EPIC logo

=======================================================================
                              E P I C   A l e r t
=======================================================================
Volume 15.21                                           October 24, 2008
-----------------------------------------------------------------------

                                Published by the
                   Electronic Privacy Information Center (EPIC)
                                Washington, D.C.

                 http://www.epic.org/alert/EPIC_Alert_15.21.html


=======================================================================
Table of Contents
=======================================================================
[1] EPIC Launches E-Deceptive Campaign Practices Report
[2] Supreme Court to hear ID Theft Case
[3] Protecting Privacy in a Borderless World
[4] Privacy Commissioners Call for International Privacy Standard
[5] DHS Clears Secure Flight Although Watchlist Questions Remain
[6] News in Brief
[7] EPIC Bookstore: "The Shadow Factory"
[8] Upcoming Conferences and Events
  	- Subscription Information
  	- Privacy Policy
  	- About EPIC
  	- Donate to EPIC http://www.epic.org/donate
  	- Support Privacy '08 http://www.privacy08.org

=======================================================================
[1] EPIC Launches E-Deceptive campaign Practices Report
=======================================================================

This week the Electronic Privacy Information Center issued a report on 
electronic deceptive campaign practices and the 2008 election.
Deceptive campaign practices are attempts to misdirect targeted voters
regarding the voting process for public elections. Election activity
that would be considered deceptive could include false statements about
polling times, date of the election, voter identification rules, or
the eligibility requirements for voters who wish to cast a ballot.
Historically, disinformation and misinformation efforts intended to
suppress voter participation have been systemic attempts to reduce
voter participation among low-income, minority, young, disabled, and
elderly voters. 

EPIC's "E-Deceptive Campaign Practices Report: Internet Technology &
Democracy 2.0" focuses on the challenge of deceptive election related
communications while online. The report looks at the potential for
deceptive tactics, including spoofing, pharming and phishing, denial
of service, social engineering, rumor-mongering, and link bombs. The
tools of Internet communications, such as search engines, e-mail,
social networking, Web advertising and behavioral targeting, VoIP,
and e-mail are reviewed. The report outlined deceptive tactics seen so
far this election season, and made recommendations on what Election
Protection, Election Administrators, and voters might do to protect
themselves.
 
In 2008, millions of new voters are engaging the political process
through Internet communication, which presents an opportunity to review
the technology and the incident of e-deceptive campaign practices.
Voters are relying on Internet enabled communications to engage in
political decision-making. Deceptive practices tactics that target
e-mail, instant message, and cell phone users can compress the timeline
for launching successful disinformation and misinformation attacks from
days to hours or minutes.

Common Cause, in collaboration with the Lawyers Committee for Civil
Rights Under Law, published the law and policy version of the report.
EPIC's voting project also published recommendations on the use of
electronic voting systems for the November 4, 2008 election.


E-Deceptive Campaign Practices Report:
Internet Technology & Democracy 2.0:
     http://votingintegrity.org/pdf/edeceptive_report.pdf 

EPIC Voting Project:
     http://votingintegrity.org

EPIC Voting Privacy Page:
     http://epic.org/privacy/voting/ 

Voting Machine Recommendations:
     http://votingintegrity.org/pdf/voting_machine_recommend-2008.pdf

Common Cause Report:
     http://www.commoncause.org/deceptivepracticesreport


=======================================================================
[2] Supreme Court to Hear ID Theft Case
=======================================================================

On October 20, 2008, the Supreme Court announced that it will review a
case that imposed enhanced criminal identity theft penalties on a
person who presented an identity document that contained his own name.
The Court will determine whether individuals who include identification
numbers that are not theirs, but don't intentionally impersonate
others, can be subject to harsher punishments under federal law. 

In Flores-Figueroa v. United States, the petitioner challenged his
conviction for "aggravated identity theft" under the Identity Theft
Penalty Enhancement Act. Flores-Figueroa maintains that he did not
commit identity theft when he used an identity document with his real
name and an identity number that was not his to maintain employment. 

