EPIC logo

                             E P I C  A l e r t
Volume 11.04                                          February 25, 2004

                              Published by the
                Electronic Privacy Information Center (EPIC)
                              Washington, D.C.


Table of Contents

[1] Supreme Court Sides With Government on Privacy Act Damages
[2] Agencies Issue Reports on CAPPS II, JetBlue Disclosure
[3] EPIC Testifies on Medical Privacy and Banking
[4] EPIC Demands FBI Database Accuracy
[5] Courts Reject Business "Free Speech" Challenges to Privacy Law
[6] News in Brief
[7] EPIC Bookstore: The Patriot Act Game
[8] Upcoming Conferences and Events

[1] Supreme Court Sides With Government on Privacy Act Damages

The Supreme Court has ruled in a 6-3 decision that an individual must
prove he has suffered actual harm before he can receive a $1,000
minimum award guaranteed by law when the government wrongfully
discloses personal information.

The case, Doe v. Chao, arose from the Department of Labor's use of
miners' Social Security numbers to identify their black lung claims on
official agency documents, some of which were made public.  Several
miners sued the agency, arguing that they were entitled to $1,000
minimum damages from the government provided under the Privacy Act.
The United States District Court for the Western District of Virginia
found that only one miner, Buck Doe, was entitled to damages because
he had shown that he suffered sufficient emotional distress as a
result of the disclosure of his Social Security Number to be awarded
damages.  The United States Court of Appeals for the Fourth Circuit
disagreed, concluding that Doe was not entitled to damages under the
Privacy Act because he failed to show that any tangible harm resulted
from the disclosure of his Social Security Number.

EPIC collaborated with numerous consumer and privacy organizations,
legal scholars and technical experts to submit a "friend of the court"
brief to the Supreme Court on Doe's behalf, arguing that the Privacy
Act provides damages for those who suffer "adverse effects," which
does not require actual harm.  The brief pointed to the dangers of
Social Security Number disclosure, the tradition of providing similar
awards under other privacy laws, and the history of the Privacy Act to
show that actual harm is not necessary to recover the $1,000 award
under the Privacy Act.

The Supreme Court concluded, however, that an individual must prove
actual damages to receive the $1,000 award from the government.
Justice Souter (joined by the Chief Justice and Justices O'Connor,
Scalia, Thomas, and Kennedy) found that the most straightforward
reading of the Privacy Act supported the conclusion that an individual
must prove actual harm to collect minimum damages under the Privacy
Act, noting that it is unusual for a law not to require proof of harm
suffered before an individual is awarded of damages.

In a dissenting opinion, Justice Ginsburg (joined by Justices Stevens
and Breyer) argued that the majority's interpretation of the law
failed to take into account each word of the section of the Privacy
Act that provides for damages.  Justice Ginsburg pointed out that the
majority's decision is at odds with the Office of Management and
Budget's guidelines for interpreting the Privacy Act, which were
issued just six months after the law was passed.  She asserted that
the majority's holding encourages individuals to "arrange or
manufacture" actual damages, such as paying a fee to run a credit
report, in order to be allowed to recover the minimum $1,000 under the
Privacy Act.  She also noted that the Privacy Act's language is
similar to that of other federal laws that do not require proof of
actual harm for an individual to collect the minimum award provided
under the law. In a separate dissent, Justice Breyer found "no support
in any of the statute's basic purposes for the majority's restrictive
reading of the damages provision."

Doe v. Chao, Supreme Court Docket No. 02-1377:


EPIC's amicus brief filed in Doe v. Chao:

For more information about the case, see EPIC's Doe v. Chao Page:


[2] Agencies Issue Reports on CAPPS II, JetBlue Disclosure

Two recent agency reports have cast doubt on the future of the
Transportation Security Administration's controversial passenger
profiling system and detailed the agency's role in the transfer of
passenger information to a Defense Department contractor for use in a
data mining study.

The General Accounting Office has issued a report concluding that
numerous problems plague the TSA's Computer-Assisted Passenger
Prescreening System (CAPPS II).  The report found that TSA has not
adequately addressed seven of eight implementation and operational
concerns raised by Congress last year, including the accuracy of the
data relied on by the system; abuse prevention; overall privacy
concerns; and the redress process for people erroneously labeled as a
threats or targeted for additional scrutiny.

The GAO also expressed uneasiness about the evolution of CAPPS II's
stated purpose.  The program was initially intended to detect
terrorists and keep them off airplanes.  In August, however, TSA
announced that CAPPS II would also serve as a law enforcement tool to
identify individuals wanted for violent crimes.

