EPIC logo

                              E P I C  A l e r t
Volume 11.05                                              March 9, 2004

                               Published by the
                 Electronic Privacy Information Center (EPIC)
                               Washington, D.C.


Table of Contents

[1] EPIC Files Brief in National DNA Database Case
[2] International Privacy Framework Almost Final
[3] EPIC Replies to Northwest's Defense of Privacy Policy Breach
[4] Electronic Voting Problems Plague Super Tuesday
[5] Gov't Seeks Public Comment on Important Privacy Regulations
[6] News in Brief
[7] EPIC Bookstore: Beyond Genetics
[8] Upcoming Conferences and Events

[1] EPIC Files Brief in National DNA Database Case

EPIC has filed an amicus brief in United States v. Kincade, a case in
which a parolee is challenging a federal law that requires the
production of a DNA sample for a national database operated by the
Department of Justice.  EPIC's brief agrees that a forced DNA
extraction violates an individual's right against unlawful search and
seizure in absence of suspicion that the individual has committed
another crime.

The DNA Analysis Backlog Elimination Act of 2000 provides that the
government may take DNA samples from individuals in federal custody
and parolees who have committed a qualifying offense.  There is no
requirement that the government take the DNA only in connection with a
specific criminal investigation, or that the government suspect that
the individual will commit a crime in the future.  Anyone failing to
cooperate with the DNA extraction is guilty of a class A misdemeanor
and may be imprisoned.

The DNA database, known as the Combined DNA Index System or CODIS,
includes DNA samples from persons convicted of crimes, crime victims,
and unknown DNA from crime scenes.  It operates on federal, state and
local levels.  The government argues that the database is instrumental
in solving future crimes and DNA extractions are no more invasive than

EPIC's argument focuses on the false notion that DNA and
fingerprinting involve the same privacy concerns.  While a fingerprint
merely indicates whether an individual has been in a specific
location, DNA can reveal health, gender, and familial information,
EPIC asserts.  Furthermore, because members of the same family have
similar DNA patterns, an individual's DNA profile may indirectly
implicate a relative.  Moreover, EPIC points out, there is no uniform
storage policy for DNA samples; rather, each state has a different
policy.  Not only could samples end up in the hands of researchers,
but international cooperation among law enforcement agencies has
opened CODIS up to other governments.

After a three-judge panel sided with Mr. Kincade last year (2-1), the
government appealed and the Ninth Circuit granted a request for a
full-panel rehearing of the case.  Oral arguments will be heard by the
appellate court in late March.

EPIC's amicus brief in United States v. Kincade:


For more information about genetic privacy, see EPIC's Genetic Privacy


[2] International Privacy Framework Almost Final

The near final version of privacy guidelines was discussed at a recent
meeting of government representatives in the context of the
Asia-Pacific Economic Cooperation (APEC).  In 2003, the 21 countries
composing APEC began drafting a privacy framework modeled after the
1980 Organization for Economic Cooperation and Development (OECD)
Privacy Guidelines.  The non-binding instrument is aimed at
facilitating the flows of individuals' personal information among APEC
member states while protecting individuals' privacy interests.  It
acknowledges the importance of privacy guidelines as a tool to promote
effective information privacy protection together with the free flow
of information in the Asia Pacific Region in order to improve consumer
confidence and ensure the growth of electronic commerce.  Before the
recent release, the process had been kept secret, limited to
consultations with government agencies, and in a few countries
(including the United States), with business, legal professional and
privacy groups.

The APEC Privacy Framework acknowledges that it holds the potential to
increase the flow of personal information among APEC trading countries
if it can increase individuals' confidence in electronic commerce and
in the international transfer of their personal information.  The
instrument recognizes that confidence could increase if individuals'
privacy interests are adequately protected.  The current version of
the Framework contains nine privacy principles (Preventing Harm;
Notice; Collection Limitation; Uses of Personal Information; Choice;
Integrity of Personal Information; Security Safeguards; Access and
Correction; and Accountability).  While similar to the 1980 OECD
Privacy Guidelines, some of the principles further weaken them by
diluting the substance of individuals' privacy protections.  As an
example, a new Preventing Harm Principle is treated as equal to other
privacy principles even though its purpose might provide opportunities
for wholesale exemptions from the other principles.  The Choice and
Notice principles are similarly weakened by allowing companies not to
notify and provide for clear explanations to individuals about their
collection, use and disclosure practices when they use information
that is publicly available about them.  Although strong, the Access
and Correction Principle is nevertheless severely limited by an
exemption that provides that information should not be disclosed due
to legal or commercial proprietary reasons, thereby leaving the door
open to potential abuses.  Some principles, however, go beyond the
OECD Guidelines, as in the case of the Purpose Specification principle
(called Uses of Personal Information in the APEC Framework).

