EPIC logo

                            E P I C  A l e r t
Volume 10.22                                           October 30, 2003

                             Published by the
               Electronic Privacy Information Center (EPIC)
                             Washington, D.C.
http://www.epic.org/alert/EPIC_Alert_10.22.html ====================================================================== Table of Contents ====================================================================== [1] Supreme Court to Review Nevada ID Law
[2] Senate Approves Weak Spam Legislation
[3] Maryland Legislators Question Voting Machine Report
[4] Worldwide NGO Coalition Urges ICANN To Safeguard Privacy
[5] EU Set to Implement Privacy Directive
[6] News in Brief
[7] EPIC Bookstore: How to Get Anything on Anybody
[8] Upcoming Conferences and Events ======================================================================
[1] Supreme Court to Review Nevada ID Law
The United States Supreme Court has agreed to consider a case that may
determine whether an individual who has not been arrested may refuse
to identify himself to a law enforcement officer. The case, Hiibel v.
Sixth Judicial District Court of Nevada, raises numerous privacy
issues such as Fourth Amendment protections against unreasonable
government search and seizure, the right to anonymity, and law
enforcement accumulation and use of personal information. EPIC and
others plan to file "friend of the court" briefs in December.
Larry Hiibel challenged the constitutionality of a Nevada law that
allows a police officer to detain a person to determine his identity
when there are circumstances reasonably indicating that person has
committed, is committing, or is about to commit a crime. Hiibel was
arrested pursuant to this law when he refused eleven times to identify
himself to an officer investigating a report of domestic violence,
explaining that he was willing to cooperate with the officer but had
done nothing wrong. Hiibel was subsequently charged with and
convicted of resisting a police officer. On appeal, the Supreme Court of Nevada determined that the law does
not violate Fourth Amendment protections against unreasonable search
and seizure because it "strikes a balance between constitutional
protections of privacy and the need to protect police officers and the
public." The court found that permitting officers to require
identification allows them to more safely conduct investigations, and
is not as invasive as a pat-down, which the law allows.
In a strongly worded dissenting opinion, three of the Nevada Supreme
Court's seven Justices criticized the majority for "reflexively
reasoning that the public interest in police safety outweighs Hiibel's
interest in refusing to identify himself," noting that no evidence
exists that an officer is safer for knowing a suspect's identity.
"What the majority fails to recognize," the dissenting opinion
continued, "is that it is the observable conduct, not the identity, of
a person, upon which an officer must legally rely when investigating
crimes and enforcing the law." The dissenting Justices also noted
that anonymity is included in the right to privacy, which in turn is
protected during pre-arrest frisks performed by officers. The Supreme Court will hear oral arguments in the case early next
year. Nevada Revised Statute 171.123(3) is available at:
The Nevada Supreme Court opinion is available at:
For background information, see EPIC's Hiibel v. Nevada Page at:
[2] Senate Approves Weak Spam Legislation
On October 22 the Senate unanimously passed anti-spam legislation that
would set a federal standard, preempting the laws of more than 35
states that have attempted to reduce the number of unsolicited
commercial e-mails. The legislation, S. 877, known as the Can-Spam
Act of 2003, was enacted to attack the 13 billion e-mails that clog
e-mail in-boxes across the globe each day. Yet, the preemption
provision would do away with some stronger state privacy regulations,
such as the regulations that just were signed into law by Gov. Gray
Davis in California.
The Act, sponsored by Sens. Conrad Burns (R-MT) and Ron Wyden (D-OR),
originally created only civil penalties for fraudulent, unsolicited
commercial e-mails. However, Sens. Patrick Leahy (D-VT) and Orrin
Hatch (R-UT) added amendments creating criminal penalties for the acts
of disguising a commercial sender's identity or a computer's location,
cracking a computer system to send bulk spam, and sending spam from
several falsified accounts.
In addition, Sen. Charles Schumer (D-NY) added an amendment that would
give the Federal Trade Commission (FTC) the authority to create a
"do-not-spam" list similar to the "do-not-call" list implemented this
fall. However, serious technical and practical questions remain
regarding whether the FTC has the resources to enforce a do-not-spam
list, especially as the agency currently does not pursue individual
On July 18, thirteen consumer protection and public interest groups,
led by EPIC, sent a letter to Congress urging enactment of certain key
provisions to assure strong anti-spam protection. Those provisions
included an opt-in system for the receipt of bulk commercial e-mails,
private rights of action, international collaboration and no
preemption of stronger state laws. None of these provisions are
included in the Can-Spam Act; in fact, just the opposite; the Act sets
out an opt-out scheme, provides for no private right of action or
international collaboration, and preempts all state law.
