EPIC logo



=======================================================================
                           E P I C  A l e r t
=======================================================================
Volume 11.02                                           January 29, 2004
-----------------------------------------------------------------------

                            Published by the
              Electronic Privacy Information Center (EPIC)
                            Washington, D.C.

            http://www.epic.org/alert/EPIC_Alert_11.02.html

======================================================================
Table of Contents
======================================================================

[1] EPIC FOIA Docs: Northwest Gave NASA Info on Millions of Passengers 
[2] Docs Show Treasury Dept. Sided with Industry on Privacy Law 
[3] Bush Urges USA PATRIOT Act Renewal in State of the Union Address 
[4] Report Finds "Fundamental" Flaws in Pentagon E-Voting System
[5] Bruce Schneier: "Moving Towards Universal Surveillance"
[6] News in Brief
[7] EPIC Bookstore: The Privacy Law Sourcebook 2003
[8] Upcoming Conferences and Events

======================================================================
[1] EPIC FOIA Docs: Northwest Gave NASA Info on Millions of Passengers 
======================================================================

EPIC has obtained documents through the Freedom of Information Act
(FOIA) revealing that Northwest Airlines provided the National
Aeronautics and Space Administration (NASA) with three months of
passenger information for research purposes.

Confirmation of the disclosure came after a two-year effort by EPIC to
obtain information about the government's post-9/11 development of air
travel security measures.  In July 2002, EPIC received documents from
the Transportation Security Administration showing that NASA met with
Northwest officials in December 2001 to discuss NASA research,
including the development of "non-invasive neuro-logic sensors" as
well as passenger screening technology.  Days later, NASA asked that
Northwest provide "system-wide Northwest Airlines passenger data from
July, August and September 2001" for use in NASA's "research and
development work."

In September 2003, it was reported that JetBlue Airways turned over
passenger information to a Defense Department contractor for use in a
data mining and passenger profiling study.  At the time, a Northwest
official told the New York Times, "we do not provide that type of
information to anyone."  In the wake of the JetBlue incident, EPIC
submitted a FOIA request to NASA asking for records related to
negotiations for passenger information with Northwest or other
airlines.  In response, NASA provided EPIC documents confirming that
Northwest gave NASA three months of passenger information for use in a
data mining and passenger profiling study.  The documents show that in
September 2003 NASA returned to Northwest the CDs on which the
passenger data were provided, after retaining the data for nearly two
years.  In an e-mail message to Northwest, a NASA researcher noted,
"you may have heard about the problems that JetBlue is now having
after providing passenger data for a project similar to ours."

EPIC has filed a complaint with the Department of Transportation,
alleging that Northwest's disclosure of passenger information without
passengers' consent violated Northwest's publicly posted privacy
policy and constitutes an unfair and deceptive trade practice.  EPIC
has also filed suit against NASA to obtain additional documents about
the disclosure that the agency has withheld.

The FOIA documents obtained by EPIC from NASA are available at:

     http://www.epic.org/privacy/airtravel/nasa/

EPIC's complaint to the Department of Transportation against Northwest
is available at:

     http://www.epic.org/privacy/airtravel/nwa_comp.pdf

The complaint in EPIC's FOIA suit against NASA is available at:

     http://www.epic.org/privacy/airtravel/nasa_comp.pdf

For more information about air travel privacy, see EPIC's Air Travel
Privacy Page:

     http://www.epic.org/privacy/airtravel/

For more information about passenger profiling, see EPIC's Profiling
Page:

     http://www.epic.org/privacy/profiling/

======================================================================
[2] Docs Show Treasury Dept. Sided with Industry on Privacy Law
======================================================================

EPIC has obtained 230 pages of records from the Department of the
Treasury regarding industry lobbying on recent amendments to the Fair
Credit Reporting Act.  The documents focus on preemption -- whether
Congress should supercede state financial privacy laws.  The financial
services industry lobbied strongly in favor of weak federal law that
would preempt stronger state regulation and protect the continued sale
of personal information.  Consumer advocates argued against preemption
so that states could pass stronger laws to protect privacy and curb
identity theft.  The documents show that pro-preemption special
interest groups had extensive access to agency decisionmakers and gave
insight into policy-making processes at the agency.  Ultimately, the
Treasury Department supported preemption, reasoning that a national
standard was necessary for access to credit and for addressing
identity theft.