The federal law provides for enhanced penalties when a person
"knowingly transfers, possesses, or uses, without lawful authority, a
means of identification of another person." Flores-Figuero identified
himself by his real name to his employer, but provided a false Social
Security Number and false Permanent Resident Number. Both ID numbers
were issued to someone else, but neither person shared Flores-Figuero's
name, and the government presented no evidence that Flores-Figuero knew
that the ID numbers were assigned to real people. The case will resolve
whether a person can be convicted of aggravated identity theft if he
does not "knowingly" use an ID number assigned to "another person."

Federal courts have split over this issue. Courts in the First, Ninth,
and D.C. Circuit, which cover New England, seven western states, and
the nation's capitol, require the government to prove that alleged
identity thieves knew that their bogus ID numbers belonged to real
people. Conversely, courts in the Fourth, Eighth, and Eleventh
Circuits, which cover the coastal southeast, several gulf states, and
much of the upper midwest, permit convictions even if the government
concedes that the accused simply made up an ID number. In his petition
requesting Supreme Court review, Flores-Figuero argued that "this
division of authority is considered, entrenched, and untenable.
The continued disparate application of the severe penalties ... to
similarly situated defendants should not endure."
 
EPIC's Flores-Figueroa v. United States page:
     http://epic.org/privacy/flores-figueroa/

EPIC's Identity Theft Page:
     http://epic.org/privacy/idtheft/

Petitioner's Brief for Supreme Court Review in
Flores-Figueroa v. United States:
     http://epic.org/privacy/flores-figueroa/pet_cert.pdf

The Government's Brief Regarding Supreme Court Review in
Flores-Figueroa v. United States:
     http://epic.org/privacy/flores-figueroa/gov_cert.pdf

The Federal Appellate Court's Decision in
Flores-Figueroa v. United States:
     http://epic.org/privacy/flores-figueroa/8th_Cir.pdf



=======================================================================
[3] Protecting Privacy in a Borderless World
=======================================================================

Delegates at the 30th International Data Protection Conference in
Strasbourg, France called for increased international co-operation
among data protection authorities and emphasized that data protection
must play a more prominent role in the policies of public and private
institutions. The event jointly organized by the French and German Data
Protection Authorities to celebrate the 30th anniversary of their
institutions was held under the auspices of French Presidency Sarkozy
and attracted about 600 participants from all over the world.

The data protection commissioners gathered at Strasbourg recalled the
Montreux Declaration adopted at the 2005 conference and urged law
makers worldwide to adopt rules or adapt their existing regulations to
provide adequate answers to the data breaches and losses occurring
these days. Personal data should only be collected and processed if the
purpose is clearly laid down and the persons concerned are properly
informed of such processing. In light of recent scandals all over the
world, a strong independent supervision with tangible sanction powers
is more necessary than ever, said the delegates

One of the most important topics raised in Strasbourg was the
protection of minors and their private sphere. Representatives from
around 60 countries agreed that an education-based approach is the best
way to teach youngsters how to surf the Internet in a privacy-friendly
way while also respecting the rights of others. A resolution adopted by
the commissioners calls on website operators to adapt their privacy
policies to the needs of children by informing them in clear and simple
language about the risks they might face when online.

Another important resolution summarizing the debates during the open
sessions focused on social networks and their potential harm to users
who are often unaware of the consequences the widespread dissemination
of information related to them and to third persons in such networks
might have. In particular, the commissioners point out that service
providers have a special responsibility for such services. Providers
should inform users on how to limit access to personal information.
Opt-out for general profile data and opt-in for sensitive data should
be offered. Users need to know that little protection exists against
the copying of personal data they put into their profiles regardless
of whether these data concern themselves or others.

The Conference also highlighted the importance of increased
co-operation between the data protection community and the business
sector. In a globalised world, essential guarantees for smooth and
flexible data transfers are more needed than ever. Personal Information
of customers and consumers should only be processed under strict
conditions. Data protection must not be considered as an obstacle by
the corporate world but should be conceived as an asset in business to
consumer relations, said the delegates.

The Conference supported a proposal to set up a working group to
establish an international data protection award. The 31st
International Data Protection Conference will be held in Madrid next
year.

