You are here:
EPIC Alert >>
 EPICAlert 24
| Name Search
| Recent Articles
EPIC Alert 10.24  EPICAlert 24
Volume 10.24 December 3, 2003
Published by the Electronic Privacy Information Center (EPIC)
Table of Contents
 U.S. Supreme Court Hears Privacy Cases
 Voting Committee Urges Better Standards
 Coalition Recommends RFID Privacy Practices
 Human Rights a Concern at Upcoming World Summit
 Court Invalidates Car Navigation System Surveillance
 News in Brief
 EPIC Bookstore: Silenced
 Upcoming Conferences and Events
 U.S. Supreme Court Hears Privacy Cases
The United States Supreme Court today focused on privacy issuespresented in Freedom of Information Act and Privacy Act cases. EPICsubmitted a "friend of the court" brief in Doe v. Chao, a case thatwill determine whether government
public disclosure of an individual'sSocial Security number causes sufficient harm to justify an award ofdamages under the Privacy
The Court first heard oral argument in Office of Independent Counselv. Favish, which arises from a California attorney's Freedom ofInformation
Act (FOIA) request for photographs taken during the policeinvestigation of the death of Vincent Foster, deputy counsel to formerPresident
Clinton. The requester sought the photos as part of aneffort to investigate what he believed was a cover-up of Foster'smurder, despite
the determination of the Office of Independent Counsel(OIC) that Foster's death was a suicide. Lower court proceedingsresulted in
the release of numerous photographs and the withholding ofothers. On remand from the court of appeals, the district courtdetermined
that the public interest in the release of five of thephotos outweighed the Foster family's privacy interest in thosephotos. The
appeals court affirmed that ruling for all but one of thephotographs in an unpublished opinion. The Supreme Court willdetermine
whether the OIC properly withheld photos relating toFoster's death because their release would constitute "an unwarrantedinvasion
of personal privacy" of the Foster family under exemption7(c) of the FOIA.
In a second oral argument, the Court turned its attention to Doe v.
Chao. In this case, the Department of Labor used miners' SocialSecurity numbers (SSNs) as claim identifiers for black lung benefitapplications,
and subsequently disclosed those numbers in publicdocuments. The miners filed suit against the Secretary of Labor,
asserting that the Labor Department's public disclosure had violatedtheir rights to privacy under the Privacy Act. The district courtheld
that proof of actual injury is necessary to receive statutorydamages, the amount of which is specified in advance by the PrivacyAct
so that a dollar amount doesn't have to be proved. The courtdetermined that only one miner, Buck Doe, had successfully provedactual
damages by showing emotional distress. On appeal, the FourthCircuit held that a person must show a privacy violation caused actualharm
to recover damages under the Privacy Act, despite the fact thatthe Privacy Act provides for damages of at least $1000 for those whohave
suffered an "adverse effect" from an agency's willful orintentional violation of the law. The Fourth Circuit also held
thatBuck Doe's showing of emotional distress was insufficient to justifyan award of damages under the Privacy Act. The Supreme Court
willreview the question of whether actual damages must be shown in orderto obtain a statutory damages award for violation of the
In its "friend of the court" brief in Doe v. Chao, EPIC discussed thegrave dangers posed by SSN disclosure, specifically
focusing onidentity theft. EPIC pointed out that Congress has provided statutorydamages in other federal privacy laws to enforce
rights where it isdifficult to determine a monetary value. The brief also reviewed thePrivacy Act's legislative history to demonstrate
that Congress haslong recognized the risks to privacy posed by unnecessary SSNdisclosure, and intended to provide statutory damages
for Privacy Actviolations. EPIC asserted that the award of statutory damages underthe Privacy Act should be triggered not by a showing
of specificmonetary damages, but by a showing of adverse affect to the individualposed by SSN misuse.
The Supreme Court will render decisions in Favish and Doe before theCourt's summer recess in late June or early July.
