WorldLII Home | Databases | WorldLII | Search | Feedback

EPIC Alert

You are here:  WorldLII >> Databases >> EPIC Alert >> 2003 >> [2003] EPICAlert 8

Database Search | Name Search | Recent Articles | Noteup | LawCite | Help

EPIC Alert 10.08 [2003] EPICAlert 8


Volume 10.08 April 23, 2003

Published by the Electronic Privacy Information Center (EPIC)
Washington, D.C.

Table of Contents

[1] Coalition Alleges Violations of Children's Privacy Law
[2] FOIA Documents on ChoicePoint Spark International Inquiries
[3] EPIC Establishes Privacy Threat Index
[4] Online Petition Drive Continues to Urge Accuracy for FBI Database
[5] Privacy and First Amendment Symposium: 5/9/03, Oakland, CA
[6] News in Brief
[7] EPIC Bookstore: The File: A Personal History
[8] Upcoming Conferences and Events

[1] Coalition Alleges Violations of Children's Privacy Law

In a complaint filed with the Federal Trade Commission (FTC), EPIC and11 consumer protection groups urged the agency to for violations of the Children's Online Privacy ProtectionAct (COPPA). The coalition of groups joining the complaint includesCommercial Alert, the Center for Media Education, and the ConsumerFederation of America.

The COPPA is a 1998 Federal law that seeks to protect individualsunder the age of 13 from online privacy violations. Commercial Websites that are directed towards children, or those that have actualknowledge that they collect children's personal information, mustcomply with the COPPA. Such sites must provide a parental privacynotice, a mechanism to obtain verifiable parental consent for thecollection of children's information, a system for parental review anddeletion of children's information, and security and confidentialityrequirements.

The complaint details how is operating a commercial Website directed at children, collecting children's personal information,
and disclosing that data. To support the finding that Amazon.comdirects its "Toy Store" page to children, the complaint illustrateshow the company employs child models, cartoon characters, and playfulfonts to direct children to purchase toys on the site. Individuals whovisit "" or "" are redirected to "Toy Store" page. Furthermore, it appears that numerouschildren have registered on the Web site. The EPICcomplaint notes that children as young as 7 have registered, and insome cases, have publicly listed their full names, postal addresses,
and e-mail addresses.

The complaint urges the FTC to investigate, and to orderthe company to purge children's information from the site. EPIC haspreviously filed complaints and engaged in other actions that have ledto pro-privacy changes in industry practices, specifically regardingthe privacy and security of Microsoft Passport, DoubleClick's Webtracking scheme, and Intel's Processor Serial Numbers (see EPIC Alerts8.14, 7.03, and 6.02).

The complaint is available online at:


[2] FOIA Documents on ChoicePoint Spark International Inquiries

Documents obtained under the Freedom of Information Act (FOIA) havesparked inquiries in Mexico and other Central and South Americancountries regarding the sale of foreign citizens' personal informationto the US government by information broker ChoicePoint. ChoicePointsells the personal data of citizens of Mexico, Colombia, Brazil,
Venezuela, Guatemala, Argentina, Costa Rica, Honduras, and Nicaragua.
The information categories for these countries include national ID,
voting registers, vehicle registration, aircraft registration, andtelephone numbers. Apparently ChoicePoint began to accumulate thisinformation in 2000 through relationships with foreign governments andpurchases from foreign data vendors.

Latin American privacy experts claim that the acquisition of theinformation by ChoicePoint may have been illegal, and that the saleinfringes on national sovereignty. Costa Rican, Nicaraguan, andMexican authorities have decided to investigate the matter, and theMexican Federal Electoral Institute will file a criminal complaintagainst persons who have sold voter data to ChoicePoint.

One group of documents obtained from the Immigration and Naturali-
zation Service (INS) shows that ChoicePoint offered a contract forunlimited direct access to international databases for a $1 millionfee. Other documents obtained from the Department of JusticeManagement Division show that the agency entered into an $11 millioncontract with ChoicePoint for fiscal year 2002.

