EPIC logo

                            E P I C  A l e r t
Volume 14.22                                           October 31, 2007

                             Published by the
                Electronic Privacy Information Center (EPIC)
                             Washington, D.C.

                            E P I C Job Announcement
         EPIC is seeking a smart, energetic, creative individual 
                      for the position of Staff Counsel

                          Deadline: Nov. 30, 2007

                        Click here for more details

Table of Contents
[1] EPIC Calls for Whois Privacy
[2] Groups Urge Zero Funding for REAL ID System 
[3] EPIC Urges Congress to Monitor Google-DoubleClick Review
[4] US Senate Committees Consider FISA Reform, Immunity
[5] Numbers Will Not Be Dropped From Do Not Call Registry
[6] News in Brief
[7] EPIC Bookstore: "Privacy Law and Society"
[8] Upcoming Conferences and Events
    - Subscription Information
    - Privacy Policy
    - About EPIC
    - Donate to EPIC

[1] EPIC Calls for Whois Privacy

In a letter to the Board of the Internet Corporation for Assigned Names
and Numbers (ICANN), EPIC expressed its support for changes to Whois
services that would protect the privacy of individuals, specifically the
removal of registrants' contact information from the publicly accessible
Whois database. As explained in Privacy and Human Rights 2006,
concealing actual identity may be critical for political, artistic, and
religious expression on the Internet.

The ICANN Whois Task Force completed its final report on Whois Services
in March 2007. In that report, a majority of members endorsed a proposal
called the "Operational Point of Contact" (OPoC). Under OPoC, every
registrant would identify a new operational point of contact and the
registrant's postal address, city, and postal code would no longer be
displayed. The operational point of contact's name and contact
information would be displayed instead, and it would replace the
administrative and technical contacts. A Whois Working Group, convened
to examine some of the implementation details of the OPoC, published its
report in August 2007. A public comment period on the report received
submissions until October 30,  2007. ICANN members are likely to vote on
the issue on October 31, 2007 during the Los Angeles ICANN meeting.

ICANN's current policy requiring the publication of personal information
violates the privacy rights of registrants and may violate international
laws and the privacy rights in the UN's Universal Declaration of Human
Rights. Both the Whois Task Force and the Whois Working Group agree that
new mechanisms must be adopted to address an individual's right to
privacy and the protection of his or her data.

In its comments, EPIC pointed out that this issue has remained
unresolved for seven years. While the OPoC proposal is not an ideal
solution, the Working Group's report represented  agreed in critical
areas, on several key points that advance the Whois discussion within
ICANN and provide clear guidance to the ICANN Board. EPIC suggested that
if the proposal does not move forward, then the Board should sunset the
Whois database. Thirty other groups and individuals endorsed EPIC's
letter to the ICANN Board.

ICANN Staff Overview of Recent WHOIS Activity: 


EPIC's Letter to ICANN (Oct. 30, 2007) (pdf):


EPIC's page on WHOIS: 


Privacy and Human Rights 2006:


[2] Groups Urge Zero Funding for REAL ID System

A number of organizations have joined to urge Congress against funding
the REAL ID national identification system. Congress passed REAL ID
without a hearing even though legislators in both parties urged debate.
Sen. Daniel Akaka and Sen. John Sununu have both said that they believe
REAL ID "places an unrealistic and unfunded burden on state governments
and erodes Americans' civil liberties and privacy rights."

In a letter, the groups said, "$50 million for REAL ID was appropriated
in the House. In the Senate, however, an amendment offered by Sen.
Alexander to add an additional $300 million was defeated by a bipartisan
majority. Earlier efforts to expand REAL ID as part of the Comprehensive
Immigration Reform bill were also rejected. We strongly urge the
Conference Committee to accept the Senate's approach not to fund REAL
ID." The groups also explained, "Furthermore, of the $40 million that
has been appropriated for REAL ID implementation so far, $34 million
remains unspent. [. . .] This year, New Hampshire returned its grant and
passed a law barring REAL ID participation by the state. If an
additional $50 million is appropriated, it is similarly likely to
languish in Washington rather than going to states that need it to
implement other desirable programs."

