EPIC Alert 22.19

======================================================================= E P I C A l e r t ======================================================================= Volume 22.19 October 16, 2015 ----------------------------------------------------------------------- Published by the Electronic Privacy Information Center (EPIC) Washington, DC http://www.epic.org/alert/epic_alert_22.19.html "Defend Privacy. Support EPIC." http://epic.org/support ======================================================================= Table of Contents ======================================================================= [1] EU Court Strikes Down 'Safe Harbor', Focus Turns to US Privacy Laws [2] EPIC Testifies Before Senate on Risks of SSNs on Medicare Cards [3] OECD Finalizes Risk Management Guidelines [4] EPIC Pursues Public Release of Secret DNA Forensic Source Code [5] Privacy in the States: Success in California [6] News in Brief [7] EPIC in the News [8] EPIC Bookstore [9] Upcoming Conferences and Events TAKE ACTION: Fight Back Against Illegal US/UK Surveillance! LEARN about Privacy International's "Did GCHQ Spy on You?" Campaign: https://www.privacyinternational.org/illegalspying MAKE A CLAIM with the Investigatory Powers Tribunal: http://www.ipt-uk.com/section.aspx?pageid=16 FOLLOW Privacy International on Facebook: https://www.facebook.com/PrivacyInternational TWEET Your Support: #DidGCHQSpyOnYou/ @privacyint SUPPORT EPIC: https://epic.org/support/ ======================================================================= [1] EU Court Strikes Down 'Safe Harbor', Focus Turns to US Privacy Laws ======================================================================= In perhaps its most significant privacy decision to date, the Court of Justice of the European Union has ruled the transatlantic "Safe Harbor" data framework invalid because it does not provide an adequate legal basis to permit the transfer of the personal data of Europeans to the United States. The Court also determined that the national data protection agencies retain the legal authority to enforce fundamental rights, including both privacy and data protection, even against an agreement by the European Commission. The Court found that US authorities "were able to access the personal data transferred from the Member States . . . and process it in a way incompatible, in particular, with the purposes for which it was transferred, beyond what was strictly necessary and proportionate to the protection of national security." The Court also determined that EU citizens had "no administrative or judicial means of redress" to correct or delete inaccurate or unwanted information. Regarding the authority of the national data protection agencies, the Court said, "The guarantee of the independence of national supervisory authorities is intended to ensure the effectiveness and reliability of the monitoring of compliance with the provisions concerning protection of individuals with regard to the processing of personal data and must be interpreted in the light of that aim. It was established in order to strengthen the protection of individuals and bodies affected by the decisions of those authorities. The establishment in Member States of independent supervisory authorities is therefore an essential component of the protection of individuals with regard to the processing of personal data." The Court also suggested that the adoption of Articles 7 and 8, concerning privacy and data protection, in the Charter of Fundamental Rights now require a showing greater than "adequacy," which was the basis of the original Data Protection Directive, for transborder data flows. According to the Court, "in order to ensure that the requirements stemming from Directive 95/46 read in the light of the Charter are complied with, those means must nevertheless prove, in practice, effective in order to ensure protection essentially equivalent to that guaranteed within the European Union." The European Commission implemented Safe Harbor in 2000. The pact exempts the US from the European Data Protection Directive and has long been criticized for failing to provide adequate data protection for EU Internet users. The suit was brought by Austrian privacy activist and EPIC Champion of Freedom awardee Max Schrems, to prevent Facebook Ireland from transferring EU citizens' data to the US and holding it on US servers. Consumer organizations and civil liberties groups in Europe and the US have applauded the decision. The European Consumer Organisation (BEUC) "wholeheartedly embraces this ruling." Privacy International stated, "The European Court of Justice finally stated what everyone knew all along: this is legally unacceptable, and even fails the essence of the rule of law." Joe McNamee, Executive