Focusing public attention on emerging privacy and civil liberties issues

EPIC Alert 19.20

======================================================================= E P I C A l e r t ======================================================================= Volume 19.20 October 26, 2012 ----------------------------------------------------------------------- Published by the Electronic Privacy Information Center (EPIC) Washington, D.C. http://www.epic.org/alert/epic_alert_19.20.html "Defend Privacy. Support EPIC." http://epic.org/donate ======================================================================== Table of Contents ======================================================================== [1] Privacy Officials, Advocates Attend Uruguay Public Voice Conference [2] EPIC FOIA Cases Move Forward in Federal Court [3] TSA Unplugs, Boxes Up Airport Body Scanner X-ray Devices [4] EU Data Protection Agencies Order Google to Improve User Privacy [5] Presidential Commission Urges Privacy Protections for DNA Data [6] News in Brief [7] EPIC in the News [8] Book Review: '500 Days' [9] Upcoming Conferences and Events ======================================================================== [1] Privacy Officials, Advocates Attend Uruguay Public Voice Conference ======================================================================== Civil society groups, privacy advocates, tech experts, other data privacy professionals gathered on Monday, October 22, in Punta del Este, Uruguay, for the 2012 Public Voice conference. The conference, "Privacy Rights Are a Global Challenge," was held in conjunction with the annual meeting of the International Data Protection and Privacy Commissioners. The Public Voice conference covered enforcement of consumer privacy rights, privacy laws in Latin America, emerging trends, and the implementation of the Madrid Declaration. This year's Public Voice conference focused on five major topics: measuring the impact of the Madrid Declaration of 2009; assessing various international privacy perspectives; the spread of surveillance technology and the resulting social and cultural implications; an exploration of Latin American technology and data privacy policy and law; and the interrelationship of government, technology, and civil society in Latin America. 2012 cosponsors included EPIC, the Mexican NGOs Causacomun and Proteccion Datos Mexico, the Australian Privacy Foundation, the Open Democracy Advice Center, and ISACA. The conference was webcast, with nearly 4000 participants worldwide live- blogging the proceedings. The keynote speaker was Dr. Felipe Rotondo, President of Uruguay's Personal Data Regulatory and Control Unit. Panelists included high-level privacy officials and advocates from countries including France, Hong Kong, Colombia, South Africa, Israel, Chile, Germany, as well as representatives from the EU. Public Voice conference participants were also able to take advantage of presentations and discussions at the 34th Annual Data Protection and Privacy Commissioners' Conference, the world's largest annual privacy forum. The Privacy Commissioners' Conference brings together the highest governemental authorities and institutions guaranteeing data protection and privacy, as well as academics, NGOs and other experts. This year's conference explored "Privacy and technology in balance," and included over 90 speakers representing over 40 countries. EPIC established The Public Voice coalition 1996 to promote public participation in decisions concerning the future of the Internet. The Public Voice has pursued issues ranging from privacy and freedom of expression to consumer protection and Internet governance. Through international conferences, reports and funding for travel the Public Voice project seeks to increase the presence of NGOs at meetings across the globe. In cooperation with the OECD, UNESCO, and other international organizations, the Public Voice project brings civil society leaders face to face with government officials for constructive engagement about current policy issues. Public Voice events have been held in Buenos Aires, Cape Town, Dubai, Hong Kong, Honolulu, Kuala Lumpur, Madrid, Mexico City, Ottawa, Paris, Seoul, Tel Aviv, Washington, and Wroclaw. The Public Voice http://thepublicvoice.org The Public Voice: "Privacy Rights Are a Global Challenge" http://thepublicvoice.org/events/uruguay12/ #TPV12 storifyed: The Public Voice Conference (Oct. 22, 2012) http://epic.org/redirect/102612-storify-publicvoice-2012.html 34th Annual Conference of the Data Protection and Privacy Commissioners http://privacyconference2012.org/english/ The 2009 Madrid Declaration http://thepublicvoice.org/madrid-declaration/ ======================================================================= [2] EPIC FOIA Cases Move