FOIA Documents from the INS:

FOIA Documents from the Department of Justice Management Division:

EPIC's Page on Privacy and Public Records:

[3] EPIC Establishes Privacy Threat Index

On April 15, EPIC announced that it was establishing a new PrivacyThreat Index to track the growing threat to privacy resulting from theexpansion of government surveillance.

The Privacy Threat Index follows the same color-coded scheme estab-
lished for the Homeland Security Advisory System: the rankings ofGreen, Blue, Yellow, Orange, and Red correspond respectively to Low,
Guarded, Elevated, High, and Severe threats to privacy.

Based on developments during the past year, EPIC assessed the currentlevel as Yellow, or Elevated. The factors cited included the following:

- Expanded use of the Foreign Intelligence Surveillance Act,
which permits the government to conduct surveillance without the general safeguards required by the Fourth Amendment;

- The decision of the FBI to relax the legally mandated accuracy requirement for the National Crime Information Center, the nation's largest criminal justice database;

- Increased funding for surveillance systems, including immigration control and video surveillance;

- Possible consideration of the Domestic Security Enhancement Act, dubbed by some as "Patriot II," which would further expand government surveillance authority;

- Required use of biometric identifiers for routine identifi-
cation documents without associated privacy protection to assure personal information will not be misused;

- Ongoing efforts by the FBI to extend the application of the Communications Assistance for Law Enforcement Act, which requires the development of wiretap-friendly communications services, to Internet telephony.

At the same time, EPIC noted that there were some hopeful signs:

- The United States has so far rejected the development of a mandatory national ID card;

- The proposal for the establishment of Total Information Awareness research program has been suspended by Congress pending an investigation;

- The passenger profiling system, CAPPS II, is under increased scrutiny.

On April 16, when the federal government reduced the threat level forthe Homeland Security Advisory System, EPIC's Privacy Threat Indexremained unchanged. The decision not to change the threat level wasbased on the fact that there had been no changes in the level ofgovernment monitoring and surveillance in the United States.

EPIC Executive Director Marc Rotenberg said that it seems more likelythat the Privacy Threat Index would be raised in the near future,
rather than lowered. He also noted that it would become increasinglyimportant to compare surveillance activity over time: "We will use thePrivacy Threat Index to assess developments in the United States andto compare activities in countries around the world."

Web sites are encouraged to link to the EPIC Privacy Threat Index.
Insert the following HTML code where the graphic should appear:

<A HREF=""><IMG "" alt="EPIC Privacy Threat Index"></A>

The Privacy Threat Index graphic is available at:

Information about EPIC's annual publication "Privacy and HumanRights," which will incorporate the Privacy Threat Index in theforthcoming 2003 edition, is available at:

[4] Online Petition Drive Continues to Urge Accuracy for FBI Database

EPIC encourages individuals to join the campaign to restore theaccuracy requirements for the nation's largest law enforcementdatabase. Last month, the Justice Department exempted the FBI fromthe Privacy Act obligation to ensure the accuracy, completeness, andtimeliness of the 39 million records it maintains in its NationalCrime Information Center (NCIC) system. A broad coalition of organi-
zations and thousands of individuals are now calling on Office ofManagement and Budget Director Mitchell Daniels to require the JusticeDepartment to rescind its decision.

Recent controversy over a similar law enforcement database inCalifornia highlights the potential risks posed by lifting dataaccuracy requirements. Some parents of Northern California studentsbelieve that police may be erroneously categorizing their children assuspected gang members in "CalGang," a statewide computer system fortracking and sharing information on alleged gang members andassociates. In a lawsuit filed by the ACLU of Northern California,
students claim that local police and school officials at a Union Cityhigh school unlawfully detained, searched, and photographed 60students whose names and pictures were then included in the CalGangdatabase. The complaint alleges that the students illegally weresuspected as gang members on the basis of their race and nationalorigin.

While the CalGang data is not specifically submitted to the FBI's NCICdatabase, this case demonstrates how easily inaccurate informationcould be included in the system. The NCIC database also containsinformation on suspected gang members, and the criteria forcategorizing an individual as a suspected gang member are minimal.
For example, an individual merely needs to frequent a known gang areaand be identified as a gang member by a "reliable informant" to beincluded in the database. Under the new Justice Departmentregulations, law enforcement agents are no longer statutorily chargedwith ensuring the accuracy and completeness of this information.