In addition, the Act appears to legalize non-fraudulent spam, and
includes a very broad exception for any business that has obtained a
recipient's e-mail address in any way from the recipient. The broad
exceptions will likely lead to more and more businesses requiring an
e-mail address to access the company's site or for any transaction
with a recipient, allowing the business to then legally spam.
A survey of state spam laws is available at:
The text of the Can-Spam Act is available at:
For background information, see EPIC's Spam Page at:
[3] Maryland Legislators Question Voting Machine Report
Two Democratic legislators in Maryland have called for an independent
audit of the computerized voting machines the state recently
contracted to purchase from Diebold Election Systems, Inc. In a
letter to the director of the Maryland Department of Legislative
Services, Sen. Paula C. Hollinger (D-Baltimore County) and Del. Sheila
Ellis Hixson (D-Montgomery) expressed concern that a report issued in
September by Science Application International Corp. (SAIC) on
security weaknesses in the system was not reliable and requested an
unbiased examination.
Computer scientists from Johns Hopkins and Rice Universities released
a study in July that found serious security weaknesses in Diebold's
Accu-Vote TS voting system. In response, Maryland Governor Robert L.
Ehrlich (R) commissioned a report by SAIC of San Diego to investigate
the system's integrity. The SAIC study also found that Diebold's
voting machines had serious security vulnerabilities, but went on to
state that the authors of the Hopkins study "did not have a complete
understanding of the State of Maryland's implementation of the
AccuVote-TS voting system, and the election process controls or
environment." The SAIC study followed with recommendations for how to
remedy the machines security flaws. Based on this report and steps
taken by Diebold, Governor Ehrlich gave the state the go-ahead to
install the system, which it has begun to do.
Sen. Hollinger and Del. Hixson, however, have raised questions as to
the impartiality of SAIC, a research company that has had a standing
contract with the state government since 2002 for information
technology consulting. Hollinger and Hixson have called on the
Department of Legislative Services to look into the process used to
select SAIC and to ensure that "the SAIC analysis was objective,
balanced, impartial, and free of outside influence or other
conflicts." The legislators also expressed their displeasure with
their lack of involvement in discussing and debating the voting
machines issues that have arisen.
The Johns Hopkins Report is available at:
The Science Application International Corp. report is available at:
Gov. Ehrlich's press release on the voting systems is available at:
[4] Worldwide NGO Coalition Urges ICANN To Safeguard Privacy
More than 50 consumer and civil liberties organizations from 22
countries around the world have urged Internet Corporation for
Assigned Names and Numbers (ICANN) President Paul Twomey to limit the
use and scope of the WHOIS database to its original purpose (the
resolution of technical network issues) and to establish strong
privacy protections based on internationally accepted privacy
standards. ICANN recently met in Carthage, Tunisia, to discuss the
privacy issues surrounding the use of the WHOIS database.
ICANN is the non-profit corporation that is assuming responsibility
from the United States Government for coordinating certain Internet
technical functions, including the management of the Internet domain
name system. WHOIS is a database that contains information for every
registered Internet domain. It includes registrant's contact
information (names, postal and e-mail addresses, and telephone numbers
of technical, administrative and billing contacts); registration
status and expiration date; as well as technical information about the
domain name.
While ICANN has moved aggressively to establish accuracy requirements
for domain name registrants, the signatories of the letter asserted
that it had failed to establish corresponding protections for personal
information that is provided. ICANN's role is to ensure that the
policies developed for the WHOIS database respect the privacy of every
individual who registers Internet domains. This includes implementing
reduced access, purpose specification, minimal data collection and
legitimate secondary use requirements, compatible with international
privacy standards. The publication of individuals' registration
information on the Internet through the WHOIS database cannot be
mandatory, and the disclosure of WHOIS information to a law
enforcement official, or in the context of civil litigation, must be
pursuant to explicit legal authority set out in statute.
