EPIC logo

                           E P I C  A l e r t
Volume 14.08                                             April 20, 2007

                            Published by the
               Electronic Privacy Information Center (EPIC)
                            Washington, D.C.


Table of Contents
[1] EPIC Files Federal Trade Commission Complaint
[2] Justice Department Proposes Vast Expansion of Domestic Surveillance
[3] EPIC Brief Seeks to Protect Domestic Violence Victims
[4] Attorney General Testifies before Senate Judiciary Committee
[5] Pew Reports on Teens' Online Activity
[6] News in Brief
[7] EPIC Bookstore: "A Crowd of One"
[8] Upcoming Conferences and Events

[1] EPIC Files Federal Trade Commission Complaint

EPIC, the Center for Digital Democracy and the US Public Interest
Research Group filed a complaint this week with the Federal Trade
Commission (FTC), urging the Commission to open an investigation into
the impact on consumer privacy of Internet advertising practices and the
specific issues that arise in the proposed acquisition of DoubleClick,
Inc. by Google, Inc.

On April 13, 2007, Google announced an agreement to acquire online
advertising giant DoubleClick, Inc. for $3.1 billion. The acquisition of
DoubleClick will permit Google to track both a person's Internet
searches and a person's web site visits, and Google has already
expressed its intent to merge data from Google and DoubleClick to
profile and target Internet users. This could impact the privacy
interests of 233 million Internet users in North America, 314 million
Internet users in Europe, and more than 1.1 billion Internet users
around the world, giving Google access to more information about the
Internet activities of consumers than any other company in the world.

Google will operate with virtually no legal obligation to ensure the
privacy, security, and accuracy of the personal data that it collects.
As noted in the complaint, neither Google nor DoubleClick have taken
adequate steps to safeguard the personal data that is collected.
Moreover, the proposed acquisition will create unique risks to privacy
and will violate previously agreed standards for the conduct of online

The federal government has established policies for privacy and data
collection on federal web sites that acknowledge particular privacy
concerns “when uses of web technology can track the activities of users
over time and across different web sites” and has discouraged the use of
such techniques by federal agencies. The Organization for Economic
Co-operation and Development (OECD) Guidelines on the Protection of
Privacy and Transborder Flows of Personal Data recognize that “the right
of individuals to access and challenge personal data is generally
regarded as perhaps the most important privacy protection safeguard.”
Further, privacy laws routinely require that information about consumers
be deleted once it is no longer needed. Courts have recognized a privacy
interest in the collection of information that concerns Internet use
even where the information may not be personally identifiable.

The complaint states, “there is simply no consumer privacy issue more
pressing for the Commission to consider than Google's plan to combine
the search histories and web site visit records of Internet users.” The
groups seek an order from the FTC that would require DoubleClick to
remove user identified cookies and other persistent pseudonymic
identifiers from its data, and require Google to present a public plan
for how it plans to comply with such well established government and
industry privacy standards as the OECD Privacy Guidelines. Further,
Google should provide reasonable access to all personally identifiable
data maintained by the company to the person to whom the data pertains;
establish a meaningful data destruction policy, and destroy all cookies
and other persistent identifiers resulting from Internet searches that
are or could be personally identifiable once the user terminates the
session with Google.

Pending an adequate resolution of the issues identified in this
complaint, the groups call on the Commission to use its authority to
review mergers to halt Google's proposed acquisition of DoubleClick.

EPIC's Complaint to the FTC (pdf):


Google's Press Release Announcing Agreement:


EPIC's FTC Google Complaint page:


[2] Justice Department Proposes Vast Expansion of Domestic Surveillance

The Justice Department released a legislative proposal to amend the
Foreign Intelligence Surveillance Act (FISA).  The law would allow the
president "acting through the Attorney General, may authorize electronic
surveillance without a court order under this title to acquire foreign
intelligence information for periods of up to one year." The president
would also have to power to approve physical searches under the proposed

The proposed legislation would remove the terms "wire" and "radio
communication" from the current legislation, and amend the definition of
electronic surveillance as follows: "electronic surveillance would mean:
(1) the installation or use of an electronic, mechanical, or other
surveillance device for acquiring information by intentionally directing
surveillance at a particular, known person who is reasonably believed to
be located within the United States under circumstances in which that
person has a reasonable expectation of privacy and a warrant would be
required for law enforcement purposes; or (2) the intentional
acquisition of the contents of any communication under circumstances in
which a person has a reasonable expectation of privacy and a warrant
would be required for law enforcement purposes, if both the sender and
all intended recipients are reasonably believed to be located within the
United States." This amendment would capture a wider range of
communications technologies, and provides for future innovations.