In response to the report, the Department of Homeland Security, TSA's
parent agency, noted that CAPPS II is still under development, and
remarked that both national and international hurdles to deployment
and problem resolution were more complex than the report made clear.
The GAO responded that it stands by what it believes to be a fair and
accurate assessment of the program.

In related news, the Department of Homeland Security's Chief Privacy
Officer has released a report criticizing TSA's role in the
controversial transfer of JetBlue Airways passenger information to
Defense Department contractor Torch Concepts for use in a data mining
study.  The report finds that, "The TSA employees involved acted
without appropriate regard for individual privacy interests or the
spirit of the Privacy Act of 1974."

The report revealed that a TSA employee sent a written request to
JetBlue to ask that the airline provide passenger data to the
Department of Defense for use in a military base security project.
Acxiom Corporation, a data aggregation company, then actually
transferred the passenger information to Torch Concepts.  Later,
Acxiom sold Torch Concepts additional information on about 40 percent
of the JetBlue passengers whose information had already been
disclosed.  The report noted that "but for the involvement of a few
TSA officials in these events, the data would likely not have been
shared by jetBlue with the Department of Defense and its contractors."

In the wake of the Department of Homeland Security report, EPIC has
sent a letter to the Federal Trade Commission urging the agency to
sanction JetBlue and Acxiom for their disclosures of passenger
information.  In September, EPIC submitted a complaint to the Federal
Trade Commission alleging that JetBlue and Acxiom committed unfair and
deceptive trade practices by disclosing personal information to Torch
Concepts in violation of their publicly posted privacy policies.  The
agency has not announced whether any action has been taken in response
to the complaint.

The General Accounting Office's Report on CAPPS II:

The Homeland Security Privacy Office Report to the Public on Events
Surrounding the JetBlue Data Transfer:


EPIC's Letter to the FTC:


EPIC's Complaint Against JetBlue and Acxiom to the FTC:


For more information about air travel privacy, see EPIC's Passenger
Profiling Page:


[3] EPIC Testifies on Medical Privacy and Banking

On February 18, EPIC Senior Fellow Anna Slomovic testified on medical
privacy issues in banking transactions before the National Committee
on Vital and Health Statistics, the official advisory body to the
Secretary of Health and Human Services.  Dr. Slomovic discussed the
need to improve protection for health information as it moves through
the banking system.

Dr. Slomovic noted that the banking industry is seeking an exemption
from being designated a "covered entity" under the Health Insurance
Portability and Accountability Act (HIPAA) Privacy Rule even when
banks perform functions that fall under the definition of health care
clearinghouses.  Banks are also asking the Department of Health and
Human Services to rescind requirements for additional encryption when
protected health information flows through the banking transaction
network.  Dr. Slomovic stated that banks should not be exempt from the
full requirements of the Privacy Rule and that the requirement for
additional encryption should be maintained.

In related medical privacy news, a group of physicians and hospitals
has challenged Justice Department subpoenas for medical records of
women who have had abortions.  The Justice Department wants to examine
medical records as part of its defense of the Partial Birth Abortion
Ban Act of 2003, which is being challenged on the grounds that it
would prevent doctors from performing medically necessary abortions.

Two federal courts reached different conclusions about whether
hospitals must release records to the Justice Department.  U.S. Chief
District Judge Charles Kocoras of the Northern District of Illinois,
Eastern Division quashed the subpoenas on the grounds that Illinois
state law is more stringent than federal privacy protections and
prohibits the release of records in the circumstances described in the
subpoenas.  However, U.S. District Judge Richard Conway Casey of the
Southern District of New York ruled that records must be released and
that the release does not violate patient privacy if personal
information such as patient name, address and social security number
is blocked out.

Dr. Anna Slomovic's Testimony Before the National Committee on Vital
and Health Statistics:


National Abortion Federal v. Ashcroft, Northern District of Illinois,
Eastern Division, No. 04-C-55:


For more information about medical privacy protections, see EPIC's
Medical Privacy Page:


[4] EPIC Demands FBI Database Accuracy

In a recent letter to the Office of Management and Budget, EPIC has
urged the agency to require the Federal Bureau of Investigation to
follow legal accuracy obligations concerning the National Crime
Information Center, the nation's largest criminal record database.

