EPIC logo

  
========================================================================
                            E P I C  A l e r t
========================================================================
Volume 15.02                                           January 23, 2008
------------------------------------------------------------------------

                             Published by the
                Electronic Privacy Information Center (EPIC)
                             Washington, D.C.
              http://www.epic.org/alert/EPIC_Alert_15.02.html


========================================================================
Table of Contents
========================================================================
[1] EPIC Urges European Parliament to Act on Google-DoubleClick Merger
[2] EPIC Proposes Privacy Conditions for Video Surveillance
[3] Consumer Privacy Coalition Files FTC Complaint Against Ask.com
[4] National Identification Plan Announced
[5] Federal Appellate Court Hears Case on Prescription Data and Privacy
[6] News in Brief
[7] EPIC Bookstore: "Legacy of Ashes"
[8] Upcoming Conferences and Events
    - Subscription Information
    - Privacy Policy
    - About EPIC
    - Donate to EPIC
	   http://www.epic.org/donate

========================================================================
[1] EPIC Urges European Parliament to Act on Google-DoubleClick Merger
========================================================================

On January 21, EPIC Executive Director Marc Rotenberg testified before
the European Parliament on the privacy policies of Internet search
engines. The hearing, entitled "Data Protection and Search Engines on
Internet: the Google-DoubleClick case," explored the privacy
implications of the Google-DoubleClick merger. EPIC highlighted the
increased risk of individual user identification associated with
database consolidation, storage of search queries, user IP addresses,
and information on user online activity.

Rotenberg stated that the European Commission must establish privacy
safeguards because the US Federal Trade Commission failed to do so
during the US merger review of Google and ad company DoubleClick.
Rotenberg also stated that Google was beginning to reveal the
characteristics of an "information monopolist" and that it was important
for governments to act to preserve the rights of citizens and to
safeguard competition and innovation in the information economy. While
the privacy implications of such mergers were largely ignored by the
FTC's Google-DoubleClick decision, EPIC emphasizes that the privacy
concerns were clearly recognized in the United States Congress.
Bipartisan support for an investigation into the matter was forthcoming
as numerous leading congressmen, senators, and consumer protection
experts voiced their concern about the privacy implications of the
merger.

One of the most interesting discussions to come out of the hearing dealt
with the question of whether an IP address constitutes personally
identifiable information. If so, then the practices of the major search
engines would violate the EU Data Directive. Germany's data protection
commissioner, Peter Schaar, said that an IP address "has to be regarded
as personal data" when someone is identified by it. Google retains the
IP address, the search query, the Google cookie and the time and date of
the search for two years for every single search request on every
Internet user in the world who uses the Google search product.


European Parliament, "Do internet companies protect personal data well
enough?" (press release):

     http://www.epic.org/redirect/eu_press.html

EPIC's Testimony before the European Parliament (pdf):

     http://epic.org/privacy/ftc/google/EPIC_LIBE_Submission.pdf

EPIC's page on Privacy? Proposed Google-DoubleClick Merger:

     http://epic.org/privacy/ftc/google/


========================================================================
[2] EPIC Proposes Privacy Conditions for Video Surveillance
========================================================================

In comments filed January 15 with the Department of Homeland Security,
EPIC detailed its "Framework for Protecting Privacy & Civil Liberties If
CCTV Systems Are Contemplated." EPIC explained that it "does not support
the creation nor the expansion of video surveillance systems, because
their limited benefits do not outweigh their enormous monetary and
social costs." EPIC's guidelines explain that (1) alternatives to CCTV
are preferred; (2) there must be a demonstrated need for the system; (3)
the public and privacy and security experts must be consulted before the
system is created; (4) Fair Information Practices must govern any use of
video surveillance; (5) there must be a privacy and civil liberties
assessment; and (6) there needs to be room to create enhanced safeguards
for any enhanced surveillance.

Despite an exponential increase in the number of publicly-funded CCTV
systems being deployed across the country, no uniform rules or
guidelines exist to protect the privacy rights or civil liberties of
individuals who are the subject of video surveillance.  Since 2003, the
Department of Homeland Security has allocated $230 million in grants to
communities and law enforcement bodies for creating and maintaining
camera surveillance systems, all without demonstrating that the money is
being effectively allocated. In its submission, EPIC argued that CCTV
systems are not effective law enforcement tools, and that studies show
that public money is put to better use by investing in proven law
enforcement and crime prevention techniques such as increasing the
number of police officers in communities.

