Focusing public attention on emerging privacy and civil liberties issues

EPIC Alert 19.21

======================================================================= E P I C A l e r t ======================================================================= Volume 19.21 November 9, 2012 ----------------------------------------------------------------------- Published by the Electronic Privacy Information Center (EPIC) Washington, D.C. http://www.epic.org/alert/epic_alert_19.21.html "Defend Privacy. Support EPIC." http://epic.org/donate ========================================================================== Table of Contents ========================================================================== [1] Election 2012: Privacy and Unfinished Business [2] Privacy and Civil Liberties Oversight Board Holds First Public Meeting [3] Supreme Court Hears Arguments in Surveillance Standing Case [4] Supreme Court Hears Challenges to Police 'Dog Sniffs' [5] EPIC Comments on FTC Rent-to-Own Computer Spying Settlement [6] News in Brief [7] EPIC in the News [8] Book Review: 'The Secret Lives of Codebreakers' [9] Upcoming Conferences and Events ======================================================================== [1] Election 2012: Privacy and Unfinished Business ======================================================================== [This column by EPIC President Marc Rotenberg appeared in The Huffington Post Nov. 7, 2012] It was a little more than a decade ago that the United States was rocked by the events of 9/11. Much happened on that day, including a sharp turn away from personal privacy and toward national security. Up went the cameras and the Patriot Act, and down came many laws that help safeguard privacy. A new industry for domestic surveillance emerged. But does it need to be this way? At the beginning of a second term for President Obama, it is time to move beyond the paranoid strategies for public safety that have dominated both Democratic and Republican presidencies. On the civil liberties front, the open secret is that little changed during the Obama years from the Bush years. The White House not only backed the FISA Amendments Act but defended it before the Supreme Court. That law leaves vulnerable the private communications of Americans in circumstances far outside the realm of a legitimate Fourth Amendment search. It needs a significant review and better oversight mechanisms before Congress considers renewal. Electronic privacy laws need to be updated and strengthened, not just for the benefit of companies that oppose government searches, but also for users whose personal data is routinely collected for tracking and profiling in ways they could not even imagine. And the risks to medical record privacy will increase as more personal data is stored online. On the consumer privacy front, the administration gets props for the Consumer Privacy Bill of Rights, a powerful framework for the protection of privacy. But this is only an outline and there is much to do, including legislation, before online privacy improves. The new administration would be wise also to take a closer look at cloud computing. The low-cost - literally free for many users - structure of modern computing services also requires that users give up control over their data once it resides on someone else's server. That is a cost that too few users understand. The Federal Trade Commission should begin workshops on that topic early next year. And while the FTC has been busy issuing consent orders, it may also want to take a step back and assess whether companies are in fact doing what they promised to do. Congress could help with that effort. If you look up in the sky, the odds are growing that you will see a small aerial drone with a surveillance camera looking back at you. President Obama has promoted the use of drones in the United States, but has yet to address the privacy consequences. New rules from the Federal Aviation Administration and legislation are clearly needed. Several bills are currently pending in the House. The promised efforts to strengthen the Freedom of Information Act, launched literally the day after President Obama was first elected to office, still remains a box unchecked. Perhaps the Justice Department gets credit for not joining the Federal Election Commission's effort to knock out a key pillar of the law - a meaningful determination by the agency on a request - but across the open government community the perception remains that agencies are litigating when they could simply be making public information available to the public. More can be done to strengthen open government. Resolving the challenges of cyber security in the next year will require better cooperation between the two parties. Business groups are right to push back on excessive and quickly outdated rules. But the data in those companies is also that of their customers. To imagine