EPIC logo

                             E P I C  A l e r t
Volume 12.17                                             August 25, 2005

                             Published by the
                Electronic Privacy Information Center (EPIC)
                             Washington, D.C.


Table of Contents

[1] EPIC Testifies Before the U.S. Election Assistance Commission
[2] Victory for Internet Privacy: Email Interception Decision Reversed
[3] FTC Ends Experian "Free" Credit Report Bait and Switch
[4] Justice Appropriations Bill Would Create Privacy Office, Task Force
[5] Florida Committee Recommends Regulation of Data Brokers
[6] News in Brief
[7] EPIC Bookstore: Geoffrey Stone's "Perilous Times"
[8] Upcoming Conferences and Events

[1] EPIC Testifies Before the U.S. Election Assistance Commission

The U.S. Election Assistance Commission held the third and final public
hearing Wednesday in Denver, Colo., on the draft Voluntary Voting System
Guidelines. The commission is nearing the end of a process began last
year, which is intended guide the design of voting systems used in
public elections.

EPIC and the National Committee for Voting Integrity (NCVI)
have worked with civil rights groups, voting rights groups and
technologists to increase awareness of the threats to elections posed by
unauditable election technology. EPIC Associate Director Lillie Coney
testified before the commission and urged its members to promote
reliable, secure, accessible, transparent, accurate, and auditable
public elections.

EPIC urged the Commission to stress in the guidance strong support of
open government procedures that allow public access to the election
administration process. EPIC also urged the Commission to include
guidance that addresses the need to minimize and, wherever possible,
eliminate the threat to voters' privacy, including that of absentee

The Commission was also urged to ban the use of infrared technology in
voting systems, or to at least establish safeguards if the technology
was used because of the security risks involved. EPIC also recommended
that the Commission direct the states to prepare realistic contingency
plans in the event of electronic voting system failures that jeopardize
the completion of the election process.

Post-election analysis of 2000 and 2004, and legal challenges, which
followed these presidential elections, have identified many obstacles to
reliable public election. These include problems with: voter
registration, voter roll purges, poll place practices, accessible
polling locations, and voting technology, usability of voting
mechanisms, absentee ballot problems, and vote tabulation. Between 4 and
6 million voters were disenfranchised by the public election process in

EPIC's testimony:


EPIC's Voting page:


National Committee for Voting Integrity:


[2] Victory for Internet Privacy: E-mail Interception Decision Reversed

In a 5-2 decision, the full Court of Appeals for the First Circuit has
ruled in United States v. Councilman that the interception of e-mail
temporarily stored while en route to its final destination violates
federal wiretap law.

The holding reversed a three-judge panel's earlier ruling that an e-mail
service provider did not violate the law by acquiring users' incoming
e-mails without their knowledge or consent to gain a commercial
advantage over a competitor. Because the e-mails were not actually in
wires or cables between computers when accessed, but were instead
temporarily stored on the service provider's computer system, the panel
had found the e-mails could not have been "intercepted" in violation of
wiretap law.

The First Circuit decided to rehear the case last fall. EPIC joined
with other civil liberties groups to file a "friend of the court" brief
supporting the reversal of the panel's decision. Senator Patrick Leahy
and a group of technical experts also submitted briefs arguing in favor
of electronic communications privacy.

Judge Kermit V. Lipez, writing for the majority of the full First
Circuit, concluded that the federal Wiretap Act's definition of an
electronic communication that can be intercepted under the law "includes
transient electronic storage that is intrinsic to the communication
process for such communications." However, the court stopped short of
deciding whether an electronic communication can be intercepted within
the meaning of the law "after a message has crossed the finish line of

Writing in dissent, Judge Juan Torruella argued that the service
provider did not violate the law: "the Wiretap Act's prohibition on
intercepting electronic communications does not apply when they are
contained in electronic storage, whether such storage occurs pre- or
post-delivery, and even if the storage lasts only a few milliseconds."
He also asserted that if an e-mail service provider "intercept[s] its
customers' messages in breach of a privacy agreement, the remedy lies in
contract, not in the Wiretap Act."