There has been widespread public opposition to REAL ID. Seventeen states
have passed legislation rejecting the national identification system. In
May, 54 organizations representing trans-partisan, nonpartisan, privacy,
consumer, civil liberty, civil rights, and immigrant organizations
joined to launch a national campaign to solicit public comments to stop
REAL ID. The Department of Homeland Security received more than 12,000
comments on its draft implementation regulations for the REAL ID Act,
even though the comment process was marked with problems.

EPIC and 24 other privacy and technology experts jointly submitted
comments in May warning the federal agency not to go forward with the
REAL ID proposal. The group urged DHS to recommend to Congress that REAL
ID is unworkable and must be repealed. "The REAL ID Act creates an
illegal de facto national identification system filled with threats to
privacy, security and civil liberties that cannot be solved, no matter
what the implementation plan set out by the regulations," the group

Information on the Group Letter to Congress:


Text of the REAL ID Act (pdf):


Comments of EPIC and 24 Experts in Privacy and Technology (pdf):


Stop REAL ID Campaign site:


EPIC's Page on National ID Cards and REAL ID Act:


[3] EPIC Urges Congress to Monitor Google-DoubleClick Review

In a letter to the Subcommittee on Financial Services and General
Government of the U.S. House Committee on Appropriations, EPIC urged
oversight of the Federal Trade Commission's review of the proposed
Google-DoubleClick merger. The Subcommittee is responsible for the
annual appropriation for the Federal Trade Commission.

In recent complaints to the Federal Trade Commission, EPIC, the Center
for Digital Democracy and US PIRG have detailed the reasons why the FTC
needs to establish substantial privacy safeguards as a condition of the
merger. The filings include proposals for a range of steps the
Commission could take by means of a consent order to safeguard consumer

In the October 26 letter to the Subcommittee, EPIC set out the privacy
concerns arising from the proposed merger as well as the statements of
various experts and Senator Herbert Kohl, Chairman of the Judiciary
Committee's Subcommittee on Antitrust, Competition Policy & Consumer
Rights, regarding the authority of the Commission to act in this matter.

If the FTC fails to establish substantial privacy safeguards as a
condition of the proposed Google-DoubleClick merger, "we believe there
should be a comprehensive investigation of the factors that led to the
FTC's decision," EPIC said.

Also on October 26, Representative Ed Towns, member of the U.S. House
Committee on Energy and Commerce, wrote to FTC Chairman Deborah Platt
Majoras asking the Commission "to analyze the unique consumer protection
issues raised by Google's proposed acquisition of DoubleClick." He urged
the Commission to ask questions, including, "Could Google become so
powerful that it no longer would be subject to market pressure to
compete with respect to the quality of its privacy practices?" Rep.
Towns said, "Section 5 of the FTC Act gives the Commission broad
authority to address potential consumer harms, and I trust the
Commission will use this authority to ensure that consumers' privacy
interests are protected in connection with Google's proposed acquisition
of DoubleClick."

EPIC's Letter to the House Subcommittee on Financial Services and
General Government (pdf):


Representative Towns's Letter to the Federal Trade Commission (pdf):


U.S. House Subcommittee on Financial Services and General Government:


EPIC's page on Privacy? Proposed Google/DoubleClick Deal:


[4] US Senate Committees Consider FISA Reform, Immunity

The FISA Amendments Act of 2008 (S. 2248) was approved by the US Senate
Intelligence Committee and is now being considered by the US Senate
Judiciary Committee.  The Intelligence Committee released its report
summarizing its findings and the legislation. In the report, the
Intelligence Committee noted that acquiring documents necessary to
studying the program was "more difficult than it should have been." The
documents were only made available in October 2007.