The legislation would require less specificity in applications to the
court by changing the current law's requirement for "detailed
descriptions" or statements to a "summary description" or a "summary
statement."  The proposal for new legislation would give the Attorney
General the power to direct a person to  "immediately provide the
Government with all information, facilities, and assistance necessary…"
for investigations. The draft proposal also allows for compensation and
immunity for individuals (but not for entities) who aid in the
collection of information. The proposal would also increase flexibility
in the appointment of judges from the federal circuit courts to serve on
the FISA court.

The proposal would also create a role for the Director of National
Intelligence in the securing of information collected and communications
for coordination and cooperation among local, state, and federal law
enforcement agencies to prevent attacks. New areas that will be
addressed under the bill include prohibitions on the proliferation of
weapons of mass destruction.

EPIC's domestic surveillance page:


DOJ's proposed legislation (pdf):


DOJ's press release and fact sheet:


EPIC's FISA page:


EPIC's FISA Order 1979-2005 page:


[3] EPIC Brief Seeks to Protect Domestic Violence Victims

EPIC filed an amicus brief in a divorce discovery dispute, urging a
Colorado district court to limit the release of cell phone records. The
requesting party had previously been ruled to be harassing the owner of
the records and her associates. The request asked for several years'
worth of telephone records and was not limited to particular parties or
area codes called.

A recent Federal Communications Commission (FCC) Order requires
telecommunications and voice-over-IP providers to take steps to protect
their costumer's records. Significantly, consumers must opt in to the
sharing of their calling records. The FCC declared in the Order that
giving consumers control over their private information "directly and
materially advances privacy and safety interests."

In addition to the Order, EPIC also highlighted privacy advances in the
Violence Against Women Act (VAWA) of 2005. Both VAWA and Colorado law
recognize that "placing [someone] under surveillance" can be a form of
stalking.  Surveillance causes unease, and if done with certain harmful
intent can be illegal. Individuals have an interest in carrying out
their daily lives, even in public, free from the anxiety, discomfort,
and safety risks of surveillance.

Lastly, EPIC urged the court to consider such privacy interests as
security and use limitation. Privacy interests in personal information
are not limited to simply keeping the data confidential. Individuals
should also gain assurances that information disclosed for one purpose
will not be used for other purposes. Furthermore, data that is disclosed
should be held securely and be free from the danger of further
unauthorized disclosures.

EPIC's Amicus Brief (pdf):


EPIC's Domestic Violence and Privacy page:


EPIC's Telephone Record Privacy page:


[4] Attorney General Testifies before Senate Judiciary Committee

On April 19, Attorney General Alberto R. Gonzales testified before the
Senate Judiciary Committee regarding his leadership at the Department of
Justice.  Chairman Patrick Leahy started the hearing by stating that
“[t]oday, the Department of Justice is experiencing a crisis of
leadership perhaps unrivaled during its 137-year history.”  Ranking
Member Arlen Specter called the hearing, in a sense, a “reconfirmation

While the hearing focused on the firing of eight U.S. Attorneys, many
Senators mentioned other issues within the Department of Justice, such
as the use of national security letters and terrorist watch lists. Sen.
Specter re-asserted that flagrant misuse of national security letters by
the FBI, and asked what constructive actions have been taken to correct
the problem.  Gonzales replied that his office is “involved in the
oversight and auditing of field offices”, in order to gain a better
understanding of the scope of the problem. Senator Leahy said, referring
to the misuse of national security letters,  “never in this country have
we had such an invasion of Americans' privacies.” On March 21, 2007,
letter to the Senate Judiciary Committee, EPIC recommended that Congress
repeal the FBI's National Security Letter authority.

Senator Specter called for a reconfirmation that the domestic
surveillance program has been discontinued, which Gonzales provided. 
Senator Specter also requested written explanations as to why Gonzales
feels Justice Department's legislative proposal to amend the Foreign
Intelligence Surveillance Act (FISA), released last week, is necessary.

Senator Specter said it was up to the president and Gonzales to decide
whether he should stay, but that his credibility and the department have
been damaged.

