Focusing public attention on emerging privacy and civil liberties issues

EPIC Alert 19.15

======================================================================= E P I C A l e r t ======================================================================= Volume 19.15 August 16, 2012 ----------------------------------------------------------------------- Published by the Electronic Privacy Information Center (EPIC) Washington, D.C. http://www.epic.org/alert/epic_alert_19.15.html "Defend Privacy. Support EPIC." http://epic.org/donate ======================================================================== Table of Contents ======================================================================== [1] FTC Fines Google $22.5M for Privacy Violations [2] FTC Finalizes Settlement in EPIC Facebook Complaint [3] DC Circuit Court Orders TSA to Answer EPIC's Mandamus Petition [4] EPIC Urges Education Department to Protect Student Privacy [5] EPIC Sues for Details of ODNI Plan to Amass Data on Americans [6] News in Brief [7] EPIC in the News [8] Book Review: 'More Essential than Ever' [9] Upcoming Conferences and Events ======================================================================== [1] FTC Fines Google $22.5M for Privacy Violations ======================================================================== The Federal Trade Commission has fined Google $22.5 million for violating the terms of a settlement reached with the company last year. Google violated the settlement by placing advertising tracking cookies on Safari browsers despite telling users it would honor the default Safari privacy settings, which prevented the placement of such cookies. The fine represents the largest penalty ever levied by the FTC for the violation of a settlement. Specifically, Google made deceptive statements about the extent to which users could rely on Safari's default settings to protect their privacy. Safari browsers strictly limit the placement of persistent identifiers, or "cookies," by third parties. Google circumvented this default setting by placing advertising cookies on the browsers of Safari users. Google also told users that Apple's default settings would prevent the placement of advertising cookies. Thus, the FTC alleged, Google had "misrepresented the extent to which users may exercise control over the collection or use of covered information, thereby violating Part ICA of the Google Consent Order." The settlement follows from a complaint filed by EPIC over Google Buzz, the social network service launched in early 2010. At the time, EPIC filed a detailed complaint with the Trade Commission, which provided the basis for the subsequent investigation and settlement. The settlement prohibits Google from misrepresenting the extent to which it maintains the privacy and security of personal information, and requires the company to submit to independent privacy audits for the next 20 years. Earlier in 2012, Google announced that it would begin creating comprehensive profiles of its users by combining personal information gathered from over 60 Google services. This consolidation prompted objections from European Union data protection authorities, US state attorneys general, members of Congress, and IT managers in the government and private sectors. EPIC subsequently filed suit in federal district court to compel the FTC to prevent the consolidation of user information, arguing that it violated the terms of the settlement. The court, while sympathetic to EPIC's position, denied EPIC's motion, holding that the court lacked jurisdiction to compel the FTC to take an enforcement action. Now, the Commission has announced the largest fine in a consumer privacy case in the agency's history. Previously, the largest fine was $15M against the databroker Choicepoint, a case that also arose from a complaint filed by EPIC. FTC: Statement of the Commission on Google Fine (Aug. 9, 2012) http://www.ftc.gov/os/caselist/c4336/120809googlestatement.pdf FTC: Press Release on Google Fine (Aug. 9, 2012) http://www.ftc.gov/opa/2012/08/google.shtm EPIC: Letter to FTC re: Safari Tracking Cookies (Feb. 17, 2012) http://epic.org/redirect/081512-letter-FTC-tracking-cookies.html FTC: Press Release on Google Buzz Settlement (Mar. 30, 2011) http://www.ftc.gov/opa/2011/03/google.shtm DC District Court: Memorandum Opinion on Google (Feb. 24, 2012) http://epic.org/privacy/ftc/google/EPICvFTC-CtMemo.pdf EPIC et al.: Letter to Rep. Mary Bono-Mack re: Google (Feb. 24, 2012) http://epic.org/redirect/081512-letter-bono-mack-google.html NAAG: Letter to Google re: Safari Hack (Feb. 22, 2012) http;//epic.org/redirect/081512-naag-google-letter.html Article 29 Working Party: Letter to Google (Feb 2, 2012) http://epic.org/redirect/081512-article-29-letter-google.html Rep. Ed Markey et al.: Letter to Google (Jan. 26, 2012) http://epic.org/redirect/081512-markey-letter-google.html EPIC: Google's Circumvention of Browser Privacy Settings