EPIC logo

                             E P I C  A l e r t
Volume 12.16                                             August 11, 2005

                             Published by the
                Electronic Privacy Information Center (EPIC)
                             Washington, D.C.


Table of Contents

[1] EPIC Opposes Georgia's Proposed ID Requirement for Voters
[2] Coalition Urges Court to Strike National Security Letter Authority
[3] Spotlight: Unmanned Planes Allow Secret Surveillance of Civilians
[4] Privacy Groups, Senators Oppose Preempting Anti-Telemarketing Laws
[5] EPIC: US-VISIT's Wireless Travel ID Plan is Flawed
[6] News in Brief
[7] EPIC Bookstore: Sheldon Charrett's "Modern Identity Changer"
[8] Upcoming Conferences and Events

[1] EPIC Opposes Georgia's Proposed ID Requirement for Voters

EPIC has submitted comments to the Department of Justice in opposition
to Georgia's proposal to require citizens to provide a government-issued
photo ID to vote in a state or federal election. EPIC's opposes the
proposal because it will negatively impact voter privacy, discourage
voter turnout, and is inconsistent with the federal Help America Vote

Under the 1965 Voting Rights Act, Georgia, along with a number of other
states, must submit any changes in voting laws to the Justice Department
for approval, in what is called "pre-clearance," before they can be

EPIC's comments to the Justice Department stress the privacy
implications of the Georgia proposal to require citizens to present one
of a very narrow set of government-issued identification documents in
order to vote. The most common form of identification likely to be used
-- a Georgia driver's license -- was designed for and continues to be
used to prove competence for operating a motor vehicle.

The information provided on a driver's license can disclose much more
personal information than what is required to prove identity for voting
purposes. This information includes the voter's name, photographic
likeness, age, height, weight, driver's license number, restrictions
owing to disability or impairment (such as imperfect vision or
prosthetic limbs), and fingerprints. Furthermore, the state of Georgia,
not the applicant, has sole control over the information placed into a
state-issued identification card, which is likely to be expanded under
the REAL ID Act.

EPIC also pointed out that the elderly, the poor, and the disabled were
less likely to posses a state driver's license than other eligible
voters. Georgia Secretary of State Cathy Cox has objected to the
measure. She said that there have been no reports of people
impersonating voters at the polls.

The Voting Rights Act was passed in response to the efforts of certain
states to impose barriers to voting and discourage voter turnout.

EPIC's Comments to the Department of Justice (pdf):


EPIC's Voting Privacy Page:


National Committee for Voting Integrity:


Department of Justice's Voting Rights Laws Page:


[2] Coalition Urges Court to Strike National Security Letter Authority

EPIC and a coalition of open government organizations filed a "friend of
the court" brief in Gonzales v. Doe, a lawsuit concerning the FBI's
authority to issue national security letters to businesses for certain
customer records without judicial approval. This investigative power,
which is part of the Electronic Communications Privacy Act, also imposes
a permanent nondisclosure order prohibiting the recipient from ever
telling anyone he has received a national security letter.

Last year, an anonymous Internet service provider and the ACLU
challenged the constitutionality of this broad authority, arguing that
it violates the First and Fourth Amendments because the law fails to
provide adequate checks on the FBI's power to force companies to turn
over sensitive customer information. They also argued that the "gag"
provision violates the First Amendment because it completely and
permanently forbids every recipient from disclosing the fact that he
received a national security letter -- regardless of whether such a
sweeping ban is actually necessary.

A federal court in New York found the power unconstitutional on First
Amendment grounds in September. The government is now challenging that
ruling in the Second Circuit Court of Appeals.

The amicus brief, which was co-authored by EPIC and the National
Security Archive, argues that the courts must provide meaningful
oversight of the government's investigative activity, and that the FBI's
national security letter power undermines government accountability.
Other organizations supporting the brief include the Project on
Government Secrecy of the Federation of American Scientists and the
National Whistleblower Coalition.

The amicus brief (pdf):


Lower court opinion (2.1 MB pdf):


More information about the case:


[3] Spotlight: Unmanned Planes Allow Secret Surveillance of Civilians

This month's Spotlight on Surveillance shines on unmanned aerial
vehicles (UAVs), equipped with cameras and sensors that produce
high-resolution imagery and track moving targets. UAVs, which cost
$350,000 to $4.5 million each, were designed for military use and have
been deployed in Afghanistan and Iraq. Now this military technology
could be used by the federal government for aerial surveillance of
civilians in the United States.