Director of European Digital Rights, said, "Safe Harbor was flawed in principle and flawed in practice." And the TransAtlantic Consumer Dialogue "welcomed" the decision, which "finds that the special status of the United States companies permitted to transfer personal information of their European users through the so-called 'Safe Harbour' system is illegal under the Union's data protection and fundamental rights laws, and therefore will be suspended." EPIC supports the CJEU decision because Safe Harbor failed to provide adequate protection for personal information. Safe Harbor has operated for several years as a substitute for the legal protections that would otherwise be required for the transfer of personal data across national borders. EPIC stated that Safe Harbor has "given rise to significant concerns on both sides of the Atlantic about the adequacy of the privacy and security afforded personal information." EPIC has recommended that the United States take several steps to address the growing EU-US privacy divide: (1) Enact the Consumer Privacy Bill of Rights, a comprehensive framework for privacy protection, proposed by the White House; (2) Modernize the Privacy Act of 1974, including a definition of "individual" that does not discriminate against non-US persons; and (3) Ratify the international Privacy Convention 108, the most-well established legal framework for international data flows. Writing in the New York Times, EPIC President Marc Rotenberg concluded, "concerns about privacy are driven by the National Security Agency programs of mass surveillance and the failure to establish meaningful regulation of Internet companies, almost all based in the United States. These are the main privacy problems today. Lawmakers on both sides of the Atlantic, interested in moving forward after the recent court decision, would be wise to maintain their focus." EU High Court: Press Release on Safe Harbor Decision (Oct. 6, 2015) https://epic.org/redirect/101615-safe-harbor-release.html EU High Court: Text of Safe Harbor Decision (Oct. 6, 2015) https://epic.org/redirect/101615-safe-harbor-text.html EU Advocate General: Opinion in Schrems v. DP Committee (Sep. 23, 2015) https://epic.org/redirect/093015-schrems-dp-opinion.html EPIC: Max Schrems v Irish Data Protection Commissioner (Safe Harbor) https://epic.org/privacy/intl/schrems/default.html BEUC: "Historic victory for Europeans' personal data rights" (Oct. 6, 2015) http://www.beuc.eu/publications/historic-victory-europeans%E2%80%99- personal-data-rights/html Privacy International: "There is no Safe Harbour from U.S. Authorities" (Oct. 6, 2015) https://www.privacyinternational.org/node/653 EDRi: "Fifteen years late, Safe Harbor hits the rocks" (Oct. 6, 2015) https://edri.org/safeharbor-the-end/ TACD: Statement in Response to Safe Harbor Ruling (Oct. 6, 2015) https://epic.org/redirect/101615-tacd-safe-horbor.html Marc Rotenberg: "Digital Privacy, in the U.S. and Europe." The New York Times, Oct. 13, 2015. http://www.nytimes.com/2015/10/13/opinion/digital-privacy-in-the- us-and-europe.html The White House: Press Release on CPBR (Feb. 23, 2012) https://epic.org/redirect/101615-wh-cpbr-release.html Export.gov: Safe Harbor Framework www.export.gov/safeharbor/ Europe v Facebook http://europe-v-facebook.org/EN/en.html EPIC: Council of Europe Privacy Convention https://epic.org/privacy/intl/coeconvention/ ======================================================================= [2] EPIC Testifies Before Senate on Risks of SSNs on Medicare Cards ======================================================================= EPIC testified October 7 before the US Senate Special Committee on Aging at the hearing "Protecting Seniors from Identity Theft: Is the Federal Government Doing Enough?" The hearing called attention to the continued display of Social Security Numbers on Medicare cards, which places millions of seniors at increased risk of identity theft. EPIC President Marc Rotenberg testified on the dangers of using the SSN as a national identifier and on the urgent need to remove SSNs from public documents. The Medicare Access and CHIP Reauthorization Act of 2015 prohibits inclusion of SSNs on Medicare cards, and Medicare will replace all SSN- bearing cards by 2023. The US Government Accountability Office has pressed Congress to remove SSNs from government documents since 2004. In a written statement submitted to the Committee, Mr. Rotenberg warned that "Given the growing risk of identity theft coupled to the SSN and the fact that other federal agencies have already removed the SSN from identity cards, there is simply no excuse for further delay." Mr. Rotenberg emphasized that many other government agencies, including the US Departments of Defense and Veterans Affairs, have already