WorldLII Home | Databases | WorldLII | Search | Feedback

EPIC Alert

You are here:  WorldLII >> Databases >> EPIC Alert >> 2003 >> [2003] EPICAlert 9

Database Search | Name Search | Recent Articles | Noteup | LawCite | Help

EPIC Alert 10.09 [2003] EPICAlert 9


Volume 10.09 May 7, 2003

Published by the Electronic Privacy Information Center (EPIC)
Washington, D.C.

Table of Contents

[1] European Groups Discuss Implications of Passenger Profiling
[2] FISA Surveillance Reached All-Time High in 2002
[3] UNESCO Celebrates Freedom of the Press Worldwide
[4] Congress Holds Oversight Hearing On Data Mining Systems
[5] Rights Experts Release Report Criticizing EU Response to 9/11
[6] News in Brief
[7] EPIC Bookstore: Surveillance & Society
[8] Upcoming Conferences and Events

[1] European Groups Discuss Implications of Passenger Profiling

European Digital Rights (EDRi), a coalition of privacy and civilliberties organizations in Europe, has started a campaign opposing thetransfer of European air passenger data to the United States. EDRi isasking European air travelers to file complaints with their airlinecompanies in order to discern what personal information of theirs isbeing disclosed to the US government, and to write letters to theirnational data protection authorities urging them to investigate thesituation. EDRi argues that the release of this information is abreach of EU privacy laws.

On May 6, a United States government delegation appeared at a hearingbefore the European Parliament in an attempt to demonstrate thenecessity of the Computer Assisted Passenger Pre-screening System(CAPPS-II). Numerous questions were asked of the witnesses, such as:

* Why does the US government need all of the information available in the Passenger Name Record (PNR), which can include data such as meal preference, credit card number,
and hotel and car rental information?

* Why do you plan to retain some passenger data for up to 50 years?

* How is there no profiling or data mining involved when CAPPS-II seems to be such an extensive system?

* Will Europeans have similar rights to US citizens regarding access to and correction of their records?

* Will judicial remedies be afforded in the case of abuses,
even though US legislation (such as the Privacy Act) does not protect Europeans? and
* How does the scope of these data requests relate to the ultimate goal of securing air travel safety?

Many Members of Parliament found that the Homeland Security repre-
sentatives' answers to these and other questions were insufficient.

Government representatives also referred to "already commerciallyavailable information" as the only source of data to be used in thedatabase. However, documents obtained by EPIC under the Freedom ofInformation Act have led to discussions about whether such commercialinformation on foreigners may have been, at times, illegally collectedby private companies acting as government contractors, as may be thecase with ChoicePoint's recent activity in Central and South America(see EPIC Alert 10.08).

Meanwhile, the US Bureau of Customs and Border Protection (CBP) andthe European Commission recently discussed a possible solution torestrict threats to European passenger privacy. The solution wouldcall for airlines to create a back-up copy of all passenger data,
filtering out information that CBP did not specifically request, orsensitive data for which transfer is strictly limited under EU laws.
The data would then be transferred to CBP, instead of allowing themfull and direct access to the databases. However, this would imposehigh costs for the airlines that US Customs does not want to bear.

EDRi Campaign Web Site:

EPIC's EU/US Passenger Data Disclosure Page:

[2] FISA Surveillance Reached All-Time High in 2002

The number of Foreign Intelligence Surveillance Act (FISA) ordersreached an all-time high in 2002, with 1228 applications presented to,
and approved by, the secret FISA Court. The calendar year of 1980 wasthe first full year that FISA was in effect, during which 319 FISAapplications were presented. Since FISA went into effect, the Courthas approved all government applications.

During 2002, 1358 total Title III (ordinary law enforcement) appli-
cations were approved and one was denied. Title III activity reachedan all-time high in 2001, with 1491 total applications approved andzero denied. Since 1968, a total of 29,250 Title III applicationshave been presented (comprising 9,928 federal applications and 19,322state applications) and 32 denied. (Note that not all jurisdictionshave reported their wiretap usage.)

Congress passed FISA in 1978, establishing a separate legal regime for"foreign intelligence" surveillance. Title III, the "Wiretap Statute,"
outlines the strict guidelines regulating ordinary law enforcementsurveillance, while FISA regulates the government's collection of"foreign intelligence" information in furtherance of U.S. counter-
intelligence and anti-terrorism efforts.

