EPIC logo

=======================================================================
                              E P I C   A l e r t
=======================================================================
Volume 16.13                                               July 2, 2009
-----------------------------------------------------------------------

                                Published by the
                   Electronic Privacy Information Center (EPIC)
                                Washington, D.C.

                 http://www.epic.org/alert/EPIC_Alert_16.13.html

			"Defend Privacy. Support EPIC."
			     http://epic.org/facebook


=======================================================================
Table of Contents
=======================================================================
[1] "Strip-Search of Teenager Violated Constitutional Right"
[2] Airport Security Program Shuts Down, Congress Seeks Answers
[3] Supreme Court Decisions Affecting Privacy
[4] Facebook to Change User Privacy Settings
[5] Open Government Update
[6] News in Brief
[7] EPIC Bookstore: "The Broken Window"
[8] Upcoming Conferences and Events
        - Join EPIC on Facebook http://epic.org/facebook
  	- Privacy Policy
  	- About EPIC
  	- Donate to EPIC http://epic.org/donate
  	- Subscription Information

=======================================================================
[1] "Strip-Search of Teenager Violated Constitutional Right"
=======================================================================

On June 25, 2009, the Supreme Court ruled 8-1 that school officials'
strip-search of a thirteen-year-old girl violated the Fourth Amendment.
Safford, Arizona school employees forced middle school student Savana
Redding to disrobe during their search for an ibuprofen tablet.
Possession of such medication violates school rules, but the strip
search failed to uncover a single pill. The search was conducted based
on another student's allegations, and Ms. Redding alleged that it
violated her Fourth Amendment right to be free from unreasonable
searches or seizures.

Justice Souter, writing for the Court, held that school searches are
permissible when they are "not excessively intrusive in light of the
age and sex of the student and the nature of the infraction." However,
the Court ruled that "[t]he strip search of Savana Redding was a
violation of the Fourth Amendment" because "there were no reasons to
suspect the drugs presented a danger or were concealed in her
underwear." Ms. Redding's "subjective expectation of privacy against
such a search" Justice Souter wrote, "is inherent in her account of it
as embarrassing, frightening, and humiliating." Justice Thomas
dissented from the decision, writing that "judges are not qualified
to second-guess the best manner for maintaining quiet and order in the
school environment."

A majority of the Justices also held that school officials were not
liable for damages because it was not "clearly established" that their
behavior was unlawful at the time of the search. Justices Stevens and
Ginsburg disagreed, writing that a previous Supreme Court case made 
clear that the search was "excessively intrusive."

Previously, a federal appellate court held that the search in Redding
was unreasonable and that a school official could be liable for
violating the girl's Fourth Amendment rights. The school district and
school officials appealed to the Supreme Court and argued that the
search was reasonable based upon the allegations and the dangers of
prescription drug abuse. Additionally, they argued that the school
employees must have qualified immunity in exercising their discretion
so that they are free to exercise their judgment regarding drug abuse
in schools and, further, without such authority, the school authorities
would not have the ability to respond in the face of threats to student
safety in school.

The Redding decision comes on the heels of EPIC's "Stop Digital Strip
Searches" campaign, which seeks to suspend the use of "Whole Body Imaging"
-- devices that photograph American air travelers stripped naked in US
airports. The body scanners subject US travelers to invasive, high-tech
versions of the strip search characterized as "unconstitutional" in Redding.
The EPIC campaign responds to a policy reversal by federal officials
that would make the "digital strip search" mandatory, rather than
voluntary as originally announced.


Supreme Court Opinion:
     http://epic.org/privacy/student/08-479.pdf

Supreme Court Docket:
     http://origin.www.supremecourtus.gov/docket/08-479.htm

Oral Arguments (transcript):
     http://epic.org/redirect/042809_Redding_OralArguments.html

EPIC's - Student Privacy:
     http://epic.org/privacy/student/

EPIC's "Stop Digital Strip Searches" Campaign:
     http://stopdigitalstripsearches.com/



=======================================================================
[2] Airport Security Program Shuts Down, Congress Seeks Answers
=======================================================================

On June 25, 2009, leaders of the House Homeland Security Committee
sent a letter to the TSA regarding the bankruptcy of Verified Identity
Pass, Inc. The Clear RT application process collected a great deal of
personal information from members, such as proof of legal name, data of
birth, citizenship status, home address, place of birth, and gender.
The information was used to pre-screen travelers for express service
through airport security checkpoints. The committee is investigating
among other things: when the TSA became aware of the bankruptcy;
whether they have asked the company for its plan regarding its RT data;
if the agency is seeking a privacy impact assessment on the bankruptcy;
and whether the agency has a contingency plan for safeguarding the data
now that the company has gone out of business.