To support the effort to restore the accuracy requirements of the NCICdatabase, sign the online petition:

EPIC National Crime Information Center Page:

California Class Action Complaint Regarding CalGang:

[5] Privacy and First Amendment Symposium: 5/9/03, Oakland, CA

Registration is still open for "Uniting Privacy and the FirstAmendment in the 21st Century," a symposium organized jointly by theElectronic Privacy Information Center, the First Amendment Project,
and the California Office of Privacy Protection. The symposium willtake place on May 9 in Oakland, California. There is a studentdiscount; scholarship money is also available to cover travel costs.

Freedom of expression and the right to privacy are both extremelyimportant constitutional values; yet privacy and the First Amendmentare often set against one another, proving quite problematic. Thissymposium will explore how best to safeguard these two essentialrights. It is a meeting for advocates and academics, experts andinterested persons; a conference for all people who value both freedomof expression and the right to privacy. Informational sessions andinteractive working groups will foster problem-solving and futurecollaboration among attendees.

The conference will focus on three major themes: Privacy's role inpromoting the First Amendment, Mutual threats to Privacy and the FirstAmendment, and Privacy and the First Amendment in conflict. ProfessorJeffrey Rosen will deliver the keynote address.

Also, on May 10, there will be a special meeting of the PrivacyCoalition on the West Coast. Local affiliates and privacy advocates inthe Bay Area are highly encouraged to attend.

To register for the symposium, see the informational online brochure:

More information about the conference is available at:

[6] News in Brief

Center for the Protection of Free Expression Awards "Jefferson Muzzles"

On April 13, the Thomas Jefferson Center for the Protection of FreeExpression celebrated Jefferson's birthday by awarding the 12th annual"Jefferson Muzzles." These dubious awards are given to those whoseactions would stifle freedom of expression, going against Jefferson'score beliefs. This year's awardees include Attorney General JohnAshcroft and the U.S. Congress.

More information on this year's "winners" is available at:

OSCE Releases Report on Freedom of the Media in the Digital Era
The Organization for Security and Cooperation in Europe (OSCE) haspublished a booklet titled "From Quill to Cursor: Freedom of the Mediain the Digital Era." This booklet comprises papers submitted for aone-day workshop on freedom of the media and the Internet held inVienna in November. In these papers, experts from the United NationsEducational, Scientific and Cultural Organization (UNESCO) and theCouncil of Europe, as well as journalists and Internet serviceproviders, explore topics such as universal access to Cyberspace,
constitutional rights in the Internet age, the importance of thepublic domain, and censorship and intellectual property rights.

"From Quill to Cursor: Freedom of the Media in the Digital Era":

New Advocacy Group to Hold Briefing on Secrecy and Homeland Security
A new online advocacy group, the Center for Progressive Regulation(CPR), is arguing that the provision of the Homeland Security Act of2002 that exempted voluntarily disclosed critical infrastructureinformation to the Department of Homeland Security from Freedom ofInformation Act (FOIA) requests is "a significant departure fromexisting law." On April 25 the organization will hold a Hill briefingon this subject, called "Democracy Behind Closed Doors: The HomelandSecurity Act and Government Secrecy Initiatives."

Center for Progressive Regulation:

D.C. Law Librarians Upload New Reports on Congressional Procedures
The Law Librarians' Society of Washington, D.C. (LLSDC) has announcedthe availability of a new Web resource. "Selected CongressionalResearch Service Reports on Congress and Its Procedures" includesmany reports that are now available on the Web for the first time. Thesite also provides links to other CRS reports available online.

The reports are available on LLSDC's Legislative Source Book Web site:

[7] EPIC Bookstore: The File: A Personal History

The File: A Personal History, by Timothy Garton Ash (Random House1997).

Timothy Garton Ash's "The File" is a journey into the author'stwo-inch-thick Stasi intelligence file that the East German policeaccumulated on him during his study as a graduate student in EastBerlin. These files were opened after German reunification, and havecaused great tension in the country as Stasi informers were shown tohave shared information on co-workers, friends, and even familymembers.

