Focusing public attention on emerging privacy and civil liberties issues

EPIC Alert 19.12

======================================================================= E P I C A l e r t ======================================================================= Volume 19.12 July 3, 2012 ----------------------------------------------------------------------- Published by the Electronic Privacy Information Center (EPIC) Washington, D.C. http://www.epic.org/alert/epic_alert_19.12.html "Defend Privacy. Support EPIC." http://epic.org/donate ======================================================================== Table of Contents ======================================================================== [1] High Court Dismisses Challenge to Congress's Ability to Define Harm [2] EPIC Calls for Suspension of DHS "Risk-based" Profiling System [3] House Panel Votes to Renew Surveillance Law Without New Safeguards [4] EPIC Calls On FTC to Investigate Facebook Email Changes [5] Senate Judiciary Holds Hearing on Voter Suppression [6] EPIC in the News [7] Book Review: 'Confront and Conceal' [8] Upcoming Conferences and Events ======================================================================= [1] High Court Dismisses Challenge to Congress's Ability to Define Harm ======================================================================= On the final day of the 2011-2012 term, the US Supreme Court dismissed the case First American v Edwards, a challenge to Congress's ability to define harm, and leaving intact the earlier decision of the Ninth Circuit Court of Appeals. The case had been identified by some commentators as an important "sleeper case" for this term, in part because of the potential impact on various consumer protection and privacy statutes. The question before the Court was whether the plaintiffs had "standing" under Article III of the US Constitution to bring a claim against defendant First American Financial Corp. for violation of their rights under the Real Estate Settlement Procedures Act (RESPA). The issue of "standing" is important to the enforcement of consumer protection and privacy laws, and the earlier appeals court decision made clear that if Congress defines the consumer injury, then no further evidence is necessary. "Standing" is a procedural hurdle that plaintiffs must clear to have the underlying merits of their claims decided by a federal court. The Ninth Circuit Court ruled that "[t]he injury required by Article III can exist solely by virtue of statutes creating legal rights, the invasion of which creates standing." Thus, according to the lower court, the plaintiffs in First American needed only to establish that their rights to conflict-free title services under RESPA were violated to establish standing. Defendant First American subsequently petitioned for Supreme Court review, which the Court granted in June 2011. In the June 28 order dismissing the writ "as improvidently granted," however, the Court made clear that a hearing should not have been granted and that the lower court had reached the correct outcome. EPIC filed a "friend of the court" brief in First American v. Edwards after several prominent Internet companies, including Facebook, LinkedIn, and Zynga filed a brief urging reversal of the lower court's opinion. EPIC argued that effective enforcement of privacy and other consumer protection laws depends on Congress's ability to define harm and create statutory rights. EPIC's brief also stated that emerging business models "pose a particular threat to individual privacy," and that Congress "must maintain the power to define" and provide remedies for privacy injuries. US Supreme Court: Order Dismissing First American v. Edwards http://www.supremecourt.gov/opinions/11pdf/10-7081b2d.pdf EPIC: "Friend of the Court" Brief in First American v. Edwards http://epic.org/amicus/first-american/EPIC-Edwards-amicus-FINAL.pdf EPIC: First American v. Edwards http://epic.org/amicus/first-american/ ======================================================================= [2] EPIC Calls for Suspension of DHS "Risk-based" Profiling System ======================================================================= EPIC has submitted comments to Customs and Border Protection, a federal law-enforcement component of the Department of Homeland Security, urging it to suspend the Automated Targeting System. Although ATS was initially created to screen shipping cargo, the agency now uses the system to monitor individuals, thereby creating "risk-assessment" profiles on Americans who are not suspected of any crime. An unfavorable "risk-based" evaluation by ATS can subject individuals to investigation, government surveillance, and denial of the right to travel. Meanwhile, DHS has proposed to exempt the ATS database from certain Privacy Act provisions. The Automated