EPIC logo

                           E P I C  A l e r t
Volume 13.01                                            January 12, 2006

                            Published by the
               Electronic Privacy Information Center (EPIC)
                            Washington, D.C.


Table of Contents
[1] Gore to Speak About Domestic Spy Program at Constitution Hall
[2] National Security Agency Domestic Spying Revealed
[3] EPIC Obtains Papers on Intelligence Misconduct, Files Suit for More
[4] EPIC Continues Fight Against Sony Spyware
[5] Troubling Provisions Tacked on to Violence Against Women Act
[6] News in Brief
[7] EPIC Bookstore:
[8] Upcoming Conferences and Events

[1] Gore to Speak About Domestic Spy Program at Constitution Hall

Former Vice President Al Gore will give a speech addressing the
constitutional crisis caused by the National Security Agency's domestic
eavesdropping program and its implications for the rule of law, the
separation of powers, and Americans' constitutional rights at
Constitution Hall, on Monday, January 16. The event is sponsored by The
Liberty Coalition and the American Constitution Society. Mr. Gore will
be introduced by former U.S. Representative Bob Barr (R-GA), chairman of
Patriots to Restore Checks and Balances.

The former Vice President's speech comes amid growing concern about the
legal basis put forward for President's Bush's domestic surveillance
program. A December 22, 2005 letter from the Department of Justice to
members of the House and Senate Intelligence Committees offered a "brief
summary of the legal authority supporting the NSA activities described
by the President." The letter contends that the President has the
authority to "order foreign intelligence surveillance within the United
States . . . ." The Justice Department further said, "The President's
constitutional authority to direct the NSA to conduct the activities he
described is supplemented by statutory authority under the AUMF
[Authorized Use of Military Force resolution, passed by Congress,
September 18, 2001]." And the Justice Department stated that the "The
President's authorization of targeted electronic surveillance by the NSA
is also consistent with the Foreign Intelligence Surveillance Act

However, an extensive analysis by the non-partisan Congressional
Research Service questioned the Department of Justice assessment. The
CRS report concluded that the Congress expressly intended for the
government to seek warrants from a special Foreign Intelligence
Surveillance Court before engaging in such surveillance when it passed
legislation creating the court in 1978. The report also concluded that
Bush's assertion that Congress authorized such eavesdropping to detect
and fight terrorists does not appear to be supported by the special
resolution that Congress approved after the Sept. 11, 2001, terrorist
attacks, which focused on authorizing the president to use military
force. "It appears unlikely that a court would hold that Congress has
expressly or impliedly authorized the NSA electronic surveillance
operations here," the authors of the CRS report wrote. The
administration's legal justification "does not seem to be . . .
well-grounded," the CRS report said.

A letter from legal scholars and former government officials reached a
similar conclusion. The letter states:

  Although the program's secrecy prevents us from being privy to
  all of its details, the Justice Department's defense of what it
  concedes was secret and warrantless electronic surveillance of
  persons within the United States fails to identify any plausible
  legal authority for such surveillance.  Accordingly the program
  appears on its face to violate existing law.

Vice President Gore's speech will begin at 12 noon on Monday, January 16.

Liberty Coalition


American Constitution Society


Patriots to Restore Checks and Balances


Registration for Event (Liberty Coalition)


Justice Department Defense of Domestic Surveillance Program (pdf):


Congressional Research Service Analysis of Domestic Surveillance Program


Legal Scholars' Analysis of Domestic Surveillance Program


[2] National Security Agency Domestic Spying Revealed

Last month, President Bush admitted that he secretly issued an executive
order in 2002 that authorized the National Security Agency to conduct
warrantless surveillance of international telephone and Internet
communications on American soil.

Government officials have refused to give details about the program,
saying such disclosures could harm national security. However, the New
York Times has reported that the NSA conducted warrantless surveillance
on as many as 500 people inside the United States at any given time, and
that thousands of people within the country may have been monitored
since the operation began. President Bush has said that the
surveillance will continue.

The program operates outside the bounds set by the Foreign Intelligence
Surveillance Act, which was passed after the Watergate scandal to
establish a legal basis for foreign intelligence surveillance within the
United States. Since the NSA program became public, Judge James
Robertson has resigned from the Foreign Intelligence Surveillance Court,
which reviews applications and grants orders for foreign intelligence
gathering. Robertson's resignation was reportedly in protest of the NSA

In related news, EPIC has obtained the first Freedom of Information Act
documents about the controversial program. The documents include two
internal messages from the agency's director to staff defending the
NSA's activities and discouraging employees from discussing the issue
with the news media. In the second of those messages, Keith B.
Alexander, the Director of the NSA, wrote:

   The President authorized NSA to execute this program consistent
   with U.S. law and our Constitution. To guarantee adherence to the
   law the authorization has been reviewed over thirty times,
   approximately every forty-five days, since inception. The 
   authorization and the operation were reviewed and deemed legal by 
   the previous and current Attorneys General . . .

