WorldLII Home | Databases | WorldLII | Search | Feedback

EPIC Alert

You are here:  WorldLII >> Databases >> EPIC Alert >> 2003 >> [2003] EPICAlert 24

Database Search | Name Search | Recent Articles | Noteup | LawCite | Help

EPIC Alert 10.24 [2003] EPICAlert 24


Volume 10.24 December 3, 2003

Published by the Electronic Privacy Information Center (EPIC)
Washington, D.C.

Table of Contents

[1] U.S. Supreme Court Hears Privacy Cases
[2] Voting Committee Urges Better Standards
[3] Coalition Recommends RFID Privacy Practices
[4] Human Rights a Concern at Upcoming World Summit
[5] Court Invalidates Car Navigation System Surveillance
[6] News in Brief
[7] EPIC Bookstore: Silenced
[8] Upcoming Conferences and Events

[1] U.S. Supreme Court Hears Privacy Cases

The United States Supreme Court today focused on privacy issuespresented in Freedom of Information Act and Privacy Act cases. EPICsubmitted a "friend of the court" brief in Doe v. Chao, a case thatwill determine whether government public disclosure of an individual'sSocial Security number causes sufficient harm to justify an award ofdamages under the Privacy Act.

The Court first heard oral argument in Office of Independent Counselv. Favish, which arises from a California attorney's Freedom ofInformation Act (FOIA) request for photographs taken during the policeinvestigation of the death of Vincent Foster, deputy counsel to formerPresident Clinton. The requester sought the photos as part of aneffort to investigate what he believed was a cover-up of Foster'smurder, despite the determination of the Office of Independent Counsel(OIC) that Foster's death was a suicide. Lower court proceedingsresulted in the release of numerous photographs and the withholding ofothers. On remand from the court of appeals, the district courtdetermined that the public interest in the release of five of thephotos outweighed the Foster family's privacy interest in thosephotos. The appeals court affirmed that ruling for all but one of thephotographs in an unpublished opinion. The Supreme Court willdetermine whether the OIC properly withheld photos relating toFoster's death because their release would constitute "an unwarrantedinvasion of personal privacy" of the Foster family under exemption7(c) of the FOIA.

In a second oral argument, the Court turned its attention to Doe v.
Chao. In this case, the Department of Labor used miners' SocialSecurity numbers (SSNs) as claim identifiers for black lung benefitapplications, and subsequently disclosed those numbers in publicdocuments. The miners filed suit against the Secretary of Labor,
asserting that the Labor Department's public disclosure had violatedtheir rights to privacy under the Privacy Act. The district courtheld that proof of actual injury is necessary to receive statutorydamages, the amount of which is specified in advance by the PrivacyAct so that a dollar amount doesn't have to be proved. The courtdetermined that only one miner, Buck Doe, had successfully provedactual damages by showing emotional distress. On appeal, the FourthCircuit held that a person must show a privacy violation caused actualharm to recover damages under the Privacy Act, despite the fact thatthe Privacy Act provides for damages of at least $1000 for those whohave suffered an "adverse effect" from an agency's willful orintentional violation of the law. The Fourth Circuit also held thatBuck Doe's showing of emotional distress was insufficient to justifyan award of damages under the Privacy Act. The Supreme Court willreview the question of whether actual damages must be shown in orderto obtain a statutory damages award for violation of the Privacy Act.

In its "friend of the court" brief in Doe v. Chao, EPIC discussed thegrave dangers posed by SSN disclosure, specifically focusing onidentity theft. EPIC pointed out that Congress has provided statutorydamages in other federal privacy laws to enforce rights where it isdifficult to determine a monetary value. The brief also reviewed thePrivacy Act's legislative history to demonstrate that Congress haslong recognized the risks to privacy posed by unnecessary SSNdisclosure, and intended to provide statutory damages for Privacy Actviolations. EPIC asserted that the award of statutory damages underthe Privacy Act should be triggered not by a showing of specificmonetary damages, but by a showing of adverse affect to the individualposed by SSN misuse.

The Supreme Court will render decisions in Favish and Doe before theCourt's summer recess in late June or early July.

