EPIC Alert 17.11
======================================================================= E P I C A l e r t ======================================================================= Volume 17.11 June 4, 2010 ----------------------------------------------------------------------- Published by the Electronic Privacy Information Center (EPIC) Washington, D.C. http://www.epic.org/alert/epic_alert_1711.html "Defend Privacy. Support EPIC." http://epic.org/donate ======================================================================= Table of Contents ======================================================================= [1] EPIC, Congress Urge Investigation of Google Street View [2] TSA Responds to EPIC, Claims Body Scanners Okay [3] Facebook makes privacy changes, Questions remain [4] EPIC Honors 2010 Champions of Freedom [5] Canadian Privacy Commissioner Launches Street View Investigation [6] News in Brief [7] EPIC Bookstore: [8] Upcoming Conferences and Events TAKE ACTION: Stop Airport Strip Searches! - JOIN Facebook Group "Stop Airport Strip Searches" and INVITE Friends - DISPLAY the IMAGE http://thepublicvoice.org/nakedmachine.jpg - SUPPORT EPIC http://www.epic.org/donate/ ======================================================================= [1] EPIC, Congress Urge Investigation of Google Street View ======================================================================= Last week, Congressmen Henry Waxman (D-CA), Joe Barton (R-TX), and Edward Markey (D-MA) wrote a detailed letter to Google CEO Eric Schmidt requesting specific details on the type and scope of information collected by Google's Street View vehicles. This letter follows a May 18, 2010 letter from EPIC to Federal Communications Commission (FCC) Chairman Julius Genachoski, recommending the Commission open an investigation into the significant communications privacy issues arising from the data collected by Google's Street View vehicles and a May 19, 2010 letter from Congressmen Joe Barton (R-TX) and Edward Markey (D-MA) to the Federal Trade Commission (FTC) Chairman Liebowitz inquiring into the legality of Google's actions and asking the Commission to investigate. Over the past two months it has been made public that Google's Street View vehicles have been collecting more than just a 360 degree photographic street view for Google Maps when they drove through cities worldwide. Google was also collecting data on wi-fi signal strength, level of encryption, unique identifiers associated to open (i.e. non-password-protected) wi-fi signals known as SSIDs and MAC addresses, and the actual data being sent over the wi-fi connections (payload data). All of this data was collected intentionally to support Google's location services, with the exception of the payload data, which Google claims was captured in error. Google admits it has been collecting this communication data for years, but never disclosed this activity prior to the audit request. In its letter, EPIC highlighted Google's invasion of privacy and possible violation of the Wiretap Act, which states, in part: "No person not being authorized by the sender shall intercept any radio communications and divulge or publish the existence, contents, substance, purport, effect, or meaning of such intercepted communications to any person." On request by each respective data protection authority, Google has deleted payload data collected for Ireland, Austria, and Denmark and has kept data by request for Belgium, France, Italy, Spain, Germany, Switzerland, and the Czech Republic. However, Google has stated that it believes that all other collected data is legal because the data is publicly broadcasted information. In response to the public outcry, Google has stated that its Street View vehicles will no longer collect any wi-fi data. House Members' Letter to Google http://www.epic.org/redirect/060410houselettergoogle.html EPIC Letter to FCC http://www.epic.org/redirect/060410epicletterfcc.html House Members' Letter to FTC http://www.epic.org/redirect/060410housememltr.html German Federal Commissioner for Data Protection and Freedom of Information Statement http://www.epic.org/redirect/050410germdataprotect.html Google Blog: WifFi data collection: An update http://www.epic.org/redirect/060410googleblog.html ======================================================================= [2] TSA Responds to EPIC, Claims Body Scanners Okay ======================================================================= The Transportation Security Administration (TSA) has responded to EPIC's petition to suspend the Full Body Scanner (FBS) program. The program scans air travelers at security and produces graphic, detailed images of passengers' bodies. The FBS machines are capable of storing and transmitting those images. The collection of this information makes it possible for the TSA to aggregate body scan images with names, addresses, and other personal