EPIC Alert 16.22

EPIC Alert 16.22

=======================================================================                        E P I C   A l e r t=======================================================================Volume 16.22                                          November 23, 2009-----------------------------------------------------------------------                       Published by the            Electronic Privacy Information Center (EPIC)                        Washington, D.C.            http://www.epic.org/alert/epic_alert_1622.html		"Defend Privacy. Support EPIC."		    http://epic.org/donate=======================================================================Table of Contents=======================================================================[1] Internet Governance Forum Meets in Egypt[2] EPIC Urges Smart Grid Privacy [3] EPIC Sues Department of Homeland Security over Imaging Technology[4] European and United States Officials Examine Cross Border Privacy[5] Revised Google Books Settlement Released[6] News in Brief[7] EPIC Bookstore: "Protectors of Privacy"[8] Upcoming Conferences and Events - Join EPIC on Facebook http://facebook.com/epicprivacy	- Privacy Policy	- About EPIC	- Donate to EPIC http://epic.org/donate	- Subscription Information=======================================================================[1] Internet Governance Forum Meets in Egypt=======================================================================The Internet Governance Forum (IGF) had its fourth annual meeting thismonth in Sharm El Sheikh, Egypt. The meeting brought togethertechnology, privacy, and security experts from all over the world,including multiple members of EPIC's advisory board. The three-dayconference included a number of panels and workshops on privacy issues,as part of a complete look at the future of the internet.The IGF conference workshops were organized into the categories ofAccess, Critical Internet Resources, Diversity, Openness, Security,Capacity Building, and Development, and nearly every category includedworkshops addressing privacy.  Some of the key privacy topics addressedwere balancing freedom of expression and privacy; content regulation,surveillance, and sexuality rights; openness and online behavioraltargeting advertising; privacy and security; social networking; cloudcomputing; and policy implications of the IPv6 transition.EPIC Executive Director Marc Rotenberg served as moderator for theplenary session on security, openness, and privacy, and spoke in aworkshop titled "Four Sisters--Information Security, Data Protection,and Electronic Governance." EPIC Advisory Board members Bruce Schneierand Simon Davies also attended and spoke in a workshop titled"Security, Openness, and Privacy," and Advisory Board members RebeccaMackinnon and Vinton G. Cerf also participated in the conference.EPIC Public Voice Coordinator Katitza Rodriguez was a key organizer forthe IGF. Katitza serves as a member of the Multistaker Advisory Group(MAG), established by the the Secretary-General of the United Nations.Its purpose is to assist the Secretary General in conveningthe Internet  Governance Forums. The MAG comprises of Membersfrom governments,  the private sector and civil society,including representatives from the  academic and technical communities.The forum succeeded in its goal of being a platform that bringstogether experts to discuss issues, exchange information, and sharebest practices.  Next year's IGF meeting will be in Vilnius, Lithuania.Internet Governance Forum:     http://www.intgovforum.org/IGF: Chairman's Summary, 2009 Meeting:     http://www.epic.org/redirect/112209chairmansumm.htmlThe Public Voice - Privacy & Security Implications of Cloud Computing:     http://thepublicvoice.org/events/egypt09/EPIC: Cloud Computing:     http://epic.org/privacy/cloudcomputing/     Internet Governance Caucus, MAG Nominations:     http://www.igcaucus.org/mag-nominationsKatitza Rodriguez at the May 2009 MAG Meeting (YouTube):     http://www.youtube.com/watch?v=4q76hpA6PmU=======================================================================[2] EPIC Urges Smart Grid Privacy =======================================================================On November 10, EPIC filed comments with the National Institute ofStandards and Technology (NIST), urging the agency to implement robustprivacy protections in the Smart Grid. NIST had requested comments ontheir draft framework and roadmap for Smart Grid standards on October29, 2009.The Smart Grid refers to a host of technologies that will modernize theexisting electrical grid. The proposed grid