http://epic.org/redirect/081512-epic-google-browser-circumvent.html EPIC: EPIC v. FTC (Google Consent Order) http://epic.org/privacy/ftc/google/consent-order.html EPIC: Federal Trade Commission http://epic.org/privacy/internet/ftc/ ======================================================================= [2] FTC Finalizes Settlement in EPIC Facebook Complaint ======================================================================= The Federal Trade Commission has finalized the terms of a settlement with Facebook first announced in November 2011. The settlement bars Facebook from changing privacy settings without the affirmative consent of users or misrepresenting the privacy or security of users' personal information. The settlement follows from detailed complaints filed by EPIC, with the backing of a coalition of consumer and privacy organizations, in 2009 and 2010 over Facebook's decision to change its users' privacy settings in a way that made users' personal information more widely available to the public and to Facebook's business partners. Under the terms of the settlement, Facebook is prohibited from misrepresenting the privacy or security of users' personal information, and must (1) obtain users' affirmative, express consent before sharing their information in a way that exceeds their privacy settings; (2) establish a comprehensive privacy program; (3) ensure that Facebook cannot access personal information after a user deletes an account; and (4) submit to independent audits for 20 years. In comments filed with the FTC, EPIC recommended strengthening the settlement by requiring Facebook to restore the privacy settings users had in 2009; giving users access to all of the data that Facebook keeps about them; preventing Facebook from creating facial recognition profiles without users' consent; and publicizing the results of the government privacy audits. Although the FTC decided to adopt the settlement without any modifications, in a response to EPIC, the Commission said that facial recognition data is included within the settlement's definition of "covered information," that the audits would be publicly available to the extent permitted by law, and that the terms of the settlement "are broad enough to address misconduct beyond that expressly challenged in the complaint." The Secretary of the FTC thanked EPIC for the petition that triggered the investigation, and for "other correspondence about Facebook's privacy practices and appreciates its support of the proposed complaint." FTC Commissioner J. Thomas Rosch dissented from the final settlement, citing concerns that the provisions might not adequately cover deceptive statements made by Facebook apps. Commissioner Rosch also questioned the FTC's practice of allowing companies like Facebook to deny liability. FTC: Press Release on Final Facebook Settlement (Aug. 10, 2012) http://ftc.gov/opa/2012/08/facebook.shtm FTC: Settlement with Facebook (Nov. 29, 2011) http://www.ftc.gov/os/caselist/0923184/111129facebookagree.pdf EPIC: In re: Facebook (Complaint) 2009 (Dec. 17, 2009) http://epic.org/privacy/inrefacebook/EPIC-FacebookComplaint.pdf EPIC: In re: Facebook 2 (Complaint) 2010 (May 5, 2010) http://epic.org/privacy/facebook/EPIC_FTC_FB_Complaint.pdf EPIC: Comments on Facebook Settlement (Dec. 17, 2011) http://epic.org/redirect/081512-epic-comments-fb.html FTC: Response to EPIC re: Facebook Complaints (Jul. 27, 2012) http://epic.org/privacy/facebook/Facebook-Ltr-To-EPIC-07-27-12.pdf FTC: Dissent of Commiss. Rosch on Facebook Settlement (Aug. 10, 2012) http://www.ftc.gov/os/caselist/0923184/120810facebookstmtrosch.pdf EPIC: Federal Trade Commission http://epic.org/privacy/internet/ftc/ EPIC: Facebook Privacy http://epic.org/privacy/facebook/ ======================================================================== [3] DC Circuit Court Orders TSA to Answer EPIC's Mandamus Petition ======================================================================== The US Court of Appeals for the DC Circuit has ordered the Department of Homeland Security to respond to EPIC's recent mandamus petition, which requested that the court "enforce [its] mandate" and require the TSA to set a date to begin the public rulemaking on the airport body scanner screening program, as required by law, or to suspend the program. EPIC's petition argued that the TSA's failure to publish a rule or issue public notice regarding the body scanners is a violation of the July 2011 court order, and constitutes an "unreasonable delay" that is sufficient to sustain EPIC's claim for relief. More than a year has passed since the TSA was ordered to "act promptly" and begin public rulemaking, and more than two years since the airport body scanner program was implemented nationwide. The petition makes clear that the TSA must act immediately to comply with the court's order. EPIC's petition also contended that recent cases in the DC Circuit demonstrate that the court can grant a Writ of Mandamus "where