WorldLII Home | Databases | WorldLII | Search | Feedback

EPIC Alert

You are here:  WorldLII >> Databases >> EPIC Alert >> 2004 >> [2004] EPICAlert 12

Database Search | Name Search | Recent Articles | Noteup | LawCite | Help

EPIC Alert 11.12 [2004] EPICAlert 12


Volume 11.12 June 24, 2004

Published by the Electronic Privacy Information Center (EPIC)
Washington, D.C.

Table of Contents

[1] Supreme Court Upholds Arrest for Refusal to Give Identification
[2] EPIC Recommends Protections for Social Security Numbers
[3] Info on PATRIOT Act Surveillance Authority Released
[4] EPIC Proposes RFID Privacy Guidelines to the FTC
[5] EPIC Opposes Ratification of Cybercrime Convention
[6] Top TSA Official Admits Vast Collection of Air Passenger Data
[7] News in Brief
[8] Upcoming Conferences and Events

[1] Supreme Court Upholds Arrest for Refusal to Give Identification

A sharply divided Supreme Court ruled on Monday that, under certaincircumstances, a person may be required to give his name to a policeofficer. The decision upheld a Nevada law allowing police to arrestan individual when there are "suspicious circumstances surrounding hispresence" and he refuses to identify himself.

Larry Dudley Hiibel challenged the constitutionality of the law whenhe was convicted for refusing to give his name to a police officer. Heasserted that the law violates the right against unreasonable searchand seizure based in the Fourth Amendment, and the right againstself-incrimination guaranteed by the Fifth Amendment.

The Supreme Court opinion, authored by Justice Kennedy, held only abare majority (5-4). The Court narrowed its holding to the particularfacts of the case: "As we understand it, the statute does not requirea suspect to give the officer a driver's license of other document.
Provided that the suspect either states his name or communicates it byother means . . . the statues is satisfied and no violation occurs."

When an officer stops an individual based on "reasonable suspicion,"
he has the right to "pat down" the person to search for weapons ininterest of the officer's safety. However, the question of whetherthe scope of such searches extended to allowing an officer to compelidentification had been unresolved. The Court in Hiibel held that theNevada law was related to the "purpose, rationale and practicaldemands" of the stop, leaving open the question of whether queryingvast criminal databases -- some of which may contain incorrectinformation -- violates the Fourth Amendment.

Such databases are increasingly interconnected and available tostreet-level police. The most critical systems are severely flawed:
the National Crime Information Center (NCIC) database was exemptedfrom accuracy requirements by the Justice Department and theMulti-State Anti-Terrorism Information Exchange (MATRIX) may be inviolation of state privacy laws. Reliance on such systems may be anunreasonable search since it must be "reasonably related in scope tothe circumstances which justified the initial stop," a question leftunanswered by the court.

Justices Breyer, Souter and Ginsberg strongly dissented based on theFourth Amendment prohibition against unreasonable searches andseizures, following a long line of cases that held that an individualis "not obliged to respond" when questioned by police, even when askedto identify himself.

The Court also found that Hiibel's Fifth Amendment rights againstcompelled self-incrimination were not violated because "As best we cantell, petitioner refused to identify himself only because he thoughthis name was none of the officer's business." However, the Courtinvited a case in which the individual's name itself may beincriminating and "would furnish a link in the chain of evidenceneeded to prosecute him." Such a situation arises when extensivecriminal databases, some of which may contain incorrect information,
are searched in the normal course of a stop based on reasonablesuspicion. Said the Court, "In that case, the court can then considerwhether the privilege applies, and, if the Fifth Amendment has beenviolated, what remedy must follow."

Justice Stevens' dissenting opinion recognized the danger of vastpolice databases, finding that -- in this context -- laws requiring anindividual to identify himself violate the Fifth Amendment. "A namecan provide the key to a broad array of information about the person,
particularly in the hands of a police officer with access to a rangeof law enforcement databases," asserted Justice Stevens.