that the problems of security breaches, identity theft, and cyber attacks will simply go away is to ignore reality. Beyond upgrading security and rethinking unbounded data collection, governments and businesses should continue to follow legal obligations for privacy protection and government transparency. There has been enough immunity for unlawful wiretapping. We also believe that if the National Security Agency plans to enter the realm of domestic computer security, then it must play by the same rules as other federal agencies - openness and public accountability. The urgency of the cyber security challenge is an argument for government transparency not government secrecy. One issue of particular concern to EPIC, not always in the headlines but central to restoring government accountability, is the need to scale down the Department of Homeland Security. The DHS has become Big Brother's laboratory - body scanners at airports, "fusion centers" for state governments, RFID-enabled identity documents, surveillance cameras on public streets, and "Future Attribute Screening Technology," a technique for "pre-crime" detection. For those who need the refresher on the movie "Minority Report", these systems - more black boxes than real science - are prone to abuse. Like the backscatter x-ray devices that are now being boxed-up and taken out of major airports, it is time to pull the plug on these creepy tools for mass surveillance. Privacy protection, open government, and cyber security. These issues may not be at the top of the list for the new administration, but they should be near the top. And four years from now, we should expect progress. Marc Rotenberg, "Election 2012 -- Privacy and Unfinished Business." Huffington Post, Nov, 7, 2012 http://epic.org/redirect/110912-huffpost-rotenberg-oped.html ========================================================================== [2] Privacy and Civil Liberties Oversight Board Holds First Public Meeting ========================================================================== EPIC participated in the President's Privacy and Civil Liberties Oversight Board's (PCLOB) initial public meeting November 2. The Implementing Recommendations of the 9/11 Commission Act of 2007 established the five-member PCLOB as an independent agency to "analyze and review actions the executive branch takes to protect the Nation from terrorism, ensuring that the need for such actions is balanced with the need to protect privacy and civil liberties." In a prepared statement, EPIC urged the Board to investigate the program activities of the Department of Homeland Security and other federal agencies that have failed to comply with the Privacy Act of 1974. As an example, EPIC singled out the DHS Fusion Center programs, which collect and retain data of questionable quality in possible violation of the Privacy Act, and, according to a Congressional report, do not contribute to counterterrorism efforts. EPIC concluded that "the Fusion Center program should be suspended until adequate training is instituted and specific oversight procedures to prevent future privacy violations are installed. Additionally, any future funding of Fusion Centers should be conditioned on meeting the training requirements and oversight procedures." EPIC also drew the Board's attention to the issues surrounding the TSA's airport body scanner program. According to EPIC's statement, the initial Privacy Impact Assessment prepared for the body scanner test program failed to identify numerous privacy risks to travelers prior to deployment of the body scanners in all major airports. In 2010, EPIC sued to have the body scanner program suspended. The court responded by ordering DHS to provide a public notice-and-comment rulemaking, which will now take place in March 2013. EPIC further recommended that the Privacy and Civil Liberties Oversight Board review DHS programs for adherence to the Privacy Act of 1974 and eliminate the broad exemptions DHS has claimed under the Privacy Act. Congressional Research Service: PCLOB http://www.fas.org/sgp/crs/misc/RL34385.pdf EPIC: Statement to PCLOB (Oct. 26, 2012) http://epic.org/privacy/1974act/EPIC-PCLOB-Statement-10-12.pdf US Senate Subcommittee: Report on Fusion Centers (Oct. 3, 2012) http://epic.org/redirect/101212-senate-fusion-center-report.html EPIC: Information Fusion Centers and Privacy http://epic.org/privacy/fusion/ EPIC: Spotlight on Surveillance http://epic.org/privacy/surveillance/spotlight/0607/ EPIC: EPIC v. DHS (Suspension of Body Scanner Program) http://epic.org/redirect/092812-epicvdhs-scannersuspend.html EPIC: Testimony Before the 9/11 Commission (Dec. 2003) http://epic.org/privacy/terrorism/911commtest.pdf EPIC: The Privacy Act of 1974 http://epic.org/privacy/1974act/ EPIC: The 9/11 Commission Report http://epic.org/privacy/terrorism/911comm.html ======================================================================== [3] Supreme