You are here:
EPIC Alert >>
 EPICAlert 26
| Name Search
| Recent Articles
EPIC Alert 10.26  EPICAlert 26
E P I C - 2003 Year in Review
Volume 10.26 December 31, 2003
Published by the Electronic Privacy Information Center (EPIC)
2 0 0 3 P R I V A C Y Y E A R I N R E V I E W
January 8: Gillette and Wal-Mart Test RFID "Smart Shelf" Technology
Gillette and Wal-Mart announce plans to test in a MassachusettsWal-Mart "smart shelves," which identify radio frequencies
emittedby Radio Frequency Identification (RFID) chips embedded in Gilletteproducts. Gilette says that the technology will help monitorinventory
and reduce theft, but privacy groups charge that it willalso be used to track consumers.
January 21: Privacy Loses to the Recording Industry Association ofAmerica
Verizon loses its battle in federal district court to preserve theprivacy of a Verizon customer. In July 2002, the Recording IndustryAssociation
of America demanded that Verizon turn over the name of aVerizon costumer alleged to have traded recording artists'
copyrighted material. Verizon refused to turn over the name, andwas then sued by the RIAA. The court determined that the RIAA didnot
need to obtain a judge's approval before demanding customerinformation from Internet service providers.
January 30: European Commission Orders Microsoft to Modify Passport
The European Union finds that Microsoft's Passport violated EuropeanUnion data protection rules and demanded that Microsoft makesubstantial
changes to Passport. European Commission CommissionerBolkestein said that companies will need to follow guidelines forfuture services.
February 18: New Hampshire Supreme Court: Information Brokers May BeLiable for Selling Personal Info
The New Hampshire Supreme Court determines that information brokersand private investigators can be held responsible for harms causedby
selling an individual's personal information. In this case, ayoung woman was murdered by a stalker who obtained her personalinformation
from information brokers and private investigators. Thecourt found that private investigators and information brokers havea duty
to exercise reasonable care when the sale of personalinformation creates a risk to the individual being investigated. Thecourt also
decided that individuals can sue investigators whopurchase their Social Security numbers from credit reportingagencies without permission.
March 5: Supreme Court: States Can Post Sex Offender Info on theInternet
The U.S. Supreme Court holds that states may post the names andphotos of convicted sex offenders on the Internet without violatingthose
individuals' rights. The decision marks the first time theCourt has directly faced the question of whether public recordsshould
made available on the Internet.
March 21: Federal Court Upholds Junk Fax Law
A federal appeals court upholds the Telephone Consumer ProtectionAct against a First Amendment challenge. A junk fax company Fax.comand
Wal-Mart argued that the law violated free speech rights becauseit imposes fines upon companies that send fax advertisements withoutthe
permission of the individual receiving the fax. The case marks acourt victory for opt-in privacy laws.
April 14, 2003: Health Privacy Rule becomes Effective
The Privacy Rule issued under the Health Insurance Portability andAccountability Act of 1996 goes into effect For the first time,
Americans have a federal floor of protection and rights for medicalinformation. The Rule is enforced by the Office for Civil Rightswithin
the Department of Health and Human Services.
April 22: No Fly List Strands Innocent Travelers
Documents uncovered by EPIC's Freedom of Information Act lawsuitagainst the Transportation Security Administration reveal thatinnocent people were swept up by the No Fly watch list. Theproblems
raise questions about a proposed passenger profilingsystem. The Transportation Security Administration has yet todescribe how it
will protect due process rights, comply with thePrivacy Act, and whether it is an effective security measure.
April 29: Secret Surveillance and Search at All-Time High
The 2002 annual report on the Foreign Intelliegence Surveillance Actfinds that all 1228 applications for electronic surveillance andphysical
search were approved. In 2001, the FISA Court approved 934applications. The Patriot Act greatly expanded the government'sauthority
to use the secretive surveillance law.