On June 22, 2009, Verified Identity Pass, Inc., a corporate participant
in the Transportation Security Administration's Registered Traveler
program ceased operations after declaring bankruptcy. Verified Identity
Pass, Inc. operated "Clear," a TSA recognized RT program. The
Registered Traveler program attempts to "establish requirements to
implement trusted passenger programs and use available technologies
to expedite security screening of passengers who participate in
such programs." Trusted Traveler Programs claim to provide expedited
travel for "pre-approved, low risk travelers through dedicated lanes
and kiosks."  Clear was the largest RT program in the nation operating
out of 21 airports with more than 200,000 members. The TSA had also
stated that "[a]ll passengers who volunteer and are deemed eligible
for the RT pilot program will be required to undergo physical screening
at the screening checkpoint in the selected pilot locations."

Clear ID Pass documents were available to US citizens and permanent
residents. In addition to the documents required to apply for the ID,
applicants were required to submit digital images of their fingerprints
and iris, and a digital photo to obtain the document. Clear then
"created and stored a template, or mathematical representation, of the
finger and iris images, to create a unique biometric ID of the Member."
All of the data submitted by the applicant were sent to TSA, which
created the applicant's "security threat assessment" based upon a
background check that included its controversial "no-fly lists." After
the verification process, each approved applicant was issued a "card"
that allowed them to access designated airport security fast lanes for
processing through security. The card also gave access to discount
parking and speedy entry into major sports venues.

A service provider under the Registered Traveler program must adhere
to the TSA January 2008 "Security, Privacy and Compliance Standards for
Sponsoring Entities and Service Providers." The standard requires
service providers to "establish a written privacy policy to govern the
data collected in connection with the RT Program... [a]t a minimum, SPs
should follow the Fair Information Practice Principles in developing
their privacy policy. However, the security safeguards are silent on
the issue of safeguarding passenger data upon a service provider's
shutdown.

After the company abruptly closed operations on June 22, 2009, the
company statement on its website about fate of information on customers
has evolved several times. As of July 1, 2009 it states that
"Applicant and Member data is currently secured by Lockheed Martin, and
that they are working with Verified Identity Pass on securing the data.
According to Steve Brill, Clear's founder who had left the company in
February, TSA could quickly reclaim the data under Registered Traveler
rules. Brill has also warned that the rules might have been altered
since he left the company. Clear had "reserve[d] the right [] to change
[its] policies [from time to time]" by informing its "customers by
email."

Previously, the Clear program had suffered from data breaches. In
August 2008, the TSA had suspended the Clear enrollment "due to
vulnerabilities discovered in the company's storage of Clear
applicants' sensitive personal information." The vulnerabilities had
come to light after an unencrypted laptop computer went missing from
the San Francisco International Airport on July 26. The notebook
contained pre-enrollment records of approximately 33,000 customers.
However, a week later, the TSA resumed the Registered Traveler
enrollment after conducting an audit of the laptop data.


EPIC's - Clear:
     http://epic.org/privacy/airtravel/clear

TSA - Registered Traveler:
     http://www.tsa.gov/approach/rt/index.shtm

TSA - Minimum Required RT Security Standards and Procedures for
Assessing Compliance with RT Security Standards:
     http://www.tsa.gov/assets/pdf/rt_appendix_c.pdf

TSA - Registered Traveler Security, Privacy, and Compliance Standards
for Sponsoring Entities and Service Providers:
     http://www.tsa.gov/assets/pdf/rt_standards.pdf

House Homeland Security Committee Letter:
     http://epic.org/dhs-committee_tsa-ltr.pdf

Clear's Privacy Policy:
     http://www.flyclear.com/clear_privacy.pdf

Clear's Online Privacy Policy:
     http://www.flyclear.com/clear_online.pdf

CBP - Trusted Traveler Programs:
     http://www.cbp.gov/xp/cgov/travel/trusted_traveler/

Airports Accepting the Clear Card (Archived):
     http://epic.org/privacy/airtravel/clear/clear-airports.pdf

EPIC - Spotlight on Surveillance - Registered Traveler Card:
     http://epic.org/privacy/surveillance/spotlight/1005/

EPIC - Air Travel Privacy:
     http://epic.org/privacy/airtravel/

EPIC - Secure Flight:
     http://epic.org/privacy/airtravel/secureflight.html

EPIC -  Passenger Profiling:
     http://epic.org/privacy/airtravel/profiling.html

EPIC's testimony before Congress: "The Future of Registered Traveler,"
November 3, 2005:
     http://epic.org/privacy/airtravel/rt_test_110305.pdf

EPIC's testimony before Congress: "Ensuring America's Security:
Cleaning Up the Nation's Watchlists", September 9, 2008:
     http://epic.org/privacy/airtravel/watchlist_test_090908.pdf



=======================================================================
[3] Supreme Court Decisions Affecting Privacy
=======================================================================

The Supreme Court ruled on various cases affecting the right to privacy
near the end of its 2008 term. The topics ranged from strip-searches of
teenage girls at schools (see article above) to access to DNA for
proving post-conviction innocence. The Court also denied consideration
of challenges to two state statutes that protect privacy rights.