EPIC was one of several groups to submit briefs in support of Hiibel.
EPIC's brief focused on the wealth of information in national lawenforcement databases that becomes available to police officers oncethey input a person's name. Other briefs in support of Hiibel focusedon the difficulty of proving one's identity, especially as it affectsthe homeless, and the harms of punishing silence.

The Supreme Court opinion is available at:

EPIC's amicus brief filed in Hiibel v. Sixth Judicial Court of Nevada:

For more information about the case, see EPIC's Hiibel v. SixthJudicial Court of Nevada Page:

[2] EPIC Recommends Protections for Social Security Numbers

In testimony before the House Ways and Means Subcommittee on SocialSecurity, EPIC associate director Chris Hoofnagle argued that Congressshould regulate the collection, use, and disclosure of individuals'
Social Security Numbers (SSNs). The hearing concerned H.R. 2971, theSocial Security Number Privacy and Identity Theft Prevention Act of2003, which was introduced by Subcommittee Chairman Clay Shaw (R-FL)
and has bipartisan support.

H.R. 2971 would place limits on both private sector and governmentdisclosure of the SSN. It would empower the Attorney General to allowdisclosure of the SSN where there is a compelling interest servedthrough use of the identifier that cannot be satisfied with analternative number. Other provisions of the bill would prohibit theprinting of SSNs on government checks, employee ID badges, anddriver's licenses. The legislation prohibits "coercive disclosure," apractice in which a business conditions the provision of a product orservice upon disclosure of the SSN. The bill also moves the SSN"below the line," meaning that sale of SSNs from "credit headers,"
identification information from a credit report, would be subject to afull set of Fair Credit Reporting Act protections.

EPIC made a number of recommendations for improvement of thelegislation. EPIC recommended that exceptions allowing use of the SSNbe limited in duration, as time limits encourage users of the SSN totransition to alternative identifiers. Users of the SSN should alsobe required to maintain technical safeguards and be subject to legalliability for misuse of the identifier. EPIC recommended thatCongress look to the leadership of state legislatures in crafting SSNlegislation. Broad protections for the SSN have been providedrecently in Colorado, Arizona, and California. Many states havecreated protections for the SSN in specific sectors, includinglimiting use of the identifier at educational institutions andlimiting its disclosure in public, vital, and death records.

EPIC's testimony closed with a recommendation that Congress examinehow dependence on the SSN exacerbates identity theft. Businesses usethe SSN as both a record identifier and as a password, making it apoor tool for both purposes. Also, in a number of high-profile cases,
banks have issued credit to applicants based solely on a SSN match,
meaning that a criminal, armed only with a SSN, can commit identitytheft. In one case detailed in the testimony, credit was granted toan impostor who had a correct SSN but listed an incorrect date ofbirth and address on an application. If credit grantors relied lesson the SSN and were required to more carefully examine applicationsfor new accounts, identity theft would be harder to commit.

EPIC's testimony:
H.R. 2971, the Social Security Number Privacy and Identity TheftPrevention Act of 2003:

For more information about privacy issues raised by Social SecurityNumbers, see EPIC's SSN Page:

[3] Info on PATRIOT Act Surveillance Authority Released

EPIC received two sets of documents last week revealing that the scopeof the FBI's powers under a controversial provision of the USA PATRIOTAct is broader than what government officials have publiclyacknowledged.

The documents concern Section 215 of the USA PATRIOT Act, which grantsthe FBI the authority to request an order "requiring the production ofany tangible things (including books, records, papers, documents, andother items)" relevant to an investigation of international terrorismor clandestine intelligence activities. United States citizens may beinvestigated in part on the basis of their First Amendment activities,
and the FBI need not show a reason to believe that the target of asurveillance order is engaged in criminal activity.

