EPIC logo

                           E P I C  A l e r t
Volume 13.13                                               June 30, 2006

                            Published by the
               Electronic Privacy Information Center (EPIC)
                            Washington, D.C.


Table of Contents
[1] Government Program Probes Financial Records
[2] EPIC Opposes Photo ID Requirements for Voting
[3] Lawmakers, Industry, Call for Federal Privacy Law
[4] FTC Calls for Open Access to WHOIS
[5] Experts Find Wiretaps Weaken Security
[6] News in Brief
[7] EPIC Bookstore: Vernor Vinge's "Rainbows End"
[8] Upcoming Conferences and Events

[1] Government Program Probes Financial Records

Government officials confirmed last week that the Bush administration
has been secretly examining banking transactions of thousands of
Americans and others. The official confirmations followed news reports
that revealed the program, the latest in a series of secret surveillance
programs conducted by the government. News reports previously revealed
that the National Security Agency was eavesdropping on Americans' phone
calls and collecting domestic phone records without warrants.

The program, begun after the Sept. 11, 2001 attacks, is run by the CIA
and overseen by the Treasury Department. The government used broad,
secret subpoenas to review transactions from Brussels-based banking
consortium Society for Worldwide Interbank Financial Telecommunications
(SWIFT), which routes information among 7,800 financial institutions in
more than 200 countries.

London-based Privacy International has filed complaints with data
protection and privacy regulators in 33 European countries against
SWIFT. Privacy International contends that SWIFT acted "without regard
to legal process under Data Protection law when it secretly provided the
Treasury Department with confidential banking transactions of thousands
of international customers. SWIFT's actions are also being scrutinized
by the Belgian government, which is investigating the legality of the
secret transactions.

President Bush and others in his administration are attacking newspapers
for reporting about and investigating recently discovered secret
surveillance programs. He claimed that such news reports helped
terrorists by publicizing that their financial transactions were being
watched. However, Bush already announced this intention to terrorists
two weeks after the Sept. 11, 2001, attacks. On Sept. 24, 2001, Bush
said, "We're putting banks and financial institutions around the world
on notice -- we will work with their governments, ask them to freeze or
block terrorists' ability to access funds in foreign accounts."

Treasury Department Press Release Confirming Secret Program:


SWIFT Press Release Explaining Program:


Privacy International Press Release Describing Complaints:


European Union Data Protection Laws:


EPIC's Domestic Surveillance Resources Page:


EPIC's "Privacy Law Sourceboook," explaining U.S. and international


[2] EPIC Opposes Photo ID Requirements for Voting

The House Committee on Administration held a hearing on a proposal to
require newly registered voters to produce proof of citizenship. EPIC
provided comments on the hearing, urging the Committee to address real
threats to election integrity. EPIC stated that there were two
conditions that must be satisfied to meet the requirements of a free,
fair, and democratic election: all those who are eligible to vote must
be allowed to do so, while those are not eligible must be prevented from
voting. Violation of either of these two requirements undermines the
integrity of a public election.

In its comments, EPIC stressed that the voter registration process
should determine voter eligibility, not an ad hoc process conducted on
the day of the election. "The role of the poll worker is to authenticate
voters without consideration of their income, language of origin,
education, gender, race, or ethnicity," EPIC said.

EPIC also noted the difference between proving citizenship and proving
voter eligibility. For instance, documents that provide proof of
citizenship do not prove eligibility to vote: A passport that indicates
birthplace, does not indicate whether the holder is currently a resident
of the community in which she wishes to vote. EPIC pointed out that
there is no evidence, research or reporting to substantiate the threat
of illegal or ineligible voters' participation in public elections. EPIC
also noted that the committee hearing did not address the more pressing
and proven problem of fraud in absentee ballots.

Increased voter registration requirements in the past have led to voter
disenfranchisement, EPIC said. Requiring voters to affirmatively prove
that they can vote, after they have already done so at registration,
placed an unconstitutional burden upon voters. EPIC also raised the
concern that policymakers seeking additional verification may impose
other identification requirements which would infringe upon the validity
of the secret ballot.

Administration Committee Hearing on Voting ID Requirements:


EPIC's Comments to the Committee (pdf):


EPIC's Voting Page: 


National Committee for Voting Integrity:


[3] Lawmakers, Industry, Call for Federal Privacy Law 

On June 16, Senator Hillary Rodham Clinton (D-NY) announced plans to
introduce comprehensive privacy legislation. At a meeting of the
American Constitution Society, Clinton called for a "Privacy Bill of
Rights" that would create privacy protections in the private sector,
strengthen enforcement of medical privacy laws, and ensure checks and
balances on government surveillance. Clinton criticized the current lack
of privacy protections in the United States, saying, "at all levels, the
privacy protections for ordinary citizens are broken, inadequate, and
out of date."