Although non-binding, the instrument could serve as guidelines that
enable multinational companies which collect, process and disclose
customers and consumers' personal information to develop and implement
uniform internal mechanisms or codes of conduct to adequately protect
their privacy.  It could also foster the emergence of data protection
laws in APEC countries without legal regimes in place.  As such, this
development may constitute a significant step in the attempt by many
countries to develop new guidelines or laws to regulate international
transfers of personal information.  It could also, however, trigger
future trade disputes between APEC countries and the European Union if
both economic entities' rules governing international data transfers
were to diverge and therefore limit information flows or make them
more burdensome.

More consultations between governments and other stakeholders have to
take place in the coming months on the final form of the Framework.
The public is therefore invited to comment on the current draft of the
APEC Privacy Framework.  Any member of the public interested in having
a copy of the latest draft of the APEC Privacy Framework and in making
comments can do so by e-mailing Ms. Arrow Augerot at the Department of
Commerce (arrow_augerot@ita.doc.gov).

More information about APEC meeting documents will soon be available


For more information about international privacy, see EPIC's
International Privacy Standards Page:


[3] EPIC Replies to Northwest's Defense of Privacy Policy Breach

EPIC has filed a reply to Northwest Airlines' attempt to justify its
disclosure of millions of passenger records to the federal government
in violation of the airline's publicly posted privacy policy, which
the airline called "an appropriate instance of industry and government

Northwest's defense came in response to a complaint EPIC filed in
January with the Department of Transportation arguing that the airline
committed an unfair and deceptive trade practice when it disclosed
millions of passenger records to the government.  (See EPIC Alert
11.02.) Northwest claimed that its disclosure was "entirely
appropriate" because September 11 diminished "whatever minimal
expectation of privacy in air travel [that] existed before." 
Furthermore, Northwest argued, it did not violate any express
assurance made in its privacy policy, and so did not commit an unfair
or deceptive trade practice.

EPIC's reply asserts that Northwest should not cite the events of 9/11
as an excuse for being dishonest with passengers about what the
airline does with their personal information.  EPIC notes that the
Department of Transportation has a responsibility to enforce
representations that airlines make to consumers regarding use of
passengers' personal information, and has told the European Union that
it will exercise this enforcement authority aggressively.

EPIC emphasizes that Northwest assured consumers who provided personal
information through the airline's website that they had "complete
control" over the use of that information.  At no time did Northwest
tell passengers that it would disclose personal information to the
government without the knowledge or consent of those passengers,
despite the fact that the airline expressly and specifically disclosed
other uses of passenger information in its privacy policy.
Furthermore, after it came to light that JetBlue Airways disclosed
passenger information to a Defense Department contractor, a spokesman
for Northwest and the airline's CEO assured the public that Northwest
would not make such disclosures.  For these reasons, EPIC argues, the
Transportation Department should investigate the airline's privacy
practices and impose appropriate penalties for unfair and deceptive
trade practices.

EPIC's Reply:


Northwest's Answer:


EPIC's Complaint to the Department of Transportation:


For more information about air travel privacy, see EPIC's Passenger
Profiling Page:


[4] Electronic Voting Problems Plague Super Tuesday

Early post-March 2 primary election reports offered positive feedback
on the functioning of electronic voting technology with only brief
mentions of "glitches."  However, later reports detailed problems with
electronic voting technology including, but not limited to,
malfunctions in booting up machines; system server card failures that
resulted in hours of delays in getting final vote totals; problems in
programming the smart cards used by voters to cast their ballots; and
power fluctuations that caused mechanical malfunctions in electronic
voting machines.  The reports from Super Tuesday are consistent with
reports on the use of electronic voting technology from the 2002
primary election season.