The NCIC is the most extensive system of criminal history records in
the United States, containing information on more than 52 million
individuals and averaging 3.5 million transactions a day.  In March
2003, the FBI announced it would no longer follow Privacy Act
obligations for NCIC record accuracy, explaining that "it is
impossible to determine in advance what information is accurate,
relevant, timely and complete."

EPIC's letter asserted that the NCIC's inaccuracy threatens to
undermine the effectiveness of other government information technology
projects.  The United States Visitor and Immigrant Status Indicator
Technology (US-VISIT), recently launched at 115 airports and 15
seaports, uses information from NCIC and other sources to determine
whether visitors traveling to the United States will be permitted into
the country.  Furthermore, the Transportation Security Administration
has considered using NCIC information within the Computer Assisted
Passenger Prescreening System (CAPPS II) to determine whether
individuals may travel by air.

In addition, the FBI has recently expanded the NCIC to contain
information indicating whether a DNA profile of an individual exists
in the Combined DNA Index System Program, the FBI's DNA profile
database.  EPIC noted that the addition of new kinds of information to
the NCIC will only make the database's inaccurate problems worse.

In April 2003, nearly ninety organizations from across the United
States urged the OMB to reinstate NCIC accuracy requirements.  To
date, the agency has taken no action.

EPIC's Letter Urging Reinstatement of NCIC Accuracy Requirements:


April 2003 Letter From Nearly Ninety Organizations Urging
Reinstatement of NCIC Accuracy Requirements:

For more information about the NCIC, see EPIC's NCIC Page:


[5] Courts Reject Business "Free Speech" Challenges to Privacy Law

A Vermont Superior Court has upheld the state's opt-in financial
privacy regulation against a challenge brought by a group of insurance
companies.  The companies alleged that the state's regulation exceeded
government authority and infringed upon their First Amendment rights
to use personal information for marketing.  The court held that the
state did have authority to regulate privacy practices, noting that
financial companies have become "high volume traffickers of consumers'
intimate, personal information."  Relying upon recent cases that
rejected the claim that financial services companies have an unlimited
right to sell Social Security Numbers, the Vermont court held that the
opt-in regulation did not violate Constitutional norms.

The Vermont Attorney General submitted several affidavits discussing
the role of privacy protection in the financial services context.  In
one, an economic consultant retained by Vermont argued that the
insurance companies objecting to opt-in "are in essence simply voicing
their displeasure at seeing profit opportunities reduced because they
may find fewer customers whose private information they can sell."  He
also explained that an opt-out approach gives financial institutions
"a profit incentive to aid inertia as a force that reduces the
response rate by creating a confusing, hard-to-read form, by making it
difficult to respond, and by emphasizing the costs rather than the
benefits of opting out."

Indeed, the Vermont insurance companies created notices that were
difficult to read.  A readability expert hired by the state found in a
review of 168 privacy notices that they varied from "very difficult"
to "fairly difficult" to read based on the "Flesch Readability Index."
He concluded that the "privacy notices are not 'reasonably
understandable.'  They are difficult to read, requiring a high level
of reader skill, far higher than the average 7th grade reading level
of the U.S."

In a separate case, the U.S. Court of Appeals for the Tenth Circuit
has upheld the telemarketing Do-Not-Call Registry against challenges
brought by the telemarketing industry.  The telemarketers alleged that
the Registry infringed free speech rights and that the Federal Trade
Commission lacked the authority to create it.  The court rejected all
the claims and upheld the telemarketing regulations in their entirety:
"The national do-not-call registry offers consumers a tool with which
they can protect their homes against intrusions that Congress has
determined to be particularly invasive.  Just as a consumer can avoid
door-to-door peddlers by placing a 'No Solicitation' sign in his or
her front yard, the do-not-call registry lets consumers avoid unwanted
sales pitches that invade the home via telephone, if they choose to do
so.  We are convinced that the First Amendment does not prevent the
government from giving consumers this option."

American Council of Life Insurers v. Vermont Department of Banking,
Insurance, Securities and Healthcare Administration, Washington
Superior Court, No. 56-1-02:


The Affidavits and Memorandum in Support of the Vermont Opt-In
Regulation are available on the EPIC Gramm-Leach-Bliley Page:


Mainstream Marketing v. FTC, No. 03-1429 (10th Cir. 2004):


For more information about the Do-Not-Call Registry, see EPIC's
Do-Not-Call Registry Timeline Page:


[6] News in Brief


The United States Court of Appeals for the Fourth Circuit has ruled
that creditors must perform "reasonable" investigations after
receiving a customer dispute under the Fair Credit Reporting Act.  In
this case, MBNA America maintained a computerized customer information
system that reported that the plaintiff was responsible for $17,000 in
credit card charges.  The plaintiff had disputed the charges, but MBNA
continued to furnish information about the debt to credit reporting
agencies.  MBNA claimed that the FCRA only required a cursory review
of customer disputes, and that the company usually did not analyze
documents or any other information outside the computerized customer
information system.  The Fourth Circuit rejected MBNA's arguments and
let stand a $90,000 actual damage award to the plaintiff: "It would
make little sense to conclude that, in creating a system intended to
give consumers a means to dispute -- and, ultimately, correct --
inaccurate information on their credit reports, Congress used the term
'investigation' to include superficial, unreasonable inquiries by
creditors."  The case is likely to change dispute processes nationwide
by requiring creditors to more fully investigate consumers' claims
that incorrect information has been provided to a credit reporting

Linda Johnson v. MBNA America, No. 03-1235 (4th Cir. Feb. 11, 2004):


For more information about credit reporting and privacy, see EPIC's
Fair Credit Reporting Act Page:



Last week, an Assistant U.S. Attorney brought suit against the
Attorney General and others at the Justice Department for alleged
retaliation in response to the attorney's criticism of underfunding
and mismanagement of terrorism investigations.  After Congressional
inquiry into the Department's oversight, Richard Convertino, a 15-year
veteran federal prosecutor, was removed from a high-profile terrorism
case that he was spearheading and found himself at the center of an
internal investigation for misconduct.  Convertino alleges that in
retaliation for his cooperation with the Congressional inquiry, the
Department leaked to the press the name of a terrorist informant
instrumental to his case, and that this action constitutes a violation
of the Privacy Act.

Complaint in Convertino v. Dep't of Justice (D.D.C. 2004):


The Department of Homeland Security has launched the Protected
Critical Infrastructure Information Program, under which electric
utilities, chemical companies, railroads, and other private sector
companies can volunteer information on infrastructure vulnerabilities
in the United States.  Such companies manage an estimated 85 percent
of the nation's critical infrastructure.  All information volunteered
under the program will be withheld from the public under a
controversial exemption to the Freedom of Information Act that broadly
exempts from disclosure any information relating to security flaws and
other vulnerabilities in our critical infrastructures.  EPIC testified
against the exemption in Congressional hearings last year.

For more information about critical infrastructure, see EPIC's
Critical Infrastructure Protection Page:


[7] EPIC Bookstore: The Patriot Act Game

The Patriot Act Game, by Lisa Freeland and Steffi Domike.


In this issue of the EPIC Alert, we've extended our traditional book
review forum to another medium of civil liberties education:  the
game.  The Patriot Act Game, developed by a Pittsburgh public defender
and an artist,  was created to educate the public about the Act and
its implications as well as other laws post 9-11.

The game is full of clever references to post 9-11 developments.  For
instance, during the course of the game, the "homeland security threat
level" rises, each level indicated by the movement of a tiny
representation of a roll of duct tape.  The goal of the game is to get
every player to Freedom Corner before the homeland security threat
level reaches "Severe" and before the player who is secretly holding
the "Snitch" card turns everyone in to Attorney General John Ashcroft.
Players whose game pieces are black, brown or yellow are faced with
playing disadvantages in comparison to those who have the red, white,
or blue game pieces.  The currency of the game is the "freedom fry."
Along the way there are four sets of cards players may be instructed
to pick from, including "Protest," "Surveillance," "History," and
"Justice." Some cards send players to jail, where no visitors or
lawyers are allowed, and other cards set them free.

Most cards strive to place the USA PATRIOT Act in current and
historical perspective.  Many of the civil liberties lost since 9-11
are detailed in the "Surveillance" and "Justice" cards as well as in
the background information accompanying the instructions.  The game
illustrates how freedom has been undermined both through the USA
PATRIOT Act itself, as well as the resulting hysteria, terrorist
rhetoric, and racism that followed the 9-11 attacks.  Some of the
injustices cited include arrests, detentions and deportations,
including patterns of abuse involving specific races and ethnicities.
They include increasing surveillance, profiling in job searches,
restriction of commercial licenses, obstruction of speech in protests,
and surveillance of book reading and art on dorm room walls.