Prepared Statement of Attorney General Gonzales:


Statement of Chairman Patrick Leahy:


Statement of Senator Arlen Specter:


EPIC's National Security Letters page:


EPIC's letter to the Senate Judiciary Committee (pdf):


[5] Pew Reports on Teens' Online Activity

The Pew Internet & American Life Project released a report on teens'
management of their online identities.  Entitled "Teens, Privacy and
Online Social Networks: How teens manage their online identities and
personal information in the age of MySpace," the report is based on
surveys and focus groups of teenage social network software users. Pew
has conducted previous studies on online dating and wired seniors.

The report concludes that the majority of teens who have online profiles
manage them in order to protect sensitive information. Providing a first
name and photo are standard, but rarely is information given out that
would allow an individual to physically locate a teen. Girls are more
concerned about the release of information than boys. Over half of teens
protect their privacy by posting false information. A quarter of teens
have made friends online, and 1/3 have been contacted by a stranger via
social networking. The survey further found that teens are aware of the
differences in sharing information offline and posting it online.

In 2006, Facebook.com changed how it distributed information online, in
that any changes to an individual user's profile was broadcast to other
users. Showing that they are sensitive to privacy concerns, hundreds of
thousands of users signed a petition requesting that Facebook change the
feature. Facebook responded to the petition by allowing users to opt out
of the information broadcasting feature.

The collection of children's personal information online is subject to
the Child Online Privacy Protection Act (COPPA). COPPA requires
verifiable parental consent prior to the collection of personal data of
children under the age of 13; disclosure to parents of data collected;
and a right to revoke the consent and have the data deleted. According
to the Pew report, more households have rules about internet usage than
other media.

Pew Report - Teens, Privacy and Online Social Networks:


EPIC's page on Social Networking:


EPIC's page on COPPA:


[6] News in Brief

North Dakota Is Second State to Ban Forced RFID Implantation

North Dakota has become the second state to ban forced RFID implantation
in humans. The law makes such action a "Class A misdemeanor," but
penalties for violating the law have not been set. Wisconsin passed
similar legislation last year. However, voluntary implantation is still
permissible under the North Dakota law, and the two-line bill does not
address what is considered "voluntary."  EPIC has repeatedly warned
against the use of RFID to identify individuals, highlighting the risk
that people could be tracked in real-time.

North Dakota's SB 2415 (pdf):


EPIC's Radio Frequency Identification (RFID) Systems page:


Montana and Washington Formally Reject REAL ID Act

This week, Montana and Washington became the first two states to
formally reject the REAL ID Act. Previously, Maine, Idaho, and Arkansas
passed resolutions declaring opposition to REAL ID, but the laws passed
by Montana and Washington go further. Montana's law declares that it
"will not participate in the implementation" of REAL ID and prohibits
the state from implementing any changes related to the national
identification system. Washington's bill forbids use of state funds
unless certain protections, including privacy and security safeguards,
are met. About 20 states are debating similar legislation. Controversy
continues to surround the national ID scheme, and the public is invited
to comment on the Department of Homeland Security's draft regulations to
implement the REAL ID Act. The deadline for public comment is May 8,

Montana's HB 0287 (pdf):


Washington's SB 5087:


EPIC's National ID Cards and REAL ID Act page:


Student Loan Database Restricted After Improper Searches

The Education Department has restricted all outside access to a database
filled with the personal data of student financial aid applicants amid a
growing scandal about loan companies' improperly searching the records
for advertising purposes. The department will conduct a review of users
of the National Student Loan Data System, which contains 60 million
student records that include Social Security numbers and sensitive
financial data such as loan balances. About 29,000 university financial
aid administrators and 7,500 loan company employees had access to the
database before the temporary shutdown. The New York attorney general
has been investigating ties between lenders and universities for months.
The department recently received an F in the annual computer security
report card.

National Student Loan Data System:


House Committee on Oversight and Government Reform: Federal Computer
Security Report Card (pdf):


EPIC's Student Privacy page:


ICANN Seeks Comments on Accountability and Transparency Report

One World Trust, a UK-based NGO that conducts research into the
accountability of global organizations, has just released its
Independent Review of ICANN's Accountability and Transparency. The
report identifies a number of areas where ICANN practices observe
principles of accountability, and a number of areas where there is room
for improvement. ICANN received high marks for its transparency,
particularly for the amount of information that it shares on its
website, but it was also noted that ICANN should ensure the public are
being engaged consistently across the different constituent bodies.
ICANN seeks comments and feedback from the public on the report. The
comment period runs until April 27, 2007. The public may email comments
to transparency-2007@icann.org.