FISA was initially limited to electronic eavesdropping and wire-
tapping. In 1994, it was amended to permit covert physical entries inconnection with "security" investigations, and in 1998, it was amendedto permit pen/trap orders. FISA, under provisions not reflected inthe recently reported figures, can also be used to obtain a broadrange of business records.

Foreign Intelligence Surveillance Act Orders, 1979-2002:

Title III Wiretap Orders, 1968-2002:


[3] UNESCO Celebrates Freedom of the Press Worldwide

Every year, the United Nations Educational, Scientific and CulturalOrganization (UNESCO) coordinates the observation of World PressFreedom Day on May 3. World Press Freedom Day is a day to celebratethe fundamental principles of press freedom, to evaluate the state offreedom of the press around the world, to defend the media fromattacks on their independence, and to pay tribute to journalists whohave lost their lives in the exercise of their profession.

The UNESCO/Guillermo Cano World Press Freedom Prize is awarded eachyear to honor the work of an individual, organization, or institutiondefending or promoting freedom of expression anywhere in the world,
especially if this puts the person’s life at risk. Israeli journalistAmira Hass, who has spent the last decade living in and reporting onthe Palestinian Territories for the Israeli daily newspaper Ha’aretz,
was this year's winner.

UNESCO also held a two-day conference titled "Early New MillenniumChallenges" in Kingston, Jamaica. EPIC Policy Analyst MihirKshirsagar, who coordinates the Public Voice coalition, spoke at theconference about the development of participative democracy and thecivil society on a panel called "Freedom of Expression in KnowledgeSocieties: Opportunities." Kshirsagar's speech focused on theimportant role that new communication technologies can play inenabling free expression. He said, "These technologies of freedomoperate by decentralizing sources of information; the aim is topromote pluralism of expression rather than the dissemination ofpreferred ideas." New communication technologies, which emphasizepeer-to-peer production and distribution of ideas, must be affordedthe same protections by governments that were granted to the press andbroadcast mediums. UNESCO is uniquely situated to help ensure thatthe benefits of these new communication technologies are fullyrealized.

UNESCO World Press Freedom Day 2003:

Transcript of speech on new communication technologies, by EPIC PolicyAnalyst Mihir Kshirsagar:

[4] Congress Holds Oversight Hearing On Data Mining Systems

On May 6, the House Subcommittee on Technology and Information Policyheld an oversight hearing on the data mining systems being used orconsidered by three federal agencies. The Subcommittee heard testi-
mony from Steve McCraw, Assistant Director, Office of Intelligence,
Federal Bureau of Investigation (FBI); Admiral James L. Loy, Director,
Transportation Security Administration (TSA); and Dr. Anthony Tether,
Director, Defense Advanced Research Projects Agency (DARPA).

Mr. McCraw began his testimony by asserting that the FBI’s own datasystems contain information that is legally and lawfully collected,
and that new data mining systems, like the agency's SCOPE project,
will allow analysts to search the agency's existing databases forlinks, associations, and relationships among individuals. McCrawconceded that the FBI's systems rely in part on data compiled bypublic sector companies that are not always accurate. He testifiedthat follow-up investigations are often necessary to confirm theinformation. Rep. William Clay (D-MO) challenged McCraw on the FBI'srecent decision to lift the data accuracy requirements for theagency's largest criminal justice database, the NCIC (see EPIC Alert10.07). In response, McCraw emphasized the strict guidelinesgoverning the use of NCIC. He also agreed to review the matterfurther.

Admiral Loy also sought to reassure the Subcommittee about theaccuracy of the TSA's proposed CAPPS-II system that will identifypassengers for additional screening before boarding a plane. Hetestified that the TSA would establish a Passenger Advocate toinvestigate passengers' concerns about being identified for pre-
screening, but he conceded that the investigation could take some timeand that it would not always be possible to inform passengers of thereasons for the additional screening. Admiral Loy asserted thatunlike the classic definition of "data-mining," CAPPS-II would resultin a "traveler-activated" search. The traveler's provided name,
address, telephone number, and date of birth would be used first toauthenticate the traveler's identity through public sector databases,
and then would be run through government data systems and assessed arisk threat score. Admiral Loy did not specify the risk assessmenttechniques, but announced that a new Federal Register notice would bepromulgated soon based on comments the agency received from its firstnotice on the program.