May 12: New Microsoft Passport Flaw Found
Microsoft concedes that a new flaw was found in Microsoft Passportthat could expose personal information, including credit cardnumbers,
of 200 million Internet users. In July and August 2001,
EPIC and a coalition of consumer advocacy groups filed detailedcomplaints with the Federal Trade Commission about the privacy risksassociated
with the Passport identification and authenticationsystem. The Commission found that the Microsoft representationsabout Passport
constituted an unfair and deceptive trade practiceand settled the action against Microsoft. The agreement requiredthat Microsoft
establish a comprehensive information securityprogram for Passport, and that it must not misrepresent itspractices of information
collection and usage.
May 21: Total Information Awareness Gets a Makeover
The Department of Defense Advanced Research Projects Agency releasesa report on the "Terrorism" Information Awareness Program.
The namechange was intended to sooth fears that a massive program of publicsurveillance might raise privacy concerns. As the Department
"[t]he name 'Total Information Awareness' program created in someminds the impression that TIA was a system to be used for developingdossiers
on US citizens."
June 23: Supreme Court OKs Library Internet Filters
The U.S. Supreme Court upholds a federal law requiring libraries tofilter Internet content to receive federal funding. Critics arguedthat
the law violated free speech rights guaranteed by theConstitution. The Court disagreed, explaining that libraries couldtemporarily
turn off the software if asked by library patrons sothat they could view material that would otherwise be inaccessible.
United States v. American Library Association (2003)
June 26: Supreme Court Affirms Right to Be Left Alone in Bedroom
The Supreme Court strikes down a Texas law making it illegal for twoadults of the same sex to have consensual sex in the privacy of
thehome. The decision reversed the Court's position on sodomy laws,
and is likely to invalidate laws in twelve other states thatregulate what adults can and cannot do within the privacy of thehome.
Justice Kennedy wrote: "Liberty presumes an autonomy of selfthat includes freedom of thought, belief, expression, and certainintimate
conduct." He concluded, "As the Constitution endures,
persons in every generation can invoke its principles in their ownsearch for greater freedom." Lawrence v. Garner (2003)
July 10: Wal-Mart Scraps "Smart Shelf" Plans
Wal-Mart announces that it would not move forward with plans toinstall "smart shelf" technology in its stores that would
receiveradio frequencies emitted by Gillette products with Radio FrequencyIdentification (RFID) chips. Although Wal-Mart said the
move simplyreflected a corporate decision to implement RFID technology inwarehouses and distribution centers instead of retail stores,
concerns about the misuse of data gleaned from the tracking deviceshad prompted a public outcry against the technology.
August 8: FOIA Records Detail Attempts to Track Legislators
EPIC obtains Federal Aviation Administration transcripts and audiorecordings concerning a request by the office of U.S. House ofRepresentatives
Majority Leader Tom DeLay (R-TX) to track Texaslegislators fleeing the state by plane. The audio recordings oftelephone conversations
between the FAA's Washington OperationsCenter and various field employees indicated that the FAA employeeswere misled into believing
that the request to track the legislatorswas part of an official Congressional investigation.
August 11: Mississippi District Installs Webcams in Classrooms
The school district in Biloxi, Mississippi becomes the first in thenation to implement a system of Internet-wired video cameras, nearly500
total, to monitor its classrooms and hallways 24 hours a day.
The district, which is comprised of some 6,300 students, citedsecurity concerns as the basis for its camera use. Only designatedschool
officials and security personnel are allowed to view thefootage, which can be displayed on a computer linked to theInternet. Other
school district in the U.S. and England arebeginning to experiment with classroom webcams.
August 13: Poindexter Resigns But Defends "Total Info" Plan
In a letter to the director of the Pentagon's research department,
retired Admiral John Poindexter, the man responsible for TotalInformation Awareness, resigns as head of the Information AwarenessOffice.
He defended the controversial Total Information Awarenessprogram and cited a study conducted by his former office as anexample of
his efforts to "protect the privacy of innocent people."