an agency, subject to remand, failed to make a timely determination as required by the Court." This is especially true in cases where there are ongoing safety concerns. In the case of the body scanners, The TSA still has not conducted an independent safety assessment, despite the fact that top radiation experts have expressed concerns about the technology and called for further evaluation. Meanwhile, recent reports and comments from the House Oversight Committee charged with reviewing TSA's activities have concluded that the machines are "ineffective." The TSA's response is due August 30, 2012. DC Circuit Court: Order to TSA to Conduct Rulemaking (Aug. 1, 2012) http://epic.org/privacy/body_scanners/EPIC-v-DHS-Order-8-1-12.pdf EPIC: Petition for Writ of Mandamus (Jul. 17, 2012) http://epic.org/redirect/081512-mandamus.html Coalition in support of EPIC: Brief on Petition (Jul. 19, 2012) http://epic.org/redirect/081512-coalition-mandamus-support.html EPIC: EPIC v. DHS (Suspension of Body Scanner Program) http://epic.org/redirect/081512-epicvdhs-scanners.html ======================================================================= [4] EPIC Urges Education Department to Protect Student Privacy ======================================================================= EPIC has submitted comments to the US Department of Education, recommending that the agency collect only "relevant and necessary" student information when it undertakes educational studies. The agency's Institute of Education Sciences has proposed a "Study of Promising Features of Teacher Preparation Programs" to help assess teacher effectiveness. The new database will contain records on "approximately 5,000 students and 360 teachers." EPIC urged the agency to collect only student data germane to teacher effectiveness, such as test scores, and opposed the agency's collection of detailed student information such as actual name and "disciplinary incidences." The Education Department's proposed study will analyze "the effect on student learning of teachers who have experienced intensive clinical practice within their teacher preparation programs." The study's database will include personal information gathered from students and teachers. Student records currently within the database include name, birth date, disciplinary incidences, and reading and mathematics test scores. EPIC's comments stated, "[t]he Privacy Act permits the Education Department to collect only relevant and necessary information," and therefore the agency should narrow its collection of student records. Specifically, because the study evaluates teacher effectiveness on student reading and math achievement, it should limit information collection to "educational background" and test scores, and exclude information not directly related to teacher effectiveness. EPIC also noted that in light of the 2011 massive security breach of an Education Department website, a more narrowly defined information collection will diminish risks to student privacy. Lastly, EPIC explained that under the Privacy Act, the Education Department does not meet the standards for disclosing student records outside the agency without first obtaining student consent. Earlier in 2012, EPIC filed a lawsuit against the Department of Education under the Administrative Procedure Act, arguing that the agency's December 2011 regulatory changes of the Family Educational Rights and Privacy Act exceed the agency's statutory authority and are contrary to law. In 2011, EPIC filed a "friend of the court" brief in Chicago Tribune v. University of Illinois, a case involving student privacy rights protected by FERPA. During the George W. Bush Administration, EPIC and more than 100 local, state, and national organizations urged then-Secretary of Defense Donald Rumsfeld to end the "Joint Advertising and Market Research Studies" Recruiting Database, which discloses personal information about 16-25-year-old Americans without obtaining individual consent. EPIC: Comments to Ed. Dept. re: Student Privacy (Jul. 30, 2012) http://epic.org/privacy/student/EPIC-ED-SORN-Cmts.pdf Education Department: Institute of Education Sciences http://ies.ed.gov/ Federal Register: Ed. Dept. Privacy Act SORN (Jun. 28, 2012) http://www.gpo.gov/fdsys/pkg/FR-2012-06-28/pdf/2012-15886.pdf EPIC: EPIC v. US Department of Education http://epic.org/apa/ferpa/default.html EPIC: "Friend of the Court" Brief in Tribune v. U. IL (Jul. 20, 2011) http://epic.org/amicus/tribune/EPIC_brief_Chi_Trib_final.pdf Privacy Coalition: DoD Database Campaign Coalition Letter (2003) http://privacycoalition.org/nododdatabase/letter.html EPIC: Student Privacy http://epic.org/privacy/student/ ======================================================================== [5] EPIC Sues for Details of ODNI Plan to Amass Data on Americans ======================================================================== EPIC has filed a Freedom of Information Act lawsuit against the