Similarly, Dr. Tether used the hearing as an opportunity to addresspublic concerns about DARPA's Total Information Awareness program(TIA). He contrasted TIA with traditional data mining techniques thatcomb through large amounts of information to detect previouslyunnoticed correlations. He testified that DARPA is not pursuing suchtechniques and instead is developing a different approach to research.
He said that the approach begins with the development of a hypo-
thetical attack scenario, and then leads to the use of data mining todiscover whether patterns of information correlated with that scenarioactually exist. He stressed that this process would decrease thethreat of erroneously flagging innocent activities and persons assuspicious, and emphasized that audit techniques would ensure thatdata is not used for unauthorized purposes. When representativesinquired whether TIA would use consumers' transaction information heldby private companies, Dr. Tether sought to distance the agency fromsuch potential uses, stating that a researcher hired by DARPA may becontemplating such practices, but the agency had not yet made any suchformal plans.

Documents obtained by EPIC through an Freedom of Information Actrequest, however, reveal that one of TIA’s goals is to develop"innovative technologies to architect, populate and exploit" reposi-
tories "for combating terrorism." Repositories were defined as "a newkind of extremely large, omni-media, virtually-centralized, andsemantically rich information repository that is not constrained bythe limited commercial database products available today."

The Subcommittee plans to reconvene in two weeks to examine theprivacy and civil liberties questions raised by the programs.

EPIC's letter submitted for a hearing on Data Mining, CurrentApplications and Future Possibilities:

EPIC's Joint Letter and Online Petition Requiring Accurate Informationin the NCIC:

EPIC's Passenger Profiling Page:

EPIC's Total Information Awareness Page:

[5] Rights Experts Release Report Criticizing EU Response to 9/11

In their first annual report, the European Union Network of Inde-
pendent Experts in Fundamental Rights has raised many negative pointsregarding anti-terrorism legislation adopted by EU member states inresponse to the events of September 11, 2001.

The report offers six main criticisms of EU and member state anti-
terrorism legislation:

* Problems regarding the "imprecise" definition in the EU Framework Decision on combating terrorism of 13 June 2002;

* Concern over the European Arrest Warrant (EU Framework Decision of 13 June 2002);

* Failure to ensure data protection in regard to cooperation with third states, particularly the United States;

* EU Recommendation on the development of "terrorist profiles"
of November 2002;

* General failure to protect human rights in the adoption of "emergency legislation"; and
* The EU "terrorist lists" and freezing of assets of suspected terrorists.

The group was set up by the European Commission in September 2002,
following a recommendation from the European Parliament.

The main report is available at:

Thematic report on freedom and security and responses to terroristthreats:

[6] News in Brief

Supreme Court To Hear Crime Scene Photos Case
The Supreme Court announced this week that it will decide whether thepublic's right to access government records extends to the release ofcrime scene photographs that may implicate privacy interests of thedeceased's family. The justices voted to consider whether thegovernment must release post-mortem pictures of former White Housedeputy counsel Vincent Foster under the Freedom of Information Act.
Last year, the Court of Appeals for the Ninth Circuit ordered therelease of four of ten photographs requested by a California attorney.
The attorney has since appealed for the release of the remaining sixphotos. Conversely, the government has urged the Supreme Court toreverse the lower court ruling so that all ten photographs may bewithheld. The case will be heard in fall 2003.

Solicitor General's Petition for Certiorari:

Attorney Favish's Petition for Certiorari:

Deceptive Fundraisers Not Protected by First Amendment
On Monday, the Supreme Court ruled unanimously that the FirstAmendment does not protect telemarketers who deceive potentialcontributors about what percentage of their donation will actually goto charity. States can now press fraud charges against parties whoengage in this deceptive practice. In the decision, Justice RuthBader Ginsburg wrote, "[W]hen nondisclosure is accompanied by inten-
tionally misleading statements designed to deceive the listener, theFirst Amendment leaves room for a fraud claim."

Illinois ex rel. Madigan v. Telemarketing Associates, Inc.:

Radio Frequency Identification Chips: Equipped with Kill Switch
According to the Auto ID Center (a group that is helping to developthe specification for RFID), a "kill switch" will be incorporated intoRFID tags as early as summer 2003. If retail outfits begin using thechips to track inventory, consumers are to be asked upon purchase ifthey would like to disable the RFID feature. Industry representativesbelieve that a consumer might choose to keep the tag activated, asthere are plans to program some tags to contain useful informationsuch as wash cycle for a particular garment or cooking time and temp-
erature for a food item. However, once a tag is disabled, it will beunable to be reactivated.

