EPIC Alert 23.01

======================================================================= E P I C A l e r t ======================================================================= Volume 23.01 January 22, 2016 ----------------------------------------------------------------------- Published by the Electronic Privacy Information Center (EPIC) Washington, DC http://www.epic.org/alert/epic_alert_23.01.html "Defend Privacy. Support EPIC." http://epic.org/support ======================================================================= Table of Contents ======================================================================= [1] EPIC Warns Education Department of Research Database Privacy Risks [2] EPIC Urges Senate to Postpone Action on Judicial Redress Act [3] Supreme Court Denies EPIC's Petition on Cellphone Shutdown Policy [4] EPIC, Coalition Call for Hearings on New TSA Body Scanner Mandate [5] News in Brief [6] EPIC in the News [7] EPIC Book Review: 'Obfuscation' [8] Upcoming Conferences and Events ROT13(Qrsraq cevinpl. Fhccbeg RCVP.) SUPPORT EPIC: https://epic.org/support/ ======================================================================= [1] EPIC Warns Education Department of Research Database Privacy Risks ======================================================================= In comments to the US Department of Education, EPIC has objected to the agency's recent proposal to gather detailed student information, including "Individualized Education Plan status" and "discipline records." The data would be housed in a new system of records called "Impact Evaluation of Data-Driven Instruction Professional Development for Teachers." The Department's stated purpose for collecting this student data is to study the effectiveness of "data-driven instruction" and professional development, and the data will contain "personally identifying information on approximately 12,000 students, 500 teachers, and 104 principals . . ." The Department also proposes to disclose the data to private contractors. EPIC contends such procedures violate the 1974 Privacy Act by (1) collecting irrelevant and unnecessary information, and (2) not clearly stating the purpose of the disclosures. EPIC acknowledged the need to evaluate educational programs, including professional development. However, EPIC added, this particular study appears to be another Education Department attempt to transfer sensitive student data to private contractors without meaningful privacy safeguards. EPIC suggested that the Education Department use aggregate data instead of students' PII so as to reduce the risks resulting from a data breach. EPIC also recommended that the agency limit third-party disclosure and clarify the specific functions for which the Department will disclose records. EPIC noted that the agency's Inspector General recently found that the Department's 184 information systems, 120 of which are managed by outside contractors, continue to be vulnerable to serious security threats." EPIC has called for a Student Privacy Bill of Rights, an enforceable privacy and data security framework. In 2012, EPIC submitted comments to the Department of Education opposing a similar research database and highlighting the risks to student privacy arising from the gratuitous collection of sensitive student personal information. EPIC: Comments to the US Department of Education (Jan. 4, 2016) https://epic.org/redirect/012016-epic-doe-comments.html US Ed. Dept.: Privacy Act of 1974; System of Records (Dec. 2, 2015) https://www.gpo.gov/fdsys/pkg/FR-2015-12-02/pdf/2015-30526.pdf US DOE: Final Audit Report on Compliance Fiscal Year 2014 (Nov. 2014) https://epic.org/redirect/012016-2014-doe-audit.html US House: Hearing on US DOE: Information Sec. Review (Nov. 17, 2015) https://epic.org/redirect/012016-house-doe-hearing.html EPIC: Comments to the US Department of Education (Jul. 30, 2012) https://epic.org/privacy/student/EPIC-ED-SORN-Cmts.pdf EPIC: EPIC v. DOE - Private Debt Collector Privacy Act Compliance https://epic.org/foia/ed/ EPIC: Student Privacy Bill of Rights https://epic.org/privacy/student/bill-of-rights.html EPIC: Student Privacy https://epic.org/privacy/student/ ======================================================================= [2] EPIC Urges Senate to Postpone Action on Judicial Redress Act ======================================================================= EPIC has urged the US Senate Judiciary Committee to postpone action on the Judicial Redress Act until the Justice Department makes public the text of the EU-US "Umbrella Agreement," which sets out an elaborate framework for data transfers between EU and US law enforcement agencies. EPIC also recommended that the Committee hold a hearing on the bill, at which time it could consider other important issues concerning the Privacy Act, such as the 