taken steps to eliminate SSN misuse. "Every institution in this country is moving to get the Social Security number off their documents and out of their records," Mr. Rotenberg said. "I simply do not understand the delay [within Medicare]." EPIC has urged Congress to implement SSN privacy protections for over two decades, beginning in 1991 when Mr. Rotenberg first testified before a House Committee at a hearing on the "Use of Social Security Number as a National Identifier." EPIC has participated in the leading cases involving SSN privacy and has frequently testified before Congress and state legislatures about the need to establish SSN privacy safeguards. EPIC also maintains an online archive of information about SSNs. EPIC: Testimony Before Senate Aging Committee (Oct. 7, 2015) https://epic.org/privacy/ssn/EPIC-SSN-Testimony-Senate-10-7-15.pdf Senate Committee on Aging: Hearing on SSNs and Privacy (Oct. 7, 2015) https://epic.org/redirect/101615-senate-ssn.html US Congress: Medicare Access and CHIP Reauthorization Act of 2015 https://www.congress.gov/114/plaws/publ10/PLAW-114publ10.pdf US Government Accountability Office http://www.gao.gov/assets/120/111025.pdf EPIC: Amicus Brief, Greidinger v. Davis (1993) https://epic.org/privacy/ssn/greidinger_brief.html EPIC: Testimony Before WI Legislature on SSNs (Sep. 15, 2015) https://epic.org/state-policy/WI-AB303-SSN-EPIC-testimony.pdf EPIC: Testimony Before House Social Security (Jun. 2007) https://epic.org/privacy/ssn/idtheft_test_062107.pdf EPIC: Testimony Before House on Social Security (Mar. 2006) https://epic.org/privacy/ssn/mar_16test.pdf EPIC: Testimony Before US House on Social Security (June 2004) https://epic.org/privacy/ssn/ssntestimony6.15.04.html EPIC: Testimony Before House Judiciary on Immigration (Sept. 2002) https://epic.org/privacy/ssn/ssntestimony9.19.02.html EPIC: Testimony Before Senate Aging Committee (July 2002) https://epic.org/privacy/biometrics/testimony_071802.html EPIC: Testimony Before House on Social Security (Nov. 8, 2011) https://epic.org/privacy/ssn/testimony_11_08_2001.html EPIC: Letter to White House on SSN Privacy (1993) https://epic.org/privacy/medical/ssn_letter.txt EPIC: Social Security Numbers https://www.epic.org/privacy/ssn/ ======================================================================= [3] OECD Finalizes Risk Management Guidelines ======================================================================= The international Organisation for Economic Co-operation and Development (OECD) has published a new "Recommendation on Digital Security Risk Management," a revision of the 2002 OECD Security Guidelines. EPIC supports the Recommendations, which emphasize digital security risk management "in a transparent manner and consistently with human rights and fundamental values." The recommendations also emphasize security measures that are "commensurate with the risk" and that risk assessments are "carried out as an ongoing systematic and cyclical process." Earlier in 2015, the annual OECD Digital Economy Outlook report found that the majority of Internet users are increasingly concerned about privacy. The report highlighted the significant impact of data breaches and the growing use of encryption to protect user data. EPIC has long been engaged with OECD and supports civil society participation, including through the Civil Society Information Society Advisory Council (CSISAC). CSISAC provides a voice for civil society at the OECD and contributes to the OECD's work on digital economy policy. Speaking to delegates at the 2014 OECD Global Forum for the Knowledge Economy in Tokyo, EPIC President Marc Rotenberg urged OECD member countries to endorse "algorithmic transparency," the principle that data processes impacting individuals be made public. Mr. Rotenberg explained that companies are too secretive both about the personal data they collect and how they use it. Mr. Rotenberg also spoke about the growing risk of identity theft and pressed OECD countries to update privacy laws. OECD: Web Page on Digital Security Risk Management Report 2015 https://epic.org/redirect/101615-oecd-security-page.html OECD: Digital Economy Outlook 2015 Report https://epic.org/redirect/101615-oecd-digital-economy.html OECD: 2002 Security Guidelines https://epic.org/redirect/101615-oecd-digital-economy-2002.html Civil Society Information Society Advisory Council http://csisac.org/ OECD: Global Forum on the Knowledge Economy 2014 http://www.oecd.org/sti/global-forum-knowledge-economy-2014.htm EPIC: Algorithmic Transparency https://www.epic.org/algorithmic-transparency/ ======================================================================== [4] EPIC Pursues Public Release of Secret DNA Forensic Source Code ======================================================================== EPIC