EPIC logo




========================================================================
                             E P I C  A l e r t
========================================================================
Volume 12.13                                              June 30, 2005
------------------------------------------------------------------------

                             Published by the
                Electronic Privacy Information Center (EPIC)
                             Washington, D.C.


              http://www.epic.org/alert/EPIC_Alert_12.13.html

========================================================================
Table of Contents
========================================================================

[1] EPIC Keeps Watchful Eye on US-VISIT
[2] Federal Agency Flouts Privacy Representations to the Public
[3] Groups Object to Massive Department of Defense Recruiting Database
[4] Appeals Court Limits Scope of California Financial Privacy Law
[5] United Kingdom's National ID Cards Bill Faces Opposition
[6] News in Brief
[7] EPIC Bookstore: Lawrence Lessig, How Media Uses Technology
[8] Upcoming Conferences and Events

========================================================================
[1] EPIC Keeps Watchful Eye on US-VISIT
========================================================================

Foreign visitors to the United States are experiencing a new kind of jet
lag: delays and secondary security screenings prompted by technological
glitches in the border security program known as the United States
Visitor and Immigrant Status Indicator Technology (US-VISIT). Documents
obtained by EPIC under the Freedom of Information Act from the
Department of Homeland Security show that US-VISIT has resulted in many
cases of mistaken identity. Commercial aircrew members, vacationers, and
businesspersons have all been delayed by the gaffes. The problems caused
unnecessary delays in the visitors' travels and resulted in the improper
flagging of crewmembers by government watch lists.

US-VISIT was launched at 115 airports and 14 seaports in January 2004.
By the end of 2005, the program will be operational at all of the
nations more than 400 ports of entry. US-VISIT requires foreign
nationals entering or exiting the country to submit biometric and
biographical information. This data collection often begins before a
visitor buys her plane ticket, as U.S. consular offices abroad may,
before issuing a U.S. visa, collect fingerscans from potential visitors
and compare them against those in a criminal database. Fingerscans are
again collected upon the visitor's arrival in the U.S. for verification
and then stored in a government database, as are travelers' arrival and
departure records. Failure to be processed through this departure
confirmation system could jeopardize a visitor's re-admittance to the
U.S., as the government compares the manifest information provided by
air and cruise lines to ascertain that visitors have not overstayed
their visas.

Last September, US-VISIT expanded to include visitors from the 27
nations who are members of the Visa Waiver Program, thus requiring the
screening of an additional 33,000 persons per day. Except for visiting
diplomats and officials and persons under 14 or over 79 years old,
US-VISIT now applies to virtually all foreign nationals holding
nonimmigrant visas, regardless of country of origin.

The documents obtained by EPIC show that some travelers are aware that
the US-VISIT database contains erroneous information well before DHS
realizes its own mistake and fear that their next visit to the U.S. will
result in misidentification. Visitors reported missing their connecting
flights due to errors in the database system, and airline crewmembers
reported being delayed up to ninety minutes after a long international
flight. Some travelers reported that the operator collecting fingerscans
at a port had erroneously reversed their left and right index
fingerprints, labeled a husband's fingerprints as his wife's, failed to
collect the data required under US-VISIT, or collected data from
travelers exempt from the program, such as holders of a G-4 visa.

Passengers' numerous requests to the DHS for correction of erroneous
personal information suggest that the rush to implement US-VISIT has
come at the expense of data accuracy and passenger privacy. IDENT, the
government database containing US-VISIT fingerscans, is based on
technology that even the DHS considers outdated, even though the
government has already invested about $1 billion in the program. The
current fingerscan technology does not meet the government's biometric
standard, which mandates imaging of all ten fingerprints. Last fall,
Stanford University professor Lawrence M. Wein testified before Congress
that the chance of identifying a terrorist by matching two index
fingerscans poorly imaged by IDENT against the government's biometric
watch list is no more than 53%. Privacy concerns are increasing as the
government turns to the private sector for full implementation of
US-VISIT; global consultant Accenture received a $10 billion contract
last year for full-scale implementation over the next decade.

