WorldLII Home | Databases | WorldLII | Search | Feedback

EPIC Alert

You are here:  WorldLII >> Databases >> EPIC Alert >> 2003 >> [2003] EPICAlert 26

Database Search | Name Search | Recent Articles | Noteup | LawCite | Help

EPIC Alert 10.26 [2003] EPICAlert 26

E P I C - 2003 Year in Review

Volume 10.26 December 31, 2003

Published by the Electronic Privacy Information Center (EPIC)
Washington, D.C.

2 0 0 3 P R I V A C Y Y E A R I N R E V I E W


January 8: Gillette and Wal-Mart Test RFID "Smart Shelf" Technology
Gillette and Wal-Mart announce plans to test in a MassachusettsWal-Mart "smart shelves," which identify radio frequencies emittedby Radio Frequency Identification (RFID) chips embedded in Gilletteproducts. Gilette says that the technology will help monitorinventory and reduce theft, but privacy groups charge that it willalso be used to track consumers.

January 21: Privacy Loses to the Recording Industry Association ofAmerica
Verizon loses its battle in federal district court to preserve theprivacy of a Verizon customer. In July 2002, the Recording IndustryAssociation of America demanded that Verizon turn over the name of aVerizon costumer alleged to have traded recording artists'
copyrighted material. Verizon refused to turn over the name, andwas then sued by the RIAA. The court determined that the RIAA didnot need to obtain a judge's approval before demanding customerinformation from Internet service providers.

January 30: European Commission Orders Microsoft to Modify Passport
The European Union finds that Microsoft's Passport violated EuropeanUnion data protection rules and demanded that Microsoft makesubstantial changes to Passport. European Commission CommissionerBolkestein said that companies will need to follow guidelines forfuture services.

February 18: New Hampshire Supreme Court: Information Brokers May BeLiable for Selling Personal Info
The New Hampshire Supreme Court determines that information brokersand private investigators can be held responsible for harms causedby selling an individual's personal information. In this case, ayoung woman was murdered by a stalker who obtained her personalinformation from information brokers and private investigators. Thecourt found that private investigators and information brokers havea duty to exercise reasonable care when the sale of personalinformation creates a risk to the individual being investigated. Thecourt also decided that individuals can sue investigators whopurchase their Social Security numbers from credit reportingagencies without permission.

March 5: Supreme Court: States Can Post Sex Offender Info on theInternet
The U.S. Supreme Court holds that states may post the names andphotos of convicted sex offenders on the Internet without violatingthose individuals' rights. The decision marks the first time theCourt has directly faced the question of whether public recordsshould made available on the Internet.

March 21: Federal Court Upholds Junk Fax Law
A federal appeals court upholds the Telephone Consumer ProtectionAct against a First Amendment challenge. A junk fax company Fax.comand Wal-Mart argued that the law violated free speech rights becauseit imposes fines upon companies that send fax advertisements withoutthe permission of the individual receiving the fax. The case marks acourt victory for opt-in privacy laws.

April 14, 2003: Health Privacy Rule becomes Effective
The Privacy Rule issued under the Health Insurance Portability andAccountability Act of 1996 goes into effect For the first time,
Americans have a federal floor of protection and rights for medicalinformation. The Rule is enforced by the Office for Civil Rightswithin the Department of Health and Human Services.

April 22: No Fly List Strands Innocent Travelers
Documents uncovered by EPIC's Freedom of Information Act lawsuitagainst the Transportation Security Administration reveal thatinnocent people were swept up by the No Fly watch list. Theproblems raise questions about a proposed passenger profilingsystem. The Transportation Security Administration has yet todescribe how it will protect due process rights, comply with thePrivacy Act, and whether it is an effective security measure.

April 29: Secret Surveillance and Search at All-Time High
The 2002 annual report on the Foreign Intelliegence Surveillance Actfinds that all 1228 applications for electronic surveillance andphysical search were approved. In 2001, the FISA Court approved 934applications. The Patriot Act greatly expanded the government'sauthority to use the secretive surveillance law.

