Focusing public attention on emerging privacy and civil liberties issues

EPIC Alert Year In Review 2009


=======================================================================
                       E P I C  A l e r t
=======================================================================
Year in Review                                        January 7, 2010
-----------------------------------------------------------------------

                        Published by the
          Electronic Privacy Information Center (EPIC)
                        Washington, D.C.

        http://www.epic.org/alert/epic_alert_yir2009.html

======================================================================


      2 0 0 9   P R I V A C Y   Y E A R   I N   R E V I E W /

      2 0 1 0   P R I V A C Y   I S S U E S   T O   W A T C H

======================================================================
Top Privacy Stories 2009
- Data Breaches and ID Theft on the Rise
- Supreme Court Strikes Down Strip Searches, Enhanced Penalties for
Identity Proxies
- White House Visitors Now Public Information
- Facebook: Sharing is Caring
- Tiger's Texting
- Biometric Company Goes Bankrupt. Fingerprints for Sale?
- Behavioral Tracking
- Europe Updates Communications Privacy Law
- Medical Privacy Victories in Congress and the Courts
- Octomom Privacy Breach

Top Privacy Issues to Watch in 2010
- Cloud Computing
- Smartgrid: Will Your Power Meter be Spying on You?
- Federal Trade Commission and Privacy
- Data Breach Legislation
- Invasion of the Body Scanners
- Biometric Identification
- Electronic Privacy at the Supreme Court
- Google Books and Reader Privacy
- De-identification Techniques
- Global Privacy Standards


2009 was a busy year for privacy. Big Internet firms, such as Facebook
and Google, created new challenges for Internet users as personal data
became more valuable to advertisers. Congress considered many privacy
bills, though few became law. The Supreme Court decided several privacy
cases, including a student strip-search case. The Department of
Homeland Security stepped up surveillance of the American public even
as a known terrorist boarded a plane with explosive material hidden in
his underwear. The year promises even more news with biometric
identifiers, body scans, Congressional hearings, a Supreme Court case
on text messages, and the related privacy challenges.


Here are the Top Ten Privacy Stories of 2009 and the Top Ten Privacy
Issue to Watch in 2010 from the Electronic Privacy Information Center
(EPIC):

*  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *

Data Breaches and ID Theft on the Rise

Non-profits and the Federal Trade Commission reported a continued rise
in data breaches and identity theft in 2009. The FTC received 313,982
identity theft consumer complaints during the past year, topping all
previous records. Lawmakers have been unable to pass meaningful
legislation so identity thieves and data breachers can look forward to
another great - and profitable - year!

*  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *

Supreme Court Strikes Down Strip Searches, Enhanced Penalties for
Identity Proxies

Concluding that perhaps it was not reasonable to strip search a teenage
girl in the hunt for a single tablet of ibuprofin, the Supreme Court
ruled 8-1 that such a search violated the Fourth Amendment because
"there were no reasons to suspect the drugs presented a danger or were
concealed in her underwear." The Court also ruled unanimously that
individuals who provide identification numbers that are not their own,
but don't intentionally impersonate others, cannot be subject to harsh
criminal punishments under federal law. But in a 5-4 decision, the
Supreme Court rejected the constitutional right of a convicted
individual to access his DNA to prove innocence.

*  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *

White House Visitors Now Public Information

In an effort to promote government accountability, the White House
decided to release the names of people who visit the White House. The
policy includes grade school classes from Des Moines but excludes
Supreme Court nominees and national security advisors. This is a good
topic for a high school paper.

*  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *

Facebook: Sharing is Caring

Oil and water. Privacy and Facebook. The world's top social network
service navigated the privacy waters with mixed success in 2009. Early
in the year, a proposed change in the Terms of Service that transferred
control over user data to Facebook triggered a massive protest. More
than 100,000 users signed up for, no surprise, "Facebook Users Against
the New Terms of Service." Then a year-end change to the privacy
settings led to a formal complaint at the Federal Trade Commission,
charging unfair and deceptive trade practices. Share that news item
with Everyone!


