EPIC logo

                          E P I C  A l e r t
Volume 10.08                                             April 23, 2003

                           Published by the
             Electronic Privacy Information Center (EPIC)
                           Washington, D.C.

Table of Contents

[1] Coalition Alleges Violations of Children's Privacy Law
[2] FOIA Documents on ChoicePoint Spark International Inquiries
[3] EPIC Establishes Privacy Threat Index
[4] Online Petition Drive Continues to Urge Accuracy for FBI Database
[5] Privacy and First Amendment Symposium: 5/9/03, Oakland, CA
[6] News in Brief
[7] EPIC Bookstore: The File: A Personal History
[8] Upcoming Conferences and Events

[1] Coalition Alleges Violations of Children's Privacy Law

In a complaint filed with the Federal Trade Commission (FTC), EPIC and
11 consumer protection groups urged the agency to investigate
Amazon.com for violations of the Children's Online Privacy Protection
Act (COPPA).  The coalition of groups joining the complaint includes
Commercial Alert, the Center for Media Education, and the Consumer
Federation of America.

The COPPA is a 1998 Federal law that seeks to protect individuals
under the age of 13 from online privacy violations.  Commercial Web
sites that are directed towards children, or those that have actual
knowledge that they collect children's personal information, must
comply with the COPPA.  Such sites must provide a parental privacy
notice, a mechanism to obtain verifiable parental consent for the
collection of children's information, a system for parental review and
deletion of children's information, and security and confidentiality

The complaint details how Amazon.com is operating a commercial Web
site directed at children, collecting children's personal information,
and disclosing that data.  To support the finding that Amazon.com
directs its "Toy Store" page to children, the complaint illustrates
how the company employs child models, cartoon characters, and playful
fonts to direct children to purchase toys on the site. Individuals who
visit "ToysRUs.com" or "Imaginarium.com" are redirected to the
Amazon.com "Toy Store" page.  Furthermore, it appears that numerous
children have registered on the Amazon.com Web site.  The EPIC
complaint notes that children as young as 7 have registered, and in
some cases, have publicly listed their full names, postal addresses,
and e-mail addresses.

The complaint urges the FTC to investigate Amazon.com, and to order
the company to purge children's information from the site.  EPIC has
previously filed complaints and engaged in other actions that have led
to pro-privacy changes in industry practices, specifically regarding
the privacy and security of Microsoft Passport, DoubleClick's Web
tracking scheme, and Intel's Processor Serial Numbers (see EPIC Alerts
8.14, 7.03, and 6.02).

The complaint is available online at:




[2] FOIA Documents on ChoicePoint Spark International Inquiries

Documents obtained under the Freedom of Information Act (FOIA) have
sparked inquiries in Mexico and other Central and South American
countries regarding the sale of foreign citizens' personal information
to the US government by information broker ChoicePoint.  ChoicePoint
sells the personal data of citizens of Mexico, Colombia, Brazil,
Venezuela, Guatemala, Argentina, Costa Rica, Honduras, and Nicaragua. 
The information categories for these countries include national ID,
voting registers, vehicle registration, aircraft registration, and
telephone numbers.  Apparently ChoicePoint began to accumulate this
information in 2000 through relationships with foreign governments and
purchases from foreign data vendors.

Latin American privacy experts claim that the acquisition of the
information by ChoicePoint may have been illegal, and that the sale
infringes on national sovereignty.  Costa Rican, Nicaraguan, and
Mexican authorities have decided to investigate the matter, and the
Mexican Federal Electoral Institute will file a criminal complaint
against persons who have sold voter data to ChoicePoint.

One group of documents obtained from the Immigration and Naturali-
zation Service (INS) shows that ChoicePoint offered a contract for
unlimited direct access to international databases for a $1 million
fee.  Other documents obtained from the Department of Justice
Management Division show that the agency entered into an $11 million
contract with ChoicePoint for fiscal year 2002.

FOIA Documents from the INS:


FOIA Documents from the Department of Justice Management Division:


EPIC's Page on Privacy and Public Records:


[3] EPIC Establishes Privacy Threat Index

On April 15, EPIC announced that it was establishing a new Privacy
Threat Index to track the growing threat to privacy resulting from the
expansion of government surveillance.

The Privacy Threat Index follows the same color-coded scheme estab-
lished for the Homeland Security Advisory System: the rankings of
Green, Blue, Yellow, Orange, and Red correspond respectively to Low,
Guarded, Elevated, High, and Severe threats to privacy.