The documents show that the agency was inundated with requests from
special interest groups to meet and discuss FCRA preemption.  These
requests came from such entities as the Consumer Data Industry
Association, Alston & Bird, General Motors, Proctor & Gamble, JP
Morgan Chase, Wells Fargo, Capital One, Morgan Stanley, Financial
Services Roundtable, Experian, and the "Partnership to Protect
Consumer Credit."  (See EPIC Alert 10.06.)  It appears that the
Treasury Department discussed preemption with only two individuals
with consumer perspectives, and one of those consultations occurred
over e-mail.

By January 2003, senior officials had already decided to support
preemption of state laws.  On January 27, 2003, Assistant Secretary
for Financial Institutions Wayne Abernathy sent an e-mail discussing
writing an article in favor of preemption for an industry-oriented
newsletter, noting that the publication "could give us an opportunity
to test our message on a friendly audience."  The Treasury Department
announced its support for preemption formally in March 2003.

Preemption involves complex issues that dogged even the authors of the
Federalist Papers.  Both proponents and opponents of preemption have
strong arguments, but it appears as though the Department of the
Treasury did not weigh these views.  The documents are devoid of
policy analysis; they contain only policy conclusions that are highly
favorable to the financial services industry.

The agency did withhold documents that could contain policy analysis,
but the overall nature of the Freedom of Information Act material
suggests that no policy debate took place.  EPIC has filed an appeal
to obtain these withheld documents.

Documents EPIC received from the Department of the Treasury are
available at:
 
     http://www.epic.org/privacy/preemption/treasfcrafoia.pdf

For more information about preemption, see EPIC's Preemption Page:
 
     http://epic.org/privacy/preemption/

======================================================================
[3] Bush Urges USA PATRIOT Act Renewal in State of the Union Address 
======================================================================

In his annual State of the Union address on January 20, President Bush
urged Congress to renew controversial provisions of the USA PATRIOT
Act, many which will sunset in December 2005.  "The terrorist threat
will not expire on that schedule," he said.

President Bush's plan to ease the fear of terrorist attacks focuses on
"tracking terrorist threats," "patrolling our coasts and borders," and
"examining airline passenger lists."  "[W]e must continue to give our
homeland security and law enforcement personnel every tool they need
to defend us," Bush stressed, pointing to the USA PATRIOT Act as "one of
those essential tools."  "If these methods are good for hunting
criminals, they are even more important for hunting terrorists," he
stated.  Two of the more controversial provisions of the Act
set to expire next year allow the government to seize library patronís
records without giving notice and conduct Internet surveillance
without a warrant.

President Bush continued to focus on the USA PATRIOT Act in the days
following the State of the Union speech, pledging more money for law
enforcement and surveillance in order to expand the powers of the law.
 His proposed policy of increased defense funding would amount to $2.8
billion in additional domestic defense spending (a 9.7% increase
overall) and almost $500 million more in counterterrorism financing
for the Department of Justice (a 19% increase overall).

Meanwhile, a federal judge this week struck down a portion of the USA
PATRIOT Act as unconstitutional.  Humanitarian groups seeking to
distribute informational material to refugees challenged the provision
that made it illegal to give expert advice or assistance to groups
considered foreign organizations sponsoring terror.  As to the
contested provision, the judge wrote:  "The USA Patriot Act places no
limitation on the type of expert advice and assistance which is
prohibited, and instead bans the provision of all expert advice and
assistance regardless of its nature," violating the right to freedom
of speech.