May 12: New Microsoft Passport Flaw Found
Microsoft concedes that a new flaw was found in Microsoft Passportthat could expose personal information, including credit cardnumbers, of 200 million Internet users. In July and August 2001,
EPIC and a coalition of consumer advocacy groups filed detailedcomplaints with the Federal Trade Commission about the privacy risksassociated with the Passport identification and authenticationsystem. The Commission found that the Microsoft representationsabout Passport constituted an unfair and deceptive trade practiceand settled the action against Microsoft. The agreement requiredthat Microsoft establish a comprehensive information securityprogram for Passport, and that it must not misrepresent itspractices of information collection and usage.

May 21: Total Information Awareness Gets a Makeover
The Department of Defense Advanced Research Projects Agency releasesa report on the "Terrorism" Information Awareness Program. The namechange was intended to sooth fears that a massive program of publicsurveillance might raise privacy concerns. As the Department noted,
"[t]he name 'Total Information Awareness' program created in someminds the impression that TIA was a system to be used for developingdossiers on US citizens."

June 23: Supreme Court OKs Library Internet Filters
The U.S. Supreme Court upholds a federal law requiring libraries tofilter Internet content to receive federal funding. Critics arguedthat the law violated free speech rights guaranteed by theConstitution. The Court disagreed, explaining that libraries couldtemporarily turn off the software if asked by library patrons sothat they could view material that would otherwise be inaccessible.
United States v. American Library Association (2003)

June 26: Supreme Court Affirms Right to Be Left Alone in Bedroom
The Supreme Court strikes down a Texas law making it illegal for twoadults of the same sex to have consensual sex in the privacy of thehome. The decision reversed the Court's position on sodomy laws,
and is likely to invalidate laws in twelve other states thatregulate what adults can and cannot do within the privacy of thehome. Justice Kennedy wrote: "Liberty presumes an autonomy of selfthat includes freedom of thought, belief, expression, and certainintimate conduct." He concluded, "As the Constitution endures,
persons in every generation can invoke its principles in their ownsearch for greater freedom." Lawrence v. Garner (2003)

July 10: Wal-Mart Scraps "Smart Shelf" Plans
Wal-Mart announces that it would not move forward with plans toinstall "smart shelf" technology in its stores that would receiveradio frequencies emitted by Gillette products with Radio FrequencyIdentification (RFID) chips. Although Wal-Mart said the move simplyreflected a corporate decision to implement RFID technology inwarehouses and distribution centers instead of retail stores,
concerns about the misuse of data gleaned from the tracking deviceshad prompted a public outcry against the technology.

August 8: FOIA Records Detail Attempts to Track Legislators
EPIC obtains Federal Aviation Administration transcripts and audiorecordings concerning a request by the office of U.S. House ofRepresentatives Majority Leader Tom DeLay (R-TX) to track Texaslegislators fleeing the state by plane. The audio recordings oftelephone conversations between the FAA's Washington OperationsCenter and various field employees indicated that the FAA employeeswere misled into believing that the request to track the legislatorswas part of an official Congressional investigation.

August 11: Mississippi District Installs Webcams in Classrooms
The school district in Biloxi, Mississippi becomes the first in thenation to implement a system of Internet-wired video cameras, nearly500 total, to monitor its classrooms and hallways 24 hours a day.
The district, which is comprised of some 6,300 students, citedsecurity concerns as the basis for its camera use. Only designatedschool officials and security personnel are allowed to view thefootage, which can be displayed on a computer linked to theInternet. Other school district in the U.S. and England arebeginning to experiment with classroom webcams.

August 13: Poindexter Resigns But Defends "Total Info" Plan
In a letter to the director of the Pentagon's research department,
retired Admiral John Poindexter, the man responsible for TotalInformation Awareness, resigns as head of the Information AwarenessOffice. He defended the controversial Total Information Awarenessprogram and cited a study conducted by his former office as anexample of his efforts to "protect the privacy of innocent people."