Customs and Border Protection, a part of the Department of Homeland
Security, has tested UAVs along the Mexican border, and is considering
using these surveillance planes permanently. The Coast Guard, also under
the umbrella of Homeland Security, has bought 45 of Bell Helicopter's
"Eagle Eye" tilt-rotor UAVs and will begin rolling them out in
September. Each Eagle Eye costs $5.5 million. The U.S. military has used
UAVs in reconnaissance missions in the wars in Afghanistan and Iraq, and
some are equipped with weapons.

The "Predator B" UAVs was tested in 2003 and 2004 in the U.S. by the
Border Patrol and the Coast Guard. "Hermes 450" UAVs scanned the
Arizona-Mexico border in 2004. The Border Patrol is expected to conduct
a second test of UAVs along the Arizona-Mexico border in September. The
Department of Homeland Security also plans to test the UAVs along the
Canadian border and in Puerto Rico.

UAVs are touted as being less expensive and safer than manned aircraft.
However, the surveillance planes are prone to crashing, and are
expensive to replace. Another problem is that UAV images can be
distorted by inclement weather, cloudy conditions, high humidity, rough
terrain and dense foliage.

This increase in surveillance and monitoring systems has not helped the
Border Patrol's bottom line -- apprehensions. In 2000, there were 1.6
million apprehensions. Every year since then, the number has steadily
fallen to half that - in 2004, there were 800,000 apprehensions. Also, a
report about UAVs prepared earlier this year for Congress warned that
the surveillance planes' effectiveness "may not be so significant when
terrorists, like the September 11 hijackers, can and have entered the
country through more easily accessible official ports of entry."

EPIC's August 2005 Spotlight on Surveillance:


[4] Privacy Groups, Senators Oppose Preempting Anti-Telemarketing Laws

In a submission to the Federal Communications Commission, EPIC and 11
consumer advocacy groups urged the agency not to determine that federal
law "preempts," or supercedes, strong state anti-telemarketing
protections. The submission responded to a series of petitions filed by
banks, major retailers, and telemarketers that sought to invalidate all
state telemarketing laws. Invalidation of these laws would lead to an
increase of unwanted telemarketing.

Several of the businesses' petitions focused on forcing states to
recognize large loopholes in federal regulations concerning "established
business relationships" and "pre-recorded voice" telemarketing. The
established business relationship loophole allows companies to contact
their current customers, even if they are on the Do-Not-Call Registry.
While this sounds reasonable, the loophole is overbroad because any
purchase, no matter how small, or a simple request for information,
creates an established business relationship. Pre-recorded voice
telemarketing is a practice where a telemarketer uses a computer to call
and deliver a message automatically. Telemarketers add "ums" and
background noises to the recorded message to fool the listener into
thinking that the call is from a live person. Unlike live telemarketing,
pre-recorded voice requires the fewer resources, allowing telemarketers
to initiate millions of calls per day.

EPIC's comments argue that telemarketers have not met the legal burden
necessary to support preemption of the state laws. Well-established case
law holds that the telemarketers must show that Congresses clearly
intended to invalidate state laws.  However, federal law is silent on
the issue, and Congress has had numerous opportunities to invalidate
laws that telemarketers have had to comply with for almost 15 years.

The comments also argue that technically, telemarketers can comply with
state and federal privacy regulations. There are many examples of data
companies that can "segment" the public, down to the zip code level, and
treat people differently. These profiling technologies, EPIC argued,
could be employed to comply with state and federal mandates.

Sen. Bill Nelson and nine other senators from states that would be
affected by the FCC's decision wrote separately to oppose preemption of
the state anti-telemarketing laws. DMNews reported that over 8,000
consumers filed comments opposing preemption.

Coalition Comments Against Preemption:


Letter from 10 U.S. Senators Opposing Preemption (pdf):


EPIC's Telemarketing Preemption Page:


[5] EPIC: US-VISIT's Wireless Travel ID Plan is Flawed

In comments to the Department of Homeland Security (DHS), EPIC has urged
the agency to abandon a proposal to embed Radio Frequency Identification
(RFID) tags into the Form I-94 or Form I-94W, which is the
Arrival-Departure record issued to a traveler to the United States.
US-VISIT will test the use of passive RFID tags to "automatically,
passively, and remotely" record the entry and exit of covered
individuals, DHS said. EPIC said the plan lacks basic privacy and
security safeguards, and repeats many of the problems with the
controversial proposal of the State Department for wireless passports.