will allow unprecedentedcommunication between American energy providers and energy consumers,permitting the bi-directional flow of both information and electricity.Ideally, the Smart Grid will enable more efficient delivery ofelectricity and will allow consumers to make more informed energy usedecisions.The Smart Grid will also dramatically transform the ability ofproviders of power services in the United States to track theactivities of consumers. For instance, the Smart Grid proposes tocoordinate power supply with users' past usage patterns. However, theelectrical usage patterns could reveal intimate, personal details aboutusers' lives, such as their medical needs, interactions with others,and personal habits.EPIC also warned that the Smart Grid could be used to track specificappliance usage, which could also reveal sensitive personalinformation. The availability of Smart Grid data also increases thedanger of physical harm from, for example, burglars, stalkers, or othercriminals. For instance, burglars could examine electricity usage datain order to determine times when a particular house is vacant, or inorder to determine how many occupants it has. Similarly, stalkers ordomestic abusers could use the data in order to track a victim'sactivity.The Smart Grid also increases the risk of identity theft, as anypersonally identifiable information in the data could be interceptedand misused. Alternatively, identity thieves could use PII obtainedelsewhere to impersonate utility customers, which poses the risk offraudulent utility use and potential impact on credit reports Becauseof the privacy implications of the Smart Grid, EPIC urged NIST toestablish comprehensive privacy regulations that limit the collectionand use of consumer data.EPIC Comments:     http://epic.org/privacy/smartgrid/EPIC%20Smart%20Grid%20Comments.pdf NIST Framework and Roadmap for Smart Grid Interoperability StandardsRelease 1.0 (Draft):     http://www.epic.org/redirect/112209nistframewkrdmp.htmlEPIC: Smart Grid and Privacy:     http://epic.org/privacy/smartgrid/smartgrid.html/NIST Homepage:     http://www.nist.gov/index.htmlPrivacy By Design: The Smart Grid:     http://www.ipc.on.ca/images/Resources/pbd-smartpriv-smartgrid.pdf=======================================================================[3] EPIC Sues Department of Homeland Security over Imaging Technology=======================================================================On November 5, 2009, EPIC filed suit against the Department of HomelandSecurity (DHS) regarding an unanswered Freedom of Information Actrequest.  On April 14, 2009, EPIC had mailed a request to DHS forrecords regarding the privacy protection capabilities of whole bodyimaging technology. The agency never responded substantively to EPIC'srequest. EPIC later filed an appeal, challenging the agency's lack ofresponse. Again, the agency failed to comply with its legal obligationsto disclose the records sought by EPIC.Whole body imaging technology was originally introduced in 2007, whenthe Transportation Security Administration (TSA), a component of DHS,began testing the imaging technology to screen travelers.  Thesemachines produced detailed, three-dimensional images of individuals'naked bodies and are being used at airport security checkpoints, courthouses, and correctional facilities.While TSA originally provided assurances that the technology would notbe mandatory for passengers and would include a privacy algorithm thatblurred faces, the agency later withdrew these assurances.  In February2009, TSA announced that it would require passengers at six airports tosubmit to whole body imaging in place of the standard metal detectorsearch.  In April 2009, the agency announced plans to expand themandatory use of body imaging to all U.S. Airports.This means that Whole Body Imaging devices will replace metal detectorsat the primary screening devices in US airports. As a consequence, theTSA could obtain naked pictures of every airline passenger, includingchildren, who travel from a US airport.In response to TSA's expansion of the program, the U.S. House ofRepresentatives passed H.R. 2200, a bill that would limit the use ofwhole body imaging systems at airports.  