Not only does the game educate players on aspects of the USA PATRIOT
Act and the decline of civil liberties, it also encourages players to
analyze the importance of free speech.  "History" and "Protest" cards
detail historical figures that attempted to speak out against various
systems of power.  They highlight individuals and organizations
throughout the world that questioned governmental and commercial
policies and worked in the name of freedom and human rights.  Above
the figure's name and description of the speech is the line, "Hero or
Terrorist?"  It calls attention to the way the term "terrorist" is
thrown around freely these days to denigrate opponents.  For example,
just this week U.S. Education Secretary Rod Paige stated that the
National Education Association, the nation's largest teachers' union,
is a terrorist organization.

Game creators Lisa Freeland and Steffi Domike have succeeded in
creating a tool with which to educate the public on matters of great
importance and one which allows players to have fun at the same time.
The only negative aspect is the time required upon receipt of the game
to pull apart the cards and the freedom fries, all of which come
attached on perforated sheets.

Information and games are available at www.gotrights.net, or by
contacting gotrights.net at thepatriotactgame@earthlink.net, or at
P.O. Box 81612, Pittsburgh, PA 15217.  It is available for sale at a
price of $25 for an individual game or for less if purchased in bulk

- Frannie Wellings


EPIC Publications:

"The Privacy Law Sourcebook 2003: United States Law, International
Law, and Recent Developments," Marc Rotenberg, editor (EPIC 2003).
Price: $40. http://www.epic.org/bookstore/pls2003/

The "Physicians Desk Reference of the privacy world."  An invaluable
resource for students, attorneys, researchers and journalists who need
an up-to-date collection of U.S. and International privacy law, as
well as a comprehensive listing of privacy resources.


"FOIA 2002: Litigation Under the Federal Open Government Laws," Harry
Hammitt, David Sobel and Mark Zaid, editors (EPIC 2002). Price: $40.

This is the standard reference work covering all aspects of the
Freedom of Information Act, the Privacy Act, the Government in the
Sunshine Act, and the Federal Advisory Committee Act.  The 21st
edition fully updates the manual that lawyers, journalists and
researchers have relied on for more than 25 years.  For those who
litigate open government cases (or need to learn how to litigate
them), this is an essential reference manual.


"Privacy & Human Rights 2003: An International Survey of Privacy Laws
and Developments" (EPIC 2002). Price: $35.

This survey, by EPIC and Privacy International, reviews the state of
privacy in over fifty-five countries around the world.  The survey
examines a wide range of privacy issues including data protection,
passenger profiling, genetic databases, video surveillance, ID systems
and freedom of information laws.


"Filters and Freedom 2.0: Free Speech Perspectives on Internet Content
Controls" (EPIC 2001). Price: $20.

A collection of essays, studies, and critiques of Internet content
filtering.  These papers are instrumental in explaining why filtering
threatens free expression.


"The Consumer Law Sourcebook 2000: Electronic Commerce and the Global
Economy," Sarah Andrews, editor (EPIC 2000). Price: $40.

The Consumer Law Sourcebook provides a basic set of materials for
consumers, policy makers, practitioners and researchers who are
interested in the emerging field of electronic commerce.  The focus is
on framework legislation that articulates basic rights for consumers
and the basic responsibilities for businesses in the online economy.


"Cryptography and Liberty 2000: An International Survey of Encryption
Policy," Wayne Madsen and David Banisar, authors (EPIC 2000). Price:
$20.  http://www.epic.org/bookstore/crypto00&/

EPIC's third survey of encryption policies around the world.  The
results indicate that the efforts to reduce export controls on strong
encryption products have largely succeeded, although several
governments are gaining new powers to combat the perceived threats of
encryption to law enforcement.


EPIC publications and other books on privacy, open government, free
expression, crypto and governance can be ordered at:

          EPIC Bookstore

          "EPIC Bookshelf" at Powell's Books

[8] Upcoming Conferences and Events

Third Conference on Privacy and Public Access to Court Records.
Courtroom 21 Project.  February 27-28, 2004.  Williamsburg, VA.  For
more information: http://www.courtroom21.net.

PKC 2004: International Workshop on Practice and Theory in Public Key
Cryptography.  Institute for Infocomm Research.  March 1-4, 2004.
Sentosa, Singapore.  For more information: http://pkc2004.lit.org.sg.

A Summit on Healthcare Privacy and Data Security: HIPAA and Beyond.
Health Care Conference Administrators.  March 7-9, 2004.  Baltimore,
MD.  For more information: http://www.hipaasummit.com.