Based on developments during the past year, EPIC assessed the current
level as Yellow, or Elevated.  The factors cited included the following:

     - Expanded use of the Foreign Intelligence Surveillance Act,
       which permits the government to conduct surveillance without
       the general safeguards required by the Fourth Amendment;

     - The decision of the FBI to relax the legally mandated
       accuracy requirement for the National Crime Information
       Center, the nation's largest criminal justice database;
     - Increased funding for surveillance systems, including
       immigration control and video surveillance;
     - Possible consideration of the Domestic Security Enhancement
       Act, dubbed by some as "Patriot II," which would further
       expand government surveillance authority;
     - Required use of biometric identifiers for routine identifi-
       cation documents without associated privacy protection to
       assure personal information will not be misused;
     - Ongoing efforts by the FBI to extend the application of the
       Communications Assistance for Law Enforcement Act, which
       requires the development of wiretap-friendly communications
       services, to Internet telephony.

At the same time, EPIC noted that there were some hopeful signs:

     - The United States has so far rejected the development of a
       mandatory national ID card;

     - The proposal for the establishment of Total Information
       Awareness research program has been suspended by Congress
       pending an investigation;

     - The passenger profiling system, CAPPS II, is under increased
On April 16, when the federal government reduced the threat level for
the Homeland Security Advisory System, EPIC's Privacy Threat Index
remained unchanged.  The decision not to change the threat level was
based on the fact that there had been no changes in the level of
government monitoring and surveillance in the United States.

EPIC Executive Director Marc Rotenberg said that it seems more likely
that the Privacy Threat Index would be raised in the near future,
rather than lowered.  He also noted that it would become increasingly
important to compare surveillance activity over time: "We will use the
Privacy Threat Index to assess developments in the United States and
to compare activities in countries around the world."

Web sites are encouraged to link to the EPIC Privacy Threat Index.
Insert the following HTML code where the graphic should appear:

     <A HREF="http://www.epic.org/"><IMG
SRC="http://www.epic.org/graphics/threat_index.gif" alt="EPIC
Privacy Threat Index"></A> The Privacy Threat Index graphic is available at: http://www.epic.org/graphics/threat_index.gif Information about EPIC's annual publication "Privacy and Human Rights," which will incorporate the Privacy Threat Index in the forthcoming 2003 edition, is available at: http://www.epic.org/bookstore/phr2002/ ======================================================================= [4] Online Petition Drive Continues to Urge Accuracy for FBI Database ======================================================================= EPIC encourages individuals to join the campaign to restore the accuracy requirements for the nation's largest law enforcement database. Last month, the Justice Department exempted the FBI from the Privacy Act obligation to ensure the accuracy, completeness, and timeliness of the 39 million records it maintains in its National Crime Information Center (NCIC) system. A broad coalition of organi- zations and thousands of individuals are now calling on Office of Management and Budget Director Mitchell Daniels to require the Justice Department to rescind its decision. Recent controversy over a similar law enforcement database in California highlights the potential risks posed by lifting data accuracy requirements. Some parents of Northern California students believe that police may be erroneously categorizing their children as suspected gang members in "CalGang," a statewide computer system for tracking and sharing information on alleged gang members and associates. In a lawsuit filed by the ACLU of Northern California, students claim that local police and school officials at a Union City high school unlawfully detained, searched, and photographed 60 students whose names and pictures were then included in the CalGang database. The complaint alleges that the students illegally were suspected as gang members on the basis of their race and national origin. While the CalGang data is not specifically submitted to the FBI's NCIC database, this case demonstrates how easily inaccurate information could be included in the system. The NCIC database also contains information on suspected gang members, and the criteria for categorizing an individual as a suspected gang member are minimal. For example, an individual merely needs to frequent a known gang area and be identified as a gang member by a "reliable informant" to be included in the database. Under the new Justice Department regulations, law enforcement agents are no longer statutorily charged with ensuring the accuracy and completeness of this information. To support the effort to restore the accuracy requirements of the NCIC database, sign the online petition: http://www.petitiononline.com/ncic/petition.html EPIC National Crime Information Center Page: http://www.epic.org/actions/ncic/ California Class Action Complaint Regarding CalGang: http://www.aclunc.org/students/030130-brief.pdf ======================================================================= [5] Privacy and First Amendment Symposium: 5/9/03, Oakland, CA ======================================================================= Registration is still open for "Uniting Privacy and the First Amendment in the 21st Century," a symposium organized jointly by the Electronic Privacy Information Center, the First Amendment Project, and the California Office of Privacy Protection. The symposium will take place on May 9 in Oakland, California. There is a student discount; scholarship money is also available to cover travel costs. Freedom of expression and the right to privacy are both extremely important constitutional values; yet privacy and the First Amendment are often set against one another, proving quite problematic. This symposium will explore how best to safeguard these two essential rights. It is a meeting for advocates and academics, experts and interested persons; a conference for all people who value both freedom of expression and the right to privacy. Informational sessions and interactive working groups will foster problem-solving and future collaboration among attendees. The conference will focus on three major themes: Privacy's role in promoting the First Amendment, Mutual threats to Privacy and the First Amendment, and Privacy and the First Amendment in conflict. Professor Jeffrey Rosen will deliver the keynote address. Also, on May 10, there will be a special meeting of the Privacy Coalition on the West Coast. Local affiliates and privacy advocates in the Bay Area are highly encouraged to attend. To register for the symposium, see the informational online brochure: http://www.epic.org/events/unitingsymposium/brochure.pdf More information about the conference is available at: http://www.epic.org/events/unitingsymposium/ ======================================================================= [6] News in Brief ======================================================================= Center for the Protection of Free Expression Awards "Jefferson Muzzles" On April 13, the Thomas Jefferson Center for the Protection of Free Expression celebrated Jefferson's birthday by awarding the 12th annual "Jefferson Muzzles." These dubious awards are given to those whose actions would stifle freedom of expression, going against Jefferson's core beliefs. This year's awardees include Attorney General John Ashcroft and the U.S. Congress. More information on this year's "winners" is available at: http://www.tjcenter.org/muzzles.html OSCE Releases Report on Freedom of the Media in the Digital Era The Organization for Security and Cooperation in Europe (OSCE) has published a booklet titled "From Quill to Cursor: Freedom of the Media in the Digital Era." This booklet comprises papers submitted for a one-day workshop on freedom of the media and the Internet held in Vienna in November. In these papers, experts from the United Nations Educational, Scientific and Cultural Organization (UNESCO) and the Council of Europe, as well as journalists and Internet service providers, explore topics such as universal access to Cyberspace, constitutional rights in the Internet age, the importance of the public domain, and censorship and intellectual property rights. "From Quill to Cursor: Freedom of the Media in the Digital Era": http://www.osce.org/documents/rfm/2003/04/41_en.pdf New Advocacy Group to Hold Briefing