In a critical case for the emerging field of identity management, the
Supreme Court reversed a lower court opinion and ruled unanimously that
individuals who provide identification numbers that are not their own,
but don't intentionally impersonate others, cannot be subject to harsh
criminal punishments under federal law. The case involved a mandatory
2-year prison term, added on to a prior conviction, for presenting a 
ake Social Security Number to an employer. EPIC filed an amicus brief
in support of the petitioner, arguing that the "unknowing use of
inaccurate credentials does not constitute identity theft."

In a 5-4 decision, the Supreme Court rejected the constitutional right
of a convicted individual to access his DNA to prove innocence and
reversed the decision of the Ninth Circuit. Chief Justice Roberts held
that the task of harnessing "DNA's power to prove innocence without
unnecessarily overthrowing the established system of criminal justice
...belongs primarily to the legislature." Justice Stevens, writing for
four of the justices in dissent, said that "a decision to recognize a
limited right of postconviction access to DNA testing would not prevent
the States from creating procedures [to] ensure [] that [it] is
nonarbitrary." EPIC has filed several amicus briefs advocating limits
on the collection and use of genetic material. However, EPIC has also
noted that DNA evidence should be available to prove innocence.

In another case, IMS Health v. Ayotte, the Court refused to hear a
challenge to the New Hampshire, Prescription Confidentiality Act.
The statute prohibits the sale of prescription information. The First
Circuit had upheld the ban on the sale of such information. EPIC and
16 experts in privacy and technology filed a "friend of the court"
brief, in favor of the upholding law, and detailed the substantial
privacy interests in de-identified patient data. The petitioners
claimed that the law infringed on their free speech rights. After the
Supreme Court's denial, the First Circuit opinion became final.

In ABA v. Brown (formerly ABA v. Lockyear), the Ninth Circuit had
ruled in favor of California Financial Information Privacy Act,
commonly known as "SB1." The Supreme Court denied review of the
case. The California law provides customers with privacy safeguards for
financial data by limiting the sale of personal information by
financial firms to affiliates, and imposes opt-in requirements for
non-affiliate sales. EPIC's brief favored the law. The financial firms
argued that the statute conflicts with other federal rules, but the
Justice Department recommended that the Supreme Court leave the state
statute in place.

During the term, the Supreme Court had also ruled on other cases
related to identity theft, warrantless searches of cars after the
arrest of a suspect, and validity of evidence obtained after illegal
searches or arrests based on simple police mistakes.


The U.S. Supreme Court:
     http://www.supremecourtus.gov

Supreme Court Opinion in Flores-Figueroa v. United States:
     http://www.supremecourtus.gov/opinions/08pdf/08-108.pdf

"Friend-of-the-court," Brief by EPIC, Legal Scholars, Technical
Experts, and Privacy and Civil Liberty Groups (Dec. 19, 2008):
     http://epic.org/privacy/flores-figueroa/121908_brief.pdf

US Supreme Court Docket page for Flores-Figueroa v. United States:
     http://www.supremecourtus.gov/docket/08-108.htm

EPIC's Flores-Figueroa v. United States page:
     http://epic.org/privacy/flores-figueroa/

Supreme Court Opinion: District Attorney's Office v. Osborne:
     http://www.supremecourtus.gov/opinions/08pdf/08-6.pdf

Ninth Circuit Opinion:
     http://epic.org/redirect/110708_CA9_Osborne.html

EPIC - District Attorney's Office v. Osborne:
     http://epic.org/privacy/osborne/

EPIC - Genetic Privacy:
     http://www.epic.org/privacy/genetic/

Supreme Court Docket: IMS Health v. Ayotte:
     http://origin.www.supremecourtus.gov/docket/08-1202.htm

First Circuit Opinion:
     http://epic.org/privacy/imshealth/11_18_08_order.pdf

Prescription Confidentiality Act:
     http://www.gencourt.state.nh.us/legislation/2006/HB1346.html

EPIC's Brief - IMS Health v. Ayotte:
     http://epic.org/privacy/imshealth/epic_ims.pdf

EPIC - IMS Health v. Ayotte:
     http://epic.org/privacy/imshealth/

Supreme Court Docket: A.B.A. v. Brown:
     http://origin.www.supremecourtus.gov/docket/08-730.htm

Ninth Circuit Opinion:
     http://epic.org/redirect/070209_ABAvBrownCA9opin.html