Office of the Director of National Intelligence (ODNI), seeking documents related to the collection and integration of detailed personal information of US persons from databases at various levels of government. The ODNI is the top intelligence agency in the US, coordinating the activities of agencies including the CIA, the FBI, and the DHS. ODNI's current (March 2012) "Guidelines for Access, Retention, Use, and Dissemination by the National Counterterrorism Center (NCTC)" describe the implementation procedures used to combine databases containing "non-terrorism information." Under the revised guidelines, the detailed personal information that will populate the integrated ODNI databases will be amassed from across the federal government. The data then will be kept for up to five years without the legal safeguards typically in place for personal data held by government agencies. After the guidelines' publication, EPIC filed several FOIA requests, seeking documents identifying both "priority" databases and any procedural safeguards in place to ensure accuracy and data security. EPIC requested documents related to (1) the "priority list" of databases discussed in the NTCT Guidelines, (2) data accuracy and security safeguards, (3) agreements and disputes between ODNI and agency heads, and (4) interpretations of key standards used to identify "terrorism information." After the ODNI failed to make a timely response to EPIC's FOIA requests, EPIC filed suit in the Washington, DC District Court. EPIC's complaint demands that ODNI conduct a reasonable search and promptly disclose responsive records. EPIC: Complaint Against ODNI (Aug. 1, 2012) http://epic.org/foia/EPIC-v-ODNI-Complaint.pdf ODNI: Guidelines for NCTC Datasets (Mar. 2012) http://epic.org/redirect/081512-odni-dataset-guidelines.html Office of the Director of National Intelligence http://www.odni.gov/ EPIC: EPIC v. Department of Homeland Security: Media Monitoring http://epic.org/foia/epic-v-dhs-media-monitoring/ EPIC: Information Fusion Centers and Privacy http://epic.org/privacy/fusion/ ======================================================================== [6] News in Brief ======================================================================== EPIC: Voters Should Be Wary of 2012 Election Apps EPIC has released a report, "Smartphones and the 2012 Election," focusing on the potential risks to voters who download election-related apps to their smartphones and tablets. The report contends that these apps promote greater citizen participation in e-democracy, but also may contain malware, disseminate false information - or, as was recently reported of an Obama campaign app, compromise voter privacy by making voters' personal and locational information widely available. A recent study by the University of Pennsylvania's Annenberg School for Communication revealed that voters are ambivalent about "personalized" political advertising, a practice likely to increase with the number of election and political apps available for download. EPIC's report also examines the role of federal and state regulation in protecting voters and providing guidance to campaigns, and recommends actions that voters, election administrators, and campaigns can take to better protect voter privacy. EPIC: Paper on 'Smartphones and the 2012 Election' (Aug. 2012) http://epic.org/privacy/voting/Smartphones-and-Election-2012.pdf U. Penn. Annenberg School: Study on "Tailored" Voter Ads (Jul. 2012) http://graphics8.nytimes.com/packages/pdf/business/24adco.pdf EPIC: Voting Privacy http://epic.org/privacy/voting/ EPIC: Location Privacy: Apple iPhone / iPad http://epic.org/privacy/location_privacy/apple.html Federal Court to Hear Arguments in Cell Phone Tracking Case The Court of Appeals for the Fifth Circuit has tentatively scheduled oral argument in the first week of October for a current case, In re US Application for Historic Cell-Site Location Information, which addresses whether the Fourth Amendment allows the US government to force disclosure of historical cell phone location records without a warrant. EPIC filed a "friend of the court" brief in this case, arguing that cell phone location records reveal private information and should be protected even if they are held by third party cell phone companies. EPIC: In re Historic Cell-Site Location Information http://epic.org/amicus/location/cell-phone-tracking/ EPIC: Brief for In re Cell-Site Location Information (Mar. 17, 2012) http://epic.org/redirect/081512-epic-amicus-cellsite.html EPIC: Locational Privacy http://epic.org/privacy/location_privacy/ Markey Bill Would Limit Drone Surveillance Representative Ed Markey (D-MA) has announced a bill aimed at protecting individual privacy from drone surveillance. Rep. Markey said, "When it comes to privacy protections for the American people, drones are flying blind." The draft bill requires the FAA to establish privacy safeguards for drone operators and creates new limits