Freedom of Information Act documents obtained by EPIC on US-VISIT:

     http://www.epic.org/foia_notes/note7.html

EPIC's US-VISIT Page:

     http://www.epic.org/privacy/us-visit/

More information on the US-VISIT technology and cost is available at:

     http://www.epic.org/redirect/wpvisit605.html

========================================================================
[2] Federal Agency Flouts Privacy Representations to the Public
========================================================================

The Transportation Security Administration has collected and maintained
detailed commercial data about thousands of travelers in violation of
notices issued last fall explicitly stating the agency would not store
commercial data.

According to a notice and privacy impact assessment published in the
Federal Register on June 22, TSA obtained passenger name records
enhanced with commercial data during the testing Secure Flight, an
airline passenger prescreening program currently under development by
the agency. The commercial data, which was obtained by contractor
EagleForce Associates from commercial data brokers, included such
information as name, home address, phone number, date of birth, and
gender. EagleForce then provided the enhanced passenger records to TSA
on CD-ROMs for use in watch list match testing. TSA continues to store
this data.

These actions contradicted prior representations made by the agency to
the public. In fall 2004, TSA published a privacy impact assessment and
three notices describing the Secure Flight program and the agency's
order requiring 72 commercial airlines to turn over passenger records
from the month of June 2004 to test Secure Flight. The agency assured
the public repeatedly it would not have access to or store data from
commercial data aggregators during the test phase.

On June 15, just a few days before TSA published its notice on Secure
Flight, the Department of Homeland Security Privacy Office announced
that it has launched an investigation into whether the agency violated
federal privacy law during the test phase of the program. According to
Chief Privacy Officer Nuala O'Connor Kelly, the investigation focuses on
whether the program's use of commercial databases and other details were
properly disclosed to the public. She said her office is also examining
the security of the Secure Flight system.

Violations of the Privacy Act of 1974, a federal law requiring
government agencies to meet certain obligations when creating and
maintaining systems of records, are civilly and criminally punishable.

In the midst of these developments, the House Committee on Homeland
Security's Subcommittee on Economic Security, Infrastructure Protection,
and Cybersecurity held a hearing on presecreening air passengers against
watch lists.  Former Representative to Congress John B. Anderson
testified that he has been erroneously identified as a watch list match,
and enlisted the help of his current Congressional representative to
ensure that his name was cleared. James May of the Air Transport
Association, James Dempsey of the Center for Democracy and Technology,
and Paul Rosenzweig of the Heritage Foundation discussed the Terrorist
Screening Center's consolidated watch list and challenges to Secure
Flight's success.  Justin Oberman, TSA's Administrator of Secure Flight
and Registered Traveler, testified on Secure Flight's development and
status.  Oberman was peppered with questions about whether Secure Flight
will improve the current state of passenger prescreening, TSA's
conflicting representations about the scope of Secure Flight commercial
data testing, and missed milestones in the program's development.

Nov. 15, 2004 Notice of Final Order:

     http://www.epic.org/redirect/noti904.html

June 22, 2005 System of Records Notice:

     http://www.epic.org/redirect/noti0605.html

House Committee on Homeland Security's Subcommittee on Economic
Security, Infrastructure Protection, and Cybersecurity hearing:
"Improving Pre-screening of Aviation Passengers Against Terrorist and
Other Watch Lists":

     http://homeland.house.gov/release.cfm?id=379

EPIC's Secure Flight Page:

     http://www.epic.org/privacy/airtravel/secureflight.html

========================================================================
[3] Groups Object to Massive Department of Defense Recruiting Database
========================================================================

EPIC and eight privacy groups filed comments last week objecting to the
Department of Defense's (DOD) creation of a giant "Joint Advertising and
Market Research" database for military recruiting purposes.  Privacy
groups learned of the database in May 2005, but late last week, the DOD
admitted that it had already created the database in 2003, and it failed
to notify the public of that fact despite the agency's duty to do so
under the Privacy Act of 1974. These developments have focused
significant public attention on the use of personal information by the
government for military direct marketing purposes, and legislation is
being considered to protect privacy of young people being targeted for
recruitment.

The groups' comments objected to the enormity of the database, and the
plethora of privacy-invasive design choices that DOD has taken to
implement it. Six aspects are worth noting: First, according to the
Privacy Act notice announcing the system of records, the database was to
be stored at "Benow" a private-sector direct marketing company. This
company has no apparent privacy policy or person designated to oversee
security of personal information.