on Secrecy and Homeland Security A new online advocacy group, the Center for Progressive Regulation (CPR), is arguing that the provision of the Homeland Security Act of 2002 that exempted voluntarily disclosed critical infrastructure information to the Department of Homeland Security from Freedom of Information Act (FOIA) requests is "a significant departure from existing law." On April 25 the organization will hold a Hill briefing on this subject, called "Democracy Behind Closed Doors: The Homeland Security Act and Government Secrecy Initiatives." Center for Progressive Regulation: http://www.progressiveregulation.org/ D.C. Law Librarians Upload New Reports on Congressional Procedures The Law Librarians' Society of Washington, D.C. (LLSDC) has announced the availability of a new Web resource. "Selected Congressional Research Service Reports on Congress and Its Procedures" includes many reports that are now available on the Web for the first time. The site also provides links to other CRS reports available online. The reports are available on LLSDC's Legislative Source Book Web site: http://www.llsdc.org/sourcebook/CRS-Congress.htm ======================================================================= [7] EPIC Bookstore: The File: A Personal History ======================================================================= The File: A Personal History, by Timothy Garton Ash (Random House 1997). http://www.epic.org/bookstore/powells/redirect/alert1008.html Timothy Garton Ash's "The File" is a journey into the author's two-inch-thick Stasi intelligence file that the East German police accumulated on him during his study as a graduate student in East Berlin. These files were opened after German reunification, and have caused great tension in the country as Stasi informers were shown to have shared information on co-workers, friends, and even family members. Ash's Stasi file, consistent with the government disclosure rules, is nearly complete. Only the names of innocent third parties are redacted from the record, thus giving Ash the opportunity to confront the citizen informers who betrayed him and the Stasi agents who coordinated surveillance of his activities. Ash systematically describes what he finds in his file, and confronts the individuals who furnished the information to the government. He finds that the informers were often blackmailed or otherwise forced into cooperating with the police. In some cases, individuals became informants in order to prove their loyalty to the state. Others became informers because they passionately believed in the socialist government, and were willing to do anything to ensure the survival of the system. Ash was never imprisoned, tortured, or otherwise physically harmed by the Stasi, aside from being banned from East Germany after he published an article depicting conditions in the country unfavorably. Other people met different fates at the hands of the Stasi. Neverthe- less, Ash expresses compassion for the informers and government agents who monitored him, noting that he had not found a single "evil" person in the process of examining his file. Rather, he found that those involved were "just weak, shaped by circumstance, self-deceiving; human, all too human. Yet the sum of all their actions was a great evil." - Chris Jay Hoofnagle ================================ EPIC Publications: "The Privacy Law Sourcebook 2002: United States Law, International Law, and Recent Developments," Marc Rotenberg, editor (EPIC 2002). Price: $40. http://www.epic.org/bookstore/pls2002/ The "Physicians Desk Reference of the privacy world." An invaluable resource for students, attorneys, researchers and journalists who need an up-to-date collection of U.S. and International privacy law, as well as a comprehensive listing of privacy resources. ================================ "FOIA 2002: Litigation Under the Federal Open Government Laws," Harry Hammitt, David Sobel and Mark Zaid, editors (EPIC 2002). Price: $40. http://www.epic.org/bookstore/foia2002/ This is the standard reference work covering all aspects of the Freedom of Information Act, the Privacy Act, the Government in the Sunshine Act, and the Federal Advisory Committee Act. The 21st edition fully updates the manual that lawyers, journalists and researchers have relied on for more than 25 years. For those who litigate open government cases (or need to learn how to litigate them), this is an essential reference manual. ================================ "Privacy & Human Rights 2002: An International Survey of Privacy Laws and Developments" (EPIC 2002). Price: $25. http://www.epic.org/bookstore/phr2002/ This survey, by EPIC and Privacy International, reviews the state of privacy in over fifty countries around the world. The survey examines a wide range of privacy issues including data protection, telephone tapping, genetic databases, video surveillance, location tracking, ID systems and freedom of information laws. ================================ "Filters and Freedom 2.0: Free Speech Perspectives on Internet Content Controls" (EPIC 2001). Price: $20. http://www.epic.org/bookstore/filters2.0/ A collection of essays, studies, and critiques of Internet content filtering. These papers are instrumental in explaining why filtering threatens free expression. ================================ "The Consumer Law Sourcebook 2000: Electronic Commerce and the Global Economy," Sarah Andrews, editor (EPIC 2000). Price: $40. http://www.epic.org/cls/ The Consumer Law Sourcebook provides a basic set of materials for consumers, policy makers, practitioners and researchers who are interested in the emerging field of electronic commerce. The focus is on framework legislation that articulates basic rights for consumers and the basic responsibilities for businesses in the online economy. ================================ "Cryptography and Liberty 2000: An International Survey of Encryption Policy," Wayne Madsen and David Banisar, authors (EPIC 2000). Price: $20. http://www.epic.org/crypto&/ EPIC's third survey of encryption policies around the world. The results indicate that the efforts to reduce export controls on strong encryption products have largely succeeded, although several governments are gaining new powers to combat the perceived threats of encryption to law enforcement. ================================ EPIC publications and other books on privacy, open government, free