Forward in Federal Court ======================================================================= Two federal judges have issued orders compelling US government agencies to produce documents in open government cases pursued by EPIC. Both cases are proceeding in the federal district court for the District of Columbia. In EPIC v. Office of Director of National Intelligence (ODNI), EPIC is seeking information about a plan to integrate databases across the federal government without the legal safeguards typically in place for government-held data on US persons. The ODNI is the top intelligence agency in the US and coordinates the data collection and analysis of many federal intelligence and law enforcement agencies. This new system would store personal data for up to five years. In response to EPIC's FOIA lawsuit against ODNI, a federal judge has ordered the agency to disclose the procedures it has established to safeguard privacy rights. Specifically, EPIC seeks to discover if the ODNI's procedures will comply with the requirements of the Privacy Act. In EPIC v. Department of Homeland Security, EPIC is seeking documents about DHS Internet monitoring that some Justice Department officials believe may "run afoul of privacy laws forbidding government surveillance of private Internet traffic." The National Security Agency has reportedly implemented a new program to monitor all web traffic flowing to select defense contractors via certain Internet service providers. This program could violate the Electronic Communications Privacy Act, which prohibits the interception of electronic communications without a court order. In EPIC's case against DHS, the government sought a 16-month extension. The court has ordered DHS to begin producing documents in the next month. Over the course of the next five months, DHS must continue to disclose documents according to certain deadlines and benchmarks. In related FOIA developments, and in response to a detailed complaint from EPIC, the government's FOIA Ombudsman has announced significant changes that will assist all DHS FOIA requesters. Beginning October 1, the Department of Homeland Security will conditionally grant fee waivers for qualified requests. EPIC had previously stated that DHS was "throwing up roadblocks" by withholding fee waivers. The Ombudsman also has required DHS to inform non-commercial requesters that they are entitled to two free hours of search time and 100 free pages of duplication. Previously, the agency did not inform requesters of this legal right. Additionally, when fees are imposed, DHS will now provide requesters a detailed breakdown of costs. EPIC: Court Order in EPIC v. DHS (Oct. 16, 2012) http://epic.org/foia/dhs/defense-monitoring.html EPIC: EPIC v. ODNI http://epic.org/foia/odni/epic_v_odni.html EPIC: Press Release on EPIC v. ODNI (Aug. 2, 2012)- http://epic.org/press/EPIC-ODNI-FOIA-Press-Release-08-02-12.pdf EPIC: Court Order in EPIC v. DHS (Oct. 16, 2012) http://epic.org/foia/dhs/defense-monitoring.html EPIC: Complaint Against DHS (Mar. 1, 2012) http://epic.org/foia/EPIC-DHS-NPPD-Complaint-03-01-12.pdf EPIC: DHS Response to EPIC Complaint (May 1, 2012) http://epic.org/foia/dhs/defense-monitoring/00333-Answer.pdf EPIC: FOIA Request re: DHS Media Monitoring (Jul. 26, 2011) http://epic.org/foia/EPIC-DHS-NPPD-Request-07-26-11.pdf EPIC: EPIC v. DHS (Defense Contractor Monitoring) http://epic.org/foia/dhs/defense-monitoring.html EPIC: Complaint to OGIS re: DHS Fee Waiver Practices (Jun. 1, 2012) http://epic.org/foia/dhs/EPIC-DHS-FOIA-OGIS-Ltr-06-01-12.pdf OGIS: Letter to EPIC re: DHS Fee Waiver Practices (Oct. 19, 2012) http://epic.org/open_gov/foia/OGIS-to-EPIC-re-DHS-10-19-12.pdf OGIS: FOIA Ombudsman https://ogis.archives.gov/ EPIC: Open Government http://epic.org/open_gov/ EPIC: EPIC FOIA Cases http://epic.org/foia/ ======================================================================== [3] TSA Unplugs, Boxes Up Airport Body Scanner X-ray Devices ======================================================================== According to several news sources, the Transportation Safety Administration has begun removing the controversial backscatter x-ray "Whole Body Imaging" scanners from major US airports and replacing them with millimeter wave scanners, a less-intrusive but still controversial scanning technology. The backscatter x-ray devices have been widely criticized by medical experts and privacy advocates. The European Union banned x-ray body scanners from European airports in 2011, citing both unreliability and potential health risks. EPIC sued the Department of Homeland Security to force disclosure of technical documents about the body scanner program. The documents EPIC received revealed, among other things, that the Department of Homeland Security publicly mischaracterized