Second, relying upon an Executive Order issued in the 1940s, DOD claimed
that it had the authority to index the database by citizens' Social
Security Numbers (SSNs) to eliminate duplicate records. However, SSNs
are not necessary to purge a database of duplicates, and direct
marketing companies no longer use them to clean their databases.  For
reasons that are now obvious, collecting the SSN is a bad idea unless it
is necessary for some legitimate agency function.

Third, the DOD exercised all of its "blanket routine uses," meaning that
information in the database could be transferred to other agencies for
thirteen different reasons, including law enforcement and
counterintelligence activities.

Fourth, while a citizen can opt out of military solicitation, one cannot
opt out of this database. This means that even the citizen who is
ineligible for military service could be included in the database.

Fifth, the Privacy Act and the DOD's internal regulations require the
agency to collect information directly from the citizen where possible.
However, the database would be largely populated from other sources,
including from state motor vehicle department databases, school
enrollment data, and commercial information vendors. The main commercial
vendors that sell students' data, American Student List and Student
Marketing Group, were both pursued recently by consumer protection
authorities for setting up front groups that tricked students into
revealing their personal information.

Finally, the database plans represent a government foray into direct
marketing practices.  EPIC argued that direct marketing is not an
appropriate government function, and that existing laws to address
direct marketing practices would not apply to military recruiters.

The creation of the database caused many to revisit public policy
choices made by Congress on military recruiting. Under the No Child Left
Behind law, Congress forced public and private schools receiving federal
educational fund to release secondary students' names, addresses and
telephone numbers to military recruiters who request them. Parents or
students may request that the information not be released to recruiters
by signing a form distributed by schools early in the school year.
Legislation introduced by Representative Mike Honda in February to
reverse this presumption, and require affirmative consent before
personal information is transferred from schools to recruiters, is being
revisited by lawmakers. The legislation would not address the practice
of recruiters buying personal information from direct marketing
companies, or limit recruiters' access to personal information held by
state motor vehicle departments.

Privacy Act Notice Describing the Recruiting Database:

     http://www.epic.org/redirect/padod605.html

Department of Defense Media Roundtable:

     http://www.dod.mil/transcripts/2005/tr20050623-3121.html

EPIC's Department of Defense Recruiting page:

     http://www.epic.org/privacy/student/doddatabase.html

EPIC's Student Privacy page:

     http://www.epic.org/privacy/student/

H.R. 551, the Student Privacy Protection Act of 2005:

     http://thomas.loc.gov/cgi-bin/bdquery/z?d109:h.r.00551:

========================================================================
[4] Appeals Court Limits Scope of California Financial Privacy Law
========================================================================

A three-judge panel of the Ninth Circuit Court of Appeals has
invalidated a portion of California's landmark financial privacy law,
SB1. As passed, SB1 allowed individuals to opt out of "affiliate
sharing," the practice of selling personal information amongst financial
institutions (banks, insurance, and brokerage companies) that have
common ownership. The law also required financial institutions to gain
Californians' affirmative consent before selling personal data to
non-affiliated third parties.

The Court held that "at least some part of SB1's affiliate-sharing
provisions" were preempted by the federal Far Credit Reporting Act
(FCRA). The FCRA, passed in 1970 and amended significantly in 1996 and
2003, regulates the trading of "consumer reports," compilations of
personal information that are used for determining one's eligibility for
credit, insurance, or employment. In amending the FCRA, the Court held,
Congress superceded state laws concerning these consumer reports.
Therefore, Californians will not be able to opt out from having their
consumer reports traded amongst affiliated financial institutions.

While it is clear that the trade in "consumer reports" cannot be limited
by SB1, the full effect of the decision is not clear. In the 13-page
opinion, the Court discussed the differences among "consumer reports,"
"experience" information, and "non-experience" information, but didn't
clearly state whether regulation of the latter categories were preempted
by the FCRA. These latter categories include information purchased by
commercial vendors of personal information, information gleaned from
check payments and credit card use, and information individuals submit
in making loan or account applications. The Court remanded the case to a
lower court to determine the precise extent to which SB1 was superceded,
frustrating banking officials who argued that all state privacy law
should be preempted.

In an amicus brief, EPIC and a coalition of groups representing 41
million individuals argued that preemption of SB1 would weaken
protections against identity theft and erode consumer privacy. The
coalition maintains that as financial institutions grow, affiliate
sharing is becoming a major privacy risk, since federal law allows
companies with common ownership to exploit personal information to an
unlimited degree.  Limits on financial institutions' use of personal
information also shields individuals from telemarketing and junk mail.