EPIC's Doe v. Chao amicus brief is available at:

For background information, see EPIC's Doe v. Chao page at:

[2] New Voting Committee Formed to Promote Verification

A new organization dedicated to promoting voting integrity in the U.S.
has urged the 2004 presidential candidates to take a stand onelectronic voting issues. The recently-formed National Committee onVoter Integrity (NCVI) held a press conference to discuss thereliability and integrity of electronic voting systems. The Committeealso presented its letter to the presidential candidates, calling onthem to state their position on electronic voting machines and askingwhat steps they believe should be taken to ensure the integrity of theelection process. The Committee, which brings together a host ofexperts on voting issues working in technology, academia, politics,
and media, is chaired by Peter G. Neumann, principal scientist at SRIInternational Computer Science Laboratory. NCVI has been establishedin response to growing concern over flaws and vulnerabilities inelectronic voting systems that are being adopted in states across thecountry, with the stated goal of promoting voter-verified ballotingand preserving privacy protections for elections in the United States.

The formation of the National Committee on Voter Integrity comes asthe debate over electronic voting has reached a new level ofintensity. Just last week, California Secretary of State KevinShelley announced a new requirement for "voter verified paper audittrails" for all touch screen voting machines used in the state by2006. The decision comes following the review of a report by a votingtask force convened last February, as well as a series of recentreports and local snafus demonstrated the concerns about such votingsystems are valid. As it stands, all electronic voting machines usedin the state are required to be equipped with a printer that producesa paper receipt of each voter's selections by July of 2006. Beginningin July 2005, counties will not be able to purchase any electronicmachines that do not produce a paper trail. The California decisionis a significant victory for advocates of voter verification,
including NCVI.

In another important development, one of the preeminent electronicvoting machine makers, Diebold Election Systems, announced Monday thatit was withdrawing its legal threats against ISPs and individuals whohad posted Diebold memos online. The private memos, which containedinformation damaging to Diebold, were leaked earlier this year andpassed around the web to dozens of voting activists. In response,
Diebold sent out cease and desist letters in an attempt to force theposters to remove the memos, claiming copyright infringement under theDigital Millennium Copyright Act. However, the company has backeddown, perhaps as the result of a recent lawsuit filed by theElectronic Frontier Foundation and Center for Internet and SocietyCyberlaw Clinic at Stanford Law School contesting Diebold's tactics.

The National Committee for Voting Integrity's website is available at:

California Secretary of State Kevin Shelley's announcement isavailable at:

The Electronic Frontier Foundation's press release on Diebold'sdecision is available at:

For background information, see EPIC's Voting page at:

[3] Coalition Recommends RFID Privacy Practices

More than 35 groups, including EPIC, have endorsed a privacy statementoutlining the threats and best practices for the use of RadioFrequency Identification (RFID) technology in consumer products.
The November 20 statement outlined the threat to civil liberties andconsumer privacy that RFID technology poses in eliminating purchasinganonymity, and recommended solutions to curb the most importantthreats. The solution put forth includes routine technicalassessments of the use of the technology and requiring companies toabide by established fair information practices (FIPs) recommended bythe Organization for Economic Co-operation and Development (OECD).
The OECD guidelines include requiring open policies and accountabilityfor breaches of those policies, purpose specification, limits oncollection, and security safeguards.

The debate over use of RFID technology is not just playing out intheory and privacy statements. The technology has been makingheadlines recently as more and more retail outlets are stocking theirshelves with products tagged by RFID. Wal-Mart received criticism forthe company's secret testing of RFID in heath and beauty productsearlier this year, but that has not stopped the push for RFID.
Wal-Mart announced that it intends to require all of the products soldin the store to be tagged with RFID within two years.

However, the coalition privacy statement does not advocate a completerejection of the retail use of the technology. On the contrary, thestatement acknowledged that there are acceptable uses of RFID,
including for use in tracking pharmaceuticals, certain manufacturedgoods before the point of sale, and tracking toxic substances. Yet,
for all other uses of the technology, especially at the point wherethe consumer comes in, the statement urges reasonable measures toassure that the individuals are not forced to relinquish theiranonymity at the point of sale and after they leave the store.