EPIC's Doe v. Chao amicus brief is available at:
For background information, see EPIC's Doe v. Chao page at:
 New Voting Committee Formed to Promote Verification
A new organization dedicated to promoting voting integrity in the U.S.
has urged the 2004 presidential candidates to take a stand onelectronic voting issues. The recently-formed National Committee onVoter
Integrity (NCVI) held a press conference to discuss thereliability and integrity of electronic voting systems. The Committeealso
presented its letter to the presidential candidates, calling onthem to state their position on electronic voting machines and askingwhat
steps they believe should be taken to ensure the integrity of theelection process. The Committee, which brings together a host ofexperts
on voting issues working in technology, academia, politics,
and media, is chaired by Peter G. Neumann, principal scientist at SRIInternational Computer Science Laboratory. NCVI has been establishedin
response to growing concern over flaws and vulnerabilities inelectronic voting systems that are being adopted in states across thecountry,
with the stated goal of promoting voter-verified ballotingand preserving privacy protections for elections in the United States.
The formation of the National Committee on Voter Integrity comes asthe debate over electronic voting has reached a new level ofintensity.
Just last week, California Secretary of State KevinShelley announced a new requirement for "voter verified paper audittrails"
for all touch screen voting machines used in the state by2006. The decision comes following the review of a report by a votingtask
force convened last February, as well as a series of recentreports and local snafus demonstrated the concerns about such votingsystems
are valid. As it stands, all electronic voting machines usedin the state are required to be equipped with a printer that producesa
paper receipt of each voter's selections by July of 2006. Beginningin July 2005, counties will not be able to purchase any electronicmachines
that do not produce a paper trail. The California decisionis a significant victory for advocates of voter verification,
In another important development, one of the preeminent electronicvoting machine makers, Diebold Election Systems, announced Monday
thatit was withdrawing its legal threats against ISPs and individuals whohad posted Diebold memos online. The private memos, which
containedinformation damaging to Diebold, were leaked earlier this year andpassed around the web to dozens of voting activists.
Diebold sent out cease and desist letters in an attempt to force theposters to remove the memos, claiming copyright infringement under
theDigital Millennium Copyright Act. However, the company has backeddown, perhaps as the result of a recent lawsuit filed by theElectronic
Frontier Foundation and Center for Internet and SocietyCyberlaw Clinic at Stanford Law School contesting Diebold's tactics.
The National Committee for Voting Integrity's website is available at:
California Secretary of State Kevin Shelley's announcement isavailable at:
The Electronic Frontier Foundation's press release on Diebold'sdecision is available at:
For background information, see EPIC's Voting page at:
 Coalition Recommends RFID Privacy Practices
More than 35 groups, including EPIC, have endorsed a privacy statementoutlining the threats and best practices for the use of RadioFrequency
Identification (RFID) technology in consumer products.
The November 20 statement outlined the threat to civil liberties andconsumer privacy that RFID technology poses in eliminating purchasinganonymity,
and recommended solutions to curb the most importantthreats. The solution put forth includes routine technicalassessments of the
use of the technology and requiring companies toabide by established fair information practices (FIPs) recommended bythe Organization
for Economic Co-operation and Development (OECD).
The OECD guidelines include requiring open policies and accountabilityfor breaches of those policies, purpose specification, limits
oncollection, and security safeguards.
The debate over use of RFID technology is not just playing out intheory and privacy statements. The technology has been makingheadlines
recently as more and more retail outlets are stocking theirshelves with products tagged by RFID. Wal-Mart received criticism forthe
company's secret testing of RFID in heath and beauty productsearlier this year, but that has not stopped the push for RFID.
Wal-Mart announced that it intends to require all of the products soldin the store to be tagged with RFID within two years.
However, the coalition privacy statement does not advocate a completerejection of the retail use of the technology. On the contrary,
thestatement acknowledged that there are acceptable uses of RFID,
including for use in tracking pharmaceuticals, certain manufacturedgoods before the point of sale, and tracking toxic substances.
for all other uses of the technology, especially at the point wherethe consumer comes in, the statement urges reasonable measures
toassure that the individuals are not forced to relinquish theiranonymity at the point of sale and after they leave the store.
The coalition's positions paper is available at:
The OECD's fair information practices guidelines are available at:
For background information, see EPIC's RFID page at:
 Human Rights a Concern at Upcoming World Summit
The first phase of the World Summit on the Information Society willtake place next week in Geneva, Switzerland. The Summit, organized
bythe International Telecommunication Union (ITU) and other UN Agencies,
will be held in two phases, the second phase taking place in Tunisiafrom November 16-18, 2005. The Summit process includes the draftingand
adoption of a Declaration of Principles and Plan of Actioninvolving goals for the Information Society and the means of achievingthem.