Court Hears Arguments in Surveillance Standing Case ======================================================================== The US Supreme Court heard oral arguments October 29 in Clapper v. Amnesty International, a case challenging the interception of communications of US persons under foreign intelligence surveillance laws. A federal appeals court previously ruled in favor of a group of plaintiffs, including human rights advocates, journalists and attorneys, and held that the financial and logistical costs they incurred in order to avoid government surveillance were sufficient to establish standing under the Constitution. US Solicitor General Donald Verilli, arguing on behalf of the United States and the Director of National Intelligence, claimed that plaintiffs could not establish a sufficiently concrete injury because they did not know if they had been subject to surveillance. The surveillance in question is authorized under the Foreign Intelligence Surveillance Amendments Act of 2008, which allows the federal government to conduct mass surveillance of communications, including communications of American citizens, without a warrant or particularized suspicion. Attorneys for Amnesty International argued that such sweeping governmental surveillance is contrary to established Fourth Amendment principles and threatens the privacy of all Americans, particularly those engaged in international communications. In September 2012, EPIC, joined by 32 legal scholars and technical experts and six privacy and open government organizations, filed a "friend of the court" brief in the case, arguing that the plaintiffs' concerns were well-founded considering the NSA's surveillance capabilities and the US government's failure to establish sufficient public reporting requirements for lawful surveillance. In May 2012, EPIC testified before the House Judiciary Committee on the Foreign Intelligence Surveillance Amendments Act of 2008. EPIC Executive Director Marc Rotenberg made a number of recommendations to the Committee, including requiring public dissemination of a Foreign Intelligence Surveillance Act report, similar to the reports released for other forms of electronic surveillance, and implementation of a publication procedure for important decisions of the Foreign Intelligence Surveillance Court. US Supreme Court: Oral Argument Transcript in Clapper (Oct. 29, 2012) http://epic.org/redirect/110912-scotus-clapper-transcript.html Second Circuit Court: Decision in Clapper (Mar. 21, 2011) http://epic.org/redirect/110912-2nd-circuit-clapper-decision.html EPIC et al.: "Friend of the Court" Brief in Clapper (Sept. 24, 2012) http://epic.org/amicus/fisa/clapper/EPIC-Amicus-Brief.pdf EPIC: Clapper v. Amnesty Int'l USA http://epic.org/amicus/fisa/clapper/ DNI James R. Clapper, Jr.: Brief in Clapper v. Amnesty (July 2012) http://epic.org/amicus/fisa/clapper/DNI-Brief.pdf Amnesty International et al.: Brief in Clapper (Aug. 2012) http://epic.org/amicus/fisa/clapper/Amnesty-et-al-Brief.pdf EPIC: Testimony Before US House re: FISA Amendments (May 31, 2012) http://epic.org/redirect/061912-epic-fisa-amdt-statement.html EPIC: Foreign Intelligence Surveillance Act (FISA) http://epic.org/privacy/terrorism/fisa/ ======================================================================= [4] Supreme Court Hears Challenges to Police 'Dog Sniffs' ======================================================================= The US Supreme Court has heard oral argument in two cases challenging the use of police drug-detection dogs. In Florida v. Jardines, the defendant challenged the Miami Police Department's warrantless use of a drug-detection dog to sniff for drugs at his front door. In Florida v. Harris, the defendant challenged the physical search of his automobile on the grounds that the preceding "alert" by a drug- detection dog was not sufficient to establish probable cause. Both cases require the Court to consider the impact on Fourth Amendment privacy rights when police use advanced investigative techniques. The Court first considered the use of dogs to detect contraband nearly 30 years ago in the case United States v. Place. At the time, Justice Sandra Day O'Connor stated that a dog "alert" over seized luggage in an airport does not constitute a "search" under the Fourth Amendment because it "discloses only the presence or absence of narcotics, a contraband item." In the 2005 case Illinois v. Caballes, the Court upheld the use of drug-detection dogs to sniff lawfully detained automobiles. During the Jardines argument Justice Anthony Kennedy made clear that he was unwilling to extend the so-called "contraband exception" into the realm of the home. "I just don't think that works," he concluded during his first comment. EPIC filed a "friend of the court" brief in Florida v. Harris, arguing that investigative tools like drug-detection