The use and management of the WHOIS database without adequate data
protection safeguards raises serious risks for domain name holders,
not only to their right to privacy, but also to their freedom of
expression. Many users, particularly in the non-commercial world,
have valid reasons to conceal their identities while registering
domain names. Political, cultural, and religious groups, as well as
media organizations, non-profits and public interest groups around the
world rely on anonymous access to the Internet to publish their
messages. Anonymity is critical for them to avoid persecution.
The main purpose of the WHOIS database should be to resolve technical
network issues, the most important being the problem of unsolicited
commercial e-mails, or "spam," the letter states. A sensible WHOIS
policy would improve contact-ability and data accuracy for network
administrators. It would not make personal information widely
accessible to third parties, particularly spammers, stalkers, and law
enforcement agents without proper legal authority. Such a policy
would not hamper lawful criminal investigations but would instead
establish necessary privacy safeguards, while reducing the risk that
the widespread availability of WHOIS information will lead to greater
fraud, more spam, and jeopardize freedom of expression.
The letter to ICANN with the list of signatories is available at:
http://www.thepublicvoice.org/whoisfrench.html (French version)
http://www.thepublicvoice.org/whoisspanish.html (Spanish version)
Information on the ICANN meeting in Carthage is available at:
For background information, see EPIC's WHOIS page at:
[5] EU Set to Implement Privacy Directive
The Directive on Privacy and Electronic Communications (2002/58/EC),
that entered into force in July 2002, must be transposed in European
Union (EU) Member States by October 31, 2003. It provides, as a
general rule, for the confidentiality of communications and related
traffic data, and prohibits, in particular, any unauthorized
listening, tapping, storage or other type of interception or
surveillance of electronic communications by persons other than users,
without users' consent. The Directive prohibits, for example,
unsolicited commercial e-mail ("spam") without the recipient's consent
(opt-in), and protects mobile phone users from precise location
tracking and surveillance. It also provides that EU Member States
may, for reasons of national security, defense, public security and
the prevention, investigation and prosecution of criminal offences,
enact legislation providing for the retention of traffic and location
data by telecommunications operators.
So far Austria, Belgium, Denmark, and Italy have implemented the
opt-in regime for unsolicited commercial e-mail, while eight EU
countries have adopted laws providing for the retention of traffic
data for periods ranging from three months to a year. A Council of
the EU Framework Decision is currently being drafted that would compel
every Member State to implement EU-wide uniform data retention rules
for periods ranging from 12 to 24 months.
The road to the implementation of Directive 2002/58 in the area of
data retention is bumpy, as several privacy experts and EU
institutions have criticized the concept that traffic data of all
users of electronic communications should be retained for long
periods. In January 2003, the Data Protection Working Party - Article
29 recommended that electronic communications traffic data, collected
in connection with services that have been paid for, be kept for a
maximum of three to six months in order to comply with EU data
protection rules. At the International Conference of Privacy
Commissioners in Cardiff in September 2002, the European Data
Protection Commissioners declared that keeping "all kinds of traffic
data for a period of one year or more would be clearly
disproportionate and therefore unacceptable in any case." A recent
legal opinion by Privacy International and the international law firm
of Covington & Burling, that reviews the compatibility of data
retention provisions in Europe with the existing legal framework,
concludes that "the data retention regime envisaged by the [EU]
Framework Decision, and now appearing in various forms at the Member
State level, is unlawful" with regard to Article 8 of the European
Convention on Human Rights and the case law of the European Court of
Human Rights.
Directives are a form of EU regulation that are binding for Member
States, but only as to the result to be achieved. They leave the
national authorities choose the form and methods of their
implementation. The rules of law applicable in each Member State are
the national laws implementing the directives and not the directive
itself. However, the directive has a "direct effect" on individuals:
it grants them rights that can be upheld by national courts in their
respective countries if their governments have not implemented the
directive by the set deadline.
The text of Directive 2002/58/EC is available at:
For background information, see EPIC's International Data Retention
page at:
[6] News in Brief
The Senate will consider legislation to amend the federal Fair Credit
Reporting Act early next week that, if passed, will invalidate state
privacy and identity theft laws. The legislation, S. 1753, will
permanently preempt state financial privacy laws, and bar states from
passing legislation to restrict affiliate information sharing.
Affiliate sharing represents a major threat to individuals' privacy,
as it allows banks to exchange Social Security Numbers, balances,
payment, purchase, and other information to an unlimited degree.