In Orange County, CA, approximately 7,000 voters where given incorrect
computer access codes by poll workers unfamiliar with how the
district's electronic voting technology worked, resulting in voters
receiving wrong ballots.  Voting technology in some Orange County
precincts recorded more votes than voters, and other precincts
reported lower voter turnouts than usual.  As a result of these
problems, five of the county's six congressional races, four of its
five state Senate elections and five of its nine Assembly contests
were affected.  Voting delays in Alameda and San Diego counties
prompted the San Diego and Imperial Counties' chapter of the American
Civil Liberties Union to request a review by a panel of experts,
community leaders, and county elections administrators of problems
with electronic voting technology experienced in their localities.

Other states also encountered complications with electronic voting
technology.  In Maryland, one polling place switched to paper ballots
when its new electronic voting machines did not work.  Paper ballots
also came in handy at a Georgia polling place when it was discovered
that county officials had forgotten to program the encoding devices
used to program access cards used by voters to cast ballots.

These descriptions of problems with electronic voting machines raise
questions about how the technology passed federal and state
certification.  The machines used in the Super Tuesday elections did
pass one or more technical accreditation processes required by old
federal and state review statutes.  These same machines were later
found to have serious security flaws by several independent security

The Help America Vote Act, passed in 2002, was enacted to resolve many
problems highlighted by the 2000 Florida General Election, one of
which is the technical review of voting machines.  The law places the
development of standards for electronic voting technology under the
direction of the new U.S. Elections Assistance Commission.  The law
also designates the National Institute of Standards and Technology,
under the direction of the new commission, to lead the effort to
provide tighter security review and standards development for the
manufacture and acquisition of electronic voting technology for use in
elections.  The institute, which has a long history in standards work,
was designated to assist in developing tighter security standard for
voting technology used in U.S. elections. However, it received no
funding in the 2004 fiscal year for work on electronic voting security
and standards development.

 For more information about electronic voting, see EPIC's Voting Page:

National Committee for Voting Integrity:

California voters on their Election Day experience:


The Help America Vote Act is available at:




[5] Gov't Seeks Public Comment on Important Privacy Regulations

Federal government agencies are soliciting public comment on a number
of important privacy issues.  The Federal Trade Commission has
announced a workshop on "Monitoring Software on Your PC: Spyware,
Adware, and Other Software," to be held on April 19, 2004.  Any member
of the public may submit comments on these technologies by sending
e-mail to spywareworkshop2004@ftc.gov by March 19, 2004.  Separately,
legislation to limit spyware has been introduced in the Senate by
Senators Burns (R-MT), Wyden (D-OR) and Boxer (D-CA).  In the House,
Representatives Bono (D-CA) and Towns (D-NY) have been perfecting H.R.
2929, the Safeguard Against Privacy Invasions Act.

Several agencies are soliciting comments on "short privacy notices"
under the Gramm-Leach-Bliley Act.  These are alternative notices that
seek to inform individuals of financial services institutions' privacy
policies in plain language.  The agencies are primarily considering
whether to develop a model short notice for financial services
institutions to use.  Any member of the public may submit comments on
proposed form or content of these short notices by sending e-mail to
regs.comments@occ.treas.gov by March 29, 2004.

The Department of the Treasury is seeking public comment on the use of
biometrics to combat identity theft.  EPIC testified before Congress
in July 2002 that biometrics would not solve the identity theft
problem, and would pose new security and privacy risks.  EPIC further
commented that less invasive and costly policy alternatives, including
limiting the use of the Social Security Number, could combat identity
theft effectively.  Any member of the public may submit comments by
sending e-mail to factabiometricstudy@do.treas.gov by April 1, 2004.

FTC Public Workshop: Monitoring Software on Your PC: Spyware, Adware,
and Other Software:


S. 2145, Software Principles Yielding Better Levels of Consumer
Knowledge Act:


H.R. 2929, Safeguard Against Privacy Invasions Act:


Interagency Proposal to Consider Alternative Forms of Privacy Notices
Under the Gramm-Leach-Bliley Act:


Public Comment on Formulating and Conducting a Study on the Use of
Biometrics and Other Similar Technologies to Combat Identity Theft:


EPIC's Testimony on Biometrics and Identity Theft is available at:


[6] News in Brief


On March 8, EPIC filed comments with the U.S. Department of Commerce,
urging the deployment and use of strong privacy protecting
technologies in IPv6.  IPv6 is the protocol that is designed to
replace the current network protocol in use on the Internet.  IPv6
also promises to extend the Internet into more areas, through support
for mobile devices.  Because of this potential new reach of the
Internet and vulnerabilities in the existing protocol, the IPv6
protocol includes privacy and security enhancing features such as
encryption.  EPIC recommended that all IPv6 vendors incorporate such
privacy protections as standard.  EPIC also said that the privacy and
security features within IPv6 should not be compromised with
vulnerabilities by the application of the Communications Assistance to
Law Enforcement Act which would threaten both the security of network
communications and the stability of the network architecture.

EPIC Comments on IPv6:


NTIA Request for Comments on IPv6:



EPIC has added a webpage on privacy of diplomatic communications to
its website.  The page was created in response to the recent
revelation that United Nations Secretary General Kofi Annan's
telephone communications and private conversations were bugged by the
U.S. National Security Agency and the British Government
Communications Headquarters.  Other United Nations officials, as well
as ambassadors to the United Nations, have reported similar
eavesdropping by American and British intelligence agencies against
them and their countries.

EPIC's new Diplomatic Communications Page is available at:



EPIC has joined an international coalition of civil liberties and
consumer groups to oppose the European Union Intellectual Property
Rights Enforcement Directive.  The directive would create a new "Right
of Information" that allows rightsholders to obtain personal
information on users of P2P file-sharing software, possibly without
judicial review.  The proposal would require Internet Service
Providers, phone and cable companies, and other third party
intermediaries to turn over personal information about their
customers, even before there has been a finding of intellectual
property infringement or an opportunity for the customer to be heard.
The Directive has been rushed through public debate and was sent to
the European Parliament without adequate opportunity for comments from
the public and stakeholders.  The coalition's call for action urges
the directive proposal to go through a "Second Reading" procedure
where its provisions can be publicly considered.

European Digital Rights (EDRi) Press Release on the Coalition:



The Wall Street Journal reported last week that information broker
Acxiom has acquired a number of international data companies.  Acxiom
agreed to buy consumer lifestyle database operations covering England,
France, Spain and Germany from Seat Pagine Gialle SpA for $37.5
million.  Earlier in the year, Acxiom acquired the "Claritas marketing
information operations based in England, France, Germany, The
Netherlands, Spain, Portugal and Poland, from Dutch marketing and
media research giant VNU NV."  The purchases raise the risk that
Acxiom could become a major provider of international data to the
government.  Last month, EPIC acquired a document under the Freedom of
Information Act from the Department of Defense office that was
creating "Total Information Awareness" (see EPIC Alert 11.03).  It
read in part:  "Ultimately, the US may need huge databases of
commercial transactions that cover the world or certain areas outside
the US.  This information provides economic utility, and thus provides
two reasons why foreign countries would be interested.  Acxiom could
build this mega-scale database."

Wall Street Journal Article on Acxiom:


DARPA E-mail obtained by EPIC under the Freedom of Information Act:



Reeling from an onslaught of criticism by privacy groups, the German
company Metro AG is scaling back its ambitious plans to start using
radio frequency identification chips in various aspects of its Extra
Future Store.  The Extra Future Store is an initiative by a consortium
of technology providers and the food giant.  It was fashioned to test
the latest technology in the retail environment.  The supermarket had
hoped to use the tracking system to verify ages of customers so that
DVD trailers could be tailored accordingly.

Metro Group Future Store Initiative:


For more information about radio frequency identification systems, see


The General Accounting Office has released a report evaluating trends
in annual Freedom of Information Act reports issued by 25 agencies
from 2000 to 2002.  Congress' investigative office found that from
2000 to 2002, the agencies received and processed an increasing number
of FOIA requests, granted or partially granted a greater number of
requests each year, and decreased backlogs of requests remaining at
the end of each year.  The report also showed that the number of FOIA
requests denied decreased drastically between 2001 and 2002.  Nineteen
agencies reported processing expedited requests between 2000 and 2002.
The report noted that the Department of Justice took more than 100
days to process some "expedited" requests during each of the three
years examined.