More information about Radio Frequency Identification:

[7] EPIC Bookstore: Surveillance & Society

Surveillance & Society: The fully peer-reviewed transdisciplinaryonline surveillance studies journal. Managing Editor: David Wood.
ISSN: 1477-7487.

Surveillance & Society is a new electronic journal, available freeonline, that began publication in 2002. The journal is a part of anew international initiative to call wider attention to surveillancestudies within academia and beyond.

The purpose of this journal is to encourage understanding of approachesto surveillance in different academic disciplines, publish innovativeand transdisciplinary work on surveillance, promote understanding ofsurveillance in wider society, and encourage debate and dissent.

New issues are posted on the Surveillance & Society Web site as theybecome available. In the future, the Web site is also slated to housea Surveillance Studies Resource Base, including an interactive"Encyclopedia of Surveillance," and a Discussion Forum, which will bebased on submitted opinion pieces of up to 2000 words.

Interested parties can submit articles for possible inclusion inSurveillance & Society. All submissions will be fully peer-reviewedto the most rigorous quality standards, and unconventional submissionssuch as photographic and video work are encouraged. See the Web sitefor details.

EPIC Publications:

"The Privacy Law Sourcebook 2002: United States Law, InternationalLaw, and Recent Developments," Marc Rotenberg, editor (EPIC 2002).
Price: $40.

The "Physicians Desk Reference of the privacy world." An invaluableresource for students, attorneys, researchers and journalists who needan up-to-date collection of U.S. and International privacy law, aswell as a comprehensive listing of privacy resources.

"FOIA 2002: Litigation Under the Federal Open Government Laws," HarryHammitt, David Sobel and Mark Zaid, editors (EPIC 2002). Price: $40.

This is the standard reference work covering all aspects of theFreedom of Information Act, the Privacy Act, the Government in theSunshine Act, and the Federal Advisory Committee Act. The 21stedition fully updates the manual that lawyers, journalists andresearchers have relied on for more than 25 years. For those wholitigate open government cases (or need to learn how to litigatethem), this is an essential reference manual.

"Privacy & Human Rights 2002: An International Survey of Privacy Lawsand Developments" (EPIC 2002). Price: $25.

This survey, by EPIC and Privacy International, reviews the state ofprivacy in over fifty countries around the world. The survey examinesa wide range of privacy issues including data protection, telephonetapping, genetic databases, video surveillance, location tracking, IDsystems and freedom of information laws.

"Filters and Freedom 2.0: Free Speech Perspectives on Internet ContentControls" (EPIC 2001). Price: $20.

A collection of essays, studies, and critiques of Internet contentfiltering. These papers are instrumental in explaining why filteringthreatens free expression.

"The Consumer Law Sourcebook 2000: Electronic Commerce and the GlobalEconomy," Sarah Andrews, editor (EPIC 2000). Price: $40.

The Consumer Law Sourcebook provides a basic set of materials forconsumers, policy makers, practitioners and researchers who areinterested in the emerging field of electronic commerce. The focus ison framework legislation that articulates basic rights for consumersand the basic responsibilities for businesses in the online economy.

"Cryptography and Liberty 2000: An International Survey of EncryptionPolicy," Wayne Madsen and David Banisar, authors (EPIC 2000). Price:

EPIC's third survey of encryption policies around the world. Theresults indicate that the efforts to reduce export controls on strongencryption products have largely succeeded, although severalgovernments are gaining new powers to combat the perceived threats ofencryption to law enforcement.

EPIC publications and other books on privacy, open government, freeexpression, crypto and governance can be ordered at:

EPIC Bookstore

"EPIC Bookshelf" at Powell's Books

[8] Upcoming Conferences and Events

** Uniting Privacy and the First Amendment in the 21st Century **

May 9-10, 2003Oakland, CA
EPIC, the First Amendment Project, and the California Office ofPrivacy Protection are sponsoring this activist symposium designed toexplore the interplay between privacy and First Amendment rights, withthe goal of developing strategies for optimizing both.