Large banks have sought broad affiliate sharing relationships, arguing
that it lowers costs to consumers. But a 2003 report by the Federal
Reserve indicates that fees at large banks are up, and the number of
services offered are shrinking. Furthermore, provisions in the
legislation have been engineered to reduce states' ability to pass
identity theft laws.
Sens. Boxer (D-CA) and Feinstein (D-CA) are supporting an amendment to
the legislation that would create an opt-out right for affiliate
sharing that closely resembles consumer protections in California's
Senate Bill 1 passed earlier this year (See EPIC Alert 10.17). A
broad coalition of groups, including Consumers Union, AARP, and U.S.
PIRG, are urging individuals to contact the Senate in support of the
Boxer/Feinstein Amendment.
The text of S. 1753, National Consumer Credit Reporting System
Improvement Act of 2003, is available at:
The Federal Reserve Annual Report on Retail Fees and Services of
Depository Institutions is available at:
The Boxer/Feinstein Amendment page is at:
Consumers Union's FCRA Action Page is at:
US PIRG's FCRA Action Page is at:
For background information, see EPIC's FCRA page at:
As radio frequency identification (RFID) technology is being applied
in more and more ways, the U.S. and local governments are coming up
with their own applications and MIT is getting out of the business
altogether. The U.S. government announced plans to employ RFID tags
in supplies for the nation's defense by 2005. The Department of
Defense presented plans earlier this month to attach RFID tags to all
military supplies -- from tanks and weapons to crates of food -- in
order to keep better tabs on the items. On a local level, the San
Francisco Public Library wants to keep better watch over the city's
library books. The plan, also predicted to be functional by 2005,
would tag the library's 2 million books, CDs and other materials that
are accessible to patrons. Library officials assure that the tags
would be deactivated before a patron left with the books, but concerns
still linger over the retention and accessibility of the information
generated by the tags. Finally, MIT announced that RFID technology
has gone beyond the university's mission. The technology, now beyond
the research stage and into the deployment stage, has been handed off
to the global research company EPCglobal to oversee international
standards. The transfer rids MIT of not only the technology for a
time, but also the barrage of public relations attacks from those
opposed to the privacy implications.
For background information, see EPIC's RFID page at:
http://www.epic.org/privacy/rfid/ U.S. POST OFFICE PROPOSES SENDER ID
On October 21, the United States Postal Service proposed new
requirements for sender identification for users of "discount" mail
rates. Under the system, discount mail senders would have to identify
themselves in order to "facilitate investigations into the origin of
suspicious mail." The notice cited a report issued by the President's
Commission on the United States Postal Service that recommended a
system of "intelligent mail" for the country, one in which all senders
would be required to identify themselves on the mail piece. The
Postal Service explained that "requiring sender-identification for
discount rate mail is an initial step on the road to intelligent
On October 28, the Postal Service announced that it would withdraw the
notice requiring sender identification and reissue it, claiming that
the notice, "has caused misunderstanding in some quarters."
Information on Sender-Identified Mail: Enhanced Requirement for
Discount Rate Mailings is available at:
The Postal Notice Announcing Withdrawal, Reissuance of Sender ID
Requirements is available at:
http://www.epic.org/redirect/postalnotice.html SENATORS CALL FOR JETBLUE INVESTIGATION
On October 17, three ranking members of the U.S. Senate sent a letter
to Secretary of Defense Donald Rumsfeld questioning the legality of a
government contractor's transaction with JetBlue Airways.
Governmental Affairs Committee Chairman Susan Collins (R-ME) and
ranking Democrat Joseph Lieberman (D-CT) as well as Armed Services
Committee ranking member Carl Levin (D-MI) urged Rumsfeld to explain
why a government contractor, Torch Concepts, collected more than five
million passenger names, addresses, phone numbers and travel
itineraries from JetBlue. The Senators asked Rumsfeld whether he had
requested an investigation of possible violation of federal privacy
protection laws by both Torch Concepts and the Department of Defense.
They believe that the database established by Torch Concepts may be
covered under the Privacy Act of 1974, in which case the DOD and Torch
Concepts could be in violation for failure to publish notice of the
collection and for sharing the data between agencies.
The text of the Senators' letter to Secretary Rumsfeld is available at:
For background information on the data transfer, see EPIC's Passenger
Profiling page at:
[7] EPIC Bookstore: How to Get Anything on Anybody
Lee Lapin, How to Get Anything on Anybody Book 3. Intelligence
Here, 2003.