The text of the State of the Union address is available at:

     http://www.whitehouse.gov/news/releases/2004/01/20040120-7.html

For more information about the PATRIOT Act, see EPIC's USA PATRIOT Act
Page:

     http://www.epic.org/privacy/terrorism/usapatriot/

======================================================================
[4] Report Finds "Fundamental" Flaws in Pentagon E-Voting System 
======================================================================

A recent peer review study of an Internet-based voting system
developed by the Pentagon found "fundamental" security risks and
recommended that the system not be used in the 2004 general election. 
The report, released by the Security Peer Review Group of the Federal
Voting Assistance Program, reviewed the election system known as the
Secure Electronic Registration and Voting Experiment (SERVE).  SERVE
is intended to allow personnel to vote in their local elections over
the Internet, from anywhere in the world.  SERVE is slated to be
available for use by citizens abroad and military personnel from seven
states to vote in the 2004 general elections.

The report found that SERVE suffered from various security weaknesses
found in other electronic voting systems, and more fundamental
security problems due to its reliance on the Internet.  SERVE lacks a
paper audit feature, and is also vulnerable to common Internet
attacks, such as viruses or hacking.  Moreover, the report found that
SERVE was vulnerable to a broad range of threats, from lone
individuals manipulating the system to well-organized attacks.  Such
incidents could result in election tampering and disenfranchisement,
affecting the results of local and presidential elections.  Further,
the report found that such assaults could go undetected.  Because of
the relative ease of perpetrating such attacks and the great damage
that would result, the report advocated that SERVE not be used at all.

The report states that these vulnerabilities stem from the
architecture of the Internet and computing.  After reviewing a number
of modifications of SERVE and determining that none addressed the
fundamental weaknesses, the report concluded that a wholesale redesign
and replacement of many of the computers on the Internet would be
required to address these problems.  The report found that the most
promising of the SERVE variations is a kiosk architecture that would
not rely on unsecured software or the Internet.

The SERVE Security Analysis Report:

     http://www.servesecurityreport.org/

Verified Voting Coalition:

     http://www.verifiedvoting.com

For more information about electronic voting, see EPIC's Voting Page:

     http://www.epic.org/privacy/voting/

======================================================================
[5] Bruce Schneier: "Moving Towards Universal Surveillance"
======================================================================

Last week the Supreme Court let stand the Justice Department's right
to secretly arrest non-citizen residents.  Combined with the
government's power to designate foreign prisoners of war as "enemy
combatants" in order to ignore international treaties regulating their
incarceration, and their power to indefinitely detain U.S. citizens
without charge or access to an attorney, the United States is looking
more and more like a police state.

Since 9/11, the Justice Department has asked for, and largely
received, additional powers that allow it to perform an unprecedented
amount of surveillance of American citizens and visitors.  The USA
PATRIOT Act, passed in haste after 9/11, started the ball rolling.  In
December, a provision slipped into an appropriations bill allowing the
FBI to obtain personal financial information from banks, insurance
companies, travel agencies, real estate agents, stockbrokers, the U.S.
Postal Service, jewelry stores, casinos, and car dealerships without a
warrant--because they're all construed as financial institutions. 
Starting this year, the U.S. government is photographing and
fingerprinting foreign visitors into this country from all but 27
other countries.

The litany continues.  CAPPS-II, the government's vast computerized
system for probing the backgrounds of all passengers boarding flights,
will be fielded this year.  Total Information Awareness, a program
that would link diverse databases and allow the FBI to collate
information on all Americans, was halted at the federal level after a
huge public outcry, but is continuing at a state level with federal
funding.  Over New Year's, the FBI collected the names of 260,000
people staying at Las Vegas hotels.  More and more, at every level of
society, the "Big Brother is Watching You" style of total surveillance
is slowly becoming a reality.

Security is a trade-off.  It makes no sense to ask whether a
particular security system is effective or not -- otherwise you'd all
be wearing bulletproof vests and staying immured in your home.  The
proper question to ask is whether the trade-off is worth it.  Is the
level of security gained worth the costs, whether in money, in
liberties, in privacy, or in convenience?