The International Symposium on the Information Society, Human Dignityand Human Rights stated in preparation for the WSIS, that "theinformation
and communication society must be firmly based on, andmust contribute to the development of, human dignity and human rights- all
human rights, civil, political, economic, social and culturalrights." Civil society groups have been working diligently to
ensurethat this is the case, as the preparatory documents appear to sidelinehuman rights. Preparation for the Summit involved three
preliminaryconferences, where the drafting of the Declaration of Principles andPlan of Action took place. At the Geneva meeting,
governments willmerely adopt the Declaration of Principles and Plan of Action. Manymembers of civil society concerned about privacy
and human rights feelthat much more needs to be done, and that the Declaration is not yetadequate on a number of issues. First of
all, preparation for theSummit has involved a heavy concentration on fighting cyber-crime anddigital piracy, as the Cyber-Crime Convention
of 2001 has shaped muchof the agenda. According to Cyber-Rights and Cyber-Liberties' recentanalysis of the Cyber-Crime Convention,
the document significantlyfavors law enforcement over a respect for fundamental human rights.
Many governments, including the United States are pushing for itsadoption, which will have harmful impacts on information privacy,
evenbefore the countries that need communications development have startedto build a modern infrastructure.
Secondly, the drafts remain inadequate in protections for humanrights. Koïchiro Matsuura, the Director General of UNESCO, hasexpressed
concern over the fact that the reference to Article 19 ofthe Universal Declaration of Human Rights is still under negotiationin the
present drafts of the WSIS Declaration of Principles and thePlan of Action. Mr. Matsuura also faults the drafts for a lack ofunambiguous
"assurance that freedom of expression is recognized as thefundamental principle underlying and informing the development of
theinformation society." Finally, many civil society groups are workingto broaden the focus of the Summit to include communication
and mediaissues beyond the Internet. According to a representative from theCommunication Rights in the Information Society (CRIS)
"Early hopes that the WSIS would tackle a broad range of informationand communication issues have been dashed and the agenda
that hasemerged is concerned mainly with telecommunication and internetrelated issues, viewed from a technical perspective and a
narrowlyconstrued development agenda."
Originally, the WSIS was organized to improve access to informationand communication technologies for the vast majority of the world'spopulation.
At this point, however, it is still unclear whether theDeclaration and Action Plan will enhance or actually hinder access.
Civil society groups like UNESCO and CRIS are working to ensure thathuman rights maintain a focal position, as are Stephanie Perrin,
aSenior Fellow at EPIC, and Deborah Hurley, an EPIC Advisory Boardmember, who have both been selected to speak at the WSIS conference.
This work is also taking place outside the conference, as there aremany civil society events taking place in Geneva alongside the
For example, the CRIS campaign has initiated the World Forum onCommunication Rights, which will take place alongside the Summit inGeneva
on December 11. This Forum, an independent civil-society ledinitiative, is not in opposition to the Summit but intended tohighlight
and make practical progress in spheres the Summit fails tocover.
The World Summit on the Information Society web page is available at:
The International Symposium on the Information Society, Human Dignityand Human Rights Statement is available at:
Cyber-Rights & Cyber-Liberties' "Advocacy Handbook for the Non-
Governmental Organizations: The Council of Europe's Cyber-CrimeConvention 2001" is available at:
The UNESCO Statement is available at:
World Forum on Communication Rights web page is available at:
 Court Invalidates Car Navigation System Surveillance
The Ninth Circuit Court of Appeals has ruled that a lower court shouldnot have allowed the FBI to order a telematics company to convert
anautomobile's navigation system into a wiretapping device. On-boardtelematics systems use cellular technology to provide locationinformation,
data and voice communication, and information about thecondition of the vehicle. The systems are used to aid in navigation,
or to alert police to an accident or emergency. The Court of Appealsfound that the conversion of a telematics device into an eavesdroppingsystem
excessively interfered with the car's emergency features.