2015 OPM data breach. The Umbrella Agreement, which raises significant questions about compliance with both US and EU law, requires amendment to the US Privacy Act of 1974 before it has legal effect. Representatives James Sensenbrenner (R-WI) and John Conyers (D-MI) introduced the Judicial Redress Act in 2015 to seek those amendments. The Act, passed by the House and pending before the Senate, nevertheless fails both to provide meaningful protections for data collected on non-US persons and to permit transborder data flows. "Privacy Act modernization is necessary to address the concerns of US persons regarding the collection and use of their personal information by federal agencies," EPIC wrote. EPIC is pursuing release of the Umbrella Agreement's text via Freedom of Information Act requests. EPIC: Letter to the Senate Judiciary Committee (Jan. 14, 2016) https://epic.org/foia/eu-us-data-transfer/EPIC-Ltr-S1600.pdf EPIC: Motion for Default Judgment in Umbrella Agreement Case (Jan. 6, 2016) https:///redirect/012016-epic-umbrella-judgment-request.html EPIC: Letter to the House Judiciary Committee re: Agreement (Sep. 16, 2015) https://epic.org/redirect/012016-epic-house-letter-umbrella.html EPIC: Complaint in EPIC v. DOJ (Nov. 4, 2015) https://epic.org/foia/eu-us-data-transfer/1-Complaint.pdf EPIC: EPIC v DOJ Umbrella Agreement http://epic.org/foia/eu-us-data-transfer/ EPIC: EU-US Umbrella Agreement https://epic.org/privacy/intl/data-agreement/ US Congress: Judicial Redress Act of 2015 (Mar. 18, 2015) https://www.congress.gov/bill/114th-congress/house-bill/1428 EPIC: Privacy Act of 1974 https://epic.org/privacy/1974act/ ======================================================================== [3] Supreme Court Denies EPIC's Petition on Cellphone Shutdown Policy ======================================================================== The US Supreme Court has denied EPIC's 2015 Petition for Review of a lower court opinion in EPIC v. DHS. The case concerns EPIC's Freedom of Information Act request for SOP-303, the US government's cellphone shutdown policy. Adopted in 2006, SOP-303 codifies a "shutdown and restoration process for use by commercial and private wireless networks during national crisis." EPIC's FOIA request did yield a redacted copy of SOP-303, but the full version has never been released to the public. EPIC filed a FOIA request for the secret document in 2012, after government officials disabled cellular service at a BART station in San Francisco during a peaceful protest. A district court in Washington, DC held that the Department of Homeland Security had to release the policy over the agency's objections, but the US Court of Appeals for the DC Circuit overturned the ruling. The appeals court allowed DHS to withhold the document under an expansive reading of Exemption 7(F), which covers documents whose production could reasonably be expected to endanger the lives and safety of "any individual." Under the DC Circuit's interpretation, the government can withhold any document if the agency asserts that disclosure would endanger the lives and safety of unidentified and unknown persons. EPIC urged the Supreme Court to review the case in order to resolve a conflict between the DC Circuit and the Second Circuit Court of Appeals over the meaning of Exemption 7(F). In ACLU v. DOD, the Second Circuit recognized that to withhold documents under Exemption 7(F), an agency must identify with some specificity the individuals whose lives and safety would be in danger. EPIC also highlighted the public safety risks created by the shutdown of cell service. EPIC routinely files lawsuits to force disclose of agency records that impact critical privacy interests. US Supreme Court: Denial of Certiorari in EPIC v. DHS (Jan. 16, 2016) http://www.supremecourt.gov/orders/courtorders/011116zor_n7io.pdf EPIC: EPIC v. DHS SOP 303 http://epic.org/foia/dhs/internet-kill-switch/ EPIC: Redacted Version of SOP 303 (Jul. 6, 2015) https://epic.org/redirect/012016-sop-303-redacted.html EPIC: ACLU v. DOD http://epic.org/amicus/acluvdod/default.html EPIC: FOIA Cases http://epic.org/foia/ ======================================================================= [4] EPIC, Coalition Call for Hearings on New TSA Body Scanner Mandate ======================================================================= EPIC and 25 organizations have urged the US House Committee on Oversight and Government Reform to hold a hearing on the TSA's sudden December 2015 decision to end guaranteed airport body-scanner opt-out for passengers requesting patdowns. The TSA's new Privacy Impact Assessment for body scanners states, "While passengers may generally decline AIT screening in favor of physical screening, TSA may direct mandatory AIT screening . . . as warranted by security considerations in order to safeguard