Targeting System's evaluation applies both to travelers and to individuals that the agency believes "may pose a threat to the United States," including those who have never "been previously associated with a law enforcement action or otherwise [been] noted as a person of concern to law enforcement." CBP uses other government agencies and third-party data aggregators to collect personally identifiable information such as social security numbers, addresses, and birthdates; personal data including race, ethnicity, religious and political views; and even information relating to one's "sex life." The ATS algorithm then "matches" this information to "patterns of suspicious activity" and individuals are scored based on their perceived risk to national security. EPIC's comments note that the ATS Privacy Impact Assessment does not mitigate against privacy risks caused by the system, but rather reveals numerous privacy risks, thus underscoring the doubts surrounding ATS Privacy Act exemptions. Because the ATS establishes secret profiles on individuals absent Privacy Act safeguards and is contrary to the core purpose of the federal Privacy Act, EPIC's comments strongly recommend that the agency suspend the program. If, however, CBP continues to use the program, EPIC has urged the CBP to revise the Privacy Act notice for the Automated Targeting System to: "1) provide individuals judicially enforceable rights of access and correction; 2) limit the collection and distribution of information to only those necessary for the screening process, and 3) substantially limit the routine uses of information." EPIC also argued that because ATS collects certain categories of sensitive data, a "distinct possibility" exists that travelers will be face discrimination based upon race, political ideology, religious or sexual beliefs, among other personal matters." In detailed comments to DHS in 2007, EPIC opposed the use of "risk- based" profiles. EPIC's 2007 comments stated that the system's broad Privacy Act exemptions "contravene the intent of the Privacy Act of 1974" and that "more access and transparency is needed [because] the system's accuracy and effectiveness are in question." In 2006, EPIC led a coalition in condemning the "risk-based" assessment of US travelers. EPIC and the coalition urged the agency to suspend the program and to fully enforce Privacy Act obligations. EPIC has also testified before Congress on the inherent problems in passenger profiling systems like ATS. EPIC: Comments to CPB on Automated Targeting System (Jun. 21, 2012) http://epic.org/privacy/travel/ats/EPIC-ATS-Comments-2012.pdf DHS: Privacy Impact Assessment for ATS (Jun. 1, 2012) http://epic.org/redirect/070512-dhs-ats-pia.html Federal Register: DHS Proposed Rule on ATS (May 23, 2012) http://www.gpo.gov/fdsys/pkg/FR-2012-05-23/pdf/2012-12395.pdf EPIC: Comments on Proposed ATS Privacy Act Exemptions (2007) http://epic.org/privacy/travel/ats/epic_090507.pdf EPIC et al.: Comments on Proposed ATS Privacy Act Exemptions (2006) http://www.epic.org/privacy/pdf/ats_comments.pdf EPIC: Congressional Statement on Privacy and Terrorism (2003) http://www.epic.org/privacy/terrorism/911commtest.pdf EPIC: Congressional Statement on Traveler Watchlists (2008) http://epic.org/privacy/airtravel/watchlist_test_090908.pdf EPIC: The Privacy Act of 1974 http://epic.org/privacy/1974act/ EPIC: Automated Targeting System http://epic.org/privacy/travel/ats/ EPIC: Passenger Profiling http://epic.org/privacy/airtravel/profiling.html EPIC: Air Travel Privacy http://epic.org/privacy/airtravel/ ======================================================================== [3] House Panel Votes to Renew Surveillance Law Without New Safeguards ======================================================================== The US House Judiciary Committee has voted to reauthorize the Foreign Intelligence Surveillance Act (FISA) Amendments Act (HR 5949) through the end of 2017 without any changes. Amendments to improve FISA accountability introduced by Reps. John Conyers (D-MI), Jerold Nadler (D-NY), Bobby Scott (D-VA), and Sheila Jackson-Lee (D-Texas), were all defeated. The bill will now head to the full House of Representatives for consideration. The FISA Amendments Act of 2008 authorizes mass surveillance of foreign communications, including the communications of US persons, without individualized suspicion. In addition, the Act does not provide for adequate public oversight. Currently, the law provides little information to Congress or the public about government surveillance activities under the FISA. In the Senate, Ron Wyden (D-OR) and others have questioned the specifics of the Act's renewal. In a recent report by the Senate Intelligence Committee, Wyden and Mark Udall (D-CO) stated that the FISA contains a loophole that allows