EPIC recently received a free copy of Lee Lapin's third installment of
"How to Get Anything on Anybody," which is the "Bible" of privacy
invasion. The promotional materials accompanying the book poke fun at
federal investigators, pointing out that for all of their recent
intelligence failures, they did find Patty Hearst. Lapin's new
publication promises to put readers "ahead of most federal
intelligence agencies when it comes to cutting edge electronic
surveillance, people tracking, asset discovery and dossier
Although the book is a step-by-step guide to committing, in some
cases, illegal activity, it provides valuable insights on
investigatory measures and on protecting privacy. Some of the
investigatory advice is on simple social engineering, and surveillance
techniques that are known to individuals with basic knowledge of
electronics. However, some of Lapin's tricks are brilliant,
especially in regard to avoiding privacy violations. It, for
instance, points out that in order to avoid pretexting, one should
never give personal information over the phone -- even confirming
one's name can provide a hook for a smart investigator to pretext. He
recommends that if a bank or other company calls, the individual
should call the business back, thereby reducing impostors' chances of
tricking you into providing personal information.
Chapters in Lapin's book on "How to Hide a Message" are followed by
chapters on "How to Detect Hidden Messages." The book also contains a
list of 30 sources for individuals' Social Security Numbers, further
pointing out that uncontrolled collection of the identifier raises
serious privacy risks. The book contains a list of 104 rules to live
under the surveillance radar, which include the obvious, such as
"don't sue anyone," to the more obscure, including avoiding the use of
toll-free numbers, as embedded systems transmit your name and address
to the company when you dial them.

--Chris Jay Hoofnagle
================================ EPIC Publications: "The Privacy Law Sourcebook 2002: United States Law, International Law, and Recent Developments," Marc Rotenberg, editor (EPIC 2002). Price: $40. http://www.epic.org/bookstore/pls2002/ The "Physicians Desk Reference of the privacy world." An invaluable resource for students, attorneys, researchers and journalists who need an up-to-date collection of U.S. and International privacy law, as well as a comprehensive listing of privacy resources. ================================ "FOIA 2002: Litigation Under the Federal Open Government Laws," Harry Hammitt, David Sobel and Mark Zaid, editors (EPIC 2002). Price: $40. http://www.epic.org/bookstore/foia2002/ This is the standard reference work covering all aspects of the Freedom of Information Act, the Privacy Act, the Government in the Sunshine Act, and the Federal Advisory Committee Act. The 21st edition fully updates the manual that lawyers, journalists and researchers have relied on for more than 25 years. For those who litigate open government cases (or need to learn how to litigate them), this is an essential reference manual. ================================ "Privacy & Human Rights 2003: An International Survey of Privacy Laws and Developments" (EPIC 2002). Price: $35. http://www.epic.org/bookstore/phr2003/ This survey, by EPIC and Privacy International, reviews the state of privacy in over fifty-five countries around the world. The survey examines a wide range of privacy issues including data protection, passenger profiling, genetic databases, video surveillance, ID systems and freedom of information laws. ================================ "Filters and Freedom 2.0: Free Speech Perspectives on Internet Content Controls" (EPIC 2001). Price: $20. http://www.epic.org/bookstore/filters2.0/ A collection of essays, studies, and critiques of Internet content filtering. These papers are instrumental in explaining why filtering threatens free expression. ================================ "The Consumer Law Sourcebook 2000: Electronic Commerce and the Global Economy," Sarah Andrews, editor (EPIC 2000). Price: $40. http://www.epic.org/cls/ The Consumer Law Sourcebook provides a basic set of materials for consumers, policy makers, practitioners and researchers who are interested in the emerging field of electronic commerce. The focus is on framework legislation that articulates basic rights for consumers and the basic responsibilities for businesses in the online economy. ================================ "Cryptography and Liberty 2000: An International Survey of Encryption Policy," Wayne Madsen and David Banisar, authors (EPIC 2000). Price: $20. http://www.epic.org/bookstore/crypto00&/ EPIC's third survey of encryption policies around the world. The results indicate that the efforts to reduce export controls on strong encryption products have largely succeeded, although several governments are gaining new powers to combat the perceived threats of encryption to law enforcement. ================================ EPIC publications and other books on privacy, open government, free expression, crypto and governance can be ordered at: EPIC Bookstore http://www.epic.org/bookstore/ "EPIC Bookshelf" at Powell's Books http://www.powells.com/features/epic/epic.html ====================================================================== [8] Upcoming Conferences and Events ====================================================================== IAPP Privacy and Data Security Academy and Expo. October 29-31, 2003. Chicago, IL. For more information: http://www.privacyassociation.org Business for Social Responsibility Annual Conference - Building and Sustaining Solutions. November 11-14. Los Angeles, CA. For more information: http://www.bsr.org RFID Privacy Workshop. Massachusetts Institute of Technology. November 15, 2003. Boston, Massachusetts. For more information: http://www.rfidprivacy.org Trespassing in Cyberspace. Justice Talking - National Public Radio.