the findings of the National Institute of Standards and Technology, stating that NIST had "affirmed the safety" of full body scanners. In fact, NIST never tested full-body scanners for safety. In a subsequent lawsuit, EPIC v. DHS, the DC Circuit Court of Appeals determined that air travelers have a right to opt-out of the body- scanner screening and that the TSA must undertake a notice and comment rulemaking. In the most recent decision, the court has ordered the agency to begin the public comment process by March 2013. Despite the court order for public comment on body scanners, in September 2012 the Department of Homeland Security awarded $245 million in contracts for body scanners. TSA: Press Release on AIT Deployment (Jan. 26, 2012) http://epic.org/redirect/102612-tsa-press-release.html EU: Press Release on Body Scanners at EU Airports (Nov. 14, 2011) http://europa.eu/rapid/press-release_IP-11-1343_en.htm?locale=en ProPublica: Article on X-Ray Scanner Removal (Oct. 19, 2012) http://epic.org/redirect/102612-propublica-scanners-epic.html EPIC: EPIC v. DHS (Body Scanner Radiation Risks) http://epic.org/redirect/102612-backscatter.html EPIC: Whole Body Imaging Technology and Body Scanners http://epic.org/privacy/airtravel/backscatter/ ======================================================================= [4] EU Data Protection Agencies Order Google to Improve User Privacy ======================================================================= The French Data Protection Commission CNIL, acting on behalf of the European Union, has ordered Google to endorse key privacy principles, comply with data protection laws, and give users greater control over their personal information. The decision follows an investigation triggered by Google's privacy policy unification in March 2012, which allowed the company to combine user data across 60 Internet services. Specifically, CNIL sent Google two sets of questions about company privacy practices - the first as an initial query, the second after finding Google's previous response "often incomplete or approximate." Following several months of investigation, the Commission determined that Google's new centralized privacy policies violated EU data protection laws because Google "does not collect unambiguous consent of the user." The Commission then listed 12 steps, divided into two categories, which Google should implement in order to ensure compliance with the law. The first category covers "information" practices and suggests, "Google should disclose and detail how it processes personal data in each service and differentiate the purposes for each service and each category of data." This section included suggestions for tiered privacy notices, interactive privacy presentations within the services, precise information about the data collected, and development of protocols for smartphones. The second category of advice covered the "combination of data" and suggested, "Google should take action to clarify the purposes and means of the combination of data," by detailing "more clearly how data is combined across its services and develop new tools to give users more control over their personal data." This section recommended simplifying opt-out procedures, requiring explicit consent to data collection, limiting the amount of data collected, explaining the different functions of the collected data, and applying the same rigorous protections throughout the EU. Earlier in 2012, EPIC sued the Federal Trade Commission to force the FTC to enforce the terms of the agency's consent order with Google. EPIC warned that the FTC's failure to enforce prior to March 1, 2012, would cause "irreparable injury." EPIC cited Google's plans to combine user data without consent, and pointed to numerous cases that established the need for the Court to assess the FTC's failure to act. CNIL: Letter to Google's Larry Page (Oct. 16, 2012) http://epic.org/redirect/102612-cnil-letter-page.html CNIL: Appendix to Letter (Oct. 16, 2012) http://epic.org/redirect/102612-cnil-letter-page-2.html National Assn. of AGs: Letter to Larry Page (Feb. 22, 2012) http://epic.org/redirect/102612-naag-page-letter.html Congressional Privacy Caucus: Letter to Jon Leibowitz (Feb. 17, 2012) http://epic.org/redirect/102612-privacy-caucus-letter.html EPIC: Letter to Congress re: Google (Feb. 24, 2012) http://epic.org/redirect/102612-epic-letter-bono-mack.html TACD: Letter to Larry Page (Feb. 29, 2012) http://epic.org/privacy/ftc/google/TACD-Google-Letter.pdf EPIC: Google Buzz http://epic.org/privacy/ftc/googlebuzz/ EPIC: Enforcement of Google Consent Order http://epic.org/privacy/ftc/google/consent-order.html EPIC: EU Data Protection Directive http://epic.org/privacy/intl/eu_data_protection_directive.html ======================================================================== [5] Presidential Commission Urges Privacy Protections for DNA Data ======================================================================== The Presidential Commission for the Study of Bioethical Issues has published a report, "Privacy and Progress in Whole Genome Sequencing." The Commission, established in November 2009 pursuant to an Executive Order from the Obama White House, is tasked with "advising the President on bioethical issues that may emerge from advances in biomedicine and related areas of science and technology." The report sets out a series of privacy recommendations consistent with the unique nature of genetic data collection. The Commission's 140-page report includes a set of "Basic Ethical Principles" for those who work with human DNA. These principles include: (1) establishing and maintaining "clear policies defining acceptable access to and permissible uses of whole genome sequence data"; (2) urging federal and state governments to have a "consistent floor of privacy protections covering whole genome sequence data regardless of how they were obtained"; (3) ensuring the "security of whole genome sequence data"; (4) stripping DNA sequences "of traditional identifiers whenever possible to inhibit recognition or re- identification"; and (5) establishing "clear and consistent guidelines for informed consent forms" for DNA research. According to the Commission, "[These] policies should protect individual privacy by prohibiting unauthorized whole genome sequencing without the consent of the individual from whom the sample came." The Commission further said "Only in exceptional circumstances should entities such as law enforcement or defense and security have access to biospecimens or whole genome sequence data for non health-related purposes without consent." EPIC has been a longtime advocate for genetic and medical record privacy. Earlier in 2012, EPIC responded to the Commission's request for comments on issues of DNA privacy and access. EPIC's comments noted that whole genome sequencing, or the mapping of DNA, merits an unprecedented level of privacy protection: "Unlike other forms of personally identifiable information, genetic data and corresponding biometric information are truly unique identifiers," EPIC stated. EPIC Advisory Board member Professor Anita Allen has written that unwanted disclosure of health information can result in "major losses" for the individual. According to Allen, these losses can include "employment, loss of insurance, loss of school choice, loss of community standing, and loss of intimacy." EPIC advised the Commission to recognize the finality of these potential losses when constructing a privacy framework, and it encouraged the Commission to borrow from the framework of existing legal policies concerning health data access, for example, the Genetic Information Nondiscrimination Act. Presidential Commission for the Study of Bioethical Issues http://www.bioethics.gov/ Presidential Commission: Paper on DNA Privacy (Oct. 2012) http://bioethics.gov/cms/sites/default/files/PrivacyProgress508.pdf EPIC: Comments to the Commission on DNA Privacy (May 25, 2012) http://epic.org/redirect/102612-epic-dna-comments.html EPIC: Genetic Privacy http://epic.org/privacy/genetic/ EPIC: Medical Records Privacy http://epic.org/privacy/medical/ ======================================================================== [6] News in Brief ======================================================================== Federal Court Panel Blocks South Carolina Voter ID Requirement A special panel of federal judges in Washington, DC has barred the state of South Carolina from enforcing new voter identification requirements in the upcoming November elections. The court was "unable to conclude" that South Carolina could implement voter identification laws in a way that would "suffice under the Voting Rights Act" before November 6. The court did grant preclearance to implement the law after the election, citing the "extremely broad interpretation of the reasonable impediment provision," which allows South Carolina voters to complete an affidavit affirming their identity and state their reason for not having obtained photo identification. EPIC has previously argued that voter ID requirements impermissibly burden the right to vote. DC Circuit Court: Decision in SC Voter Law (Oct. 10, 2012) https://ecf.dcd.uscourts.gov/cgi-bin/show_public_doc?2012cv0203-299 EPIC: Voter ID and Privacy http://epic.org/privacy/voting/photo-identification.html EPIC: Voter Registration and Privacy http://epic.org/privacy/voting/register/ EPIC: Voting Privacy http://epic.org/privacy/voting/ EPIC: Crawford v. Marion County http://epic.org/privacy/voting/crawford/ New Jersey Supreme Court Considers Mobile Phone