United States v. Councilman (1st Cir. Aug. 11, 2005) (pdf):


Amicus brief of civil liberties groups (pdf):


Amicus brief of technical experts (pdf):


EPIC's United States v. Councilman Page:


[3] FTC Ends Experian "Free" Credit Report Bait and Switch

The Federal Trade Commission has settled a complaint against credit
reporting agency Experian for operating a Web site that offered "free"
credit reports but instead signed consumers up for expensive credit
monitoring services. The company must change representations on its Web
site, give refunds to certain individuals who used the site between 2000
and 2003, and disgorge almost $1 million received in the bait and switch

Individuals who want their free credit reports can obtain them from
www.annualcreditreport.com, the site established by Congress to provide
three reports per year at no cost to the consumer, or by calling
1-877-322-8228. (By requesting a report by phone instead of online, one
avoids providing the consumer reporting agencies with superfluous
information, such as e-mail addresses.) Also, instead of purchasing
expensive credit monitoring services, consumers can monitor their credit
themselves by staggering their requests for free credit reports so as to
obtain one every four months.

EPIC filed a complaint against Experian with the FTC in September 2003,
arguing that television commercials and the company's site "locks
consumers into a high-cost, long-term subscription service without
adequate notice of the terms of service, including opt-out procedures."
Separately, the World Privacy Forum published a report showing that
hundreds of Web sites had been registered to take advantage of consumers
who misspelled the Web address of the official site for free credit
reports. The FTC has sent letters to the owners of 130 Web sites
informing them that it is illegal to mislead consumers into thinking
that they have reached the official free site.

Although unaddressed by the FTC, EPIC also argued that the credit
monitoring services marketed by Experian should be free to consumers
under the Fair Credit Reporting Act (FCRA).  The FCRA requires consumer
reporting agencies to protect the security of credit reports, and ensure
that procedures are followed to ensure "maximum possible accuracy" of
credit reports.

FTC Settlement with Experian:


EPIC Complaint In Re Experian:


World Privacy Forum Reports on Free Credit Report Sites:


[4] Justice Appropriations Bill Would Create Privacy Office, Task Force

The House Judiciary Committee has approved a Justice Department
authorization bill that would create a privacy office and privacy task
force, as well as require that the Department ensure it maintains
personal information in compliance with fair information practices and
existing privacy law.

The proposed legislation would require that the Attorney General appoint
a privacy officer to ensure, among other things, that the Justice
Department's "use of technologies sustain, and do not erode, privacy
protections relating to the use, collection and disclosure of personally
identifiable information." In addition, the officer would ensure that
the Justice Department handles personal information in accordance with
fair information practices. The privacy officer would also be tasked
with assessing the implications of the Justice Department's proposed
rules that involve personally identifiable information, and reporting to
Congress annually on "activities of the Department that affect privacy."
The privacy officer would not, however, be vested with investigative
powers or the authority to initiate enforcement actions for privacy

The Justice Department appropriations bill would also require the
Attorney General to establish a task force to "report on policies,
procedures, and technological issues that may affect the privacy and
confidentiality of victims of domestic violence, dating violence,
stalking and sexual assault." The task force would be charged with
developing a model of best practices to protect the personal information
of such victims from being released and used in ways that could endanger
them. The bill would fund the task force with $1,000,000 for each of the
fiscal years 2006 through 2009.

Additionally, the bill would require the Department to conduct a review
to ensure that its handling of personal information complies with
federal privacy laws, and to improve the "accuracy, quality, timeliness,
immediate accessibility and integration of state criminal history and
related records."

H.R. 3402: Department of Justice Appropriations Authorization Act:


[5] Florida Committee Recommends Regulation of Data Brokers

A committee convened by Florida's Supreme Court has made several
recommendations to promote access to public records while shielding
personal information contained within them. The first recommendation,
which passed unanimously, urged the Florida legislature and Congress to
comprehensively regulate commercial data brokers. The committee proposed
that "the Florida Legislature enact laws that effectively protect the
interests of Floridians regarding personal information in the possession
of state agencies and data companies. Regulation should go beyond
requiring consumer notification of an improper release of information,
and should define the rights of consumers, the responsibilities of data
companies, remedies for violations, and an effective enforcement system."