A memo obtained by EPIC and allied civil liberties groups, datedOctober 15, 2003, shows that the FBI submitted an application for aSection 215 order just weeks after Attorney General John Ashcroftpublicly stated that the controversial provision of the USA PATRIOTAct had never been invoked. The October 15 application does notreveal the purpose of the investigation, or the type of informationsought.

Among other FBI documents released last week is an internal FBI memofrom October 2003 acknowledging that Section 215 may be used to obtaininformation about innocent people. In discussing the FBI's ability toobtain "business records" under the provision, an unknown FBI employeewrites:

"The business records request is not limited to the records of thetarget of a full investigation. The request must simply be sought fora full investigation. Thus, if the business records relating to oneperson are relevant to the full investigation of another person, thoserecords can be obtained by a [Foreign Intelligence Surveillance Court]
order despite the fact that there is no open investigation of theperson to whom the subject of the business records pertain."

Also released was an FBI memo indicating that any "tangible things,"
including apartment keys, may be obtained under Section 215.

A judge for the United States District Court for the District ofColumbia ordered release of the Section 215 documents last month,
overturning the FBI's decision to withhold the documents until 2005.
Under the District Court judge's order, more documents are to bereleased in July. The documents respond to an October 2003 Freedom ofInformation Act request filed by EPIC, the American Civil LibertiesUnion, the American Booksellers Foundation for Free Expression and theFreedom to Read Foundation.

Another set of documents released to EPIC this month show that the FBIacknowledges that it may obtain library patrons' reading and webbrowsing documents without having probable cause. This determinationis revealed in an e-mail sent by an unknown FBI official in December2003, in which the official points out that the FBI web siteincorrectly stated that Section 215 requires that the FBI haveprobable cause to request library records. This inaccurate statementwas posted on the FBI website in response to the question "Can the FBIlook at your library records any time they want?"

Another e-mail concerns the criminal prohibition against librariansinforming their patrons about any Section 215 orders. The e-mailstates: "One of the primary complaints from the librarians is that 215orders must be complied with secretly, as if there is somethingsinister about the fact that they would not be permitted to share withothers a request for information." The e-mail writer goes on tosuggest that an FBI official, in his upcoming testimony on Section215, address a certain case "as an example of why secrecy isimportant." That case, however, involved using pre-USA PATRIOT Actauthority to obtain a person's library web searches as part of anespionage investigation. There was no Section 215 authority at thetime of that investigation.

These documents were obtained by EPIC under a January 2004 Freedom ofInformation Act request to the FBI.

For more information about Section 215 and other USA PATRIOT Actprovisions, see EPIC's USA PATRIOT Act Page:

[4] EPIC Proposes RFID Privacy Guidelines to the FTC

In testimony to the Federal Trade Commission on radio frequencyidentification (RFID) technologies, EPIC Policy Counsel Cedric Lauranturged the agency to adopt strong privacy guidelines to protectconsumers against potential abuses of the tracking technology.

RFID is an emerging information technology designed to facilitate theremote capture of information from physical objects. Associated datais stored on a small token (a "tag") affixed to, or embedded in, theobject. Tags in use today are small enough to be invisibly embeddedin products and product packaging. Data is read from these tags viaradio waves transmitted by special RFID reading devices. RFID readersare often connected to computer networks, facilitating the transfer ofdata from the physical object to databases and software applicationsthousands of miles away and allowing objects to be continually locatedand tracked through space. Today, major uses of RFID include supplychain management, animal tracking, and electronic roadway tollcollection.

RFID technology represents a fundamental change in the informationtechnology infrastructure with dramatic privacy implications.
Although the use of RFID in the retail sector is now primarily in thesupply chain, products with embedded RFID are beginning to appear onstore shelves. Product level tagging, if left unregulated, couldfacilitate unprecedented levels of consumer surveillance, tracking,
and profiling.