August 20: Tampa Scraps Face-Recognition System
The Tampa Police Department abandons the face recognition systemused in conjunction with its video surveillance cameras, citing thesystem's
failure to recognize anyone wanted by the authorities overa two-year period. The camera-based system scanned the faces oftourists,
residents, and visitors in Ybor City and then compared theimages with police mug shots. The system's use never led to anyarrests
or positive identifications. The Identix system is still inoperation in Virginia Beach and Great Britain.
August 21: County Requires DNA for Guilty Pleas
Prosecutors in Jackson County, Missouri instituted a policyrequiring DNA samples from anyone wishing to plead guilty to afelony. Prosecutors
believe the samples can be a useful tool insolving violent crimes. The county Public Defender's office,
however, is opposed to the practice and is recommending that itsclients not comply. Other states, including Virginia, require DNAeven
from people who were only arrested and questioned.
August 31: U.S. Used Illegally Obtained Personal Data
The U.S. government was cut off from a major source of data on LatinAmerican citizens. The U.S. had purchased access to a databasecontaining
the personal information of 65 million voting-age Mexicancitizens, allowing three dozen U.S. agencies to use it to track andarrest
suspects inside and outside the U.S. However, the datavendor, Atlanta-based ChoicePoint Inc., recently erased its files oncitizens
in Mexico, Argentina and Costa Rica after an outcry fromthese countries and others in Latin America regarding the company'smeans
of obtaining this information. In particular, the Mexicangovernment complained that its federal voter rolls were the sourceof ChoicePoint's
data, and were likely obtained illegally by aMexican company that sold them to the vendor. All told, ChoicePoint had collected personal
information on residents of 10 LatinAmerican countries -- apparently without their consent or knowledge.
ChoicePoint Said To Stop Selling Data On Mexicans To US, The WallStreet Journal, Aug. 31, 2003
September 14: Anti-Terrorism Laws Used for Other Purposes
A report finds that the Patriot Act is used more often to pursuecommon crime than to combat actual terrorism. A Justice Departmentofficial
concedes that the Patriot Act contained provisions that hadbeen on prosecutors' wish lists for years. Civil liberties andlegal defense
groups said the government soon will be routinelyusing harsh anti-terrorism laws against run-of-the-mill lawbreakers.
September 18: JetBlue Confirms Disclosing Passenger Data
JetBlue Airways admits that it provided 5 million passengeritineraries to Torch Concepts, a Defense Department contractor, aspart
of a massive dataming experiment. Torch Concepts supplementedthe JetBlue data with information, such as Social Security numbersand
income levels, furnished by Acxiom Corporation. Congress callsfor an investigation.
September 19: UK Makes Spam a Crime
Britain becomes the second country in Europe to criminalize spam.
Under the new British law, spammers face an $8,057 fine if convictedin a magistrates court. Potential fines imposed in a jury trialwould
be unlimited. Spammers would not be subject to imprisonmentunder the new law.
September 22: Transatlantic Tiff Over Passenger Data
European Union officials meet in Brussels with Homeland Securityofficials to discuss whether European airlines should be forced tohand
over information on their passengers to the U.S. government.
The transfer of such information violates many European privacylaws.
September 25: Congress Pulls Plug on Total Information Awareness
The Senate passes a $368 billion Pentagon spending measure thateliminated funding for the Total Information Awareness office. Theoffice,
headed by retired admiral John Poindexter, was responsiblefor the controversial Total Information Awareness surveillanceprogram as
well as a proposed terrorism futures market.
September 26: Congress Freezes CAPPS II Funding
Congress suspends funding for the controversial Computer AssistedPassenger Pre-Screening System until the there is a study of thesystem
and a certification that privacy issues haved beensatisfactorily addressed. The Congress says that error rates, dueprocess procedures,
accuracy, and safeguards against abuse must beaddressed. The report is expected in mid-February 2004.
October 1: Do-Not-Call List Sparks Litigious Furor
To the delight of telemarketing foes throughout the nation, theFederal Trade Commission's Do-Not-Call List was scheduled to takeeffect
on October 1. But contentious litigation over the List'sconstitutionality and the FTC's authority to implement it stalledthe List's
enforcement. After maneuvering by both Congress and thePresident failed to resolve the matter, the Federal CommunicationsCommission
was eventually permitted to enforce its own Do-Not-CallList.