Securing Privacy in the Internet Age.  Stanford Law School.  March
13-14, 2004.  Palo Alto, CA.  For more information:

Sixth Annual National Freedom of Information Day Conference.  First
Amendment Center, in cooperation with the American Library
Association.  March 16, 2004.  Arlington, VA.  E-mail

Workshop: Monitoring Software on Your PC: Spyware, Adware, and Other
Software.  Federal Trade Commission.  April 19, 2004.  Washington, DC.
For more information: http://www.ftc.gov/opa/2004/02/spyware.htm.

CFP2004: 14th Annual Conference on Computers, Freedom, and Privacy.
Association for Computing Machinery (ACM).  April 20-23, 2004.
Berkeley, CA.  For more information: http://www.cfp2004.org.

2004 IEEE Symposium on Security and Privacy.  IIEEE Computer Society
Technical Committee on Security and Privacy, in cooperation with the
International Association for Cryptologic Research (IACR).  May 9-12,
2004. Oakland, CA.  For more information:

International Conference on Data Privacy and Security in a Global
Society.  Wessex Institute.  May 11-13, 2004.  Skiathos, Greece.  For
more information:

The Third Annual Workshop on Economics and Information Security.
University of Minnesota Digital Technology Center.  May 13-14, 2004.
Minneapolis, MN.  For more information:

Workshop on Privacy Enhancing Technologies.  University of Toronto.
May 26-28, 2004. Toronto, Canada.  For more information:

Access & Privacy Conference 2004: Sorting It Out.  Government Studies,
Faculty of Extension.  June 10-11, 2004.  University of Alberta.
Edmonton, Alberta, Canada.  For more information:

O'Reilly Open Source Convention.  July 26-30, 2004.  Portland, OR. For
more information: http://conferences.oreilly.com/oscon.

First Conference on Email and Anti-Spam.  American Association for
Artificial Intelligence and IEEE Technical Committee on Security and
Privacy.  July 30-31, 2004.  Mountain View, CA.  For more information:

Crypto 2004: The Twenty-Fourth Annual IACR Crypto Conference.
International Association for Cryptologic Research, IEEE Computer
Society Technical Committee on Security and Privacy, and the Computer
Science Department of the University of California, Santa Barbara.
Santa Barbara, CA. August 15-19, 2004.  For more information:

2004 Telecommunications Policy Research Conference.  National Center
for Technology & Law, George Mason University School of Law.  October
1-3, 2004.  Arlington, VA.  For more information:

Subscription Information

Subscribe/unsubscribe via Web interface:


Subscribe/unsubscribe via e-mail:

         To: epic_news-request@mailman.epic.org
         Subject: "subscribe" or "unsubscribe" (no quotes)

Automated help with subscribing/unsubscribing:

         To: epic_news-request@mailman.epic.org
         Subject: "help" (no quotes)

Problems or questions? e-mail < info@epic.org >

Back issues are available at: http://www.epic.org/alert/

The EPIC Alert displays best in a fixed-width font, such as Courier.

Privacy Policy

The EPIC Alert mailing list is used only to mail the EPIC Alert and to
send notices about EPIC activities.  We do not sell, rent or share our
mailing list.  We also intend to challenge any subpoena or other legal
process seeking access to our mailing list.  We do not enhance (link
to other databases) our mailing list or require your actual name.

In the event you wish to subscribe or unsubscribe your e-mail address
from this list, please follow the above instructions under
"subscription information".  Please contact info@epic.org if you would
like to change your subscription e-mail address, if you are
experiencing subscription/unsubscription problems, or if you have any
other questions.

About EPIC

The Electronic Privacy Information Center is a public interest
research center in Washington, DC.  It was established in 1994 to
focus public attention on emerging privacy issues such as the Clipper
Chip, the Digital Telephony proposal, national ID cards, medical
record privacy, and the collection and sale of personal information.
EPIC publishes the EPIC Alert, pursues Freedom of Information Act
litigation, and conducts policy research.  For more information,
e-mail info@epic.org, http://www.epic.org or write EPIC, 1718
Connecticut Ave., NW, Suite 200, Washington, DC 20009. +1 202 483 1140
(tel), +1 202 483 1248 (fax).

If you'd like to support the work of the Electronic Privacy
Information Center, contributions are welcome and fully
tax-deductible.  Checks should be made out to "EPIC" and sent to 1718
Connecticut Ave., NW, Suite 200, Washington, DC 20009. Or you can
contribute online at:


Your contributions will help support Freedom of Information Act and
First Amendment litigation, strong and effective advocacy for the
right of privacy and efforts to oppose government regulation of
encryption and expanding wiretapping powers.

Thank you for your support.

---------------------- END EPIC Alert 11.04 ----------------------