EPIC's testimony to the Commission proposed guidelines that outlinethe duties of RFID users such as warehouses and retail stores, as wellas the rights of individuals who come in contact with RFID-enabledproducts. At a minimum, RFID users must clearly label or identifyproducts containing RFID, disable them before the completion of asale, attach tags in a way that makes them easily removable, anddesignate an individual responsible for user compliance with RFIDguidelines. Further, any RFID users that gather personal data aboutindividuals must inform them of the purpose and scope of the data'suse, obtain written consent before proceeding, enable individuals toaccess and correct their data, and post a comprehensive privacy policyestablishing their duties towards customers. The guidelines alsoprohibit the use of RFID data to track or identify individuals beyondwhat is required to manage inventory.

EPIC also recently surveyed developers and manufacturers of RFIDtechnology, as well as retailers who have begun to employ RFID in thesupply chain and in the retail setting. EPIC asked about their use ofRFID tags in the retail environment and requested details about howthey were enabling customers to disable tags (a process known as "tagkilling") or remove tags from retail merchandise. Results from thesurvey to date indicate that there is no standard for tag killing inindustry today. Tags may be physically destroyed in the process orsimply erased for later recycling. Leading retailer Wal-Mart has toldEPIC that there are no RFID tag readers anywhere on their salesfloors. Further, both RFID manufacturers and end user retailers haveindicated that when consumers do buy products with RFID they areclearly labeled and only embedded in packaging which can be easilyremoved. These practices should become industry standards. Completeresults of the survey are available on the EPIC web site.

Over the past year there has been increased activity worldwide todraft guidelines, principles and legislation governing the use of RFIDin order to protect privacy. Last November, a joint positionstatement on RFID use, signed by more than twenty consumer privacy andcivil liberties organizations including EPIC, called for a voluntarymoratorium on item-level RFID tagging until a formal technologyassessment process involving all stakeholders, including consumers,
can take place. Also in November, a resolution on RFID was adopted atthe International Conference of Data Protection and PrivacyCommissioners in Sydney. Country-level guidelines have been draftedin Europe and Asia, and several bills have been introduced into statelegislatures in the United States.

EPIC's survey of the RFID industry:

For more information about radio frequency identificationtechnologies, see EPIC's RFID page:

[5] EPIC Opposes Ratification of Cybercrime Convention

On June 17, EPIC submitted a letter to the Senate Committee on ForeignRelations urging it to oppose the ratification of the Council ofEurope's Convention on Cybercrime (the Cybercrime Convention). Thesame day, the Committee held a hearing to consider whether the UnitedStates should ratify the international treaty.

In 1997, the Council of Europe formed a Committee of Experts on Crimein Cyberspace, and met in secret for several years drafting theCybercrime Convention, which was released in final form in June 2001.
In November 2001, the United States joined about 30 other countries inthe ceremonial act of signing the Cybercrime Convention. Since then,
only Albania, Croatia, Estonia, Hungary, Lithuania and Romania haveactually ratified the treaty. On November 17, 2003, President Bushtransmitted the Convention, along with the State Department's reporton the treaty, to the U.S. Senate with a view to receiving its adviceand consent to ratification. The State Department report states,
among other things, that adoption of the treaty will not requireimplementation of any new legislation in the U.S.

EPIC's letter to the Committee recommended against ratification of theCybercrime Convention for several reasons. First, the Conventionthreatens core human rights protected by the U.S. Constitution. Thetreaty grants law enforcement authorities sweeping investigativepowers regarding computer surveillance, search and seizure, but failsto provide adequate safeguards for privacy or checks on government useof these powers. While the treaty does mention a concern for privacyprotections, its language is weak and vague. The Cybercrime Conventionalso ignores several important existing international treaties andconventions regarding privacy and human rights, such as the 1948Universal Declaration of Human Rights and the Council of Europe's own1981 Convention for the Protection of Individuals with regard to theAutomatic Processing of Personal Data.

