EPIC logo

                           E P I C  A l e r t
Volume 13.18                                           September 6, 2006

                            Published by the
               Electronic Privacy Information Center (EPIC)
                            Washington, D.C.


Table of Contents
[1] EPIC, Privacy International Launch "Privacy and Human Rights 2005"
[2] House Holds Hearing on Domestic Surveillance 
[3] IRS to Outsource Tax Collecting 
[4] EPIC Argues in Appeal of DNA Dragnet Case 
[5] California RFID Bill Nears Approval
[6] News in Brief
[7] EPIC Bookstore: Spencer Overton's "Stealing Democracy"
[8] Upcoming Conferences and Events

[1] EPIC, Privacy International Launch "Privacy and Human Rights 2005"

On Friday, September 8, EPIC and Privacy International release the 8th
Privacy and Human Rights Report, which covers privacy laws and
developments around the world. This annual report provides an overview
of key privacy topics and reviews the state of privacy in over 70
countries around the world. It singles out a number of trends, including
new anti-terrorism laws that provide for increased search capabilities
and sharing of information among law enforcement authorities; and new
traveler pre-screening and profiling systems. 

Privacy and Human Rights documents the continued expansion of government
surveillance authority, from the pursuit of new identification schemes
in certain countries, and the expanded monitoring of communications, to
weakened data protection laws, and intensified data transfers between
the public and private sectors. The report also finds continuing public
opposition to identification systems, secret video surveillance, DNA
databases, and radio frequency identification (RFID) technologies.

By publishing this report annually, EPIC and Privacy International seek
to make readers aware of recent developments and emerging issues. The
report also marks the success of many human rights advocacy groups
around the world in promoting the rule of law, and making governments
more accountable to the public. For example, Malaysian citizens and the
Human Rights Caucus of the Parliament pressed for additional oversight
when state Islamic  departments wished to conduct raids against "immoral
acts." In Thailand, civil liberties groups successfully opposed a police
proposal that would have enabled warrantless wiretapping.

Privacy and Human Rights, which was written with the collaboration of
more than 200 privacy experts, academics, government officials, and
advocates. The 2005 edition survey tracks the adoption of new data
protection and open government laws, and includes new country reports
for Africa, Asia, Europe and Latin America.

Privacy and Human Rights: An International Survey of Privacy Laws and
Developments will be officially launched on the occasion of the U.S.
hearings of the Eminent Jurists Panel on Terrorism, Counter-terrorism
and Human Rights. This panel was established by the International
Commission of Jurists (ICJ), and the hearings take place at the American
University Washington College of Law, in Washington DC, over the 5th,
6th, and 7th of September 2006.

PHR 2005 at the EPIC Bookstore:


PHR 2005 Executive Summary in Spanish:


PHR 2005 Executive Summary in Russian:


PHR 2005 Executive Summary in Arabic:


The Eminent Jurists Panel, U.S. Hearings:


[2] House Holds Hearing on Domestic Surveillance 

On September 6, the House Subcommittee on Crime, Terrorism, and Homeland
Security held a hearing to consider proposed changes to the Foreign
Intelligence Surveillance Act (FISA). Several members of Congress have
proposed bill to amend FISA in the wake of last year's revelations that
President Bush had authorized the National Security Agency to conduct
warrantless wiretaps on calls where one party was present within the
United States. FISA requires that law enforcement needs a warrant to
wiretap conversations that include a US citizen or permanent resident.

Proposals ranged widely, from those that would authorize or even expand
the NSA program, to bills that would require additional investigation
and study of the current program's legality. The most discussed proposal
during the hearing was H.R. 5825, the "Electronic Surveillance
Modernization Act," put forward by Representative Wilson (R-NM). This
proposal would allow the warrantless wiretapping program to continue,
reduce the types of surveillance that need court orders, and would allow
the Attorney General to demand, with "written certification," that
communications providers give the government any requested information,
facilities, or technical assistance.

Lawyers for the Justice Department and the NSA testified in support of
the program and of proposals that would establish its legality, though
the Justice Department insisted that, even without any legislative
changes, the program was legal under the President's inherent authority
and under the 2001 Authorization of the use of Military Force. This was
met with skepticism from some members. Representative Flake (R-AZ)
suggested that these justifications meant that the President would be
free to ignore any laws dealing with foreign surveillance.