The measure is still pendingin the Senate. EPIC's Complaint:     http://epic.org/privacy/airtravel/backscatter/Complaint_110309.pdfEPIC: Whole Body Imaging:     http://epic.org/privacy/airtravel/backscatter/TSA: Whole Body Imaging:     http://www.tsa.gov/approach/tech/imaging_technology.shtmH.R. 2200:     http://www.epic.org/redirect/112209hr2200.html     Privacy Coalition Letter Regarding Whole Body Imaging:     http://www.epic.org/redirect/112209dhswbiletter.htmlDHS Response to Privacy Coalition Letter:     http://privacycoalition.org/dhs-reply-wbi_ltr.pdf =======================================================================[4] European and United States Officials Examine Cross Border Privacy=======================================================================European and American officials, as well as corporate privacyprofessionals and privacy advocates, met for a three-day conferencerecently on cross-border data flows and privacy. The conference wasorganized by the U.S. Department of Commerce, with the participationand cooperation of the European Commission and the Article 29 WorkingParty on Data Protection. It was held from November 16th to 18th at theInternational Trade Center in Washington, D.C.The conference was the fourth annual meeting to review progress on theUS-EU Safe Harbor Framework, which was implemented in 2005. The SafeHarbor allows U.S. companies to engage in data transfers out of EUmember states without prior approval, in spite of U.S. data protectionlaws failing to meet the requirements of the EU's 1998 Data ProtectionDirective.Panels were held on a number of topics with panelists from a variety ofbackgrounds. Several panels on the Safe Harbor itself included speakersfrom U.S. law firms, the U.S. Federal Trade Commission, the Article 29Working Party, and others. Other panels addressed such issues assecurity, privacy by design, social networking, and privacy protectionin cases of pandemic response.EPIC Executive Director, Marc Rotenberg, participated in a panel onbehavioral advertising, data protection, and privacy, alongsidepanelists from advertising companies and the FTC.Across the Divide: Successfully Navigating Safe Harbor:     http://www.regonline.com/builder/site/Default.aspx?eventid=765010International Trade Administration: Safe  Harbor:     http://www.export.gov/safeharbor/EPIC: Federal Trade Commission:     http://epic.org/privacy/internet/ftc/=======================================================================[5] Revised Google Books Settlement Released=======================================================================On November 14, the parties in the Google Books Settlement filed anamended settlement in federal court. The revised settlement makesseveral changes to the original settlement. It removes several foreignrights holders from the settlement class, so that only rights holdersin the United States, the United Kingdom, Canada, and Australia remain.It also attempts to address concerns about “orphan books,” or bookswhose rights holders cannot be readily found through a reasonablydiligent search, by calling for the appointment of a trustee torepresent their rights.The revised settlement also addresses antitrust concerns, dropping theclause that forbade the Book Rights Registry from offering Google'scompetitors a more favorable deal than the one Google received from theAssociation of American Publishers and the Authors Guild. TheDepartment of Justice, authors, EPIC and other privacy advocatescriticized the original settlement.EPIC argued that the settlement would create a single digital library,operated by Google, but failed to limit Google's use of the personalinformation collected. In a motion to intervene in the settlement EPICargued that it “mandates the collection of the most intimate personalinformation, threatens well-established standards that safeguardintellectual freedom, and imperils longstanding Constitutional rights,including the right to read anonymously.” EPIC also warned that theoriginal deal threatened “to eviscerate state library privacy laws thatsafeguard library patrons in the United States."Similarly, FTC Chairman John Liebowitz called attention to privacyconcerns and the vast amount of consumer information that could becollected under the original settlement. The Chairman expressed theCommission's commitment to evaluating the privacy issues presented byGoogle Books, a sentiment that was echoed by Commissioner Pamela JonesHarbour in her statement. In a separate letter, FTC Consumer ProtectionDirector David C. Vladeck urged Google to address consumer privacyconcerns and to limit the secondary use of user data.However, the revised settlement does little to address privacy and doesnot fix the lack of user privacy protections. Professor PamelaSamuelson of the University of California, Berkeley stated that“[t]here are dozens of provisions in the settlement agreement that callfor monitoring of what users do with books and essentially no privacyprotections built into the settlement