30th International Data Protection Conference:
     http://www.privacyconference2008.org

Resolutions Adopted:
     http://www.privacyconference2008.org/index.php?page_id=197

EPIC Privacy and Human Rights report
     http://epic.org/phr06/



=======================================================================
[4] Privacy Commissioners Call for International Privacy Standard
=======================================================================

Among the most significant of the resolutions adopted at the 30th
annual Conference of the Privacy and Data Protection commissioners was
a proposal to establish an international standard for privacy and
personal data protection in a borderless. The resolution, prepared by
the privacy agencies of Spain and Switzerland and joined by twenty
other twenty protection authorities, called for the establishment of a
legally binding instrument on data protection and privacy.
Among the key findings, the Conference said:
	- The rights to data protection and privacy are fundamental
	  rights of every individual irrespective of his nationality or
	  residence.
	- With the expansion of the information society, the rights to
	  data protection and privacy are essential conditions in a
	  democratic society to safeguard the respect for the rights of
	  individuals, a free flow of information and an open market
	  economy.
	- The globalisation of information exchange and personal data
	  processing, the complexity of systems, the potential harms
	  derived from the misuse of more and more powerful
	  technologies and the increase of security measures require a
	  quick and adequate answer to guarantee the respect for rights
	  and fundamental freedoms, and in particular the right to
	  privacy.
	- The persisting data protection and privacy disparities in the
	  world, in particular due to the fact that many states have
	  not yet passed adequate laws, harm the exchange of personal
	  information and the implementation of effective global data
	  protection.

The Conference noted the central role of Convention 108 of the Council
of Europe in the establishment of an international privacy framework
and stated:
	The Conference supports the efforts that the Council of Europe
	is making to improve the fundamental rights to data protection
	and privacy. Therefore the Conference invites the member-states
	of this organization which have not yet ratified the Convention
	for the protection of individuals with regard to automatic
	processing of personal data and to its additional protocol to
	do so. The Conference invites non- member states in a position
	to do so to consider responding to the Council of Europe's
	invitation to accede to Convention STE No 108 and its
	additional protocol.

	Forty countries have ratified the Council of Europe Convention
	on Privacy. Non-member countries, such as the United States,
	Canada, and Japan, which recently signed on to the Council of
	Europe Cybercrime Convention, could presumably ratify the
	Council of Europe Convention on Privacy.

	The Conference also created a new working group, coordinated by
	the organizers of the 31st International conference and
	interested data protection authorities, that would draft a
	"Joint proposal for setting international standards on privacy
	and personal data protection."

	The Conference said that "the process of drafting this joint
	proposal should be carried out by encouraging extensive
	participation in the working groups, fora or hearings, of
	public and private organisations and entities, with the purpose
	of obtaining the broadest institutional and social consensus."

Council of Europe, "Convention for the Protection of Individuals with
Regard to Automatic Processing of Personal Data"
     http://conventions.coe.int/Treaty/en/Treaties/Html/108.htm

Council of Europe, "Convention on Cybercrime":
     http://conventions.coe.int/Treaty/en/Treaties/Html/185.htm

EPIC, Privacy Law Sourcebook (contains COE Convention 108):
     http://epic.org/bookstore/pls2004/



=======================================================================
[5] DHS Clears Secure Flight Although Watchlist Questions Remain
=======================================================================

The Department of Homeland Security (DHS) announced the Final Rule
allowing the Transportation Security Administration (TSA) to implement
the Secure Flight program. The rule directs airlines to provide the
agency with all passengers' details. The covered aircraft operators
must transmit to the TSA, if available, full name, date of birth,
gender, passport details, itinerary, reservation control number,
record sequence number, record type, passenger update indicator,
traveler reference number and, if applicable, the traveler's watchlist
complaint Redress Number related to passenger's challenges of watchlist
designations.

For the purposes of Secure Flight, the TSA initially defines watchlist
as he "No Fly List" and the "Selectee List" of the Terrorist Screening
Database (TSDB) maintained by the Terrorist Screening Center under the
jurisdiction of the Federal Bureau of Investigation (FBI). However,
when warranted by "security considerations", the definition may be
expanded to include other watchlists of the Federal government.
Further, if the passenger appears to be on the watchlist, a TSA analyst
will check other databases including governmental terrorist, law
enforcement, and intelligence databases in order to resolve the
problem.