The problems with the proposal to use RFID-enabled I-94 forms are very
similar to the problems found in the State Department's flawed proposal
to include RFID tags in U.S. passports. The State Department is
reassessing the plan after receiving a storm of criticism from civil
liberties, security and privacy groups, including EPIC. Problems in the
passport proposal, which are also problems in the RFID-enabled I-94 form
proposal, include skimming and eavesdropping. Skimming occurs when
information from an RFID chip is surreptitiously gathered by an
unauthorized individual. Eavesdropping occurs when an individual
intercepts data as it is read by an authorized RFID reader. Tests have
shown that RFID tags can be read from thirty feet or more, posing a
significant risk of unauthorized access.

Another significant security risk inherent in the RFID proposal is that
of clandestine tracking. DHS itself has said that there is a risk that
the RFID tag "could be used to conduct surreptitious locational
surveillance of an individual; i.e., to use the presence of the tag to
follow an individual as he or she moves about in the U.S." Anytime a
visitor is carrying his I-94 RFID-enabled form, his unique
identification number, which is linked to his individual biographic
information, could be accessed by unauthorized individuals. So long as
the RFID tag can be read by unauthorized individuals, foreign visitors
could be identified as such merely because they carry an RFID-enabled
I-94 form.

EPIC has submitted a series of comments on database proposals undertaken
by the DHS regarding the development of the US-VISIT program. In
February 2004, we wrote to urge DHS to determine how it will apply
Privacy Act obligations to the program and to prohibit the expansion of
US-VISIT uses outside the program's defined mission. In November 2004,
we warned DHS that, in its continued implementation of US-VISIT, it must
evaluate the accuracy and security of its pilot program, and recognize a
right of judicial review for individuals adversely affected by the

EPIC's recent comments (in html and pdf):





EPIC's RFID page:


[6] News in Brief

EPIC Wins ABA Cyberspace Award

EPIC received the American Bar Association Cyberspace Law Excellence
Award at the annual ABA Conference in Chicago. The Award recognizes
substantial contributions to the development of the law of cyberspace
through scholarship, participation in the legislative process, or
litigation. EPIC was cited for addressing the challenge of security and
privacy "not in the heat of the moment or only in partisan arenas, but
deliberately, neutrally, and thoughtfully." The ABA Cyberspace Law
Committee said, "EPIC's efforts in this vein have served us all well."

ABA Cyberspace Law Committee:


Court Dismisses Privacy Lawsuit Against Jet Blue

A New York district court last week dismissed a nationwide class action
privacy lawsuit against JetBlue Airways, data aggregator Acxiom
Corporation, and government contractors SRS Technologies and Torch
Concepts. The suit was based on the transfer of passenger information
from JetBlue and Acxiom to Torch Concepts for a Pentagon data mining
study. JetBlue passengers argued that the disclosure of their personal
information without their knowledge or consent violated the Electronic
Communications Privacy Act, as well as state privacy laws and torts.
JetBlue admitted that the disclosure contradicted its publicly posted
privacy policy. The judge found, however, that the passengers did not
prove they were harmed by the disclosure, and were therefore not
entitled to damages. The passenger data disclosure led EPIC to file a
complaint with the Federal Trade Commission in 2003 arguing that the
passenger data transfers violated JetBlue and Acxiom's privacy policies,
and were therefore an unfair and deceptive trade practice. (See EPIC
Alert 10.20.) The Commission has not publicly announced a decision or
action in response to the complaint.

The decision (pdf):


EPIC's complaint to the Federal Trade Commission:


EPIC's Air Travel Privacy Page: 


Wiretap Mandates Extended to Broadband, Internet Telephony

Responding to a petition by federal law enforcement agencies, the
Federal Communications Commission has determined that the Communications
Assistance for Law Enforcement Act (CALEA) applies to broadband Internet
providers and Internet telephony. As a result, some providers of both
services will have to make their systems easier to wiretap. Passed in
1994, CALEA requires telecommunications providers to customize their
systems so that law enforcement can easily surveil wire and electronic
communications. The FCC order does not specify how service providers
must alter their systems, the amount of wiretapping that the systems
must accommodate, enforcement of the requirements, or the amount
providers will be reimbursed for wiretapping. Companies have 18 months
to comply with the mandate.

FCC Order (pdf):


EPIC's Comments to the FCC Opposing CALEA Expansion (pdf):


EPIC's Letter to the FCC Opposing CALEA Expansion:


British Government Embeds RFID Chips Into License Plates

The British government is preparing to test new high-tech license plates
containing Radio Frequency Identification chips capable of transmitting
unique vehicle identification numbers and other data to readers more
than 300 feet away. "A single reader can identify dozens of vehicles
fitted with an e-Plate moving at any speed at a distance of up to 100
metres [328 feet]," according to e-Plate manufacturer Hills
Numberplates. The RFID-enabled license plates can cost up to 10 times
more than regular plates. The British government will begin using them
later this year.