dogs, airport body scanners, electronic sniffers, and digital intercept devices should be used only to justify searches based on concrete evidence that they are reliable. "When an agent uses an investigative technique to uncover predicate facts used to justify a search," the brief states, "that agent should be able to demonstrate that the technique is tested, reliable, and has been properly used and maintained. Without such proof there can be no probable cause." EPIC's brief particularly focused on a recent report by the National Academy of Sciences, which highlighted significant reliability problems in forensic sciences due to a lack of national standards. "The perfect search, like the infallible dog," EPIC said, "is a null set. "The Court will rule on both Jardines and Harris sometime before the end of the term in June 2013. EPIC: Florida v. Harris http://epic.org/amicus/harris/ EPIC: Florida v. Jardines http://epic.org/amicus/jardines/ EPIC: "Friend of the Court" Brief in Harris (Aug. 31, 2012) http://epic.org/amicus/harris/EPIC-Amicus-Brief.pdf US Supreme Court: Oral Argument Transcript in Jardines (Oct. 31, 2012) http://epic.org/redirect/110912-scotus-jardines-argument.html US Supreme Court: Oral Argument Transcript in Harris (Oct. 31, 2012) http://epic.org/redirect/110912-scotus-harris-argument.html ======================================================================== [5] EPIC Comments on FTC Rent-to-Own Computer Spying Settlement ======================================================================== EPIC has submitted comments on settlements between the Federal Trade Commission and seven "rent to own" companies over their illicit surveillance of customers via third-party software in rent-to-own computers. Without informing consumers, the rent-to own companies equipped the computers with monitoring technology from a company called DesignerWare LLC. The monitoring software enabled DesignerWare to capture and transmit back to the companies not only the users' computer activity, personally identifiable information and passwords, but also photographs taken via the computers' video cameras. According to the FTC investigation, the software secretly captured "user names and passwords for email accounts, social media websites, and financial institutions; Social Security numbers; medical records; private emails to doctors; bank and credit card statements; and webcam pictures of children, partially undressed individuals, and intimate activities at home." The settlements prohibit the companies from using or licensing others to use: (1) Any monitoring technology to secretly collect personal data from any computer rented to a customer; (2) Geolocational tracking without explicit user consent; (3) Fradulent software registration screens to gather consumers' personal information; (4) Improperly obtained information for debt collection purposes. The companies also must delete or destroy all user data collected by the illegal monitoring, and keep records that allow the FTC to monitor the companies' compliance with the orders for the next 20 years. EPIC's comments express support for the settlements, and also recommend that the FTC require the companies to implement Fair Information Practices similar to the White House's 2012 Consumer Privacy Bill of Rights. By requiring a full set of Fair Information Practices, EPIC states, the Commission would put in place the baseline privacy standards that are widely recognized around the world, thereby ensuring that consumers' personal data is protected throughout the "data lifecycle." EPIC also suggested that the Commission make the companies' compliance reports publicly available to the greatest extent possible and that it release the initial, unredacted assessment required by the consent orders. Finally, EPIC encouraged that FTC to remain mindful of the fact that rent-to-own companies are debt traps for economically disadvantaged consumers, so the consent orders are protecting a particularly vulnerable class. Finally, EPIC suggested that the FTC "further investigate - perhaps in a workshop format - the relationship between privacy and inequality, i.e. the risk that low-income consumers are more likely to be subject to business practices that place at risk personal privacy." EPIC routinely comments on the FTC's proposed settlements over consumer privacy issues. EPIC's 2010 Google Buzz complaint provided the basis for the FTC's investigation and subsequent settlement concerning the improper disclosure of user information. The FTC's 2011 settlement with Facebook followed from complaints filed by EPIC and a coalition of privacy and civil liberties organizations. EPIC also recently commented on the FTC's proposed consent order with MySpace in order to strengthen the proposed settlement and to protect the interests of consumers. EPIC: Comments to FTC on Rent-to-Own Settlement (October 25, 