on data collection by law enforcement agencies. Earlier in 2012, EPIC, joined by over 100 organizations, experts, and members of the public, petitioned the FAA to begin a rulemaking on the privacy impact of drone use. Rep. Ed Markey: Press Release on Drone Bill (Aug. 1, 2012) http://epic.org/redirect/markey-bill-drones.html Rep. Ed Markey: Draft Bill to Modify FAA Act of 2012 (Aug. 1, 2012) http://epic.org/redirect/0815-draft-drone-bill.html EPIC et al.: Petition to FAA on Drone Use (Feb. 24, 2012) http://epic.org/privacy/drones/FAA-553e-Petition-03-08-12.pdf GovTrack: Full Text of FAA Modernization and Reform Act of 2012 http://www.govtrack.us/congress/bills/112/hr658/text EPIC: Unmanned Aerial Vehicles (UAVs) and Drones http://epic.org/privacy/drones/ IL Becomes Third State to Stop Employers from Demanding Facebook Info Illinois Governor Pat Quinn (D) has signed a bill prohibiting Illinois employers from demanding social network usernames and passwords. The "Right to Privacy in the Workplace Act" takes effect on Jan. 1, 2013, and will result in Illinois joining Maryland and Delaware as the third state that protects the social network privacy of employees and job applicants. IL Government News: Press Release on Gov. Quinn's Bill (Aug. 1, 2012) http://epic.org/redirect/081512-press-release-IL-fb-bill.html State of IL: 'Right to Privacy in the Workplace Act' (Aug. 1, 2012) http://epic.org/redirect/081512-text-IL-fb-bill.html State of MD: Social Networking Privacy Bill (Apr. 1, 2012) http://mlis.state.md.us/2012RS/billfile/SB0433.htm State of DE: Social Networking Privacy Bill (Jul. 20, 2012) http://epic.org/redirect/081512-social-network-privacy-del.html EPIC: Workplace Privacy http://epic.org/privacy/workplace/ EPIC: Facebook Privacy http://epic.org/privacy/facebook/ US Pushes Forward Flawed International Privacy Framework The US is the lone non-Asian signatory to the Asia-Pacific Economic Cooperation's Cross Border Privacy Rules. The APEC Rules set out a self-regulatory framework for the transfer of personal data across national borders. APEC is an inter-governmental organization with 21 member economies that promotes business and trade in the Asia-Pacific region. APEC established a Privacy Framework in 2005 that is generally considered among the weakest in the world. In 2006, EPIC and a coalition of consumer groups submitted comments to the Department of Commerce detailing the shortcomings of the APEC framework and recommending stronger safeguards for consumers. US Commerce Dept.: Press Release on US and APEC Rules (Jul. 26, 2012) http://epic.org/redirect/081512-release-us-apec-signature.html Organization for Asia-Pacific Economic Cooperation http://apec.org APEC: Privacy Framework of 2005 http://publications.apec.org/publication-detail.php?pub_id=390 EPIC et al.: Comments to Commerce on APEC Privacy Framework (2006) http://epic.org/privacy/intl/apec_cmts.pdf EPIC: International Privacy Standards http://epic.org/privacy/intl/ Senate Confirms Four Members of the Privacy Civil Liberties Board The Senate voted Aug. 1 to confirm four nominees to the Privacy and Civil Liberties Oversight Board before its summer recess. Congress created PCLOB in 2004, at the recommendation of the 9/11 Commission, to advise the President and other senior executive branch officials and ensure that privacy and civil liberties are protected as laws, regulations, and executive branch policies are implemented. PCLOB was reconstituted as an independent agency in 2007, but since then Congress has failed to confirm all five members of the board. After the recent confirmations the Board can "do work," but it cannot hire staff until the Senate confirms its Chairman. Sen. Pat Leahy (D-VT): Release on PCLOB Nominations (Aug. 2, 2012) http://epic.org/redirect/081512-leahy-press-release-pclob.html 108th Congress: Act Creating PCLOB (Dec. 17, 2004) http://epic.org/redirect/081512-2005-act-creating-pclob.html US Senate: Testimony of Prof. Peter Swire on PCLOB (Jul. 31, 2012) http://epic.org/redirect/081512-swire-pclob-testimony.html EPIC: Privacy Oversight http://epic.org/privacy/oversight/ EPIC: 'The Sui Generis Privacy Agency' (Sept. 2006) http://papers.ssrn.com/sol3/papers.cfm?abstract_id=933690 ======================================================================= [7] EPIC in the News ======================================================================= "FTC gives final approval to Facebook privacy settlement." PC Advisor UK, Aug. 10, 2012. http://epic.org/redirect/081512-pcadvisor-ftc-fb.html "Future changes to Facebook privacy settings to be opt-in." Ars Technica, Aug. 10, 2012. http://epic.org/redirect/081512-arstechnica-ftc-fb.html "FTC OKs Facebook's privacy settlement." Politico, Aug. 10, 2012. http://www.politico.com/news/stories/0812/79559.html "Google Said to Face Fine by U.S. Over Apple Safari Breach." BusinessWeek, Aug. 9, 2012. http://epic.org/redirect/0815-busweek-google-safari.html "Google Fined Record $22.5M For Privacy Violations, But Admits Nothing." TalkingPointsMemo.com, Aug. 9, 2012. http://epic.org/redirect/081512-tpm-google-safari.html "Obama campaign app concerns some privacy advocates." The Washington Post, Aug. 7, 2012. http://epic.org/redirect/0815-washpost-obama-app.html "Airport Security." The Huffington Post, Aug. 7, 2012. http://epic.org/redirect/081512-huffpost-epic-security.html "Court orders TSA to justify year-long defiance of the law." Ars Technica, Aug. 2, 2012. http://epic.org/redirect/081512-arstechnica-epic-tsa.html "Readers Debate Trade-Offs Between Security and Civil Liberties." The New York Times, Aug. 2, 2010. http://epic.org/redirect/081512-nyt-epic-civil-liberties.html "Court Demands TSA Explain Why It Is Defying Nude Body Scanner Order." Wired, Aug. 1, 2012. http://www.wired.com/threatlevel/2012/08/nude-scanner-order/ "Drone Privacy Bill Would Put In Safeguards On Surveillance." The Huffington Post, Aug. 1, 2012. http://epic.org/redirect/081512-huffpost-epic-drones.html "FTC proposes tougher rules for online child privacy." MSNBC, Aug, 1, 2012. http://epic.org/redirect/081512-msnbc-epic-coppa.html "Netflix Notifies Customers of Class Action Settlement; Privacy Groups Will Benefit." ABA Journal, Aug. 1, 2012. http://epic.org/redirect/081512-abajournal-epic-netflix.html For More EPIC in the News: http://epic.org/news/epic_in_news.html ======================================================================= [8] Book Review: 'More Essential than Ever' ======================================================================= "More Essential than Ever: The Fourth Amendment in the Twenty First Century (Inalienable Rights)," Stephen J. Schulhofer. http://epic.org/redirect/081512-more-essential-than-ever-schulhofer.html Like the Fourth Amendment itself, NYU law professor's Stephen J. Schulhofer's new book, "More Essential than Ever: The Fourth Amendment in the Twenty First Century" is a complex little gem of text that raises legal and ethical questions even as it answers them. "A central concern of this book," states Schulhofer, "is to demonstrate the importance for all Americans of preserving our capacity to limit the government's access to facts about ourselves." Schulhofer contends that the Founding Fathers didn't intend for US citizens to live like "hermits" in order to remain unharassed by government agencies - nor should we, even if hermit life were still possible. According to Schulhofer, the Fourth Amendment exists to preserve our privacy, which he defines as control over our own information, despite modern courts and government agencies that are alternatingly overzealous and antiquated in their interpretations. The Fourth Amendment is fundamentally about the relationship between citizens and their government, Schulhofer argues, not between consumers and the companies they patronize. As a result, Schulhofer wastes very few pages discussing the relationship between the Fourth Amendment and the private sector. He disapproves, for instance, of data aggregation companies selling their results to corporations, but he labels their effects on consumers somewhere between "nuisance" and "harm." But the real "threat" to privacy is from the US government's unfettered access to data, about which he is unequivocal: "Fourth Amendment safeguards should apply whenever individuals convey personal information to a service provider or other intermediate institution under promises of confidentiality." In other words, Schulhofer is deeply offended by 21st-century applications of the "third-party doctrine," and finds them an almost-existential threat to the Fourth Amendment. Schulhofer's views on privacy are so balanced as to be almost ambiguous. He concedes that the George W. Bush Administration went overboard in its response to the 9/11 attacks, but also maintains that threats to national security were and continue to be quite real. He believes that the Fourth Amendment, even for constitutional "originalists," was written in such a way to balance legitimate search and seizure of genuine criminals with the rights of everyone else, a point he returns to repeatedly throughout the book. Schulhofer clearly was careful in choosing which topics to cover in a book this small. "More Essential Than Ever" was also completed in early 2012, just after the Supreme Court's decision in US v. Jones. As a result, he spends a disproportionate amount of his limited textual real estate examining the Fourth Amendment implications of the case. But perhaps Schulhofer couldn't have found a better venue than US v. Jones to discuss modern data privacy - and he believes the outcome for the Fourth Amendment is "unclear, to say the least." Because "the constitutional violation, in the Court's eyes, rests on a point that is preposterously artificial," he says, "[t]he majority's approach in Jones offers virtually no defense against the government's ability to exploit the intrusive potential of technologies