This is a personal decision, and one greatly influenced by the
situation.  For most of us, bulletproof vests are not worth the cost
and inconvenience.  For some of us, home burglar alarm systems are.
And most of us lock our doors at night.

Terrorism is no different.  We need to weigh each security
countermeasure.  Is the additional security against the risks worth
the costs?  Are there smarter things we can be spending our money on? 
How does the risk of terrorism compare with the risks in other aspects
of our lives: automobile accidents, domestic violence, industrial
pollution, and so on?  Are there costs that are just too expensive for
us to bear?

Unfortunately, it's rare to hear this level of informed debate.  Few
people remind us how minor the terrorist threat really is.  Rarely do
we discuss how little identification has to do with security, and how
broad surveillance of everyone doesn't really prevent terrorism.  And
where's the debate about what's more important: the freedoms and
liberties that have made America great or some temporary security?

Instead, the DOJ (fueled by a strong police mentality inside the
Administration) is directing our nation's political changes in
response to 9/11.  And it's making trade-offs from its own subjective
perspective: trade-offs that benefit it even if they are to the
detriment of others.

From the point of view of the DOJ, judicial oversight is unnecessary
and unwarranted; doing away with it is a better trade-off.  They think
collecting information on everyone is a good idea, because they are
less concerned with the loss of privacy and liberty.  Expensive
surveillance and data mining systems are a good trade-off for them
because more budget means even more power.  And from their
perspective, secrecy is better than openness; if the police are
absolutely trustworthy, then there's nothing to be gained from a
public process.

If you put the police in charge of security, the trade-offs they make
result in measures that resemble a police state.

This is wrong.  The trade-offs are larger than the FBI or the DOJ.
Just as a company would never put a single department in charge of its
own budget, someone above the narrow perspective of the DOJ needs to
be balancing the country's needs and making decisions about these
security trade-offs.

The laws limiting police power were put in place to protect us from
police abuse.  Privacy protects us from threats by government,
corporations, and individuals.  And the greatest strength of our
nation comes from our freedoms, our openness, our liberties, and our
system of justice.  Ben Franklin once said: "Those who would give up
essential liberty for temporary safety deserve neither liberty nor
safety."  Since 9/11 Americans have squandered an enormous amount of
liberty, and we didn't even get any temporary safety in return.

[Bruce Schneier is the CTO of Counterpane Internet Security, Inc., and
the author of "Beyond Fear: Thinking Sensibly About Security in an
Uncertain World."]

     http://www.schneier.com/

======================================================================
[6] News in Brief
======================================================================

PA SUPREME COURT: INTERNET USERS CONSENT TO MONITORING

The Supreme Court of Pennsylvania has held that an individual using
the Internet should reasonably expect that his communications are
monitored by police.  In Commonwealth v. Proetto, a man convicted of
soliciting a teenage girl on the Internet argued that it was illegal
for law enforcement officers to monitor his Internet communications
without a warrant.  Though the court chose not to issue an opinion, it
ruled in favor the police, finding that there is no reasonable
expectation of privacy on the Internet and that the police did not
break Pennsylvania's wiretap law when they monitored the man's online
communications.

 Lower court opinion in Commonwealth v. Proetto:

     http://www.aopc.org/opposting/supreme/out/a44007_00.pdf

Order of the Supreme Court of Pennsylvania:

     http://www.aopc.org/opposting/supreme/out/j-169-2002pco.pdf

Concurring statement of Justice Newman:

     http://www.aopc.org/opposting/supreme/out/j-169-2002cs.pdf


REPS QUESTION WHETHER US-VISIT WILL STOP TERRORISTS

The House Homeland Security Subcommittee on Infrastructure and Border
Security held a hearing Wednesday on US-VISIT, the government's new
program that tracks the travel of foreign nationals to and from the
United States.  Several members of the Subcommittee expressed doubt
about US-VISIT's validity as a counterterrorism tool.  However, Asa
Hutchinson, Undersecretary for the Department of Homeland Security's
Border and Transportation Security directorate, focused his testimony
on US-VISIT's law enforcement capablilities.  Hutchinson testified
that program has helped to apprehend "dozens of individuals who
matched various criminal databases," none of whom has any apparent
terrorist connection.  "We have significantly increased our ability to
catch criminals," Hutchinson said.

