EPIC Alert 20.19
======================================================================= E P I C A l e r t ======================================================================= Volume 20.19 October 3, 2013 ----------------------------------------------------------------------- Published by the Electronic Privacy Information Center (EPIC) Washington, D.C. http://www.epic.org/alert/epic_alert_20.19.html "Defend Privacy. Support EPIC." http://epic.org/donate ========================================================================= Table of Contents ========================================================================= [1] NGOs, Experts, Officials Meet in Warsaw for Public Voice Conference [2] Senators to Intelligence IG: Make Public Report on NSA Surveillance [3] FISA Court Releases Controversial Opinion on NSA Metadata Program [4] California Enacts Strong Digital Privacy Law for Minors [5] TSA Seeks to Remove Privacy Act Safeguards for TSA PreCheck [6] News in Brief [7] EPIC in the News [8] EPIC Book Review: "Glass Houses" [9] Upcoming Conferences and Events TAKE ACTION: Tell Facebook: "Stop Changing Our Privacy Settings!" - READ about the Changes: http://epic.org/redirect/090313-facebook.html - LEARN More about Facebook Privacy: http://epic.org/privacy/facebook/ - SUPPORT EPIC: http://www.epic.org/donate/ ======================================================================== [1] NGOs, Experts, Officials in Warsaw for Public Voice Conference ======================================================================== Over 70 NGO leaders, privacy experts, and government officials from around the world gathered in Warsaw, Poland, for the September 24 Public Voice conference, "Our Data, Our Lives." The Public Voice conference was held in conjunction with the 35th International Conference of Data Protection and Privacy Commissioners. Two NGO documents - the Madrid Privacy Declaration and the "International Principles on the Application of Human Rights to Communications Surveillance" - were put forward as vital policy frameworks. The Warsaw Public Voice conference focused on five major topics: measuring the impact of the Madrid Declaration of 2009; civil society's response to the NSA's surveillance program; the responsibilities of Internet intermediaries for data protection; US-EU trade agreement discussions; and NGO strategies for a data protection agenda. The keynote speech was provided by Jacob Kohnstamm, Chairman of the EU's Article 29 Working Party. Panelists included high-level privacy officials and advocates from the EU, and representatives from countries including France, Poland, India, and Canada. Many Public Voice conference participants also attended the concurrent 35th Annual Data Protection and Privacy Commissioners' Conference, the world's largest annual privacy forum. The Privacy Commissioners' Conference brings together the highest governmental data protection and privacy authorities and institutions, as well as academics, NGOs and other experts. This year's conference explored "Privacy: A Compass in Turbulent World." The Privacy Commissioners adopted several resolutions on important privacy issues, including web tracking, profiling, enforcement, and the societal impact of the proliferation of mobile apps. EPIC established The Public Voice coalition 1996 to promote public participation in decisions concerning the future of the Internet. The Public Voice has pursued issues ranging from privacy and freedom of expression to consumer protection and Internet governance. Through international conferences, reports and funding for travel the Public Voice project seeks to increase the presence of NGOs at meetings across the globe. In cooperation with the OECD, UNESCO, and other international organizations, the Public Voice project brings civil society leaders face to face with government officials for constructive engagement about current policy issues. Public Voice events have been held in Buenos Aires, Cape Town, Dubai, Hong Kong, Honolulu, Kuala Lumpur, Madrid, Mexico City, Ottawa, Paris, Punta del Este, Seoul, Tel Aviv, Washington, and Warsaw. The Public Voice http://thepublicvoice.org The Public Voice: "Our Data, Our Lives" (Sep. 24, 2013) http://thepublicvoice.org/events/warsaw13/ 35th Annual Conference of DP/Privacy Commissioners (Sep. 2013) https://privacyconference2013.org/ The 2009 Madrid Declaration (Oct. 2009) http://thepublicvoice.org/madrid-declaration/ "Principles on the Application of Human Rights to Communications Surveillance" (Jul. 2013) http://en.necessaryandproportionate.org/text Privacy Commissioners: Adopted Resolutions (Sep. 2013) http://privacyconference2013.org/Resolutions_and_Declarations ======================================================================== [2] Senators to Intelligence IG: Make Public Report on