Second, the Cybercrime Convention was drafted in a secretive andundemocratic manner. Nineteen drafts of the treaty were producedbefore the document was released to the public. Even after publicrelease, little effort was made to incorporate concerns of privacy andcivil liberties groups. The June 17 hearing before the SenateCommittee on Foreign Relations continued that trend. The onlywitnesses who testified about the Cybercrime Convention weregovernment officials, and no nongovernmental organizations or industrygroups were given the opportunity to participate. The governmentwitnesses did not mention any criticisms or possible drawbacks ofratifying the treaty.

Finally, very few European countries have ratified the CybercrimeConvention. In fact, the treaty remains very controversial in Europe,
particularly the provisions relating to the lack of protections forthe use, collection, and distribution of personal data. As ItalianPrivacy Commission official Giovanni Buttarelli noted at EPIC's recentFreedom 2.0 conference in Washington, privacy and data protection havecome to be considered in the European Union Charter of FundamentalRights as fundamental human rights which European officials arecommitted to protecting, and there is concern that the extensivesurveillance tools enabled by the Cybercrime Convention are threats toa democratic society.

To become binding on the U.S., the treaty requires approval oftwo-thirds of the Senate. When the Senate considers a treaty, it mayapprove it as written, approve it with specified conditions,
reservations, or understandings, reject and return it, or prevent itsentry into force by withholding approval. Chairman Richard Lugar hasindicated that the Foreign Relations Committee may soon act on theAdministration's ratification request, but treaty critics are askingfor additional hearings to address their concerns.

The text of the Convention on Cybercrime:

The hearing schedule and witnesses' testimonies:

An explanation of the U.S. treaty ratification process is availableat:

For more information, see EPIC's page on the Council of Europe'sConvention on Cybercrime:

[6] Top TSA Official Admits Vast Collection of Air Passenger Data

The Transportation Security Administration's top official has admittedthat Delta, Continental, America West, JetBlue and Frontier Airlinesdisclosed passenger records to the agency's contractors in 2002 tohelp them test the second generation Computer Assisted PassengerPrescreening System (CAPPS II). David Stone's concession, which wasmade in sworn written testimony responding to questions asked by theSenate Governmental Affairs Committee prior to his confirmationhearing, contradicts repeated denials that the agency had acquired orused real passenger data from airlines to test the controversialpassenger profiling system.

The admission flies in the face of a February report to Congress bythe General Accounting Office, Congress' investigative arm, whichstated that the Transportation Security Administration had testedCAPPS II only with 32 simulated passenger records based uponitineraries provided by agency employees and contractor staff.

Stone further disclosed that agency contractors were given passengerrecords from Galileo International and "possibly" Apollo, two airlinereservation systems. The agency directly received passengerinformation from a third reservation system, Sabre, which is one ofthe largest in the world and used by most Internet travel web sites.

Stone also stated that the agency failed to publish a "system ofrecords" notice for the collection of passenger records, which isgenerally required by the Privacy Act. Stone said the agency "did notbelieve" that the notice was necessary because the personalinformation was "not to be accessed or retrieved by name or personalidentifier to make individual determinations[.]"

Questions also arose earlier this year about the agency's compliancewith the federal privacy law in relation to passenger records. InFebruary, the Department of Homeland Security Privacy Office chastisedthe agency for acting "without appropriate regard for individualprivacy interests or the spirit of the Privacy Act" when itfacilitated the transfer of passenger data from JetBlue Airways to aDefense Department contractor.