information, creating highly detailed profiles that may invade individuals' privacy. EPIC and several other privacy, civil rights, and consumer rights organizations submitted the petition to TSA in April 2010, arguing that the FBS program infringes travelers' constitutional rights under the Administrative Procedures Act, the Fourth Amendment, the Privacy Act, and the Religious Freedom Restoration Act. The petition also argued that the FBS program may have unforeseen effects on travelers' health, and that the scans do not effectively detect concealed explosives. TSA's response came on the same day that Ralph Nader and ten privacy organizations submitted two letters to House and Senate leaders expressing grave concerns about FBS devices. In letters addressed to Congressman Bennie Thompson (D-MS) and Senator Joe Lieberman (I-CT), the organizations urged the represenatives to demand that the Department of Homeland Security cease deployment of FBS devices in US airports pending an independent review of the devices' health effects, effectiveness and privacy safeguards. The organizations cited scientists' concerns regarding the health implications of radiation exposure, as well as passengers' objections based on religious, health and privacy concerns. The TSA response contains cut and paste answers from previous TSA statements and unsubstantiated assurances that there are no privacy harms or health risks. The TSA also provided incomplete legal analysis in support of its views that the program is lawful. EPIC and its coalition partners will continue to press to have the body scanner program shut down. TSA: Response http://www.epic.org/privacy/backscatter/tsaresp.pdf EPIC's Petition for Suspensions of the TSA Full Body Scanner Program http://epic.org/privacy/airtravel/backscatter/petition_042110.pdf Letters Urging House and Senate Leaders to Suspend Deploying FBS Devices http://csrl.org/xray/LiebermanLtr.pdf http://csrl.org/xray/ThompsonLtr.pdf 2009 Petition to Undertake a Formal Request for Public Comments on FBS Program http://www.epic.org/redirect/0604102009petition.html EPIC Whole Body Imaging Page http://epic.org/privacy/airtravel/backscatter/ ======================================================================= [3] Facebook makes privacy changes, Questions remain ======================================================================= In response to growing user unrest and a complaint filed at the Federal Trade Commission by EPIC and a coalition of privacy and consumer organizations, Facebook announced that it would roll back several changes to Facebook privacy settings that had made personal information more widely available than users intended. Facebook has reduced the enormous number of privacy settings that users were previously required to click through. Facebook has also agreed not forceably publish the basic profile information of users. And Facebook will give users some control over disclosure of their data to Facebook's business partners. But questions still remain about the default settings, access to user data by third parties, and whether Facebook will continue to push users settings to the "everyone" position at some point in the future. EPIC President Marc Rotenberg told NPR that the new privacy settings addressed several of the concerns raised in the complaint EPIC and others filed with the FTC. Nonetheless, he said, "It is time now for Congress to move forward and update privacy laws for the digital age." EPIC and others have also urged the FTC to complete its investigation of Facebook and to publish its findings. EPIC objected to the last several changes to Facebook's privacy policies. EPIC filed a complaint in December of 2009 when Facebook reclassified certain user data as "publically available information," a supplemental complaint in January, and then a new complaint on May 5 when Facebook forced users' profile information to become publicly available links instead of private data. Additionally, EPIC has filed a Freedom of Information Act request with the FTC seeking communications with Facebook discussing the site's recent privacy changes. Facebook Blog announcing privacy control changes http://blog.facebook.com/blog.php?post=391922327130 EPIC, "Facebook Privacy" http://epic.org/privacy/facebook/ The American Prospect, "The Case for Staying with Facebook" http://www.epic.org/redirect/060410staywfacebk.html NPR, "Facebook's Privacy Shift: How To Protect Yourself" http://www.epic.org/redirect/060410nprfacebk.html NPR, "On Point" (with EPIC President Marc Rotenberg) http://www.onpointradio.org/2010/05/analyzing-facebooks-privacy EPIC: In re Facebook http://epic.org/privacy/inrefacebook/ EPIC: In re Facebook II http://epic.org/privacy/facebook/in_re_facebook_ii.html ======================================================================= [4] EPIC Honors 2010 Champions of Freedom ======================================================================= On June 2, EPIC held its annual Champion of Freedom Awards Dinner. This year's honorees included Pamela Jones Harbour, the Rose Foundation, and Representative Joe Barton. The Award is given to outstanding individuals and organizations who have helped to safeguard freedom. Kashmir Hill, co-editor of the legal blog Above the Law and founder of The Not-So Private Parts blog, emceed the event. Reece Hirsh, a San Francisco attorney and author of The Insider, spoke as a special guest. Honoree Pamela Jones Harbour served as Commissioner of the Federal Trade Commission from 2003 until April 2010. A champion of consumer privacy, Ms. Harbour advocated for victims of identity theft and security breaches. She vigorously opposed consolidation of the online advertising industry, urged the adoption of privacy and data security safeguards for Internet users, and pushed for a global privacy framework regarding cross-border data transfers. In accepting the award, Ms. Harbour repeatedly emphasized her view that consumer privacy protections are both necessary and appropriate. After stating her belief that good privacy and good data security is good business, Ms. Harbour closed by saying that privacy is a key value, an intrinsic right, and a reasonable expectation of every individual. The Rose Foundation Consumer Rights Fund is the largest privacy donor in the United States. The Fund was created in 2002 after a series of legal settlements involving consumer privacy issues were directed to the Rose Foundation. Since its creation, the Fund has awarded more than $4.5 million dollars to support privacy-related research, education, advocacy, and policy development. Tim Little, who accepted the award, shared the honor with the Fund's grantees and applauded them for their continuing passion and commitment to protecting constitutional rights to privacy. Honoree Joe Barton is Ranking Member of the House Committee on Energy and Commerce. He has worked to promote America's financial and medical privacy as well as to protect safety and privacy on the Internet. Currently a co-chairman of the Congressional Privacy Caucasus, Representative Barton has played a leading role in efforts to establish privacy safeguards for electronic health records. Ron Wright, accepting the award on his behalf, emphasized Representative Barton's commitment to preserving individuals' right to be let alone, especially when it comes to medical privacy and personal information. The Champion of Freedom Award was established in 2004. Past honorees include Senator Patrick J. Leahy, Professor Pamela Samuelson, Congressman Edward Markey, attorney Paul M. Smith, director D.J. Caruso, philanthropist Addison Fischer, Professor Stefano Rodotà , privacy advocate Beth Givens, and jurist Michael Kirby. EPIC: Champions of Freedom Awards Dinner http://epic.org/june2/ The Rose Foundation http://www.rosefdn.org/ Rep. Joe Barton http://joebarton.house.gov/ Reece Hirsch: The Insider (on Amazon.com) http://www.epic.org/redirect/060410theinsider.html Kashmir Hill's Above the Law Blog http://abovethelaw.com/author/khill/ Hill's Not-So-Private Parts Blog http://trueslant.com/KashmirHill/ ======================================================================= [5] Canadian Privacy Commissioner Launches Street View Investigation ======================================================================= On June 1, 2010, Jennifer Stoddart, the Canadian Privacy Commissioner launched an investigation into Google Street View. The investigation seeks to determine whether Google violated Canada's private sector privacy law when its Street View vehicles collected consumer data from wireless networks. The Privacy Commissioner noted that her office is "very concerned about the privacy implications stemming from Google's confirmation that it had been capturing [wireless] data in neighborhoods across Canada and around the world over the past several years." In order to equip a given area in Google Maps with Street View, Google sends vehicles through the streets to take photographs of the area while driving through. In addition to photographs, Google's vehicles also collected data about the location's wireless networks. In an April 27, 2010 blog post, Google claimed that it collected basic information about wireless networks but not "payload data," the actual content users send over the network. However in a second blog post, dated May 14, Google admitted that it had collected payload data from wireless networks accessible to the general public. Payload data may include individual users' sensitive personal information. Google has since grounded its Street View vehicles. The Commissioner has asked Google to retain any user data it collected in Canada. Google is also facing pressure in the United States. Congressmen Joe Barton (R-TX) and Edward Markey (D-MA) have written a letter to the Chairman