NSA Surveillance ======================================================================== A bipartisan group of US senators, including the Chairman and Ranking Members of the Senate Judiciary Committee, have called for a full-scale review of the intelligence community's use of surveillance authority. In a letter to the Inspector General of the Intelligence Community, the senators urged the IG to begin the review "without further delay." The letter emphasized that the findings and conclusions of this review be made public to "help promote greater oversight, transparency, and public accountability." The requested report would address activities conducted under Section 215 of the USA PATRIOT Act and Section 702 of the FISA. Section 215 includes the collection of the telephone call records of hundreds of millions of Americans. Section 702 includes the PRISM program in which the NSA received data directly from leading US Internet companies. The report would encompass the time period from 2010-2013 and review the use and implementation of sections 215 and 702, the applicable minimization procedures, any improper use of the authorities, and the effectiveness over that time period. Immediately after the public release of the 215 order that allowed the NSA to collect domestic phone records, EPIC sent a letter to Congress, including the leadership of the Senate Judiciary Committee, charging that the National Security Agency's classified demand of domestic telephone records was unlawful. EPIC's letter called for the Inspector General of the Intelligence Community to investigate domestic surveillance under the FISA and PATRIOT Act and produce a public, unclassified report of the findings. EPIC currently challenging the order for bulk collection of domestic call records in the Petition for Writ of Mandamus to the US Supreme Court. EPIC's petition asks the Supreme Court to vacate the order by the FISA Court, and is supported by a number of "friend of the court" briefs submitted by leading US privacy law scholars. The government's reply to EPIC's petition is now due October 11, 2013, after the Solicitor General of the United States twice requested additional time to respond. Sen. Leahy (D-VT): Press Release on Letter to IG (Sep. 29, 2013) http://epic.org/redirect/100313-leahy-IG-press-release.html EPIC: Letter to Congress re: NSA and Verizon (Jun. 7, 2013) http://epic.org/FISC-NSA-domestic-surveillance.pdf EPIC: Writ of Mandamus Petition to U.S. Supreme Court (Jul. 8, 2013) http://epic.org/EPIC-FISC-Mandamus-Petition.pdf EPIC: In re EPIC - NSA Telephone Records Surveillance http://epic.org/privacy/nsa/in-re-epic/ EPIC: Foreign Intelligence Surveillance Act Reform http://epic.org/privacy/terrorism/fisa/reform/ EPIC: USA Patriot Act http://epic.org/privacy/terrorism/usapatriot/ ========================================================================= [3] FISA Court Releases Controversial Opinion on NSA Metadata Program ========================================================================= The Foreign Intelligence Surveillance Court has issued a controversial opinion on the US government's July 2013 renewal application for the NSA domestic telephone records program. The FISA Court's opinion considered the constitutionality and legality of the program, which was the subject of numerous hearings, debates, and disclosures earlier in 2013. Since the release of the opinion, legal scholars and privacy experts have criticized the Court's analysis of the program, particularly the holding that all Americans' call records are "relevant" as defined in the Foreign Intelligence Surveillance Act. The opinion came roughly two months after EPIC filed a US Supreme Court challenge seeking to overturn the FISA Court's prior order. The FISA Court's published a declassified version of an Amended Memorandum Opinion issued by Judge Claire V. Eagan on August 29. The "Eagan 215 Opinion" was issued subsequent to the Court's July 2013 Order granting the FBI's renewed 215 application for all telephone call records. The Eagan 215 Opinion holds that (1) the production of telephone call records does not violate the Fourth Amendment under Smith v. Maryland; and (2) that the application for bulk telephone call records satisfies the Section 215 "relevance" standard. The Opinion also noted that certain members of Congress had been briefed, or could have been briefed, on the prior FISA Court opinions, and held that this implied a legislative re-enactment or ratification of the FISC's prior "relevance" interpretation in 2011. EPIC challenged the prior FISA Court Order for bulk collection of all Verizon call records in its Supreme Court Mandamus Petition, In re EPIC, in July 2013. EPIC's petition argued that the FISA simply does not authorize the bulk collection of domestic call records, the