the government "to circumvent traditional warrant protections and search for the communications of a potentially large number of American citizens." In May, EPIC Executive Director Marc Rotenberg testified before the Judiciary Committee and recommended that Congress strengthen oversight procedures to protect privacy and limit possible misuses of the legal authority. EPIC's Rotenberg cited a 2003 report by the American Bar Association, recommending new reporting requirements for the FISA. The US Supreme Court has also decided to review Clapper v. Amnesty International, a case over the public standing to challenge the constitutionality of the FISA Amendments Act. US House Judiciary Committee: FISA Amendments Act of 2008 http://epic.org/redirect/070512-fisa-2008-amend.html US House: Full Committee Markup of HR 5949 (June 19, 2012) http://epic.org/redirect/070512-fisa-2008-markup.html House Judiciary Committee: Testimony of Marc Rotenberg (May 31, 2012) http://epic.org/redirect/070512-rotenberg-fisa-testimony.html EPIC: Foreign Intelligence Surveillance Act http://epic.org/privacy/terrorism/fisa/ EPIC: Clapper v. Amnesty International USA http://epic.org/amicus/fisa/clapper/ ======================================================================= [4] EPIC Calls On FTC to Investigate Facebook Email Changes ======================================================================= EPIC has asked the Federal Trade Commission to review Facebook's decision to change Facebook users' default email addresses, arguing that the change represents a deceptive practice and raises questions about Facebook's ability to comply with the terms of a proposed settlementwith the FTC. Facebook recently replaced users' individual displayed email addresses with the uniform @facebook.com email. Facebook changed these preferences without notifying users or obtaining their consent. Some previous statements by Facebook, however, had implied that users would be given a degree of control over whether they were given @facebook.com email addresses at all. In November 2011, Facebook and the FTC reached a preliminary settlement over charges that Facebook had engaged in unfair and deceptive business practices in violating the privacy of its users. The settlement followed from complaints filed in 2009 and 2010 by EPIC and other consumer and privacy organizations. The settlement prohibits Facebook from misrepresenting the privacy or security of users' personal information. Additionally, Facebook must obtain users' affirmative, express consent before sharing their information in a way that exceeds their privacy settings, establish a comprehensive privacy program, and submit to independent audits for 20 years. EPIC argued that the FTC should review Facebook's decision to override users' email preferences as it finalizes the settlement. "Facebook's willingness to disregard user choice and the increased pressure to monetize user data raise important questions about the company's ability to comply with the terms of the proposed Consent Order," EPIC wrote. EPIC also argued that, standing alone, Facebook's changes constitute a deceptive business practice, because Facebook never told users about the planned change. EPIC also pointed out that changing the email address listed on a user's profile could have the practical effect of directing email to Facebook's servers. Finally, EPIC said that Facebook's explanation that these changes were to benefit "visibility", rather than affecting privacy, was "nonsensical." EPIC: Letter to FTC re: Facebook Email (Jun. 27, 2012) http://epic.org/privacy/ftc/facebook/EPIC-ltr-to-FTC-re-FB-Email.pdf Facebook: Statement of Rights and Responsibilities https://www.facebook.com/note.php?note_id=10151420037600301 Facebook: Data Use Policy https://www.facebook.com/full_data_use_policy FTC: Press Release on Facebook Settlement (Nov. 29, 2011) http://ftc.gov/opa/2011/11/privacysettlement.shtm FTC: Agreement and Consent Order Against Facebook (Nov. 29, 2011) http://ftc.gov/os/caselist/0923184/111129facebookagree.pdf EPIC: 2009 Facebook Complaint (Dec. 17, 2009) http://epic.org/privacy/inrefacebook/EPIC-FacebookComplaint.pdf EPIC: 2010 Facebook Complaint (May 5, 2010) http://epic.org/privacy/facebook/EPIC_FTC_FB_Complaint.pdf FTC: Facebook Settlement Comments (Dec. 27, 2011) http://epic.org/redirect/070512-ftc-fb-settlement-comments.html EPIC: Facebook Privacy http://epic.org/privacy/facebook/ EPIC: Facebook Settlement http://epic.org/privacy/ftc/facebook/ ======================================================================== [5] Senate Judiciary Holds Hearing on Voter Suppression ======================================================================== The US Senate Judiciary Committee held a hearing June 26 on "Prohibiting the Use of Deceptive Practices and Voter Intimidation