Clinton announced that her consumer protection proposals were to be
incorporated in a bill known as the "Privacy Rights and Oversight for
Electronic and Commercial Transactions," or PROTECT, Act. The bill would
prevent companies from sharing a person's personal information unless
the person had opted in to that sharing. It would also grant consumers
the right to freeze their credit, an effective means of preventing
identity theft. Data brokers would have to grant consumers access to
their own records, and notify consumers if data has been breached.
Violators would be subject to private suit, in a tiered system designed
to insulate small businesses.

The proposed law also would increase the breadth and enforcement of
medical privacy laws, which Clinton noted were extremely lax. Of over
35,000 privacy law complaints, "not a single, civil, monetary penalty
has been imposed," she said. Clinton also criticized the Bush
administration on its warrantless surveillance programs, calling for
surveillance programs to be reviewed by the legislative and judicial
branches, to ensure the protection of privacy and civil liberties.

The PROTECT Act also creates a high-level privacy czar in the Office of
Management and Budget, to oversee the federal government's privacy
practices. "We had a privacy czar during the Clinton Administration, but
the current administration shoes not to follow that model," Clinton

In related news, Peter Swire, the former Clinton administration privacy
czar, testified before a subcommittee of the House Energy and Commerce
Committee on June 20, representing the Consumer Privacy Legislative
Forum, a consortium of businesses also calling for federal laws
regarding privacy and data security. The businesses called for a more
limited law that would grant consumers "reasonable" access to
information held about them, but that would preempt state law, likely
striking down stronger state protections. Executives from
Hewlett-Packard and eBay, members of the Forum, also testified, along
with Dr. Thomas Lenard, of the Progress and Freedom Foundation, and Evan
Hendricks of Privacy Times.

Representatives from both parties agreed that national legislation was
necessary, but many remained concerned as to whether the companies' plan
would have effective enforcement. Representative Stearns (R-FL), Chair
of the subcommittee, suggested that a private right of action might
encourage compliance with the law and grant individual consumers an
amount of redress. Representative Barton (R-TX), Chair of the full House
Commerce Committee, also appeared to support some form of a private
right, as did Representative Gonzalez (D-TX). Representative Schakowsky
(D-IL), Ranking Member of the subcommittee, also promoted the idea of
creating a cross-agency privacy czar.

Senator Clinton's Press Release on Comprehensive Privacy Legislation:


Text of Senator Clinton's speech:


Consumer Privacy Legislative Forum Statement on Federal Privacy
Legislation (pdf):


Testimony of Prof. Peter Swire, on behalf of the Consumer Privacy
Legislative Forum (pdf):


EPIC's Privacy and Preemption page:


[4] FTC Calls for Open Access to WHOIS

At the annual meeting of the Internet Corporation for Assigned Names and
Numbers (ICANN), U.S. Federal Trade Commissioner Jonathan Leibowitz
called for open access to the WHOIS database, as part of the FTC's fight
against online fraud. WHOIS allows the public to view the name and
personal information of any domain name holder. In order to protect
their privacy, many domain name holders register through a proxy
service, so that users can contact them via the proxy while their
personal information remains protected.

At the Marrakech meeting of the domain name authority, Leibowitz noted
that the database helps law enforcement track down spyware, spam, and
Internet fraud. However, the commissioner also stated that the WHOIS
database "is most useful when it is accurate." Ensuring accuracy in
WHOIS, however, threatens the ability of users to engage in anonymous
free speech online. Recently, the U.S. National Telecommunications and
Information Administration prohibited registrars of domain names ending
in ".US" from offering proxy services. (EPIC filed a "friend of the
court" brief supporting a challenge to this policy in April.)

Leibowitz also criticized ICANN's vote in April to define the purpose of
the WHOIS database narrowly. The adopted definition stated that WHOIS
should be used to allow users to contact domain name holders to resolve
"issues related to the configuration of the records associated with the
domain name within a DNS nameserver." Leibowitz worried that a
definition of WHOIS that did not include law enforcement as a purpose
for the database would hamper law enforcement access to the personal
information of domain name holders.

The commissioner did acknowledge, however, that enforcement can continue
even without accurate data, citing cases where the FTC was able to track
down fraudsters who had used obviously phony names. Others at the
meeting also noted that the existing definition of the purpose of WHOIS
does not mean that WHOIS data will be removed from public access.