CCTV surveillance systems not only waste limited public resources, they
also create a significant power imbalance that makes it all too easy for
individuals' privacy rights and civil liberties to be ignored by public
officials. The watched do not know who is watching, for the reason they
are being watch, or how the data is being recorded, stored or used.
Camera operators, on the other hand, are anonymous and may find that
they are in a position of power in which no one monitors their use of
the powerful technology at their disposal. Technological advancements
have made storage and consolidation of data easy, which creates some
very serious potential risks to privacy and civil liberties.

Within the few short years that publicly-funded CCTV systems have been
proliferating there have been many examples of the technology being
misused or abused by officials. At the 2004 Republican National
Convention in New York City, a police helicopter equipped with an
infrared camera was deployed to monitor protesters but instead filmed a
couple's intimate romantic activity on their terrace; the couple had
believed themselves shielded from public view by thick shrubbery. In
2005, a police officer used surveillance cameras to gaze at women's
breasts and buttocks at the San Francisco International Airport. Video
surveillance has also been used to record and identify individuals
engaged in peaceful protests, creating a chill on lawful activities
protected by the First Amendment. CCTV has also been proven to
facilitate discriminatory behavior. For example, studies have found that
black males are disproportionately singled out for additional scrutiny
when camera systems are used.

Given the significant potential for inappropriate or illegal behavior on
the part of CCTV operators, EPIC stated that public video surveillance
should only be deployed or expanded if the six stringent conditions are
met. The conditions set out in EPIC's comments will minimize the
negative impact that such systems, if deployed, would have on privacy
rights and civil liberties.

EPIC's Comments to the DHS (pdf):

     http://epic.org/privacy/surveillance/epic_cctv_011509.pdf

EPIC's Page on Video Surveillance:

     http://epic.org/privacy/surveillance/

Privacy International's Page on Video Surveillance:

     http://www.privacyinternational.org/issues/cctv/_index.html

DHS Privacy Office Page (includes information about DHS Privacy
Workshops):

     http://www.dhs.gov/xabout/structure/editorial_0338.shtm


========================================================================
[3] Consumer Privacy Coalition Files FTC Complaint Against Ask.com
========================================================================

On January 18, EPIC and five other privacy organizations filed a
complaint with the Federal Trade Commission against Ask.com alleging
that Ask.com is engaging in unfair and deceptive trade practices with
the representations concerning AskEraser, a new search service that
purports to protect privacy. On its site, Ask.com claimed that once
enabled, AskEraser would allow users to have more control of their
search activities and that all search activities would be deleted from
Ask.com servers "within hours." Ask.com also asserted that the new
search tool "will offer its searchers unmatched control over their
privacy."

Following the release of AskEraser last month, EPIC and several other
privacy organizations wrote to Ask.com's CEO Jim Lazone and requested
the company to modify some of the functions of this new product. After a
detailed study of the new search tool, EPIC found that Ask Eraser (1)
requires a confusing and misleading opt-out cookie, where once deleted,
the privacy setting is lost and Ask.com no longer honors the user's
privacy setting; (2) creates a quasi-unique identifier, where Ask.com
inserts the exact time (down to the second) that the user enabled Ask
Eraser; and (3) will be disabled without notice; despite indicating to
the user that the AskEraser function is enabled.

Ask.com has not yet responded to these requests.  Pending an adequate
resolution of the issues identified in the complaint, EPIC and the other
privacy groups called on the Commission to promote the development of
genuine Privacy Enhancing Techniques that would protect the privacy
interests of American consumers. Specifically, the complaint urged the
Commission to use its authority to review AskEraser's privacy flaws and
order Ask.com to remove AskEraser from the marketplace.

As a condition of offering AskEraser in the future, Ask.com should
meaningfully address the various privacy flaws associated with AskEraser
by (1) Ceasing to use the opt-out cookie; (2) Ceasing to create a
Persistent Identifier on customers; (3) Providing meaningful notice if
the service will be disabled; and (4) Establishing enforceable privacy
safeguards for the transfer of user information to third parties,
consistent with Ask.com's own policies.