majority of which are not relevant to any national security investigation. The Solicitor General is scheduled to respond to EPIC on October 11, 2013, and EPIC will have an opportunity to file a reply brief within 30 days. FISA Court: Opinion on PATRIOT Act Section 215 (Sep. 17, 2013) http://epic.org/redirect/100313-FISA-court-opinion.html EPIC: In re EPIC http://epic.org/privacy/nsa/in-re-epic/ EPIC: Foreign Intelligence Surveillance Act (FISA) http://epic.org/privacy/terrorism/fisa/ ========================================================================= [4] California Enacts Strong Digital Privacy Law for Minors ========================================================================= California Governor Jerry Brown has signed into law the "Privacy Rights for California Minors in the Digital World" Act. The law, which goes into effect Jan. 1, 2015, sets out a broad range of online privacy rights for minors, in particular prohibiting "An operator of an Internet Web site, online service, online application, or mobile application directed to minors" from marketing to them. The Act has two main provisions. The first prohibits both the marketing of specified products to minors and "using, disclosing, compiling, or allowing a 3d party to use, disclose, or compile, the personal information of a minor for the purpose of marketing or advertising specified types of products or services." The second provision allows minors "to request and obtain removal of, content or information posted on the operator's Internet Web site, online service, online application, or mobile application by the user" as well as providing users with instructions on how to remove the data. Exceptions are made for data necessary to a law enforcement investigation, if the data is anonymized, or if the minor does not follow the instructions given. EPIC has long advocated for the privacy rights of children, testifying before the US House in 1996 in support of the Children's Online Privacy Protection Act (COPPA). In 2010, EPIC testified before the US Senate that COPPA was critical to protect the privacy of children but that updates were also essential in light of new business practices, the emergence of social networks, and smartphone apps. EPIC also wrote comments to the FTC in 2011, supporting stronger regulations to protect children's online data. This led to the FTC updating COPPA in 2012, expanding the definition of "personal information" to include geolocational information and persistent identifiers, or "cookies." State of CA: "Privacy Rights for CA Minors in the Digital World" Act (Sep. 23, 2013) http://epic.org/redirect/100313-CA-kid-privacy-bill.html EPIC: Testimony before US House on COPPA (Sep. 12. 1996) http://epic.org/privacy/kids/EPIC_Testimony.html EPIC: Testimony before US Senate on COPPA (Apr. 29, 2010) http://epic.org/privacy/kids/EPIC_COPPA_Testimony_042910.pdf EPIC: Comments to FTC Supporting COPPA Rule (Dec. 23, 2011) http://epic.org/redirect/122112-epic-comments-coppa-changes.html FTC: Press Release on COPPA Updates (Dec. 2012) http://www.ftc.gov/opa/2012/12/coppa.shtm EPIC: Children's Online Privacy Protection Act (COPPA) http://epic.org/privacy/kids/default.html ======================================================================== [5] TSA Seeks to Remove Privacy Act Safeguards for TSA PreCheck ======================================================================== The Transportation Security Administration has proposed to exempt a new TSA PreCheck database from important Privacy Act safeguards. PreCheck is a program that grants expedited screening to certain travelers. The database contains personally identifiable information, including names, birthdates, biometric information, Social Security Numbers, and individual financial data. Comments on the proposed exemptions are due October 11, 2013. To apply for TSA PreCheck, individuals must submit biographic and biometric information, including fingerprints. TSA then performs a "security threat assessment to identify individuals who present a low risk to transportation security." TSA gives "low risk" passengers a Known Traveler Number that passengers provide to the airline when making flight reservations. The airline sends passenger information, including name, gender, date of birth, itinerary information, and Known Traveler Number back to the TSA, which compares that information against various watch lists. After performing a watch list comparison, TSA determines "whether individual passengers will receive expedited, standard, or enhanced screening will be indicated on the passenger's boarding pass." The TSA proposes to disclose TSA PreCheck applicant information to federal, state, tribal, local, territorial, and foreign governmental agencies. The TSA also proposes to exempt these records from the