Tactics in Federal Elections." The Senate is considering new legislation to address the problem of deceptive practices and voter intimidation. Committee Chair Patrick Leahy (D-VT) cited "burdensome identification laws" as one of the obstacles to public participation in federal elections. A new report highlights similar problems in the recent Canadian national election. EPIC has published reports on deceptive campaign practices and filed briefs in opposition to unnecessary voter ID requirements. The Senate's "Deceptive Practices and Voter Intimidation Prevention Act of 2011" prohibits individuals from knowingly providing false statements concerning "the time or place of holding any election . . ., or the qualifications for or restrictions on voter eligibility for any such election" with the "the intent to mislead voters, or the intent to impede, hinder, discourage, or prevent another person from exercising the right to vote in an election." It also prohibits individuals from knowingly communicating "a materially false statement about an endorsement" with the "intent to mislead voters." The bill creates both a private right of action as well as criminal penalties for violations. Senate witness testimony both espoused S.1994 for combating voter suppression, and opposed the bill for a possible chilling effect on First Amendment Rights. EPIC has a longstanding history in advocating for voter privacy and the unfettered right to vote. In 2010, EPIC filed a "friend of the court" brief in Doe v. Reed, urging the Supreme Court to protect the privacy of those who sign petitions for ballot initiatives. In Doe v. Reed, the Court was asked to determine whether Washington State may force disclosure of the names of citizens who have signed petitions for ballot initiatives. EPIC's brief argued that revealing the names would subject signatories to the risk of retribution, that signing petitions constitutes anonymous speech, and that signing petitions is similar to casting a vote and should be protected accordingly. In a March 2007 statement to the US House Committee on the Judiciary, EPIC cautioned against new photo identification and proof of citizenship requirements for federal elections. Absent evidence of an actual problem, EPIC warned that the requirements could discourage legal voters. EPIC noted that Congress has already provided for provisional ballots for instances when there are doubts about the status of voters seeking to cast ballots in public elections. That same year, in Crawford v. Marion County Election Board, EPIC, along with several legal scholars and technical experts, submitted a "friend of the court" brief to the United States Supreme Court, urging the Court to invalidate an Indiana Law requiring individuals to show a government-issued photo ID card before allowing them to vote. In 2009, House Speaker Nancy Pelosi appointed EPIC Associate Director and leading election reform advocate Lillie Coney to the Election Assistance Commission (EAC) Board of Advisors. EAC is an independent, bipartisan commission charged with developing guidance to meet Help America Vote Act requirements, adopting voluntary voting system guidelines, and serving as a national clearinghouse of information about election administration. Senate Judiciary Committee: Hearing on Voter ID Bill (June 26, 2012) http://epic.org/redirect/070512-senate-voter-hearing.html GovTrack: Voting Act of 2011 (SB 1979) http://www.govtrack.us/congress/bills/112/s1994 Sen. Patrick Leahy: Press Release on Senate Hearing (June 26, 2012) http://epic.org/redirect/070512-leahy-voter-press-release.html EPIC: Study on Robocalls in 2012 Canadian Election (Apr. 23, 2012) http://epic.org/redirect/070512-study-canadian-robocalls.html EPIC: E-Deceptive Campaign Practices Report 2010 http://epic.org/privacy/voting/E_Deceptive_Report_10_2010.pdf EPIC: Voter Photo ID and Privacy http://epic.org/privacy/voting/photo-identification.html EPIC: Voting Privacy http://epic.org/privacy/voting/ EPIC: Doe v. Reed http://epic.org/privacy/reed/ EPIC: Voter ID Statement to House Judiciary Committee (March 7, 2007) http://epic.org/privacy/voting/voterid.pdf EPIC: Crawford v. Marion County Election Board http://epic.org/privacy/voting/crawford/#int United States Election Assistance Commission http://www.eac.gov/ US EAC: Help America Vote Act http://www.eac.gov/about_the_eac/help_america_vote_act.aspx ======================================================================== [6] News in Brief ======================================================================== EPIC Joins Open Government Groups in Freedom of Information Act Case EPIC has joined five other prominent open government groups in a "friend of the court" brief in support of Citizens for Responsibility and Ethics in Washington. The organization is seeking to