Florida's Committee on  Privacy and Court Records recommended
protections at the federal level that do not preempt or supercede the
ability of the states to pass laws that concern commercial data brokers.
The group also recommended that the courts allow anonymous access to
records, and that courts minimize the amount of information they collect
from individuals.

Many of these positions were recommended by EPIC in a submission that
argued that Florida residents are the most profiled in the nation
because the state pours personal information into public records
indiscriminately. EPIC's submission included documents obtained under
the Freedom of Information Act showing prices for data sold by
Choicepoint on Florida residents to the Drug Enforcement Agency.

Also notable was a letter from Choicepoint to the committee in which the
company claimed that its practices were adequate to address risks to
privacy and security. The letter, dated October 29, 2004, read in part:
"ChoicePoint controls access to its database by requiring every customer
to fill out an application . . . . We then verify the information
provided to us. . . . We believe these safeguards are effective
protection against the misuse of information in our databases . . . ."
According to a Choicepoint filing at the Securities and Exchange
Commission, the company had discovered its security breach on September
27, 2004, a month before the letter to the committee was sent. That
breach involved Choicepoint's sale of the personal information of
145,000 people to an identity theft ring.

Report on Privacy of Trial Court Records:


EPIC Submission to the Committee (pdf):


EPIC's Choicepoint page:


[6] News in Brief

Millions of Americans and Britons Choose to Block Telemarketers' Calls

The Federal Trade Commission announced this week that the National Do
Not Call Registry has topped 100 million phone numbers. The registry
began accepting phone numbers more than two years ago. Also this week,
British Telecom announced that one million households have signed up to
its free privacy service. People are registering at a rate of 30,000 per
day, the company said. The service, launched in mid-July, gives free
caller display and registers BT customers with the Telephone Preference
Service - thereby filtering out around 90% of unsolicited marketing

EPIC's Do Not Call page:


Report: Many American Companies Misuse Customer Data Gathered Online

A new report has determined that many major American companies misuse
consumer information they collect through the Internet. The Customer
Respect Group's 2005 Privacy Report analyzed 464 corporate Web sites,
and found that 72 percent of those companies had "poor" policies
concerning reusing personal data for marketing purposes. The worst
performer was the pharmaceutical and health care industry.

Customer Respect Group's site:


EPIC's Privacy and Consumer Profiling page:


Court: No Fourth Amendment Violation in AOL Subscriber Info Case

A federal court judge recently ruled that two police detectives did not
violate a man's rights under the Fourth Amendment when they submitted a
warrant without a judge's signature to America Online while
investigating allegedly threatening e-mails Freedman sent anonymously.
AOL provided the officers with Clifton Freedman's name, address, phone
numbers, and various pieces of information relating to his account.
Judge Peter C. Dorsey also stated that a jury must decide other claims
in Freedman's civil suit against the town of Fairfield, Conn.,
including: whether Freedman's right to free speech was violated, whether
the detectives violated Freedman's right to privacy by improperly
obtaining his Internet subscriber information, and whether the town
should be held liable for the actions of its employees.

Web site of the U.S. District Court of the District of Connecticut:


Man Who Took Photo Up Woman's Skirt Did Not Violate Privacy, Court Finds

A man who took a photo by aiming his cell phone camera up a woman's
skirt was acquitted of invasion of privacy this week. A Pennsylvania
judge did find the man guilty of disorderly conduct. The man faces a
maximum term of a year in prison and a $2,500 fine. The judge said that
Pennsylvania's privacy statute, last revised in 1998, did not anticipate
camera phones and does not have provisions barring the man's actions.
There is a bill pending in the state legislature to close this loophole
in the privacy law.