The existence and operation of these watchlist can significantly hinder
the constitutional right to travel. First, passenger complete
reservations much prior to travel and then make other plans around it.
Being denied boarding upon arrival to the airport can prove extremely
distressing. Further, clearing one's name also requires giving up some
privacy. Initially the existence of such watchlists were denied; they
were finally admitted by the TSA in October 2002 through the efforts
of EPIC. The watchlists have always been riddled with errors. The
Inspector General of the US Department of Justice have found the
watchlist nomination to be incomplete or containing inaccuracies.
Recent news have revealed more incidents of false positives and
harrowing experiences of legitimate travelers.

In an attempt to redress the watchlist errors, the DHS initiated a
Traveler Inquiry Redress Program (DHS TRIP) which collects additional
information about a passenger. While this enables the screening out of
a passenger, it does not address how passenger's name appeared in the
watchlist in the first instance. EPIC testified before the Congress
in September on cleaning up the watchlists and underscored the Privacy
Act requirements and exemptions claimed by the DHS. EPIC also stressed
the need for limiting the over collection of information and
recommended appropriate penalties for violations of privacy and civil
liberties obligations.


DHS Final Rule on the Secure Flight program:
     http://edocket.access.gpo.gov/2008/pdf/E8-25432.pdf

TSA Secure Flight Program:
     http://www.tsa.gov/what_we_do/layers/secureflight/index.shtm

EPIC's Page on Secure Flight:
     http://epic.org/privacy/airtravel/secureflight.html

EPIC's Spotlight on Surveillance- Secure Flight should remain grounded:
     http://epic.org/privacy/surveillance/spotlight/0807/default.html

EPIC's testimony before Congress (September 2008):
     http://epic.org/privacy/airtravel/watchlist_test_090908.pdf

Watchlist FOIA Documents:
     http://epic.org/privacy/airtravel/foia/watchlist_foia_analysis.html

EPIC's page on air travel privacy:
     http://epic.org/privacy/airtravel/

EPIC's page on passenger profiling:
     http://epic.org/privacy/airtravel/profiling.html



=======================================================================
[6] News in Brief
=======================================================================



The Department of Homeland Security released the Privacy Office Annual
Report to Congress covering the period July 2007 to July 2008. The
report covers an overview of the DHS Privacy Office responsibilities,
activities compliance, initiatives, implementation of recommendations
of the 9/11 Commission as well as privacy complaints. The report gives
a summary of its Coordination with the Office of Civil Rights and Civil
Liberties, Privacy Office's Outreach to the Congress and also includes
Departmental Disclosures.
The report comes three months after completion of the period it
covered. Statutorily, the Chief Privacy Office must prepare annual
reports to the Congress. The last report was late by several months and
was finally issued earlier in February, this year. EPIC has urged the
timely publication of the DHS Privacy Reports so that a meaningful
evaluation can be carried out by interested parties.


DHS Privacy Office Annual Report to Congress:
     http://epic.org/redirect/102408_DHS_Report08.html

EPIC's page on DHS Privacy Report:
     http://epic.org/privacy/oversight/



Google's reply to Article 29 Working Party:

Article 29 Working Party issued a recommendation on April 4, 2008 an
opinion that search engine retain data for a maximum period of six
months and reaffirmed the applicability of European data protection law
which mandates deletion or irreversible anonymization of personal data
after that period. On September 8, 2008, Google replied that it would
reduce search data retention to nine months by anonymizing the
associated IP address. Christopher Soghoian, a former Technology Fellow
at EPIC drew attention to the fact that the anonymization was only
minimal as the IP address was partially anonymized and further, the
presence of a cookie would allow the future association of the search
data with the IP address and thus could reverse the anonymization. The
Chairman of the Working Party believes disagreements remained as Google
considered itself not subject to EU data protection law and wanted to
retain personal data beyond six months while considering IP address to
be confidential information only.