reverse a federal court decision that held that federal agencies - in this case the Federal Election Commission - do not have to state whether they will comply with a FOIA request. In their brief, the open government groups claim that the ruling conflicts with the plain language of the Freedom of Information Act and would produce unnecessary confusion in FOIA cases. EPIC et al.: Brief re: Citizens for Responsibility (Jun. 18, 2012) http://www.citizen.org/documents/CREW-v-FEC-Amicus-Brief.pdf DC District Court: Decision in CREW v. FEC (Dec. 30, 2011) http://www.fec.gov/law/litigation/crew110951_dc_memo_opinion.pdf EPIC: Open Government http://epic.org/open_gov/ EPIC: FOIA Litigation Docket http://epic.org/privacy/litigation/ Facebook Acquires Facial Recognition Company Face.com Facebook has announced the acquisition of Face.com, a facial recognition technology company and longtime Facebook business partner. Facebook uses an automatic facial recognition system, called "tag suggestions," to create a database of users' biometric information. In 2011, EPIC filed a complaint with the Federal Trade Commission, claiming that Facebook created biometric profiles of users without their explicit consent, failed to provide a clear mechanism for the deletion of these profiles, and failed to take adequate safeguards to ensure that users' biometric information would not be accessible to government agents and other third parties. In recent comments to the FTC, EPIC recommended the suspension of facial recognition technology deployment until adequate safeguards and privacy standards are established. EPIC: Complaint to FTC on Facebook Facial Recognition (Jun. 10, 2011) http://epic.org/redirect/070512-epic-fb-facial-complaint.html EPIC: Comments to FTC on Facial Recognition (Jan. 31, 2012) http://epic.org/privacy/facerecognition/EPIC-Face-Facts-Comments.pdf Face.com: Press Release on Acquisition by Facebook (Jun. 18, 2012) http://face.com/blog/facebook-acquires-face-com/ EPIC: Facial Recognition http://epic.org/privacy/facerecognition/ EPIC: Facebook and Facial Recognition http://epic.org/privacy/facebook/facebook_and_facial_recognitio.html US Attorneys General to Focus on 'Privacy in the Digital Age' The National Association of Attorneys General has unanimously elected Maryland Attorney General Doug Gansler as the organization's president for the 2012-2013 session. As president, Gansler immediately announced "Privacy in the Digital Age," a new initiative designed to "bring the energy and legal weight of this organization to investigate, educate and take necessary steps to ensure that the Internet's major players protect the privacy of online consumers while balancing their legitimate business interest." Recently Gansler met with consumer and privacy advocates at a meeting hosted by the Privacy Coalition. Earlier in 2012 Gansler, along with more than 25 other state attorneys general, sent a letter to Google co-founder Larry Page, asking for a meeting to discuss the company's plans to consolidate Google users' personal information. MD AG Office: Press Release on Doug Gansler Election (Jun. 22, 2012) http://epic.org/redirect/070512-naag-gansler-election NAAG: Letter to Google re: Account Consolidation (Feb. 22, 2012) http://epic.org/redirect/070512-naag-google-letter.html National Association of Attorneys General (NAAG) http://naag.org The Privacy Coalition http://privacycoalition.org/ EPIC: EPIC v. FTC (Google Consent Order) http://epic.org/privacy/ftc/google/consent-order.html EPIC: Privacy Preemption Watch http://epic.org/privacy/preemption/ DHS Privacy Office Seeks Applicants for Data Privacy Committee The Department of Homeland Security has announced that it is seeking applicants for the agency's Data Privacy and Integrity Advisory Committee. The Advisory Committee was established to advise DHS on issues related to personally identifiable information, data integrity, and other privacy-related matters. DHS has a mandate from Congress to ensure that agency programs "do not erode privacy protections" and that personal information is "handled in full compliance with fair information practices as set out in the Privacy Act of 1974." Applications are due on or before July 23, 2012. Federal Register: DHS Advisory Committee Openings (Jun. 22, 2012) http://epic.org/redirect/070512-fedreg-dhs-committee-openings.html DHS: DHS Data Privacy and Integrity Advisory Committee http://www.dhs.gov/files/committees/editorial_0512.shtm FindLaw: Statute on DHS Privacy Office http://codes.lp.findlaw.com/uscode/6/1/II/C/142 EPIC: DHS Chief Privacy Office and Privacy http://epic.org/privacy/dhs-cpo.html EPIC: EPIC v. DHS (Suspension of Body Scanner Program) http://epic.org/redirect/070512-epicvdhs-body-scanner.html ======================================================================= [7] EPIC