notification, inspection, and correction provisions of the federal Privacy Act, the primary law protecting personal information held by the federal government. TSA has previously deployed controversial "registered" and "trusted traveler programs" that it later exempted from the Privacy Act. In 2005, TSA partnered with Verified Identity Pass, Inc. to implement "Clear," a registered traveler program. Clear collected most of the same sensitive information that TSA proposes to maintain in the TSA PreCheck database. In 2009, Verified Identity declared bankruptcy while in possession of passenger personally identifiable information. EPIC has a longstanding commitment to protecting air traveler privacy and defending the Privacy Act. EPIC previously testified before Congress that traveler screening procedures should follow all Privacy Act requirements. EPIC also submitted comments to Customs and Border Protection, a component of the Department of Homeland Security, urging the agency to suspend the Automated Targeting System. Although the ATS was created to screen shipping cargo, the TSA now uses it to monitor air travelers and other individuals, and creates "risk-assessment" profiles on Americans who are not suspected of any crime. Fed. Register: PreCheck Application Proposed Rulemaking (Sep. 11, 2013) http://www.gpo.gov/fdsys/pkg/FR-2013-09-11/pdf/2013-22069.pdf Fed. Register: TSA Application Program SORN (Sep. 10, 2013) http://www.gpo.gov/fdsys/pkg/FR-2013-09-10/pdf/2013-21979.pdf TSA: TSA PreCheck http://www.tsa.gov/tsa-precheck Fed. Register: ecure Flight Records Privacy Act Notice (Sept. 10, 2013) http://www.gpo.gov/fdsys/pkg/FR-2013-09-10/pdf/2013-21980.pdf EPIC: Clear Registered Traveler Data http://epic.org/privacy/airtravel/clear/ EPIC: Registered Traveler Card: A Privatized Passenger ID (Oct. 2005) http://epic.org/privacy/surveillance/spotlight/1005/ EPIC: Testimony on "The Future of Registered Traveler" (2005) http://epic.org/privacy/airtravel/rt_test_110305.pdf EPIC: Comments on the Automated Targeting System (Jun. 21, 2012) http://epic.org/apa/comments/EPIC-ATS-Comments-2012.pdf EPIC: Air Travel Privacy http://epic.org/privacy/airtravel/ EPIC: Passenger Profiling http://epic.org/privacy/airtravel/profiling.html ======================================================================== [6] News in Brief ======================================================================== EPIC FOIA: No Evidence of NSA Interference with Tor Network In response to a Freedom of Information Act request to the Broadcasting Board of Governors, EPIC has received 74 pages of documents that reveal no evidence that the NSA attempted to undermine the security or reliability of the Tor network. Recent news reports show a concerted effort by the National Security Agency to compromise cryptographic standards set by the National Institute of Standards and Technology as well as encryption for Android, iPhone, and BlackBerry smartphones. The NSA and FBI have also targeted the communications of Tor users. EPIC will continue to pursue FOIA requests that shed light on the efforts of the intelligence community to undermine cryptographic standards. EPIC: FOIA Request to BBG re: Tor (May 31, 2013) http://epic.org/Tor_FOIA_Request_31_May.pdf EPIC: FOIA Documents on Tor (Sept. 12, 2013) http://epic.org/foia/Tor_Docs.pdf NY Times: Article on NSA and Encryption (Sep. 5, 2013) http://www.nytimes.com/2013/09/06/us/nsa-foils-much-internet- encryption.html?hp&_r=1& Spiegel: "iSpy: How the NSA Accesses Smartphone Data" (Sep. 9, 2013) http://www.spiegel.de/international/world/how-the-nsa-spies-on- smartphones-including-the-blackberry-a-921161.html Guardian: "NSA surveillance: A guide to staying secure" (Sep. 6, 2013) http://www.theguardian.com/world/2013/sep/05/nsa-how-to-remain- secure-surveillance EPIC: EPIC v. BBG - Tor http://epic.org/foia/tor.html In EPIC FOIA lawsuit, ODNI Submits Documents for Court Review Following EPIC's motion in a FOIA case against the Office of the Director of National Intelligence, the ODNI has submitted 21 disputed documents to a federal court on the consolidation of databases that contain detailed personal information on US persons. The documents are among those that EPIC requested through the Freedom of Information Act. ODNI initially withheld the documents and EPIC filed a lawsuit challenging the decision. EPIC is seeking the documents to determine whether the agency is complying with the Privacy Act. A federal judge ordered ODNI to produce the documents for the court's examination. ODNI: Notice of In Camera Review of Disputed Documents (Sep. 24, 2013) http://epic.org/foia/odni/In-Camera-Notice.pdf EPIC: FOIA Suit Against ODNI (Aug. 1, 2012) http://epic.org/foia/odni/1-main.pdf EPIC: EPIC v. ODNI http://epic.org/foia/odni/epic_v_odni.html MacArthur Foundation Withdraws