For more information:

Finding Our Digital Voice: Governing in the Information Age. CrossingBoundaries National Conference. Centre for Collaborative Government.
May 7-9, 2003. Ottawa, Canada. For more information:

Collecting and Producing Electronic Evidence in Cybercrime Cases.
University of Namur. May 8-9, 2003. Namur, Belgium. For moreinformation:

Little Sister 2003: Community Resistance, Security, Law andTechnology. May 9-11, 2003. Vancouver, British Columbia, Canada. Formore information:

2003 IEEE Symposium on Security and Privacy. IEEE Computer SocietyTechnical Committee on Security and Privacy, in cooperation with theInternational Association for Cryptologic Research (IACR). May 11-14,
2003. Oakland, CA. For more information:

Technologies for Protecting Personal Information. Federal TradeCommission. Workshop 1: The Consumer Experience. May 14, 2003.
Workshop 2: The Business Experience. June 4, 2003. Washington, DC. Formore information:

ITS-2003: Third International Conference on "Information Technologiesand Security." June 23-27, 2003. Partenit, Crimea, Ukraine. For moreinformation:

Press Freedom on the Internet. The World Press Freedom Committee. June26-28, 2003. New York, NY. For more information: <>

Building the Information Commonwealth: Information Technologies andProspects for Development of Civil Society Institutions in theCountries of the Commonwealth of Independent States.
Interparliamentary Assembly of the Member States of the Commonwealthof Independent States (IPA). June 30-July 2, 2003. St. Petersburg,
Russia. For more information:

O'Reilly Open Source Convention. July 7-11, 2003. Portland, OR. Formore information:

1st Global Conference: Visions of Humanity in Cyberculture, Cyberpunkand Science Fiction. August 11-13, 2003. Prague, Czech Republic. Formore information:

Integrating Privacy Into Your Overall Business Strategy: Complyingwith Privacy Legislation for Competitive Advantage. InternationalQuality and Productivity Centre (IQPC Canada). July 9-10, 2003.
Toronto, Canada. For more information:

Chaos Communication Camp 2003: The International Hacker Open AirGathering. Chaos Computer Club. August 7-10, 2003. Paulshof,
Altlandsberg, Germany. For more information:

Privacy2003. Technology Policy Group. September 30-October 2, 2003.
Columbus, OH. For more information:

WWW2003: 5th Annual Conference on World Wide Web Applications.
Department of Information Studies, Rand Afrikaans University, and theDepartment of Information Systems and Technology, University ofDurban-Westville. September 10-12, 2003. Durban, South Africa. Formore information:

Subscription Information

Subscribe/unsubscribe via Web interface:

Subscribe/unsubscribe via e-mail:

Subject: "subscribe" or "unsubscribe" (no quotes)

Automated help with subscribing/unsubscribing:

Subject: "help" (no quotes)

Problems or questions? e-mail <>

Back issues are available at:

The EPIC Alert displays best in a fixed-width font, such as Courier.

Privacy Policy

The EPIC Alert mailing list is used only to mail the EPIC Alert and tosend notices about EPIC activities. We do not sell, rent or share ourmailing list. We also intend to challenge any subpoena or other legalprocess seeking access to our mailing list. We do not enhance (linkto other databases) our mailing list or require your actual name.

In the event you wish to subscribe or unsubscribe your e-mail addressfrom this list, please follow the above instructions under"subscription information". Please contact if you wouldlike to change your subscription e-mail address, if you areexperiencing subscription/unsubscription problems, or if you have anyother questions.

About EPIC

The Electronic Privacy Information Center is a public interestresearch center in Washington, DC. It was established in 1994 tofocus public attention on emerging privacy issues such as the ClipperChip, the Digital Telephony proposal, national ID cards, medicalrecord privacy, and the collection and sale of personal information.
EPIC publishes the EPIC Alert, pursues Freedom of Information Actlitigation, and conducts policy research. For more information,
e-mail, or write EPIC, 1718Connecticut Ave., NW, Suite 200, Washington, DC 20009.
+1 202 483 1140 (tel), +1 202 483 1248 (fax).

If you'd like to support the work of the Electronic PrivacyInformation Center, contributions are welcome and fullytax-deductible. Checks should be made out to "EPIC" and sent to1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009.
Or you can contribute online at:

Your contributions will help support Freedom of Information Act andFirst Amendment litigation, strong and effective advocacy for theright of privacy and efforts to oppose government regulation ofencryption and expanding wiretapping powers.

Thank you for your support.

END EPIC Alert 10.09


WorldLII: Copyright Policy | Disclaimers | Privacy Policy | Feedback