FTC Press Release on WHOIS Access (with link to Leibowitz statement):


Communique of ICANN's Governmental Advisory Committee (pdf):


EPIC's WHOIS page:


EPIC's Peterson v. NTIA page:


[5] Experts Find Wiretaps Weaken Security

According to a report by the Information Technology Association of
America, attempts to create wiretap-friendly Internet and VoIP services
will build security vulnerabilities into the services. This report
follows a recent ruling by the D.C. Circuit Court of Appeals that
requires broadband and VoIP providers to build systems that the
government can wiretap easily. However, technology experts say that this
requires either a massive change in Internet infrastructure, or the
introduction of serious security risks.

The report notes that, unlike the traditional phone system, the
decentralized nature of the Internet makes it extremely difficult, if
not impossible, to simply extract the desired information from Internet
routers. Doing so would require the restructuring of "a very large
portion of the routing infrastructure." Other dangers include the ease
of accidentally intercepting innocent parties' communications; creating
eavesdropping systems that could be readily co-opted by bad actors; and
the detection or possible interception of the transmission to the law
enforcement agency itself. Technical hurdles included the relative lack
of physical security surrounding Internet routing equipment, as well as
the ease with which identities can change on the Internet.

The report, authored by a group of technology and network experts,
outlines the technical dangers to applying the Communications Assistance
for Law Enforcement Act (CALEA) to Internet services. CALEA was created
in 1994, when law enforcement agencies grew concerned that the
development of wireless and other telephone technologies would hamper
their ability to wiretap phone calls. CALEA required telephone companies
to build systems that the government could wiretap easily, but,
recognizing the differences between telephone service and Internet
services, Congress did not apply the law to "information services." A
recent ruling, however, upheld the Federal Communications Commission's
extension of CALEA to VoIP services and broadband.

ITAA Report (pdf):


Opinion in ACE v FCC (pdf):


EPIC's Wiretap page:


[6] News in Brief

EPIC Opposes D.C. Police's Proposed Expansion of CCTV System

In comments to the Metropolitan Police Department, EPIC opposed a
proposed pilot project that would expand the District's limited system
to a system of constant, surreptitious surveillance of the public.
However, if the project goes forward, EPIC urged the MPD not to change
its public notification standards. As proposed, the new regulations
would allow the police chief to install and maintain a system of secret
video cameras without informing the public. Also, EPIC urged the MPD to
set clear, objective standards for evaluating the success of the
expanded system.

EPIC's comments (pdf):


Metropolitan Police Department's site:


EPIC's Video Surveillance page:


Stolen Veterans Affairs Laptop and Hard Drive Are Found

The stolen laptop computer and hard drive containing sensitive data for
up to 26.5 million veterans, their spouses, and active-duty military
personnel have been found, according to Veterans Affairs Secretary Jim
Nicholson. This comes as newly discovered documents show that Veterans
Affairs had given permission in 2002 for the analyst, from whom the
equipment was stolen, to work from home with data that included millions
of Social Security numbers, disability ratings and other personal
information. Agency officials previously said the analyst was fired
because he violated agency procedure by taking the data home.

EPIC's Veterans Affairs page:


Department of Veterans Affairs site:


AT&T Privacy Policy Claims Control over Customers' Info

A new privacy policy unveiled for AT&T's Internet TV offerings claims
that customers' personal information belongs to the company. "While your
Account information may be personal to you, there records constitute
business records that are owned by AT&T, " the policy stated. The policy
also notes that information on users' browsing and viewing habits will
be recorded. The disclosure of such information by cable companies to
third parties is prohibited by the Cable Communications Policy Act.
However, it is unlikely that the Act would apply to an Internet provider
like AT&T.

AT&T's Privacy Policy for AT&T Yahoo! and Video Services:


Cable Communications Policy Act, Section 551:


Justice Department Considers Data Retention Plan

The U.S. Department of Justice met with representatives of technology
companies and privacy organizations to discuss its Internet data
retention plans. These plans would require Internet service providers to
store all user records so that law enforcement can later examine them
for evidence of wrongdoing. The data retention scheme is being presented
as part of an initiative to combat child pornography. The Justice
Department has not provided details on this plan, nor has it stated why
the drastic step of retaining every user's records is necessary.

EPIC's Data Retention Page: 


Study Finds Yahoo's China Filters Most Restrictive

A study released by Reporters Without Borders revealed that, of various
search engines operating in China, Yahoo's filters removed the most
information from search results. China severely restricts access to
Internet information, employing filters that block dissident material
from being viewed. The study compared the results returned from search
engines Yahoo, Google, MSN, and local competitor Baidu when researchers
searched for material on topics like "Tibet Independence," "democracy,"
and "human rights." Yahoo and Baidu were also found to prevent users who
searched for such topics from conducting any additional searches, even
on neutral topics, for an hour.