Hills Numberplates' E-Plates: 


EPIC's RFID page: 


Googling of Google's CEO Causes Consternation

According to CNET News, Google has blacklisted the entire news agency
because one of its reporters published an article that included
information on Google's CEO gleaned from the company's own search
engine. The article, by Elinor Mills, explored the difficult privacy
issues implicated by search engines, and began with a listing of
personal interests and basic biographical information about Google CEO
Eric Schmidt. Google's retaliation is interesting because the company
largely hasn't confronted the privacy implications of its own products.
The company manages privacy issues by claiming that it strictly follows
a "don't be evil" mantra. But "don't be evil" differs substantially from
"be good." And while Google itself avoids being "evil," users of its
tools and the steadily growing pot of publicly available personal
information, are not bound to such commandments.

CNET News Story on Google and Privacy:


EPIC's Page on Google Gmail:


[7] EPIC Bookstore: Sheldon Charrett's "Modern Identity Changer"

Sheldon Charrett, The Modern Identity Changer: How to Create a New
Identity for Privacy and Personal Freedom (Paladin Press, 2004)


"As governments worldwide have increased their stranglehold on the
personal information of ordinary citizens, advocates of new and
alternate identities have developed creative new methods and modes of
thinking to meet the challenge. Sheldon Charrett is a long-time fighter
for identity freedom, and now has taken the battle into the challenging
arena of the 21st century.

In this revised and updated edition of his best-selling book The Modern
Identity Changer, you will learn how to acquire a new identity, produce
the documents necessary to support it, and obtain residence, credit,
employment and banking privileges to enjoy it. Read all-new and expanded
information on:

-- evaluating the pros and cons of segmented ID change vs. total ID
-- creating alternate identity documents from scratch
-- working around the onerous new rules for mail drops and private
-- establishing real estate residence without ever signing a document
-- making your own notary embossing plate
-- interpreting, applying for, and using Social Security numbers

Besides getting Charrett’s latest solutions to Big Brother’s alarming
assaults on privacy, you will also benefit from reader feedback on the
first edition, with verified tips and tricks from the trenches in the
ongoing struggle to maintain our cherished freedoms."


EPIC Publications:

"Privacy & Human Rights 2004: An International Survey of Privacy Laws
and Developments" (EPIC 2004). Price: $50.

This survey, by EPIC and Privacy International, reviews the state of
privacy in more than sixty countries around the world.  The survey
examines a wide range of privacy issues including data protection,
passenger profiling, genetic databases, video surveillance, ID systems
and freedom of information laws.


"FOIA 2004: Litigation Under the Federal Open Government Laws," Harry
Hammitt, David Sobel and Tiffany Stedman, editors (EPIC 2004). Price:
$40. http://www.epic.org/bookstore/foia2004

This is the standard reference work covering all aspects of the Freedom
of Information Act, the Privacy Act, the Government in the Sunshine
Act, and the Federal Advisory Committee Act.  The 22nd edition fully
updates the manual that lawyers, journalists and researchers have
relied on for more than 25 years.  For those who litigate open
government cases (or need to learn how to litigate them), this is an
essential reference manual.


"The Public Voice WSIS Sourcebook: Perspectives on the World Summit on
the Information Society" (EPIC 2004). Price: $40.

This resource promotes a dialogue on the issues, the outcomes, and the
process of the World Summit on the Information Society (WSIS).  This
reference guide provides the official UN documents, regional and
issue-oriented perspectives, and recommendations and proposals for
future action, as well as a useful list of resources and contacts for
individuals and organizations that wish to become more involved in the
WSIS process.


"The Privacy Law Sourcebook 2003: United States Law, International Law,
and Recent Developments," Marc Rotenberg, editor (EPIC 2003). Price:
$40. http://www.epic.org/bookstore/pls2003

The "Physicians Desk Reference of the privacy world."  An invaluable
resource for students, attorneys, researchers and journalists who need
an up-to-date collection of U.S. and international privacy law, as well
as a comprehensive listing of privacy resources.


"Filters and Freedom 2.0: Free Speech Perspectives on Internet Content
Controls" (EPIC 2001). Price: $20.

A collection of essays, studies, and critiques of Internet content
filtering.  These papers are instrumental in explaining why filtering
threatens free expression.


"The Consumer Law Sourcebook 2000: Electronic Commerce and the Global
Economy," Sarah Andrews, editor (EPIC 2000). Price: $40.