David Stone's answers to questions posed by the Senate GovernmentalAffairs Committee:

General Accounting Office's Report to Congress on CAPPS II:

Department of Homeland Security Privacy Office's Report to the Publicon Events Surrounding JetBlue Data Transfer:

For more information about passenger data disclosures, see EPIC's pageon the Northwest Airlines disclosures:

For more information about CAPPS II, see EPIC's Passenger ProfilingPage:

[7] News in Brief

Two weeks after EPIC filed suit to compel the Transportation SecurityAdministration and Federal Bureau of Investigation to releaseinformation about their efforts to acquire airline passenger data frommajor commercial airlines (see EPIC Alert 11.11), the FBI has grantedexpedited processing of EPIC's request for information about theagency's collection of a year's worth of passenger information fromnumerous airlines after 9/11. Last month, the FBI refused to expediteEPIC's request on the grounds that "the primary activity of EPIC doesnot appear to be information dissemination," though two federal judgeshave found otherwise. The Bureau also justified its denial by statingthat EPIC had not "demonstrated any particular urgency to inform thepubic about the subject matter of [its] request beyond the public'sright to know generally."

EPIC's complaint is available at:

EPIC's motion for a preliminary injunction is available at:

For more information about passenger data disclosures, see EPIC'sNorthwest Disclosure Page:

The Civil Liberties Restoration Act of 2004, a major piece of civilliberties legislation, was introduced in Congress this month.
Numbered H.R. 4591 in the House and S. 2528 in the Senate, the Actwould require, among other things, that the Attorney General complywith the Privacy Act's accuracy requirements with respect to the dataentered in the National Crime Information Center Database (NCIC). InMarch 2003, a regulation had been issued exempting the NCIC from theaccuracy requirement. The Act would also ensure that individuals whoare charged with a crime under the USA PATRIOT Act would see theevidence against them under the procedure set forth in the ClassifiedInformation Procedures Act. Further, the Act would require federalagencies to submit a report to Congress on their data miningactivities.

The text of the Civil Liberties Restoration Act of 2004:

For information about NCIC inaccuracy, see EPIC's Joint Letter toRequire Accuracy for the National Crime Information Center:

The Senate Committee on Science, Commerce, and Transportation heardtestimony on June 16 to consider S. 2281, the Voice-over-IP (VoIP)
Regulatory Freedom Act, sponsored by Senator John Sununu (R-NH).
Under the proposed bill, VoIP providers would not be required to meetwiretap standards set forth in the Communications Assistance for LawEnforcement Act of 1994 (CALEA), though they would be required tohonor government wiretap orders. The Justice Department contends thatapplying CALEA-like requirements to VoIP would enable better real-timecommunications interceptions and the ability to avoid tapping intodata from uninvolved third parties. They also argue that wiretapregulations should be technology neutral and that singling outparticular technologies for exemptions creates holes in lawenforcement's ability to protect national security.

The corresponding House bill, sponsored by Rep. Chip Pickering (R-MS),
explicitly extends CALEA design requirements to Internet telephony.

For more information about VoIP privacy issues, see the EPIC InternetTelephony page:

In a brief mark-up session on June 17, the House Subcommittee onCommerce, Trade and Consumer Protection approved an amended version ofH.R. 2929, the Securely Protect Yourself Against Cyber Trespass Act(SPY ACT), setting the stage for consideration of the bill by the fullHouse Energy and Commerce Committee on June 24.

The amended H.R. 2929 prohibits certain deceptive practices related tospyware such as hijacking a computer's functions, changing homepageswithout authorization, and surreptitious keystroke logging. The billalso regulates "information collection programs" by mandating expressconsent before installation, the provision of an uncomplicateddisabling function, and the disclosure of the type of informationcollected and then purpose of collecting it. Under the current draftof H.R. 2929, the Federal Trade Commission will assume enforcementfunctions, with authorization to levy fines as large as $3 million forcertain violations. The speed with which H.R. 2929 has moved fromsubcommittee to full committee, and the bipartisan nature of thebill's 32 co-sponsors, suggests that the full House is likely to passit this session. However, the bill's efficacy might be undermined bythe fact that it includes no provisions for a private right of action,
and it preempts states from legislating their own privacy protectionsagainst spyware.