2012) http://epic.org/privacy/ftc/EPIC-Designerware-Cmts.pdf FTC: Rent-To-Own Settlement Page http://www.ftc.gov/opa/2012/09/designware.shtm FTC: Text of Rent-to-Own Settlement (Oct. 2012) http://epic.org/redirect/110912-ftc-renttoown-settlement.html White House: Consumer Privacy Bill of Rights (February 2012) http://www.whitehouse.gov/sites/default/files/privacy-final.pdf EPIC: Federal Trade Commission http://epic.org/privacy/internet/ftc/ EPIC: In re Google Buzz http://epic.org/privacy/ftc/googlebuzz/default.html EPIC: Facebook Privacy http://epic.org/privacy/facebook/ EPIC: Social Networking Privacy http://epic.org/privacy/socialnet/ ======================================================================== [6] News in Brief ======================================================================== DHS Privacy Compliance Review Fails to Address Monitoring of Dissent The Department of Homeland Security has released a new Privacy Compliance Review of the agency's Social Media Monitoring Initiative. As with previous Privacy Compliance Reviews, DHS found its own social media monitoring program to be compliant with the self-developed privacy requirements laid out in a 2011 Privacy Impact Assessment. Previously undisclosed documents obtained by EPIC through a FOIA request and subsequent lawsuit revealed that DHS is monitoring social network and media organizations for dissent and criticism of the Agency. Neither the current Privacy Compliance Review, past reviews, nor the initial Privacy Impact Assessment directly address EPIC's concern about DHS's "dissent monitoring". EPIC's lawsuit against the agency, which seeks disclosure of records detailing the Agency's media monitoring activities, is ongoing. DHS: Privacy Review of Social Media Monitoring (Nov. 8, 2012) http://epic.org/redirect/110912-DHS-social-monitoring-review.html DHS: Privacy Investigations & Compliance Reviews http://www.dhs.gov/privacy-investigations-compliance-reviews DHS: Media Monitoring Capability Desktop Reference Binder (2011) http://epic.org/redirect/110912-DHS-media-monitoring-binder.html EPIC: FOIA Request re: DHS Media Monitoring (April 2011) http://epic.org/foia/epic-v-dhs-media-monitoring/#request EPIC: EPIC v. Department of Homeland Security: Media Monitoring http://epic.org/foia/epic-v-dhs-media-monitoring/ EPIC to Congress: Protect Privacy Against Drone Surveillance EPIC participated in an October 25 Congressional hearing on the impact of domestic drone use, held at Rice University in Houston, TX. Representative Ted Poe (R-TX), sponsor of HR 6449, the "Air Travelers' Bill of Rights Act of 2012," convened the hearing. Joining Rep. Poe were Reps. Michael McCaul (R-TX), Hank Johnson (D-GA), and Sandy Adams (R-FL). EPIC Associate Litigation Counsel Amie Stepanovich testified on the need for specific laws to limit drone surveillance within the US. In a prepared statement, Stepanovich recommended a warrant requirement for police drone surveillance as well as data use limitations and transparency obligations for drone operators. In February 2012, EPIC, joined by over 100 organizations, experts, and members of the public, petitioned the FAA to begin a rulemaking on the privacy impact of drone use. US House: Hearing on Domestic Drones (Oct. 25, 2012) http://epic.org/redirect/110912-drone-hearing.html EPIC: Congressional Testimony on Drones (Oct. 25, 2012) http://epic.org/privacy/drones/EPIC-Drones-Testimony-102512.pdf EPIC et al: Petition on Drone Use in US (Feb. 24, 2012) http://epic.org/privacy/drones/FAA-553e-Petition-03-08-12.pdf US House: Air Travelers' Bill of Rights Act of 2012 (Sept. 20, 2012) http://www.govtrack.us/congress/bills/112/hr6449/text US Rep. Ted Poe (R-TX) http://poe.house.gov/ EPIC: UAVs and Drones http://epic.org/privacy/drones/ Lawmakers Gain 'Partial Glimpse' into Data Brokers' Business Practices Members of the Congressional Bi-Partisan Privacy Caucus have released the responses of several data brokers to an inquiry into their business practices. Data brokers collect and sell consumers' personal information to third parties, typically without the knowledge of the consumers themselves. The lawmakers reported that most of the companies in the report did not consider themselves "data brokers," and that "[m]any questions about how these data brokers operate have been left unanswered, particularly how they analyze personal information to categorize and rate consumers." Earlier in 2012, a report by the Federal Trade Commission on consumer privacy called for legislation to control the activities of data brokers. In 2005, EPIC brought a complaint against the data broker Choicepoint that ultimately produced a $10 million settlement, the largest in the FTC's history for a violation of federal privacy law. Rep. Ed Markey (D-MA): Report on Databrokers (Nov. 8, 2012) http://epic.org/redirect/110912-markey-release-data-brokers.html FTC: Report on Data Brokers and Consumer