, and recommendations and proposals for future action, as well as a useful list of resources and contacts for individuals and organizations that wish to become more involved in the WSIS process. ================================ "The Privacy Law Sourcebook 2004: United States Law, International Law, and Recent Developments," Marc Rotenberg, editor (EPIC 2005). Price: $40. http://www.epic.org/bookstore/pls2004/ The Privacy Law Sourcebook, which has been called the "Physician's Desk Reference" of the privacy world, is the leading resource for students, attorneys, researchers, and journalists interested in pursuing privacy law in the United States and around the world. It includes the full texts of major privacy laws and directives such as the Fair Credit Reporting Act, the Privacy Act, and the OECD Privacy Guidelines, as well as an up-to-date section on recent developments. New materials include the APEC Privacy Framework, the Video Voyeurism Prevention Act, and the CAN-SPAM Act. ================================ "Filters and Freedom 2.0: Free Speech Perspectives on Internet Content Controls" (EPIC 2001). Price: $20. http://www.epic.org/bookstore/filters2.0 A collection of essays, studies, and critiques of Internet content filtering. These papers are instrumental in explaining why filtering threatens free expression. ================================ EPIC publications and other books on privacy, open government, free expression, and constitutional values can be ordered at: EPIC Bookstore http://www.epic.org/bookstore ================================ EPIC also publishes EPIC FOIA Notes, which provides brief summaries of interesting documents obtained from government agencies under the Freedom of Information Act. Subscribe to EPIC FOIA Notes at: http://mailman.epic.org/mailman/listinfo/foia_notes ======================================================================= [9] Upcoming Conferences and Events ======================================================================= EPIC Champions of Freedom Awards Dinner. 11 June 2012, Washington, DC. For More Information: http://epic.org/june11/. The 12th Privacy Enhancing Technologies Symposium (PETS 2012). 11-13 July 2012, Vigo, Spain. For More Information: http://petsymposium.org/2012/. CONSENT policy conference: "Perceptions, Privacy and Permissions: the role of consent in on-lineservices." 6-7 September 2012, Cluj-Napoca, Romania. Call for papers by 7 June 2012. For More Information: http://conference.ubbcluj.ro/consent/. Amsterdam Privacy Conference. 7-10 October 2012, Amsterdam. For More Information: http://www.ivir.nl/news/CallforPapersAPC2012.pdf. 34th International Conference of Data Protection and Privacy. 23-25 October 2012, Punta del Este, Uruguay. For more information: http://www.privacyconference2012.org/english/sobre-la-conferencia/ noticias/noticia-destacada. The Public Voice Conference. 22 October 2012, Punta del Este, Uruguay. For more information: http://www.thepublicvoice.org/. PIPA Conference 2012: "Privacy on the Go." 1-2 November 2012, Calgary, Alberta. For More Information: http://privacyconference2012.ca. "Computers, Privacy and Data Protection: Reloading Data Protection." 23-25 January 2013, Brussels. For More information: http://www.cpdpconferences.org/. ======================================================================= Join EPIC on Facebook and Twitter ======================================================================= Join the Electronic Privacy Information Center on Facebook and Twitter: http://facebook.com/epicprivacy http://epic.org/facebook http://twitter.com/epicprivacy Join us on Twitter for #privchat, Tuesdays, 11:00am ET. Start a discussion on privacy. Let us know your thoughts. Stay up to date with EPIC's events. Support EPIC. ======================================================================= Privacy Policy ======================================================================= The EPIC Alert mailing list is used only to mail the EPIC Alert and to send notices about EPIC activities. We do not sell, rent or share our mailing list. We also intend to challenge any subpoena or other legal process seeking access to our mailing list. We do not enhance (link to other databases) our mailing list or require your actual name. In the event you wish to subscribe or unsubscribe your e-mail address from this list, please follow the above instructions under "subscription information." ======================================================================= About EPIC ======================================================================= The Electronic Privacy Information Center is a public interest research center in Washington, DC. It was established in 1994 to focus public attention on emerging privacy issues such as the Clipper Chip, the Digital Telephony proposal, national ID cards, medical record privacy, and the collection and sale of personal information. EPIC publishes the EPIC Alert, pursues Freedom of Information Act litigation, and conducts policy research. For more information, see http://www.epic.org or write EPIC, 1718 Connecticut Ave. NW, Suite 200, Washington, DC 20009. +1 202 483 1140 (tel), +1 202 483 1248 (fax). ======================================================================= Donate to EPIC ======================================================================= If you'd like to support the work of the Electronic Privacy Information Center, contributions are welcome and fully tax-deductible. Checks should be made out to "EPIC" and sent to 1718 Connecticut Ave. NW, Suite 200, Washington, DC 20009. Or you can contribute online at: http://www.epic.org/donate Your contributions will help support Freedom of Information Act and First Amendment litigation, strong and effective advocacy for the right of privacy and efforts to oppose government regulation of encryption and expanding wiretapping powers. Thank you for your support. ======================================================================= Subscription Information ======================================================================= Subscribe/unsubscribe via web interface: http://mailman.epic.org/mailman/listinfo/epic_news Back issues are available at: http://www.epic.org/alert The EPIC Alert displays best in a fixed-width font, such as Courier. ------------------------- END EPIC Alert 19.10 ------------------------