General Accounting Office, Information Management:  Update on Freedom
of Information Act Implementation Status (February 2004):


Highlights of the Report:

[7] EPIC Bookstore: Beyond Genetics

Beyond Genetics:  Putting the Power of DNA to Work In Your Life, by
Glenn McGee (William Morrow, 2003).


DNA technology will transform our lives in the 21st Century the way
computer technology transformed lives in the 20th Century, asserts
Professor Glenn McGee, Associate Director for Education at the Center
for Bioethics at the University of Pennsylvania Medical School.  In
his vision of the future, "it is likely that within three years I can
have a portable DNA representation of 'me.'  The digitization of my
genes will do for genetics what the digitization of music did for
entertainment.  I will be able to e-mail my genes, to sell them on
eBay, to use them as the basis for art and to have them analyzed on
the fly on my PalmPilot.  The potential for portable, wireless,
commodified genomic information is staggering, and the ethical
implications cry out for discussion in a public forum."

Professor McGee's book, Beyond Genetics, explores profound ethical and
philosophical questions raised by advances in genetics.  Should we
take a particular genetic test when genetic testing becomes more
accurate, less expensive and more accessible?  How much should we tell
others about our genes?  Can we tell the difference between gene
therapy that might be helpful and gene research that might do more
harm than good? Should we risk eating genetically modified food or
insist on food that has been produced by traditional means?  Should
companies be permitted to patent, buy and sell our personal genetic
information?  Should we plan our future or our children's future based
on genetic potential?  To what extent should we be able to control the
genetic characteristics of our unborn children?

Most ethical questions in genetics involve privacy issues.  Genetic
tests provide information not only about the individual being tested,
but also about the individual's biological relatives, who may feel
that their privacy is being violated.  Telling others about one's
genes involves disclosure of highly personal information with
consequences that may not be predictable.  Research that might result
in better drugs or more effective therapies involves large genetic
databases that link genetic information with medical histories and
lifestyle information, creating a possibility of detailed individual
profiles.  Using drugs designed for our specific gene set may result
in disclosing not only the condition for which the drug is being used,
but other predispositions and characteristics responsible for our
choice of that particular drug.

The issues are complicated because science is ahead of our thinking
about its legal and ethical implications.  For example, learned
commissions in different countries have recommended that DNA databanks
should be specially regulated, at least in part because of the concern
about the violations of individual privacy that might result from
unauthorized access to genetic material.  Yet blood and tissue banks
that can serve as sources for DNA have existed for decades and
continue to exist without being clouded by such worries.  According to
Professor McGee, commissions, public hearings and "expert genetics"
show society's failure to acknowledge that biotechnology has already
shifted from basic science to a commercial undertaking and that
companies will to a large extent control future development of
biotechnology.  According to him, the next generation of young people
will be as comfortable with "geneware" -- software and hardware to
manipulate DNA -- as today's young people are with computer technology
and will see many of today's concerns as a reflection of our fear of
what we do not understand.

The parallel between genetics and computer technology provides a
picture of future genetic privacy that is not reassuring.  We are only
now beginning to realize the full implications of large computerized
databases of personal information collected by private companies
without regulation.  These companies claim to own information about us
and claim the right to analyze, sell and use that information without
our knowledge and often for purposes we do not approve.  Is this
really how we want our genetic future to look?  As Professor McGee
points out, ethical and moral implications of genetic technology cry
out for discussion in a public forum.  Privacy implications of genetic
technology should be a major topic of such discussions.  Beyond
Genetics provides an interesting, if sometimes irreverent,
contribution to this debate.

-- Anna Slomovic


EPIC Publications:

"The Privacy Law Sourcebook 2003: United States Law, International
Law, and Recent Developments," Marc Rotenberg, editor (EPIC 2003).
Price: $40. http://www.epic.org/bookstore/pls2003/

The "Physicians Desk Reference of the privacy world."  An invaluable
resource for students, attorneys, researchers and journalists who need
an up-to-date collection of U.S. and International privacy law, as
well as a comprehensive listing of privacy resources.

"FOIA 2002: Litigation Under the Federal Open Government Laws," Harry
Hammitt, David Sobel and Mark Zaid, editors (EPIC 2002). Price: $40.