Privacy (March 2012) http://www.ftc.gov/os/2012/03/120326privacyreport.pdf EPIC: Choicepoint http://epic.org/privacy/choicepoint/ EPIC: Federal Trade Commission http://epic.org/privacy/internet/ftc/ Appeals Court Hears Arguments in Email Privacy Case The Fourth Circuit heard oral arguments October 24 in US v. Hamilton, a criminal case involving personal emails to a spouse sent from a workplace computer. The court focused on the scope of "marital privilege," the privacy of workplace email, and whether failing to delete email after a change in an email "use policy" can constitute a waiver of privilege. EPIC argued in a "friend of the court" brief that the retroactive application of a use policy as well as "a duty to delete" would be unfair to users, and that "[w]orkplace use policy alone should not eliminate an employee's reasonable expectation of privacy in personal communications." Fourth Circuit Court: Audio of Arguments in Hamilton (Oct. 24, 2012) http://coop.ca4.uscourts.gov/OAarchive/mp3/11-4847-20121024.mp3 EPIC: "Friend of the Court" Brief in US v. Hamilton (Apr. 6, 2012) http://epic.org/amicus/hamilton/EPIC-Hamilton-Amicus-FINAL.pdf EPIC: US v. Hamilton http://epic.org/amicus/hamilton/ EPIC: Workplace Privacy http://epic.org/privacy/workplace/ ======================================================================= [7] EPIC in the News ======================================================================= "Election 2012 -- Privacy and Unfinished Business." The Huffington Post, Nov. 7, 2012. http://epic.org/redirect/110912-huffpost-rotenberg-oped.html "Smartcampaign: It's the Data, Stupid!" The Huffington Post, Nov. 5, 2012. http://epic.org/redirect/110912-huffpost-data-epic.html "With Chairman's Likely Exit, Guessing Game Has Begun at the Federal Trade Commission." National Journal, Nov. 2, 2012. http://epic.org/redirect/110912-newrepublic-scanners-epic.html "'Don't Touch My Junk' Sneaks Into the Supreme Court." The New Republic, Nov. 1, 2012. http://epic.org/redirect/110912-newrepublic-scanners-epic.html "The Supreme Court Exposes Obama's Circular Logic on Wiretapping." The New Republic, Oct. 29, 2012. http://epic.org/redirect/110912-newrepublic-wiretapping-epic.html "Use of drones in community policing 'unchartered territory'." The Houston Chronicle, Oct. 25, 2012. http://epic.org/redirect/110912-houstonchron-drones-epic.html For More EPIC in the News: http://epic.org/news/epic_in_news.html ======================================================================= [8] Book Review: 'The Secret Lives of Codebreakers' ======================================================================= "The Secret Lives of Codebreakers: The Men and Women Who Cracked the Enigma Code at Bletchley Park," Sinclair McKay http://epic.org/redirect/110912-secret-lives-codebreakers-mckay.html In "The Secret Lives of Codebreakers," British journalist Sinclair McKay combines letters, memoranda, and oral interviews taken from veterans of World War II-era British intelligence to create a human- interest landscape of the site where the Nazis' Enigma code was cracked. The book focuses on the Bletchley Park estate in Buckinghamshire, UK, which was occupied by the Government Code and Cypher School (the branch of British intelligence that dealt with cryptanalysis) at the onset of war. The book tracks the activity at Bletchley Park from its earliest days as the site of the "GC&CS"'s main decryption operation through the last days of World War II. Bletchley Park housed so many of cryptography's major names - among them, Alan Turing, Dilly Knox, and Donald Michie - that McKay's history is a source of delicious gossip about the personal lives of famous codebreakers. But the book also provides an array of observations about the state of British military, politics, geography, and socioeconomics in the early 1940s. McKay states that Bletchley Park was staffed almost entirely by middle- and upper-class, "Oxbridge"-educated young men and women who had been pulled out of advanced coursework in languages or mathematics in order to serve the war effort. Within the tired, frequently sold Bletchley Park estate, GC&CS grew into a largely undefined, unplanned outgrowth of British military intelligence, and the officers who ran Bletchley Park essentially improvised the entire operation. Individual translators and cryptographers focused on individual projects, but none of the Bletchley Park staff was ever told how exactly they were contributing to the war effort, or even how they should approach individual problems. McKay's book is most successful when it explores the many tensions that comprised life at Bletchley Park, particularly tensions between the impoverished Buckinghamshire town and the wealthy university students who lived among them; the brilliance of the mathematicians and linguists who worked at Bletchley Park, and their ignorance about the progress of the war. For