Select Committee on Homeland Security's Media Advisory on the hearing:

     http://hsc.house.gov/release.cfm?id=119

For more information about US-VISIT, see EPIC's US-VISIT Page:

     http://www.epic.org/privacy/us-visit


IRS BACKS DOWN ON E-FILER TRACKING 

The IRS has reversed a decision to place electronic flags on taxpayers
using the IRS "Free File" program after receiving numerous privacy
complaints from consumers and private tax preparation companies.  The
IRS had announced that it would require private tax preparation
companies to flag customers to evaluate the effectiveness of Free
File.  However, several software companies participating in Free File
expressed privacy concerns, and one company left the program
altogether. The Free File program allows certain taxpayers in eligible
categories to file their taxes electronically for free through private
software companies.  A coalition of consumer groups, including EPIC,
has previously warned of misuse of consumer data by Free File tax
preparation companies.

IRS Free File Page:

     http://www.irs.gov/efile/article/0,,id=118986,00.html

EPIC's Letter to the Department of Treasury warning of misuse of
personal filing information by Free File companies is available at:

     http://www.pirg.org/consumer/ral03march.pdf

For more information about taxpayer privacy, see EPIC's IRS Page: 

     http://www.epic.org/privacy/databases/irs/


EPIC URGES ATTORNEYS GENERAL TO SUPPORT ID THEFT VICTIMS

EPIC and over a dozen consumer protection organizations have sent a
letter to State Attorneys General nationwide urging them to accept ID
theft affidavits.  Acceptance of the affidavits allows ID theft
victims to exercise important rights under the recently-amended Fair
Credit Reporting Act.  The amendments give ID theft victims the
ability to seek an extended, seven-year fraud alert and to block
information in their credit file.
 
Coalition Letter on ID Theft Affidavits:
 
     http://www.epic.org/privacy/fcra/factagltr1.15.04.pdf

For more information about the Fair Credit Reporting Act, see EPIC's
FCRA Page:
 
     http://www.epic.org/privacy/fcra/


FTC:  TELEMARKETERS MUST IDENTIFY THEMSELVES ON CALLER ID      

Another requirement imposed by the Federal Trade Commission (FTC) rule
establishing the Do-Not-Call Registry takes effect today, as
telemarketers must identify themselves to consumers with Caller ID.
The FTC now requires telemarketers to display the name of the company
making the sale or the firm placing the call.  Telemarketers must also
display a phone number which individuals may call to request that the
company or firm not call again.

The National Do-Not-Call Registry:

     http://www.donotcall.gov

For more information on the Do-Not-Call Registry, see EPIC's
Do-Not-Call Registry Page:

     http://www.epic.org/privacy/telemarketing/dnc/


TASK FORCE TO EXAMINE NEW INTERNET PROTOCOL VERSION
            
A task force established by the Secretary of Commerce will consider
the implications of deploying Internet Protocol version 6 (IPv6) in
the United States.  The Internet Protocol (IP) is a technical standard
that allows computers and other devices to communicate with each other
over networks, many of which connect to form the Internet.  By
providing a common format for the transmission of information across
the Internet, IP facilitates communication among a variety of
different networks and devices.  The public is invited to comment on
variety of IPv6-related issues including: (1) the benefits and
possible uses of IPv6; (2) current domestic and international
conditions regarding the deployment of IPv6; (3) economic, technical
and other barriers to deployment of IPv6; and (4) the appropriate role
for the U.S. government in the deployment of IPv6.

For more information on IPv6 and how to submit comments, see the
Department of Commerce's Federal Register Notice:

     http://www.epic.org/redirect/ipv6.html

======================================================================
[7] EPIC Bookstore: The Privacy Law Sourcebook 2003
======================================================================

JUST PUBLISHED!