California Financial Information Privacy Act:
     http://epic.org/redirect/070209_California_SB1.html

EPIC's Brief - ABA v. Brown:
     http://epic.org/privacy/preemption/lockyer_brief.html

EPIC - ABA v. Brown:
     http://epic.org/privacy/preemption/abavlockyer.html



=======================================================================
[4] Facebook to Change User Privacy Settings
=======================================================================

Facebook announced planned changes to user privacy controls.
Chris Kelly, Facebook's Chief Privacy officer stated that new policy
will promote "control, simplicity and connection" for user data. The
new interface attempts to provide more granularity in privacy settings.
The options include the ability to broadcast the information to any
person online or restrict it to chosen people on a per-post basis.
Also, the privacy settings would be displayed on a single page.

The announcement states there will be no changes in term of "the
information Facebook provides to advertisers" but does not address
concerns about the information provided by Facebook to application
developers. Currently, Facebook is not equipped to guarantee that all
platform developers will abide by agreements to respect individual
privacy settings and strictly limit their collection, use, and storage
of information. Additionally, Facebook does not screen or approve
Platform Developers and cannot control how such Platform Developers
use any personal information that they may obtain in connection with
Platform Applications.

In June, the Article 29 Working Party warned about the dissemination
and use of information available on Social Networking Sites for other
secondary, unintended purposes. The officials issued an opinion
requiring robust security, privacy-friendly default settings, and the
application of European privacy law. The European Privacy Commissioners
recommended that controllers take "appropriate technical and
organizational measures, 'both at the time of the design of the
processing system and at the time of the processing itself' to maintain
security and prevent unauthorized processing, taking into account the
risks represented by the processing and the nature of the data."
Earlier, in January, EPIC had suggested the regulation of Social
Network Service partners, including advertisers and application 
developers.

Also, in February, Facebook announced that it was opening its site
governance to user voting after the new Terms of Service were widely
criticized, and were to be the subject of an EPIC complaint to the
Federal Trade Commission. Facebook restored the old terms and sought
user feedback on the new terms. About 75 percent of the users voted to
adopt new terms after being re-drafted from user feedback. Under the
updated terms, users had the right to "own and control their
information." Facebook also took steps to improve account deletion,
to limit sublicenses, and reduce data exchanges with application
developers. EPIC supported the adoption of the new terms.


Facebook: Improving Sharing Through Control, Simplicity and Connection:
     http://blog.facebook.com/blog.php?post=101470352130

Article 29 Working Party Opinion of Social Networking Sites:
     http://epic.org/privacy/socialnet/Opinion_SNS_090316_Adopted.pdf

Article 29 Working Party:
     http://epic.org/redirect/040109_A29WP.html

Facebook Terms of Service:
     http://www.facebook.com/terms.php

Facebook Site Governance:
     http://www.facebook.com/fbsitegovernance

EPIC's Suggestion on Social Networking Privacy:
     http://www.cpdpconferences.org/L-Z/rotenberg.html

Directive 95/46/EC:
     http://epic.org/redirect/062209_EU9546EC.html

Directive 2002/58/EC on data protection and privacy:
     http://epic.org/redirect/091208_eu.html

EPIC's -  Social Networking Privacy:
     http://epic.org/privacy/socialnet/default.html



=======================================================================
[5] Open Government Update
=======================================================================

The Third Phase of the White House Open Government Initiative,
"Drafting," will continue until July 3rd and voting will stay open
through the holiday weekend, until July 6th. In the First Phase of
its open government proposal, "Brainstorming," the White House
had received several public comments. EPIC made five recommendations
to promote government transparency and accountability. The second
phase, "Discussion," invited comments focusing on several transparency
themes. The current phase aims to create draft recommendations that
translate the earlier ideas into specific actions that can be taken
to achieve open government.

As part of the Open Government Initiative, The Public Interest
Declassification Board is seeking comments on how classified national
security information policy should be revised. The Board is an advisory
committee established to promote public access to accurate documentary
record of "significant U.S. national security decisions and
activities." In May, President Obama had signed a Memorandum ordering
the review of Executive Order 12958, which prescribes a system for
classifying, safeguarding, and declassifying national security
information. Comments are being sought in the four areas:
Declassification policy, a National Declassification Center,
Classification policy, and Technology Issues and Challenges. The Board
will host a public meeting at the National Archives on July 8, 2009, to
discuss the revisions and solicit public comment. The blog will
conclude on July 10, 2009.

Senator Leahy, marking the 43rd anniversary of the Freedom of
Information Act coming into force, commented that "FOIA remains an
indispensable tool for shedding light on bad policies and government
abuses. The Act has helped to guarantee the public's "right to know"
for generations of Americans. The Leahy-Cornyn OPEN Government Act
makes the FOIA request processing faster and more transparent and also
created the Office of Government Information Services within the
National Archives and Records Administration. Miriam Nisbet was
recently appointed to lead the Office. The Office is charged with
mediating FOIA disputes and review agency compliance with FOIA.