Intelligence Committee members concluded that FISA would have to be
revised in order to target people abroad, that additional protections
are needed for US persons, and that civil immunity should be afforded to
companies that aided the warrantless surveillance program. The bill that
the Committee presented reflected these findings. According to the FISA
Amendments Act of 2008, immunity will be granted to providers who
received a written request for the information stating that the program
was authorized by the president and determined to be lawful.  The Act
will sunset in 6 years' time. An amendment to remove the immunity
provisions failed by a vote of 3-12. Senators Wyden, Feingold and Nelson
voted in favor of removing the immunity provision.

The Judiciary Committee, by letter from Chairman Leahy and Ranking
Member Specter, again requested White House documents pertinent to FISA
reform. The Committee subpoenaed the documents earlier this summer, and
had extended the response deadline to August 20, 2007, which was also
not met. The White House conditioned the release of the documents on
grants of immunity to telecommunications companies, a move that the
Judiciary Committee letter calls unacceptable.

The Judiciary Committee is scheduled to hold a hearing on FISA on
October 31.

Letter from Sen. Leahy and Ranking Member Specter, to the White House
(Oct. 22, 2007):


Senate Intelligence Committee Report (pdf):


EPIC's page on FISA:


[5] Numbers Will Not Be Dropped From Do Not Call Registry

In testimony last week before the US House of Representatives'
Subcommittee on Commerce, Trade, and Consumer Protection, the Federal
Trade Commission committed "that it will not drop any telephone numbers
from the Do Not Call Registry based on the five-year expiration period
pending final Congressional or agency action on whether to make
registration permanent."

The Do Not Call Registry is a list created and maintained by the Federal
Trade Commission of consumers who do not wish to be telephoned by
commercial marketers. The Registry now contains more than 145 million
phone numbers. When the Do Not Call Registry was developed in 2003, the
Commission adopted a five-year re-registration mechanism and said that
the list would be periodically purged of disconnected or reassigned
numbers. This was done to ensure that the Registry was as accurate as
possible, while not placing too great a burden on consumers to
re-register their telephone numbers.

However, for five years the Registry has successfully used a scrubbing
program to purge disconnected and reassigned numbers each month. The
increased use of cell phones and the popularity of telephone number
portability also make the re-registration procedure less necessary than
it may have been five years ago.

According to the Commission, "the Registry has enjoyed unprecedented
popularity and helped enhance the privacy of the American public in a
tangible way." A study released in January 2006 showed that 94 percent
of American adults have heard of the Registry and 76 percent have
registered their phone numbers. Since the Registry has been in place,
the Commission has initiated 27 cases alleging DNC violations, resulting
in a total of $8.8 million in civil penalties and $8.6 million in
consumer redress or disgorgement of ill-gotten gains. The largest
penalty, $5.3 million, was paid by Satellite television subscription
seller DirecTV in 2005. Most recently, the Broadcast Team agreed to pay
a $1 million civil penalty, the second-largest penalty obtained in a Do
Not Call case, for violations of the Telemarketing Sales Rule.

Federal Trade Commission has also stated that despite claims made in
e-mails circulating on the Internet, consumers should not be concerned
that their cell phone numbers will be released to telemarketers in the
near future, and that it is not necessary to register cell phone numbers
on the National Do Not Call Registry to be protected from most
telemarketing calls to cell phones.