Google: The Beginnings of a dialog:
     http://epic.org/redirect/102408_Google_EU_dialog.html

Google answers Article 29 Working Party on data retention:
     http://epic.org/redirect/102408_Google_A29WP_reply.html

Surveillance State: Debunking Google's log anonymization propaganda:
     http://news.cnet.com/8301-13739_3-10038963-46.html

Google cuts data retention after EU privacy warning:
     http://euobserver.com/871/26718



Search engines for video surveillance:

Video surveillance will take on a whole new meaning if the Defense
Advanced Research Projects Agency (DARPA) is successful in implementing
technologies being developed under contracts to private firms worth
nearly $20 million. The method, dubbed the Video and Image Retrieval
and Analysis Tool (VIRAT) will analyze regular video as well as
infrared scanners and archive based on classes of activities or events
which includes digging, loitering, walking to following, gathering,
kissing and even shaking hands. This system is aimed at indexing and
searching databases of videos of movement automatically without human
interference.
Previously, EPIC had urged the scrutiny of the Department of Homeland
Security's proposal of overseeing vast amounts of digital fingerprints,
photographs and other personal information. Few years earlier, the
General Accounting Office had issued a report that identified almost
200 Federal data mining projects that were operational or were being
planned. EPIC had also obtained under the Freedom of Information Act
internal communications between DARPA employees considering data broker
Acxiom as a supplier of personal information for Total Information
Awareness (TIA).

DARPA building search engine for video surveillance footage:
     http://epic.org/redirect/102408_ArsTechina_vidsrvlnc.html

DARPA Contract Description Hints at Advanced Video Spying:
     http://epic.org/redirect/102408_WPOST_darpa.html

EPIC's page on Total Information Awareness:
     http://epic.org/privacy/profiling/tia/



Federal Court Applies Anti-Spam Protections to Web Site

On October 14, 2008, a federal court in Washington state allowed a spam
lawsuit to proceed, even though the claimant is not an internet service
provider. In Haselton v. Quicken Loans Inc., the web site Peacefire.org
sued an alleged spammer for the harm inflicted by spam on Peacefire's
online services. The court ruled that Peacefire, a web site that
provides anti-censorship tools, is an "Internet access service,"
and therefore entitled to pursue its case under the CAN-SPAM act, the
primary federal anti-spam law. The court further held that monetary
damages are not limited to e-mail service providers. The ruling is
consistent with other recent opinions that authorized anti-spam suits
by Internet social-networking services such as Facebook and MySpace.
EPIC has advocated for stronger anti-spam measures before Congress,
state legislatures, and federal regulators.

Federal Court Opinion Applying Anti-Spam Protections to Web Site:
     http://epic.org/privacy/junk_mail/spam/haselton.pdf

EPIC's SPAM - Unsolicited Commercial Email Page:
     http://epic.org/privacy/junk_mail/spam/



Federal Regulators Win Injunction Against Prescription Drug Spam Ring

On October 15, 2008, the Federal Trade Commission obtained a temporary
injunction against an international network of individuals responsible
for billions of unsolicited commercial emails. The spammers allegedly
used a world-wide network to barrage email users with deceptive offers
for prescription drugs, including Viagra and weight loss medication.
Federal regulators seek to shut down the network permanently, and
recover monetary damages, which they estimate to be substantial. Four
companies are accused of masterminding the spam plot, including two US
firms, Tango Pay Inc. and Click Fusion Inc., as well two New Zealand
entities. EPIC has advocated for restrictions on unsolicited commercial
email, and supported substantial monetary penalties in federal
regulatory actions.

FTC Announcement Regarding Spam Ring Shutdown:
     http://www.ftc.gov/opa/2008/10/herbalkings.shtm

EPIC's SPAM - Unsolicited Commercial Email Page:
     http://epic.org/privacy/junk_mail/spam/



Interpol Proposes Worldwide Facial Recognition System

International Police Organization, the Europe-based international law
enforcement group, has proposed an automated face-recognition system
for international borders. Such a system could require travelers to
undergo face scans, and make the information available to numerous
countries. An Interpol face-recognition database would permit Interpol
member nations to search records containing travelers' personal
biometric information, and could be used in conjunction with travel
watch lists. The inaccuracy of facial recognition technology has
repeatedly been criticized. Privacy watchdogs have questioned the
efficacy and wisdom of government programs that collect ever-more
personal information at border crossings. "We need to get our data to
the border entry points. There will be such a large role in the future
for fingerprints and facial recognition," said Mark Branchflower, head
of Interpol's fingerprint unit.