EPIC awaits additional documents from the agency.

Transcript of President's Radio Address on NSA Surveillance:


EPIC's Foreign Intelligence Surveillance Act Page:


NSA, FAQ on Signals Intelligence:


EPIC FOIA Documents on NSA Surveillance (pdf):


[3] EPIC Obtains Papers on Intelligence Misconduct, Files Suit for More

EPIC has obtained new documents through its ongoing Freedom of
Information Act litigation that provide new details about unlawful
government intelligence activities.  Among other things, the heavily
redacted FBI reports describe agent misconduct while monitoring
electronic communications, including improper e-mail collection and
eavesdropping on the wrong person's telephone calls.

The FBI released the documents in response to an EPIC request filed in
March, which asked for information about the Bureau's use of PATRIOT Act
provisions that were set to expire on December 31, 2005. In April, EPIC
sued in federal court to force the FBI to release the information while
Congress considered renewing the expiring provisions. However, Congress
recently extended the deadline an additional five weeks to continue
debate on the PATRIOT Act.

The new documents supplement other reports of apparent intelligence
misconduct that EPIC obtained in October. Those documents described
Bureau investigations conducted for months without proper reporting or
oversight, an FBI agent's seizure of financial records in violation of
federal privacy law, and an unidentified intelligence agency's unlawful
physical search.

This week, EPIC filed a second suit against the Department of Justice
for additional information about possible misconduct reported to the
Intelligence Oversight Board by the FBI. EPIC is also seeking documents
from the Attorney General about possible misconduct within the
intelligence community, as well as responses to such reports. Judge
Colleen Kollar-Kotelly, the head of the Foreign Intelligence
Surveillance Court, has been assigned to the case.

EPIC FOIA documents on possible intelligence abuses:


EPIC's FOIA request (pdf):


EPIC complaint against the Department of Justice (pdf):


[4] EPIC Continues Fight Against Sony Spyware

EPIC continues to work towards ensuring the privacy of music buyers,
even as consumers in a New York-based class action lawsuit reach a
preliminary settlement agreement with Sony BMG. The lawsuit arose from
Sony's practice of selling CDs that installed dangerous software onto
users' computers.

Many Sony CDs, encumbered with "digital rights management" ("DRM")
software to prevent copying, also created security holes that would let
virus writers hide files on affected computers, or allow guest users
unlimited access to a computer's workings. The programs also acted as
spyware, reporting the IP addresses and listening habits of users to
Sony and affiliated companies.

The preliminary settlement, announced in late December and approved by a
judge on January 6, promises an exchange program for the affected CDs,
and promises not to use the flawed programs in the future.  However, its
terms on the collection of personal information are less promising. Sony
generally denies that its programs have collected personal information,
as the company claims that IP addresses and consumers' listening habits
are not "personal data."

EPIC, which filed a separate suit against Sony in the District of
Columbia for its misrepresentations regarding the spyware aspects of its
DRM programs, has raised these objections with Sony and will continue to
work on these issues until its concerns are addressed.  Specifically,
EPIC notes that tracking users' IP addresses and listening habits is an
invasion of privacy that, despite Sony's claims, can be used to identify
individual users.  EPIC also in concerned that the settlement agreement
does not prevent Sony from using deceptive practices to collect personal
information from users while claiming that users have "consented" to
having their privacy invaded. The settlement agreement also expressly
allows Sony to collect information "necessary to provide enhanced CD
functionality," as well as aggregated data from users.

EPIC's Complaint in EPIC v. Sony BMG (pdf):


[5] Troubling Provisions Tacked on to Violence Against Women Act

The reauthorization of the Violence Against Women Act, enacted to combat
the critical problems of domestic violence and stalking, was signed into
law on January 5. However, the law also expanded the collection of
individuals' DNA for a federal database and may chill anonymous online

Title X of the reauthorization bill allows law enforcement to collect
the DNA of anyone arrested and store the DNA in a federal database. (See
EPIC Alert 12.20, News in Brief.) Those who are not U.S. citizens or
permanent residents can also have their DNA collected and stored any
time they are detained under U.S. authority. This greatly expands the
number of people who have their DNA catalogued by the FBI's database, as
the previous law only allowed the collection of DNA from people
convicted, indicted, or charged with crimes.