like" smartphones and built-in vehicle GPS systems. "More Essential Than Ever," despite its practical title and deliberately short length, is a fine book that leaves readers wanting more than an "essential" overview of the Fourth Amendment's history, present applications, and future trajectory. It's a clear-minded, clearly written synopsis of difficult issues, but those issues require more than 180 pages to answer, let alone define. Let's hope Schulhofer releases with a more substantive sequel, and soon. -- EC Rosenberg ================================ EPIC Publications: "Litigation Under the Federal Open Government Laws 2010," edited by Harry A. Hammitt, Marc Rotenberg, John A. Verdi, Ginger McCall, and Mark S. Zaid (EPIC 2010). Price: $75 http://epic.org/bookstore/foia2010/ Litigation Under the Federal Open Government Laws is the most comprehensive, authoritative discussion of the federal open access laws. This updated version includes new material regarding President Obama's 2009 memo on Open Government, Attorney General Holder's March 2009 memo on FOIA Guidance, and the new executive order on declassification. The standard reference work includes in-depth analysis of litigation under: the Freedom of Information Act, the Privacy Act, the Federal Advisory Committee Act, and the Government in the Sunshine Act. The fully updated 2010 volume is the 25th edition of the manual that lawyers, journalists and researchers have relied on for more than 25 years. ================================ "Information Privacy Law: Cases and Materials, Second Edition" Daniel J. Solove, Marc Rotenberg, and Paul Schwartz. (Aspen 2005). Price: $98. http://www.epic.org/redirect/aspen_ipl_casebook.html This clear, comprehensive introduction to the field of information privacy law allows instructors to enliven their teaching of fundamental concepts by addressing both enduring and emerging controversies. The Second Edition addresses numerous rapidly developing areas of privacy law, including: identity theft, government data mining and electronic surveillance law, the Foreign Intelligence Surveillance Act, intelligence sharing, RFID tags, GPS, spyware, web bugs, and more. Information Privacy Law, Second Edition, builds a cohesive foundation for an exciting course in this rapidly evolving area of law. ================================ "Privacy & Human Rights 2006: An International Survey of Privacy Laws and Developments" (EPIC 2007). Price: $75. http://www.epic.org/phr06/ This annual report by EPIC and Privacy International provides an overview of key privacy topics and reviews the state of privacy in over 75 countries around the world. The report outlines legal protections, new challenges, and important issues and events relating to privacy. Privacy & Human Rights 2006 is the most comprehensive report on privacy and data protection ever published. ================================ "The Public Voice WSIS Sourcebook: Perspectives on the World Summit on the Information Society" (EPIC 2004). Price: $40. http://www.epic.org/bookstore/pvsourcebook This resource promotes a dialogue on the issues, the outcomes, and the process of the World Summit on the Information Society (WSIS). This reference guide provides the official UN documents, regional and issue-oriented perspectives, and recommendations and proposals for future action, as well as a useful list of resources and contacts for individuals and organizations that wish to become more involved in the WSIS process. ================================ "The Privacy Law Sourcebook 2004: United States Law, International Law, and Recent Developments," Marc Rotenberg, editor (EPIC 2005). Price: $40. http://www.epic.org/bookstore/pls2004/ The Privacy Law Sourcebook, which has been called the "Physician's Desk Reference" of the privacy world, is the leading resource for students, attorneys, researchers, and journalists interested in pursuing privacy law in the United States and around the world. It includes the full texts of major privacy laws and directives such as the Fair Credit Reporting Act, the Privacy Act, and the OECD Privacy Guidelines, as well as an up-to-date section on recent developments. New materials include the APEC Privacy Framework, the Video Voyeurism Prevention Act, and the CAN-SPAM Act. ================================ "Filters and Freedom 2.0: Free Speech Perspectives on Internet Content Controls" (EPIC 2001). Price: $20. http://www.epic.org/bookstore/filters2.0 A collection of essays, studies, and critiques of Internet content filtering. These papers are instrumental in explaining why filtering threatens free expression. ================================ EPIC publications and other books on privacy, open government, free expression, and constitutional values can be ordered at: EPIC Bookstore http://www.epic.org/bookstore ================================ EPIC also publishes EPIC FOIA Notes, which provides brief summaries of interesting documents obtained from government agencies under the Freedom of Information Act. Subscribe to EPIC FOIA Notes at: http://mailman.epic.org/mailman/listinfo/foia_notes ======================================================================= [9] Upcoming Conferences and Events ======================================================================= CONSENT policy conference: "Perceptions, Privacy and Permissions: the role of consent in on-lineservices." 