Interpol Presentation at Biometrics Exhibition and Conference 2008:
     http://www.biometrics.elsevier.com/programme.htm

EPIC's Face Recognition Page:
     http://epic.org/privacy/facerecognition/



Europe postpones body scanners:

Members of the European Parliament (MEP) have voted overwhelmingly in
opposing the implementation of body scanners. The MEPs directed the
Commission to carry out a fundament rights impact assessment, consult
with European privacy authorities, assess the health impact of the
technology, and conduct a cost-benefit impact assessment. Bodyscanners,
or backscatter X-rays, show detailed images of a person's naked body
and are equivalent to a "virtual strip search" for all air travelers.
The MEPs believed that use of such machines would exceed the
implementing powers as the measures foreseen have a serious impact on
the fundamental rights of citizen and cannot be termed as mere
technical measures related to security.

Body scanners at airports: MEPs say fundamental rights under threat:
     http://epic.org/redirect/102408_EUBodyScanning_rightthreat.html

EPIC's page on Backscatter X-Ray Screening Technology:
     http://epic.org/privacy/airtravel/backscatter/

EPIC's page on TSA's funding of Backscatter X-Ray:
     http://epic.org/privacy/surveillance/spotlight/0605/

 

=======================================================================
[8] EPIC Bookstore: "The Shadow Factory"
=======================================================================

The Shadow Factory: the Ultra-Secret NSA from 9/11 to the Eavesdropping
on America by James Bamford (Doubleday 2008)

     http://www.powells.com/biblio/1-9780385521321-0?&PID=24075


Over the last several years, I have attended various meetings with
representatives of the intelligence agencies who patiently explained
the need to "update," always their word of choice, the federal wiretap
laws to take account of the rapid changes in technology and the ongoing
need to identify those who would threaten the nation's security.
Invariably, these meetings would turn to a discussion about how the
agencies, such as the NSA, can no longer point their antennas to the
sky and capture data traffic broadcast by satellites, but must now work
with private sector companies who transmit the world's vast
communications traffic on undersea cables and high-speed switches. The
traditional legal framework with its court procedures and application
process, they argued, is too burdensome, too outdated. A "modern"
surveillance law, again their word of choice, must remove unnecessary
legal barriers. Many members of Congress attended similar meetings and
went on to cast votes to weaken the federal wiretap laws, most notably
the Foreign Intelligence Surveillance Act.

I share this story only because I cannot imagine another similar
meeting taking place in Washington after the publication of James
Bamford's remarkable book about the expansion of surveillance
authority after 9-11. If anything, "The Shadow Factory" makes clear the
need for greater oversight when surveillance agencies are given greater
powers.

Bamford draws on the excellent reporting by many journalists,
particularly at the New York Times, who began to shed light on the
President's unlawful surveillance activities once the decision was made
to ignore the White House pleas to keep the program secret. But only
James Bamford, the author of ground breaking 1982 book on the NSA,
could pull together the pieces of the puzzle. This is a fact-filled,
quick-paced narrative that ties the together the enormous complexity
of the world's largest intelligence organization, the personal stories
of those who perpetrated the attacks on 9-11 and those who tried to
stop them, and the concerns of people inside of the government who
wrestled with the ethical and legal implications of the decision to
turn the NSA's vast surveillance capabilities on the American public.

Much of the book focuses on the role of then NSA Director Michael
Hayden who, as Bamford describes, chose not to use authority he had to
identify terrorists when they were in the United States and then later
dramatically expanded, with the full backing of the White House, the
agencies surveillance powers beyond what the law allowed. (In fact,
Cheney wanted Hayden to go further than the NSA Director proposed.)
Hayden was not the first director of intelligence to collude with the
telephone companies -- Herbert Yardley did so following the first world
war at the Black Chamber, as did Brigadier General W. Preston
Corderman, the chief of the Signal Security Agency, after the second
-- but Hayden's reach as the US entered the twenty-first century was
clearly greater and the legal hurdles to overcome, following the
revelations of NSA spying on American citizens which led to the
passage of FISA, much higher.