example, the secretive, eccentric and socially indifferent Alan Turing was half of a superb professional collaboration; the pair's other half was Sarah Baring, who was reliably secretive about her work because she had been raised in an aristocratic household that valued discretion, propriety, and reserve. The great asset of relating the story of Bletchley Park through first- hand accounts, however, is also the book's greatest weakness. McKay tries to allow his interviewees' recollections to drive the book's narrative, but he is only able to draw from limited source material. More than 70 years have passed since the onset of World War II. The few surviving veterans whom McKay was able to contact were only able to provide him with their outward impressions and their own personal experiences. As a result, the book wavers abruptly between McKay's journalistic account of British war history and his interviewees' fragmented recollections of daily routines, attitudes, and atmosphere. A good story of the British contribution to cryptography through the work at Bletchley Park can be fundamentally compelling, and McKay's rendition is solid. Furthermore, the human dimension provided by McKay's interviews with the veteran cryptographers gives readers one of the clearest possible windows into not only their lives but also the rise of the culture that eventually led to the NSA and the British equivalent. By supplementing these interviews with excerpts from contemporaneous letters and memoranda, and from biographies of Bletchley Park mathematicians, McKay gives the estate a memory and a narrative comprised of many voices. -- Julia Horwitz ================================ EPIC Publications: "Litigation Under the Federal Open Government Laws 2010," edited by Harry A. Hammitt, Marc Rotenberg, John A. Verdi, Ginger McCall, and Mark S. Zaid (EPIC 2010). Price: $75 http://epic.org/bookstore/foia2010/ Litigation Under the Federal Open Government Laws is the most comprehensive, authoritative discussion of the federal open access laws. This updated version includes new material regarding President Obama's 2009 memo on Open Government, Attorney General Holder's March 2009 memo on FOIA Guidance, and the new executive order on declassification. The standard reference work includes in-depth analysis of litigation under: the Freedom of Information Act, the Privacy Act, the Federal Advisory Committee Act, and the Government in the Sunshine Act. The fully updated 2010 volume is the 25th edition of the manual that lawyers, journalists and researchers have relied on for more than 25 years. ================================ "Information Privacy Law: Cases and Materials, Second Edition" Daniel J. Solove, Marc Rotenberg, and Paul Schwartz. (Aspen 2005). Price: $98. http://www.epic.org/redirect/aspen_ipl_casebook.html This clear, comprehensive introduction to the field of information privacy law allows instructors to enliven their teaching of fundamental concepts by addressing both enduring and emerging controversies. The Second Edition addresses numerous rapidly developing areas of privacy law, including: identity theft, government data mining and electronic surveillance law, the Foreign Intelligence Surveillance Act, intelligence sharing, RFID tags, GPS, spyware, web bugs, and more. Information Privacy Law, Second Edition, builds a cohesive foundation for an exciting course in this rapidly evolving area of law. ================================ "Privacy & Human Rights 2006: An International Survey of Privacy Laws and Developments" (EPIC 2007). Price: $75. http://www.epic.org/phr06/ This annual report by EPIC and Privacy International provides an overview of key privacy topics and reviews the state of privacy in over 75 countries around the world. The report outlines legal protections, new challenges, and important issues and events relating to privacy. Privacy & Human Rights 2006 is the most comprehensive report on privacy and data protection ever published. ================================ "The Public Voice WSIS Sourcebook: Perspectives on the World Summit on the Information Society" (EPIC 2004). Price: $40. http://www.epic.org/bookstore/pvsourcebook This resource promotes a dialogue on the issues, the outcomes, and the process of the World Summit on the Information Society (WSIS). This reference guide provides the official UN documents, regional and issue-oriented perspectives, and recommendations and proposals for future action, as well as a useful list of resources and contacts for individuals and organizations that wish to become more involved in the WSIS process. ================================ "The Privacy Law Sourcebook 2004: United States Law, International Law, and Recent Developments," Marc Rotenberg, editor (EPIC 2005). Price: $40. http://www.epic.org/bookstore/pls2004/ The Privacy Law Sourcebook, which has been called the "Physician's Desk Reference" of