agreement.”Amended settlement agreement:http://www.epic.org/redirect/112209gbsettrev.htmlPamela Samuelson, “New Google Book Settlement Aims Only to PlacateGovernments,” Huffington Post, November 17, 2009:     http://www.epic.org/redirect/112209Samuelson.htmlEPIC's Objections to the Original Settlement:     http://epic.org/privacy/googlebooks/EPIC_Brief-GBS.pdfDOJ's Statement Regarding the Original Settlement:     http://thepublicindex.org/docs/letters/usa.pdfFTC''s Statements Regarding the Original Settlement:     http://www.ftc.gov/os/closings/090903leibowitzstatement.pdf     http://www.ftc.gov/os/closings/090903harbourthstatement.pdf     http://www.ftc.gov/os/closings/090903horvathletter.pdfAuthors' Objections to the Original Settlement: http://www.eff.org/files/filenode/authorsguild_v_google/File Stamped Brf.pdfOther Privacy Advocates Objections to the Original Settlement:     http://www.epic.org/redirect/112209gbobjections.htmlEPIC: Google Books Settlement and Privacy:     http://epic.org/privacy/googlebooks/EPIC: Google Books Litigation:     http://epic.org/privacy/googlebooks/litigation.htmlEPIC: Google Books: Policy Without Privacy:     http://epic.org/privacy/googlebooks/policy.html=======================================================================[6] News in Brief=======================================================================EPIC Complete's Takoma Park Election Manual Ballot AuditEPIC completed the final phase of the manual ballot audit of the TakomaPark, Maryland November 3, 2009 election. The manual audit completedthe oversight requirements imposed by the City of Takoma Park for theScantegrity voting system used by the city for its recent elections.This was the first public election in the United States to deploy theScantegrity voting system.  Over 1600 votes cast ballots in theelection to elect their mayor and fill ward council positions.EPIC Audit of Takoma Park Municipal Election November 3, 2009:takoma_park_audit.pdfScantagrity:     http://www.scantegrity.org/Links: Takoma Park Election’s Office:     http://www.takomaparkmd.gov/clerk/election/2009/index.htmlTakoma Ballot verification Web page:     http://scantegrity.org/takoma/checkcodesEPIC’s Voting Privacy Page:     http://epic.org/privacy/voting/   President Obama Nominates Brill and Ramirez for FTCOn November 17, 2009, President Obama nominated Julie Brill and EdithRamirez to be commissioners of the Federal Trade Commission. Brill,North Carolina's top consumer advocate, serves as the senior deputyattorney general and chief of consumer protection and antitrust for theNorth Carolina Department of Justice. Ramirez, who specializes inintellectual property and complex litigation matters, is a partner in aLos Angeles, California law firm and has experience representingcompanies such as Mattel, Inc. and Northrop Grumman Corp. In a pressrelease, President Obama stated, “These individuals bring a depth ofexperience to their respective roles, and I am confident they willserve my administration and the American people well. I look forward toworking with them in the months and years ahead.”Federal Trade Commission:     http://www.ftc.gov/commissioners/index.shtmlEPIC: Federal Trade Commission:     http://epic.org/privacy/internet/ftc/. Brill Biography:     http://www.law.columbia.edu/fac/Julie_Brill.Ramirez Biography:     http://www.quinnemanuel.com/attorneys/ramirez-edith.aspx.White House Nominations  Press Release:     http://www.epic.org/redirect/112209whitehouseprelease.htmlInvestigating Congressional Committee Acknowledges Privacy CoalitionLetterHouse Homeland Security Committee Chairman Bennie Thompson hasresponded to the Privacy Coalition letter regarding the Chief PrivacyOfficer of the Department of Homeland Security. Chairman Thompson saidthat "the Committee is in the process of reviewing the programsoutlined" in the letter, and thanked the Coalition for bringing theissues to the attention of the committee. He further stated that theCommittee "will continue to examine the Department's programs andpolicies and vigorously address privacy concerns and issues."Letter from Chairman Thompson:     http://epic.org/open_gov/homeland/HLS_Comm_Reply.pdfPrivacy Coalition - Letter to Chairman Thompson:     http://epic.org/security/DHS_CPO_Priv_Coal_Letter.pdfEPIC: DHS Privacy Office:     http://epic.org/privacy/dhs-cpo.htmlPrivacy Coalition:     http://privacycoalition.org/Privacy Coalition Writes Letter Re: Fordham Child Privacy StudyA Fordham Law School study found that state educational databasesacross the country ignore key privacy protections for the nation'sschool children. The