Federal Trade Commission Do Not Call Registry Testimony Summary (pdf):


Federal Trade Commission: The Truth About Cell Phones And The Do Not
Call Registry:


EPIC's page on the Do Not Call Registry:


[6] News in Brief

Arizona Prosecutors Release Newspaper Executives, End Investigation

Arizona prosecutors have dropped all charges against "Phoenix New Times"
newspaper executives who were arrested after publishing a story about a
grand jury investigation of the newspaper. The executives had detailed
secret grand jury subpoenas demanding broad access to reporters' notes
and information on people who visited the newspaper's website since
2004. Two prosecutors in the case are facing investigations by the State
Bar Association after multiple complaints were filed concerning the
"Phoenix New Times" case and another case. EPIC has historically sought
to protect the privacy of news subscribers. In January, EPIC joined six
civil liberties groups to submit a "friend of the court" brief in
Forensic Advisors, Inc. v. Matrixx Initiatives, Inc. Pharmaceutical
company Matrixx sought to force a newsletter publisher to disclose his
subscriber list so that Matrixx could use it in connection with a
lawsuit filed against unidentified people who posted derogatory comments
about the company on Internet discussion boards. The brief argued that
the subscriber list is protected under the First Amendment, since
disclosure of the list would deter readership and violate
constitutionally established privacy rights.

January 2007 Amicus Brief Submitted by EPIC, et. al (pdf):


Privacy International Files Toronto Transit CCTV Complaint

Privacy International filed a complaint with the Ontario Information and
Privacy Commissioner's Office regarding plans to deploy 12,000 cameras
across Toronto's transportation network of buses, streetcars, and
subways at a cost of $18 million. According to Privacy International,
the Toronto Transit Commission has repeatedly argued that Closed Circuit
Television (CCTV) acts as a deterrent despite international
criminological evidence proving otherwise.

In its complaint, Privacy International argues that the collection
principles in the relevant legislation are not being sufficiently
attended to in that the collection is not necessary, that the scheme is
being deployed without consideration to privacy and associated
protocols, and with insufficient consideration regarding access powers.

Privacy International complaint (Oct. 24) (pdf):


EPIC's page on Video Surveillance:


EPIC's Spotlight on Surveillance: D.C.'s Camera System Should Focus on
Emergencies, Not Daily Life (Dec. 2005):


EU Security Agency on Social Networking Risks, Recommendations

The European Network and Information Security Agency (ENISA) has issued
a position paper on Security Issues And Recommendations for Social
Networks. The paper concludes that social networks are a clear benefit
to society; however, the study warns of the danger that new face
recognition or other new technologies pose in a world were there may be
a false sense of intimacy created by social networks. The agency grouped
security threats into 4 categories: privacy, traditional network,
identity and social threats. The paper recommends government and
corporate policy changes, technical and research recommendation, such as
increasing transparency of data handling practices, and encouraging
social networking education rather than the banning of social networking
sites in schools.

Security Issues and Recommendations for Online Social Networks (pdf):


EPIC's page on Social Networking and Privacy:


National Health Committee Calls For Stronger HIPAA Privacy

The National Committee On Vital And Health Statistics has submitted a
draft report to the Secretary of the U.S. Department of Health and Human
Services on the topic of "secondary uses" of electronically collected
and transmitted health data. In its report, the Committee recommends
extending the applicability of the federal rules that protect the
privacy of individuals' medical records. Specifically, the report
recommends that the Health Insurance Portability and Accountability Act
of 1996 apply to all users of health data. Currently, HIPAA's coverage
is limited to certain groups, primarily insurers and health care
providers. The committee will receive public comments on the document in
a telephone conference on October 31, 2007 and in written form until
November 6, 2007. The Committee will then consider revisions, and will
deliver final recommendations to Health and Human Services later this

National Committee On Vital And Health Statistics Report to the
Secretary of the U.S. Department of Health and Human Services on
Enhanced Protections for Uses of Health Data: A Stewardship Framework
for "Secondary Uses" of Electronically Collected and Transmitted Health
Data (pdf):


National Committee on Vital and Health Statistics Call for Public


EPIC's page on Medical Privacy:


[7] EPIC Bookstore: "Privacy Law and Society"

"Privacy Law and Society" by Anita Allen (West Group 2007)


Professor Anita L. Allen and Henry R. Silverman have written a new
privacy law textbook geared to American law schools. The textbook also
has the advantage of being versatile enough to be used by instructors of
a wide range of topics from undergraduate Constitutional Law to Personal
Decision Making, Information Society, Surveillance Society, and
Journalism and First Amendment. Professor Allen offers instructors who
use the textbook additional resources in the form of model syllabi for
courses and a Teacher's Manual.