Testifying against the wiretapping program and its expansion was James
Dempsey of the Center for Democracy and Technology, who pointed out that
proposals to amend FISA by Representative Wilson and Senator Specter
would actually "gut" existing safeguards, without any showing of how the
NSA program, or any new surveillance powers, would help protect national
security. Representative Delahunt (D-MA) noted that many debates about
the NSA program were an "academic exercise," since the secret nature of
the program prevents legislators and the public alike from knowing its
contours or efficacy.

Hearing Notice, House Subcommittee on Crime, Terrorism, and Homeland
Security (pdf):


Testimony of James Dempsey, CDT (pdf):




EPIC's Resources on Domestic Surveillance:


[3] IRS to Outsource Tax Collecting 

Beginning September 7, the IRS will share information with private debt
collectors who will pursue those behind on their taxes. Currently, three
private companies are approved to contact taxpayers who owe $25,000 or
less in back taxes. The debt collection companies will have access to
the taxpayers' records. EPIC has criticized similar proposals in the
past, noting that private debt collectors would be less likely to follow
federal privacy laws for taxpayer information and that consumers would
be at greater risk of identity theft if sensitive IRS information were
disclosed to private collection agencies.

The IRS downplayed the privacy and security vulnerabilities involved in
allowing private access to taxpayer information, saying that the IRS
will provide training for the three firms, and that each firm will be
responsible for conducting background checks on its employees. The IRS
plans to expand the number of firms involved to 10 by 2008.

The plan has also been criticized for the additional risk that taxpayer
may succumb to fraud. Earlier this year, the IRS warned taxpayers to
beware identity thieves who posed as private debt collectors for the IRS
in order to gain access to sensitive personal and financial information.
Others have noted that private companies, who will keep a portion of the
back taxes owed, will have a much stronger incentive to pursue increased
penalties to taxpayers, while being less likely to safeguard taxpayer
rights.  The program is estimated to increase net revenues by 1 billion
dollars, though employing additional IRS agents was estimated to
increase net revenues by about 87 billion.

IRS Page on Private Tax Collection:


EPIC's Comments on the 1995 IRS Compliance 2000 Proposal:


EPIC's Spotlight on Poor IRS Security:


[4] EPIC Argues in Appeal of DNA Dragnet Case 

On September 7, the Fifth Circuit Court of Appeals in New Orleans,
Louisiana will hear arguments in an appeal challenging the use of DNA
dragnets in finding suspects. EPIC has filed a "friend of the court"
brief in the case, and Executive Director Marc Rotenberg will argue
EPIC's position before the court.

In 2002, police investigating a series of rapes and murders near Baton
Rouge, Louisiana, conducted a DNA dragnet, collecting DNA samples from
more than 1,200 men in an attempt to match someone's DNA with that found
at the crime scenes. Shannon Kohler was one of the men approached by
police. When he refused to provide one, he was served with a seizure
warrant, forcing him to provide a sample. Kohler was later identified by
police and news media as a suspect in the search for the serial killer.

After Kohler was cleared of wrongdoing in the investigation, he filed a
suit against the Baton Rouge police, claiming that they lacked probable
cause to obtain the warrant and that his DNA sample should be destroyed.
In February 2005, a federal district court ruled against him, saying
that police had probable cause based on two anonymous tips and the fact
that Mr. Kohler met "certain elements of an FBI profile," which the
court itself characterized as "so broad and vague that it cast a net of
suspicion over thousands of citizens."

EPIC's amicus brief points out that DNA dragnets have been extremely
ineffective in catching criminals, while the widespread collection of
DNA samples erodes the privacy rights of thousands. The brief urges that
clear guidelines be established before the police engage in this
investigative practice. Kohler's attorney in the appeal has ceded time
to EPIC to make its argument before the court.
EPIC's Kohler v. Englade Page:


EPIC's Amicus Brief in Kohler v. Englade (pdf):


EPIC's Genetic Privacy Page:


[5] California RFID Bill Nears Approval

The California legislature has recently passed the Identity Information
Protection Act, which requires that state-issued IDs that contain
remotely-readable RFID chips must contain adequate security features to
prevent them from being read by unauthorized parties. RFID chips are
designed to store unique identifiers that will be broadcast in response
to a particular radio signal. The technology has already been rolled out
for US passports and a number of other identification documents.