Privacy Law Sourcebook 2003
560 pages, $40.00

     http://www.epic.org/bookstore/pls2003/

     "The Privacy Law Sourcebook belongs front and center on
     the desk of every Information Age lawyer.  It provides an
     indispensable map to the maze that is modern privacy law."

                 - Prof. Paul M. Schwartz, Brooklyn Law School

The Privacy Law Sourcebook is the leading resource for students,
attorneys, researchers, and journalists interested in privacy law in
the United States and around the world.  It includes the full text of
major privacy laws and directives such as the Fair Credit Reporting
Act, Privacy Act, Freedom of Information Act, Family Educational
Rights and Privacy Act, Right to Financial Privacy Act, Privacy
Protection Act, Cable Communications Policy Act, Electronic
Communications Privacy Act, Video Privacy Protection Act, OECD Privacy
Guidelines, OECD Cryptography Guidelines, and European Union Data
Directive for Data Protection and Commerce.

The Privacy Law Sourcebook is updated and expanded for 2003.  New
materials include the privacy provisions of the Homeland Security Act
and the E-Government Act, the European Commission statement on air
passenger record transfers, and reports on video surveillance,
biometrics, the Internet WHOIS directories, and radio frequency
identification.  Also included is an extensive section on privacy
resources with useful Web sites and contact information for privacy
agencies, organizations, and publications.

                      ================================

EPIC Publications:

"The Privacy Law Sourcebook 2003: United States Law, International
Law, and Recent Developments," Marc Rotenberg, editor (EPIC 2003).
Price: $40. http://www.epic.org/bookstore/pls2003/

The "Physicians Desk Reference of the privacy world."  An invaluable
resource for students, attorneys, researchers and journalists who need
an up-to-date collection of U.S. and International privacy law, as
well as a comprehensive listing of privacy resources.

                      ================================

"FOIA 2002: Litigation Under the Federal Open Government Laws," Harry
Hammitt, David Sobel and Mark Zaid, editors (EPIC 2002). Price: $40.
http://www.epic.org/bookstore/foia2002/

This is the standard reference work covering all aspects of the
Freedom of Information Act, the Privacy Act, the Government in the
Sunshine Act, and the Federal Advisory Committee Act.  The 21st
edition fully updates the manual that lawyers, journalists and
researchers have relied on for more than 25 years.  For those who
litigate open government cases (or need to learn how to litigate
them), this is an essential reference manual.

                      ================================

"Privacy & Human Rights 2003: An International Survey of Privacy Laws
and Developments" (EPIC 2002). Price: $35.
http://www.epic.org/bookstore/phr2003/

This survey, by EPIC and Privacy International, reviews the state of
privacy in over fifty-five countries around the world.  The survey
examines a wide range of privacy issues including data protection,
passenger profiling, genetic databases, video surveillance, ID systems
and freedom of information laws.

                      ================================

"Filters and Freedom 2.0: Free Speech Perspectives on Internet Content
Controls" (EPIC 2001). Price: $20.
http://www.epic.org/bookstore/filters2.0/

A collection of essays, studies, and critiques of Internet content
filtering.  These papers are instrumental in explaining why filtering
threatens free expression.

                      ================================

"The Consumer Law Sourcebook 2000: Electronic Commerce and the Global
Economy," Sarah Andrews, editor (EPIC 2000). Price: $40.
http://www.epic.org/cls/

The Consumer Law Sourcebook provides a basic set of materials for
consumers, policy makers, practitioners and researchers who are
interested in the emerging field of electronic commerce.  The focus is
on framework legislation that articulates basic rights for consumers
and the basic responsibilities for businesses in the online economy.

                      ================================

"Cryptography and Liberty 2000: An International Survey of Encryption
Policy," Wayne Madsen and David Banisar, authors (EPIC 2000). Price:
$20.  http://www.epic.org/bookstore/crypto00&/

EPIC's third survey of encryption policies around the world.  The
results indicate that the efforts to reduce export controls on strong
encryption products have largely succeeded, although several
governments are gaining new powers to combat the perceived threats of
encryption to law enforcement.