EPIC's Complaint to the FTC (pdf):

     http://epic.org/privacy/ask/epic_askeraser_011908.pdf

EPIC's letter to Ask.com (December 20, 2007) (pdf):

     http://epic.org/privacy/ask/EPIC_%20AskEraser.pdf

Ask.com's Ask Eraser's FAQ Page:

     http://sp.ask.com/en/docs/about/askeraser.shtml


========================================================================
[4] National Identification Plan Announced
========================================================================

On January 11, Department of Homeland Security Secretary Michael
Chertoff released the agency's final regulations for REAL ID, the
national identification system. The proposal has drawn sharp criticism
from state governments, members of Congress, civil liberties advocates,
and security experts. The law was passed in 2005 and will require
significant changes to the state driver's license if such ID cards are
to be use for "federal purposes."

REAL ID was appended to a bill providing tsunami relief and military
appropriations, and passed with little debate and no hearings. The REAL
ID Act repealed provisions in the Intelligence Reform and Terrorism
Prevention Act of 2004, which contained "carefully crafted language --
bipartisan language -- to establish standards for States issuing
driver's licenses," according to Sen. Richard Durbin.

In the final regulations, Secretary Chertoff scaled back some of the
requirements, reduced the cost, and extended the deadline for state
compliance. As part of the cost-saving effort, Homeland Security has
decided not to encrypt the data that will be stored on the card, leaving
the data open for download by third parties, such as clubs and bars. The
agency said that it would make $360 million available to the states to
implement REAL ID -- $80 million in dedicated funding and the agency
will allow the states can use up to $280 million in homeland security
grant funding. States argue that those grants are apportioned to first
responder training, port security, and other homeland security programs,
and that funds should not be diverted away from these programs to pay
for the national identification system.

Homeland Security says that states must apply to the agency for an
extension and promise to implement the REAL ID national identification
system or else the states' driver's licenses and ID cards will not be
"accepted for federal purposes" beginning on May 11, 2008. Currently,
"federal purposes" is defined as entering federal buildings, boarding
commercial flights, and entering nuclear facilities. However, Secretary
Chertoff also indicated that the REAL ID card would be used for a wide
variety of purposes, unrelated to the law that authorized the system,
including employment verification and immigration determination. He also
indicated that the agency would not prevent the use of the card by
private parties for non-government purposes.

The states are rebelling against the national ID scheme. On January 18,
Montana governor Brian Schweitzer wrote to the governors of 17 states
asking them to join him in rejecting the REAL ID system. Montana is one
of 17 that has passed legislation against REAL ID. "Today, I am asking
you to join with me in resisting the DHS coercion to comply with the
provisions of REAL ID," Gov. Schweitzer wrote. "I would like us to speak
with one, unified voice and demand the Congress step in and fix this
mess."

Congress is considering legislation to repeal REAL ID. Sen. Patrick
Leahy, who co-sponsored legislation to replace REAL ID with the
negotiated rulemaking process originally enacted in the 2004
Intelligence Reform and Terrorist Prevention Act, criticized the final
regulations. "The Bush administration's REAL ID program will not only
lead to long lines at every DMV across the country, it will impose a
massive unfunded mandate on state governments while offering absolutely
no federal privacy protections to our citizens," Sen. Leahy said. "It is
unfortunate that instead of addressing the fundamental problems this law
poses for the states, the Administration appears content merely to
prolong a contentious and unproductive battle to force the states to
comply."

The Department of Homeland Security has also been criticized for its own
poor security practices. In May 2007, a Homeland Security office lost
the personal data of 100,000 employees. According to security expert
Bruce Schneier, "Measures like REAL ID have limited security benefit.
Identification systems are complex, and the unforgability of the plastic
card is only a small part of the security equation.  Issuance
procedures, verification procedures, and the back-end database are far
more vulnerable to abuse, and -- perversely -- a harder-to-forge card
makes subverting the system even more valuable. Good security doesn't
try to divine intentionality from identification, but instead provides
for broad defenses regardless of identification."