has filed public records requests in six states to obtain the source code for "TrueAllele," a software product used in DNA forensic analysis. According to recent news reports, law enforcement officials use TrueAllele test results to establish guilt, but individuals accused of crimes are being denied the ability to examine the product's source code. EPIC filed requests in California, Louisiana, New York, Ohio, Pennsylvania and Virginia, the six states where TrueAllele DNA match statistics have been admitted into evidence. A similar program used by New Zealand prosecutors was recently found to have a coding error that provided incorrect results in 60 instances, including a high-profile murder case. Citing the importance of algorithmic transparency in the criminal justice system, EPIC requested from TrueAllele manufacturer Cybergenetics all contracts, proposals and technical specifications regarding TrueAllele; all audits, assessments and memoranda regarding TrueAllele's accuracy; and a copy of the TrueAllele's source code and documentation. In Pennsylvania, these secret algorithms are impacting life-or-death decisions. In Allegheny County, defendant Michael Robinson is challenging his inability to examine the TrueAllele source code that is providing evidence against him in a capital case. EPIC directed its Pennsylvania request at the Allegheny County Crime Lab. EPIC has previously urged the US Supreme Court to carefully consider the reliability of new investigative techniques and argued a federal appeals case against DNA dragnet surveillance. Slate Magazine: "Convicted by Code" (Oct. 6, 2015) http://www.slate.com/blogs/future_tense/2015/10/06/defendants_ should_be_able_to_inspect_software_code_used_in_forensics.html EPIC: California Request re: TrueAllele Software (Oct. 13, 2015) https://epic.org/redirect/101615-CA-allele-foia.html EPIC: Louisiana Request re: TrueAllele Software (Oct. 14, 2015) https://epic.org/redirect/101615-LA-allele-foia.html EPIC: New York Request re: TrueAllele Software (Oct. 13, 2015) https://epic.org/redirect/101615-NY-allele-foia.html EPIC: Ohio Request re: TrueAllele Software (Oct. 13, 2015) https://epic.org/redirect/101615-OH-allele-foia.html EPIC: Pennsylvania Request re: TrueAllele Software (Oct. 14, 2015) https://epic.org/redirect/101615-PA-allele-foia.html EPIC: Virginia Request re: TrueAllele Software (Oct. 13, 2015) https://epic.org/redirect/101615-VA-allele-foia.html EPIC: Algorithmic Transparency https://epic.org/algorithmic-transparency/ EPIC: Genetic Privacy https://epic.org/privacy/genetic/ EPIC: Florida v. Harris https://epic.org/amicus/harris/ EPIC: Kohler v. Englade https://epic.org/privacy/kohler/ EPIC: State Policy Project: https://epic.org/state-policy/ EPIC: FOIA Project https://epic.org/foia/ ======================================================================= [5] Privacy in the States: Success in California ======================================================================= California Governor Jerry Brown (D) has signed into law several strong privacy bills. The most significant of these is the California Electronic Communications Privacy Act (CalECPA). CalECPA requires law enforcement to obtain a warrant before accessing digital data including metadata, location data, emails and text messages. The warrant requirement applies both to searches of physical electronic devices and to content stored by an online service provider. CalECPA also requires law enforcement to obtain a warrant before using StingRay surveillance technology, an issue EPIC has pursued at the federal level. In another issue pursued by EPIC, Governor Brown signed a bill providing California residents with privacy protections against SmartTVs. The law prohibits the use of voice recognition on SmartTVs unless consumers are "prominently inform[ed]" during the TV's initial setup. It also prohibits the use of consumer voice recording for advertising purposes. Earlier in 2015, EPIC filed a complaint with the FTC about Samsung's SmartTVs. EPIC detailed widespread consumer objections and charged that "privacy notices" do not diminish the harm to American consumers. After previously vetoing a more comprehensive drone privacy law, Governor Brown did sign a more limited provision protecting California residents against drone flight in the airspace above private property in order to take photos or video or record a person's voice. EPIC is currently suing the FAA to establish privacy rules for commercial drones at the federal level, and has recommended drone privacy safeguards in Congress and state courts. EPIC's State Policy Project monitors state privacy issues nationwide. EPIC: State Policy Project: https://www.epic.org/state-policy/ State of CA: CalECPA (Oct. 