                      ================================

EPIC publications and other books on privacy, open government, free
expression, crypto and governance can be ordered at:

        EPIC Bookstore
        http://www.epic.org/bookstore/

        "EPIC Bookshelf" at Powell's Books
        http://www.powells.com/features/epic/epic.html

======================================================================
[8] Upcoming Conferences and Events
======================================================================

WHOLES - A Multiple View of Individual Privacy in a Networked World.
Swedish Institute of Computer Science.  January 30-31, 2004.
Stockholm, Sweden.  For more information:
http://www.sics.se/privacy/wholes2004.

Fear: Its Political Uses And Abuses, featuring Vice President Al Gore
as Keynote Speaker.  Social Research Journal.  February 5-7, 2003. 
New York, New York.  For more information: http://www.socres.org/fear.

The New Fair Credit Reporting Act.  Privacy & American Business.
February 9-10, 2004.  Washington, DC.  Email info@pandab.org.

O'Reilly Emerging Technology Conference.  February 9-12, 2004.  San
Diego, CA.  For more information:
http://conferences.oreilly.com/etech.

Living with the New Private Sector - Privacy Law: What Your
Organization Needs to Know, a One Day Seminar and Training Session.
Riley Information Services Inc.  February 16, 2004.  Ottawa, Canada.
For more information:  http://www.rileyis.com/seminars/index.html.

Antiterrorism and the Security Agenda: Impacts on Rights, Freedoms,
and Democracy.  International Civil Liberties Monitoring Group.
February 17, 2004.  Ottawa, Ontario, Canada.  Email
publicforum@iclmg.ca.

SPAM Technology Workshop.  Computer Security Resource Center. 
February 17, 2004.  Gaithersburg, MD.  For more information:
http://csrc.nist.gov/spam.

IAPP 4th Annual Privacy & Security Summit & Expo.  February 18-20,
2004.  Washington, DC.  For more information:
http://www.privacyassociation.org/html/conferences.html.

Free Seminar on Electronic Advocacy for Nonprofits.  Confluence. 
February 18, 2004.  Washington, DC.  E-mail info@confluencecorp.com.

RSA Conference 2004 - The Art of Information Security.  February
23-27, 2004.  San Francisco, CA.  For more information:
http://www.rsaconference.com.

Third Conference on Privacy and Public Access to Court Records.
Courtroom 21 Project.  February 27-28, 2004.  Williamsburg, VA.  For
more information:  http://www.courtroom21.net.

PKC 2004: International Workshop on Practice and Theory in Public Key
Cryptography.  Institute for Infocomm Research.  March 1-4, 2004.
Sentosa, Singapore.  For more information: http://pkc2004.lit.org.sg.

A Summit on Healthcare Privacy and Data Security: HIPAA and Beyond.
Health Care Conference Administrators.  March 7-9, 2004.  Baltimore,
MD.  For more information: http://www.hipaasummit.com.

Securing Privacy in the Internet Age.  Stanford Law School.  March
13-14, 2004.  Palo Alto, CA.  For more information:
http://cyberlaw.stanford.edu/privacysymposium.

Sixth Annual National Freedom of Information Day Conference.  First
Amendment Center, in cooperation with the American Library
Association.  March 16, 2004.  Arlington, VA.  E-mail
foidayconference@freedomforum.org.

CFP2004: 14th Annual Conference on Computers, Freedom, and Privacy.
Association for Computing Machinery (ACM).  April 20-23, 2004.
Berkeley, CA.  For more information:  http://www.cfp2004.org.

2004 IEEE Symposium on Security and Privacy.  IIEEE Computer Society
Technical Committee on Security and Privacy, in cooperation with the
International Association for Cryptologic Research (IACR).  May 9-12,
2004. Oakland, CA.  For more information:
http://www.cs.berkeley.edu/~daw/oakland04-cfp.html.