The coalition's positions paper is available at:

The OECD's fair information practices guidelines are available at:

For background information, see EPIC's RFID page at:

[4] Human Rights a Concern at Upcoming World Summit

The first phase of the World Summit on the Information Society willtake place next week in Geneva, Switzerland. The Summit, organized bythe International Telecommunication Union (ITU) and other UN Agencies,
will be held in two phases, the second phase taking place in Tunisiafrom November 16-18, 2005. The Summit process includes the draftingand adoption of a Declaration of Principles and Plan of Actioninvolving goals for the Information Society and the means of achievingthem.

The International Symposium on the Information Society, Human Dignityand Human Rights stated in preparation for the WSIS, that "theinformation and communication society must be firmly based on, andmust contribute to the development of, human dignity and human rights- all human rights, civil, political, economic, social and culturalrights." Civil society groups have been working diligently to ensurethat this is the case, as the preparatory documents appear to sidelinehuman rights. Preparation for the Summit involved three preliminaryconferences, where the drafting of the Declaration of Principles andPlan of Action took place. At the Geneva meeting, governments willmerely adopt the Declaration of Principles and Plan of Action. Manymembers of civil society concerned about privacy and human rights feelthat much more needs to be done, and that the Declaration is not yetadequate on a number of issues. First of all, preparation for theSummit has involved a heavy concentration on fighting cyber-crime anddigital piracy, as the Cyber-Crime Convention of 2001 has shaped muchof the agenda. According to Cyber-Rights and Cyber-Liberties' recentanalysis of the Cyber-Crime Convention, the document significantlyfavors law enforcement over a respect for fundamental human rights.
Many governments, including the United States are pushing for itsadoption, which will have harmful impacts on information privacy, evenbefore the countries that need communications development have startedto build a modern infrastructure.

Secondly, the drafts remain inadequate in protections for humanrights. Koïchiro Matsuura, the Director General of UNESCO, hasexpressed concern over the fact that the reference to Article 19 ofthe Universal Declaration of Human Rights is still under negotiationin the present drafts of the WSIS Declaration of Principles and thePlan of Action. Mr. Matsuura also faults the drafts for a lack ofunambiguous "assurance that freedom of expression is recognized as thefundamental principle underlying and informing the development of theinformation society." Finally, many civil society groups are workingto broaden the focus of the Summit to include communication and mediaissues beyond the Internet. According to a representative from theCommunication Rights in the Information Society (CRIS) campaign,
"Early hopes that the WSIS would tackle a broad range of informationand communication issues have been dashed and the agenda that hasemerged is concerned mainly with telecommunication and internetrelated issues, viewed from a technical perspective and a narrowlyconstrued development agenda."

Originally, the WSIS was organized to improve access to informationand communication technologies for the vast majority of the world'spopulation. At this point, however, it is still unclear whether theDeclaration and Action Plan will enhance or actually hinder access.
Civil society groups like UNESCO and CRIS are working to ensure thathuman rights maintain a focal position, as are Stephanie Perrin, aSenior Fellow at EPIC, and Deborah Hurley, an EPIC Advisory Boardmember, who have both been selected to speak at the WSIS conference.
This work is also taking place outside the conference, as there aremany civil society events taking place in Geneva alongside the Summit.
For example, the CRIS campaign has initiated the World Forum onCommunication Rights, which will take place alongside the Summit inGeneva on December 11. This Forum, an independent civil-society ledinitiative, is not in opposition to the Summit but intended tohighlight and make practical progress in spheres the Summit fails tocover.