More generally, preemption of state law has become a threat to consumer
protection and privacy. Banks have petitioned the Federal Communications
Commission to invalidate a number of state anti-telemarketing laws. If
these laws are preempted, even phones on the Do-Not-Call Registry will
begin to ring again, as banks and all other companies will be able to
call any consumer who has purchased a product from the caller in the
past 18 months. Banks, commercial data brokers, and retailers also are
seeking preemption of California's security breach notification laws
that have exposed embarrassing security problems at Choicepoint,
Lexisnexis, and Citibank.

The good news is that Californians will still enjoy most of SB1's
protections. The law still requires financial institutions to obtain
affirmative consent before selling personal information to
non-affiliated third party companies. It appears that California
residents will be able to opt out from some affiliate sharing, although
the extent of that ability will be determined over the next year by a
federal district court.

Ninth Circuit Decision in ABA v. Lockyer (pdf):

     http://www.epic.org/privacy/preemption/abavlockyerninecir.pdf

Coalition Amicus Brief:

     http://www.epic.org/privacy/preemption/lockyer_brief.html

EPIC's Preemption Page:

     http:/www.epic.org/privacy/preemption/

EPIC's FCRA Page:

     http://www.epic.org/privacy/fcra/

========================================================================
[5] United Kingdom's National ID Cards Bill Faces Opposition
========================================================================

A proposal to create a nationwide ID Card in the UK narrowly avoided
defeat Tuesday in Parliament. Some members charged that UK ministers
have failed to define clear goals for the program and are
underestimating its cost. They seek tighter controls over the
dissemination of information to law enforcement and other groups.

The proposed Identity Cards Bill would create a National ID Register
that would contain information on all UK residents older than 16 years.
In addition to storing general information (name, date of birth,
address, etc.), the Register would store a biometric identifier
(photograph, fingerprint, or other). Once implemented, the card will be
used for a variety of purposes, including access to health care, to seek
employment and as a tool for law enforcement.

A London School of Economics report estimates the new ID system could
eventually cost more than 20 billion ($36B), disputing the 6 billion
($11B) estimate claimed by the government. The costs of the system will
be borne by the public, which will be required to purchase a card every
five to ten years.

Critics of the bill are hopeful that this narrow win in the House of
Commons will lead to changes, especially since more opposition is
expected in the House of Lords. Prime Minister Tony Blair has indicated
that he will address the concerns of the dissenting members.

London School of Economics Report:

     http://www.epic.org/redirect/lseid605.html

EPIC's National ID Cards and REAL ID Act page:

     http://www.epic.org/privacy/id_cards/

========================================================================
[6] News in Brief
========================================================================

Senators Specter and Leahy Introduce Comprehensive Privacy Legislation

The leading Republican and Democrat on the Senate Judiciary Committee
have introduced the Personal Data and Security Act of 2005. The bill
would strengthen penalties for identity theft, create new rights of
data access, establish security standards, limit the sale and display
of the social security number, and require the government to establish
safeguards for personal information held by data brokers.

Personal Data and Security Act of 2005 (pdf):

     http://www.epic.org/privacy/pdsa2005.pdf

EPIC's Choicepoint page:

     http://www.epic.org/privacy/choicepoint/

Model Privacy Regime:

     http://papers.ssrn.com/sol3/papers.cfm?abstract_id=699701


Congresswoman Calls for Hearings on Social Security Disclosure Policy

Congresswoman Carolyn Maloney continued last week to push for
investigation into the Social Security Administration's (SSA)
information disclosure policy. In a letter to Chairman William Thomas of
the Ways and Means Committee and Chairman Tom Davis of the Committee on
Government Reform, Representative Maloney called for hearings on the
SSA's release of sensitive personal information to law enforcement and
the lack of oversight of the agency's actions. The request follows an
inquiry to the SSA Commissioner last month about this issue. Documents
obtained through a FOIA request by EPIC sparked the inquiry, revealing
that the SSA adopted an "ad-hoc" policy allowing the liberal release of
personal information in connection with 9/11 investigations. In a letter
to Congresswoman Maloney, the SSA Commissioner denied that the agency
made any change to its disclosure policy, and had instead "invoked its
long-standing ad hoc authority" to release information in connection
with 9/11 investigations.