In the case, agents obtained a series of orders that required anunnamed telematics company to quietly activate an anti-theft recoverysystem
in a suspect's car. The FBI employed 18 U.S.C. Sec. 2518(4) toobtain the order, which requires communications companies, landlords,
and custodians to assist law enforcement in intercepting conversations"unobtrusively and with a minimum of interference with
provided. The system transmitted conversations held in the cardirectly to the FBI, but in doing so, it also disabled the system'ssafety
The telematics company challenged the order, arguing that it was notsubject to the obligations of Sec. 2518(4), and that the surveillancewould
interfere with the services provided to the customers. Whilethe Court of Appeals held that a telematics company would generallyhave
to comply with orders to assist law enforcement in wiretapping,
in this case, the eavesdropping interfered excessively with theprovision of navigation and emergency services. Accordingly, infuture
cases, surveillance of auto telematics systems may be lawfulwhere it does not interfere unreasonably with the operation of thedevice.
The Company v. U.S.A. decision, No. 02-15635 (9th Cir. Nov. 18, 2003),
is available at:
 News in Brief
U.S. ENDS ALIEN REGISTRY PROGRAM, SET TO START US-VISIT
The Department of Homeland Security announced the termination of aforeign visitor registry program that required certain non-immigrantaliens
to register every 30 days and annually with the governmentwhile in the U.S. This program, called the National Security EntryExit
Registration System (NSEERS), mandated that men and boys from 25mostly Middle Eastern countries be fingerprinted, photographed andinterviewed
at U.S. immigration offices. While intended to helpassure the government that no known terrorists were in this country,
the program was the target of a great deal of criticism for what manyfelt was racial profiling and targeting of innocent foreigners.
Inplace of NSEERS, the U.S. government is planning to implement a systemcalled US-VISIT, that will digitally photograph and fingerprintmillions
of people who visit the United States each year on tourist,
business and student visas. US-VISIT is slated to begin operationJanuary 5.
The Department of Homeland Security's Fact Sheet on US-VISIT isavailable at:
COURT SAYS SHORT WAIT BEFORE POLICE ENTRY OKAY
The Supreme Court has unanimously ruled that police acted reasonablywhen forcing entry to a suspect's home after announcing their
intentto enter and waiting fifteen to twenty seconds. In the case, policeannounced their presence, waited, and then battered down
a suspect'sdoor in search of drugs. The suspect had not heard the police, and asearch of the home produced weapons and cocaine.
In evaluatingreasonableness of search warrant executions, the Court held that thetotality of facts known to the officers were relevant.
Here, theCourt reasoned, delaying the entry beyond a short wait could havegiven the suspect an opportunity to destroy the drugs,
as a prudentdealer would store the contraband near a sink or toilet. In othercases, a short wait would be unreasonable: "Police
seeking a stolenpiano may be able to spend more time to make sure they really need thebattering ram."
The United States v. Banks decision, No. 02-473 (US 2003), isavailable at:
FCC HOLDS INTERNET TELEPHONY FORUM
The Federal Communications Commission held a forum this week todiscuss "Voice Over Internet Protocol" (VoIP), a technology
used tofacilitate Internet telephony. Many privacy issues are raised by thetechnology. First, VoIP users can evade police wiretapping
in somecases. As a result, the FBI has sought to impose new requirements onInternet telephony providers that would facilitate wiretapping.
Second, location privacy issues are raised with the development of"presence sensing" and E911-compliant Internet telephony
Finally, developing Internet telephony contact systems, such as ENUM,
may depend on individuals posting personal contact information inpublicly-available databases. FCC Commissioners were concerned alsowith
taxation issues, universal service access, and access to theservice by people who are disabled. Any member of the public maysubmit
comments on the forum until December 15. The FCC is expectedto release a Notice of Public Rulemaking on VoIP soon.