November 18, 2003. Philadelphia, PA. For more information:
http://www.justicetalking.org. American Society of Access Professionals Workshop. November 18-19, 2003. St. Louis, Missouri. For more information: http://www.acesspro.org Media Freedoms and the Arab World. The Arab Archives Institute. December 6-8, 2003. Amman, Jordan. For more information: email aainstitute@yahoo.com or see http://www.ijnet.org/FE_Article/newsarticle.asp?UILang=1&CId=115794& CIdLang=1. WHOLES - A Multiple View of Individual Privacy in a Networked World. Swedish Institute of Computer Science. January 30-31, 2004. Stockholm, Sweden. For more information: http://www.sics.se/privacy/wholes2004. O'Reilly Emerging Technology Conference. February 9-12, 2004. San
Diego, CA. For more information: http://conferences.oreilly.com/etech. Securing Privacy in the Internet Age. Stanford Law School. March 13-14, 2004. Palo Alto, CA. For more information: http://cyberlaw.stanford.edu/privacysymposium/. International Conference on Data Privacy and Security in a Global Society. Wessex Institute. May 11-14, 2004. Skiathos, Greece. For more information: http://www.wessex.ac.uk/conferences/2004/datasecurity04/index.html. O'Reilly Open Source Convention. July 26-30, 2004. Portland, OR. For
more information: http://conferences.oreilly.com/oscon. ====================================================================== Subscription Information ====================================================================== Subscribe/unsubscribe via Web interface: http://mailman.epic.org/cgi-bin/mailman/listinfo/epic_news Subscribe/unsubscribe via e-mail: To: epic_news-request@mailman.epic.org Subject: "subscribe" or "unsubscribe" (no quotes) Automated help with subscribing/unsubscribing: To: epic_news-request@mailman.epic.org Subject: "help" (no quotes) Problems or questions? e-mail < info@epic.org> Back issues are available at: http://www.epic.org/alert/ The EPIC Alert displays best in a fixed-width font, such as Courier. ====================================================================== Privacy Policy ====================================================================== The EPIC Alert mailing list is used only to mail the EPIC Alert and to send notices about EPIC activities. We do not sell, rent or share our mailing list. We also intend to challenge any subpoena or other legal process seeking access to our mailing list. We do not enhance (link to other databases) our mailing list or require your actual name. In the event you wish to subscribe or unsubscribe your e-mail address from this list, please follow the above instructions under "subscription information". Please contact info@epic.org if you would like to change your subscription e-mail address, if you are experiencing subscription/unsubscription problems, or if you have any other questions. ====================================================================== About EPIC ====================================================================== The Electronic Privacy Information Center is a public interest research center in Washington, DC. It was established in 1994 to focus public attention on emerging privacy issues such as the Clipper Chip, the Digital Telephony proposal, national ID cards, medical record privacy, and the collection and sale of personal information. EPIC publishes the EPIC Alert, pursues Freedom of Information Act litigation, and conducts policy research. For more information, e-mail info@epic.org, http://www.epic.org or write EPIC, 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009. +1 202 483 1140 (tel), +1 202 483 1248 (fax). If you'd like to support the work of the Electronic Privacy Information Center, contributions are welcome and fully tax-deductible. Checks should be made out to "EPIC" and sent to 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009. Or you can contribute online at: http://www.epic.org/donate/ Your contributions will help support Freedom of Information Act and First Amendment litigation, strong and effective advocacy for the right of privacy and efforts to oppose government regulation of encryption and expanding wiretapping powers. Thank you for your support. ---------------------- END EPIC Alert 10.22 ---------------------- .