October 8: FBI Demands Reporter's Records, Sheepishly Apologizes
The FBI apologizes to Associated Press reporter Ted Bridis fordemanding that he preserve documents related to Adrian Lamo, who isalleged
to have hacked into The New York Times computer system. TheFBI had told Bridis that he was obligated by law to preserve therecords.
The FBI admiited that it had no legal basis for requiringthe preservation of the records under the circumstances.
October 21: Postal Service Pushes Identification Requirements
The Postal Service will require bulk mailers to include a validaddress on all envelopes. Earlier, a Presidential commissionrecommended
identification on the outside of all mail. According tothe Commission, "requiring all mail to identify its sender wouldlikely
have a negligible impact on most users of the Postal Servicewho readily identify themselves when they send mail and wouldconsider
such a requirement a relatively modest concession."
October 21: Students Battle Diebold Over Memos
The Swarthmore Coalition for the Digital Commons takes heat fromDiebold Election Systems for hosting web pages linked to thousandsof
leaked Diebold memos that detail flaws in the company's votingmachine software. The company claimed posting such information is
aviolation of the Digital Millennium Copyright Act. The students saidtht the company suppressed free speech. Diebold eventually backeddown.
October 24: 9/11 Author Pushes For National Identification Card
Journalist and entrepreneur Steven Brill announces plans to developa biometric identification cards for those who are frustrated bywaiting
in line at security checkpoints. The identification card isintended to assure that cardholders are not terrorists, violentcriminals,
or illegal immigrants, (or people who enjoy waiting inlines) and are thus entitled to less scrutiny at securitybottlenecks than those
without the card.
October 25: Discount Offered on RFID Implants
The maker of a Radio Frequency Identification chip implantable inhumans launches a nation-wide promotional campaign in support of
theproduct. Applied Digital Solutions offered a $50 discount on thedevice, which costs $200, to the first 100,000 people who sign
up tohave the chip implanted. The company next hopes to develop animplantable GPS chip. The company also faces investigations by
theFood and Drug Administration and the NASDAQ.
October 28: Library of Congress Grants DMCA Exceptions
The Library of Congress creates new narrow exemptions to a digitalpiracy law that makes it illegal to crack digital copyrightprotections.
One can now legally crack codes to access lists ofsites blocked by commercial Internet filtering software, but notspam-fighting
lists; computer programs protected by hardware donglesthat are broken or obsolete; computer programs or video games thatuse obsolete
formats or hardware; and e-books that preventread-alound or other handicapped access formats from functioning.
The move was still criticized by free-speech activists, who hadhoped for more exceptions.
November 4: Defense Department Pays Linda Tripp $595,000 To SettlePrivacy Case
The Department of Defense settles a Privacy Act litigation withformer employee Linda Tripp, agreeing to pay $595,000 for Tripp todrop
her claims. Tripp alleged that Pentagon officials releasedprivate information about her in retaliation for her role in theLewinsky
matter, which led to impeachment proceedings against thenPresident Clinton.
November 16: Government, Industry Announce
Major luggage and lock retailers in the United States, with thebacking of the Transportation Security Administration, announce theTravel
Sentry, a new lock that will enable government agents tosearch checked baggages. A TSA spokesperson says, "In other words,
we can open it, but no one else can." But reports at years end findthat Travel Sentry locks are also clipped by TSA officials.
December 4: Credit Legislation Signed Into Law
New credit privacy legislation is signed into law. The law willpreempt tougher state laws protecting privacy and preventingcompanies
from sharing personal information. The bill is a victoryfor the financial industry. One positive aspect of the legislation,
however, is that it gives consumers new protections against identitytheft, including free credit reports and a national fraud-alertsystem
to minimize damage once a theft has occurred.