Information on the FCC VOIP Forum is available at:
For background information, see EPIC's Internet Telephony page at:
For background information, see EPIC's ENUM page at:
 EPIC Bookstore: Silenced
Privacy International and GreenNet Educational Trust, "Silenced: AnInternational Report on Censorship and Control of the Internet"
Privacy International and GreenNet Educational Trust's report,
"Silenced: An International Report on Censorship and Control of theInternet," is a must-read for anyone interested in the
roleinformation technology plays in society today. The report details themany forces that exert control over Internet content and
highlightsimportant trends that are emerging in online censorship. "Silenced"
underscores the dichotomy of the relationship between the Internet andexpression. On the one hand, the Internet bolsters access
andopportunity for people to communicate their views; however, it alsoincreases opportunities for surveillance and offers a wealth
of powerto entities looking to control speech. This is not a new phenomenon,
the authors point out, and will continue to be a battleground as theInternet matures.
A central theme of the report is the tightening of governmentregulation of speech online in the wake of September 11. It's notsurprising
that governments around the world have passed a host of newlaws targeting Internet control and surveillance in the past fewyears,
but it is cause for concern. The authors are careful to pointout, however, that other, less obvious threats to free onlineexpression
lurk in the wings. One such threat they take pains tohighlight is the control that industry and private corporations areincreasingly
exerting over Internet content. New copyright laws andintellectual property protections have been enacted all over the worldin recent
years, disproportionately advancing the interests ofbusiness over individuals. Another important aspect of censorshipthat the report
bring to light is the relationships between censorshipand surveillance and the importance of anonymity in protecting speechonline.
As the report states, "Anonymous speech is a mechanism thatprotects individuals from intimidation; and this is what binds
privacyand free expression tightly together."
"Silenced" does an admirable job of detailing the status of freespeech in 40-some nations around the world. As expected,
differentregions maintain varied approaches to censorship and onlineexpression, but two themes emerge -- increasing censorship in
the nameof anti-terrorism and the prevalence of a digital divide between thehaves and have-nots. Some of the report's most interesting
segmentsare included in the discussion of censorship in Middle East countries.
However, "Silenced" unfortunately pays short shrift to Latin America,
not even including Mexico in its study.
Overall, Privacy International and GreenNet Educational Trust's reporton Internet censorship is an important contribution to the scholarshipon
the information society and provides a clear, convincingperspective on the dangers of current attempts to control speechonline throughout
"The Privacy Law Sourcebook 2002: United States Law, InternationalLaw, and Recent Developments," Marc Rotenberg, editor (EPIC 2002).
Price: $40. http://www.epic.org/bookstore/pls2002/
The "Physicians Desk Reference of the privacy world." An invaluableresource for students, attorneys, researchers and journalists
who needan up-to-date collection of U.S. and International privacy law, aswell as a comprehensive listing of privacy resources.
"FOIA 2002: Litigation Under the Federal Open Government Laws," HarryHammitt, David Sobel and Mark Zaid, editors (EPIC 2002). Price:
This is the standard reference work covering all aspects of theFreedom of Information Act, the Privacy Act, the Government in theSunshine Act, and the Federal Advisory Committee Act. The 21stedition fully updates the manual
that lawyers, journalists andresearchers have relied on for more than 25 years. For those wholitigate open government cases (or
need to learn how to litigatethem), this is an essential reference manual.
"Privacy & Human Rights 2003: An International Survey of Privacy Lawsand Developments" (EPIC 2002). Price: $35.
This survey, by EPIC and Privacy International, reviews the state ofprivacy in over fifty-five countries around the world. The surveyexamines
a wide range of privacy issues including data protection,
passenger profiling, genetic databases, video surveillance, ID systemsand freedom of information laws.
"Filters and Freedom 2.0: Free Speech Perspectives on Internet ContentControls" (EPIC 2001). Price: $20.
A collection of essays, studies, and critiques of Internet contentfiltering. These papers are instrumental in explaining why filteringthreatens
"The Consumer Law Sourcebook 2000: Electronic Commerce and the GlobalEconomy," Sarah Andrews, editor (EPIC 2000). Price: $40.
The Consumer Law Sourcebook provides a basic set of materials forconsumers, policy makers, practitioners and researchers who areinterested
in the emerging field of electronic commerce. The focus ison framework legislation that articulates basic rights for consumersand
the basic responsibilities for businesses in the online economy.
"Cryptography and Liberty 2000: An International Survey of EncryptionPolicy," Wayne Madsen and David Banisar, authors (EPIC 2000).