transportation security." No other details have been provided. Dozens of organizations petitioned DHS in 2010 to conduct a public rulemaking on the initial body-scanning program, which was based around "backscatter" machines that allowed screeners to see naked images of passengers. When DHS denied the petition, EPIC sued the agency in the DC Circuit Court to suspend the body-scanner program, arguing, "The TSA has acted outside of its regulatory authority and with profound disregard for the statutory and constitutional rights of air travelers." EPIC asserted that the program violated the Administrative Procedures Act, the Privacy Act, the Religious Freedom Restoration Act, the Video Voyeurism Prevention Act and the Fourth Amendment, and was "unlawful, invasive, and ineffective." In July 2011, the DC Circuit Court of Appeals ruled that the TSA had violated the Administrative Procedures Act by implementing body scanners as a primary screening method without first undertaking public notice and comment rulemaking. The court ordered the agency to "promptly" undertake the proper rulemaking procedures and allow the public to comment on the body scanner program. The court also concluded that, because "any passenger may opt-out of AIT screening in favor of a patdown" there was no violation of the Fourth Amendment. Despite the order to "act promptly," the TSA did not conduct a public rulemaking for nearly two years. And, approaching three years after the public rulemaking, the agency still has not released the final rule - pushing back the release date numerous times. EPIC et al.: Letter to House Oversight Committee (Jan. 13, 2016) http://privacycoalition.org/TSA-Congressional-Oversight-Letter.pdf TSA: Updated Privacy Impact Assessment on Body Scanners (Dec. 18, 2015) https://epic.org/redirect/012016-tsa-updated-scanner-pia.html EPIC et al.: Petition to Suspend Body Scanner Program (Apr. 21, 2010) https://epic.org/privacy/airtravel/backscatter/petition_042110.pdf EPIC: Comments re: Airport Body Scanners (June 24, 2013) https://epic.org/apa/comments/EPIC-TSA-NBS-FINAL.pdf DC Circuit Court: Order In EPIC v. DHS (Jul. 15, 2011) https://epic.org/redirect/012016-scanner-decision-2011.html EPIC: EPIC v. DHS Suspension of Body Scanner Program https://epic.org/privacy/litigation/apa/tsa/bodyscanner/ ======================================================================= [5] News in Brief ======================================================================= EPIC Urges FAA to Make Drone Surveillance Capabilities Public In comments to the FAA, EPIC has urged the agency to make public the surveillance capabilities of drones operated in the US. EPIC also proposed privacy safeguards for personal information, stating, "It is not the personal information of the drone registrant that should be readily available to the public, but the technical capabilities of the registered drone." The FAA recently published a rule requiring drone registration, which EPIC supported. EPIC previously sued the FAA for failing to establish privacy rules for commercial drones. EPIC v. FAA is pending before the DC Circuit Court of Appeals. EPIC: Comments to FAA re: Drone Registration (Jan. 14, 2016) https://epic.org/redirect/012016-epic-drone-comments.html FAA: Ruling on Drone Registration (Dec. 13, 2015) http://www.faa.gov/news/updates/media/20151213_IFR.pdf EPIC: "Commercial Drones and Privacy" (Sep. 9, 2015) https://epic.org/blog/2015/09/commercial-drones-and-privacy.html EPIC: EPIC v. FAA https://epic.org/privacy/litigation/apa/faa/drones/ EPIC Urges HHS to Protect Privacy of Human Research Subjects In comments to the Department of Health and Human Services, EPIC pointed out several flaws in proposed revisions to the "Common Rule" regarding biomedical and behavioral research involving human subjects. While EPIC supports the agency's proposals to strengthen requirements for informed consent and to adopt a broad definition of Personally Identifiable Information, many of the proposed changes "place research interests ahead of the privacy interests" and fail to address the risks to human subjects of "Big Data" research. EPIC previously expressed concern about proposed changes to the Common Rule and continually advocates for health privacy rights. EPIC: Comments to HHS on Revisions to Common Rule (Jan. 6, 2016) https://epic.org/apa/comments/EPIC-Common-Rule-Comments-2016.pdf Regulations.gov: HHS Proposed Revisions to Common Rule (Sep. 8, 2015) http://www.regulations.gov/#!documentDetail;D=HHS-OPHS-2015-0008-0001 EPIC: Privacy and the Common Rule https://epic.org/privacy/privacy_and_the_common_rule.html EPIC et al.: Comments to HHS on Human Subjects Research (Oct. 26, 2011) https://epic.org/apa/comments/EPIC-et-al-Common-Rule-Cmts.pdf EPIC: Brief in Sorrell v. IMS Health (Mar. 1, 