EPIC, in its pursuit of enabling an Open Government, has made frequent
use of the Freedom of Information Act to obtain data from the
government about surveillance and privacy policies. Public disclosure
of obtained information improves government oversight and
accountability and keeps the public informed about the activities of
the government. EPIC has sued several agencies to seek out information
which the public has a right to know. Recently, EPIC filed FOIA
requests with DHS seeking the full text of the National Security
Presidential Directive 54 and the Comprehensive National Cybersecurity
Initiative, and with HHS for documents related to privacy protection
policies and procedures to safeguard personal health information
included in the Health IT technology systems.

Open Government Directive, Phase Three- Drafting:
     http://www.mixedink.com/opengov/

Open Government Initiative:
     http://www.whitehouse.gov/open/

Office of Science and Technology Policy, Executive Office of the
President, Transparency and Open Government:
     http://edocket.access.gpo.gov/2009/pdf/E9-12026.pdf

Phase II: Discussion:
     http://blog.ostp.gov/

PIDB Public Meeting:
     http://edocket.access.gpo.gov/2009/E9-14691.htm

Amendment to Executive Order 12958:
     http://epic.org/redirect/070209_EO12958_Amend_SecClass.html

Memorandum for the Heads of Executive Departments and Agencies,
Classified Information and Controlled Unclassified Information,
White House Press Release, May 27, 2009:
     http://epic.org/redirect/070209_WH_Memo_ClassDeclass.html

Senator Leahy: Press Statement:
     http://leahy.senate.gov/press/200906/062509b.html

White House Declassification Policy:
     http://epic.org/redirect/070209_WH_Declass_Policy.html

OSTP Blog: Declassification:
     http://blog.ostp.gov/category/declass/

Press Release, The National Archives:
     http://www.archives.gov/press/press-releases/2009/nr09-93.html

EPIC's - Open Government:
     http://epic.org/open_gov/

EPIC's FOIA Litigation Manual 2008:
     http://epic.org/bookstore/foia2008/



=======================================================================
[6] News in Brief
=======================================================================

E-Verify Funding Extended by Two Years

The House approved a bill sponsored by Rep. David Price which will fund
the E-Verify program of the Department of Homeland Security for two
years. The bill, H.R. 2892 was passed by the House, 389-37. The Senate
introduced a bill, S. 1298, approving a three-year extension. Earlier
this year, DHS Secretary Napolitano had issued a directive aimed at
measuring employer compliance and participation in E-Verify. EPIC has
noted that E-Verify could deny many eligible individuals - including
U.S. citizens and legal immigrants - the opportunity to work, and is
ineffective as a solution to U.S. immigration problems. Last year,
EPIC had filed a Freedom of Information request with the DHS seeking
documents concerning promotion of E-Verify.

House Bill:
     http://thomas.loc.gov/cgi-bin/query/z?c111:H.R.2892:

Senate Bill:
     http://thomas.loc.gov/cgi-bin/query/z?c111:S.1298:

DHS E-Verify program:
     http://www.dhs.gov/e-verify

Testimony of Secretary Napolitano:
     http://www.dhs.gov/ynews/testimony/testimony_1235577134817.shtm

EPIC, "Spotlight on Surveillance: E-Verify System - DHS Changes Name,
But Problems Remain for U.S. Workers.":
     http://epic.org/privacy/surveillance/spotlight/0707/default.html

"Employment Verification - Challenges Exist in Implementing a Mandatory
Electronic Employment Verification System," United States Government
Accountability Office," June 10, 2008:
     http://www.gao.gov/new.items/d08895t.pdf




TJX Settles with 41 States to Close Data Breach Investigations

TJX Companies Inc. signed an agreement to pay approximately $9.8
million to 41 state attorney generals to cease the investigation
involving a data breach of 45 to 100 million credit card numbers. The
agreement also requires TJX to implement extensive data security
measures to protect personal information. Last year, the FTC settled
actions against TJX without imposing fines. The Commission alleged that
the companies "failed to provide reasonable and appropriate security
for sensitive consumer information," which led to data breaches. EPIC
has long advocated various ways and means to curbing the problem of
identity theft. In 2008, EPIC filed comments with the FTC urging them
to include civil penalties in settlements arising from data breaches.
These cases were also mentioned in FTC's Report on Identity Theft.