in the News ======================================================================= "Show Me Your Papers." The New York Times, July 1, 2012. http://epic.org/redirect/070512-nytimes-papers.html "Supreme Court Decision Could Boost Consumers In Privacy Lawsuits." MediaPost, June 28, 2012. http://epic.org/redirect/070512-mediapost-scotus-1stamerican.html "How SCOTUS real estate case could affect Internet privacy litigation." Thomson Reuters, June 27, 201. http://epic.org/redirect/070512-reuters-scotus-1stamerican.html "Google Maps: Now Helping Your Boss Track Your Every Move." Time, June 27, 2012. http://epic.org/redirect/070512-time-googlemaps.html "Facebook's E-Mail Switch Merits FTC Review, Group Says." Bloomberg, June 27, 2012. http://epic.org/redirect/070512-bloomberg-fbemail-epic.html "Florida hopes to fill its skies with unmanned aircraft." USA Today, June 23, 2012. http://epic.org/redirect/070512-usatoday-drones-epic.html "Facebook Settles Privacy Lawsuit, Buys Facial Recognition Company Face.com." Search Engine Watch, June 18, 2012. http://epic.org/redirect/070512-searchengine-facebook-epic.html For More EPIC in the News: http://epic.org/news/epic_in_news.html ======================================================================= [8] Book Review: 'Confront and Conceal' ======================================================================= "Confront and Conceal: Obama's Secret Wars and Surprising Use of American Power," David E. Sanger http://epic.org/redirect/070512-confront-and-conceal-sanger.html Within the first few chapters of David E. Sanger's riveting book, "Confront and Conceal: Obama's Secret Wars and Surprising Use of Power," unmanned aerial vehicles fly undetected with the help of high- tech, radar-dampening "skin"; an imposter negotiating a multi-national treaty flees with hundreds of thousands of dollars when his cover is blown; and a regular Joe catapults out of a Black Hawk helicopter with SEAL Team 6 soldiers deployed to kill Osama Bin Laden. James Bond fans rejoice: in this gripping narrative of recent foreign policy and national security efforts, the truth is finally more thrilling than fiction. Sanger, chief Washington correspondent for the New York Times, deftly presents the intricacies of the geopolitical problems Obama faced in the first three years of his presidency. Particularly satisfying are the connections Sanger makes between discrete above-the-crease crises. including Obama's approach to the Bin Laden raid and his increasing reliance on drones and cyber warfare. Importantly, Sanger also reveals the limitations of America's power to shape regional security. He exposes the folly of the US attempt to "remake" Afghanistan and the dangers of releasing malware, such as Stuxnet, into the cyber-ecosystem. Although Bush's wars in Iraq and Afghanistan were conducted in the (relative) open, with troops on the ground, intervening circumstances have pushed the war and the techniques used to wage it underground. The Obama Doctrine, writes Sanger, asserts that "adversaries can be effectively confronted through indirect methods - without boots on the ground, without breaking the treasury, and without the mistake of mission creep." Confront and Conceal offers a glimpse into this increasingly secretive world. In a particularly fascinating chapter called "Olympic Games," Sanger recounts the Obama administration's first use of cyber warfare techniques - a computer worm delivered via USB stick that terrorized and befuddled Iran's most brilliant nuclear scientists, forcing them to shut down a the secret nuclear plant. "Confront and Conceal" is also fundamentally about the evolution of the Obama Administration's foreign policy. Sanger argues convincingly that the President has surprised both supporters and detractors with his willingness to confront US enemies and perceived friends, with unilateral force if necessary. The Bin Laden raid - conducted with only 50-50 certainty that America's Public Enemy #1 was indeed within the compound - violated Pakistan's sovereignty and caused the deep humiliation of Pakistan's military and the alienation of its government from the US. Indeed, Obama's reliance on drones became necessary in part because Pakistan no longer tolerated the presence of US troops subsequent to the raid. Confront and Conceal offers an insider's view of the White House's approach to foreign policy and national security. Sanger is strongest when he lets the events speak for themselves, and weakest when he editorializes, as he does at length about the future of Afghanistan. The reporting is convincing in part because he is able to draw upon the first-hand sources from among Obama's inner circle, such as Thomas Donilon, the White House's National Security Advisor. Elsewhere, Sanger's critics have noted his closeness to the