August 20: Tampa Scraps Face-Recognition System
The Tampa Police Department abandons the face recognition systemused in conjunction with its video surveillance cameras, citing thesystem's failure to recognize anyone wanted by the authorities overa two-year period. The camera-based system scanned the faces oftourists, residents, and visitors in Ybor City and then compared theimages with police mug shots. The system's use never led to anyarrests or positive identifications. The Identix system is still inoperation in Virginia Beach and Great Britain.

August 21: County Requires DNA for Guilty Pleas
Prosecutors in Jackson County, Missouri instituted a policyrequiring DNA samples from anyone wishing to plead guilty to afelony. Prosecutors believe the samples can be a useful tool insolving violent crimes. The county Public Defender's office,
however, is opposed to the practice and is recommending that itsclients not comply. Other states, including Virginia, require DNAeven from people who were only arrested and questioned.

August 31: U.S. Used Illegally Obtained Personal Data
The U.S. government was cut off from a major source of data on LatinAmerican citizens. The U.S. had purchased access to a databasecontaining the personal information of 65 million voting-age Mexicancitizens, allowing three dozen U.S. agencies to use it to track andarrest suspects inside and outside the U.S. However, the datavendor, Atlanta-based ChoicePoint Inc., recently erased its files oncitizens in Mexico, Argentina and Costa Rica after an outcry fromthese countries and others in Latin America regarding the company'smeans of obtaining this information. In particular, the Mexicangovernment complained that its federal voter rolls were the sourceof ChoicePoint's data, and were likely obtained illegally by aMexican company that sold them to the vendor. All told, ChoicePoint had collected personal information on residents of 10 LatinAmerican countries -- apparently without their consent or knowledge.
ChoicePoint Said To Stop Selling Data On Mexicans To US, The WallStreet Journal, Aug. 31, 2003
September 14: Anti-Terrorism Laws Used for Other Purposes
A report finds that the Patriot Act is used more often to pursuecommon crime than to combat actual terrorism. A Justice Departmentofficial concedes that the Patriot Act contained provisions that hadbeen on prosecutors' wish lists for years. Civil liberties andlegal defense groups said the government soon will be routinelyusing harsh anti-terrorism laws against run-of-the-mill lawbreakers.

September 18: JetBlue Confirms Disclosing Passenger Data
JetBlue Airways admits that it provided 5 million passengeritineraries to Torch Concepts, a Defense Department contractor, aspart of a massive dataming experiment. Torch Concepts supplementedthe JetBlue data with information, such as Social Security numbersand income levels, furnished by Acxiom Corporation. Congress callsfor an investigation.

September 19: UK Makes Spam a Crime
Britain becomes the second country in Europe to criminalize spam.
Under the new British law, spammers face an $8,057 fine if convictedin a magistrates court. Potential fines imposed in a jury trialwould be unlimited. Spammers would not be subject to imprisonmentunder the new law.

September 22: Transatlantic Tiff Over Passenger Data
European Union officials meet in Brussels with Homeland Securityofficials to discuss whether European airlines should be forced tohand over information on their passengers to the U.S. government.
The transfer of such information violates many European privacylaws.

September 25: Congress Pulls Plug on Total Information Awareness
The Senate passes a $368 billion Pentagon spending measure thateliminated funding for the Total Information Awareness office. Theoffice, headed by retired admiral John Poindexter, was responsiblefor the controversial Total Information Awareness surveillanceprogram as well as a proposed terrorism futures market.

September 26: Congress Freezes CAPPS II Funding
Congress suspends funding for the controversial Computer AssistedPassenger Pre-Screening System until the there is a study of thesystem and a certification that privacy issues haved beensatisfactorily addressed. The Congress says that error rates, dueprocess procedures, accuracy, and safeguards against abuse must beaddressed. The report is expected in mid-February 2004.