Letter to Chairman Thomas and Chairman Davis from Congresswoman Maloney
(pdf):

     http://www.house.gov/maloney/issues/Homeland/062205SSAHearing.pdf

Letter to Social Security Administration from Congresswoman Maloney
(pdf):

     http://www.house.gov/maloney/issues/Homeland/052705SSA.pdf

Response from the Social Security Administration to Congresswoman
Maloney (pdf):

     http://www.epic.org/foia_notes/062705ssaresponse.pdf

Freedom of Information documents obtained by EPIC on the Social Security
Administration's "ad hoc" policy for disclosing personal information in
connection with 9/11 investigations (pdf):

     http://www.epic.org/foia_notes/ssa_foia.pdf


EPIC & Hoofnagle Receive Consumer Protection Award

EPIC's West Coast Director, San Francisco attorney Chris Hoofnagle, has
received a 2005 Consumer Excellence Award from Consumer Action. Consumer
Action is a non-profit organization focusing on consumer education and
advocacy in telecommunications and financial services. Upon accepting
the award, Hoofnagle warned that consumer advocates face difficult
challenges ahead, as collection of personal information can enable
subtle discriminatory practices, such as digital redlining and
discriminatory pricing. Also recognized was California Assemblymember
Judy Chu, for her work to protect immigrants from fraud.

Consumer Action's site:

     http://www.consumer-action.org/


Congress Opens Junk Fax Floodgates with New Law

Congress Tuesday passed a bill that  would permanently allow an
"existing business relationship" exemption for commercial "junk
faxes." Under the law, if an individual does business with  any company,
the company can begin to send the individual junk faxes, even if the
individual does not provide the business with a fax number. The law
allows direct marketers to troll the Internet, phone books, and
advertisements to harvest fax numbers of their  customers. The bill sets
no time limit for an existing business relationship, unlike the
national no-call list, which limits  such relationships to those who
made a purchase in the past 18 months or an inquiry in the past three
months.

Text of S. 714: Junk Fax Prevention Act of 2005:

     http://thomas.loc.gov/cgi-bin/bdquery/z?d109:s.00714:

EPIC's Sept. 21, 2004, congressional testimony on junk fax regulation:

     http://www.epic.org/privacy/wireless/dirtest_904.html

EPIC's Telemarketing and Junk Fax page:

     http://www.epic.org/privacy/telemarketing/


US, Europe Discuss Transatlantic Issues in Privacy, Data Protection

The Atlantic Council along with the European Parliament sponsored a
discussion this week on transatlantic privacy and data protection
issues. Topics discussed included biometric passports, the US-VISIT
program, airline passenger name records, and other types of public and
private surveillance in the US. Choicepoint executive David Davis
described his company's role in consolidating public records and
providing data to US government agencies. EPIC Executive Director Marc
Rotenberg discussed general privacy laws in the US. Several members of
the European Parliament were outraged about the lack of privacy
protections in the US for EU citizens. They urged the establishment of
better regulations and non-discriminatory measures to protect EU
citizens' privacy in the US, as the privacy of American citizens' is
protected in the EU. They advised that the Privacy Act of 1974 be
amended to also protect those who are neither US citizens nor lawful
permanent residents.


Atlantic Council Program on Transatlantic Relations:

     http://www.acus.org/TransatlanticRelations/


DOJ Urged to Clarify Privacy Obligations of Storing Biological Evidence

EPIC has submitted comments urging the Justice Department to identify
and ensure compliance with existing privacy protections when preserving
biological evidence during  the investigation of a federal crime for
which an individual  is in prison. Congress has stated, "DNA testing has
the capacity not only to identify the perpetrators of crimes but  also
to exonerate the innocent." EPIC argued that the agency should limit
access to material that must  be preserved under law to government
agencies that will use the  material to further this legislative
purpose.

EPIC's Comments on the Preservation of Biological Evidence Under 18
U.S.C.  3600A:

     http://www.epic.org/privacy/genetic/062705dna_comments.html

EPIC's Genetic Privacy page:

     http://www.epic.org/privacy/genetic/


Orlando Airport Debuts Biometric ID Traveler System

Orlando International Airport has begun test operations of a registered
traveler program. In exchange for an exclusive security line and a
guarantee against random secondary pat-down check, travelers offer their
biometric information, fingerprints and iris scans, and undergo a
background check by the Department of Homeland Security. Program
participants, who must pay an $80 annual fee, still must have bags
screened and go through a metal detector.