Reporters Without Borders Study:


[7] EPIC Bookstore: Vernor Vinge's "Rainbows End"

Vernor Vinge. Rainbows End. Tor Books, 2006.


"Robert Gu is a recovering Alzheimer's patient. The world that he
remembers was much as we know it today. Now, as he regains his faculties
through a cure developed during the years of his near-fatal decline, he
discovers that the world has changed and so has his place in it.
With knowledge comes risk. When Robert begins to re-train at Fairmont
High, learning with other older people what is second nature to Miri and
other teens at school, he unwittingly becomes part of a wide-ranging
conspiracy to use technology as a tool for world domination.

In a world where every computer chip has Homeland Security built-in,
this conspiracy is something that baffles even the most sophisticated
security analysts, including Robert's son and daughter-in law, two top
people in the U.S. military. And even Miri, in her attempts to protect
her grandfather, may be entangled in the plot.

As Robert becomes more deeply involved in conspiracy, he is shocked to
learn of a radical change planned for the UCSD Geisel Library; all the
books there, and worldwide, would cease to physically exist. He and his
fellow re-trainees feel compelled to join protests against the change.
With forces around the world converging on San Diego, both the
conspiracy and the protest climax in a spectacular moment as unique and
satisfying as it is unexpected. This is science fiction at its very
best, by a master storyteller at his peak."


EPIC Publications:

"Information Privacy Law: Cases and Materials, Second Edition" Daniel J.
Solove, Marc Rotenberg, and Paul Schwartz. (Aspen 2005). Price: $98.

This clear, comprehensive introduction to the field of information
privacy law allows instructors to enliven their teaching of fundamental
concepts by addressing both enduring and emerging controversies. The
Second Edition addresses numerous rapidly developing areas of privacy
law, including: identity theft, government data mining,and electronic
surveillance law, the Foreign Intelligence Surveillance Act,
intelligence sharing, RFID tags, GPS, sypware, web bugs, and more.
Information Privacy Law, Second Edition, builds a cohesive foundation
for an exciting course in this rapidly evolving area of law.


"Privacy & Human Rights 2004: An International Survey of Privacy Laws
and Developments" (EPIC 2004). Price: $50.

This annual report by EPIC and Privacy International provides an
overview of key privacy topics and reviews the state of privacy in over
60 countries around the world. The report outlines legal protections,
new challenges, and important issues and events relating to privacy.
Privacy & Human Rights 2004 is the most comprehensive report on privacy
and data protection ever published.

EPIC Publications:

"Information Privacy Law: Cases and Materials, Second Edition" Daniel J.
Solove, Marc Rotenberg, and Paul Schwartz. (Aspen 2005). Price: $98.

This clear, comprehensive introduction to the field of information
privacy law allows instructors to enliven their teaching of fundamental
concepts by addressing both enduring and emerging controversies. The
Second Edition addresses numerous rapidly developing areas of privacy
law, including: identity theft, government data mining,and electronic
surveillance law, the Foreign Intelligence Surveillance Act,
intelligence sharing, RFID tags, GPS, sypware, web bugs, and more.
Information Privacy Law, Second Edition, builds a cohesive foundation
for an exciting course in this rapidly evolving area of law.


"Privacy & Human Rights 2004: An International Survey of Privacy Laws
and Developments" (EPIC 2004). Price: $50.

This annual report by EPIC and Privacy International provides an
overview of key privacy topics and reviews the state of privacy in over
60 countries around the world. The report outlines legal protections,
new challenges, and important issues and events relating to privacy.
Privacy & Human Rights 2004 is the most comprehensive report on privacy
and data protection ever published.


"FOIA 2004: Litigation Under the Federal Open Government Laws," Harry
Hammitt, David Sobel and Tiffany Stedman, editors (EPIC 2004). Price:

This is the standard reference work covering all aspects of the Freedom
of Information Act, the Privacy Act, the Government in the Sunshine Act,
and the Federal Advisory Committee Act.  The 22nd edition fully updates
the manual that lawyers, journalists and researchers have relied on for
more than 25 years.  For those who litigate open government cases (or
need to learn how to litigate them), this is an essential reference


"The Public Voice WSIS Sourcebook: Perspectives on the World Summit on
the Information Society" (EPIC 2004). Price: $40.

This resource promotes a dialogue on the issues, the outcomes, and the
process of the World Summit on the Information Society (WSIS).  This
reference guide provides the official UN documents, regional and
issue-oriented perspectives, and recommendations and proposals for
future action, as well as a useful list of resources and contacts for
individuals and organizations that wish to become more involved in the
WSIS process.