Department of Homeland Security's Page on REAL ID (including links to
Final Rule and final Privacy Impact Assessment):

     http://www.dhs.gov/xprevprot/programs/gc_1200062053842.shtm

Sen. Patrick Leahy, Press Release about REAL ID Final Regulations (Jan.
11, 2008):

     http://leahy.senate.gov/press/200801/011108a.html

Letter From Montana Governor to 17 States (Jan. 18, 2008) (pdf):

     http://governor.mt.gov/brian/RealID_080118.pdf

Stop REAL ID Campaign:

     http://www.privacycoalition.org/stoprealid/

EPIC's Press Release: Homeland Security Department Announces Deeply
Flawed Regulations For National ID System (Jan. 11, 2008):

     http://epic.org/press/011108.html

EPIC's Page on National ID Cards and REAL ID Act (includes links to
states' anti-REAL ID legislation):

     http://epic.org/privacy/id-cards/


========================================================================
[5] Federal Appellate Court Hears Case on Prescription Data and Privacy
========================================================================

Earlier this month, the First Circuit Court of Appeals heard oral
arguments in a case concerning a New Hampshire state law banning the
sale of prescribe-identifiable prescription drug data for marketing
purposes. In August, EPIC and 16 experts in privacy and technology filed
a "friend of the court" brief urging the First Circuit Court of Appeals
to reverse the ruling of the lower court, which held that the NH
Prescription Confidentiality Act violated the free speech rights of data
mining companies.

On June 30, 2006, the New Hampshire legislature unanimously passed the
Prescription Confidentiality Act, which prohibits prescription
information records that contain patient- or prescriber-identifiable
data from being transferred, licensed, sold, or used for most commercial
purposes. This includes marketing, advertising, and other forms of
promotion. The Act specifically bars the use of prescriber-identifiable
data for "physician detailing," which involves the sale of patient
prescription records to datamining firms that generate sales leads for
pharmaceutical companies. The Act explicitly permitted the use of this
data for such non-commercial purposes as research and education.

The Plaintiffs-Appellees, IMS Health and Verispan, are both data mining
companies which purchase and compile prescription information in order
to sell the data. In the District Court, IMS Health and Verispan alleged
that the new Act violated their First Amendment right to free speech,
claiming that: 1) the law was subject to strict scrutiny because it
provided a content-based restriction on non-commercial free speech; 2)
the law violated the First Amendment because it was not narrowly
tailored to serve compelling state interests; and 3) if the judge
determined that the law was subject to intermediate scrutiny because it
only restricted commercial speech, it still did not advance a
substantial government interest in a narrowly tailored way.

In the State's defense, the Attorney General argued: 1) that the law did
not implicate the First Amendment because it did not regulate speech;
and even if the Act did implicate speech, 2) the law should survive
intermediate scrutiny because it advanced the State's substantial
interests in promoting public health, controlling health care costs and
protecting the privacy of patients and doctors, while still allowing the
data to be used for non-commercial purposes. The District Court rejected
all of the Attorney General's arguments, finding that the government did
not have an interest in "preventing the dissemination of truthful
commercial information" and that the law was more expansive than
necessary to promote the State's interests. The District Court held that
the Act did not advance a substantial interest in protecting the privacy
of patients and health care providers. New Hampshire appealed to the
First Circuit Court of Appeals, which will soon hear the case.

There are approximately 1.4 million health care providers in the United
States. These providers write billions of prescriptions each year for
more than 8,000 different pharmaceutical products, which are filled at
54,000 retail pharmacies throughout the country. For every prescription
they fill, the retail pharmacies acquire records, which include: patient
name; prescriber identification; drug name; dosage requirement;
quantity; and date filled. In order to comply with federal and state
privacy laws, patient-identifying information is encrypted and
de-identified, often with software installed by the datamining companies
themselves. The rest of the prescription record remains intact. Thus, a
patient's entire drug history is correlated, and each provider can be
identified along with its prescribing habits. This practice raises
privacy concerns for both patients and health care providers, said EPIC
and the 16 experts in their brief.

EPIC and the experts said the lower court should be reversed, because it
failed to consider the substantial privacy interest in de-identified
patient data. Although de-identification measures are increasingly
innovative and computationally complex, patient data is still vulnerable
to attacks because sophisticated re-identification programs are also
being developed, the experts said. Individuals can be re-identified
using information such as zip code, date of birth, and gender and then
comparing that data to publicly available information. Such information
is easily accessible via birth and death records, incarceration reports,
voter registration files, and driver's license information.

This privacy interest in part flows from the reality that data may not
be, in fact, truly de-identified, and also because de-identified data
does impact actual individuals. The experts explained that (1) the
information is not truly anonymized; (2) as a result, there are real
dangers to patient privacy in having this data trade, and therefore (3)
the state interest in protecting patient privacy, ignored by the court
below, requires reversal.