Tracking Case The New Jersey Supreme Court heard arguments October 22 in the case State v. Earls, which centers on whether police may use mobile phone tracking techniques without court approval. Earlier this year, the US Supreme Court ruled in US v. Jones that law enforcement must obtain a court order before attaching a GPS tracking device to a vehicle. EPIC filed a "friend of the court" brief in Earls, urging the New Jersey court to uphold Fourth Amendment protections. The mobile phone tracking techniques at issue in the New Jersey case, EPIC argued, are "more invasive than the GPS tracking in Jones." Princeton attorney and EPIC board member Grayson Barber argued for EPIC before the New Jersey court. EPIC: State of New Jersey v. Earls http://epic.org/amicus/location/earls/ EPIC: US v. Jones http://epic.org/amicus/jones/ EPIC: "Friend of the Court" Brief in State v. Earls (Feb. 2012) http://epic.org/amicus/location/earls/EPIC-Earls-Amicus-NJ-SCt.pdf EPIC: Grayson Barber https://epic.org/epic/advisory_board.html#barber EPIC: Locational Privacy http://epic.org/privacy/location_privacy/default.html FTC Proposes 'Best Practices' for Facial Recognition Technology The Federal Trade Commission has released a report, "Facing Facts," which recommends that businesses using facial recognition technology should follow certain practices in order to protect consumers' privacy and security. The report encourages practices such as privacy by design, data deletion, and security standards. In services that use facial recognition to identify individuals, the report recommends that companies obtain consumers' "affirmative express consent". In certain sensitive locations, such as health care facilities, the report urges that the technology should not be used at all. In January 2012 comments to the FTC, EPIC recommended a moratorium on the use of facial recognition until adequate privacy safeguards are developed. A similar recommendation is found in the Madrid Privacy Declaration, which is endorsed by more than 100 civil society organizations worldwide. Facebook has ceased the use of facial recognition in the European Union and suspended it in the US. FTC: Report on Facial Recognition Technology (Oct. 2012) http://epic.org/redirect/102612-ftc-facing-facts.html EPIC: Comments to FTC on Facial Recognition Technology (Jan. 31, 2012) http://epic.org/privacy/facerecognition/EPIC-Face-Facts-Comments.pdf The Public Voice: The Madrid Privacy Declaration of 2009 http://thepublicvoice.org/madrid-declaration/ EPIC: Facial Recognition http://epic.org/privacy/facerecognition/ EPIC: Facebook and Facial Recognition http://epic.org/privacy/facebook/facebook_and_facial_recognitio.html EPIC: Federal Trade Commission http://epic.org/privacy/internet/ftc/ Verizon Begins Invasive Marketing Program Verizon has begun selling the personal information of Verizon users, including location information and web browsing activity, via the new "Precision Insights B2B" program. Verizon's collection of content information implicates federal wiretapping law, although some have suggested that Verizon escapes liability by allowing users to opt-out. EPIC previously filed a complaint with the Federal Trade Commission regarding Verizon's business practices, which EPIC described as "unfair and deceptive, contrary to the privacy and security interests of Verizon Wireless customers, and actionable by the Federal Trade Commission." Verizon: 'Precision Insights' Web Page http://business.verizonwireless.com/content/b2b/en/precision.html EPIC: Complaint with FTC Against Verizon (Oct. 28, 2011) http://epic.org/privacy/ftc/EPIC-Verizon-FTC-Complaint-final.pdf EPIC: Federal Trade Commission http://epic.org/privacy/internet/ftc/ EPIC: Electronic Communications Privacy Act (ECPA) http://epic.org/privacy/ecpa/ National Do Not Call Registry Tops 217 Million Phone Numbers According to the Federal Trade Commission's 2012 "National Do Not Call Registry Data Book", the number of actively registered phone numbers on the DNC list is up, but so too are the number of consumer complaints about unwanted telemarketing calls. The FTC has continued to receive large numbers of consumer complaints about so-called "robocalls" even though most telemarketing robocalls have been illegal since September 2009. EPIC supported establishment of the Do Not Call Registry, and recommended to Congress in 2010 that an effective Do Not Track initiative would need to ensure that a consumer's decision is "enforceable, persistent, transparent, and simple." FTC: National Do Not Call Data Book (Oct. 2012) http://ftc.gov/os/2012/10/1210dnc-databook.pdf EPIC: Statement to Congress on Do Not Track Legislation (Dec. 9, 2010) http://epic.org/redirect/102612-epic-donottrack-statement.html EPIC: Telemarketing and the Telephone Consumer