2011) https://epic.org/amicus/sorrell/EPIC_amicus_Sorrell_final.pdf EPIC: Comments to HHS on HIPAA and NICS (Jun. 7, 2013) https://epic.org/apa/comments/EPIC-HHS-HIPAA-Privacy-Rule.pdf EPIC: FAA v. Cooper https://epic.org/amicus/cooper/ EPIC: Medical Record Privacy https://epic.org/privacy/medical/ Court Upholds Facebook Settlement, Continuing Kids' Images in Ads A federal appeals court has upheld a 2013 settlement agreement in Fraley v. Facebook, a consumer privacy class action involving Facebook's use of young children's names and images for advertising without consent, a practice currently prohibited in seven states. Questions were also raised about the cy pres determinations, and the dissenting judge stated that the "district court abused its discretion in approving the final settlement." In a 2014 amicus brief to the Ninth Circuit, EPIC urged the appeals court to overturn the deal, explaining that the settlement is unfair to class members and authorizes continued privacy violations. In 2009 and 2010, EPIC and a coalition of consumer privacy organizations filed extensive complaints with the Federal Trade Commission that eventually required Facebook to improve its privacy practices. 9th Circuit: Decision Upholding Settlement in Fraley (Jan. 6, 2016) https://www.documentcloud.org/documents/2678209-13-16819.html EPIC: Fraley v. Facebook https://epic.org/amicus/facebook/fraley/ EPIC: Amicus Brief in Fraley v. Facebook (Feb. 20, 2014) https://epic.org/amicus/facebook/fraley/EPIC-Fraley-Amicus.pdf 9th Circuit: Initial Decision in Fraley v. Facebook (Oct. 5, 2012) https://epic.org/redirect/012016-2012-fraley-facebook.html EPIC et al.: Initial Complaint in In re Facebook (Dec. 17, 2009) https://epic.org/privacy/inrefacebook/EPIC-FacebookComplaint.pdf EPIC: In re: Facebook https://epic.org/privacy/inrefacebook/ EPIC Opposes Sea Traveler Surveillance Program In comments to DHS, EPIC criticized a proposal to collect detailed records on people traveling by boat. DHS is planning to track people arriving and departing the United States by sea, including between ports within US borders. However, DHS will ignore Privacy Act protections, and make collected data routinely available to private companies and foreign governments. The proposal, explained EPIC, would "create a massive government database of detailed personal information that lacks accountability." EPIC has opposed other boat surveillance programs. A FOIA case pursued by EPIC about a controversial boater-tracking program revealed that DHS fuses tracking data with other intelligence data to develop detailed profiles on boaters. EPIC: Comments to DHS on Proposed Sea Traveler Records (Dec. 28, 2015) https://epic.org/apa/comments/EPIC-DHS-Boating-Passenger-Cmts.pdf Regulations.gov: Privacy Act SORN on Sea Travelers (Nov. 27, 2015) http://www.regulations.gov/#!documentDetail;D=DHS-2015-0078-0001 EPIC: Comments to DHS on TSA PreCheck (Oct. 10, 2013) https://epic.org/apa/comments/EPIC-TSAPreCheck-Comments.pdf EPIC: EPIC v. USCG - Nationwide Automatic Identification System https://epic.org/foia/dhs/uscg/nais/ Practical Sailor: "Is AIS Chipping Away at Our Freedoms?" (Feb. 2011) http://www.practical-sailor.com/issues/37_2/features/Is_AIS_ Chipping_Away_at_Our_Freedoms_10135-1.html Senator Franken Presses Google on Student Privacy Senator Al Franken (D-MN) has asked Google to explain what the company does with collected student data. Specifically, Franken asked what types of data Google collects, to whom Google discloses student information and whether students and schools "have control over what data is being collected and how the data are being used". "I believe Americans have a fundamental right to privacy, and that right includes a student or parent's access to information about what data are being collected about them and how the data are being used," Senator Franken stated. EPIC has called for a Student Privacy Bill of Rights, an enforceable student privacy and data security framework. Sen. Franken (D-MN): Letter to Google re: Student Data (Jan. 13, 2016) https://epic.org/redirect/012016-franken-google-letter.html EPIC: Student Privacy https://epic.org/privacy/student/ EPIC: Student Privacy Bill of Rights https://epic.org/privacy/student/bill-of-rights.html Amid Criticism of Agency Compliance, House Passes FOIA Reforms Congress has passed the FOIA Oversight and Implementation Act (HR 653). The Act limits agency exemptions on withholding public records, creates an online portal for FOIA requests and requires agencies to post frequently requested documents. Open-government advocates and members of Congress have criticized federal agencies for lax compliance with the Freedom of Information Act. The House Oversight Committee concluded that "[e]xcessive delays and redactions" have undermined the Act." The FOIA Ombudsman criticized the Transportation