study reports that at least 32% of stateswarehouse children's social security numbers; at least 22% of statesrecord student pregnancies; and at least 46% of the states track mentalhealth, illness, and jail sentences as part of the children'seducational records. Some states outsource the data processing withoutany restrictions on use or confidentiality for children's information.Access to this information and the disclosure of personal data mayoccur for decades and follow children well into their adult lives.These findings come as Congress is considering the Student Aid andFinancial Responsibility Act, which would expand and integrate the 43existing state databases without taking into account the criticalprivacy failures in the states' electronic warehouses of children'sinformation. Study Website:     http://law.fordham.edu/childrensprivacyFordham Law School, Center on Law and Information Policy:     http://www.epic.org/redirect/110609fordhamstudy.htmlStudent Aid and Financial Responsibility Act:     http://www.epic.org/redirect/110609studentaidact.htmlEPIC: Children's Online Privacy Protection Act:     http://epic.org/privacy/kids/EPIC: DOD Recruiting Database:     http://epic.org/privacy/student/doddatabase.htmlDemand Your dotRights Campaign Goes Public The ACLU of Northern California launched a new privacy campaign called“Demand Your dotRights.” The campaign is intended to call attention tothe trail of digital information that is left by online activity. It“provides a behind-the-scenes look at everything from socialnetworking, to photo sites, to search engines,” and educatesindividuals on how they can regain control over their personalinformation. The campaign also urges businesses and lawmakers to domore to protect privacy.Demand Your dotRights campaign website:     http://www.dotrights.org/homeACLU of Northern California announcement:     http://www.epic.org/redirect/112209acluannouncement.htmlEPIC: Facebook Privacy:     http://epic.org/privacy/facebookEPIC: Search Engine Privacy:     http://epic.org/privacy/search_engineFacebook Releases Revised Privacy PolicyOn November 17, 2009, Facebook unveiled its new privacy policy.  Thenew policy was announced after the social network site completed aweeklong comment period. Facebooks said that new policy was designed tobe more easy to understand, and includes plain language and a simplerstructure. The company has also announced plans to add definitions ofkey terms, screen shots of important pages and informational "learnmore" videos. However, the policy is problematic because it continuesto allow the disclosure of user information to third parties, including"other companies, lawyers, courts or other government entities", in abroad array of circumstances and relieves Facebook of anyresponsibility for third party applications that "violate [Facebook's]rules."Facebook: Privacy Policy:     http://www.facebook.com/policy.phpEPIC: Social Networking Privacy:     http://epic.org/privacy/socialnet/Facebook Blog: New Privacy Policy Adopted:     http://blog.facebook.com/blog.php?post=181160577130     D.C. Circuit Hears Argument in Warrantless GPS Tracking CaseOn November 17, 2009, the D.C. Circuit heard oral argument in UnitedStates v. Jones, a case addressing the legality of warrantless GPStracking by the government. In the case, FBI agents attached a GPStracker to the appellant’s car while the car was on private property.The device transmitted the position of the car every ten seconds,allowing the FBI to track its position for a full month, all without awarrant. In a similar case, Commonwealth v. Connolly, EPIC filed a“friend-of-the-court” brief with the Massachusetts Supreme JudicialCourt, urging it to require police to obtain a warrant before engagingin GPS tracking. That court held not only that police were required toobtain a warrant, but also mandated that such warrants must expireafter fifteen days.Electronic Frontier Foundation: U.S. v. Jones:     http://www.eff.org/cases/us-v-jonesNew York Times: Editorial: GPS and Privacy Rights:     http://www.nytimes.com/2009/11/23/opinion/23mon3.htmlEPIC: Commonwealth v. Connolly:     http://epic.org/privacy/connolly/EPIC: Commonwealth v. Connolly Amicus Brief:     http://epic.org/privacy/connolly/042009amicus.pdf=======================================================================[7] EPIC Bookstore: "Protectors of Privacy"=======================================================================Protectors of Privacy: Regulating Personal Data in the Global EconomyBy Abraham L. Newman Available at:http://www.epic.org/redirect/112209bookreview.html“You have zero