Independent Review of ICANN's Accountability and Transparency (pdf):




One World Trust:


The Public Voice:


European Human Rights Court Protects Workplace Privacy

The European Court of Human Rights issued a decision regarding
employees' right to privacy in their correspondence sent from a
workplace. In Copland v. The United Kingdom, the Court found that the
monitoring of a public employee's telephone, email, or Internet
interferes with the right to privacy guaranteed by Article 8 of the
European Convention on Human Rights. Article 8 states that “everyone has
the right to respect for his private and family life, his home and his
correspondence.” The decision prohibits surveillance of private
communications in the workplace if there is no legal basis for the

Copland v.UK


European Convention on Human Rights


EPIC's Workplace Privacy page:


[7] EPIC Bookstore: "A Crowd of One"

A Crowd of One: The Future of Individual Identity, by John Henry
Clippinger (PublicAffairs 2007).


In "A Crowd of One," John Henry Clippinger, an expert on identity and
Senior Fellow at the Berkman Center for Internet & Society at Harvard
Law School, says his motivation for the book comes from the traditional
model for influence, force, and "its instant power and its limitations."
Clippinger explores alternative forms of influence, "in pursuit of the
ultimate 'virtuous circle,' that might under the right conditions yield
trust, reciprocity, and the will to not go to war." The key decisions
that we make in life are not necessarily rational, because our personal
identity is derived from our relationships with others, and we must
understand those social connections.

In understanding these connections, we can understand the "social
commerce" that is created by our increasingly digitized world. In social
commerce, a system where you must have trust and exchange, your
reputation is your identity, Clippinger says. He points to eBay and its
notion of reputation: buyers rate a seller's claims about an item, speed
of delivery - giving feedback the seller's trustworthiness. The
importance of the eBay model, and why the site remains a success, is the
"genuine insight into the mechanics of how people formed their
identities within communities where their actions were visible." The
feedback ratings allowed members to achieve a sort of social status and
influence. But one must be careful, because untrustworthy people could
role-play and take advantage of the system by masking their true
identities, also evidenced by eBay's feedback system. Some eBay scammers
will create many small-cost transactions - selling camera batteries at a
low price to a hundred people - and increase their trustworthiness by
gathering many good ratings from these buyers. Then, the seller will
list several high-cost items - expensive, high-end digital cameras - and
abscond with the money from the sales without delivering the items. The
buyers bid on the high-cost items, in part under the influence of the
seller's "good reputation" under the eBay ratings system.

Much of human activity is being moved in and out of virtual worlds and
this will only increase, Clippinger says. He believes that this digital
age, where we can build communities of shared interests based on new
ideas of reputation and identity, is the next Enlightenment. These
theories of influence and social transaction will allow us to
continuously evolve new systems of identity management, as distinct
individuals within a social structure of crowds.

-- Melissa Ngo


EPIC Publications:

"Information Privacy Law: Cases and Materials, Second Edition" Daniel J.
Solove, Marc Rotenberg, and Paul Schwartz. (Aspen 2005). Price: $98.

This clear, comprehensive introduction to the field of information
privacy law allows instructors to enliven their teaching of fundamental
concepts by addressing both enduring and emerging controversies. The
Second Edition addresses numerous rapidly developing areas of privacy
law, including: identity theft, government data mining and electronic
surveillance law, the Foreign Intelligence Surveillance Act,
intelligence sharing, RFID tags, GPS, spyware, web bugs, and more.
Information Privacy Law, Second Edition, builds a cohesive foundation
for an exciting course in this rapidly evolving area of law.


"Privacy & Human Rights 2005: An International Survey of Privacy Laws
and Developments" (EPIC 2006). Price: $60.

This annual report by EPIC and Privacy International provides an
overview of key privacy topics and reviews the state of privacy in over
70 countries around the world. The report outlines legal protections,
new challenges, and important issues and events relating to privacy.
Privacy & Human Rights 2005 is the most comprehensive report on privacy
and data protection ever published.


"FOIA 2004: Litigation Under the Federal Open Government Laws," Harry
Hammitt, David Sobel and Tiffany Stedman, editors (EPIC 2004). Price:

This is the standard reference work covering all aspects of the Freedom
of Information Act, the Privacy Act, the Government in the Sunshine Act,
and the Federal Advisory Committee Act.  The 22nd edition fully updates
the manual that lawyers, journalists and researchers have relied on for
more than 25 years.  For those who litigate open government cases (or
need to learn how to litigate them), this is an essential reference


"The Public Voice WSIS Sourcebook: Perspectives on the World Summit on
the Information Society" (EPIC 2004). Price: $40.