Selected case law illustrates the core privacy values enumerated in the
torts of intrusion by physical or other means upon the seclusion of
another; publication of the private life of another; breach of
confidentiality; appropriation of the name or likeness of another;
rights in a performance; and making public matters that cast another in
a false light. In a discussion concerning reasonable expectations of
privacy, the textbook asks: how much privacy should be expected for a
person receiving medical care in their home versus a hospital; having
photographs developed by a Wal-Mart photo shop; being credited with
saving a President's life; being infected with HIV/AIDS; being
incarcerated; being in public view; traveling by air; owning a firearm;
being in a personal relationship; being at work, at play, or in a court;
having with relatives with criminal backgrounds; having health records;
attending a school; participating in a faith community; being under
emotional distress… and the list goes on.

However, according to the authors of the textbook the law does not
establish a "walled-off" domain where privacy can reside because
components of privacy are incorporated into every aspect of our lives.
For example, while marriage is a private relationship, the government
can require licenses and blood tests. The case for privacy is found in
philosophical, sociological, and human rights works that chronicle the
development of personal space, where people choose with whom they
associate general and personal ways. These relationships are further
broken down into levels of intimacy i.e. family, co-workers, classmates,
associates, and acquaintances. These categories may be further defined
as wife/husband, significant other, partner,
children/stepchildren/adopted, parents/in-laws/grandparents, cousins,
and aunts/uncles, etc.

Whether you are looking for a great resource for an academic course on
privacy law, a straightforward discussion of privacy from a real world
context, or a good practitioner's desk reference on privacy law cases in
the United States, I highly recommend this textbook.

-- Lillie Coney


EPIC Publications:

"Information Privacy Law: Cases and Materials, Second Edition" Daniel J.
Solove, Marc Rotenberg, and Paul Schwartz. (Aspen 2005). Price: $98.

This clear, comprehensive introduction to the field of information
privacy law allows instructors to enliven their teaching of fundamental
concepts by addressing both enduring and emerging controversies. The
Second Edition addresses numerous rapidly developing areas of privacy
law, including: identity theft, government data mining and electronic
surveillance law, the Foreign Intelligence Surveillance Act,
intelligence sharing, RFID tags, GPS, spyware, web bugs, and more.
Information Privacy Law, Second Edition, builds a cohesive foundation
for an exciting course in this rapidly evolving area of law.


"Privacy & Human Rights 2006: An International Survey of Privacy Laws
and Developments" (EPIC 2007). Price: $75.

This annual report by EPIC and Privacy International provides an
overview of key privacy topics and reviews the state of privacy in over
75 countries around the world. The report outlines legal protections,
new challenges, and important issues and events relating to privacy.
Privacy & Human Rights 2006 is the most comprehensive report on privacy
and data protection ever published.


"FOIA 2004: Litigation Under the Federal Open Government Laws," Harry
Hammitt, David Sobel and Tiffany Stedman, editors (EPIC 2004). Price:

This is the standard reference work covering all aspects of the Freedom
of Information Act, the Privacy Act, the Government in the Sunshine Act,
and the Federal Advisory Committee Act.  The 22nd edition fully updates
the manual that lawyers, journalists and researchers have relied on for
more than 25 years.  For those who litigate open government cases (or
need to learn how to litigate them), this is an essential reference


"The Public Voice WSIS Sourcebook: Perspectives on the World Summit on
the Information Society" (EPIC 2004). Price: $40.