privacy anyway. Get over it.” - Scott McNealy, CEO of Sun Microsystems“Everyone has the right to the protection of personal data concerninghim or her.” - Article 8-1, Charter of Fundamental Rights of the European UnionIn Protectors of Privacy: Regulating Personal Data in a Global Economy,Professor Abraham Newman compares the attitudes and approaches of TheUnited States and the European Union with respect to privacy in thecomputer age. Newman argues that, while the United States surpassesother countries in terms of technological advancements, the EuropeanUnion has much more comprehensive data privacy protection, which hasshown to be more effective than the United States' self-regulatoryapproach.Newman opens the book with a description of the security issues thatface consumers across the globe today. The problems center on dataretention by governments, corporations, and private firms: “In 2004,Wal-Mart alone stored more than 460 terabytes of consumer information...[and one study] estimates that four federal agencies alone purchased$30 million in personal information from [data mining] firms in 2005.”With so much information stored in these databases, personalinformation is left exposed, vulnerable to security breaches andgeneral misuse. The United States suffers over $50 billion in losses asa result of identity theft and fraud every year. Storage of personaldata has occurred not only in the United States, but also abroad, andthus the need for regulation of personal information has become a focusfor countries around the world. Many of the international debatessurrounding privacy protection deal with differences in the scope ofregulation, what Newman describes as either comprehensive regulations,as the Europeans have adopted, or limited regulations, as the UnitedStates has adopted.Europe has emerged as the leader in establishing comprehensiveprotection for personal information. In Chapter Four, Newman arguesthat the success of Europe's comprehensive regulations, namely theEuropean Union's 1995 data privacy directive, is attributed to the“institutionalization of data privacy authorities with expertise,statutory authority, and network ties.” A significant result of thedirective was the emergence of transgovernmental cooperation, by way ofthe Article 29 Working Party, which has compelled companies like Googleto alter their data retention policies in order to maintain compliancewith the group. Throughout the years, the Article 29 Working Party haspushed for limiting data retention periods and encouraging dataretention principles, even in the wake of the terrorist attacks inMadrid and the United Kingdom.The United States, however, takes a different approach to privacy whenterrorism or a threat to national security is involved. After theSeptember 11, 2001 terrorist attacks, the federal governmentimplemented security measures that would require international airlinesto report to the U.S. Customs Bureau extensive traveler informationthat could be retained for a period of up to three years, withoutoffering travelers the right to review or correct any of the storedinformation. The Article 29 Working Party was particularly concernedwith the United States' government and agency access to carrierdatabases and the exchange of personal information. After negotiations,the European Commission finally allowed the transfer of data fromEuropean airlines to the U.S. Customs Bureau, but gained a smallvictory as the transfers would not include access to carrier databasesand also would not include sensitive information.Newman's finest, and perhaps most significant, observation which alsoserves as the underlying theme to the book, centers on the idea thatregulatory authority is truly the driving force behind successful dataprotection measures. Europe emphasizes regulatory power, exemplified byits data privacy authorities, and also operates using “coercive toolsto shape international outcomes.” According to Newman, the persuasiveappeal of regulatory solutions often is affected by the threats thatserve as incentives for compliance and motivation for negotiations.  Onthe other hand, the United States' self-regulatory approach is focusedon “convincing” rather than “coercing,” and has slowly moved away fromdelegating authority to independent agencies, instead favoring smallgovernment and a focus on accountability. This new focus, however, has“unintentionally undermined the power resources available to the UnitedStates to promote its interests globally.”  As a result, the UnitedStates faces difficult challenges, in light of Europe's comprehensiveand broadly adopted approach to privacy protection, to develop andenforce its rules in the global market.