Security Administration for "weak management" and lack of a "FOIA tracking system." EPIC has pursued many FOIA cases, and has urged the Obama White House to strengthen the FOIA by committing to a "presumption of openness" and narrowing the use of FOIA exemptions. Congress.gov: FOIA Oversight and Implementation Act (Jan. 11, 2016) https://www.congress.gov/bill/114th-congress/house-bill/653/actions EPIC et al.: Letter to OGIS re: FOIA Closures (Oct. 30, 2014) http://foia.rocks/OGIS_Letter_final.pdf Cornell U. Legal Information Institute: Text of the FOIA https://www.law.cornell.edu/uscode/text/5/552 OGIS: Compliance Review of TSA's FOIA Procedures (2015) https://epic.org/redirect/012016-ogis-tsa-foia-critique.html EPIC: FOIA Cases https://epic.org/foia/ FOIA.ROCKS: Coalition Letter to President re: FOIA (Oct. 23, 2014) http://foia.rocks/recommendations.html Uber, New York AG Reach Settlement Over Rider Data Privacy Practices The New York State Attorney General's office has announced a settlement in the investigation of Uber's collection and misuse of rider locational data, as well as Uber's failure to provide timely notice of a data breach affecting 50,000 Uber drivers. The investigation was prompted by public outcry over Uber's "God View" tool, which allowed Uber employees to obtain a specific rider's real-time and historic location data without permission. The settlement requires Uber to encrypt rider locational data and enhance data security. In 2015, EPIC filed a complaint with the FTC, charging that Uber's plan to track users and gather their contact details is an unlawful and deceptive trade practice. In The Huffington Post, EPIC also recommended privacy law to regulate Uber and other ride-sharing companies. NY AG's Office: Press Release on Uber Settlement (Jan. 6, 2015) https://epic.org/redirect/012016-nyag-uber-settlement.html EPIC: In re: Uber Privacy Policy https://epic.org/privacy/internet/ftc/uber/ Los Angeles Times: "Uber security breach may have affected up to 50,000 drivers" (Feb. 27, 2015) http://www.latimes.com/business/technology/la-fi-tn-uber-data- breach-20150227-story.html EPIC: Complaint with FTC re: Uber Privacy Practices (Jun. 22, 2015) https://epic.org/privacy/internet/ftc/uber/Complaint.pdf Uber: Privacy Policy (Jul. 15, 2015) https://www.uber.com/legal/privacy/users/en The Huffington Post: "Privacy Rules for Uber," by EPIC Consumer Privacy Counsel Julia Horwitz and EPIC Executive Director Marc Rotenberg (Dec. 12, 2014) http://www.huffingtonpost.com/julia-horwitz/privacy-rules-for- uber_b_6304824.html ======================================================================= [6] EPIC in the News ======================================================================= "Kentucky drone-slayer lawsuit: revives conflict between private property and government airspace sovereignty." Lawyer Herald, Jan. 19, 2016. http://www.lawyerherald.com/articles/27682/20160119/drone-slayer- lawsuit-conflict-private-property-government-airspace-sovereignty. htm#qCpSSvEhrQws9w5M.99 "EU wants tougher privacy controls in new Safe Harbor." The Hill, Jan. 19, 2016. http://thehill.com/policy/cybersecurity/266282-eu-wants-tougher- privacy-controls-in-new-safe-harbor "25 Civil Liberties, Privacy Groups Form Coalition to Fight TSA's New Body Scan Guidelines." Truth in Media, Jan. 19, 2016. http://truthinmedia.com/civil-liberties-privacy-groups-coalition- fight-tsa-body-scan/ "Privacy and Drone Spying." The New York Times, Letter to the Editor by EPIC President Marc Rotenberg, Jan. 18, 2016. http://www.nytimes.com/2016/01/18/opinion/privacy-and-drone- spying.html "EU privacy watchdogs to meet over US data standards." The Hill, Jan. 14, 2016. http://thehill.com/policy/cybersecurity/265950-eu-privacy- watchdogs-to-meet-over-us-data-transfer-standards "The US Government Has An Internet Killswitch And It's None Of Your Business." MintPress News, Jan. 14, 2016. http://www.mintpressnews.com/the-us-government-has-an-internet- killswitch-and-its-none-of-your-business/212749/ "Powerhouse Coalition Ups Ante In Emotional TSA Body Scan Fight." Forbes, Jan. 14, 2016. http://www.forbes.com/sites/lisabrownlee/2016/01/14/powerhouse- coalition-ups-ante-in-emotional-tsa-body-scan-fight/ "You may be powerless to stop a drone from hovering over your own yard." The Washington Post, Jan. 13, 2016. https://www.washingtonpost.com/news/the-switch/wp/2016/01/13/ you-may-be-powerless-to-stop-a-drone-from-hovering-over-your-own -yard/ "TSA Precheck reaches 2M members." USA Today, Jan. 13, 2016. http://www.usatoday.com/story/travel/2016/01/13/tsa-precheck/ 78635322/ "Governments urged to support scrambling digital data." Business Standard News, Jan. 12, 2016. http://www.business-standard.com/article/pti-stories/governments- urged-to-support-scrambling-digital-data-116011200776_1.html "Ruling