Protection Act http://epic.org/privacy/telemarketing/ EPIC: Online Tracking and Behavioral Profiling http://epic.org/privacy/consumer/online_tracking_and_behavioral.html ======================================================================= [7] EPIC in the News ======================================================================= "Shifting Mood May End Blank Check for U.S. Security Efforts." The New York Times, Oct. 24, 2012. http://epic.org/redirect/102612-nyt-epic-tsa.html "Privacy Concerns Linger Over FBI's New Facial Recognition System." The Huffington Post, Oct. 24, 2012. http://epic.org/redirect/102612-huffpost-epic-facial.html "Lawyers Discuss Supreme Court Cases on Sniffer Dog Use," C-Span, Oct. 23, 2012. http://www.c-span.org/Events/C-SPAN-Event/10737435216/ "N.J. Supreme Court to tackle privacy issues in cellphone, GPS case." The Record, Oct. 22, 2012. http://epic.org/redirect/102612-therecord-njdog-epic.html "Markey grills Microsoft over privacy changes." The Hill, Oct. 22, 2012. http://epic.org/redirect/102612-thehill-epic-markey.html "Setback for secret Big Brother database." WorldNet Weekly, Oct. 20, 2012. http://www.wnd.com/2012/10/setback-for-secret-big-brother-database/ "TSA Removes X-Ray Body Scanners From Major Airports." ProPublica, Oct. 19, 2012. ttp://epic.org/redirect/102612-propublica-scanners-epic.html "Did Facebook violate its FTC agreement?" Lexology, Oct. 17, 2012. http://epic.org/redirect/102612-lexology-facebook-epic.html "Presidential commission recommends baseline rules for genetic info." Government Security News, Oct. 16, 2012. http://epic.org/redirect/102612-gnc-dna-epic.html "European regulators want Google to make changes to privacy policy." L.A. Times, Oct. 16, 2012. http://epic.org/redirect/102612-eu-google-epic.html For More EPIC in the News: http://epic.org/news/epic_in_news.html ======================================================================= [8] Book Review: '500 Days' ======================================================================= "500 Days: Secrets and Lies in the Terror Wars," Kurt Eichenwald http://epic.org/redirect/102612-500-days-eichenwald.html Journalist Kurt Eichenwald's "500 Days" provides a detailed account of the 504 days following the events of September 11, 2001. "Every aspect of the terror wars" was established during that period, Eichenwald explains, and the remaining six years of George W. Bush's presidency "was little more than reactions to those early decisions." Eichenwald's book doesn't conform to conventional theatrical unities of time, place, and action, but still reads as if it were written for the stage. In fact, Eichenwald reserves the first pages of "500 Days" to establish the "cast of characters," including senior Executive officials, administrative decision-makers, prominent international figures, and political journalists. Readers are made to feel as if Eichenwald is giving them a "backstage tour" through the familiar events following 9/11,from the inside perspective of those who called the shots. "500 Days" takes readers through a fast-paced, and sometimes confusing, timeline of theactions that took place in Washington, DC and around the globe during that crucial period. Eichenwald is able to maintain a level of objectivity as he respectfully depicts highly emotional events in recent American history, including the rebellion of the passengers of Flight 93 against their terrorist captors: "the lead hijacker, Ziad Jarrah, had been maneuvering the plane violently, rocking it side to side, then up and down, attempting to throw the counterattackers off balance. But to no avail - they kept coming." Far from separating the reader from these events, Eichenwald's meticulous tone and level of detail connect the reader to the sensitive subject matter without overwhelming. In a work of fiction, Eichenwald's continual descriptions of intelligence information ignored, misinterpreted, and misused might be called "black comedy." Here, the frequent errors and lapses are real and tragic. It is impossible to ignore the irony that lax intelligence and vigilance prior to 9/11 led to a decade of unprecedented, unwarranted surveillance and government intrusion. "This battle was about more than the security of American citizens," says Eichenwald, indirectly quoting an attorney in the George W. Bush White House. "It was about the protection of civilization itself." A few pages later Eichenwald lists some of the civil liberties that would be given up in this pursuit of security - for instance, the steps taken to update the Foreign Intelligence Surveillance Act. Though Eichenwald's introduction makes clear that "500 Days" is intended to depict the events that immediately followed 9/11, the book's brilliance is derived from Eichenwald's careful consideration of the