EPIC's third survey of encryption policies around the world. Theresults indicate that the efforts to reduce export controls on strongencryption
products have largely succeeded, although severalgovernments are gaining new powers to combat the perceived threats ofencryption
to law enforcement.
EPIC publications and other books on privacy, open government, freeexpression, crypto and governance can be ordered at:
EPIC Bookstore http://www.epic.org/bookstore/
"EPIC Bookshelf" at Powell's Books http://www.powells.com/features/epic/epic.html
 Upcoming Conferences and Events
Panel Discussion on Electronic Voting Problems. ComputerProfessionals for Social Responsibility. December 6, 2003.
Washington, DC. For more information:
Media Freedoms and the Arab World. The Arab Archives Institute.
December 6-8, 2003. Amman, Jordan. For more information: emailaainstituteyahoo.com or seehttp://www.ijnet.org/FE_Article/newsarticle.asp?UILang=1&CId=115794&
Building Trust and Confidence in Voting Systems. National Instituteof Standards and Technology. December 10-11, 2003. Gaithersburg,
For more information: http://vote.nist.gov/overview.html.
WHOLES - A Multiple View of Individual Privacy in a Networked World.
Swedish Institute of Computer Science. January 30-31, 2004. Stockholm,
Sweden. For more information: http://www.sics.se/privacy/wholes2004.
The New Fair Credit Reporting Act. Privacy & American Business.
February 9-10, 2004. Washington, DC. Email infopandab.org.
O'Reilly Emerging Technology Conference. February 9-12, 2004. SanDiego, CA. For more information: http://conferences.oreilly.com/etech.
IAPP 4th Annual Privacy & Security Summit & Expo. February 18-20,
2004. Washington, DC. For more information:
RSA Conference 2004 - The Art of Information Security. February23-27, 2004. San Francisco, CA. For more information,
Securing Privacy in the Internet Age. Stanford Law School. March13-14, 2004. Palo Alto, CA. For more information:
International Conference on Data Privacy and Security in a GlobalSociety. Wessex Institute. May 11-14, 2004. Skiathos, Greece.
O'Reilly Open Source Convention. July 26-30, 2004. Portland, OR. Formore information: http://conferences.oreilly.com/oscon.
Subscribe/unsubscribe via Web interface:
Subscribe/unsubscribe via e-mail:
Subject: "subscribe" or "unsubscribe" (no quotes)
Automated help with subscribing/unsubscribing:
Subject: "help" (no quotes)
Problems or questions? e-mail <infoepic.org
Back issues are available at: http://www.epic.org/alert/
The EPIC Alert displays best in a fixed-width font, such as Courier.
The EPIC Alert mailing list is used only to mail the EPIC Alert and tosend notices about EPIC activities. We do not sell, rent or
share ourmailing list. We also intend to challenge any subpoena or other legalprocess seeking access to our mailing list. We do
not enhance (linkto other databases) our mailing list or require your actual name.
In the event you wish to subscribe or unsubscribe your e-mail addressfrom this list, please follow the above instructions under"subscription
information". Please contact infoepic.org if you wouldlike to change your subscription e-mail address, if you areexperiencing subscription/unsubscription problems, or if you
have anyother questions.
The Electronic Privacy Information Center is a public interestresearch center in Washington, DC. It was established in 1994 tofocus
public attention on emerging privacy issues such as the ClipperChip, the Digital Telephony proposal, national ID cards, medicalrecord
privacy, and the collection and sale of personal information.
EPIC publishes the EPIC Alert, pursues Freedom of Information Actlitigation, and conducts policy research. For more information,
e-mail infoepic.org, http://www.epic.org or write EPIC, 1718Connecticut Ave., NW, Suite 200, Washington, DC 20009. +1 202 483 1140(tel),
+1 202 483 1248 (fax).
If you'd like to support the work of the Electronic PrivacyInformation Center, contributions are welcome and fullytax-deductible.
Checks should be made out to "EPIC" and sent to 1718Connecticut Ave., NW, Suite 200, Washington, DC 20009. Or you cancontribute
Your contributions will help support Freedom of Information Act andFirst Amendment litigation, strong and effective advocacy for theright of privacy and efforts to oppose government regulation
ofencryption and expanding wiretapping powers.
Thank you for your support.
END EPIC Alert 10.24