December 12: School Installs Face-Recognition Technology to FindChildren, Sex Offenders
A Phoenix-area middle school plans to install face-recognitiontechnology intended to identify registered sex offenders and missingchildren.
The surveillance system consists of two cameras, whichcost from $3,000 to $5,000, linked to state and federal lawenforcement databases
containing information about sex offenders,
missing children, and abductors. The Arizona Superintendent ofPublic Instruction is pushing to have the surveillance systeminstalled
in every school in Arizona.
December 16: Rush Limbaugh Fights for His Medical Record Privacy
Conservative talk show host Rush Limbaugh tells a Florida court thatinvestigators violated his privacy by seizing his medical recordsunder
search warrants on December 4. He asked that the records notbe made available to prosecutors investigating whether Limbaughillegally
bought prescription painkillers, citing the need toprotect physician/patient confidentiality.
December 16: U.S., European Union Strike Passenger Data Deal
The European Union agrees to allow the United States to collectairline passenger records on all individuals flying from Europe tothe
United States. The concession ended transatlantic tensionstemming from the European Union's threat to keep airlines fromdisclosing
passenger information under European privacy laws. Theagreement will limit what information can be gathered from passengerrecords,
how it can be shared with the U.S., and how long it can bestored.
December 16: Anti-Spam Legislation Signed Into Law
The CAN-SPAM Act of 2003 is signed into law, authorizing both finesand imprisonment for spammers who gather e-mail addresses from
theInternet or use false information to deceive spam recipients. Thenew federal law will preempt stricter state laws, and may beineffective
against spam sent from outside the United States. Thelaw will be enforced beginning January 1, 2004.
December 20: Recording Industry Association of America DealtSetback
A federal district court holds that the Recording IndustryAssociation of America must get a judge's permission beforedemanding that
Internet service providers disclose the names ofcustomers suspected of trading music online in violation ofcopyright laws. The decision
will force the RIAA to file suitagainst an individual, and then ask a judge to compel the Internetservice provider to turn over the
December 31: Inspector General Slams Info Awareness
The Department of Defense Inspector General concludes that the TotalInformation Awareness program failed to address key privacyconcerns.
The program was killed earlier in the year by theCongress, but some of the program's activities have been quietlytransferred to other
HAPPY NEW YEAR FROM THE ELECTRONIC PRIVACY INFORMATION CENTER (EPIC)
The EPIC Alert mailing list is used only to mail the EPIC Alert and tosend notices about EPIC activities. We do not sell, rent or
share ourmailing list. We also intend to challenge any subpoena or other legalprocess seeking access to our mailing list. We do
not enhance (linkto other databases) our mailing list or require your actual name.
In the event you wish to subscribe or unsubscribe your e-mail addressfrom this list, please follow the above instructions under"subscription
information". Please contact infoepic.org if you wouldlike to change your subscription e-mail address, if you areexperiencing subscription/unsubscription problems, or if you
have anyother questions.
The Electronic Privacy Information Center is a public interestresearch center in Washington, DC. It was established in 1994 tofocus
public attention on emerging privacy issues such as the ClipperChip, the Digital Telephony proposal, national ID cards, medicalrecord
privacy, and the collection and sale of personal information.
EPIC publishes the EPIC Alert, pursues Freedom of Information Actlitigation, and conducts policy research. For more information,
e-mail infoepic.org, http://www.epic.org or write EPIC, 1718Connecticut Ave., NW, Suite 200, Washington, DC 20009. +1 202 483 1140(tel),
+1 202 483 1248 (fax).
If you'd like to support the work of the Electronic PrivacyInformation Center, contributions are welcome and fullytax-deductible.
Checks should be made out to "EPIC" and sent to 1718Connecticut Ave., NW, Suite 200, Washington, DC 20009. Or you cancontribute
Your contributions will help support Freedom of Information Act andFirst Amendment litigation, strong and effective advocacy for theright of privacy and efforts to oppose government regulation
ofencryption and expanding wiretapping powers.
Thank you for your support.
END EPIC 2003 Year in Review