individuals behind those events. Familiar names - Salam Hamdan, John Yoo, Donald Rumsfeld - are depicted as real, three-dimensional people. We join Hamdan as he first became aware and contemplated the consequences of bin Laden's actions; Yoo as he answered phones at a "tacky, wood-laminated table"; and Rumsfeld as he rushed to the scene of the Pentagon crash and dug through the rubble. Eichenwald's work ultimately reminds readers that the current civil-liberties crisis in the US did not happen overnight, and was not conjured from smoke and mirrors. Rather, it was meticulously, though not always thoughtfully, crafted around us during a moment of unexpected, unprecedented national panic. -- Amie L. Stepanovich ================================ EPIC Publications: "Litigation Under the Federal Open Government Laws 2010," edited by Harry A. Hammitt, Marc Rotenberg, John A. Verdi, Ginger McCall, and Mark S. Zaid (EPIC 2010). Price: $75 http://epic.org/bookstore/foia2010/ Litigation Under the Federal Open Government Laws is the most comprehensive, authoritative discussion of the federal open access laws. This updated version includes new material regarding President Obama's 2009 memo on Open Government, Attorney General Holder's March 2009 memo on FOIA Guidance, and the new executive order on declassification. The standard reference work includes in-depth analysis of litigation under: the Freedom of Information Act, the Privacy Act, the Federal Advisory Committee Act, and the Government in the Sunshine Act. The fully updated 2010 volume is the 25th edition of the manual that lawyers, journalists and researchers have relied on for more than 25 years. ================================ "Information Privacy Law: Cases and Materials, Second Edition" Daniel J. Solove, Marc Rotenberg, and Paul Schwartz. (Aspen 2005). Price: $98. http://www.epic.org/redirect/aspen_ipl_casebook.html This clear, comprehensive introduction to the field of information privacy law allows instructors to enliven their teaching of fundamental concepts by addressing both enduring and emerging controversies. The Second Edition addresses numerous rapidly developing areas of privacy law, including: identity theft, government data mining and electronic surveillance law, the Foreign Intelligence Surveillance Act, intelligence sharing, RFID tags, GPS, spyware, web bugs, and more. Information Privacy Law, Second Edition, builds a cohesive foundation for an exciting course in this rapidly evolving area of law. ================================ "Privacy & Human Rights 2006: An International Survey of Privacy Laws and Developments" (EPIC 2007). Price: $75. http://www.epic.org/phr06/ This annual report by EPIC and Privacy International provides an overview of key privacy topics and reviews the state of privacy in over 75 countries around the world. The report outlines legal protections, new challenges, and important issues and events relating to privacy. Privacy & Human Rights 2006 is the most comprehensive report on privacy and data protection ever published. ================================ "The Public Voice WSIS Sourcebook: Perspectives on the World Summit on the Information Society" (EPIC 2004). Price: $40. http://www.epic.org/bookstore/pvsourcebook This resource promotes a dialogue on the issues, the outcomes, and the process of the World Summit on the Information Society (WSIS). This reference guide provides the official UN documents, regional and issue-oriented perspectives, and recommendations and proposals for future action, as well as a useful list of resources and contacts for individuals and organizations that wish to become more involved in the WSIS process. ================================ "The Privacy Law Sourcebook 2004: United States Law, International Law, and Recent Developments," Marc Rotenberg, editor (EPIC 2005). Price: $40. http://www.epic.org/bookstore/pls2004/ The Privacy Law Sourcebook, which has been called the "Physician's Desk Reference" of the privacy world, is the leading resource for students, attorneys, researchers, and journalists interested in pursuing privacy law in the United States and around the world. It includes the full texts of major privacy laws and directives such as the Fair Credit Reporting Act, the Privacy Act, and the OECD Privacy Guidelines, as well as an up-to-date section on recent developments. New materials include the APEC Privacy Framework, the Video Voyeurism Prevention Act, and the CAN-SPAM Act. ================================ "Filters and Freedom 2.0: Free Speech Perspectives on Internet Content Controls" (EPIC 2001). Price: $20. http://www.epic.org/bookstore/filters2.0 A collection of essays, studies, and critiques of Internet content filtering. These papers are instrumental in explaining why filtering threatens free