[7] EPIC Bookstore: Geoffrey Stone's "Perilous Times"

Geoffrey Stone, Perilous Times: Free Speech in Wartime from The
Sedition Act of 1798 to The War on Terrorism (Norton & Co., 2004)


"Geoffrey Stone's Perilous Times incisively investigates how the First
Amendment and other civil liberties have been compromised in America
during wartime. Stone delineates the consistent suppression of free
speech in six historical periods from the Sedition Act of 1798 to the
Vietnam War, and ends with a coda that examines the state of civil
liberties in the Bush era. Full of fresh legal and historical insight,
Perilous Times magisterially presents a dramatic cast of characters who
influenced the course of history over a two-hundred-year period: from
the presidents —- Adams, Lincoln, Wilson, Roosevelt, and Nixon —- to the
Supreme Court justices -— Taney, Holmes, Brandeis, Black, and Warren
-—to the resisters —- Clement Vallandingham, Emma Goldman, Fred
Korematsu, and David Dellinger. Filled with dozens of rare photographs,
posters, and historical illustrations, Perilous Times is resonant in its
call for a new approach in our response to grave crises."


EPIC Publications:

"Privacy & Human Rights 2004: An International Survey of Privacy Laws
and Developments" (EPIC 2004). Price: $50.

This survey, by EPIC and Privacy International, reviews the state of
privacy in more than sixty countries around the world.  The survey
examines a wide range of privacy issues including data protection,
passenger profiling, genetic databases, video surveillance, ID systems
and freedom of information laws.


"FOIA 2004: Litigation Under the Federal Open Government Laws," Harry
Hammitt, David Sobel and Tiffany Stedman, editors (EPIC 2004). Price:
$40. http://www.epic.org/bookstore/foia2004

This is the standard reference work covering all aspects of the Freedom
of Information Act, the Privacy Act, the Government in the Sunshine
Act, and the Federal Advisory Committee Act.  The 22nd edition fully
updates the manual that lawyers, journalists and researchers have
relied on for more than 25 years.  For those who litigate open
government cases (or need to learn how to litigate them), this is an
essential reference manual.


"The Public Voice WSIS Sourcebook: Perspectives on the World Summit on
the Information Society" (EPIC 2004). Price: $40.

This resource promotes a dialogue on the issues, the outcomes, and the
process of the World Summit on the Information Society (WSIS).  This
reference guide provides the official UN documents, regional and
issue-oriented perspectives, and recommendations and proposals for
future action, as well as a useful list of resources and contacts for
individuals and organizations that wish to become more involved in the
WSIS process.


"The Privacy Law Sourcebook 2003: United States Law, International Law,
and Recent Developments," Marc Rotenberg, editor (EPIC 2003). Price:
$40. http://www.epic.org/bookstore/pls2003

The "Physicians Desk Reference of the privacy world."  An invaluable
resource for students, attorneys, researchers and journalists who need
an up-to-date collection of U.S. and international privacy law, as well
as a comprehensive listing of privacy resources.


"Filters and Freedom 2.0: Free Speech Perspectives on Internet Content
Controls" (EPIC 2001). Price: $20.

A collection of essays, studies, and critiques of Internet content
filtering.  These papers are instrumental in explaining why filtering
threatens free expression.


"The Consumer Law Sourcebook 2000: Electronic Commerce and the Global
Economy," Sarah Andrews, editor (EPIC 2000). Price: $40.

The Consumer Law Sourcebook provides a basic set of materials for
consumers, policy makers, practitioners and researchers who are
interested in the emerging field of electronic commerce.  The focus is
on framework legislation that articulates basic rights for consumers
and the basic responsibilities for businesses in the online economy.


"Cryptography and Liberty 2000: An International Survey of Encryption
Policy," Wayne Madsen and David Banisar, authors (EPIC 2000). Price:
$20.  http://www.epic.org/bookstore/crypto00&

EPIC's third survey of encryption policies around the world.  The
results indicate that the efforts to reduce export controls on strong
encryption products have largely succeeded, although several
governments are gaining new powers to combat the perceived threats of
encryption to law enforcement.


EPIC publications and other books on privacy, open government, free
expression, crypto and governance can be ordered at:

      EPIC Bookstore

      "EPIC Bookshelf" at Powell's Books


EPIC also publishes EPIC FOIA Notes, which provides brief summaries
of interesting documents obtained from government agencies under the
Freedom of Information Act.