"The Privacy Law Sourcebook 2004: United States Law, International Law,
and Recent Developments," Marc Rotenberg, editor (EPIC 2005). Price:

The Privacy Law Sourcebook, which has been called the "Physician's Desk
Reference" of the privacy world, is the leading resource for students,
attorneys, researchers, and journalists interested in pursuing privacy
law in the United States and around the world. It includes the full
texts of major privacy laws and directives such as the Fair Credit
Reporting Act, the Privacy Act, and the OECD Privacy Guidelines, as well
as an up-to-date section on recent developments. New materials include
the APEC Privacy Framework, the Video Voyeurism Prevention Act, and the


"Filters and Freedom 2.0: Free Speech Perspectives on Internet Content
Controls" (EPIC 2001). Price: $20.

A collection of essays, studies, and critiques of Internet content
filtering.  These papers are instrumental in explaining why filtering
threatens free expression.


EPIC publications and other books on privacy, open government, free
expression, crypto and governance can be ordered at:

EPIC Bookstore http://www.epic.org/bookstore

"EPIC Bookshelf" at Powell's Books


EPIC also publishes EPIC FOIA Notes, which provides brief summaries of
interesting documents obtained from government agencies under the
Freedom of Information Act.

Subscribe to EPIC FOIA Notes at:

[8] Upcoming Conferences and Events

7th Annual Institute on Privacy Law: Evolving Laws and Practices in a
Security-Driven World. Practising Law Institute. June 19-20, New York,
New York. July 17-18, Chicago, Illinois. Live webcast available. For
more information:

identitymashup: Who Controls and Protects the Digital Me? Berkman Center
for Internet & Society, Harvard Law School. June 19-21, 2006. Cambridge,
Massachusetts. For more information:

Call for papers for Identity and Identification in a Networked World.
Submissions due by July 5. New York University. Symposium on September
29-30, 2006. New York, New York. For more information:

Infosecurity New York. Reed Exhibitions. September 12-14, 2006. New
York, New York. For more information:

34th Research Conference on Communication, Information, and Internet
Policy. Telecommunications Policy Research Conference. September
29-October 1, 2006. Arlington, Virginia. For more information:

6th Annual Future of Music Policy Summit. Future of Music Coalition.
October 5-7, 2006. Montreal, Canada. For more information:

The IAPP Privacy Academy 2006. International Association of Privacy
Professionals. October 18-20, 2006. Toronto, Ontario, Canada. For more

International Conference on Privacy, Security, and Trust (PST 2006).
University of Ontario Institute of Technology. October 20-November 1,
2006. Markham, Ontario, Canada. For more information:

BSR 2006 Annual Conference. Business for Social Responsibility. November
7-10, 2006. New York, New York. For more information:

CFP2007: Computers, Freedom, and Privacy Conference. Association for
Computing Machinery. May 2007. Montreal, Canada. For more information:

Subscription Information

Subscribe/unsubscribe via web interface:


Back issues are available at:


The EPIC Alert displays best in a fixed-width font, such as Courier.

Privacy Policy

The EPIC Alert mailing list is used only to mail the EPIC Alert and to
send notices about EPIC activities.  We do not sell, rent or share our
mailing list.  We also intend to challenge any subpoena or other legal
process seeking access to our mailing list.  We do not enhance (link to
other databases) our mailing list or require your actual name.

In the event you wish to subscribe or unsubscribe your e-mail address
from this list, please follow the above instructions under "subscription

About EPIC

The Electronic Privacy Information Center is a public interest research
center in Washington, DC.  It was established in 1994 to focus public
attention on emerging privacy issues such as the Clipper Chip, the
Digital Telephony proposal, national ID cards, medical record privacy,
and the collection and sale of personal information. EPIC publishes the
EPIC Alert, pursues Freedom of Information Act litigation, and conducts
policy research.  For more information, see http://www.epic.org or write
EPIC, 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009. +1 202
483 1140 (tel), +1 202 483 1248 (fax).

If you'd like to support the work of the Electronic Privacy Information
Center, contributions are welcome and fully tax-deductible.  Checks
should be made out to "EPIC" and sent to 1718 Connecticut Ave., NW,
Suite 200, Washington, DC 20009.  Or you can contribute online at:


Your contributions will help support Freedom of Information Act and
First Amendment litigation, strong and effective advocacy for the right
of privacy and efforts to oppose government regulation of encryption and
expanding wiretapping powers.

Thank you for your support.

------------------------- END EPIC Alert 13.13 -------------------------