in on hiding cell-phone network shutdowns." WND, Jan. 12, 2016. http://www.wnd.com/2016/01/ruling-in-on-hiding-cell-phone-network- shutdowns/#YQdBvWwsLEujOWJY.99 "Supreme Court won't force DHS to reveal secret plan to cut cell service." Ars Technica, Jan. 12, 2016. http://arstechnica.com/tech-policy/2016/01/supreme-court-wont- force-dhs-to-reveal-secret-plan-to-cut-cell-service/ "Open letter rejects government crackdown on encryption." ComputerWorld, Jan 12, 2016. http://www.computerworld.com.au/article/591985/open-letter-rejects- government-crackdown-encryption/ "PennDOT Selling Drivers' Personal Information? NBC10 Investigators [video]." NBC News 10 Philadelphia, Jan 12, 2015. http://www.nbcphiladelphia.com/news/local/PennDOT-Selling-Drivers- Personal-Information--NBC10-Investogators-364903281.html "House passes sweeping FOIA reform legislation." The Hill, Jan. 11, 2016. http://thehill.com/blogs/floor-action/house/265485-house-passes- sweeping-foia-reform-legislation "Privacy and Drone Spying." The New York Times, Letter to the Editor by EPIC President Marc Rotenberg, Jan. 10, 2015. http://www.nytimes.com/2016/01/18/opinion/privacy-and-drone-spying .html "New student database slammed by privacy experts." The Washington Post, Jan. 7, 2016. https://www.washingtonpost.com/news/answer-sheet/wp/2016/01/07/new- student-database-slammed-by-privacy-experts/ "Watchdog Says DOJ Lost Data Pact Release Suit By Default." Law360, Jan. 7, 2016. http://www.law360.com/privacy/articles/743994?nl_pk=f0de6bf1-38da- 4828-af43-c04aba064077 "Can the Internet ever be shut down?" Mashable, Jan. 7, 2016. http://mashable.com/2016/01/07/mashable-explains-post/#MR3Ddc9.2EqL "TSA Body Scan? Just Say 'No', Leading Expert Says." Forbes, Dec. 24, 2015. http://www.forbes.com/sites/lisabrownlee/2015/12/24/tsa-body-scan- just-say-no-leading-expert-says/ "TSA sharply curtails ability to opt out of electronic body screening at airports." The Guardian, Dec. 23, 2015. http://www.theguardian.com/world/2015/dec/23/tsa-electronic-body- scans-opt-out-policy "Season's Greetings From The FAA. It's Time To Register Your Drone." BuzzFeed News, Dec. 21, 2015. http://www.buzzfeed.com/hamzashaban/heres-where-to-register-your- christmas-drone#.gflyY0jbl "Privacy Group Blasts Gov't High Court Defense Of Secrecy." Law360, Dec. 21, 2015. http://www.law360.com/articles/740162/privacy-group-blasts-gov-t- high-court-defense-of-secrecy For More EPIC in the News: http://epic.org/news/epic_in_news.html ======================================================================= [7] EPIC Book Review: 'Obfuscation' ======================================================================= "Obfuscation: A User's Guide for Privacy and Protest," by Finn Brunton and Helen Nissenbaum http://amzn.to/20eL13g Finn Brunton's and Helen Nissenbaum's new book is essential reading for anyone interested in protecting themselves against ubiquitous digital surveillance particularly how to use different forms of "obfuscation" to hide in plain sight. The book is written both for average users looking for effective methods to protect privacy and for engineers, policymakers and others attempting to understand why people resist data collection. Brunton and Nissenbaum begin the book by laying out numerous examples of how individuals, governments, businesses and even nature use obfuscation to safeguard privacy and safety. They include such disparate illustrations as the use of radar chaff in World War II to protect pilots flying in enemy territory; software to obscure users' search queries; and orb-weaving spiders that make decoys of themselves to avoid wasps. The authors then explain why obfuscation is necessary - specifically in the contexts of information asymmetry, opting out and the lack of transparency around information collection, use and retention. They also tackle the "ethics of obfuscation," addressing critics who describe obfuscation as wasteful, dishonest or free-riding. Brunton and Nissenbaum close the book with a discussion about whether obfuscation can work against the numerous powerful actors who are highly incentivized to collect accurate user data. "Obfuscation" is a fun and quick read offering a means to fight back against pervasive digital surveillance. The authors make the subject approachable and compelling in a way that will engage the average user and just might start the revolution the book aims to set in motion. According to the authors, "if you are a person or group wanting to live in the modern world without being a subject of pervasive digital surveillance (and an object of subsequent analysis), obfuscation is a lexicon of ways to put some sand in the gears, to buy time, and to hide in the crowd of signals." -- Jeramie D. Scott =================================== EPIC Bookstore =================================== "Privacy