Also this month, the nation's first law requiring consumer notification
of security breaches concerning medical data went into effect.
California's AB1298 expands the state's data breach notification law to
include: unencrypted medical histories, mental or physical conditions,
medical treatments and diagnoses, unencrypted insurance policy or
subscriber numbers, applications for insurance, and claims histories and
appeals. The law applies to all state agencies and companies that do
business with state residents.

California's AB1298, expanding state data breach notification law to
include medical information (pdf):

     http://www.epic.org/redirect/AB1298.html

Amicus Brief of EPIC and 16 Experts in Privacy Law and Technology
(August 20, 2007) (pdf):

     http://www.epic.org/privacy/imshealth/epic_ims.pdf

Opinion of the District Court (April 30, 2007) (pdf):

     http://www.epic.org/privacy/imshealth/dist_ct_op.pdf

New Hampshire Prescription Confidentiality Act:

     http://www.gencourt.state.nh.us/legislation/2006/HB1346.html

EPIC's page on IMS Health v. Ayotte:

     http://www.epic.org/privacy/imshealth/



========================================================================
[6] News in Brief
========================================================================

UK Considers Implanting Prisoners With RFID Chips

The United Kingdom is planning to implant "machine-readable" radio
frequency identification (RFID) tags under the skin of thousands of
offenders in a move to create more space in British jails. Amid concerns
about the security and removal of existing tagging systems, the Ministry
of Justice is investigating the use of satellite and radio-wave
technology to monitor criminals placed in the community. But instead of
being contained in bracelets worn around the ankle, the tiny chips would
be surgically inserted under the skin of offenders. The RFID tags, as
long as two grains of rice, are able to carry scanable personal
information about individuals, including their identities, address and
offending record.  EPIC has spoken out against the use of RFID
technology for identifying individuals, highlighting the privacy and
security issues.  In October 2007, California became the third state to
sign into a law a bill that broadly prohibits the implantation of RFID
chips into humans without consent.

EPIC's page on RFID Systems:

     http://epic.org/privacy/rfid/


Reports: Privacy and Security in Government

The Congressional Research Service released a report on intelligence
issues facing Congress in the new year. The Report summarizes the debate
on changes to the Foreign Intelligence Surveillance Act. The report also
discusses the implementation of the Intelligence Reform Act, which
created the position of the Director of National Intelligence. The
Research Service provides policy and legal analysis in a non-partisan
basis to members of Congress.

The Government Accountability Office (GAO) has found that the IRS has
made "limited progress" in addressing information security weaknesses.
The GAO previously identified 98 weaknesses, and of these only 29 have
been adequately addressed. The IRS continues to issue passwords that are
not complex, grants excessive access to individuals without need, and
fails to install security patches in a timely manner. These and other
weaknesses threaten the confidentiality of IRS data processing systems.

CRS: Intelligence Issues for Congress (pdf):

     http://www.fas.org/sgp/crs/intel/RL33539.pdf

GAO: IRS Needs to Address Pervasive Weaknesses (pdf):

     http://www.gao.gov/new.items/d08211.pdf

EPIC's page on FISA:

     http://www.epic.org/privacy/terrorism/fisa/


Study: Americans Increasingly Concerned About Online Privacy

Privacy concerns stemming from online shopping rose in 2007, a new study
finds, as the loss or theft of credit card information and other
personal data soared to unprecedented levels. Sixty-one percent of adult
Americans said they were very or extremely concerned about the privacy
of personal information when buying online, an increase from 47 percent
in 2006. Before last year, that figure had largely been dropping since
2001. People who do not shop online tend to be more worried, as are
newer Internet users, regardless of whether they buy things on the
Internet, according to the survey from the University of Southern
California's Center for the Digital Future.

2008 Digital Future Report Highlights:

     http://www.digitalcenter.org/pages/current_report.asp?intGlobalId=19

EPIC's page on Social Networking Privacy:

     http://www.epic.org/privacy/socialnet/


Facebook Data Retention Investigated in UK

Social networking site Facebook is under investigation by the UK
Information Commissioner for its data retention practices. Facebook
users may "deactivate" their accounts, leaving their personal
information on Facebook servers but inaccessible to the public. Users
have to individually delete each profile element. The investigation
follows a complaint from a user unable to fully delete his profile. The
Information Commissioner is an independent authority that protects
personal information.