administration as reason to be skeptical of the veracity of his interpretation. This grain of salt notwithstanding, the book is an impressive account that will long be useful to anyone trying to understand the intricacies of the national security strategy formerly known as the War on Terror. -- Allegra Funsten ================================ EPIC Publications: "Litigation Under the Federal Open Government Laws 2010," edited by Harry A. Hammitt, Marc Rotenberg, John A. Verdi, Ginger McCall, and Mark S. Zaid (EPIC 2010). Price: $75 http://epic.org/bookstore/foia2010/ Litigation Under the Federal Open Government Laws is the most comprehensive, authoritative discussion of the federal open access laws. This updated version includes new material regarding President Obama's 2009 memo on Open Government, Attorney General Holder's March 2009 memo on FOIA Guidance, and the new executive order on declassification. The standard reference work includes in-depth analysis of litigation under: the Freedom of Information Act, the Privacy Act, the Federal Advisory Committee Act, and the Government in the Sunshine Act. The fully updated 2010 volume is the 25th edition of the manual that lawyers, journalists and researchers have relied on for more than 25 years. ================================ "Information Privacy Law: Cases and Materials, Second Edition" Daniel J. Solove, Marc Rotenberg, and Paul Schwartz. (Aspen 2005). Price: $98. http://www.epic.org/redirect/aspen_ipl_casebook.html This clear, comprehensive introduction to the field of information privacy law allows instructors to enliven their teaching of fundamental concepts by addressing both enduring and emerging controversies. The Second Edition addresses numerous rapidly developing areas of privacy law, including: identity theft, government data mining and electronic surveillance law, the Foreign Intelligence Surveillance Act, intelligence sharing, RFID tags, GPS, spyware, web bugs, and more. Information Privacy Law, Second Edition, builds a cohesive foundation for an exciting course in this rapidly evolving area of law. ================================ "Privacy & Human Rights 2006: An International Survey of Privacy Laws and Developments" (EPIC 2007). Price: $75. http://www.epic.org/phr06/ This annual report by EPIC and Privacy International provides an overview of key privacy topics and reviews the state of privacy in over 75 countries around the world. The report outlines legal protections, new challenges, and important issues and events relating to privacy. Privacy & Human Rights 2006 is the most comprehensive report on privacy and data protection ever published. ================================ "The Public Voice WSIS Sourcebook: Perspectives on the World Summit on the Information Society" (EPIC 2004). Price: $40. http://www.epic.org/bookstore/pvsourcebook This resource promotes a dialogue on the issues, the outcomes, and the process of the World Summit on the Information Society (WSIS). This reference guide provides the official UN documents, regional and issue-oriented perspectives, and recommendations and proposals for future action, as well as a useful list of resources and contacts for individuals and organizations that wish to become more involved in the WSIS process. ================================ "The Privacy Law Sourcebook 2004: United States Law, International Law, and Recent Developments," Marc Rotenberg, editor (EPIC 2005). Price: $40. http://www.epic.org/bookstore/pls2004/ The Privacy Law Sourcebook, which has been called the "Physician's Desk Reference" of the privacy world, is the leading resource for students, attorneys, researchers, and journalists interested in pursuing privacy law in the United States and around the world. It includes the full texts of major privacy laws and directives such as the Fair Credit Reporting Act, the Privacy Act, and the OECD Privacy Guidelines, as well as an up-to-date section on recent developments. New materials include the APEC Privacy Framework, the Video Voyeurism Prevention Act, and the CAN-SPAM Act. ================================ "Filters and Freedom 2.0: Free Speech Perspectives on Internet Content Controls" (EPIC 2001). Price: $20. http://www.epic.org/bookstore/filters2.0 A collection of essays, studies, and critiques of Internet content filtering. These papers are instrumental in explaining why filtering threatens free expression. ================================ EPIC publications and other books on privacy, open government, free expression, and constitutional values can be ordered at: EPIC Bookstore http://www.epic.org/bookstore ================================ EPIC also publishes EPIC FOIA Notes, which provides brief summaries of interesting documents obtained from government agencies under the Freedom of Information Act. Subscribe to EPIC FOIA Notes at: http://mailman.epic.org/mailman/listinfo/foia_notes ======================================================================= [9] Upcoming Conferences and Events ======================================================================= The 12th Privacy Enhancing Technologies Symposium (PETS 2012). 