*  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *

Tiger's Texting

The downward slide of golf phenom Tiger Woods began when a few of his
texting buddies decided to push the save button instead of delete.
Tiger's texts made their way into the national tabloids, the stories
followed, and the endorsements soon disappeared. This was all the more
amazing since Tiger's yacht is named "Privacy." Warning to celebs: be
careful what you text and with whom you text.

*  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *

Biometric Company Goes Bankrupt. Fingerprints for Sale?

Clear, a company that offered air travellers the fast lane at airports,
may now be playing fast and loose with the customer information it
acquired. As a Registered Traveler program, the company obtained
biometric identifiers -- digital fingerprints and iris scans -- on more
than 100,000 frequent flyers. Clear, operated by Verified Identity
Pass, also gathered up detailed personal histories for its private
clearance program. But once the company went bankrupt, the biometric
ddatabase was the main asset to sell. Lawyers for the customers stepped
in and stopped the sale of personal identifiers. Bad news for identity
thieves hoping to make it quickly through airline security.


*  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *

Behavioral Tracking

In 2009 consumer advocates focused on the companies that focus on
consumers. A coalition of privacy groups urged Congress to crack down
on behavorial advertising. Lawmakers and the FTC expressed interest.
Rep. Rick Boucher announced that he is drafting a bill that would
impose strict rules on websites and advertisers. Boucher said his goal
is "to ensure that consumers know what information is being collected
about them on the Web and how it is being used, and to give them
control over that information."

*  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *

Europe Updates Communications Privacy Law

Toward the end of the Year, the European Union established new Internet
policies, including a right to Internet access, net neutrality
obligations, and strengthened consumer protections. Under the ePrivacy
directive, communications service providers will also be required to
notify consumers of security breaches, persistent identifiers
("cookies") will become opt-in, there will be enhanced penalties for
spammers, and national data protection agencies will receive new
enforcement powers.

*  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *

Medical Privacy Victories in Congress and the Courts

Early in the year, President Obama signed into law the HI-TECH Act of
2009. The Act established new medical privacy safeguards. Medical
privacy also had victories in the courts as judges grew leery of the
sale of sensitive prescription information.

*  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *

Octomom Privacy Breach

There are some personal details that even aspiring reality show stars
do not want to share with the world. After the birth of Nadia
("Octomom") Suleman's  octuplets, more than two dozen hospital
employees took peeks at Octomom's medical records. Apparently US Weekly
was not providing detailed enough information. The privacy breaches
cost the hospital a cool $250,000, the maximum allowed under California
privacy laws.

======================================================================
ISSUES TO WATCH IN 2010
======================================================================

New technologies with interesting privacy implications have been
introduced, the government has moved into social networking, the
Supreme Court will rule on workplace privacy, and the FTC may take a
new stance on regulation. Here are the top ten privacy topics to pay
attention to in 2010.

*  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  * *

Cloud Computing

What happens to your data when it's in the cloud? That's the issue that
policymakers will look at more closely in 2010, not only because users
are moving data to the cloud, but also because government agencies are.
Still, the privacy and security risks are real, as the FTC recently
reminded the FCC, following a petition from EPIC.

*  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  * *

Smartgrid: Will Your Power Meter be Spying on You?

Standards are still being developed for the Smart Grid, a host of
technologies that will modernize the existing electrical grid. The
Smart Grid could enable more efficient delivery of electricity and
allow consumers to make more informed energy use decisions. But Smart
Grid technologies also raises troubling privacy possibilities that
there could be very detailed tracking - and record keeping - of
individuals’ electricity use. New error message: "Don't you think
you've been in the sauna long enough?"

*  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  * *

Federal Trade Commission and Privacy

In 2009, the Federal Trade Commission signaled that it was moving away
from the  “Notice and Choice,” “hands off” approach to privacy
protection. In 2010, the FTC fills in the blanks with a new approach to
privacy protection. Welcome to the 21st century, Washington DC.