Ash's Stasi file, consistent with the government disclosure rules, isnearly complete. Only the names of innocent third parties areredacted from the record, thus giving Ash the opportunity to confrontthe citizen informers who betrayed him and the Stasi agents whocoordinated surveillance of his activities.

Ash systematically describes what he finds in his file, and confrontsthe individuals who furnished the information to the government. Hefinds that the informers were often blackmailed or otherwise forcedinto cooperating with the police. In some cases, individuals becameinformants in order to prove their loyalty to the state. Othersbecame informers because they passionately believed in the socialistgovernment, and were willing to do anything to ensure the survival ofthe system.

Ash was never imprisoned, tortured, or otherwise physically harmed bythe Stasi, aside from being banned from East Germany after hepublished an article depicting conditions in the country unfavorably.
Other people met different fates at the hands of the Stasi. Neverthe-
less, Ash expresses compassion for the informers and government agentswho monitored him, noting that he had not found a single "evil" personin the process of examining his file. Rather, he found that thoseinvolved were "just weak, shaped by circumstance, self-deceiving;
human, all too human. Yet the sum of all their actions was a greatevil."

- Chris Jay Hoofnagle

EPIC Publications:

"The Privacy Law Sourcebook 2002: United States Law, InternationalLaw, and Recent Developments," Marc Rotenberg, editor (EPIC 2002).
Price: $40.

The "Physicians Desk Reference of the privacy world." An invaluableresource for students, attorneys, researchers and journalists who needan up-to-date collection of U.S. and International privacy law, aswell as a comprehensive listing of privacy resources.

"FOIA 2002: Litigation Under the Federal Open Government Laws," HarryHammitt, David Sobel and Mark Zaid, editors (EPIC 2002). Price: $40.

This is the standard reference work covering all aspects of theFreedom of Information Act, the Privacy Act, the Government in theSunshine Act, and the Federal Advisory Committee Act. The 21stedition fully updates the manual that lawyers, journalists andresearchers have relied on for more than 25 years. For those wholitigate open government cases (or need to learn how to litigatethem), this is an essential reference manual.

"Privacy & Human Rights 2002: An International Survey of Privacy Lawsand Developments" (EPIC 2002). Price: $25.

This survey, by EPIC and Privacy International, reviews the state ofprivacy in over fifty countries around the world. The survey examinesa wide range of privacy issues including data protection, telephonetapping, genetic databases, video surveillance, location tracking, IDsystems and freedom of information laws.

"Filters and Freedom 2.0: Free Speech Perspectives on Internet ContentControls" (EPIC 2001). Price: $20.

A collection of essays, studies, and critiques of Internet contentfiltering. These papers are instrumental in explaining why filteringthreatens free expression.

"The Consumer Law Sourcebook 2000: Electronic Commerce and the GlobalEconomy," Sarah Andrews, editor (EPIC 2000). Price: $40.

The Consumer Law Sourcebook provides a basic set of materials forconsumers, policy makers, practitioners and researchers who areinterested in the emerging field of electronic commerce. The focus ison framework legislation that articulates basic rights for consumersand the basic responsibilities for businesses in the online economy.

"Cryptography and Liberty 2000: An International Survey of EncryptionPolicy," Wayne Madsen and David Banisar, authors (EPIC 2000). Price:

EPIC's third survey of encryption policies around the world. Theresults indicate that the efforts to reduce export controls on strongencryption products have largely succeeded, although severalgovernments are gaining new powers to combat the perceived threats ofencryption to law enforcement.

EPIC publications and other books on privacy, open government, freeexpression, crypto and governance can be ordered at:

EPIC Bookstore

"EPIC Bookshelf" at Powell's Books

[8] Upcoming Conferences and Events

** Uniting Privacy and the First Amendment in the 21st Century **

May 9-10, 2003Oakland, CA
EPIC, the First Amendment Project, and the California Office ofPrivacy Protection are sponsoring this activist symposium designed toexplore the interplay between privacy and First Amendment rights, withthe goal of developing strategies for optimizing both.