of the Federal Trade Commission asking the Commission to investigate whether Google's actions violated federal privacy or consumer protection laws. In addition, Congressmen Barton, Markey, Henry Waxman (D-CA) have also sent a letter to Google CEO Eric Schmidt seeking further answers about Google's data collection efforts. EPIC has written a letter to the Chairman of the Federal Communications Commission, Julius Genachowski, recommending that the Commission open its own investigation of Street View. In its letter, EPIC asserted that Google's routine secret interception and storage of user communication data appears to violate both federal wiretap laws and the Communications Act. EPIC noted that "The Commission plays a critical role in safeguarding the integrity of communications networks and the privacy of American consumers." News Release from Canadian Privacy Office http://www.priv.gc.ca/media/nr-c/2010/nr-c_100601_e.cfm Congressmen Barton and Markey's Letter to Chairman Leibowitz http://www.epic.org/redirect/060410housememltr.html Congressmen Barton, Markey, and Waxman's Letter to Eric Schmidt http://www.epic.org/redirect/060410houselettergoogle.html EPIC's Letter to Chairman Genachowski http://www.epic.org/redirect/060410epicletterfcc.html EPIC: Cloud Computing http://epic.org/privacy/cloudcomputing/ ======================================================================= [6] News In Brief ======================================================================= New Study Shows Young Americans Value Privacy A new study from the Pew Internet and American Life Project has found that "[r]eputation management has now become a defining feature of online life for many internet users, especially the young." The Pew study, Reputation Management and Social Media, found that young adults are far more likely than their older counterparts to take steps to maintain control over their digital identities, including changing their privacy settings, restricting access to their data, and removing their names from tagged photographs. The report also found that these privacy-protecting activities have become considerably more common across all age groups than they were when a similar study was conducted in 2006. The Pew study Reputation Management and Social Media http://www.pewinternet.org/Reports/2010/Reputation-Management.aspx EPIC: Public Opinion on Privacy http://epic.org/privacy/survey/ UC Davis, Yale Drop Gmail On April 30, 2010, the University of California at Davis announced its decision to discontinue consideration of a proposal to transfer 30,000 university email accounts to Google's Gmail. In an official statement posted on the university website, administrators cited both potential incompatibility with the University of California Electronic Communications Policy and privacy-related concerns voiced by members of the university community. The announcement followed close on the heels of Yale University's similar decision to postpone their planned switch to Gmail, pending more input from faculty and students. According to the Yale Daily News, a computer science professor at the university estimated the switch to Gmail could be made no earlier than spring 2011. EPIC Gmail Privacy Page http://epic.org/privacy/gmail/faq.html Joint Statement from University of California, Davis http://vpiet.ucdavis.edu/outsourcing_email_04.2010.pdf Yale Daily News Article http://www.epic.org/redirect/060410yaledailynews.html Google Apps for Education http://www.google.com/a/help/intl/en/edu/index.html FTC Delays Identity Theft Rule Yet Again The Federal Trade Commission is delaying, for the fourth time, its enforcement of the "Red Flags Rule." This rule requires creditors and financial institutions to implement programs to identify, detect and respond to the warning signs, or "red flags," that could indicate identity theft. The FTC has decided to delay enforcement through the end of the year in order to give Congress time to enact legislation that could clarify what kind of entities would be considered "creditors" under the rule. FTC Extends Enforcement Deadline for Identity Theft Red Flags Rule http://www.ftc.gov/opa/2010/05/redflags.shtm Fair Credit Reporting Act, containing the "Red Flags Rule" http://www.ftc.gov/os/statutes/031224fcra.pdf EPIC: Identity Theft http://epic.org/privacy/idtheft/ ======================================================================= [7] EPIC Bookstore: "Idiot's Guide to Recovering from Identity Theft" ======================================================================= "The Complete Idiot's Guide to Recovering from Identity Theft" by Mari J. Frank As anyone who has been the victim of identity theft knows, recovering from it can be a daunting prospect. Mary J. Frank's Idiot's Guide book is an excellent resource, with clear, step-by-step instructions and explanations. Frank first helps readers pick out the common symptoms