This resource promotes a dialogue on the issues, the outcomes, and the
process of the World Summit on the Information Society (WSIS).  This
reference guide provides the official UN documents, regional and
issue-oriented perspectives, and recommendations and proposals for
future action, as well as a useful list of resources and contacts for
individuals and organizations that wish to become more involved in the
WSIS process.


"The Privacy Law Sourcebook 2004: United States Law, International Law,
and Recent Developments," Marc Rotenberg, editor (EPIC 2005). Price:

The Privacy Law Sourcebook, which has been called the "Physician's Desk
Reference" of the privacy world, is the leading resource for students,
attorneys, researchers, and journalists interested in pursuing privacy
law in the United States and around the world. It includes the full
texts of major privacy laws and directives such as the Fair Credit
Reporting Act, the Privacy Act, and the OECD Privacy Guidelines, as well
as an up-to-date section on recent developments. New materials include
the APEC Privacy Framework, the Video Voyeurism Prevention Act, and the


"Filters and Freedom 2.0: Free Speech Perspectives on Internet Content
Controls" (EPIC 2001). Price: $20.

A collection of essays, studies, and critiques of Internet content
filtering.  These papers are instrumental in explaining why filtering
threatens free expression.


EPIC publications and other books on privacy, open government, free
expression, crypto and governance can be ordered at:

EPIC Bookstore http://www.epic.org/bookstore

"EPIC Bookshelf" at Powell's Books


EPIC also publishes EPIC FOIA Notes, which provides brief summaries of
interesting documents obtained from government agencies under the
Freedom of Information Act.

Subscribe to EPIC FOIA Notes at:

[8] Upcoming Conferences and Events

Proof Positive: New Directions for ID Authentication Public Workshop.
Federal Trade Commission. April 23 and 24, 2007. Washington DC. For more
information contact: idmworkshop@ftc.gov

2nd Annual Access to Knowledge conference. Yale. April 27-29, 2007. New
Haven, CT. For more information:

CFP2007: Computers, Freedom, and Privacy Conference. Association for
Computing Machinery. May 2007. Montreal, Canada. For more information:

Music, Technology and IP Policy Day. May 2, 2007. Washington, DC. For
more information

Conference on Interdisciplinary Studies in Information Privacy and
Security. Rutgers University. May 22, 2007. New Brunswick. For more
information: http://www.scils.rutgers.edu/ci/isips/

Privacy Compliance Conference. The Canadian Institute.  May 30-31, 2007.
Toronto, Canada.  For more information:

29th International Conference of Data Protection and Privacy
Commissioners. September 25-28, 2007.  Montreal, Canada. For more

Subscription Information

Subscribe/unsubscribe via web interface:


Back issues are available at:


The EPIC Alert displays best in a fixed-width font, such as Courier.

Privacy Policy

The EPIC Alert mailing list is used only to mail the EPIC Alert and to
send notices about EPIC activities.  We do not sell, rent or share our
mailing list.  We also intend to challenge any subpoena or other legal
process seeking access to our mailing list.  We do not enhance (link to
other databases) our mailing list or require your actual name.

In the event you wish to subscribe or unsubscribe your e-mail address
from this list, please follow the above instructions under "subscription

About EPIC

The Electronic Privacy Information Center is a public interest research
center in Washington, DC.  It was established in 1994 to focus public
attention on emerging privacy issues such as the Clipper Chip, the
Digital Telephony proposal, national ID cards, medical record privacy,
and the collection and sale of personal information. EPIC publishes the
EPIC Alert, pursues Freedom of Information Act litigation, and conducts
policy research.  For more information, see http://www.epic.org or write
EPIC, 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009. +1 202
483 1140 (tel), +1 202 483 1248 (fax).

If you'd like to support the work of the Electronic Privacy Information
Center, contributions are welcome and fully tax-deductible.  Checks
should be made out to "EPIC" and sent to 1718 Connecticut Ave., NW,
Suite 200, Washington, DC 20009.  Or you can contribute online at:


Your contributions will help support Freedom of Information Act and
First Amendment litigation, strong and effective advocacy for the right
of privacy and efforts to oppose government regulation of encryption and
expanding wiretapping powers.

Thank you for your support.

------------------------- END EPIC Alert 14.06 -------------------------