Another problematic provision potentially threatens the ability to send
anonymous communications over the Internet. Section 113 of the Act,
entitled "Preventing Cyberstalking," broadens an anti- telephone
harassment law by applying it to Internet communications. The law
originally prohibited calling someone anonymously "with the intent to
annoy, abuse, threaten, or harass" someone. The new provision prohibits
anonymously contacting someone over the Internet with the intent to
annoy, abuse, threaten, or harass them. While the change appears to be
an attempt to close loopholes that stalkers could exploit, such as using
voice-over-IP to harass a victim, the new provision, if read broadly,
could criminalize web pages or blogs that criticize, lampoon, or
otherwise "annoy" someone.

Text of the Violence Against Women and Department of Justice
Reauthorization Act of 2005 (pdf):


EPIC's Genetic Privacy Page:


EPIC's Free Speech Page:


[6] News in Brief

Chicago Police Highlight Illegal Phone Records Sales; States Take Action

The Chicago Police Department has warned officers that their telephone
calling records may be purchased by others, according to reporting in
the Chicago Sun-Times. Online data brokers and private investigators
offer "phone breaks" over the Internet, where for a $150 fee, one can
purchase the wireless or wireline phone calling records of another
person. These records are obtained through "pretexting," the practice of
impersonating the account holder in order to fool a company into
releasing records. Officials in several states are taking action to
protect phone records. Illinois Governor Blagojevich proposed
legislation to broadly prohibit pretexting.

EPIC has filed a complaint with the Federal Trade Commission identifying
40 websites that offer to sell phone records, and has filed a petition
with the Federal Communications Commission to require phone companies to
enhance their security safeguards.

To protect your phone record, be sure that your phone account is in your
name.  If another person is paying for the account, they may have the
authority to view the account records.  To prevent pretexting, call your
phone company and place a password on the account.  Requiring a password
for account access will reduce the risk that phone records will be

EPIC Resources on Illegal Sale of Phone Records:


Illinois Governor Press Release on Pretexting:


EPIC Speaks at Town Hall on Domestic Surveillance

EPIC Executive Director Marc Rotenberg spoke with Rep. Ed Markey (D-MA)
and Carol Rose of the ACLU at an Emergency Town Hall Meeting at the
National Heritage Museum in Lexington, Mass. Rep. Markey called the
meeting to address the Bush Administration's Program on Domestic
Surveillance. The panel addressed eight myths of the program. More than
500 people attended.

Rep. Markey's Page:


EPIC Comments on Proposed IRS Database

In December, the Internal Revenue Service proposed rules exempting a new
database of non-profit organization investigations from federal privacy
law requirements.  Specifically, the IRS proposed that its data could be
irrelevant and unnecessary to the agency's purpose, and that individuals
would be prevented from accessing information kept about them in the
database. In comments filed with the agency, EPIC highlighted the
constitutional importance of privacy in associational rights, and urged
the IRS not to pursue the exceptions. EPIC noted that these provisions
would not interfere with the agency's ability to conduct investigations,
especially if individuals were allowed access to information after
investigations were complete.

IRS's Proposed System of Records:


IRS's Proposed Exemption from Privacy Act Requirements:


EPIC's Comments (pdf):


EPIC's Privacy Act of 1974 Page:


Supreme Court Lets University Anti-Spam Policy Stand

On January 9, the Supreme Court refused to hear a case on whether or not
the University of Texas could prevent spam from reaching its students.
The Supreme Court's decision means that the University remains free to
block the emails, since the 5th Circuit Court of Appeals held that the
anti-spam policy was permissible in a ruling issued in August. The
plaintiff spammer had argued that the university's policy was an
unconstitutional restriction on speech and also preempted by the federal
CAN-SPAM Act. The 5th Circuit decision rejected both these arguments.

5th Circuit's decision in White Buffalo Ventures v. Univ. of Texas


EPIC's Spam page:


Polls Show Increasing Skepticism of Government Surveillance 

Two polls show increased concern over privacy and surveillance in
America. A Washington Post / ABC News poll showed that two out of three
Americans believed that federal agencies are intruding on personal
privacy in their anti-terrorism activities. About a third of Americans
believe that it is more important for the federal government to not
intrude on personal privacy than it is to investigate possible terrorist
threats, up 11 percent from 2003 and up 14 percent from 2002. Members of
both parties share concern over privacy rights, with both Republicans
and Democrats fearing that privacy rights may be compromised by
anti-terrorism policies.