EPIC's Passenger Profiling page:

    http://www.epic.org/privacy/airtravel/profiling.html

EPIC's Biometrics page:

    http://www.epic.org/privacy/biometrics/


EPIC: E-mail Users Should Be Able to Opt-Out from List Brokers

EPIC recently submitted comments to the Federal Trade Commission about
proposed changes to the CAN-SPAM Act, which penalizes senders of
deceptive spam advertising. EPIC argued that individuals should be able
to prevent direct marketing "list brokers" from selling lists containing
their e-mail addresses. List brokers actively buy, sell, and rent lists
of consumers' personal information. Although there are thousands of
these list brokers in operation, the top 100 brokers are the driving
force behind much of the spam in the U.S. EPIC urged the FTC to give
consumers the right to opt out of inclusion in the brokers' databases.
It would be more efficient for the consumer to be able to opt out of the
top brokers' lists than having to opt out of each online merchants
sending spam individually, EPIC said.

EPIC Comments on CAN-SPAM Act Rulemaking, Project No. R411008:

     http://www.epic.org/privacy/junk_mail/spam/canspamcomment62705.html

EPIC's Consumer Profiling page:

     http://www.epic.org/privacy/profiling/


Committee for Voting Integrity Recommends Enhanced Standards

The National Committee for Voting Integrity has submitted comments to
the Senate Rules Committee, which held a hearing on Voter Verification
in the Federal Elections Process. NCVI said that current voting
technology does not meet a standard that can assure voters that votes
are recorded and counted as cast. NCVI made recommendations to the
Senate on ways to improve transparency, privacy and security of ballots.

Comments of the National Committee for Voting Integrity on Voter
Verification in the Federal Elections Process (pdf):

     http://www.epic.org/privacy/voting/testimony062105.pdf

National Committee for Voting Integrity's site:

     http://www.votingintegrity.org/


Groups to FTC: Kids' Privacy Improving, but Law Needs Enforcement

Consumer privacy groups have filed comments to the Federal Trade
Commission as part of its review of the Children's Online Privacy
Protection Act (COPPA). The groups argue that COPPA has improved
children's privacy online. There is a continuing need to continue to
clarify COPPA via enforcement and research into the cutting-edge
techniques being used to direct Web sites at children. Further action is
still needed to address the privacy concerns raised in the offline
market for children's personal information.

Comments of EPIC, et al., in the Matter of COPPA Rule Review 2005,
Project No. P054505:

     http://www.epic.org/privacy/kids/ftc_coppa_62705.html

EPIC's Children's Online Privacy Protection Act page:

     http://www.epic.org/privacy/kids/

========================================================================
[7] EPIC Bookstore: 
========================================================================

Lawrence Lessig, Free Culture: How Big Media Uses Technology and the Law
to Lock Down Culture and Control Creativity (Penguin Press HC, 2004)

     http://www.epic.org/bookstore/powells/redirect/alert1213.html

"A landmark manifesto about the genuine closing of the American mind.

Lawrence Lessig could be called a cultural environmentalist. One of
America's most original and influential public intellectuals, his focus
is the social dimension of creativity: how creative work builds on the
past and how society encourages or inhibits that building with laws and
technologies. In his two previous books, Code and The Future of Ideas,
Lessig concentrated on the destruction of much of the original promise
of the Internet. Now, in Free Culture, he widens his focus to consider
the diminishment of the larger public domain of ideas. In this powerful
wake-up call he shows how short-sighted interests blind to the long-term
damage they're inflicting are poisoning the ecosystem that fosters
innovation.

All creative works-books, movies, records, software, and so on-are a
compromise between what can be imagined and what is
possible-technologically and legally. For more than two hundred years,
laws in America have sought a balance between rewarding creativity and
allowing the borrowing from which new creativity springs. The original
term of copyright set by the Constitution in 1787 was seventeen years.
Now it is closer to two hundred. Thomas Jefferson considered protecting
the public against overly long monopolies on creative works an essential
government role. What did he know that we've forgotten?