For more information:

Mid Canada Information Security Conference. Information ProtectionAssociation of Manitoba. April 30, 2003. Winnipeg, Manitoba, Canada.
For more information:

Finding Our Digital Voice: Governing in the Information Age. CrossingBoundaries National Conference. Centre for Collaborative Government.
May 7-9, 2003. Ottawa, Canada. For more information:

Collecting and Producing Electronic Evidence in Cybercrime Cases.
University of Namur. May 8-9, 2003. Namur, Belgium. For moreinformation:

Little Sister 2003: Community Resistance, Security, Law andTechnology. May 9-11, 2003. Vancouver, British Columbia, Canada. Formore information:

2003 IEEE Symposium on Security and Privacy. IEEE Computer SocietyTechnical Committee on Security and Privacy, in cooperation with theInternational Association for Cryptologic Research (IACR). May 11-14,
2003. Oakland, CA. For more information:

Technologies for Protecting Personal Information. Federal TradeCommission. Workshop 1: The Consumer Experience. May 14, 2003.
Workshop 2: The Business Experience. June 4, 2003. Washington, DC. Formore information:

ITS-2003: Third International Conference on "Information Technologiesand Security." June 23-27, 2003. Partenit, Crimea, Ukraine. For moreinformation:

Press Freedom on the Internet. The World Press Freedom Committee. June26-28, 2003. New York, NY. For more information: <>

Building the Information Commonwealth: Information Technologies andProspects for Development of Civil Society Institutions in theCountries of the Commonwealth of Independent States.
Interparliamentary Assembly of the Member States of the Commonwealthof Independent States (IPA). June 30-July 2, 2003. St. Petersburg,
Russia. For more information:

O'Reilly Open Source Convention. July 7-11, 2003. Portland, OR. Formore information:

1st Global Conference: Visions of Humanity in Cyberculture, Cyberpunkand Science Fiction. August 11-13, 2003. Prague, Czech Republic. Formore information:

Privacy2003. Technology Policy Group. September 30 - October 2, 2003.
Columbus, OH. For more information:

Subscription Information

Subscribe/unsubscribe via Web interface:

Subscribe/unsubscribe via e-mail:

Subject: "subscribe" or "unsubscribe" (no quotes)

Automated help with subscribing/unsubscribing:

Subject: "help" (no quotes)

Problems or questions? e-mail <>

Back issues are available at:

The EPIC Alert displays best in a fixed-width font, such as Courier.

Privacy Policy

The EPIC Alert mailing list is used only to mail the EPIC Alert and tosend notices about EPIC activities. We do not sell, rent or share ourmailing list. We also intend to challenge any subpoena or other legalprocess seeking access to our mailing list. We do not enhance (linkto other databases) our mailing list or require your actual name.

In the event you wish to subscribe or unsubscribe your e-mail addressfrom this list, please follow the above instructions under"subscription information". Please contact if you wouldlike to change your subscription e-mail address, if you areexperiencing subscription/unsubscription problems, or if you have anyother questions.

About EPIC

The Electronic Privacy Information Center is a public interestresearch center in Washington, DC. It was established in 1994 tofocus public attention on emerging privacy issues such as the ClipperChip, the Digital Telephony proposal, national ID cards, medicalrecord privacy, and the collection and sale of personal information.
EPIC publishes the EPIC Alert, pursues Freedom of Information Actlitigation, and conducts policy research. For more information,
e-mail, or write EPIC, 1718Connecticut Ave., NW, Suite 200, Washington, DC 20009.
+1 202 483 1140 (tel), +1 202 483 1248 (fax).

If you'd like to support the work of the Electronic PrivacyInformation Center, contributions are welcome and fullytax-deductible. Checks should be made out to "EPIC" and sent to1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009.
Or you can contribute online at:

** Receive a free Observing Surveillance conference poster withdonation of $75 or more! **

Your contributions will help support Freedom of Information Act andFirst Amendment litigation, strong and effective advocacy for theright of privacy and efforts to oppose government regulation ofencryption and expanding wiretapping powers.

Thank you for your support.

END EPIC Alert 10.08


WorldLII: Copyright Policy | Disclaimers | Privacy Policy | Feedback