TJX Settlement Announced:
     http://epic.org/redirect/070209_TJX_Settlement_Ann.html

TJX Settlement:
     http://www.ohioattorneygeneral.gov/press/09/06/pr090623.pdf

Agency Announces Settlement of Separate Actions Against Retailer TJX,
and Data Brokers Reed Elsevier and Seisint for Failing to Provide
Adequate Security for Consumers' Data:
     http://www.ftc.gov/opa/2008/03/datasec.shtm

President's Task Force Report on Identity Theft:
     http://www.ftc.gov/os/2008/10/081021taskforcereport.pdf

EPIC's -  Identity Theft:
     http://epic.org/privacy/idtheft/



China Postpones Internet Filtering

The Chinese Ministry of Industry and Information Technology announced
a postponement in the implementation of enforcement of a rule requiring
manufacturers to install internet filtering softwares at the time of
purchasing a new computer. The filtering program has been dubbed "Green
Dam-Youth Escort" and is supposed to be designed to filter out internet
porn and violence. However, it is believed that it can also block
"subversive content." Last year, security officials chilled press
freedoms by backtracking from temporary regulations that allowed
foreign journalists access to Chinese organizations and citizens.
Access was granted based only upon government consent. The government
uses internet filters to block websites associated with Tibet,
Tiananmen Square and any site which it considers subversive. EPIC was
the first organization to oppose the use of Internet content filters
and has published reports and books on the topic.

China View: China postpones mandatory installation of controversial
filtering software:
     http://news.xinhuanet.com/english/2009-06/30/content_11628335.htm

Human Rights Watch, China: Olympics Media Freedom Commitments Violated,
July 7, 2008:
     http://www.hrw.org/english/docs/2008/07/03/china19250.htm

EPIC, Filters and Freedom 2.0: Free Speech Perspectives
on Internet Content Controls:
     http://epic.org/bookstore/filters2.0/

EPIC, "Faulty Filters: How Content Filters Block Access
to Kid-Friendly Information on the Internet":
     http://epic.org/reports/filter_report.html


TSA Responds to Whole Body Imaging Objections

The Transportation Security Administration has replied to the Privacy
Coalition statement on whole body imaging systems. The agency claims
that the Privacy Impact Assessment provides adequate protection. The
Privacy Coalition letter challenged the agency's position on the issue
of privacy and whole body imaging systems.  Their letter to the agency
stated "the devices are designed to capture, record, and store detailed
images of individuals undressed" and said that "[i]f the public
understood this, they would be outraged by the use of these devices by
the US government on US citizens." The Privacy Coalition said that the
use of the devices should be suspended pending an investigation. The
letter was prompted by the TSA's announcement that Whole Body Imaging
would replace metal detectors as the primary screening technique at
US airports. The House of Representatives approved by a vote of 310
to 118 a bill that would limit the use of Whole-Body Imaging machines
at US airports.

EPIC Whole Body Imaging Page:
      http://epic.org/privacy/airtravel/backscatter/

EPIC Air Travel Privacy Page:
      http://epic.org/privacy/airtravel

Privacy Coalition Letter to TSA:
     http://epic.org/redirect/060809_EPIC_DHS_Napolitano_WBI.html

TSA Letter in reply to Privacy Coalition Letter:
    http://privacycoalition.org/dhs-reply-wbi_ltr.pdf

House Vote on Chaffetz Amendment:
     http://clerk.house.gov/evs/2009/roll305.xml

Chaffetz Amendment (Section 215):
     http://thomas.loc.gov/cgi-bin/query/z?c111:H.R.2200:

Whole-Body Imaging:
     http://www.tsa.gov/approach/tech/body_imaging.shtm

EPIC's Campaign to Stop TSA's Use of Whole Body Imaging:
     http://privacycoalition.org/stopwholebodyimaging/

Facebook Group: Stop Airport Strip Searches:
     http://www.facebook.com/group.php?gid=179598280013



Federal Government Unveils Expense Website

The US Chief Information Officer, Vivek Kundra, launched a new website
which provides details of Federal information technology investments
and provides users with the ability to track the progress of
investments over time. The IT Dashboard displays data received from
agency reports to the Office of Management and Budget, including
general information on over 7,000 Federal IT investments. Agency CIOs
are responsible for evaluating and updating select data on a monthly
basis, which is accomplished through interfaces provided on the
website. The "dashboard" is aimed at increasing transparency and open
government within the administration

IT Dashboard:
     http://it.usaspending.gov


ICANN's 35th International Meeting

From June 21-26, the Internet Corporation for Assigned Names and Numbers,
the corporation that manages the assignment of domain names to Internet
Protocol addresses, held its 35th meeting in Sydney, Australia.

The meeting was held around the following issues (1) New generic
top-level domain (gTLDs); (2) Internationalization Domain Names; and
(3) Improving ICANN's institutional confidence.

One of the more significant recommendation for the new gTLDs is that
all registries offer a "Thick" Whois service, which includes a broader
set of data elements including contact information for the registrant
and designated administrative and technical contacts.