2015) https://epic.org/redirect/101615-CalECPA.html EPIC: EPIC v. FBI - Stingray/Cell Site Simulator https://epic.org/foia/fbi/stingray/ State of CA: SmartTV Privacy Law (Oct. 2105) https://epic.org/redirect/101615-CA-smarttv-law.html EPIC: Samsung "SmartTV" Complaint https://epic.org/privacy/internet/ftc/samsung/ State of CA: Drone Privacy Law (Oct. 2015) https://epic.org/redirect/101615-CA-drone-privacy.html EPIC: EPIC v. FAA (Drone Privacy) https://epic.org/privacy/litigation/apa/faa/drones/ EPIC: Congressional Testimony on Drone Privacy (Jul. 19, 2012) https://epic.org/privacy/testimony/EPIC-Drone-Testimony-7-12.pdf EPIC: State v. Davis https://epic.org/amicus/drones/new-mexico/davis/ ======================================================================= [6] News in Brief ======================================================================= Solicitor General to Support Consumers in Supreme Court Privacy Case The US Solicitor General will argue November 2, 2015 in support of consumer privacy in Spokeo v. Robins, a critical case about the future of federal privacy law now before the US Supreme Court. EPIC and leading technical experts and legal scholars filed a brief in support of consumer privacy laws, highlighting the rise of data breaches and identify theft. EPIC urged the Court not to "limit the ability of individuals to seek redress for violations of privacy rights set out by Congress." US Supreme Court: Writ of Certiorari in Spokeo v. Robins (Oct. 5, 2015) http://www.supremecourt.gov/orders/courtorders/100515zor_4f15.pdfs SCOTUSblog: Spokeo v. Robins http://www.scotusblog.com/case-files/cases/spokeo-inc-v-robins/ EPIC: Amicus Brief by US SG et al. in Spokeo v. Robins (Sep. 2015) https://epic.org/amicus/spokeo/US-Brief.pdf EPIC: Spokeo v. Robins https://epic.org/amicus/spokeo/ EPIC et al.: Amicus Brief in Spokeo (Sep. 8, 2015) https://epic.org/amicus/spokeo/EPIC-Amicus-Brief.pdf Obama Drops Plan to Regulate Crypto According to The New York Times, President Obama has concluded that "it is not possible to give American law enforcement and intelligence agencies access to that information without also creating an opening that China, Russia, cybercriminals and terrorists could exploit." Earlier in 2015 Apple CEO Tim Cook said at the EPIC Champions of Freedom dinner, "Criminals are using every technology tool at their disposal to hack into people's accounts. If they know there's a key hidden somewhere, they won't stop until they find it." EPIC launched the public campaign for the freedom to use encryption in 1994 and several of the world's leading cryptographers are members of the EPIC Advisory Board. Tim Cook received the 2015 EPIC Champion of Freedom Award. Past recipients include Max Schrems and Edward Snowden. NY Times: "Obama Won't Seek Access to Encrypted User Data" (Oct. 10, 2015) http://www.nytimes.com/2015/10/11/us/politics/obama-wont-seek- access-to-encrypted-user-data.html' Washington Post: "Obama administration Opts Not to Force Firms to Decrypt Data - For Now" https://www.washingtonpost.com/world/national-security/obama- administration-opts-not-to-force-firms-to-decrypt-data--for- now/2015/10/08/1d6a6012-6dca-11e5-aa5b-f78a98956699_story.html EPIC et al.: Letter to White House re: Encryption (May 19, 2015) https://epic.org/security/Encryption-Letter-to-Obama-05-19-15.pdf EPIC: Letter to UN Special Rapporteur on Encryption (Feb. 10, 2015) https://epic.org/misc/EPIC-UNCHR-ltr-02-2015.pdf EPIC: 2015 Champions of Freedom Award https://epic.org/awards/2015/ EPIC: Clipper Chip https://epic.org/crypto/clipper/ EPIC: Advisory Board https://epic.org/epic/advisory_board.html Government Gets Second Extension in EPIC Supreme Court Case re: SOP 303 The US Supreme Court has granted the US Solicitor General more time to respond to EPIC's charges that the government's effort to keep under wraps a controversial cellphone shutdown policy violates the law. EPIC has pursued public release of the government policy, known as SOP 303, since BART subway officials shut down cellphone service during a peaceful protest in 2011. After EPIC prevailed in district court and a judge ordered release of the policy, the government appealed and a federal appeals court reversed the decision. In the Supreme Court petition, EPIC argued that the decision was "contrary to the intent of Congress, this Court's precedent, and this Court's specific guidance on statutory interpretation." The government's response is now due on November 13, 2015. US Supreme Court: Docket File in EPIC v. DHS (Oct. 14, 2015) https://epic.org/redirect/101615-scotus-epic-v-dhs-docket.html DC District Court: Ruling in EPIC v. DHS (Nov. 12, 2013) https://epic.org/foia/dhs/internet-kill-switch/DCD-Order.pdf DC Appeals Court: Decision Reversing Lower Court Ruling (Feb. 10, 