The text of H.R. 2929 is available at:

The Internet Corporation for Assigned Names and Numbers (ICANN) hasextended the deadline for public comments to be submitted on the WHOISpolicy development preliminary reports. The WHOIS database is apublic directory of domain registrant data which is available andsearchable online. Currently, registrants must enter such personalinformation as name, address, telephone number, and e-mail address inaddition to technical contact information, all of which can be foundin the public WHOIS database.

Last year ICANN established three task forces to develop policy forthe WHOIS database. The task forces' preliminary reports, which focuson access, data, and accuracy, were recently released to the public.
Members of the public now have until July 5, 2004 to submit commentsto the three task forces developing the WHOIS policy.

For more information, visit the Public Voice web site:

EPIC Publications:

"The Public Voice WSIS Sourcebook: Perspectives on the World Summit onthe Information Society" (EPIC 2004). Price: $40.

This resource promotes a dialogue on the issues, the outcomes, and theprocess of the World Summit on the Information Society (WSIS). Thisreference guide provides the official UN documents, regional andissue-oriented perspectives, as well as recommendations and proposalsfor future action, as well as a useful list of resources and contactsfor individuals and organizations that wish to become more involved inthe WSIS process.

"The Privacy Law Sourcebook 2003: United States Law, InternationalLaw, and Recent Developments," Marc Rotenberg, editor (EPIC 2003).
Price: $40.

The "Physicians Desk Reference of the privacy world." An invaluableresource for students, attorneys, researchers and journalists who needan up-to-date collection of U.S. and International privacy law, aswell as a comprehensive listing of privacy resources.

"FOIA 2002: Litigation Under the Federal Open Government Laws," HarryHammitt, David Sobel and Mark Zaid, editors (EPIC 2002). Price: $40.

This is the standard reference work covering all aspects of theFreedom of Information Act, the Privacy Act, the Government in theSunshine Act, and the Federal Advisory Committee Act. The 21stedition fully updates the manual that lawyers, journalists andresearchers have relied on for more than 25 years. For those wholitigate open government cases (or need to learn how to litigatethem), this is an essential reference manual.

"Privacy & Human Rights 2003: An International Survey of Privacy Lawsand Developments" (EPIC 2002). Price: $35.

This survey, by EPIC and Privacy International, reviews the state ofprivacy in over fifty-five countries around the world. The surveyexamines a wide range of privacy issues including data protection,
passenger profiling, genetic databases, video surveillance, ID systemsand freedom of information laws.

"Filters and Freedom 2.0: Free Speech Perspectives on Internet ContentControls" (EPIC 2001). Price: $20.

A collection of essays, studies, and critiques of Internet contentfiltering. These papers are instrumental in explaining why filteringthreatens free expression.

"The Consumer Law Sourcebook 2000: Electronic Commerce and the GlobalEconomy," Sarah Andrews, editor (EPIC 2000). Price: $40.

The Consumer Law Sourcebook provides a basic set of materials forconsumers, policy makers, practitioners and researchers who areinterested in the emerging field of electronic commerce. The focus ison framework legislation that articulates basic rights for consumersand the basic responsibilities for businesses in the online economy.

"Cryptography and Liberty 2000: An International Survey of EncryptionPolicy," Wayne Madsen and David Banisar, authors (EPIC 2000). Price:

EPIC's third survey of encryption policies around the world. Theresults indicate that the efforts to reduce export controls on strongencryption products have largely succeeded, although severalgovernments are gaining new powers to combat the perceived threats ofencryption to law enforcement.