The California law, introduced by State Senator Joe Simitian, was
sparked by concerns that RFID embedded within identification cards and
documents could be remotely read without the user's knowledge, revealing
personal information that could be used to commit fraud, identity theft,
or gain unauthorized access. Bill proponents note that the technology
has valid uses, but that the state needs to include protections when it
compels citizens to carry a technology capable of broadcasting their
personal information. Recently, security experts have shown the
vulnerabilities of RFID chips, "cloning" the data on them using commonly
available technology.

Specifically, the bill requires that RFID documents issued by state or
local governments include tamper-resistant features, a authentication
process by which both the card and the reader are recognized as
legitimate, and a means for a holder of the document to directly control
whether or not the chip can be read. Citizens would also have to be
notified of the locations of RFID readers. However, the bill does not
apply to RFID programs instituted before 2007.  The bill also
criminalizes intentional unauthorized reading of an RFID identification

The bill now goes to Governor Schwarzenegger for approval. California
civil liberties groups are urging residents to write the governor,
encouraging him to sign the bill.

The Identity Information Protection Act (pdf):


ACLU of Northern California's Page on the Act:


EPIC's RFID page:


[6] News in Brief

Senate Subcommittee Holds Hearings on Airline Passenger Screening

On September 7, the Senate Subcommittee on Terrorism, Technology, and
Homeland Security held a hearing on pre-screening international
travelers who are flying into the United States. A Homeland Security
program that acquired European passenger name records for pre-screening
was opposed for its privacy violations by the European Parliament, and
struck down by the European Court of Justice earlier this year. Homeland
Security Secretary Chertoff has announced plans not only to revive the
program, but also to expand certain aspects of it.

Hearing Notice:


EPIC's Passenger Name Records Page:


European Parliament Opposition to Passenger Record Sharing:


European Court of Justice Ruling on Record Sharing:


Education Department Shared Student Data with FBI 

The Department of Education has been sharing personal information on
students with the Federal Bureau of Investigation as part of a program
called "Project Strikeback," the New York Times reports. Through the
program, the records of students named by the FBI were shared and
examined for evidence of fraud or identity theft, which the FBI says can
be linked to terrorism. The agencies refused to say whether any
investigations resulted from the program, which ran for five years after
the September 11 attacks, but is now closed. Generally, only permanent
residents and U.S. citizens are eligible for federal student financial
aid. In related news, the Department of Education is considering a
proposal to create a detailed national student database.

New York Times on Project Strikeback:


EPIC's Student Privacy page:


Disney World Collecting Fingerprints 

Walt Disney World in Florida announced that it would be installing
fingerprint scanning technology at its park entrances. The units will
collect fingerprint information to control entry to the theme parks to
prevent ticket resales.  In 2005, Disney first announced the expansion
of a more limited biometric system that would include all visitors to
its theme park.  At that time Disney reported that all visitors age 10
or over would be processed through the biometric recording system.

EPIC's Theme Park and Privacy Page: 


Hewlett-Packard Pretexted Info on its Directors

An internal investigation into boardroom leaks at Hewlett-Packard
recently drew the attention of law enforcement. The tech company hired
investigators who tracked the phone calls of its directors through a
method called "pretexting."  Pretexting is a practice of illicitly
obtaining information by impersonating someone who should have access to
the information sought. EPIC highlighted this practice last year in
complaints to the Federal Trade Commission and the Federal
Communications Commission and recommended new safeguards to protect the
privacy of personal information. The California Attorney General's
office has announced an initial investigation of the matter.
Hewlett-Packard revealed the surveillance in disclosures to the federal
Securities and Exchange Commission relating to the resignation of one of
its board members.

EPIC's Pretexting Page:


Google Gives User Data to Brazilian Court 

Google's social networking service Orkut was ordered by a Brazilian
court to hand over user data, including IP addresses and login times.
The court sought this data in connection with investigations of online
communities encouraging pedophilia, racism, and homophobia. Google at
first argued that it would respond only to a subpoena by a US court,
since the data resides in US based servers. Faced with a fine, however,
Google handed over the data. Previously, Google has resisted a US
Justice Department request for billions of its search queries. A federal
judge in California ruled that the search queries, which were not sought
in regard to a criminal investigation, need not be disclosed.

Text of the California Ruling in Gonzales v. Google (pdf):


[7] EPIC Bookstore: Spencer Overton's "Stealing Democracy"

"Stealing Democracy: the New Politics of Voter Suppression" by Spencer
Overton. (W. W. Norton & Company, 2006).