From Consumer Cy Pres Settlement The prestigious MacArthur Foundation has asked to be removed from a controversial consumer privacy settlement. The foundation noted that it was not an appropriate cy pres recipient and asked that the funds be "redirected to other non-profit organizations engaged in the underlying issues." Consumer privacy organizations, including EPIC, have opposed the settlement in Fraley v. Facebook, stating that it violates a 2011 consent order with the Federal Trade Commission and that the cy pres allocations proposed do not reflect the interests of the class or the purpose of the litigation. A recent survey by Gigaom found that many of the named recipient organizations are funded by Facebook and have no plans to assist class members. Public Citizen has appealed the settlement to the Ninth Circuit Court. The Federal Trade Commission has opened an investigation and Facebook has suspended implementation of the proposed privacy changes that would result from the settlement. Gigaom: Blog Post on Facebook Settlement (Sep. 19, 2013) http://epic.org/redirect/100313-gigaom-facebook-post.html EPIC: Letter to Judge re: Google Settlement (Aug. 22, 2013) http://epic.org/redirect/090313-epic-letter-davila.html FTC: Press Release on Facebook Consent Order (Nov. 26, 2011) http://www.ftc.gov/opa/2011/11/privacysettlement.shtm Public Citizen: Press Release on Facebook Settlement (Sep. 24, 2013) http://www.citizen.org/pressroom/pressroomredirect.cfm?ID=3985 Facebook: Post on Delay of Changes to Governing Docs (Aug. 29, 2013) http://epic.org/redirect/090313-facebook.html EPIC: Letter to 9th Circuit re: Facebook Settlement (Jul. 12, 2012) http://epic.org/privacy/facebook/EPIC-Ltr-Koh-Fraley%207-12-12.pdf Sen. Franken Questions Apple on iPhone Fingerprint Scanning Senator Al Franken (D-MN) has raised questions about the privacy and security implications of the fingerprint reader on Apple's new iPhone 5S. "If someone hacks your password, you can change it--as many times as you want. You can't change your fingerprints," Senator Franken wrote. Franken also pressed Apple for additional details on the protection available to users against law enforcement access to biometric data. In Congressional testimony, EPIC warned that biometric identifiers will "allow for greater data collection and tracking of individuals." Sen. Franken: Release on iPhone Fingerprint Reader (Sep. 24, 2013) http://www.franken.senate.gov/?p=press_release&id=2562 EPIC: Comments to Congress on Biometric Identifiers (Jul. 18, 2012) http://epic.org/redirect/073012-senate-facial-hearing.html EPIC: Biometric Identifiers http://epic.org/privacy/biometrics/ ======================================================================== [7] EPIC in the News ======================================================================== "Google Accused Of Wiretapping, Faces Lawsuits, After Judges Deny Dismissal Request." Bustle, Oct. 2, 2013. http://www.bustle.com/articles/6117-google-accused-of-wiretapping- faces-lawsuits-after-judges-deny-dismissal-request "Google Accused of Wiretapping in Gmail Scans." The New York Times, Oct. 1, 2013. http://www.nytimes.com/2013/10/02/technology/google-accused-of- wiretapping-in-gmail-scans.html?_r=1& "House privacy talks with tech companies should be open, advocates say." The Hill, Oct. 1, 2013. http://thehill.com/blogs/hillicon-valley/technology/325881-house- privacy-talks-with-tech-companies-should-be-open-advocates-say# ixzz2gci0uTSS "Amid Shutdown, DOJ Urges Judges to Stay Civil Cases." Legal Times, Oct. 1, 2013. http://legaltimes.typepad.com/blt/2013/10/amid-shutdown-doj-urges- judges-to-stay-civil-cases.html "Snowden to EU: Whistleblowers need protection." EU Observer, Oct. 1, 2013. http://euobserver.com/justice/121615 "NSA inquiry: MEPs hear US privacy experts, whistleblowers and Snowden statement." European Parliament News, Sept. 30, 2013. http://www.europarl.europa.eu/news/en/news-room/content/ 20130930IPR21126/html/NSA-inquiry-MEPs-hear-US-privacy-experts- whistleblowers-and-Snowden-statement "FBI has been using drones since 2006, watchdog agency says." Los Angeles Times, Sept. 26, 2013. http://www.latimes.com/nation/nationnow/la-na-nn-fbi-using-drones- 2006-20130926,0,3270950.story "Judge allows lawsuit against Google's Gmail scans to move forward." The Washington Post, Sept. 26, 2013. http://www.washingtonpost.com/business/technology/judge-allows- lawsuit-against-googles-gmail-scans-to-move-forward/2013/09/26/ 3b4bedaa-26e4-11e3-b75d-5b7f66349852_story.html "A Newly Released Secret Opinion Shows Surveillance Courts Are Even Worse Than You Knew." The New Republic, Sept. 25, 2013. http://www.newrepublic.com/article/114853/fisa-court-decision- upholding-surveillance-joke "Diane Ravitch: 3 dubious uses of tech in schools." Salon, Sept. 25, 