EPIC publications and other books on privacy, open government, freeexpression, crypto and governance can be ordered at:

EPIC Bookstore

"EPIC Bookshelf" at Powell's Books

[8] Upcoming Conferences and Events

ITU WSIS Thematic Meeting on Countering Spam. InternationalTelecommunication Union and the World Summit on the InformationSociety. July 7-9, 2004. Geneva, Switzerland. For more information:

PORTIA Workshop on Sensitive Data in Medical, Financial, andContent-Distribution Systems. PORTIA Project. July 8-9, 2004.
Stanford, CA. For more information:

O'Reilly Open Source Convention. July 26-30, 2004. Portland, OR.
For more information:

2004 UK Big Brother Awards. Privacy International. July 28, 2004.
London, UK. For more information:

First Conference on Email and Anti-Spam. American Association forArtificial Intelligence and IEEE Technical Committee on Security andPrivacy. July 30-31, 2004. Mountain View, CA. For more information:

Crypto 2004: The Twenty-Fourth Annual IACR Crypto Conference.
International Association for Cryptologic Research, IEEE ComputerSociety Technical Committee on Security and Privacy, and the ComputerScience Department of the University of California, Santa Barbara.
August 15-19, 2004. Santa Barbara, CA. For more information:

Ninth National HIPAA Summit. September 12-14, 2004. Baltimore, MD.
For more information:

Public Voice Symposium: Privacy in a New Era: Challenges,
Opportunities and Partnerships. Electronic Privacy InformationCenter, European Digital Rights Initiative (EDRi), and PrivacyInternational. September 13, 2004. Wroclaw, Poland. For moreinformation:

The Right to Personal Data Protection -- the Right to Dignity. 26thInternational Conference on Data Protection and Privacy Commissioners.
September 14-16, 2004. Wroclaw, Poland. For more information:

2004 Telecommunications Policy Research Conference. National Centerfor Technology & Law, George Mason University School of Law. October1-3, 2004. Arlington, VA. For more information:

Health Privacy Conference. Office of the Information and PrivacyCommissioner of Alberta. October 4-5, 2004. Calgery, Alberta, Canada.
For more information:

IAPP Privacy and Data Security Academy & Expo. InternationalAssociation of Privacy Professionals. October 27-29, 2004. NewOrleans, LA. For more information:

Privacy and Security: Seeking the Middle Path. Office of theInformation & Privacy Commissioner of Ontario; Centre for InnovationLaw and Policy, University of Toronto; and Center for AppliedCryptographic Research, University of Waterloo. Toronto, Ontario,
Canada. October 28-29, 2004. For more information:

CFP2005: Fifteenth Annual Conference on Computers, Freedom andPrivacy. April 12-15, 2005. Seattle, WA. For more information:

Subscription Information

Subscribe/unsubscribe via web interface:

Back issues are available at:

The EPIC Alert displays best in a fixed-width font, such as Courier.

Privacy Policy

The EPIC Alert mailing list is used only to mail the EPIC Alert and tosend notices about EPIC activities. We do not sell, rent or share ourmailing list. We also intend to challenge any subpoena or other legalprocess seeking access to our mailing list. We do not enhance (linkto other databases) our mailing list or require your actual name.

In the event you wish to subscribe or unsubscribe your e-mail addressfrom this list, please follow the above instructions under"subscription information."

About EPIC

The Electronic Privacy Information Center is a public interestresearch center in Washington, DC. It was established in 1994 tofocus public attention on emerging privacy issues such as the ClipperChip, the Digital Telephony proposal, national ID cards, medicalrecord privacy, and the collection and sale of personal information.
EPIC publishes the EPIC Alert, pursues Freedom of Information Actlitigation, and conducts policy research. For more information, see or write EPIC, 1718 Connecticut Ave., NW, Suite200, Washington, DC 20009. +1 202 483 1140 (tel), +1 202 483 1248(fax).

If you'd like to support the work of the Electronic PrivacyInformation Center, contributions are welcome and fullytax-deductible. Checks should be made out to "EPIC" and sent to 1718Connecticut Ave., NW, Suite 200, Washington, DC 20009. Or you cancontribute online at:

Your contributions will help support Freedom of Information Act andFirst Amendment litigation, strong and effective advocacy for theright of privacy and efforts to oppose government regulation ofencryption and expanding wiretapping powers.

Thank you for your support.

END EPIC Alert 11.12


WorldLII: Copyright Policy | Disclaimers | Privacy Policy | Feedback