Bamford also describes how the White House used the NSA's surveillance
to monitor the communications of UN Secretary General Kofi Annan and
then to manipulate key votes on the Security Council to win support for
the resolution to invade in Iraq. Bamford writes, "by listening in as
the delegates communicated back to their home countries, the NSA would
be able to discover which way they might vote, which positions they
favored or opposed, and what their negotiating positions would be."

But when it came to the actual business of identifying threats to the
nation, the NSA had less success. Bamford explains, "those involved
in the warrantless wiretapping program soon began to realize its
limitations. By gaining speed and freedom they sacrificed order and
understanding. Rather than focusing on the most important and
potentially productive targets, which was required when going through
the FISA court, they took a shotgun approach."
Instead of finding the needle, they piled on the hay.

- Marc Rotenberg.



================================

EPIC Publications:

"Litigation Under the Federal Open Government Laws 2008", edited by
Harry A. Hammitt, Marc Rotenberg, John A. Verdi, and Mark S. Zaid
(EPIC 2008). Price: $60.

http://epic.org/bookstore/foia2008/
	
Litigation Under the Federal Open Government Laws is the most
comprehensive, authoritative discussion of the federal open access
laws. This updated version includes new material regarding the
substantial FOIA amendments enacted on December 31, 2007. Many of the
recent amendments are effective as of December 31, 2008. The standard
reference work includes in-depth analysis of litigation under Freedom
of Information Act, Privacy Act, Federal Advisory Committee Act,
Government in the Sunshine Act. The fully updated 2008 volume is the
24th edition of the manual that lawyers, journalists and researchers
have relied on for more than 25 years. 

================================

"Information Privacy Law: Cases and Materials, Second Edition" Daniel
J. Solove, Marc Rotenberg, and Paul Schwartz. (Aspen 2005). Price: $98.

http://www.epic.org/redirect/aspen_ipl_casebook.html

This clear, comprehensive introduction to the field of information
privacy law allows instructors to enliven their teaching of fundamental
concepts by addressing both enduring and emerging controversies. The
Second Edition addresses numerous rapidly developing areas of privacy
law, including: identity theft, government data mining and electronic
surveillance law, the Foreign Intelligence Surveillance Act,
intelligence sharing, RFID tags, GPS, spyware, web bugs, and more.
Information Privacy Law, Second Edition, builds a cohesive foundation
for an exciting course in this rapidly evolving area of law.

================================

"Privacy & Human Rights 2006: An International Survey of Privacy Laws
and Developments" (EPIC 2007). Price: $75.
http://www.epic.org/phr06/

This annual report by EPIC and Privacy International provides an
overview of key privacy topics and reviews the state of privacy in over
75 countries around the world. The report outlines legal protections,
new challenges, and important issues and events relating to privacy.
Privacy & Human Rights 2006 is the most comprehensive report on privacy
and data protection ever published.

================================

"The Public Voice WSIS Sourcebook: Perspectives on the World Summit on
the Information Society" (EPIC 2004). Price: $40.

http://www.epic.org/bookstore/pvsourcebook

This resource promotes a dialogue on the issues, the outcomes, and the
process of the World Summit on the Information Society (WSIS). This
reference guide provides the official UN documents, regional and
issue-oriented perspectives, and recommendations and proposals for
future action, as well as a useful list of resources and contacts for
individuals and organizations that wish to become more involved in the
WSIS process.

================================

"The Privacy Law Sourcebook 2004: United States Law, International Law,
and Recent Developments," Marc Rotenberg, editor (EPIC 2005). Price:
$40.

http://www.epic.org/bookstore/pls2004/

The Privacy Law Sourcebook, which has been called the "Physician's Desk
Reference" of the privacy world, is the leading resource for students,
attorneys, researchers, and journalists interested in pursuing privacy
law in the United States and around the world. It includes the full
texts of major privacy laws and directives such as the Fair Credit
Reporting Act, the Privacy Act, and the OECD Privacy Guidelines, as well
as an up-to-date section on recent developments. New materials include
the APEC Privacy Framework, the Video Voyeurism Prevention Act, and the
CAN-SPAM Act.

================================

"Filters and Freedom 2.0: Free Speech Perspectives on Internet Content
Controls" (EPIC 2001). Price: $20.

http://www.epic.org/bookstore/filters2.0

A collection of essays, studies, and critiques of Internet content
filtering. These papers are instrumental in explaining why filtering
threatens free expression.