2013. http://www.salon.com/2013/09/25/diane_ravitch_3_dubious_uses_of _tech_in_schools_partner/singleton/ "Teen privacy "eviscerated" by planned Facebook changes." Naked Security, Sept. 24, 2013. http://nakedsecurity.sophos.com/2013/09/24/teen-privacy- eviscerated-by-planned-facebook-changes/ "How NBC's 'Million Second Quiz' Grabbed Personal Info From 300,000 People." The Wrap, Sept. 19, 2013. http://www.thewrap.com/nbcs-million-second-data-grab-how-300000- shared-their-personal-lives-with-a-tv-network/ "Will the Supreme Court Stop Cops From Reading Your Text Messages?" Mother Jones, Sept. 17, 2013. http://m.motherjones.com/politics/2013/09/police-cell-phone- search-warrant-supreme-court For More EPIC in the News: http://epic.org/news/epic_in_news.html ======================================================================== [8] EPIC Book Review: "Glass Houses" ======================================================================== "Glass Houses: Privacy, Secrecy, and Cyber Insecurity in a Transparent World," Joel Brenner http://epic.org/redirect/100313-glass-houses-brenner.html Pity Joel Brenner's bad timing. Brenner's 2011 terror-threat book "America the Vulnerable" was rechristened "Glass Houses" in 2013, with a new preface and updated material; unfortunately for Brenner, "Glass Houses" went to press before anyone had heard about a guy named Edward Snowden. Brenner was the NSA's Inspector General and general counsel during the George W. Bush Admistration - and suddenly his assessment of, and proposed solutions to, international cyber-menaces - seem a whole lot creepier. "Glass Houses"/"America the Vulnerable" is another book of the "the Internet is not safe and neither are we" genre, except written by someone with close-up, highly classified knowledge of how bad the threat actually is. And, according to Brenner, it's pretty bad: Corporations plunder private citizens' data; meanwhile, both foreign agents and non-state hackers pilfer and pillage the data of corporations and the US government. Your digital footprint is utterly vulnerable to malfeasance? Guess what: The US Department of Defense isn't much safer than you are. We're effectively at cyberwar with everyone, Brenner maintains, from the Chinese to al Qaeda, from Romanian hackers to Julian Assange, and right now every Facebook user and lax system administrator are their pawns. The lowly thumb drive, pictured on the book's cover, is, according to Brenner, a symbol for asymmetric cyber warfare. Unobtrusive and ubiquitous, thumb drives can be loaded with dangerous malware and viruses, inserted into a vulnerable computer, and ultimately damage critical systems. Brenner recounts how in 2006 a reporter for the Los Angeles Times bought a second-hand thumb drive in a Kabul bazaar and found that it contained, among other things, "the names, photos, and contact information for Afghans willing to inform on the Taliban and al-Qaeda," and documents "detailing escape routes into Pakistan and the location of a suspected safe house there." Then Brenner spins out a (hopefully theoretical) scenario in which a thumb drive pre-loaded with malware is bought at that same bazaar, inserted into a computer at Bagram Air Base, and ultimately sends Google Maps poisoned with malware to a secret Russian command post. It's revealing that "Glass Houses" mentions almost nothing about surveillance, and when surveillance is covered it's in the context of foreign actors spying on Americans. The only time the words "NSA" and "surveillance" appear on the same page is when Brenner discusses the threat of "civil servants leak[ing] secrets from a real or imagined sense that an activity is illegal or from moral outrage as with . . . the terrorist surveillance program run by the White House through the NSA." That "terrorist surveillance program" is never mentioned again. Brenner is, naturally, no fan of leaks, charging, "[A]n innocent slip of the tongue can be as damaging as an intentional disclosure." Brenner is wise enough, however, to provide a comprehensive and rational plan for securing the digital infrastructure at every level. He's an alarmist, but one with concrete solutions that demand responsibility and discipline, relying particularly on "joint organization," a feature, he laments, sadly lacking in digital society. Brenner argues that the US government should play a stronger role in overall cybersecurity by demanding higher security standards of government vendors and forbidding federal agencies from doing business with any ISP known to harbor bots. He also suggests that the FTC should drop antitrust regulations on businesses collaborating to build cybersecurity tools and that the Federal Energy Regulatory Commission should establish cyber-safety standards for utilities. Private-sector entities should have tighter control over