Law and Society, 3rd Edition," by Anita Allen, JD, PhD and Marc Rotenberg, JD, LLM. West Academic (Dec.2015). http://www.privacylawandsociety.org/ The Third Edition of "Privacy Law and Society" is the most comprehensive casebook on privacy law ever produced. It traces the development of modern privacy law, from the early tort cases to present day disputes over drone surveillance and facial recognition. The text examines the philosophical roots of privacy claims and the significant court cases and statues that have emerged. The text provides detailed commentary on leading cases and insight into emerging issues. The text includes new material on developments in the European Union, decisions grounded in fundamental rights jurisprudence, and exposes readers to current debates over cloud computing, online profiling, and the role of the Federal Trade Commission. Privacy Law and Society is the leading and most current text in the privacy field. =================================== "Privacy in the Modern Age: The Search for Solutions," edited by Marc Rotenberg, Julia Horwitz and Jeramie Scott. The New Press (May 2015). Price: $25.95. http://epic.org/buy-privacy-modern-age The threats to privacy are well known: The National Security Agency tracks our phone calls; Google records where we go online and how we set our thermostats; Facebook changes our privacy settings when it wishes; Target gets hacked and loses control of our credit card information; our medical records are available for sale to strangers; our children are fingerprinted and their every test score saved for posterity; and small robots patrol our schoolyards while drones may soon fill our skies. The contributors to this anthology don't simply describe these problems or warn about the loss of privacythey propose solutions. They look closely at business practices, public policy, and technology design and ask, "Should this continue? Is there a better approach?" They take seriously the dictum of Thomas Edison: "What one creates with his hand, he should control with his head." It's a new approach to the privacy debate, one that assumes privacy is worth protecting, that there are solutions to be found, and that the future is not yet known. This volume will be an essential reference for policy makers and researchers, journalists and scholars, and others looking for answers to one of the biggest challenges of our modern day. The premise is clear: There's a problem let's find a solution. Contributors include: Steven Aftergood, Ross Anderson, Christine L. Borgman (coauthored with Kent Wada and James F. Davis), Ryan Calo, Danielle Citron, Simon Davies, A. Michael Froomkin, Deborah Hurley, Kristina Irion, Jeff Jonas, Harry Lewis, Anna Lysyanskaya, Gary T. Marx, Aleecia M. McDonald, Dr. Pablo G. Molina, Peter G. Neumann, Helen Nissenbaum, Frank Pasquale, Dr. Deborah Peel, MD, Stephanie E. Perrin, Marc Rotenberg, Pamela Samuelson, Bruce Schneier, and Christopher Wolf. ===================================== "Privacy & Human Rights 2006: An International Survey of Privacy Laws and Developments" (EPIC 2007). Price: $75. http://www.epic.org/phr06/ This annual report by EPIC and Privacy International provides an overview of key privacy topics and reviews the state of privacy in over 75 countries around the world. The report outlines legal protections, new challenges, and important issues and events relating to privacy. Privacy & Human Rights 2006 is the most comprehensive report on privacy and data protection ever published. =================================== "The Public Voice WSIS Sourcebook: Perspectives on the World Summit on the Information Society" (EPIC 2004). Price: $40. http://www.epic.org/bookstore/pvsourcebook This resource promotes a dialogue on the issues, the outcomes, and the process of the World Summit on the Information Society (WSIS). This reference guide provides the official UN documents, regional and issue-oriented perspectives, and recommendations and proposals for future action, as well as a useful list of resources and contacts for individuals and organizations that wish to become more involved in the WSIS process. =================================== "The Privacy Law Sourcebook 2004: United States Law, International Law, and Recent Developments," Marc Rotenberg, editor (EPIC 2005). Price: $40. http://www.epic.org/bookstore/pls2004/ The Privacy Law Sourcebook, which has been called the "Physician's Desk Reference" of the privacy world, is the leading resource for students, attorneys, researchers, and journalists interested in pursuing privacy law in the United States and around the world. It includes the full texts of major privacy laws and directives such as the Fair Credit Reporting Act, the Privacy Act, and the OECD Privacy Guidelines, as well as an up-to-date section on recent developments. New