6-7 September 2012, Cluj-Napoca, Romania. Call for papers by 7 June 2012. For More Information: http://conference.ubbcluj.ro/consent/. DataCenter Dynamics Converged. 12 September 2012, Washington, DC. For More Information: http://www.datacenterdynamics.com/conferences/2012/ washington-dc-2012?i=who-should-attend. Cato Institute’s 11th Annual Constitution Day Conference, 18 September 2012, Washington, DC. For More Information: http://www.cato.org/events/ccs2012/index.html. 3rd Annual Privacy, ATI and Security Congress. 4-5 October 2012, Ottawa, ON. For More Information: http://www.rebootconference.com/ events/information-privacy-security-congress-2012/. Amsterdam Privacy Conference. 7-10 October 2012, Amsterdam. For More Information: http://www.ivir.nl/news/CallforPapersAPC2012.pdf. 34th International Conference of Data Protection and Privacy. 23-25 October 2012, Punta del Este, Uruguay. For more information: http://www.privacyconference2012.org/english/sobre-la-conferencia/ noticias/noticia-destacada. The Public Voice Conference. 22 October 2012, Punta del Este, Uruguay. For more information: http://www.thepublicvoice.org/. PIPA Conference 2012: "Privacy on the Go." 1-2 November 2012, Calgary, Alberta. For More Information: http://privacyconference2012.ca. "Computers, Privacy and Data Protection: Reloading Data Protection." 23-25 January 2013, Brussels. For More information: http://www.cpdpconferences.org/. ======================================================================= Join EPIC on Facebook and Twitter ======================================================================= Join the Electronic Privacy Information Center on Facebook and Twitter: http://facebook.com/epicprivacy http://epic.org/facebook http://twitter.com/epicprivacy Join us on Twitter for #privchat, Tuesdays, 11:00am ET. Start a discussion on privacy. Let us know your thoughts. Stay up to date with EPIC's events. Support EPIC. ======================================================================= Privacy Policy ======================================================================= The EPIC Alert mailing list is used only to mail the EPIC Alert and to send notices about EPIC activities. We do not sell, rent or share our mailing list. We also intend to challenge any subpoena or other legal process seeking access to our mailing list. We do not enhance (link to other databases) our mailing list or require your actual name. In the event you wish to subscribe or unsubscribe your e-mail address from this list, please follow the above instructions under "subscription information." ======================================================================= About EPIC ======================================================================= The Electronic Privacy Information Center is a public interest research center in Washington, DC. It was established in 1994 to focus public attention on emerging privacy issues such as the Clipper Chip, the Digital Telephony proposal, national ID cards, medical record privacy, and the collection and sale of personal information. EPIC publishes the EPIC Alert, pursues Freedom of Information Act litigation, and conducts policy research. For more information, see http://www.epic.org or write EPIC, 1718 Connecticut Ave. NW, Suite 200, Washington, DC 20009. +1 202 483 1140 (tel), +1 202 483 1248 (fax). ======================================================================= Donate to EPIC ======================================================================= If you'd like to support the work of the Electronic Privacy Information Center, contributions are welcome and fully tax-deductible. Checks should be made out to "EPIC" and sent to 1718 Connecticut Ave. NW, Suite 200, Washington, DC 20009. Or you can contribute online at: http://www.epic.org/donate Your contributions will help support Freedom of Information Act and First Amendment litigation, strong and effective advocacy for the right of privacy and efforts to oppose government regulation of encryption and expanding wiretapping powers. Thank you for your support. ======================================================================= Subscription Information ======================================================================= Subscribe/unsubscribe via web interface: http://mailman.epic.org/mailman/listinfo/epic_news Back issues are available at: http://www.epic.org/alert The EPIC Alert displays best in a fixed-width font, such as Courier. ------------------------- END EPIC Alert 19.15 ------------------------