of identity theft. She clearly explains what indicators readers should look for and what identity theft is. Then she carefully explains how readers can tackle the problem and restore their finances, criminal history, and reputation. Frank educates readers on dealing with credit companies, financial institutions, government bureaucracies, and civil court matters. Along the way, she describes laws such as the Fair Credit Reporting Act in easily understandable, efficient terms. Frank also addresses the special issues that arise when a child or deceased person's identity is stolen. She gives parents and surviving relatives clear instructions on how to correct the special problems associated with these situations, and she does it with understanding of the emotional issues involved. Frank's book is an excellent resource for readers who suspect, or have confirmed, that they are victims of identity theft. It is welcome peace of mind, a book long enough to be complete, but short enough to be manageable, with clear explanations of complex laws and bureaucracies. --Ginger McCall ================================ EPIC Publications: "Litigation Under the Federal Open Government Laws 2008," edited by Harry A. Hammitt, Marc Rotenberg, John A. Verdi, and Mark S. Zaid (EPIC 2008). Price: $60. http://epic.org/bookstore/foia2008/ Litigation Under the Federal Open Government Laws is the most comprehensive, authoritative discussion of the federal open access laws. This updated version includes new material regarding the substantial FOIA amendments enacted on December 31, 2007. Many of the recent amendments are effective as of December 31, 2008. The standard reference work includes in-depth analysis of litigation under Freedom of Information Act, Privacy Act, Federal Advisory Committee Act, Government in the Sunshine Act. The fully updated 2008 volume is the 24th edition of the manual that lawyers, journalists and researchers have relied on for more than 25 years. ================================ "Information Privacy Law: Cases and Materials, Second Edition" Daniel J. Solove, Marc Rotenberg, and Paul Schwartz. (Aspen 2005). Price: $98. http://www.epic.org/redirect/aspen_ipl_casebook.html This clear, comprehensive introduction to the field of information privacy law allows instructors to enliven their teaching of fundamental concepts by addressing both enduring and emerging controversies. The Second Edition addresses numerous rapidly developing areas of privacy law, including: identity theft, government data mining and electronic surveillance law, the Foreign Intelligence Surveillance Act, intelligence sharing, RFID tags, GPS, spyware, web bugs, and more. Information Privacy Law, Second Edition, builds a cohesive foundation for an exciting course in this rapidly evolving area of law. ================================ "Privacy & Human Rights 2006: An International Survey of Privacy Laws and Developments" (EPIC 2007). Price: $75. http://www.epic.org/phr06/ This annual report by EPIC and Privacy International provides an overview of key privacy topics and reviews the state of privacy in over 75 countries around the world. The report outlines legal protections, new challenges, and important issues and events relating to privacy. Privacy & Human Rights 2006 is the most comprehensive report on privacy and data protection ever published. ================================ "The Public Voice WSIS Sourcebook: Perspectives on the World Summit on the Information Society" (EPIC 2004). Price: $40. http://www.epic.org/bookstore/pvsourcebook This resource promotes a dialogue on the issues, the outcomes, and the process of the World Summit on the Information Society (WSIS). This reference guide provides the official UN documents, regional and issue-oriented perspectives, and recommendations and proposals for future action, as well as a useful list of resources and contacts for individuals and organizations that wish to become more involved in the WSIS process. ================================ "The Privacy Law Sourcebook 2004: United States Law, International Law, and Recent Developments," Marc Rotenberg, editor (EPIC 2005). Price: $40. http://www.epic.org/bookstore/pls2004/ The Privacy Law Sourcebook, which has been called the "Physician's Desk Reference" of the privacy world, is the leading resource for students, attorneys, researchers, and journalists interested in pursuing privacy law in the United States and around the world. It includes the full texts of major privacy laws and directives such as the Fair Credit Reporting Act, the Privacy Act, and the OECD Privacy Guidelines, as well as an up-to-date section on recent developments. New materials include the APEC Privacy Framework, the Video Voyeurism Prevention Act, and the CAN-SPAM Act. ================================ "Filters and Freedom 2.0: Free Speech Perspectives on Internet Content Controls" (EPIC 2001). Price: $20. http://www.epic.org/bookstore/filters2.0 A collection of essays, studies, and critiques of Internet content filtering. These papers are instrumental in explaining why filtering threatens free expression. ================================ EPIC publications and other books on privacy, open government, free expression, crypto and governance can be ordered at: EPIC Bookstore http://www.epic.org/bookstore ================================ EPIC also publishes EPIC FOIA Notes, which provides brief summaries of interesting documents obtained from government agencies under the Freedom of Information Act. Subscribe to EPIC FOIA Notes at: https:/mailman.epic.org/mailman/listinfo/foia_notes ======================================================================= [8] Upcoming Conferences and Events ======================================================================= "The Cyber War Threat has Been Grossly Exaggerated" Washington, DC, June 8, 2010 For more information: http://intelligencesquaredus.org/ "Computers, Freedom, and Privacy" San Jose, June 15-18, 2010. For more information: http://cfp.acm.org/wordpress/?p=6 Privacy and Identity Management for Life (PrimeLife/IFIP Summer School 2010) Helsingborg, Sweden, August 2-6, 2010. For more information: http://www.cs.kau.se/IFIP-summerschool/ Privacy and Security in the Future Internet 3rd Network and Information Security (NIS'10) Summer School Crete, Greece, September 13-17 2010. For more information: http://www.nis-summer-school.eu Internet Governance Forum 2010 Vilnius, Lithuania, 14-16 September 2010. For more information: http://igf2010.lt/ "32nd Int'l Conference of Data Protection and Privacy Commissioners" Jerusalem, October 2010. For more information: http://www.justice.gov.il/MOJEng/RashutTech/News/conference2010.htm ======================================================================= Join EPIC on Facebook ======================================================================= Join the Electronic Privacy Information Center on Facebook http//facebook.com/epicprivacy http://epic.org/facebook Start a discussion on privacy. Let us know your thoughts. Stay up to date with EPIC's events. Support EPIC. ======================================================================= Privacy Policy ======================================================================= The EPIC Alert mailing list is used only to mail the EPIC Alert and to send notices about EPIC activities. We do not sell, rent or share our mailing list. We also intend to challenge any subpoena or other legal process seeking access to our mailing list. We do not enhance (link to other databases) our mailing list or require your actual name. In the event you wish to subscribe or unsubscribe your e-mail address from this list, please follow the above instructions under "subscription information." ======================================================================= About EPIC ======================================================================= The Electronic Privacy Information Center is a public interest research center in Washington, DC. It was established in 1994 to focus public attention on emerging privacy issues such as the Clipper Chip, the Digital Telephony proposal, national ID cards, medical record privacy, and the collection and sale of personal information. EPIC publishes the EPIC Alert, pursues Freedom of Information Act litigation, and conducts policy research. For more information, see http://www.epic.org or write EPIC, 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009. +1 202 483 1140 (tel), +1 202 483 1248 (fax). ======================================================================= Donate to EPIC ======================================================================= If you'd like to support the work of the Electronic Privacy Information Center, contributions are welcome and fully tax-deductible. Checks should be made out to "EPIC" and sent to 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009. Or you can contribute online at: http://www.epic.org/donate Your contributions will help support Freedom of Information Act and First Amendment litigation, strong and effective advocacy for the right of privacy and efforts to oppose government regulation of encryption and expanding wiretapping powers. Thank you for your support. ======================================================================= Subscription Information ======================================================================= Subscribe/unsubscribe via web interface: http://mailman.epic.org/mailman/listinfo/epic_news Back issues are available at: http://www.epic.org/alert The EPIC Alert displays best in a fixed-width font, such as Courier. ------------------------- END EPIC Alert 17.11 ------------------------ .
Share this page:
Subscribe to the EPIC Alert
The EPIC Alert is a biweekly newsletter highlighting emerging privacy issues.