2015) https://epic.org/redirect/101615-epic-v-dhs-appeals.html EPIC: Petition to US Supreme Court in EPIC v. DHS (Aug. 11, 2015) https://epic.org/foia/dhs/internet-kill-switch/Cert-Petition.pdf EPIC: EPIC v. DHS SOP 303 http://epic.org/foia/dhs/internet-kill-switch/ Senators Push DHS to Enact Cell Phone Monitoring Policy. Senators Chuck Grassley (R-IA) and Patrick Leahy (D-VT) have asked DHS Secretary Jeh Johnson to enact a policy on cell phone surveillance devices, known as "StingRays." The US Department of Justice recently adopted new guidelines on StingRay use that require agents to obtain search warrants before employing StingRays. The DOJ policy also prohibits officers from using StingRays to intercept communications, and requires that all non-target data be deleted after use. Documents obtained by EPIC in a FOIA lawsuit revealed the FBI was using the cell- site simulators without a warrant. EPIC also filed amicus briefs in US v. Jones and State v. Earls, arguing that a warrant is required to obtain location information from cell phone subscribers. Sen. Leahy: Press Release on DHS StingRay Policy (Sep. 29, 2015) https://epic.org/redirect/101615-leahy-stingray-release.html US DOJ: Guidance on StingRay Use (2015) http://www.justice.gov/opa/file/767321/download EPIC: List of FOIA Documents Obtained in StingRay Suit (2012-2013) https://epic.org/foia/fbi/StingRay/#foia EPIC: EPIC v. FBI - StingRay / Cell Site Simulator https://epic.org/foia/fbi/StingRay/#foia EPIC: Amicus Brief in US v. Jones (Oct. 3, 2011) https://epic.org/amicus/jones/EPIC_Jones_amicus_final.pdf EPIC: Amicus Brief in State v. Earls (Oct. 2012) https://epic.org/amicus/location/earls/EPIC-Earls-Amicus-NJ-SCt.pdf Congress Holds Hearing on Drone Safety after FAA Misses Deadline The US House Subcommittee on Aviation held an October 7 hearing on drone safety after the FAA failed to meet a Congressional deadline to implement comprehensive drone regulations. The FAA Modernization and Reform Act of 2012 required the agency to develop a "Comprehensive Plan" to integrate drones into the national airspace by September 30, 2015. The agency missed the deadline. However, the FAA has granted over a 1,700 exemptions for drones to operate in the US even as safety and privacy concerns increase. Chairman Frank LoBiondo (R-NJ) said at the hearing, "The real possibility of a mid-air collision must be taken seriously in order to prevent tragic consequences." EPIC recently sued the agency in the case EPIC v. FAA to establish privacy rules for commercial drones. US House Aviation Subcommittee: Hearing on Drone Safety (Oct. 7, 2015) https://epic.org/redirect/101615-house-drone-hearing.html AUVSI et al: Letter to FAA re: Drone Regulations (Sep. 30, 2015) https://epic.org/redirect/101615-auvsi-letter.html FAA: Authorizations Granted Via Section 333 Exemptions (Oct. 13, 2015) https://epic.org/redirect/101615-drone-exemptions.html EPIC: Petition for Hearing in EPIC v. FAA (Sep. 28, 2015) https://epic.org/redirect/101615-epic-faa-opening-brief.html EPIC: EPIC v. FAA https://epic.org/privacy/litigation/apa/faa/drones/ EPIC: Blog Post on "Commercial Drones and Privacy" (Sep. 9, 2015) https://epic.org/blog/2015/09/commercial-drones-and-privacy.html EPIC: Drones and UAVs https://epic.org/privacy/drones/ ======================================================================= [7] EPIC in the News ======================================================================= "Region helps pioneer future growth of drones." Dayton Daily News, Oct. 14, 2015. http://www.mydaytondailynews.com/news/news/region-helps-pioneer- future-growth-of-drones/nn3L6/ "Senate Committee hearing highlights identity theft risks among Medicare beneficiaries." Fierce HealthPayer, Oct. 13, 2015. http://www.fiercehealthpayer.com/antifraud/story/senate-committee- hearing-highlights-identity-theft-risks-among-medicare-ben/ 2015-10-13 "Digital Privacy, in the U.S. and Europe." The New York Times, Oct. 13, 2015. Letter to the Editor by EPIC President Marc Rotenberg. http://www.nytimes.com/2015/10/13/opinion/digital-privacy-in-the- us-and-europe.html "Experian hack raises doubts about security of credit database, advocates say." The Guardian, Oct. 8, 2015. http://www.theguardian.com/business/2015/oct/08/experian-hack- advocates-question-security-database "T-Mobile, Experian Data Breach Warrants Probe, Feds Told." Law360, Oct. 8, 2015. http://www.law360.com/privacy/articles/712560 "'Golden Key' Password Idea Is Getting Little Support." Inverse, Oct. 8, 2015. https://www.inverse.com/article/6651-sign-this-petition-demanding- obama-oppose-a-golden-key-security-hack "Advocates press federal regulators to investigate Experian data breach." MarketWatch, Oct. 8, 2015. http://www.marketwatch.com/story/advocates-press-federal- regulators-to-investigate-experian-data-breach-2015-10-08 "Collins says Medicare's continued use of SSN puts seniors at risk." Bangor Daily News, Oct. 7, 2015. http://bangordailynews.com/2015/10/07/news/state/collins-says- medicares-continued-use-of-ssn-puts-seniors-at-risk/ "LinkedIn set to pay $13 million compensation over its email persistence." Naked Security, Oct. 5, 2015. https://nakedsecurity.sophos.com/2015/10/05/linkedin-set-to-pay- 13-million-compensation-over-its-email-persistence/ "What Apple's revamped privacy policy website means for you." Chicago Daily Herald, Oct. 3, 2015. http://www.dailyherald.com/article/20151003/business/151009741/ "Privacy Is Dead Anyway, Long Live The Facebook Copyright Hoax." Think Progress, Oct. 1, 2015. http://thinkprogress.org/culture/2015/10/01/3707892/why-wont- the-facebook-privacy-hoax-go-away/ "FISC appoints first outside adviser." SC Magazine, Sep. 30, 2015. http://www.scmagazine.com/lawyer-preston-burton-will-advise-fisc- on-surveillance/article/442051/ "Tucson airport getting full-body scanners." Arizona Daily Star, Sep. 30, 2015. http://tucson.com/business/local/tucson-airport-getting-full-body- scanners/article_fcf4a8b9-126e-529b-8d4e-c39430cdfe37.html For More EPIC in the News: http://epic.org/news/epic_in_news.html ======================================================================= [8] EPIC Bookstore ======================================================================= "Privacy in the Modern Age: The Search for Solutions," edited by Marc Rotenberg, Julia Horwitz and Jeramie Scott. The New Press (May 2015). Price: $25.95. http://epic.org/buy-privacy-modern-age The threats to privacy are well known: The National Security Agency tracks our phone calls; Google records where we go online and how we set our thermostats; Facebook changes our privacy settings when it wishes; Target gets hacked and loses control of our credit card information; our medical records are available for sale to strangers; our children are fingerprinted and their every test score saved for posterity; and small robots patrol our schoolyards while drones may soon fill our skies. The contributors to this anthology don't simply describe these problems or warn about the loss of privacythey propose solutions. They look closely at business practices, public policy, and technology design and ask, "Should this continue? Is there a better approach?" They take seriously the dictum of Thomas Edison: "What one creates with his hand, he should control with his head." It's a new approach to the privacy debate, one that assumes privacy is worth protecting, that there are solutions to be found, and that the future is not yet known. This volume will be an essential reference for policy makers and researchers, journalists and scholars, and others looking for answers to one of the biggest challenges of our modern day. The premise is clear: There's a problem let's find a solution. Contributors include: Steven Aftergood, Ross Anderson, Christine L. Borgman (coauthored with Kent Wada and James F. Davis), Ryan Calo, Danielle Citron, Simon Davies, A. Michael Froomkin, Deborah Hurley, Kristina Irion, Jeff Jonas, Harry Lewis, Anna Lysyanskaya, Gary T. Marx, Aleecia M. McDonald, Dr. Pablo G. Molina, Peter G. Neumann, Helen Nissenbaum, Frank Pasquale, Dr. Deborah Peel, MD, Stephanie E. Perrin, Marc Rotenberg, Pamela Samuelson, Bruce Schneier, and Christopher Wolf. ===================================== "Privacy & Human Rights 2006: An International Survey of Privacy Laws and Developments" (EPIC 2007). Price: $75. http://www.epic.org/phr06/ This annual report by EPIC and Privacy International provides an overview of key privacy topics and reviews the state of privacy in over 75 countries around the world. The report outlines legal protections, new challenges, and important issues and events relating to privacy. Privacy & Human Rights 2006 is the most comprehensive report on privacy and data protection ever published. =================================== "The Public Voice WSIS Sourcebook: Perspectives on the World Summit on the Information Society" (EPIC 2004). Price: $40. http://www.epic.org/bookstore/pvsourcebook This resource promotes a dialogue on the issues, the outcomes, and the process of the World Summit on the Information Society (WSIS). This reference guide provides the official UN documents, regional and issue-oriented perspectives, and recommendations and proposals for future action, as well as a useful list of resources and contacts for individuals and organizations that wish to become more involved in the WSIS process. =================================== "The Privacy Law Sourcebook 2004: United States Law, International Law, and Recent Developments," Marc Rotenberg, editor (EPIC 2005). Price: $40. http://www.epic.org/bookstore/pls2004/ The Privacy Law Sourcebook, which has been called the "Physician's Desk Reference" of the privacy world, is the leading resource for students, attorneys, researchers, and journalists interested in pursuing privacy law in the United States and around the world. It includes the full texts of major privacy laws and directives such as the Fair Credit Reporting Act, the Privacy Act, and the OECD Privacy Guidelines, as well as an up-to-date section on recent developments. New materials include the APEC Privacy Framework, the Video Voyeurism Prevention Act, and the CAN-SPAM Act. =================================== "Filters and Freedom 2.0: Free Speech Perspectives on Internet Content Controls" (EPIC 2001). Price: $20. http://www.epic.org/bookstore/filters2.0 A collection of essays, studies, and critiques of Internet content filtering. These papers are instrumental in explaining why filtering threatens free expression. =================================== EPIC publications and other books on privacy, open government, free expression, and constitutional values can be ordered at: EPIC Bookstore: http://www.epic.org/bookstore =================================== EPIC also publishes EPIC FOIA Notes, which provides brief summaries of interesting documents obtained from government agencies under the Freedom of Information Act. Subscribe to EPIC FOIA Notes at: http://mailman.epic.org/mailman/listinfo/foia_notes ======================================================================= [9] Upcoming Conferences and Events ======================================================================= January 27, 2016. EPIC 2016 International Champions of Freedom Awards Event. Computers, Privacy, and Data Protection Conference, Brussels. http://www.cpdpconferences.org/ June 6, 2016. EPIC 2016 Champions of Freedom Awards Event. Washington, DC. ======================================================================= Join EPIC on Facebook and Twitter ======================================================================= Join the Electronic Privacy Information Center on Facebook and Twitter: http://facebook.com/epicprivacy http://twitter.com/epicprivacy Start a discussion on privacy. Let us know your thoughts. Stay up to date with EPIC's events. Support EPIC. ======================================================================= Privacy Policy ======================================================================= The EPIC Alert mailing list is used only to mail the EPIC Alert and to send notices about EPIC activities. We do not sell, rent or share our mailing list. We also intend to challenge any subpoena or other legal process seeking access to our mailing list. We do not enhance (link to other databases) our mailing list or require your actual name. In the event you wish to subscribe or unsubscribe your e-mail address from this list, please follow the above instructions under "subscription information." ======================================================================= About EPIC ======================================================================= The Electronic Privacy Information Center (EPIC) is a non-profit, independent public interest research center in Washington, DC. EPIC was established in 1994 to focus public attention on emerging privacy issues. Today EPIC maintains one of the top privacy websites in the world. EPIC publishes the EPIC Alert, pursues Freedom of Information Act litigation, files amicus briefs on emerging privacy and civil liberties issues, and conducts policy research. For more information, visit http://www.epic.org. ======================================================================= Support EPIC ======================================================================= If you'd like to support the work of the Electronic Privacy Information Center, contributions are welcome and tax-deductible. Checks should be made out to "EPIC" and sent to 1718 Connecticut Ave. NW, Suite 200, Washington, DC 20009. Or you can contribute online at: http://www.epic.org/support Your contributions help support Freedom of Information Act litigation, strong and effective advocacy for the right of privacy, and continued public education. Thank you for your support. ======================================================================= Subscription Information ======================================================================= Subscribe/unsubscribe via web interface: http://mailman.epic.org/mailman/listinfo/epic_news Back issues are available at: http://www.epic.org/alert The EPIC Alert displays best in a fixed-width font, such as Courier. ------------------------- END EPIC Alert 22.19-------------------------

Share this page:

Defend Privacy. Support EPIC.
US Needs a Data Protection Agency
2020 Election Security