According to ICANN's Explanatory Memorandum: "Registrars would continue
to display detailed contact information associated with registrations,
so there is no question about the total set of data elements that will
be published concerning each registration - the only question is whether
all of the data will be maintained/published by both the registry and
the registrar, or whether the full data will be displayed by the
registrar only and the registry could, if it so elected, maintain just
a subset of data as in the example above."  There were no privacy
impact assessments presented. At the conclusion of the Meeting, ICANN
appointed Rod Beckstrom as its new CEO and president. 


ICANN 35 | Sydney:
     http://syd.icann.org/full-sched

ICANN Transcripts Presentations:
     http://syd.icann.org/syd/transcripts

Explanatory Memorandum: Thick vs. Thin Whois for New gTLDs:
     http://epic.org/redirect/070209_ICANN_Memo_gTLD.html

The Pubic Voice
     http://www.thepublicvoice.org 


=======================================================================
[7] EPIC Bookstore: "The Broken Window"
=======================================================================

"The Broken Window"
by Jeffrey Deaver

     http://www.amazon.com/gp/product/1416549978?tag=e03a6-20

Commercial data brokers gather little pieces of information from
individuals in myriad ways: credit card purchases, Internet searches,
government documents, and medical records. Serious privacy concerns
arise as the data market continues to grow. Author Jeffrey Deaver
offers a fictional account of a worst-case scenario  a serial killer
with access to the most detailed information about our lives. 

The Broken Window makes for an interesting summer read, especially for
privacy advocates. The antagonist has access to the information
accumulated by Strategic Systems Datacorp, the largest data collector
in the U.S. He uses this information to track vulnerable individuals;
some of those individuals feed his passion for murder, while others
serve as human shields as he frames them for his crimes. He
accomplishes all of this with the help of the massive database at his
fingertips.

The novel offers a poignant look at the underlying issues of identity
theft. Although the central plot is a murder mystery, Deaver offers
detailed analysis on the ways in which data is collected everyday,
and with every transaction. Some of the discussion of new
technologies and information collection seemed forced and remedial
for the characters. While not an engaging read, The Broken Window
does highlight the privacy issues surrounding the commercial data
industry with surprising depth.

-- Courtney A. Barclay


================================
EPIC Publications:

"Litigation Under the Federal Open Government Laws 2008," edited by
Harry A. Hammitt, Marc Rotenberg, John A. Verdi, and Mark S. Zaid
(EPIC 2008). Price: $60.

http://epic.org/bookstore/foia2008/
	
Litigation Under the Federal Open Government Laws is the most
comprehensive, authoritative discussion of the federal open access
laws. This updated version includes new material regarding the
substantial FOIA amendments enacted on December 31, 2007. Many of the
recent amendments are effective as of December 31, 2008. The standard
reference work includes in-depth analysis of litigation under Freedom
of Information Act, Privacy Act, Federal Advisory Committee Act,
Government in the Sunshine Act. The fully updated 2008 volume is the
24th edition of the manual that lawyers, journalists and researchers
have relied on for more than 25 years. 

================================

"Information Privacy Law: Cases and Materials, Second Edition" Daniel
J. Solove, Marc Rotenberg, and Paul Schwartz. (Aspen 2005). Price: $98.

http://www.epic.org/redirect/aspen_ipl_casebook.html

This clear, comprehensive introduction to the field of information
privacy law allows instructors to enliven their teaching of fundamental
concepts by addressing both enduring and emerging controversies. The
Second Edition addresses numerous rapidly developing areas of privacy
law, including: identity theft, government data mining and electronic
surveillance law, the Foreign Intelligence Surveillance Act,
intelligence sharing, RFID tags, GPS, spyware, web bugs, and more.
Information Privacy Law, Second Edition, builds a cohesive foundation
for an exciting course in this rapidly evolving area of law.

================================

"Privacy & Human Rights 2006: An International Survey of Privacy Laws
and Developments" (EPIC 2007). Price: $75.
http://www.epic.org/phr06/

This annual report by EPIC and Privacy International provides an
overview of key privacy topics and reviews the state of privacy in over
75 countries around the world. The report outlines legal protections,
new challenges, and important issues and events relating to privacy.
Privacy & Human Rights 2006 is the most comprehensive report on privacy
and data protection ever published.

================================

"The Public Voice WSIS Sourcebook: Perspectives on the World Summit on
the Information Society" (EPIC 2004). Price: $40.

http://www.epic.org/bookstore/pvsourcebook

This resource promotes a dialogue on the issues, the outcomes, and the
process of the World Summit on the Information Society (WSIS). This
reference guide provides the official UN documents, regional and
issue-oriented perspectives, and recommendations and proposals for
future action, as well as a useful list of resources and contacts for
individuals and organizations that wish to become more involved in the
WSIS process.