A poll conducted by CNN, USA Today, and Gallup showed a similar increase
in privacy worries.  Since 2003, 10 percent more people feel that the
Bush administration has gone too far in the campaign against terrorism,
with 38 percent currently worried about restricted civil liberties.
Though both polls show that respondents are evenly split in deciding
whether the recently revealed domestic surveillance program was
justified, it seems that most Americans are interested in the story,
with 75 percent of the CNN poll and 66 percent of the Post poll saying
they were following the story closely.

Washington Post on Poll Results:


CNN on Poll Results:


EPIC's Privacy and Public Opinion Page:


[7] EPIC Bookstore: James Risen's "State of War"

James Risen, "State of War: The Secret History of the CIA and the Bush
Administration" (The Free Press 2006)


It's been nearly a month since we learned that President Bush authorized
the National Security Agency to conduct warrantless surveillance after
9/11, but details about the program remain scarce. While government
officials refuse to discuss specifics, James Risen's "State of War"
sheds more light on this subject than any other source.

The new book reports previously unknown details about the Bush
Administration's foreign policy and intelligence operations, the
government's response to 9/11, and the events leading up to the war in
Iraq.  It's a particularly interesting read, however, for those seeking
new information about the NSA's surveillance program, since Risen is one
of the reporters who recently revealed the operation's existence after
more than a year of investigation.

Among the items disclosed by unnamed officials interviewed for the book:

*  The few Justice Department officials aware of the NSA operation call
it simply "the Program."

*  Administration officials decided not to seek court orders from the
Foreign Intelligence Surveillance Court for the NSA operation partly
because the number of telephone and Internet communications being
monitored was so large that they couldn't obtain fast approval for all
of them.

*  10-20 percent of the orders issued by the Foreign Intelligence
Surveillance Court are products of information gathered through the NSA

There are still many questions about the circumstances, details, and
legality of the NSA's domestic surveillance, but "State of War" takes
the first steps toward answering them.

 -- Marcia Hofmann


EPIC Publications:

"Privacy & Human Rights 2004: An International Survey of Privacy Laws
and Developments" (EPIC 2004). Price: $50.

This annual report by EPIC and Privacy International provides an
overview of key privacy topics and reviews the state of privacy in over
60 countries around the world. The report outlines legal protections,
new challenges, and important issues and events relating to privacy.
Privacy & Human Rights 2004 is the most comprehensive report on privacy
and data protection ever published.


"FOIA 2004: Litigation Under the Federal Open Government Laws," Harry
Hammitt, David Sobel and Tiffany Stedman, editors (EPIC 2004). Price:

This is the standard reference work covering all aspects of the Freedom
of Information Act, the Privacy Act, the Government in the Sunshine Act,
and the Federal Advisory Committee Act.  The 22nd edition fully updates
the manual that lawyers, journalists and researchers have relied on for
more than 25 years.  For those who litigate open government cases (or
need to learn how to litigate them), this is an essential reference


"The Public Voice WSIS Sourcebook: Perspectives on the World Summit on
the Information Society" (EPIC 2004). Price: $40.

This resource promotes a dialogue on the issues, the outcomes, and the
process of the World Summit on the Information Society (WSIS).  This
reference guide provides the official UN documents, regional and
issue-oriented perspectives, and recommendations and proposals for
future action, as well as a useful list of resources and contacts for
individuals and organizations that wish to become more involved in the
WSIS process.


"The Privacy Law Sourcebook 2004: United States Law, International Law,
and Recent Developments," Marc Rotenberg, editor (EPIC 2005). Price:

The Privacy Law Sourcebook, which has been called the "Physician's Desk
Reference" of the privacy world, is the leading resource for students,
attorneys, researchers, and journalists interested in pursuing privacy
law in the United States and around the world. It includes the full
texts of major privacy laws and directives such as the Fair Credit
Reporting Act, the Privacy Act, and the OECD Privacy Guidelines, as well
as an up-to-date section on recent developments. New materials include
the APEC Privacy Framework, the Video Voyeurism Prevention Act, and the


"Filters and Freedom 2.0: Free Speech Perspectives on Internet Content
Controls" (EPIC 2001). Price: $20.

A collection of essays, studies, and critiques of Internet content
filtering.  These papers are instrumental in explaining why filtering
threatens free expression.


"The Consumer Law Sourcebook 2000: Electronic Commerce and the Global
Economy," Sarah Andrews, editor (EPIC 2000). Price: $40.

The Consumer Law Sourcebook provides a basic set of materials for
consumers, policy makers, practitioners and researchers who are
interested in the emerging field of electronic commerce.  The focus is
on framework legislation that articulates basic rights for consumers and
the basic responsibilities for businesses in the online economy.