October 1: Do-Not-Call List Sparks Litigious Furor
To the delight of telemarketing foes throughout the nation, theFederal Trade Commission's Do-Not-Call List was scheduled to takeeffect on October 1. But contentious litigation over the List'sconstitutionality and the FTC's authority to implement it stalledthe List's enforcement. After maneuvering by both Congress and thePresident failed to resolve the matter, the Federal CommunicationsCommission was eventually permitted to enforce its own Do-Not-CallList.

October 8: FBI Demands Reporter's Records, Sheepishly Apologizes
The FBI apologizes to Associated Press reporter Ted Bridis fordemanding that he preserve documents related to Adrian Lamo, who isalleged to have hacked into The New York Times computer system. TheFBI had told Bridis that he was obligated by law to preserve therecords. The FBI admiited that it had no legal basis for requiringthe preservation of the records under the circumstances.

October 21: Postal Service Pushes Identification Requirements
The Postal Service will require bulk mailers to include a validaddress on all envelopes. Earlier, a Presidential commissionrecommended identification on the outside of all mail. According tothe Commission, "requiring all mail to identify its sender wouldlikely have a negligible impact on most users of the Postal Servicewho readily identify themselves when they send mail and wouldconsider such a requirement a relatively modest concession."

October 21: Students Battle Diebold Over Memos
The Swarthmore Coalition for the Digital Commons takes heat fromDiebold Election Systems for hosting web pages linked to thousandsof leaked Diebold memos that detail flaws in the company's votingmachine software. The company claimed posting such information is aviolation of the Digital Millennium Copyright Act. The students saidtht the company suppressed free speech. Diebold eventually backeddown.

October 24: 9/11 Author Pushes For National Identification Card
Journalist and entrepreneur Steven Brill announces plans to developa biometric identification cards for those who are frustrated bywaiting in line at security checkpoints. The identification card isintended to assure that cardholders are not terrorists, violentcriminals, or illegal immigrants, (or people who enjoy waiting inlines) and are thus entitled to less scrutiny at securitybottlenecks than those without the card.

October 25: Discount Offered on RFID Implants
The maker of a Radio Frequency Identification chip implantable inhumans launches a nation-wide promotional campaign in support of theproduct. Applied Digital Solutions offered a $50 discount on thedevice, which costs $200, to the first 100,000 people who sign up tohave the chip implanted. The company next hopes to develop animplantable GPS chip. The company also faces investigations by theFood and Drug Administration and the NASDAQ.

October 28: Library of Congress Grants DMCA Exceptions
The Library of Congress creates new narrow exemptions to a digitalpiracy law that makes it illegal to crack digital copyrightprotections. One can now legally crack codes to access lists ofsites blocked by commercial Internet filtering software, but notspam-fighting lists; computer programs protected by hardware donglesthat are broken or obsolete; computer programs or video games thatuse obsolete formats or hardware; and e-books that preventread-alound or other handicapped access formats from functioning.
The move was still criticized by free-speech activists, who hadhoped for more exceptions.

November 4: Defense Department Pays Linda Tripp $595,000 To SettlePrivacy Case
The Department of Defense settles a Privacy Act litigation withformer employee Linda Tripp, agreeing to pay $595,000 for Tripp todrop her claims. Tripp alleged that Pentagon officials releasedprivate information about her in retaliation for her role in theLewinsky matter, which led to impeachment proceedings against thenPresident Clinton.

November 16: Government, Industry Announce
Major luggage and lock retailers in the United States, with thebacking of the Transportation Security Administration, announce theTravel Sentry, a new lock that will enable government agents tosearch checked baggages. A TSA spokesperson says, "In other words,
we can open it, but no one else can." But reports at years end findthat Travel Sentry locks are also clipped by TSA officials.

December 4: Credit Legislation Signed Into Law
New credit privacy legislation is signed into law. The law willpreempt tougher state laws protecting privacy and preventingcompanies from sharing personal information. The bill is a victoryfor the financial industry. One positive aspect of the legislation,
however, is that it gives consumers new protections against identitytheft, including free credit reports and a national fraud-alertsystem to minimize damage once a theft has occurred.