================================

"The Privacy Law Sourcebook 2004: United States Law, International Law,
and Recent Developments," Marc Rotenberg, editor (EPIC 2005). Price:
$40.

http://www.epic.org/bookstore/pls2004/

The Privacy Law Sourcebook, which has been called the "Physician's Desk
Reference" of the privacy world, is the leading resource for students,
attorneys, researchers, and journalists interested in pursuing privacy
law in the United States and around the world. It includes the full
texts of major privacy laws and directives such as the Fair Credit
Reporting Act, the Privacy Act, and the OECD Privacy Guidelines, as
well as an up-to-date section on recent developments. New materials
include the APEC Privacy Framework, the Video Voyeurism Prevention Act,
and the CAN-SPAM Act.

================================

"Filters and Freedom 2.0: Free Speech Perspectives on Internet Content
Controls" (EPIC 2001). Price: $20.

http://www.epic.org/bookstore/filters2.0

A collection of essays, studies, and critiques of Internet content
filtering. These papers are instrumental in explaining why filtering
threatens free expression.

================================

EPIC publications and other books on privacy, open government, free
expression, crypto and governance can be ordered at:

EPIC Bookstore
http://www.epic.org/bookstore

"EPIC Bookshelf" at Powell's Books
http://www.powells.com/bookshelf/epicorg.html

================================

EPIC also publishes EPIC FOIA Notes, which provides brief summaries of
interesting documents obtained from government agencies under the
Freedom of Information Act.

Subscribe to EPIC FOIA Notes at:
https:/mailman.epic.org/mailman/listinfo/foia_notes


=======================================================================
[8] Upcoming Conferences and Events
=======================================================================

"The Transformation of Privacy Policy," Institutions, Markets
Technology Institute for Advanced Studies (IMT), Lucca, Italy,
July 2-4, 2009.

Engaging Data: First International Forum on the Application and
Management of Personal Electronic Information hosted by
SENSEable City Lab, Massachusetts Institute of Technology. October
12-13, 2009. Submission Deadline - July 13, 2009, 5:00 p.m.
For more information, http://senseable.mit.edu/engagingdata

Pan-European Dialogue on Internet Governance (EuroDIG), 
Geneva, Switzerland, September 14-15, 2009. For more information,
http://www.eurodig.org/

ASAP FOIA/Privacy Act Workshop, Chicago, Illinois, September 21-23,
2009. Registration: July 7, 2009 - September 11, 2009. For more
information, http://www.accesspro.org/


=======================================================================
Join EPIC on Facebook
=======================================================================

Join the Electronic Privacy Information Center on Facebook
http://epic.org/facebook

Start a discussion on privacy. Let us know your thoughts.
Stay up to date with EPIC's events.
Support EPIC.


=======================================================================
Privacy Policy
=======================================================================

The EPIC Alert mailing list is used only to mail the EPIC Alert and to
send notices about EPIC activities. We do not sell, rent or share our
mailing list. We also intend to challenge any subpoena or other legal
process seeking access to our mailing list. We do not enhance (link to
other databases) our mailing list or require your actual name.

In the event you wish to subscribe or unsubscribe your e-mail address
from this list, please follow the above instructions under "subscription
information."


=======================================================================
About EPIC
=======================================================================

The Electronic Privacy Information Center is a public interest research
center in Washington, DC. It was established in 1994 to focus public
attention on emerging privacy issues such as the Clipper Chip, the
Digital Telephony proposal, national ID cards, medical record privacy,
and the collection and sale of personal information. EPIC publishes the
EPIC Alert, pursues Freedom of Information Act litigation, and conducts
policy research. For more information, see http://www.epic.org or write
EPIC, 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009. +1 202
483 1140 (tel), +1 202 483 1248 (fax).

=======================================================================
Donate to EPIC
=======================================================================

If you'd like to support the work of the Electronic Privacy Information
Center, contributions are welcome and fully tax-deductible. Checks
should be made out to "EPIC" and sent to 1718 Connecticut Ave., NW,
Suite 200, Washington, DC 20009. Or you can contribute online at:

http://www.epic.org/donate

Your contributions will help support Freedom of Information Act and
First Amendment litigation, strong and effective advocacy for the right
of privacy and efforts to oppose government regulation of encryption and
expanding wiretapping powers.

Thank you for your support.


=======================================================================
Subscription Information
=======================================================================

Subscribe/unsubscribe via web interface:
http://mailman.epic.org/mailman/listinfo/epic_news

Back issues are available at:
http://www.epic.org/alert


The EPIC Alert displays best in a fixed-width font, such as Courier.


------------------------- END EPIC Alert 16.13 ------------------------

.