materials include the APEC Privacy Framework, the Video Voyeurism Prevention Act, and the CAN-SPAM Act. =================================== "Filters and Freedom 2.0: Free Speech Perspectives on Internet Content Controls" (EPIC 2001). Price: $20. http://www.epic.org/bookstore/filters2.0 A collection of essays, studies, and critiques of Internet content filtering. These papers are instrumental in explaining why filtering threatens free expression. =================================== EPIC publications and other books on privacy, open government, free expression, and constitutional values can be ordered at: EPIC Bookstore: http://www.epic.org/bookstore =================================== EPIC also publishes EPIC FOIA Notes, which provides brief summaries of interesting documents obtained from government agencies under the Freedom of Information Act. Subscribe to EPIC FOIA Notes at: http://mailman.epic.org/mailman/listinfo/foia_notes ======================================================================= [8] Upcoming Conferences and Events ======================================================================= January 21, 2016. EPIC v. Department of Justice - Hearing Before the US District Court for the District of Columbia Alan Butler, EPIC Senior Counsel E. Barrett Prettyman United States Courthouse, Rm. 17 January 26, 2016. "The Multiple Ways of (de/self-) Regulation: What is at Stake for Human Rights?" "Safe Harbor 2.0: A Stillborn Project?" Speaker: EPIC President Marc Rotenberg Privacy Camp Universit Saint-Louis Brussels, Belgium http://privacycamp.eu/programme/ January 27, 2016. EPIC 2016 International Champions of Freedom Awards Event. Computers, Privacy, and Data Protection Conference, Brussels. http://www.cpdpconferences.org/ https://epic.org/2015/01/epic-gives-freedom-awards-to-p.html June 6, 2016. EPIC 2016 Champions of Freedom Awards Event. Washington, DC. ======================================================================= Join EPIC on Facebook and Twitter ======================================================================= Join the Electronic Privacy Information Center on Facebook and Twitter: http://facebook.com/epicprivacy http://twitter.com/epicprivacy Start a discussion on privacy. Let us know your thoughts. Stay up to date with EPIC's events. Support EPIC. ======================================================================= Privacy Policy ======================================================================= The EPIC Alert mailing list is used only to mail the EPIC Alert and to send notices about EPIC activities. We do not sell, rent or share our mailing list. We also intend to challenge any subpoena or other legal process seeking access to our mailing list. We do not enhance (link to other databases) our mailing list or require your actual name. In the event you wish to subscribe or unsubscribe your e-mail address from this list, please follow the above instructions under "subscription information." ======================================================================= About EPIC ======================================================================= The Electronic Privacy Information Center (EPIC) is a non-profit, independent public interest research center in Washington, DC. EPIC was established in 1994 to focus public attention on emerging privacy issues. Today EPIC maintains one of the top privacy websites in the world. EPIC publishes the EPIC Alert, pursues Freedom of Information Act litigation, files amicus briefs on emerging privacy and civil liberties issues, and conducts policy research. For more information, visit http://www.epic.org. ======================================================================= Support EPIC ======================================================================= If you'd like to support the work of the Electronic Privacy Information Center, contributions are welcome and tax-deductible. Checks should be made out to "EPIC" and sent to 1718 Connecticut Ave. NW, Suite 200, Washington, DC 20009. Or you can contribute online at: http://www.epic.org/support Your contributions help support Freedom of Information Act litigation, strong and effective advocacy for the right of privacy, and continued public education. Thank you for your support. ======================================================================= Subscription Information ======================================================================= Subscribe/unsubscribe via web interface: http://mailman.epic.org/mailman/listinfo/epic_news Back issues are available at: http://www.epic.org/alert The EPIC Alert displays best in a fixed-width font, such as Courier. ------------------------- END EPIC Alert 23.01-------------------------

Share this page:

Defend Privacy. Support EPIC.
US Needs a Data Protection Agency
2020 Election Security