Lawrence Lessig shows us that while new technologies always lead to new
laws, never before have the big cultural monopolists used the fear
created by new technologies, specifically the Internet, to shrink the
public domain of ideas, even as the same corporations use the same
technologies to control more and more what we can and can't do with
culture. As more and more culture becomes digitized, more and more
becomes controllable, even as laws are being toughened at the behest of
the big media groups. What's at stake is our freedom-freedom to create,
freedom to build, and ultimately, freedom to imagine."

                   ================================

EPIC Publications:

"Privacy & Human Rights 2004: An International Survey of Privacy Laws
and Developments" (EPIC 2004). Price: $35.
http://www.epic.org/bookstore/phr2004

This survey, by EPIC and Privacy International, reviews the state of
privacy in more than sixty countries around the world.  The survey
examines a wide range of privacy issues including data protection,
passenger profiling, genetic databases, video surveillance, ID systems
and freedom of information laws.

                   ================================

"FOIA 2004: Litigation Under the Federal Open Government Laws," Harry
Hammitt, David Sobel and Tiffany Stedman, editors (EPIC 2004). Price:
$40. http://www.epic.org/bookstore/foia2004

This is the standard reference work covering all aspects of the
Freedom of Information Act, the Privacy Act, the Government in the
Sunshine Act, and the Federal Advisory Committee Act.  The 22nd
edition fully updates the manual that lawyers, journalists and
researchers have relied on for more than 25 years.  For those who
litigate open government cases (or need to learn how to litigate
them), this is an essential reference manual.

                   ================================

"The Public Voice WSIS Sourcebook: Perspectives on the World Summit on
the Information Society" (EPIC 2004). Price: $40.
http://www.epic.org/bookstore/pvsourcebook

This resource promotes a dialogue on the issues, the outcomes, and the
process of the World Summit on the Information Society (WSIS).  This
reference guide provides the official UN documents, regional and
issue-oriented perspectives, as well as recommendations and proposals
for future action, as well as a useful list of resources and contacts
for individuals and organizations that wish to become more involved in
the WSIS process.

                   ================================

"The Privacy Law Sourcebook 2003: United States Law, International
Law, and Recent Developments," Marc Rotenberg, editor (EPIC 2003).
Price: $40. http://www.epic.org/bookstore/pls2003

The "Physicians Desk Reference of the privacy world."  An invaluable
resource for students, attorneys, researchers and journalists who need
an up-to-date collection of U.S. and International privacy law, as
well as a comprehensive listing of privacy resources.

                   ================================

"Filters and Freedom 2.0: Free Speech Perspectives on Internet Content
Controls" (EPIC 2001). Price: $20.
http://www.epic.org/bookstore/filters2.0

A collection of essays, studies, and critiques of Internet content
filtering.  These papers are instrumental in explaining why filtering
threatens free expression.

                   ================================

"The Consumer Law Sourcebook 2000: Electronic Commerce and the Global
Economy," Sarah Andrews, editor (EPIC 2000). Price: $40.
http://www.epic.org/cls

The Consumer Law Sourcebook provides a basic set of materials for
consumers, policy makers, practitioners and researchers who are
interested in the emerging field of electronic commerce.  The focus is
on framework legislation that articulates basic rights for consumers
and the basic responsibilities for businesses in the online economy.

                   ================================

"Cryptography and Liberty 2000: An International Survey of Encryption
Policy," Wayne Madsen and David Banisar, authors (EPIC 2000). Price:
$20.  http://www.epic.org/bookstore/crypto00&
EPIC's third survey of encryption policies around the world.  The
results indicate that the efforts to reduce export controls on strong
encryption products have largely succeeded, although several
governments are gaining new powers to combat the perceived threats of
encryption to law enforcement.

                   ================================

EPIC publications and other books on privacy, open government, free
expression, crypto and governance can be ordered at:

      EPIC Bookstore
      http://www.epic.org/bookstore

      "EPIC Bookshelf" at Powell's Books
      http://www.powells.com/features/epic/epic.html
                     ================================

EPIC also publishes EPIC FOIA Notes, which provides brief summaries
of interesting documents obtained from government agencies under the
Freedom of Information Act.

     Subscribe to EPIC FOIA Notes at:
     https://mailman.epic.org/cgi-bin/control/foia_notes

======================================================================
[8] Upcoming Conferences and Events
======================================================================

Internet Corporation For Assigned Names and Numbers (ICANN) Meeting.
July 11-15, 2005.  Luxembourg City, Luxenbourg.  For more information:
http://www.icann.org.