The World Summit on the Information Society web page is available at:

The International Symposium on the Information Society, Human Dignityand Human Rights Statement is available at:

Cyber-Rights & Cyber-Liberties' "Advocacy Handbook for the Non-
Governmental Organizations: The Council of Europe's Cyber-CrimeConvention 2001" is available at:

The UNESCO Statement is available at:

World Forum on Communication Rights web page is available at:

[5] Court Invalidates Car Navigation System Surveillance

The Ninth Circuit Court of Appeals has ruled that a lower court shouldnot have allowed the FBI to order a telematics company to convert anautomobile's navigation system into a wiretapping device. On-boardtelematics systems use cellular technology to provide locationinformation, data and voice communication, and information about thecondition of the vehicle. The systems are used to aid in navigation,
or to alert police to an accident or emergency. The Court of Appealsfound that the conversion of a telematics device into an eavesdroppingsystem excessively interfered with the car's emergency features.
In the case, agents obtained a series of orders that required anunnamed telematics company to quietly activate an anti-theft recoverysystem in a suspect's car. The FBI employed 18 U.S.C. Sec. 2518(4) toobtain the order, which requires communications companies, landlords,
and custodians to assist law enforcement in intercepting conversations"unobtrusively and with a minimum of interference with the services"
provided. The system transmitted conversations held in the cardirectly to the FBI, but in doing so, it also disabled the system'ssafety features.

The telematics company challenged the order, arguing that it was notsubject to the obligations of Sec. 2518(4), and that the surveillancewould interfere with the services provided to the customers. Whilethe Court of Appeals held that a telematics company would generallyhave to comply with orders to assist law enforcement in wiretapping,
in this case, the eavesdropping interfered excessively with theprovision of navigation and emergency services. Accordingly, infuture cases, surveillance of auto telematics systems may be lawfulwhere it does not interfere unreasonably with the operation of thedevice.

The Company v. U.S.A. decision, No. 02-15635 (9th Cir. Nov. 18, 2003),
is available at:

[6] News in Brief

The Department of Homeland Security announced the termination of aforeign visitor registry program that required certain non-immigrantaliens to register every 30 days and annually with the governmentwhile in the U.S. This program, called the National Security EntryExit Registration System (NSEERS), mandated that men and boys from 25mostly Middle Eastern countries be fingerprinted, photographed andinterviewed at U.S. immigration offices. While intended to helpassure the government that no known terrorists were in this country,
the program was the target of a great deal of criticism for what manyfelt was racial profiling and targeting of innocent foreigners. Inplace of NSEERS, the U.S. government is planning to implement a systemcalled US-VISIT, that will digitally photograph and fingerprintmillions of people who visit the United States each year on tourist,
business and student visas. US-VISIT is slated to begin operationJanuary 5.

The Department of Homeland Security's Fact Sheet on US-VISIT isavailable at:

The Supreme Court has unanimously ruled that police acted reasonablywhen forcing entry to a suspect's home after announcing their intentto enter and waiting fifteen to twenty seconds. In the case, policeannounced their presence, waited, and then battered down a suspect'sdoor in search of drugs. The suspect had not heard the police, and asearch of the home produced weapons and cocaine. In evaluatingreasonableness of search warrant executions, the Court held that thetotality of facts known to the officers were relevant. Here, theCourt reasoned, delaying the entry beyond a short wait could havegiven the suspect an opportunity to destroy the drugs, as a prudentdealer would store the contraband near a sink or toilet. In othercases, a short wait would be unreasonable: "Police seeking a stolenpiano may be able to spend more time to make sure they really need thebattering ram."

The United States v. Banks decision, No. 02-473 (US 2003), isavailable at:

The Federal Communications Commission held a forum this week todiscuss "Voice Over Internet Protocol" (VoIP), a technology used tofacilitate Internet telephony. Many privacy issues are raised by thetechnology. First, VoIP users can evade police wiretapping in somecases. As a result, the FBI has sought to impose new requirements onInternet telephony providers that would facilitate wiretapping.
Second, location privacy issues are raised with the development of"presence sensing" and E911-compliant Internet telephony systems.
Finally, developing Internet telephony contact systems, such as ENUM,
may depend on individuals posting personal contact information inpublicly-available databases. FCC Commissioners were concerned alsowith taxation issues, universal service access, and access to theservice by people who are disabled. Any member of the public maysubmit comments on the forum until December 15. The FCC is expectedto release a Notice of Public Rulemaking on VoIP soon.