their systems and their employees, and Brenner recommends a public-private partnership tasked with radically rethinking the basic structure of the Internet. "The struggle for the security of essential institutions and infrastructure, like the struggle for the privacy of your personal information and the security of commercial trade secrets, is evolving as you open this book," Brenner concludes in his new preface. Mr. Brenner, how could you ever have guessed? -- EC Rosenberg ====================================== EPIC Bookstore: "Litigation Under the Federal Open Government Laws 2010," edited by Harry A. Hammitt, Marc Rotenberg, John A. Verdi, Ginger McCall, and Mark S. Zaid (EPIC 2010). Price: $75. http://epic.org/bookstore/foia2010/ Litigation Under the Federal Open Government Laws is the most comprehensive, authoritative discussion of the federal open access laws. This updated version includes new material regarding President Obama's 2009 memo on Open Government, Attorney General Holder's March 2009 memo on FOIA Guidance, and the new executive order on declassification. The standard reference work includes in-depth analysis of litigation under: the Freedom of Information Act, the Privacy Act, the Federal Advisory Committee Act, and the Government in the Sunshine Act. The fully updated 2010 volume is the 25th edition of the manual that lawyers, journalists and researchers have relied on for more than 25 years. ================================ "Information Privacy Law: Cases and Materials, Second Edition" Daniel J. Solove, Marc Rotenberg, and Paul Schwartz. (Aspen 2005). Price: $98. http://www.epic.org/redirect/aspen_ipl_casebook.html This clear, comprehensive introduction to the field of information privacy law allows instructors to enliven their teaching of fundamental concepts by addressing both enduring and emerging controversies. The Second Edition addresses numerous rapidly developing areas of privacy law, including: identity theft, government data mining and electronic surveillance law, the Foreign Intelligence Surveillance Act, intelligence sharing, RFID tags, GPS, spyware, web bugs, and more. Information Privacy Law, Second Edition, builds a cohesive foundation for an exciting course in this rapidly evolving area of law. ================================ "Privacy & Human Rights 2006: An International Survey of Privacy Laws and Developments" (EPIC 2007). Price: $75. http://www.epic.org/phr06/ This annual report by EPIC and Privacy International provides an overview of key privacy topics and reviews the state of privacy in over 75 countries around the world. The report outlines legal protections, new challenges, and important issues and events relating to privacy. Privacy & Human Rights 2006 is the most comprehensive report on privacy and data protection ever published. ================================ "The Public Voice WSIS Sourcebook: Perspectives on the World Summit on the Information Society" (EPIC 2004). Price: $40. http://www.epic.org/bookstore/pvsourcebook This resource promotes a dialogue on the issues, the outcomes, and the process of the World Summit on the Information Society (WSIS). This reference guide provides the official UN documents, regional and issue-oriented perspectives, and recommendations and proposals for future action, as well as a useful list of resources and contacts for individuals and organizations that wish to become more involved in the WSIS process. ================================ "The Privacy Law Sourcebook 2004: United States Law, International Law, and Recent Developments," Marc Rotenberg, editor (EPIC 2005). Price: $40. http://www.epic.org/bookstore/pls2004/ The Privacy Law Sourcebook, which has been called the "Physician's Desk Reference" of the privacy world, is the leading resource for students, attorneys, researchers, and journalists interested in pursuing privacy law in the United States and around the world. It includes the full texts of major privacy laws and directives such as the Fair Credit Reporting Act, the Privacy Act, and the OECD Privacy Guidelines, as well as an up-to-date section on recent developments. New materials include the APEC Privacy Framework, the Video Voyeurism Prevention Act, and the CAN-SPAM Act. ================================ "Filters and Freedom 2.0: Free Speech Perspectives on Internet Content Controls" (EPIC 2001). Price: $20. http://www.epic.org/bookstore/filters2.0 A collection of essays, studies, and critiques of Internet content filtering. These papers are instrumental in explaining why filtering threatens free expression. ================================ EPIC publications and other books on privacy, open government, free expression, and constitutional values can be ordered at: EPIC Bookstore: http://www.epic.org/bookstore ================================ EPIC