      Subscribe to EPIC FOIA Notes at:

[8] Upcoming Conferences and Events

Canada-Australia Comparative IP & Cyberlaw Conference. University of
Ottawa. September 30 and October 1, 2005. Ottawa, Ontario. For more
http://web5.uottawa.ca/techlaw/symposium.php?idnt=107&v=&c=&b= Access to Information: Analyzing the State of the Law. Riley Information Services. September 8, 2005. Ottawa, Ontario. For more information: http://www.rileyis.com/seminars/ 5th Annual Future of Music Policy Summit. Future of Music Coalition. September 11-13, 2005. Washington DC. For more information: http://www.futureofmusic.org/events/summit05 Conference On Passenger Facilitation & Immigration: Newest trends in achieving a seamless experience in air travel International Air Transport Association (IATA) and Singapore Aviation Academy (SAA) October 3-5, 2005 Singapore Aviation Academy. For more information: http://www.saa.com.sg/conf_pax_fac Access & Privacy Workshop 2005: Toolkit For Change. Ontario Ministry of Government Service’s Access & Privacy Office. October 6- 7, 2005. Toronto, Ontario. For more information: http://www.governmentevents.ca/apw2005/ Public Voice Symposium: "Privacy and Data Protection in Latin America - Analysis and Perspectives." Launch of the first Spanish version of "Privacy and Human Rights." October 20-21, 2005, Auditorio Alberto Lleras Camargo de la Universidad de los Andes, Bogota, Colombia. Organizers: Electronic Privacy Information Center (EPIC), Grupo de Estudios en Internet, Comercio Electrónico, Telecomunicaciones e Informática (GECTI), Law School of the Universidad de los Andes, Bogota, Colombia, Computer Professional for Social Responsibility-Peru (CPSR-Perú). For more information: http://www.thepublicvoice.org/events/bogota05/default.html. 6th Annual Privacy and Security Workshop. Centre for Innovation Law and Policy (University of Toronto) and the Center for Applied Cryptographic Research (University of Waterloo). November 3-4, 2005. University of Toronto. For more information: http://www.cacr.math.uwaterloo.ca/conferences/2005/psw/announcement.html The World Summit on the Information Society. Government of Tunisia. November 16-18, 2005. Tunis, Tunisia. For more information: http://www.itu.int/wsis Internet Corporation For Assigned Names and Numbers (ICANN) Meeting. November 30-December 4, 2005. Vancouver, Canada. For more information: http://www.icann.org ====================================================================== Subscription Information ====================================================================== Subscribe/unsubscribe via web interface: https://mailman.epic.org/cgi-bin/mailman/listinfo/epic_news Back issues are available at: http://www.epic.org/alert The EPIC Alert displays best in a fixed-width font, such as Courier. ======================================================================== Privacy Policy ======================================================================== The EPIC Alert mailing list is used only to mail the EPIC Alert and to send notices about EPIC activities. We do not sell, rent or share our mailing list. We also intend to challenge any subpoena or other legal process seeking access to our mailing list. We do not enhance (link to other databases) our mailing list or require your actual name. In the event you wish to subscribe or unsubscribe your e-mail address from this list, please follow the above instructions under "subscription information." ======================================================================== About EPIC ======================================================================== The Electronic Privacy Information Center is a public interest research center in Washington, DC. It was established in 1994 to focus public attention on emerging privacy issues such as the Clipper Chip, the Digital Telephony proposal, national ID cards, medical record privacy, and the collection and sale of personal information. EPIC publishes the EPIC Alert, pursues Freedom of Information Act litigation, and conducts policy research. For more information, see http://www.epic.org or write EPIC, 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009. +1 202 483 1140 (tel), +1 202 483 1248 (fax). If you'd like to support the work of the Electronic Privacy Information Center, contributions are welcome and fully tax-deductible. Checks should be made out to "EPIC" and sent to 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009. Or you can contribute online at: http://www.epic.org/donate Your contributions will help support Freedom of Information Act and First Amendment litigation, strong and effective advocacy for the right of privacy and efforts to oppose government regulation of encryption and expanding wiretapping powers. Thank you for your support. ------------------------- END EPIC Alert 12.17 ------------------------- .