Information on the FCC VOIP Forum is available at:

For background information, see EPIC's Internet Telephony page at:

For background information, see EPIC's ENUM page at:

[7] EPIC Bookstore: Silenced

Privacy International and GreenNet Educational Trust, "Silenced: AnInternational Report on Censorship and Control of the Internet"

Privacy International and GreenNet Educational Trust's report,
"Silenced: An International Report on Censorship and Control of theInternet," is a must-read for anyone interested in the roleinformation technology plays in society today. The report details themany forces that exert control over Internet content and highlightsimportant trends that are emerging in online censorship. "Silenced"
underscores the dichotomy of the relationship between the Internet andexpression. On the one hand, the Internet bolsters access andopportunity for people to communicate their views; however, it alsoincreases opportunities for surveillance and offers a wealth of powerto entities looking to control speech. This is not a new phenomenon,
the authors point out, and will continue to be a battleground as theInternet matures.

A central theme of the report is the tightening of governmentregulation of speech online in the wake of September 11. It's notsurprising that governments around the world have passed a host of newlaws targeting Internet control and surveillance in the past fewyears, but it is cause for concern. The authors are careful to pointout, however, that other, less obvious threats to free onlineexpression lurk in the wings. One such threat they take pains tohighlight is the control that industry and private corporations areincreasingly exerting over Internet content. New copyright laws andintellectual property protections have been enacted all over the worldin recent years, disproportionately advancing the interests ofbusiness over individuals. Another important aspect of censorshipthat the report bring to light is the relationships between censorshipand surveillance and the importance of anonymity in protecting speechonline. As the report states, "Anonymous speech is a mechanism thatprotects individuals from intimidation; and this is what binds privacyand free expression tightly together."

"Silenced" does an admirable job of detailing the status of freespeech in 40-some nations around the world. As expected, differentregions maintain varied approaches to censorship and onlineexpression, but two themes emerge -- increasing censorship in the nameof anti-terrorism and the prevalence of a digital divide between thehaves and have-nots. Some of the report's most interesting segmentsare included in the discussion of censorship in Middle East countries.
However, "Silenced" unfortunately pays short shrift to Latin America,
not even including Mexico in its study.

Overall, Privacy International and GreenNet Educational Trust's reporton Internet censorship is an important contribution to the scholarshipon the information society and provides a clear, convincingperspective on the dangers of current attempts to control speechonline throughout the world.

Emily Cadei

EPIC Publications:

"The Privacy Law Sourcebook 2002: United States Law, InternationalLaw, and Recent Developments," Marc Rotenberg, editor (EPIC 2002).
Price: $40.

The "Physicians Desk Reference of the privacy world." An invaluableresource for students, attorneys, researchers and journalists who needan up-to-date collection of U.S. and International privacy law, aswell as a comprehensive listing of privacy resources.

"FOIA 2002: Litigation Under the Federal Open Government Laws," HarryHammitt, David Sobel and Mark Zaid, editors (EPIC 2002). Price: $40.

This is the standard reference work covering all aspects of theFreedom of Information Act, the Privacy Act, the Government in theSunshine Act, and the Federal Advisory Committee Act. The 21stedition fully updates the manual that lawyers, journalists andresearchers have relied on for more than 25 years. For those wholitigate open government cases (or need to learn how to litigatethem), this is an essential reference manual.

"Privacy & Human Rights 2003: An International Survey of Privacy Lawsand Developments" (EPIC 2002). Price: $35.

This survey, by EPIC and Privacy International, reviews the state ofprivacy in over fifty-five countries around the world. The surveyexamines a wide range of privacy issues including data protection,
passenger profiling, genetic databases, video surveillance, ID systemsand freedom of information laws.

"Filters and Freedom 2.0: Free Speech Perspectives on Internet ContentControls" (EPIC 2001). Price: $20.

A collection of essays, studies, and critiques of Internet contentfiltering. These papers are instrumental in explaining why filteringthreatens free expression.

"The Consumer Law Sourcebook 2000: Electronic Commerce and the GlobalEconomy," Sarah Andrews, editor (EPIC 2000). Price: $40.

The Consumer Law Sourcebook provides a basic set of materials forconsumers, policy makers, practitioners and researchers who areinterested in the emerging field of electronic commerce. The focus ison framework legislation that articulates basic rights for consumersand the basic responsibilities for businesses in the online economy.