"Cryptography and Liberty 2000: An International Survey of Encryption
Policy," Wayne Madsen and David Banisar, authors (EPIC 2000). Price:

EPIC's third survey of encryption policies around the world.  The
results indicate that the efforts to reduce export controls on strong
encryption products have largely succeeded, although several governments
are gaining new powers to combat the perceived threats of encryption to
law enforcement.


EPIC publications and other books on privacy, open government, free
expression, crypto and governance can be ordered at:

EPIC Bookstore http://www.epic.org/bookstore

"EPIC Bookshelf" at Powell's Books


EPIC also publishes EPIC FOIA Notes, which provides brief summaries of
interesting documents obtained from government agencies under the
Freedom of Information Act.

Subscribe to EPIC FOIA Notes at:

[8] Upcoming Conferences and Events

Former Vice President Al Gore introduced by former Rep. Bob Barr, The
NSA's Domestic Surveillance Program and the Rule of Law, Constitution
Hall, Washington, DC. January 16, 2006. Registration information at:

Ensuring Privacy and Secuurity of Consumer Information. American
Conference Institute. January 26-27, 2006. New York, New York. For more

Privacy in the Information Age: Databases, Digital Dossiers, and
Surveillance. High Tech Law Institute, Santa Clara University. January
27, 2006. Santa Clara, California. For more information:

Data Devolution: Corporate Information Security, Consumers and the
Future of Regulation. Fredric G. Levin College of Law, University of
Florida. February 3-4, 2006. Gainesville, Florida. For more information:

Who Can You Trust?: Privacy and Security is Everyone's Responsibility.
Reboot Communications. February 9-10, 2006. Victoria, British Columbia,
Canada. For more information:

Beyond the Basics: Advanced Legal Topics in Open Source and
Collaborative Development in the Global Marketplace. University of
Washington School of Law. March 21, 2006. Seattle, Washington. For more

Making PKI Easy to Use. National Institutes of Health. April 4-6, 2006.
Gaithersburg, Maryland. For more information:

First International Conference on Availability, Reliability and
Security. Vienna University of Technology. April 20-22, 2006. Vienna,
Austria. For more inofrmation:

CHI 2006 Workshop on Privacy-Enhanced Personalization. UC Irvine
Institute for Software Research and the National Science Foundation.
April 22-23. Montreal, Quebec, Canada. For more information:

The First International Conference on Legal, Security and Privacy Issues
in IT (LSPI). CompLex. April 30-May 2, 2006. Hamburg, Germany. For more

Computers, Freedom, and Privacy Conference (CFP 2006). Association for
Computing Machinery May 2-5, 2006. Washington, DC. For more information:

International Conference on Privacy, Security, and Trust (PST 2006).
University of Ontario Institute of Technology. October 20-November 1,
2006. Oshawa, Ontario, Canada. For more information:

Subscription Information

Subscribe/unsubscribe via web interface:


Back issues are available at:


The EPIC Alert displays best in a fixed-width font, such as Courier.

Privacy Policy

The EPIC Alert mailing list is used only to mail the EPIC Alert and to
send notices about EPIC activities.  We do not sell, rent or share our
mailing list.  We also intend to challenge any subpoena or other legal
process seeking access to our mailing list.  We do not enhance (link to
other databases) our mailing list or require your actual name.

In the event you wish to subscribe or unsubscribe your e-mail address
from this list, please follow the above instructions under "subscription

About EPIC

The Electronic Privacy Information Center is a public interest research
center in Washington, DC.  It was established in 1994 to focus public
attention on emerging privacy issues such as the Clipper Chip, the
Digital Telephony proposal, national ID cards, medical record privacy,
and the collection and sale of personal information. EPIC publishes the
EPIC Alert, pursues Freedom of Information Act litigation, and conducts
policy research.  For more information, see http://www.epic.org or write
EPIC, 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009. +1 202
483 1140 (tel), +1 202 483 1248 (fax).

If you'd like to support the work of the Electronic Privacy Information
Center, contributions are welcome and fully tax-deductible.  Checks
should be made out to "EPIC" and sent to 1718 Connecticut Ave., NW,
Suite 200, Washington, DC 20009.  Or you can contribute online at:


Your contributions will help support Freedom of Information Act and
First Amendment litigation, strong and effective advocacy for the right
of privacy and efforts to oppose government regulation of encryption and
expanding wiretapping powers.

Thank you for your support.

------------------------- END EPIC Alert 13.01 -------------------------