This is the standard reference work covering all aspects of the
Freedom of Information Act, the Privacy Act, the Government in the
Sunshine Act, and the Federal Advisory Committee Act.  The 21st
edition fully updates the manual that lawyers, journalists and
researchers have relied on for more than 25 years.  For those who
litigate open government cases (or need to learn how to litigate
them), this is an essential reference manual.

"Privacy & Human Rights 2003: An International Survey of Privacy Laws
and Developments" (EPIC 2002). Price: $35.

This survey, by EPIC and Privacy International, reviews the state of
privacy in over fifty-five countries around the world.  The survey
examines a wide range of privacy issues including data protection,
passenger profiling, genetic databases, video surveillance, ID systems
and freedom of information laws.

"Filters and Freedom 2.0: Free Speech Perspectives on Internet Content
Controls" (EPIC 2001). Price: $20.

A collection of essays, studies, and critiques of Internet content
filtering.  These papers are instrumental in explaining why filtering
threatens free expression.

"The Consumer Law Sourcebook 2000: Electronic Commerce and the Global
Economy," Sarah Andrews, editor (EPIC 2000). Price: $40.

The Consumer Law Sourcebook provides a basic set of materials for
consumers, policy makers, practitioners and researchers who are
interested in the emerging field of electronic commerce.  The focus is
on framework legislation that articulates basic rights for consumers
and the basic responsibilities for businesses in the online economy.

"Cryptography and Liberty 2000: An International Survey of Encryption
Policy," Wayne Madsen and David Banisar, authors (EPIC 2000). Price:
$20.  http://www.epic.org/bookstore/crypto00&/

EPIC's third survey of encryption policies around the world.  The
results indicate that the efforts to reduce export controls on strong
encryption products have largely succeeded, although several
governments are gaining new powers to combat the perceived threats of
encryption to law enforcement.

EPIC publications and other books on privacy, open government, free
expression, crypto and governance can be ordered at:

     EPIC Bookstore 

     "EPIC Bookshelf" at Powell's Books

[8] Upcoming Conferences and Events

Securing Privacy in the Internet Age.  Stanford Law School.  March
13-14, 2004.  Palo Alto, CA.  For more information:

DIMACS/PORTIA Workshop on Privacy-Preserving Data Mining.  Center for
Discrete Mathematics & Theoretical Computer Science and the PORTIA
Project.  Piscataway, NJ.  March 15-16, 2004.  For more information:

Sixth Annual National Freedom of Information Day Conference.  First
Amendment Center, in cooperation with the American Library
Association.  March 16, 2004.  Arlington, VA.  E-mail

Internet Commons Congress.  Inflexion Communications and New Yorkers
for Fair Use.  March 24-25, 2004.  Washington, DC.  For more
information:  http://www.internationalunity.org.

FRAMED!! How Law Constructs and Constrains Culture.  The Center for
the Study of the Public Domain at Duke Law School.  April 2, 2004.
Durham, NC.  For more information:

Debate on Domestic Spying with EPIC's Marc Rotenberg and Former Deputy
Attorney General Victoria Toensing.  Justice Talking.  April 12, 2004.
Philadelphia, PA.  For more information:

Workshop: Monitoring Software on Your PC: Spyware, Adware, and Other
Software.  Federal Trade Commission.  April 19, 2004.  Washington, DC.
For more information: http://www.ftc.gov/opa/2004/02/spyware.htm.

CFP2004: 14th Annual Conference on Computers, Freedom, and Privacy.
Association for Computing Machinery (ACM).  April 20-23, 2004.
Berkeley, CA.  For more information: http://www.cfp2004.org.

29th Annual AAAS Colloquium on Science and Technology Policy.
American Association for the Advancement of Science.  April 22-23,
2004. Washington, DC.  For more information:

2004 IEEE Symposium on Security and Privacy.  IEEE Computer Society
Technical Committee on Security and Privacy, in cooperation with the
International Association for Cryptologic Research (IACR).  May 9-12,
2004. Oakland, CA.  For more information:

International Conference on Data Privacy and Security in a Global
Society.  Wessex Institute.  May 11-13, 2004.  Skiathos, Greece.  For
more information:

The Third Annual Workshop on Economics and Information Security.
University of Minnesota Digital Technology Center.  May 13-14, 2004.
Minneapolis, MN.  For more information:

Workshop on Privacy Enhancing Technologies.  University of Toronto.
May 26-28, 2004. Toronto, Canada.  For more information:

RSA Conference 2004.  RSA Security.  May 31-June 1, 2004.  Tokyo,
Japan.  For more information:

Fifth Annual Institute on Privacy Law:  New Developments & Compliance
Issues in a Security-Conscious World.  Practising Law Institute.  June
7-8, 2004.  San Francisco, CA.  For more information:

TRUSTe Symposium: Privacy Futures.  June 9-11, 2004. International
Association of Privacy Professionals.  San Francisco, CA.  For more
information:  http://www.privacyfutures.org.