expression, crypto and governance can be ordered at: EPIC Bookstore http://www.epic.org/bookstore/ "EPIC Bookshelf" at Powell's Books http://www.powells.com/features/epic/epic.html ======================================================================= [8] Upcoming Conferences and Events ======================================================================= ** Uniting Privacy and the First Amendment in the 21st Century ** May 9-10, 2003 Oakland, CA EPIC, the First Amendment Project, and the California Office of Privacy Protection are sponsoring this activist symposium designed to explore the interplay between privacy and First Amendment rights, with the goal of developing strategies for optimizing both. For more information: http://www.epic.org/events/unitingsymposium/ ======================================================================= Mid Canada Information Security Conference. Information Protection Association of Manitoba. April 30, 2003. Winnipeg, Manitoba, Canada. For more information: http://www.ipam.mb.ca/mcisc/ Finding Our Digital Voice: Governing in the Information Age. Crossing Boundaries National Conference. Centre for Collaborative Government. May 7-9, 2003. Ottawa, Canada. For more information: http://www.crossingboundaries.ca/conference/ Collecting and Producing Electronic Evidence in Cybercrime Cases. University of Namur. May 8-9, 2003. Namur, Belgium. For more information: http://www.ctose.org/info/events/workshop-8-9-may-2003.html Little Sister 2003: Community Resistance, Security, Law and Technology. May 9-11, 2003. Vancouver, British Columbia, Canada. For more information: http://www.littlesister2003.org/ 2003 IEEE Symposium on Security and Privacy. IEEE Computer Society Technical Committee on Security and Privacy, in cooperation with the International Association for Cryptologic Research (IACR). May 11-14, 2003. Oakland, CA. For more information: http://www.ieee-security.org/TC/SP-Index.html Technologies for Protecting Personal Information. Federal Trade Commission. Workshop 1: The Consumer Experience. May 14, 2003. Workshop 2: The Business Experience. June 4, 2003. Washington, DC. For more information: http://www.ftc.gov/techworkshop/ ITS-2003: Third International Conference on "Information Technologies and Security." June 23-27, 2003. Partenit, Crimea, Ukraine. For more information: http://www.itb.conferen.ru/eng/info_e.html Press Freedom on the Internet. The World Press Freedom Committee. June 26-28, 2003. New York, NY. For more information: <mgreene@wpfc.org> Building the Information Commonwealth: Information Technologies and Prospects for Development of Civil Society Institutions in the Countries of the Commonwealth of Independent States. Interparliamentary Assembly of the Member States of the Commonwealth of Independent States (IPA). June 30-July 2, 2003. St. Petersburg, Russia. For more information: http://www.communities.org.ru/conference/ O'Reilly Open Source Convention. July 7-11, 2003. Portland, OR. For more information: http://conferences.oreilly.com/oscon/ 1st Global Conference: Visions of Humanity in Cyberculture, Cyberpunk and Science Fiction. August 11-13, 2003. Prague, Czech Republic. For more information: http://www.inter-disciplinary.net/vhccsf03cfp.htm Privacy2003. Technology Policy Group. September 30 - October 2, 2003. Columbus, OH. For more information: http://www.privacy2000.org/privacy2003/ ======================================================================= Subscription Information ======================================================================= Subscribe/unsubscribe via Web interface: http://mailman.epic.org/cgi-bin/mailman/listinfo/epic_news Subscribe/unsubscribe via e-mail: To: epic_news-request@mailman.epic.org Subject: "subscribe" or "unsubscribe" (no quotes) Automated help with subscribing/unsubscribing: To: epic_news-request@mailman.epic.org Subject: "help" (no quotes) Problems or questions? e-mail <info@epic.org> Back issues are available at: http://www.epic.org/alert/ The EPIC Alert displays best in a fixed-width font, such as Courier. ======================================================================= Privacy Policy ======================================================================= The EPIC Alert mailing list is used only to mail the EPIC Alert and to send notices about EPIC activities. We do not sell, rent or share our mailing list. We also intend to challenge any subpoena or other legal process seeking access to our mailing list. We do not enhance (link to other databases) our mailing list or require your actual name. In the event you wish to subscribe or unsubscribe your e-mail address from this list, please follow the above instructions under "subscription information". Please contact info@epic.org if you would like to change your subscription e-mail address, if you are experiencing subscription/unsubscription problems, or if you have any other questions. ======================================================================= About EPIC ======================================================================= The Electronic Privacy Information Center is a public interest research center in Washington, DC. It was established in 1994 to focus public attention on emerging privacy issues such as the Clipper Chip, the Digital Telephony proposal, national ID cards, medical record privacy, and the collection and sale of personal information. EPIC publishes the EPIC Alert, pursues Freedom of Information Act litigation, and conducts policy research. For more information, e-mail info@epic.org, http://www.epic.org or write EPIC, 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009. +1 202 483 1140 (tel), +1 202 483 1248 (fax). If you'd like to support the work of the Electronic Privacy Information Center, contributions are welcome and fully tax-deductible. Checks should be made out to "EPIC" and sent to 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009. Or you can contribute online at: http://www.epic.org/donate/ ** Receive a free Observing Surveillance conference poster with donation of $75 or more! ** Your contributions will help support Freedom of Information Act and First Amendment litigation, strong and effective advocacy for the right of privacy and efforts to oppose government regulation of encryption and expanding wiretapping powers. Thank you for your support. ---------------------- END EPIC Alert 10.08 ---------------------- .