The Consumer Law Sourcebook provides a basic set of materials for
consumers, policy makers, practitioners and researchers who are
interested in the emerging field of electronic commerce.  The focus is
on framework legislation that articulates basic rights for consumers
and the basic responsibilities for businesses in the online economy.


"Cryptography and Liberty 2000: An International Survey of Encryption
Policy," Wayne Madsen and David Banisar, authors (EPIC 2000). Price:
$20.  http://www.epic.org/bookstore/crypto00&

EPIC's third survey of encryption policies around the world.  The
results indicate that the efforts to reduce export controls on strong
encryption products have largely succeeded, although several
governments are gaining new powers to combat the perceived threats of
encryption to law enforcement.


EPIC publications and other books on privacy, open government, free
expression, crypto and governance can be ordered at:

      EPIC Bookstore

      "EPIC Bookshelf" at Powell's Books


EPIC also publishes EPIC FOIA Notes, which provides brief summaries
of interesting documents obtained from government agencies under the
Freedom of Information Act.

      Subscribe to EPIC FOIA Notes at:

[8] Upcoming Conferences and Events

Access to Information: Analyzing the State of the Law.  Riley
Information Services.  September 8, 2005.  Ottawa, Ontario.  For more
information: http://www.rileyis.com/seminars/

5th Annual Future of Music Policy Summit.  Future of Music Coalition.
September 11-13, 2005.  Washington DC.  For more information:

Conference On Passenger Facilitation & Immigration: Newest trends in
achieving a seamless experience in air travel International Air
Transport Association (IATA) and Singapore Aviation Academy (SAA)
October 3-5, 2005 Singapore Aviation Academy. For more information:

Access & Privacy Workshop 2005: Toolkit For Change. Ontario Ministry of
Government Service’s Access & Privacy Office. October 6- 7, 2005.
Toronto, Ontario. For more information:

Public Voice Symposium: "Privacy and Data Protection in Latin America -
Analysis and Perspectives."  Launch of the first Spanish version of
"Privacy and Human Rights."  October 20-21, 2005, Auditorio Alberto
Lleras Camargo de la Universidad de los Andes, Bogota, Colombia.
Organizers: Electronic Privacy Information Center (EPIC), Grupo de
Estudios en Internet, Comercio Electrónico, Telecomunicaciones e
Informática (GECTI), Law School of the Universidad de los Andes, Bogota,
Colombia, Computer Professional for Social Responsibility-Peru
(CPSR-Perú). For more information:

6th Annual Privacy and Security Workshop. Centre for Innovation Law and
Policy (University of Toronto) and the Center for Applied Cryptographic
Research (University of Waterloo). November 3-4, 2005. University of
Toronto. For more information:

The World Summit on the Information Society.  Government of Tunisia.
November 16-18, 2005.  Tunis, Tunisia.  For more information:

Internet Corporation For Assigned Names and Numbers (ICANN) Meeting.
November 30-December 4, 2005.  Vancouver, Canada.  For more
information: http://www.icann.org

Subscription Information

Subscribe/unsubscribe via web interface:


Back issues are available at:


The EPIC Alert displays best in a fixed-width font, such as Courier.

Privacy Policy

The EPIC Alert mailing list is used only to mail the EPIC Alert and to
send notices about EPIC activities.  We do not sell, rent or share our
mailing list.  We also intend to challenge any subpoena or other legal
process seeking access to our mailing list.  We do not enhance (link to
other databases) our mailing list or require your actual name.

In the event you wish to subscribe or unsubscribe your e-mail address
from this list, please follow the above instructions under
"subscription information."

About EPIC

The Electronic Privacy Information Center is a public interest research
center in Washington, DC.  It was established in 1994 to focus public
attention on emerging privacy issues such as the Clipper Chip, the
Digital Telephony proposal, national ID cards, medical record privacy,
and the collection and sale of personal information. EPIC publishes the
EPIC Alert, pursues Freedom of Information Act litigation, and conducts
policy research.  For more information, see http://www.epic.org or
write EPIC, 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009.
+1 202 483 1140 (tel), +1 202 483 1248 (fax).

If you'd like to support the work of the Electronic Privacy Information
Center, contributions are welcome and fully tax-deductible.  Checks
should be made out to "EPIC" and sent to 1718 Connecticut Ave., NW,
Suite 200, Washington, DC 20009.  Or you can contribute online at:


Your contributions will help support Freedom of Information Act and
First Amendment litigation, strong and effective advocacy for the right
of privacy and efforts to oppose government regulation of encryption
and expanding wiretapping powers.

Thank you for your support.

------------------------- END EPIC Alert 12.16 -------------------------