--Kim Nguyen================================EPIC Publications:"Litigation Under the Federal Open Government Laws 2008," edited byHarry A. Hammitt, Marc Rotenberg, John A. Verdi, and Mark S. Zaid(EPIC 2008). Price: $60.http://epic.org/bookstore/foia2008/	Litigation Under the Federal Open Government Laws is the mostcomprehensive, authoritative discussion of the federal open accesslaws. This updated version includes new material regarding thesubstantial FOIA amendments enacted on December 31, 2007. Many of therecent amendments are effective as of December 31, 2008. The standardreference work includes in-depth analysis of litigation under Freedomof Information Act, Privacy Act, Federal Advisory Committee Act,Government in the Sunshine Act. The fully updated 2008 volume is the24th edition of the manual that lawyers, journalists and researchershave relied on for more than 25 years.================================"Information Privacy Law: Cases and Materials, Second Edition" DanielJ. Solove, Marc Rotenberg, and Paul Schwartz. (Aspen 2005). Price: $98.http://www.epic.org/redirect/aspen_ipl_casebook.htmlThis clear, comprehensive introduction to the field of informationprivacy law allows instructors to enliven their teaching of fundamentalconcepts by addressing both enduring and emerging controversies. TheSecond Edition addresses numerous rapidly developing areas of privacylaw, including: identity theft, government data mining and electronicsurveillance law, the Foreign Intelligence Surveillance Act,intelligence sharing, RFID tags, GPS, spyware, web bugs, and more.Information Privacy Law, Second Edition, builds a cohesive foundationfor an exciting course in this rapidly evolving area of law.================================"Privacy & Human Rights 2006: An International Survey of Privacy Lawsand Developments" (EPIC 2007). Price: $75.http://www.epic.org/phr06/This annual report by EPIC and Privacy International provides anoverview of key privacy topics and reviews the state of privacy in over75 countries around the world. The report outlines legal protections,new challenges, and important issues and events relating to privacy.Privacy & Human Rights 2006 is the most comprehensive report on privacyand data protection ever published.================================"The Public Voice WSIS Sourcebook: Perspectives on the World Summit onthe Information Society" (EPIC 2004). Price: $40.http://www.epic.org/bookstore/pvsourcebookThis resource promotes a dialogue on the issues, the outcomes, and theprocess of the World Summit on the Information Society (WSIS). Thisreference guide provides the official UN documents, regional andissue-oriented perspectives, and recommendations and proposals forfuture action, as well as a useful list of resources and contacts forindividuals and organizations that wish to become more involved in theWSIS process.================================"The Privacy Law Sourcebook 2004: United States Law, International Law,and Recent Developments," Marc Rotenberg, editor (EPIC 2005). Price:$40.http://www.epic.org/bookstore/pls2004/The Privacy Law Sourcebook, which has been called the "Physician's DeskReference" of the privacy world, is the leading resource for students,attorneys, researchers, and journalists interested in pursuing privacylaw in the United States and around the world. It includes the fulltexts of major privacy laws and directives such as the Fair CreditReporting Act, the Privacy Act, and the OECD Privacy Guidelines, aswell as an up-to-date section on recent developments. New materialsinclude the APEC Privacy Framework, the Video Voyeurism Prevention Act,and the CAN-SPAM Act.================================"Filters and Freedom 2.0: Free Speech Perspectives on Internet ContentControls" (EPIC 2001). Price: $20.http://www.epic.org/bookstore/filters2.0A collection of essays, studies, and critiques of Internet contentfiltering. These papers are instrumental in explaining why filteringthreatens free expression.