"Cryptography and Liberty 2000: An International Survey of EncryptionPolicy," Wayne Madsen and David Banisar, authors (EPIC 2000). Price:

EPIC's third survey of encryption policies around the world. Theresults indicate that the efforts to reduce export controls on strongencryption products have largely succeeded, although severalgovernments are gaining new powers to combat the perceived threats ofencryption to law enforcement.

EPIC publications and other books on privacy, open government, freeexpression, crypto and governance can be ordered at:

EPIC Bookstore

"EPIC Bookshelf" at Powell's Books

[8] Upcoming Conferences and Events

Panel Discussion on Electronic Voting Problems. ComputerProfessionals for Social Responsibility. December 6, 2003.
Washington, DC. For more information:

Media Freedoms and the Arab World. The Arab Archives Institute.
December 6-8, 2003. Amman, Jordan. For more information: or see

Building Trust and Confidence in Voting Systems. National Instituteof Standards and Technology. December 10-11, 2003. Gaithersburg, MD.
For more information:

WHOLES - A Multiple View of Individual Privacy in a Networked World.
Swedish Institute of Computer Science. January 30-31, 2004. Stockholm,
Sweden. For more information:

The New Fair Credit Reporting Act. Privacy & American Business.
February 9-10, 2004. Washington, DC. Email

O'Reilly Emerging Technology Conference. February 9-12, 2004. SanDiego, CA. For more information:

IAPP 4th Annual Privacy & Security Summit & Expo. February 18-20,
2004. Washington, DC. For more information:

RSA Conference 2004 - The Art of Information Security. February23-27, 2004. San Francisco, CA. For more information,

Securing Privacy in the Internet Age. Stanford Law School. March13-14, 2004. Palo Alto, CA. For more information:

International Conference on Data Privacy and Security in a GlobalSociety. Wessex Institute. May 11-14, 2004. Skiathos, Greece. Formore information:

O'Reilly Open Source Convention. July 26-30, 2004. Portland, OR. Formore information:

Subscription Information

Subscribe/unsubscribe via Web interface:

Subscribe/unsubscribe via e-mail:

Subject: "subscribe" or "unsubscribe" (no quotes)

Automated help with subscribing/unsubscribing:

Subject: "help" (no quotes)

Problems or questions? e-mail <

Back issues are available at:

The EPIC Alert displays best in a fixed-width font, such as Courier.

Privacy Policy

The EPIC Alert mailing list is used only to mail the EPIC Alert and tosend notices about EPIC activities. We do not sell, rent or share ourmailing list. We also intend to challenge any subpoena or other legalprocess seeking access to our mailing list. We do not enhance (linkto other databases) our mailing list or require your actual name.

In the event you wish to subscribe or unsubscribe your e-mail addressfrom this list, please follow the above instructions under"subscription information". Please contact if you wouldlike to change your subscription e-mail address, if you areexperiencing subscription/unsubscription problems, or if you have anyother questions.

About EPIC

The Electronic Privacy Information Center is a public interestresearch center in Washington, DC. It was established in 1994 tofocus public attention on emerging privacy issues such as the ClipperChip, the Digital Telephony proposal, national ID cards, medicalrecord privacy, and the collection and sale of personal information.
EPIC publishes the EPIC Alert, pursues Freedom of Information Actlitigation, and conducts policy research. For more information,
e-mail, or write EPIC, 1718Connecticut Ave., NW, Suite 200, Washington, DC 20009. +1 202 483 1140(tel), +1 202 483 1248 (fax).

If you'd like to support the work of the Electronic PrivacyInformation Center, contributions are welcome and fullytax-deductible. Checks should be made out to "EPIC" and sent to 1718Connecticut Ave., NW, Suite 200, Washington, DC 20009. Or you cancontribute online at:

Your contributions will help support Freedom of Information Act andFirst Amendment litigation, strong and effective advocacy for theright of privacy and efforts to oppose government regulation ofencryption and expanding wiretapping powers.

Thank you for your support.

END EPIC Alert 10.24


WorldLII: Copyright Policy | Disclaimers | Privacy Policy | Feedback