December 12: School Installs Face-Recognition Technology to FindChildren, Sex Offenders
A Phoenix-area middle school plans to install face-recognitiontechnology intended to identify registered sex offenders and missingchildren. The surveillance system consists of two cameras, whichcost from $3,000 to $5,000, linked to state and federal lawenforcement databases containing information about sex offenders,
missing children, and abductors. The Arizona Superintendent ofPublic Instruction is pushing to have the surveillance systeminstalled in every school in Arizona.

December 16: Rush Limbaugh Fights for His Medical Record Privacy
Conservative talk show host Rush Limbaugh tells a Florida court thatinvestigators violated his privacy by seizing his medical recordsunder search warrants on December 4. He asked that the records notbe made available to prosecutors investigating whether Limbaughillegally bought prescription painkillers, citing the need toprotect physician/patient confidentiality.

December 16: U.S., European Union Strike Passenger Data Deal
The European Union agrees to allow the United States to collectairline passenger records on all individuals flying from Europe tothe United States. The concession ended transatlantic tensionstemming from the European Union's threat to keep airlines fromdisclosing passenger information under European privacy laws. Theagreement will limit what information can be gathered from passengerrecords, how it can be shared with the U.S., and how long it can bestored.

December 16: Anti-Spam Legislation Signed Into Law
The CAN-SPAM Act of 2003 is signed into law, authorizing both finesand imprisonment for spammers who gather e-mail addresses from theInternet or use false information to deceive spam recipients. Thenew federal law will preempt stricter state laws, and may beineffective against spam sent from outside the United States. Thelaw will be enforced beginning January 1, 2004.

December 20: Recording Industry Association of America DealtSetback
A federal district court holds that the Recording IndustryAssociation of America must get a judge's permission beforedemanding that Internet service providers disclose the names ofcustomers suspected of trading music online in violation ofcopyright laws. The decision will force the RIAA to file suitagainst an individual, and then ask a judge to compel the Internetservice provider to turn over the individual's identity.

December 31: Inspector General Slams Info Awareness
The Department of Defense Inspector General concludes that the TotalInformation Awareness program failed to address key privacyconcerns. The program was killed earlier in the year by theCongress, but some of the program's activities have been quietlytransferred to other agencies.


Privacy Policy

The EPIC Alert mailing list is used only to mail the EPIC Alert and tosend notices about EPIC activities. We do not sell, rent or share ourmailing list. We also intend to challenge any subpoena or other legalprocess seeking access to our mailing list. We do not enhance (linkto other databases) our mailing list or require your actual name.

In the event you wish to subscribe or unsubscribe your e-mail addressfrom this list, please follow the above instructions under"subscription information". Please contact if you wouldlike to change your subscription e-mail address, if you areexperiencing subscription/unsubscription problems, or if you have anyother questions.

About EPIC

The Electronic Privacy Information Center is a public interestresearch center in Washington, DC. It was established in 1994 tofocus public attention on emerging privacy issues such as the ClipperChip, the Digital Telephony proposal, national ID cards, medicalrecord privacy, and the collection and sale of personal information.
EPIC publishes the EPIC Alert, pursues Freedom of Information Actlitigation, and conducts policy research. For more information,
e-mail, or write EPIC, 1718Connecticut Ave., NW, Suite 200, Washington, DC 20009. +1 202 483 1140(tel), +1 202 483 1248 (fax).

If you'd like to support the work of the Electronic PrivacyInformation Center, contributions are welcome and fullytax-deductible. Checks should be made out to "EPIC" and sent to 1718Connecticut Ave., NW, Suite 200, Washington, DC 20009. Or you cancontribute online at:

Your contributions will help support Freedom of Information Act andFirst Amendment litigation, strong and effective advocacy for theright of privacy and efforts to oppose government regulation ofencryption and expanding wiretapping powers.

Thank you for your support.

END EPIC 2003 Year in Review

WorldLII: Copyright Policy | Disclaimers | Privacy Policy | Feedback