the privacy world, is the leading resource for students, attorneys, researchers, and journalists interested in pursuing privacy law in the United States and around the world. It includes the full texts of major privacy laws and directives such as the Fair Credit Reporting Act, the Privacy Act, and the OECD Privacy Guidelines, as well as an up-to-date section on recent developments. New materials include the APEC Privacy Framework, the Video Voyeurism Prevention Act, and the CAN-SPAM Act. ================================ "Filters and Freedom 2.0: Free Speech Perspectives on Internet Content Controls" (EPIC 2001). Price: $20. http://www.epic.org/bookstore/filters2.0 A collection of essays, studies, and critiques of Internet content filtering. These papers are instrumental in explaining why filtering threatens free expression. ================================ EPIC publications and other books on privacy, open government, free expression, and constitutional values can be ordered at: EPIC Bookstore http://www.epic.org/bookstore ================================ EPIC also publishes EPIC FOIA Notes, which provides brief summaries of interesting documents obtained from government agencies under the Freedom of Information Act. Subscribe to EPIC FOIA Notes at: http://mailman.epic.org/mailman/listinfo/foia_notes ======================================================================= [9] Upcoming Conferences and Events ======================================================================= "Computers, Privacy and Data Protection: Reloading Data Protection." 23-25 January 2013, Brussels. For More information: http://www.cpdpconferences.org/. 22nd Annual Computers, Freedom, & Privacy Conference. 5-6 March 2013, Washington, DC. For More Information: Contact Chris Calabrese at ccalabrese@dcaclu.org. ======================================================================= Join EPIC on Facebook and Twitter ======================================================================= Join the Electronic Privacy Information Center on Facebook and Twitter: http://facebook.com/epicprivacy http://epic.org/facebook http://twitter.com/epicprivacy Join us on Twitter for #privchat, Tuesdays, 11:00am ET. Start a discussion on privacy. Let us know your thoughts. Stay up to date with EPIC's events. Support EPIC. ======================================================================= Privacy Policy ======================================================================= The EPIC Alert mailing list is used only to mail the EPIC Alert and to send notices about EPIC activities. We do not sell, rent or share our mailing list. We also intend to challenge any subpoena or other legal process seeking access to our mailing list. We do not enhance (link to other databases) our mailing list or require your actual name. In the event you wish to subscribe or unsubscribe your e-mail address from this list, please follow the above instructions under "subscription information." ======================================================================= About EPIC ======================================================================= The Electronic Privacy Information Center is a public interest research center in Washington, DC. It was established in 1994 to focus public attention on emerging privacy issues such as the Clipper Chip, the Digital Telephony proposal, national ID cards, medical record privacy, and the collection and sale of personal information. EPIC publishes the EPIC Alert, pursues Freedom of Information Act litigation, and conducts policy research. For more information, see http://www.epic.org or write EPIC, 1718 Connecticut Ave. NW, Suite 200, Washington, DC 20009. +1 202 483 1140 (tel), +1 202 483 1248 (fax). ======================================================================= Donate to EPIC ======================================================================= If you'd like to support the work of the Electronic Privacy Information Center, contributions are welcome and fully tax-deductible. Checks should be made out to "EPIC" and sent to 1718 Connecticut Ave. NW, Suite 200, Washington, DC 20009. Or you can contribute online at: http://www.epic.org/donate Your contributions will help support Freedom of Information Act and First Amendment litigation, strong and effective advocacy for the right of privacy and efforts to oppose government and private-sector infringement on constitutional values. Thank you for your support. ======================================================================= Subscription Information ======================================================================= Subscribe/unsubscribe via web interface: http://mailman.epic.org/mailman/listinfo/epic_news Back issues are available at: http://www.epic.org/alert The EPIC Alert displays best in a fixed-width font, such as Courier. ------------------------- END EPIC Alert 19.21------------------------