EPIC's page on Facebook:

     http://www.epic.org/privacy/facebook


========================================================================
[7] EPIC Bookstore: "Nation of Secrets"
========================================================================

Legacy of Ashes: The History of the CIA by Tim Weiner (Doubleday 2007).

     http://www.powells.com/partner/24075/biblio/9780385514453

"For the last sixty years, the CIA has managed to maintain a formidable
reputation in spite of its terrible record, burying its blunders in
top-secret archives. Its mission was to know the world. When it did not
succeed, it set out to change the world. Its failures have handed us, in
the words of President Eisenhower, “a legacy of ashes.”

“Now Pulitzer Prize-winning author Tim Weiner offers the first
definitive history of the CIA-and everything is on the record. LEGACY OF
ASHES is based on more than 50,000 documents, primarily from the
archives of the CIA itself, and hundreds of interviews with CIA
veterans, including ten Directors of Central Intelligence. It takes the
CIA from its creation after World War II, through its battles in the
cold war and the war on terror, to its near-collapse after 9/ll.”

“Tim Weiner's past work on the CIA and American intelligence was hailed
as “impressively reported” and “immensely entertaining” in The New York
Times. The Wall Street Journal called it “truly extraordinary . . . the
best book ever written on a case of espionage.” Here is the hidden
history of the CIA: why eleven presidents and three generations of CIA
officers have been unable to understand the world; why nearly every CIA
director has left the agency in worse shape than he found it; and how
these failures have profoundly jeopardized our national security."


================================


EPIC Publications:

"Information Privacy Law: Cases and Materials, Second Edition" Daniel J.
Solove, Marc Rotenberg, and Paul Schwartz. (Aspen 2005). Price: $98.
http://www.epic.org/redirect/aspen_ipl_casebook.html

This clear, comprehensive introduction to the field of information
privacy law allows instructors to enliven their teaching of fundamental
concepts by addressing both enduring and emerging controversies. The
Second Edition addresses numerous rapidly developing areas of privacy
law, including: identity theft, government data mining and electronic
surveillance law, the Foreign Intelligence Surveillance Act,
intelligence sharing, RFID tags, GPS, spyware, web bugs, and more.
Information Privacy Law, Second Edition, builds a cohesive foundation
for an exciting course in this rapidly evolving area of law.

================================

"Privacy & Human Rights 2006: An International Survey of Privacy Laws
and Developments" (EPIC 2007). Price: $75.
http://www.epic.org/phr06/

This annual report by EPIC and Privacy International provides an
overview of key privacy topics and reviews the state of privacy in over
75 countries around the world. The report outlines legal protections,
new challenges, and important issues and events relating to privacy.
Privacy & Human Rights 2006 is the most comprehensive report on privacy
and data protection ever published.

================================

"FOIA 2006: Litigation Under the Federal Open Government Laws," Harry
A. Hammitt, Marc Rotenberg, Melissa Ngo, and Mark S. Zaid, editors
(EPIC 2007). Price: $50. http://www.epic.org/bookstore/foia2006

This is the standard reference work covering all aspects of the Freedom
of Information Act, the Privacy Act, the Government in the Sunshine Act,
and the Federal Advisory Committee Act.  The 23nd edition fully updates
the manual that lawyers, journalists and researchers have relied on for
more than 25 years.  For those who litigate open government cases (or
need to learn how to litigate them), this is an essential reference
manual.

================================

"The Public Voice WSIS Sourcebook: Perspectives on the World Summit on
the Information Society" (EPIC 2004). Price: $40.
http://www.epic.org/bookstore/pvsourcebook

This resource promotes a dialogue on the issues, the outcomes, and the
process of the World Summit on the Information Society (WSIS).  This
reference guide provides the official UN documents, regional and
issue-oriented perspectives, and recommendations and proposals for
future action, as well as a useful list of resources and contacts for
individuals and organizations that wish to become more involved in the
WSIS process.