expression. ================================ EPIC publications and other books on privacy, open government, free expression, and constitutional values can be ordered at: EPIC Bookstore http://www.epic.org/bookstore ================================ EPIC also publishes EPIC FOIA Notes, which provides brief summaries of interesting documents obtained from government agencies under the Freedom of Information Act. Subscribe to EPIC FOIA Notes at: http://mailman.epic.org/mailman/listinfo/foia_notes ======================================================================= [9] Upcoming Conferences and Events ======================================================================= Privacy and Civil Liberties Oversight Board (PCLOB), First Public Meeting. 30 October 2012, Washington, DC. For More Information: Contact Matthew B. Conrad, +1-202-690-8906. 2012 TCIPG Industry Workshop: "Building Cyber Security and Resiliency into the Grid." 30-31 October 2012, Champaign, IL. For More Information: http://tcipg.org/2012-tcipg-industry-workshop. PIPA Conference 2012: "Privacy on the Go." 1-2 November 2012, Calgary, Alberta. For More Information: http://privacyconference2012.ca. Annual Computer Security Applications Conference (ACSAC) 2012. 6 December 2012, Orlando, FL. For More Information: http://www.acsac.org/2012/openconf/modules/request.php?module=oc_ program&action=program.php&p=program. "Computers, Privacy and Data Protection: Reloading Data Protection." 23-25 January 2013, Brussels. For More information: http://www.cpdpconferences.org/. 22nd Annual Computers, Freedom, & Privacy Conference. 5-6 March 2012, Washington, DC. For More Information: Contact Chris Calabrese at ccalabrese@dcaclu.org. ======================================================================= Join EPIC on Facebook and Twitter ======================================================================= Join the Electronic Privacy Information Center on Facebook and Twitter: http://facebook.com/epicprivacy http://epic.org/facebook http://twitter.com/epicprivacy Join us on Twitter for #privchat, Tuesdays, 11:00am ET. Start a discussion on privacy. Let us know your thoughts. Stay up to date with EPIC's events. Support EPIC. ======================================================================= Privacy Policy ======================================================================= The EPIC Alert mailing list is used only to mail the EPIC Alert and to send notices about EPIC activities. We do not sell, rent or share our mailing list. We also intend to challenge any subpoena or other legal process seeking access to our mailing list. We do not enhance (link to other databases) our mailing list or require your actual name. In the event you wish to subscribe or unsubscribe your e-mail address from this list, please follow the above instructions under "subscription information." ======================================================================= About EPIC ======================================================================= The Electronic Privacy Information Center is a public interest research center in Washington, DC. It was established in 1994 to focus public attention on emerging privacy issues such as the Clipper Chip, the Digital Telephony proposal, national ID cards, medical record privacy, and the collection and sale of personal information. EPIC publishes the EPIC Alert, pursues Freedom of Information Act litigation, and conducts policy research. For more information, see http://www.epic.org or write EPIC, 1718 Connecticut Ave. NW, Suite 200, Washington, DC 20009. +1 202 483 1140 (tel), +1 202 483 1248 (fax). ======================================================================= Donate to EPIC ======================================================================= If you'd like to support the work of the Electronic Privacy Information Center, contributions are welcome and fully tax-deductible. Checks should be made out to "EPIC" and sent to 1718 Connecticut Ave. NW, Suite 200, Washington, DC 20009. Or you can contribute online at: http://www.epic.org/donate Your contributions will help support Freedom of Information Act and First Amendment litigation, strong and effective advocacy for the right of privacy and efforts to oppose government and private-sector infringement on constitutional values. Thank you for your support. ======================================================================= Subscription Information ======================================================================= Subscribe/unsubscribe via web interface: http://mailman.epic.org/mailman/listinfo/epic_news Back issues are available at: http://www.epic.org/alert The EPIC Alert displays best in a fixed-width font, such as Courier. ------------------------- END EPIC Alert 19.20------------------------