This is a wonderful read both for political season junkies and those who
would like to take a peek behind the curtain of our nation's most
fundamental democratic institution--the public election. The book's
first chapter is an eye-opening tour of the election process that will
dissuade you of any notion that "one person, one vote" has ever been the
goal of public elections.  Beyond just the messy conclusion of the 2000
Florida presidential election, "Stealing Democracy" instills a greater
appreciation of the efforts of inside political partisans to prevent
change from happening, and the monumental efforts that voting rights
advocates have made to expand the franchise to minorities, women, youth,
and new residents.

By the end of Professor Overton's book you will have a better
understanding of why Florida was not an isolated event, and why things
have not improved much since that election. The book does do something
that may surprise the reader, though: it is humorous, hopeful,
insightful, balanced, and intuitive about the conflicting arguments
surrounding redistricting, voter ID requirements, felon voting rights,
the cost of election administration, Section 5 of the Voting Rights Act,
and the role of federal, state, and local government in election

For example, Professor Overton details the delicate mating ritual that
takes place during the drawing of new district lines following each
decennial census. The process is controlled from beginning to end by
partisan powers-that-be seeking to maintain the status quo. Every
possible tactic is deployed to keep the language and tone of the process
such that no one will question the assumption that this is the only
acceptable method for drawing the lines for elected offices.

Professor Overton also points out the little discussed problems of
administering public elections: cost and shortages of election workers.
Neglect of election administration meant voting systems became
antiquated or left in disrepair, and poll workers who, although much
appreciated, were little more than volunteers. He concedes that the
process of election related decision-making will likely always be
political, but he insists that it can be fair, provided there is a
national discussion about a formula that would encompass federal, state,
local, and citizen roles to provide an appropriate level of checks and
balances for public election administration.

According to Professor Overton, the machinations behind our elections
serve to keep in power those who are currently in power by any means
available. The book makes valuable observations and offers some
foundations to begin a national discussion on reforming our most
cherished democratic institution. Public elections should not be a
matter of making sure that one party wins, but that every voter wins the
right to equal access to participate in public elections. Now that would
be a new experience. Happy Political Season!

----Lillie Coney


EPIC Publications:

"Information Privacy Law: Cases and Materials, Second Edition" Daniel J.
Solove, Marc Rotenberg, and Paul Schwartz. (Aspen 2005). Price: $98.

This clear, comprehensive introduction to the field of information
privacy law allows instructors to enliven their teaching of fundamental
concepts by addressing both enduring and emerging controversies. The
Second Edition addresses numerous rapidly developing areas of privacy
law, including: identity theft, government data mining and electronic
surveillance law, the Foreign Intelligence Surveillance Act,
intelligence sharing, RFID tags, GPS, spyware, web bugs, and more.
Information Privacy Law, Second Edition, builds a cohesive foundation
for an exciting course in this rapidly evolving area of law.


"Privacy & Human Rights 2005: An International Survey of Privacy Laws
and Developments" (EPIC 2006). Price: $60.

This annual report by EPIC and Privacy International provides an
overview of key privacy topics and reviews the state of privacy in over
70 countries around the world. The report outlines legal protections,
new challenges, and important issues and events relating to privacy.
Privacy & Human Rights 2005 is the most comprehensive report on privacy
and data protection ever published.


"FOIA 2004: Litigation Under the Federal Open Government Laws," Harry
Hammitt, David Sobel and Tiffany Stedman, editors (EPIC 2004). Price:

This is the standard reference work covering all aspects of the Freedom
of Information Act, the Privacy Act, the Government in the Sunshine Act,
and the Federal Advisory Committee Act.  The 22nd edition fully updates
the manual that lawyers, journalists and researchers have relied on for
more than 25 years.  For those who litigate open government cases (or
need to learn how to litigate them), this is an essential reference


"The Public Voice WSIS Sourcebook: Perspectives on the World Summit on
the Information Society" (EPIC 2004). Price: $40.

This resource promotes a dialogue on the issues, the outcomes, and the
process of the World Summit on the Information Society (WSIS).  This
reference guide provides the official UN documents, regional and
issue-oriented perspectives, and recommendations and proposals for
future action, as well as a useful list of resources and contacts for
individuals and organizations that wish to become more involved in the
WSIS process.