Access & Privacy Conference 2004: Sorting It Out.  Government Studies,
Faculty of Extension.  June 10-11, 2004.  University of Alberta.
Edmonton, Alberta, Canada.  For more information:

13th Annual CTCNet Conference: Building Connected Communities: The
Power of People & Technology.  June 11-13, 2004.  Seattle, Washington.
 For more information: http://www2.ctcnet.org/conf/2004/session.asp.

Fifth Annual Institute on Privacy Law:  New Developments & Compliance
Issues in a Security-Conscious World.  Practising Law Institute.  June
21-22, 2004.  New York, NY.  For more information: http://www.pli.edu.

PORTIA Workshop on Sensitive Data in Medical, Financial, and
Content-Distribution Systems.  PORTIA Project.  July 8-9, 2004.
Stanford, CA.  For more information:

O'Reilly Open Source Convention.  July 26-30, 2004.  Portland, OR. For
more information: http://conferences.oreilly.com/oscon.

First Conference on Email and Anti-Spam.  American Association for
Artificial Intelligence and IEEE Technical Committee on Security and
Privacy.  July 30-31, 2004.  Mountain View, CA.  For more information:

Crypto 2004: The Twenty-Fourth Annual IACR Crypto Conference.
International Association for Cryptologic Research, IEEE Computer
Society Technical Committee on Security and Privacy, and the Computer
Science Department of the University of California, Santa Barbara.
Santa Barbara, CA. August 15-19, 2004.  For more information:

The Right to Personal Data Protection -- the Right to Dignity.  26th
International Conference on Data Protection and Privacy Commissioners.
September 14-16, 2004.  Wroclaw, Poland.  For more information:

2004 Telecommunications Policy Research Conference.  National Center
for Technology & Law, George Mason University School of Law.  October
1-3, 2004.  Arlington, VA.  For more information:

Subscription Information

Subscribe/unsubscribe via Web interface:


Back issues are available at:


The EPIC Alert displays best in a fixed-width font, such as Courier.

Privacy Policy

The EPIC Alert mailing list is used only to mail the EPIC Alert and to
send notices about EPIC activities.  We do not sell, rent or share our
mailing list.  We also intend to challenge any subpoena or other legal
process seeking access to our mailing list.  We do not enhance (link
to other databases) our mailing list or require your actual name.

In the event you wish to subscribe or unsubscribe your e-mail address
from this list, please follow the above instructions under
"subscription information".  Please contact info@epic.org if you would
like to change your subscription e-mail address, if you are
experiencing subscription/unsubscription problems, or if you have any
other questions.

About EPIC

The Electronic Privacy Information Center is a public interest
research center in Washington, DC.  It was established in 1994 to
focus public attention on emerging privacy issues such as the Clipper
Chip, the Digital Telephony proposal, national ID cards, medical
record privacy, and the collection and sale of personal information.
EPIC publishes the EPIC Alert, pursues Freedom of Information Act
litigation, and conducts policy research.  For more information,
e-mail info@epic.org, http://www.epic.org or write EPIC, 1718
Connecticut Ave., NW, Suite 200, Washington, DC 20009. +1 202 483 1140
(tel), +1 202 483 1248 (fax).

If you'd like to support the work of the Electronic Privacy
Information Center, contributions are welcome and fully
tax-deductible.  Checks should be made out to "EPIC" and sent to 1718
Connecticut Ave., NW, Suite 200, Washington, DC 20009. Or you can
contribute online at:


Your contributions will help support Freedom of Information Act and
First Amendment litigation, strong and effective advocacy for the
right of privacy and efforts to oppose government regulation of
encryption and expanding wiretapping powers.

Thank you for your support.

---------------------- END EPIC Alert 11.05 ----------------------