================================EPIC publications and other books on privacy, open government, freeexpression, crypto and governance can be ordered at:EPIC Bookstorehttp://www.epic.org/bookstore================================EPIC also publishes EPIC FOIA Notes, which provides brief summaries ofinteresting documents obtained from government agencies under theFreedom of Information Act.Subscribe to EPIC FOIA Notes at:https:/mailman.epic.org/mailman/listinfo/foia_notes=======================================================================[8] Upcoming Conferences and Events=======================================================================The Innovation Economy, Aspen Institute, Reagan Conference Center,Washington, DC, Nov 30 - Dec 1, 2009.For more information:http://theinnovationeconomy.org/Law in Cyberspace:  Legal Blogging & the Courts, Northwestern School ofLaw, Chicago, IL, 4th Annual Judicial Symposium on Civil JusticeIssues, December 7, 2009.For more information:http://www.epic.org/redirect/112209nwconference.htmlFTC Privacy Roundtable: Exploring Existing Regulatory Frameworks,FTC Conference Center, Washington, DC, December 7, 2009.For more information:http://www.ftc.gov/opa/2009/11/privacyrt.shtm"Reconceptualizing the FTC's Understanding of Privacy", Willard HotelWashington, DC, IAPP Confernce, December 8, 2009.For more information:http://www.epic.org/redirect/112209conference.htmlAnnual Privacy Coalition meeting, EPIC, Washington, DC,January 21-23, 2010.For more information: http://www.theprivacycoalition.org"Reader Privacy: Should Library Standards Apply Online?," Universityof North Carolina, Chapel Hill, January 22, 2010.Data Privacy Day, January 28, 2010. For more information:http://www.thepublicvoice.org"Computers, Privacy, and Data Protection: An Element of Choice,"Brussels, Belgium, January 29-30, 2010.For more information:http://www.cpdpconferences.org/RSA 2010, San Francisco, March 1-5, 2010.For more information:http://www.rsaconference.com/2010/usa/Association for Practical and Professional Ethics, Cincinnati,March 5, 2010.For more information:http://www.indiana.edu/~appe/annualmeeting.htmlPrivacy 2010, Stanford, March 23 - 25, 2010.For more information:http://codex.stanford.edu/privacy2010=======================================================================Join EPIC on Facebook=======================================================================Join the Electronic Privacy Information Center on Facebookhttp//facebook.com/epicprivacyhttp://epic.org/facebookStart a discussion on privacy. Let us know your thoughts.Stay up to date with EPIC's events.Support EPIC.=======================================================================Privacy Policy=======================================================================The EPIC Alert mailing list is used only to mail the EPIC Alert and tosend notices about EPIC activities. We do not sell, rent or share ourmailing list. We also intend to challenge any subpoena or other legalprocess seeking access to our mailing list. We do not enhance (link toother databases) our mailing list or require your actual name.In the event you wish to subscribe or unsubscribe your e-mail addressfrom this list, please follow the above instructions under "subscriptioninformation."=======================================================================About EPIC=======================================================================The Electronic Privacy Information Center is a public interest researchcenter in Washington, DC. It was established in 1994 to focus publicattention on emerging privacy issues such as the Clipper Chip, theDigital Telephony proposal, national ID cards, medical record privacy,and the collection and sale of personal information. EPIC publishes theEPIC Alert, pursues Freedom of Information Act litigation, and conductspolicy research. For more information, see http://www.epic.org or writeEPIC, 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009. +1 202483 1140 (tel), +1 202 483 1248 (fax).=======================================================================Donate to EPIC=======================================================================If you'd like to support the work of the Electronic Privacy InformationCenter, contributions are welcome and fully tax-deductible. Checksshould be made out to "EPIC" and sent to 1718 Connecticut Ave., NW,Suite 200, Washington, DC 20009. Or you can contribute online at:http://www.epic.org/donateYour contributions will help support Freedom of Information Act andFirst Amendment litigation, strong and effective advocacy for the rightof privacy and efforts to oppose government regulation of encryption andexpanding wiretapping powers.Thank you for your support.=======================================================================Subscription Information=======================================================================Subscribe/unsubscribe via web interface:http://mailman.epic.org/mailman/listinfo/epic_newsBack issues are available at:http://www.epic.org/alertThe EPIC Alert displays best in a fixed-width font, such as Courier.------------------------- END EPIC Alert 16.22 ------------------------.