11-13 July 2012, Vigo, Spain. For More Information: http://petsymposium.org/2012/. "The Great Privacy Debate." 18 July 2012, Washington, DC. For More Information: http://http://techfreedom.org/event/great-privacy-debate. CONSENT policy conference: "Perceptions, Privacy and Permissions: the role of consent in on-lineservices." 6-7 September 2012, Cluj-Napoca, Romania. Call for papers by 7 June 2012. For More Information: http://conference.ubbcluj.ro/consent/. DataCenter Dynamics Converged. 12 September 2012, Washington, DC. For More Information: http://www.datacenterdynamics.com/conferences/2012/ washington-dc-2012?i=who-should-attend. Amsterdam Privacy Conference. 7-10 October 2012, Amsterdam. For More Information: http://www.ivir.nl/news/CallforPapersAPC2012.pdf. 34th International Conference of Data Protection and Privacy. 23-25 October 2012, Punta del Este, Uruguay. For more information: http://www.privacyconference2012.org/english/sobre-la-conferencia/ noticias/noticia-destacada. The Public Voice Conference. 22 October 2012, Punta del Este, Uruguay. For more information: http://www.thepublicvoice.org/. PIPA Conference 2012: "Privacy on the Go." 1-2 November 2012, Calgary, Alberta. For More Information: http://privacyconference2012.ca. "Computers, Privacy and Data Protection: Reloading Data Protection." 23-25 January 2013, Brussels. For More information: http://www.cpdpconferences.org/. ======================================================================= Join EPIC on Facebook and Twitter ======================================================================= Join the Electronic Privacy Information Center on Facebook and Twitter: http://facebook.com/epicprivacy http://epic.org/facebook http://twitter.com/epicprivacy Join us on Twitter for #privchat, Tuesdays, 11:00am ET. Start a discussion on privacy. Let us know your thoughts. Stay up to date with EPIC's events. Support EPIC. ======================================================================= Privacy Policy ======================================================================= The EPIC Alert mailing list is used only to mail the EPIC Alert and to send notices about EPIC activities. We do not sell, rent or share our mailing list. We also intend to challenge any subpoena or other legal process seeking access to our mailing list. We do not enhance (link to other databases) our mailing list or require your actual name. In the event you wish to subscribe or unsubscribe your e-mail address from this list, please follow the above instructions under "subscription information." ======================================================================= About EPIC ======================================================================= The Electronic Privacy Information Center is a public interest research center in Washington, DC. It was established in 1994 to focus public attention on emerging privacy issues such as the Clipper Chip, the Digital Telephony proposal, national ID cards, medical record privacy, and the collection and sale of personal information. EPIC publishes the EPIC Alert, pursues Freedom of Information Act litigation, and conducts policy research. For more information, see http://www.epic.org or write EPIC, 1718 Connecticut Ave. NW, Suite 200, Washington, DC 20009. +1 202 483 1140 (tel), +1 202 483 1248 (fax). ======================================================================= Donate to EPIC ======================================================================= If you'd like to support the work of the Electronic Privacy Information Center, contributions are welcome and fully tax-deductible. Checks should be made out to "EPIC" and sent to 1718 Connecticut Ave. NW, Suite 200, Washington, DC 20009. Or you can contribute online at: http://www.epic.org/donate Your contributions will help support Freedom of Information Act and First Amendment litigation, strong and effective advocacy for the right of privacy and efforts to oppose government regulation of encryption and expanding wiretapping powers. Thank you for your support. ======================================================================= Subscription Information ======================================================================= Subscribe/unsubscribe via web interface: http://mailman.epic.org/mailman/listinfo/epic_news Back issues are available at: http://www.epic.org/alert The EPIC Alert displays best in a fixed-width font, such as Courier. ------------------------- END EPIC Alert 19.12 ------------------------