International Conference on Data Privacy and Security in a Global
Society.  Wessex Institute.  May 11-13, 2004.  Skiathos, Greece.  For
more information:
http://www.wessex.ac.uk/conferences/2004/datasecurity04/index.html.

The Third Annual Workshop on Economics and Information Security.
University of Minnesota Digital Technology Center.  May 13-14, 2004.
Minneapolis, MN.  For more information:
http://www.dtc.umn.edu/weis2004.

Workshop on Privacy Enhancing Technologies.  University of Toronto.
May 26-28, 2004. Toronto, Canada.  For more information:
http://petworkshop.org/2004.

Access & Privacy Conference 2004: Sorting It Out.  Government Studies,
Faculty of Extension.  June 10-11, 2004.  University of Alberta.
Edmonton, Alberta, Canada.  For more information:
http://www.govsource.net/programs/iapp/conference/main.nclk.

O'Reilly Open Source Convention.  July 26-30, 2004.  Portland, OR. For
more information:  http://conferences.oreilly.com/oscon.

First Conference on Email and Anti-Spam.  American Association for
Artificial Intelligence and IEEE Technical Committee on Security and
Privacy.  July 30-31, 2004.  Mountain View, CA.  For more information:
http://www.ceas.cc.

Crypto 2004: The Twenty-Fourth Annual IACR Crypto Conference.
International Association for Cryptologic Research, IEEE Computer
Society Technical Committee on Security and Privacy, and the Computer
Science Department of the University of California, Santa Barbara.
Santa Barbara, CA. August 15-19, 2004.  For more information:
http://www.iacr.org/conferences/crypto2004.

======================================================================
Subscription Information
======================================================================

Subscribe/unsubscribe via Web interface:

       http://mailman.epic.org/cgi-bin/mailman/listinfo/epic_news

Subscribe/unsubscribe via e-mail:

       To: epic_news-request@mailman.epic.org
       Subject: "subscribe" or "unsubscribe" (no quotes)

Automated help with subscribing/unsubscribing:

       To: epic_news-request@mailman.epic.org
       Subject: "help" (no quotes)

Problems or questions? e-mail < info@epic.org >

Back issues are available at: http://www.epic.org/alert/

The EPIC Alert displays best in a fixed-width font, such as Courier.

======================================================================
Privacy Policy
======================================================================

The EPIC Alert mailing list is used only to mail the EPIC Alert and to
send notices about EPIC activities.  We do not sell, rent or share our
mailing list.  We also intend to challenge any subpoena or other legal
process seeking access to our mailing list.  We do not enhance (link
to other databases) our mailing list or require your actual name.

In the event you wish to subscribe or unsubscribe your e-mail address
from this list, please follow the above instructions under
"subscription information".  Please contact info@epic.org if you would
like to change your subscription e-mail address, if you are
experiencing subscription/unsubscription problems, or if you have any
other questions.

======================================================================
About EPIC
======================================================================

The Electronic Privacy Information Center is a public interest
research center in Washington, DC.  It was established in 1994 to
focus public attention on emerging privacy issues such as the Clipper
Chip, the Digital Telephony proposal, national ID cards, medical
record privacy, and the collection and sale of personal information.
EPIC publishes the EPIC Alert, pursues Freedom of Information Act
litigation, and conducts policy research.  For more information,
e-mail info@epic.org, http://www.epic.org or write EPIC, 1718
Connecticut Ave., NW, Suite 200, Washington, DC 20009. +1 202 483 1140
(tel), +1 202 483 1248 (fax).

If you'd like to support the work of the Electronic Privacy
Information Center, contributions are welcome and fully
tax-deductible.  Checks should be made out to "EPIC" and sent to 1718
Connecticut Ave., NW, Suite 200, Washington, DC 20009. Or you can
contribute online at:

       http://www.epic.org/donate/

Your contributions will help support Freedom of Information Act and
First Amendment litigation, strong and effective advocacy for the
right of privacy and efforts to oppose government regulation of
encryption and expanding wiretapping powers.

Thank you for your support.

---------------------- END EPIC Alert 11.02 ----------------------

.