TTI/Vanguard conference: "Evolving Systems," Miami, Florida, July 12-13,
2005. For more information:
http://www.ttivanguard.com/a_conferences.htm#Miami2005Overview

3rd International Human.Society@Internet Conference.  July 27-29,
2005.  Tokyo, Japan.  For more information: http://hsi.itrc.net.

PEP05: UM05 Workshop on Privacy-Enhanced Personalization.  July 2005.
Edinburgh, Scotland. For more information:
http://www.ics.uci.edu/~kobsa/PEP05. Access to Information: Analyzing the State of the Law. Riley
Information Services. September 8, 2005. Ottawa, Ontario. For more
information: http://www.rileyis.com/seminars/ 5th Annual Future of Music Policy Summit. Future of Music Coalition.
September 11-13, 2005. Washington DC. For more information:
http://www.futureofmusic.org/events/summit05/index.cfm. Conference On Passenger Facilitation & Immigration: Newest trends in achieving a seamless experience in air travel International Air Transport Association (IATA) and Singapore Aviation Academy (SAA) October 3-5, 2005 Singapore Aviation Academy. For more information: http://www.saa.com.sg/conf_pax_fac Public Voice Symposium: "Privacy and Data Protection in Latin America -
Analysis and Perspectives." Launch of the first Spanish version of
"Privacy and Human Rights." October 20-21, 2005, Auditorio Alberto
Lleras Camargo de la Universidad de los Andes, Bogota, Colombia.
Organizers: Electronic Privacy Information Center (EPIC), Grupo de
Estudios en Internet, Comercio Electrónico, Telecomunicaciones e
Informática (GECTI), Law School of the Universidad de los Andes, Bogota,
Colombia, Computer Professional for Social Responsibility-Peru
(CPSR-Perú). For more information:
http://www.thepublicvoice.org/events/bogota05/ 6th Annual Privacy and Security Workshop. Centre for Innovation Law and Policy (University of Toronto) and the Center for Applied Cryptographic Research (University of Waterloo). November 3-4, 2005. University of Toronto. For more information: http://www.cacr.math.uwaterloo.ca/conferences/2005/psw/announcement.html The World Summit on the Information Society. Government of Tunisia. November 16-18, 2005. Tunis, Tunisia. For more information: http://www.itu.int/wsis. Internet Corporation For Assigned Names and Numbers (ICANN) Meeting. November 30-December 4, 2005. Vancouver, Canada. For more information: http://www.icann.org. ====================================================================== Subscription Information ====================================================================== Subscribe/unsubscribe via web interface: https://mailman.epic.org/cgi-bin/mailman/listinfo/epic_news Back issues are available at: http://www.epic.org/alert The EPIC Alert displays best in a fixed-width font, such as Courier. ====================================================================== Privacy Policy ====================================================================== The EPIC Alert mailing list is used only to mail the EPIC Alert and to send notices about EPIC activities. We do not sell, rent or share our mailing list. We also intend to challenge any subpoena or other legal process seeking access to our mailing list. We do not enhance (link to other databases) our mailing list or require your actual name. In the event you wish to subscribe or unsubscribe your e-mail address from this list, please follow the above instructions under "subscription information." ====================================================================== About EPIC ====================================================================== The Electronic Privacy Information Center is a public interest research center in Washington, DC. It was established in 1994 to focus public attention on emerging privacy issues such as the Clipper Chip, the Digital Telephony proposal, national ID cards, medical record privacy, and the collection and sale of personal information. EPIC publishes the EPIC Alert, pursues Freedom of Information Act litigation, and conducts policy research. For more information, see http://www.epic.org or write EPIC, 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009. +1 202 483 1140 (tel), +1 202 483 1248 (fax). If you'd like to support the work of the Electronic Privacy Information Center, contributions are welcome and fully tax-deductible. Checks should be made out to "EPIC" and sent to 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009. Or you can contribute online at: http://www.epic.org/donate Your contributions will help support Freedom of Information Act and First Amendment litigation, strong and effective advocacy for the right of privacy and efforts to oppose government regulation of encryption and expanding wiretapping powers. Thank you for your support. ---------------------- END EPIC Alert 12.13 ---------------------- .