================================

"The Privacy Law Sourcebook 2004: United States Law, International Law,
and Recent Developments," Marc Rotenberg, editor (EPIC 2005). Price:
$40.
http://www.epic.org/bookstore/pls2004/

The Privacy Law Sourcebook, which has been called the "Physician's Desk
Reference" of the privacy world, is the leading resource for students,
attorneys, researchers, and journalists interested in pursuing privacy
law in the United States and around the world. It includes the full
texts of major privacy laws and directives such as the Fair Credit
Reporting Act, the Privacy Act, and the OECD Privacy Guidelines, as well
as an up-to-date section on recent developments. New materials include
the APEC Privacy Framework, the Video Voyeurism Prevention Act, and the
CAN-SPAM Act.

================================

"Filters and Freedom 2.0: Free Speech Perspectives on Internet Content
Controls" (EPIC 2001). Price: $20.
http://www.epic.org/bookstore/filters2.0

A collection of essays, studies, and critiques of Internet content
filtering.  These papers are instrumental in explaining why filtering
threatens free expression.

================================

EPIC publications and other books on privacy, open government, free
expression, crypto and governance can be ordered at:

EPIC Bookstore http://www.epic.org/bookstore

"EPIC Bookshelf" at Powell's Books
http://www.powells.com/bookshelf/epicorg.html

================================

EPIC also publishes EPIC FOIA Notes, which provides brief summaries of
interesting documents obtained from government agencies under the
Freedom of Information Act.

Subscribe to EPIC FOIA Notes at:
https://mailman.epic.org/cgi-bin/control/foia_notes


========================================================================
[8] Upcoming Conferences and Events
========================================================================

Computer Professionals for Social Responsibility: Technology in Wartime
Conference. January 26, 2008. Stanford University. For more
information: http://cpsr.org/news/compiler/2007/Compiler200707#twc

Mobility, Data Mining And Privacy: Preserving Anonymity in
Geographically Referenced Data. February 14, 2008. Rome, Italy. For more
information http://wiki.kdubiq.org/mobileDMprivacyWorkshop

ALI-ABA, Privacy Law: Developments, Planning, and Litigation. March
13-14, 2008. Washington, D.C. For more
information http://www.ali-aba.org/CN090

CFP 2008: Technology Policy 08. New Haven, Connecticut. May 19-23,
2008. For more information http://www.cfp2008.org

Future of the Internet Economy - OECD Ministerial Meeting. June 17-18,
2008. Seoul, Korea. For more information:
http://www.oecd.org/document/19/0,2340,en_2649_37441_38051667
_1_1_1_37441,00.html

Conference on Ethics, Technology and Identity. The Hague. June 18-20,
2008. For more information http://www.ethicsandtechnology.eu/ETI

======================================================================
Subscription Information
======================================================================

Subscribe/unsubscribe via web interface:

https://mailman.epic.org/cgi-bin/mailman/listinfo/epic_news

Back issues are available at:

http://www.epic.org/alert

The EPIC Alert displays best in a fixed-width font, such as Courier.

========================================================================
Privacy Policy
========================================================================

The EPIC Alert mailing list is used only to mail the EPIC Alert and to
send notices about EPIC activities.  We do not sell, rent or share our
mailing list.  We also intend to challenge any subpoena or other legal
process seeking access to our mailing list.  We do not enhance (link to
other databases) our mailing list or require your actual name.

In the event you wish to subscribe or unsubscribe your e-mail address
from this list, please follow the above instructions under "subscription
information."

========================================================================
About EPIC
========================================================================

The Electronic Privacy Information Center is a public interest research
center in Washington, DC.  It was established in 1994 to focus public
attention on emerging privacy issues such as the Clipper Chip, the
Digital Telephony proposal, national ID cards, medical record privacy,
and the collection and sale of personal information. EPIC publishes the
EPIC Alert, pursues Freedom of Information Act litigation, and conducts
policy research.  For more information, see http://www.epic.org or write
EPIC, 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009. +1 202
483 1140 (tel), +1 202 483 1248 (fax).

========================================================================
Donate to EPIC
========================================================================

If you'd like to support the work of the Electronic Privacy Information
Center, contributions are welcome and fully tax-deductible.  Checks
should be made out to "EPIC" and sent to 1718 Connecticut Ave., NW,
Suite 200, Washington, DC 20009.  Or you can contribute online at:

http://www.epic.org/donate

Your contributions will help support Freedom of Information Act and
First Amendment litigation, strong and effective advocacy for the right
of privacy and efforts to oppose government regulation of encryption and
expanding wiretapping powers.

Thank you for your support.

------------------------- END EPIC Alert 15.02 -------------------------

.