================================

EPIC publications and other books on privacy, open government, free
expression, crypto and governance can be ordered at:

EPIC Bookstore
http://www.epic.org/bookstore

"EPIC Bookshelf" at Powell's Books
http://www.powells.com/bookshelf/epicorg.html

================================

EPIC also publishes EPIC FOIA Notes, which provides brief summaries of
interesting documents obtained from government agencies under the
Freedom of Information Act.

Subscribe to EPIC FOIA Notes at:
https:/mailman.epic.org/mailman/listinfo/foia_notes


=======================================================================
[8] Upcoming Conferences and Events
=======================================================================

Identity Rights Colloquium, October 31, 2008. Faculty Lounge,
78 Queen’s Park, Toronto, Canada.
For more information:
http://www.innovationlaw.org/events/calendar/identity.htm

Third Internet Governance Forum. December 3-6, 2008. Hyderabad,
India. For more information: http://www.intgovforum.org

International Human Rights Day, December 10, 2008. For more
information: http://www.un.org/events/humanrights/2008/

Tilting perspectives on regulating technologies, Tilburg Institute
for Law and Technology, and Society, Tilburg University. December
10-11, Tilburg, Netherlands.
http://www.tilburguniversity.nl/tilt/conference

The American Conference Institute is hosting the 8th National Symposium
on Privacy and Security of Consumer and Employee Information at the
Four Points by Sheraton, Washington, DC. January 27-28, 2009,
Washington, DC. http://www.americanconference.com/Privacy.htm



=======================================================================
Subscription Information
=======================================================================

Subscribe/unsubscribe via web interface:
https://mailman.epic.org/mailman/listinfo/epic_news

Back issues are available at:
http://www.epic.org/alert


The EPIC Alert displays best in a fixed-width font, such as Courier.

=======================================================================
Privacy Policy
=======================================================================

The EPIC Alert mailing list is used only to mail the EPIC Alert and to
send notices about EPIC activities. We do not sell, rent or share our
mailing list. We also intend to challenge any subpoena or other legal
process seeking access to our mailing list. We do not enhance (link to
other databases) our mailing list or require your actual name.

In the event you wish to subscribe or unsubscribe your e-mail address
from this list, please follow the above instructions under "subscription
information."

=======================================================================
About EPIC
=======================================================================

The Electronic Privacy Information Center is a public interest research
center in Washington, DC. It was established in 1994 to focus public
attention on emerging privacy issues such as the Clipper Chip, the
Digital Telephony proposal, national ID cards, medical record privacy,
and the collection and sale of personal information. EPIC publishes the
EPIC Alert, pursues Freedom of Information Act litigation, and conducts
policy research. For more information, see http://www.epic.org or write
EPIC, 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009. +1 202
483 1140 (tel), +1 202 483 1248 (fax).

=======================================================================
Donate to EPIC
=======================================================================

If you'd like to support the work of the Electronic Privacy Information
Center, contributions are welcome and fully tax-deductible. Checks
should be made out to "EPIC" and sent to 1718 Connecticut Ave., NW,
Suite 200, Washington, DC 20009. Or you can contribute online at:

http://www.epic.org/donate

Your contributions will help support Freedom of Information Act and
First Amendment litigation, strong and effective advocacy for the right
of privacy and efforts to oppose government regulation of encryption and
expanding wiretapping powers.

Thank you for your support.

=======================================================================
Support Privacy '08
=======================================================================

If you would like more information on Privacy '08, go online and search
for "Privacy 08." You'll find a Privacy08 Cause at Facebook, Privacy08
at Twitter, a Privacy08 Channel on YouTube to come soon, and much more.
You can also order caps and t-shirts at CafePress Privacy08.

Start a discussion. Hold a meeting. Be creative. Spread the word. You
can donate online at epic.org. Support the campaign.

Facebook Cause:
http://www.epic.org/redirect/fbprivacy08.html

Twitter:
http://twitter.com/privacy08

CafePress:
http://www.cafepress.com/epicorg

------------------------- END EPIC Alert 15.21 ------------------------

.