*  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  * *

Data Breach Legislation

Congress is moving to adopt comprehensive data breach legislation and
also to regulate the data broker industry. A Data Breach Bill has
passed the House, similar legilsation is pending in the Senate. If
passed, the Data Breach bill could provide uniform data breach
protections, but also threatens to undermine stricter state data breach
laws.

*  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  * *

Invasion of the Body Scanners

The Christmas Day attack has renewed calls for the deployment of
digital strip search devices in the nation's airports. Never mind that
the devices are not designed to detect the liquid or powder explosives,
favored by the bad guys, the machines will subject American air
travellers to the full monty, captured in high-res. Heading to the
airport? Better hit the gym first.

*  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  * *

Biometric Identification

Even though one company tried to sell the biometric identifiers on
100,000 affluent air travelers (see Top Privacy Stories 2009), don't
expect a let up in the rush to digitize fingerprints and iris scans.
For advice on how to protect your privacy in a world of biometrics,
check out Tom Cruise in Minority Report.

*  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  * *

Electronic Privacy at the Supreme Court

Do workers have privacy rights in their pagers and cell phones? That is
a question before the Supreme Court in 2010. The case will allow the
court to decide whether government employees have a constitutional
right to keep text messages private. And that will hinge on whether
employees have a "reasonable expectation of privacy" when they text
while at work.


*  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *

Google Books and Reader Privacy

And while you're downloading the latest digital text on new threats to
your privacy, you might be wondering who's keeping track of your
intellectual interest. The answer could be Google. The Internet giant
spent the last several years scanning the books in the nation's
libraries and now wants to make them available online. Only problem is
that Google is planning to track everyone who checks out a digital text
unless a federal court in New York says otherwise.

*  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *

De-identification Techniques

The holy grail of privacy protection is still genuine techniques for
deidentification and anonymization. But finding technqiues that really
work is turning out to be a tough problem. Expect more focus on this
issue in 2010, as companies and agencies try to develop privacy
friendly services.

*  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *

Global Privacy Standards

The move is on to establish global standards for personal data.
Advocates are rallying behind the Madrid Privacy Declaration, while
government officials meet in closed door sessions to hammer out
agreements. The big question at the end of 2010 is whether there will
be more privacy, more surveillance, or more of both.

======================================================================
Privacy Policy
======================================================================

The EPIC Alert mailing list is used only to mail the EPIC Alert and to
send notices about EPIC activities.  We do not sell, rent or share our
mailing list.  We also intend to challenge any subpoena or other legal
process seeking access to our mailing list.  We do not enhance (link to
other databases) our mailing list or require your actual name.

In the event you wish to subscribe or unsubscribe your e-mail address
from this list, please follow the above instructions under
"subscription information."

======================================================================
About EPIC
======================================================================

The Electronic Privacy Information Center is a public interest research
center in Washington, DC.  It was established in 1994 to focus public
attention on emerging privacy issues such as the Clipper Chip, the
Digital Telephony proposal, national ID cards, medical record privacy,
and the collection and sale of personal information. EPIC publishes the
EPIC Alert, pursues Freedom of Information Act litigation, and conducts
policy research.  For more information, visit http://www.epic.org or
write EPIC, 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009.
+1 202 483 1140 (tel), +1 202 483 1248 (fax).

If you'd like to support the work of the Electronic Privacy Information
Center, contributions are welcome and fully tax-deductible.  Checks
should be made out to "EPIC" and sent to 1718 Connecticut Ave., NW,
Suite 200, Washington, DC 20009. Or you can contribute online at:

    http://www.epic.org/donate

Your contributions will help support Freedom of Information Act and
First Amendment litigation, strong and effective advocacy for the right
of privacy and efforts to oppose government regulation of encryption
and expanding wiretapping powers.

Thank you for your support.

------------------ End EPIC 2009 Year in Review  ------------------