also publishes EPIC FOIA Notes, which provides brief summaries of interesting documents obtained from government agencies under the Freedom of Information Act. Subscribe to EPIC FOIA Notes at: http://mailman.epic.org/mailman/listinfo/foia_notes ======================================================================= [9] Upcoming Conferences and Events ======================================================================= "The Tension Between Security and Liberty." Speaker: EPIC President Marc Rotenberg. Washington, DC, 6 October. For More Information: http://stjohns-dc.org/education/the-forum/ The Cato Institute: "NSA Surveillance: What We Know; What to do About It." Washington, DC, 9 October 2013. For More Information: http://www.cato.org/events/nsa-surveillance-what-we-know-what-do- about-it. Drone and Aerial Robotics Conference. Speaker: EPIC Domestic Surveillance Counsel Amie Stepanovich. NYU Law Engelberg Center on Innovation Law and Policy, New York, NY, 11-13 October 2013. For More Information: https://droneconference.org/. Surveillance Conference, Sponsored by the Chicago Committee to Defend the Bill of Rights. Speaker: EPIC Domestic Surveillance Counsel Amie Stepanovich. Northwestern University School of Law, Evanston, IL, 19 October 2013. For More Information: http://www.ccdbr.org/events/save-the-date-ccdbr-surveillance-conference/ American Civil Liberties Union of Rhode Island 2013 Annual Dinner Celebration. Keynote Speaker: EPIC Domestic Surveillance Counsel Amie Stepanovich. Providence, RI, 8 November 8, 2013. For More Information: http://www.riaclu.org/events/event/2013-annual-dinner-celebration. ======================================================================= Join EPIC on Facebook and Twitter ======================================================================= Join the Electronic Privacy Information Center on Facebook and Twitter: http://facebook.com/epicprivacy http://epic.org/facebook http://twitter.com/epicprivacy Join us on Twitter for #privchat, Tuesdays, 11:00am ET. Start a discussion on privacy. Let us know your thoughts. Stay up to date with EPIC's events. Support EPIC. ======================================================================= Privacy Policy ======================================================================= The EPIC Alert mailing list is used only to mail the EPIC Alert and to send notices about EPIC activities. We do not sell, rent or share our mailing list. We also intend to challenge any subpoena or other legal process seeking access to our mailing list. We do not enhance (link to other databases) our mailing list or require your actual name. In the event you wish to subscribe or unsubscribe your e-mail address from this list, please follow the above instructions under "subscription information." ======================================================================= About EPIC ======================================================================= The Electronic Privacy Information Center is a public interest research center in Washington, DC. It was established in 1994 to focus public attention on emerging privacy issues such as the Clipper Chip, the Digital Telephony proposal, national ID cards, medical record privacy, and the collection and sale of personal information. EPIC publishes the EPIC Alert, pursues Freedom of Information Act litigation, and conducts policy research. For more information, see http://www.epic.org or write EPIC, 1718 Connecticut Ave. NW, Suite 200, Washington, DC 20009. +1 202 483 1140 (tel), +1 202 483 1248 (fax). ======================================================================= Donate to EPIC ======================================================================= If you'd like to support the work of the Electronic Privacy Information Center, contributions are welcome and fully tax-deductible. Checks should be made out to "EPIC" and sent to 1718 Connecticut Ave. NW, Suite 200, Washington, DC 20009. Or you can contribute online at: http://www.epic.org/donate Your contributions will help support Freedom of Information Act and First Amendment litigation, strong and effective advocacy for the right of privacy and efforts to oppose government and private-sector infringement on constitutional values. Thank you for your support. ======================================================================= Subscription Information ======================================================================= Subscribe/unsubscribe via web interface: http://mailman.epic.org/mailman/listinfo/epic_news Back issues are available at: http://www.epic.org/alert The EPIC Alert displays best in a fixed-width font, such as Courier. ------------------------- END EPIC Alert 20.19------------------------
No TrackBacks
TrackBack URL: http://privacy.org/cgibin/mt/mt-tb.cgi/2477
Leave a comment