This resource promotes a dialogue on the issues, the outcomes, and the
process of the World Summit on the Information Society (WSIS).  This
reference guide provides the official UN documents, regional and
issue-oriented perspectives, and recommendations and proposals for
future action, as well as a useful list of resources and contacts for
individuals and organizations that wish to become more involved in the
WSIS process.


"The Privacy Law Sourcebook 2004: United States Law, International Law,
and Recent Developments," Marc Rotenberg, editor (EPIC 2005). Price:

The Privacy Law Sourcebook, which has been called the "Physician's Desk
Reference" of the privacy world, is the leading resource for students,
attorneys, researchers, and journalists interested in pursuing privacy
law in the United States and around the world. It includes the full
texts of major privacy laws and directives such as the Fair Credit
Reporting Act, the Privacy Act, and the OECD Privacy Guidelines, as well
as an up-to-date section on recent developments. New materials include
the APEC Privacy Framework, the Video Voyeurism Prevention Act, and the


"Filters and Freedom 2.0: Free Speech Perspectives on Internet Content
Controls" (EPIC 2001). Price: $20.

A collection of essays, studies, and critiques of Internet content
filtering.  These papers are instrumental in explaining why filtering
threatens free expression.


EPIC publications and other books on privacy, open government, free
expression, crypto and governance can be ordered at:

EPIC Bookstore http://www.epic.org/bookstore

"EPIC Bookshelf" at Powell's Books


EPIC also publishes EPIC FOIA Notes, which provides brief summaries of
interesting documents obtained from government agencies under the
Freedom of Information Act.

Subscribe to EPIC FOIA Notes at:

[8] Upcoming Conferences and Events

Seattle Technology Law Conference. December 13-14, 2007. Seattle, WA.
For more information: http://www.lawseminars.com/seminars/07COMWA.php

ACI’s 7th National Symposium on Privacy & Security of Consumer and
Employee Information.  January 23-24, 2008.  Philadelphia, PA.  For more
information: http://www.americanconference.com/privacy

Computer Professionals for Social Responsibility: Technology in Wartime
Conference. January 26, 2008. Stanford University. For more
information: http://cpsr.org/news/compiler/2007/Compiler200707#twc

Future of the Internet Economy - OECD Ministerial Meeting. June 14-18,
2008. Seoul, Korea. For more information:

Subscription Information

Subscribe/unsubscribe via web interface:


Back issues are available at:


The EPIC Alert displays best in a fixed-width font, such as Courier.

Privacy Policy

The EPIC Alert mailing list is used only to mail the EPIC Alert and to
send notices about EPIC activities.  We do not sell, rent or share our
mailing list.  We also intend to challenge any subpoena or other legal
process seeking access to our mailing list.  We do not enhance (link to
other databases) our mailing list or require your actual name.

In the event you wish to subscribe or unsubscribe your e-mail address
from this list, please follow the above instructions under "subscription

About EPIC

The Electronic Privacy Information Center is a public interest research
center in Washington, DC.  It was established in 1994 to focus public
attention on emerging privacy issues such as the Clipper Chip, the
Digital Telephony proposal, national ID cards, medical record privacy,
and the collection and sale of personal information. EPIC publishes the
EPIC Alert, pursues Freedom of Information Act litigation, and conducts
policy research.  For more information, see http://www.epic.org or write
EPIC, 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009. +1 202
483 1140 (tel), +1 202 483 1248 (fax).

Donate to EPIC

If you'd like to support the work of the Electronic Privacy Information
Center, contributions are welcome and fully tax-deductible.  Checks
should be made out to "EPIC" and sent to 1718 Connecticut Ave., NW,
Suite 200, Washington, DC 20009.  Or you can contribute online at:


Your contributions will help support Freedom of Information Act and
First Amendment litigation, strong and effective advocacy for the right
of privacy and efforts to oppose government regulation of encryption and
expanding wiretapping powers.

Thank you for your support.

------------------------- END EPIC Alert 14.22 -------------------------