"The Privacy Law Sourcebook 2004: United States Law, International Law,
and Recent Developments," Marc Rotenberg, editor (EPIC 2005). Price:

The Privacy Law Sourcebook, which has been called the "Physician's Desk
Reference" of the privacy world, is the leading resource for students,
attorneys, researchers, and journalists interested in pursuing privacy
law in the United States and around the world. It includes the full
texts of major privacy laws and directives such as the Fair Credit
Reporting Act, the Privacy Act, and the OECD Privacy Guidelines, as well
as an up-to-date section on recent developments. New materials include
the APEC Privacy Framework, the Video Voyeurism Prevention Act, and the


"Filters and Freedom 2.0: Free Speech Perspectives on Internet Content
Controls" (EPIC 2001). Price: $20.

A collection of essays, studies, and critiques of Internet content
filtering.  These papers are instrumental in explaining why filtering
threatens free expression.


EPIC publications and other books on privacy, open government, free
expression, crypto and governance can be ordered at:

EPIC Bookstore http://www.epic.org/bookstore

"EPIC Bookshelf" at Powell's Books


EPIC also publishes EPIC FOIA Notes, which provides brief summaries of
interesting documents obtained from government agencies under the
Freedom of Information Act.

Subscribe to EPIC FOIA Notes at:

[8] Upcoming Conferences and Events

Infosecurity New York. Reed Exhibitions. September 12-14, 2006. New
York, New York. For more information:

Preventing and Responding to Security Breaches. Privacy Journal.
September 28-29. New York, New York. For more information:

Identity and Identification in a Networked World. New York University. 
September 29-30, 2006. New York, New York. For more information:

34th Research Conference on Communication, Information, and Internet
Policy. Telecommunications Policy Research Conference. September
29-October 1, 2006. Arlington, Virginia. For more information:

6th Annual Future of Music Policy Summit. Future of Music Coalition.
October 5-7, 2006. Montreal, Canada. For more information:

The IAPP Privacy Academy 2006. International Association of Privacy
Professionals. October 18-20, 2006. Toronto, Ontario, Canada. For more

International Conference on Privacy, Security, and Trust (PST 2006).
University of Ontario Institute of Technology. October 20-November 1,
2006. Markham, Ontario, Canada. For more information:

Internet Governance Forum (IGF) October 30-November 2, 2006. Athens,
Greece. For more information:

28th International Data Protection and Privacy Commissioners'
Conference. November 2-3, 2006. London, United Kingdom. For more

BSR 2006 Annual Conference. Business for Social Responsibility. November
7-10, 2006. New York, New York. For more information:

CFP2007: Computers, Freedom, and Privacy Conference. Association for
Computing Machinery. May 2007. Montreal, Canada. For more information:

Subscription Information

Subscribe/unsubscribe via web interface:


Back issues are available at:


The EPIC Alert displays best in a fixed-width font, such as Courier.

Privacy Policy

The EPIC Alert mailing list is used only to mail the EPIC Alert and to
send notices about EPIC activities.  We do not sell, rent or share our
mailing list.  We also intend to challenge any subpoena or other legal
process seeking access to our mailing list.  We do not enhance (link to
other databases) our mailing list or require your actual name.

In the event you wish to subscribe or unsubscribe your e-mail address
from this list, please follow the above instructions under "subscription

About EPIC

The Electronic Privacy Information Center is a public interest research
center in Washington, DC.  It was established in 1994 to focus public
attention on emerging privacy issues such as the Clipper Chip, the
Digital Telephony proposal, national ID cards, medical record privacy,
and the collection and sale of personal information. EPIC publishes the
EPIC Alert, pursues Freedom of Information Act litigation, and conducts
policy research.  For more information, see http://www.epic.org or write
EPIC, 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009. +1 202
483 1140 (tel), +1 202 483 1248 (fax).

If you'd like to support the work of the Electronic Privacy Information
Center, contributions are welcome and fully tax-deductible.  Checks
should be made out to "EPIC" and sent to 1718 Connecticut Ave., NW,
Suite 200, Washington, DC 20009.  Or you can contribute online at:


Your contributions will help support Freedom of Information Act and
First Amendment litigation, strong and effective advocacy for the right
of privacy and efforts to oppose government regulation of encryption and
expanding wiretapping powers.

Thank you for your support.

------------------------- END EPIC Alert 13.18 -------------------------