WorldLII Home | Databases | WorldLII | Search | Feedback

EPIC Alert

You are here:  WorldLII >> Databases >> EPIC Alert >> 2004 >> [2004] EPICAlert 20

Database Search | Name Search | Recent Articles | Noteup | LawCite | Help

EPIC Alert 11.20 [2004] EPICAlert 20


Volume 11.20 October 21, 2004

Published by the Electronic Privacy Information Center (EPIC)
Washington, D.C.

Table of Contents

[1] FBI Backs Down in EPIC Lawsuit for Release of Secure Flight Info
[2] Award Winners Question Science Funding for Mass Surveillance
[3] Ethics Committee Reprimands Congressman For Misleading Agency
[4] Federal Agency Approves RFID Implant for Health Care Use
[5] Foreign Government Seizes Indymedia Servers in UK
[6] News in Brief
[7] EPIC Bookstore: The Identity Theft Protection Guide
[8] Upcoming Conferences and Events

[1] FBI Backs Down in EPIC Lawsuit for Release of Secure Flight Info

Faced with an application for an emergency court order filed by EPIClast week, the FBI agreed to quickly release documents in a lawsuitseeking information about the agency's role in Secure Flight, thegovernment's new passenger prescreening system. EPIC submitted aFreedom of Information Act request to the FBI last month asking forinformation about the Terrorist Screening Database, which ismaintained by the FBI. Among other information, the database isintended to include expanded watch lists, which will be used withinthe Department of Homeland Security's Secure Flight program to screenpassengers.

EPIC asked the FBI to release the documents before October 25, when apublic comment period on the testing phase of Secure Flight ends, sothat the public could submit informed and meaningful responses to thegovernment's Secure Flight proposal. To further demonstrate theurgency of letting the public know about the database, EPIC cited 213news articles mentioning the FBI's involvement in Secure Flight. TheFBI concluded, however, that EPIC had failed to show any urgency toinform the public about the database, and also found that EPIC is not"primarily engaged in disseminating information," despite case law tothe contrary.

EPIC filed an application for an emergency court order requiring theFBI to reverse its decision and release the requested informationimmediately. Faced with the possibility of judicial review of itsposition, the FBI reversed its decision on EPIC's request the nextday. The FBI is now legally obligated to process and release theinformation as soon as practicable.

EPIC sent similar requests for information about Secure Flight andpassenger screening to the Transportation Security Administration andBureau of Customs and Border Protection. TSA, which is responsiblefor developing the program, concluded that there is no "compellingneed" to release the information, and denied EPIC's request that theagency make the documents available to the public before the end ofthe comment period. The agency also refused to waive fees forduplicating the documents, even though it has never denied EPIC thiswaiver before. This unusual step creates a significant financialbarrier to EPIC's ability to obtain the documents. Customs, inviolation of deadlines in the Freedom of Information Act, has notresponded to EPIC's request.

EPIC is considering next steps.

EPIC's motion for a temporary restraining order and preliminaryinjunction:

Privacy Act notice on the test phase of Secure Flight:

Secure Flight privacy impact assessment:

TSA request to the Office of Management and Budget for emergencyprocessing of June 2004 passenger data:

Submit Secure Flight comments to TSA online:

[2] Award Winners Question Science Funding for Mass Surveillance

EPIC Executive Director Marc Rotenberg joined other recipients of theNorbert Wiener Award for Professional and Social Responsibility incalling on Congress and others to examine the redirection of sciencefunding toward systems of mass surveillance. In an open letter datedOctober 16, fourteen Wiener Award winners cautioned that this shift inresearch priorities "could pose a fundamental risk to politicalfreedom, privacy, and Constitutional liberty."

While expressing support for new technologies that will identifydangerous substances, the letter warned, "there are special risksassociated with the development of systems of mass surveillance thatmust be addressed." The letter explained, "[l]eft unchecked, theconsequence of this development could be the adoption of systems ofmass surveillance unrelated to any terrorist threats. This will givethe government sweeping new capability to monitor private life andthus diminish the freedom and liberty of Americans." The letterstressed that privacy and civil liberty concerns must be addressed inthe early phases of research and made a priority throughoutimplementation.

The award winners called on the National Science Foundation, DARPA,
the Department of Homeland Security and others "to determine whetheradequate safeguards are being developed to protect the civil rights ofthe populations who will ultimately become the human subjects for thedeployment of these systems." The letter concluded, "[t]he Americanpublic has repeatedly made clear that it does not support theestablishment of vast systems of public surveillance. Yet our scienceagencies and many of our top researches are now pursuing preciselythis mission. We believe this must change."

The letter was accompanied by a brief survey of technology programscurrently funded by the federal government, including US-VISIT, MATRIXand other data mining and mass surveillance initiatives.

The prestigious Norbert Wiener Award is presented annually by theComputer Professionals for Social Responsibility in recognition foroutstanding contributions for social responsibility in computingtechnology. Previous winners who signed the letter include KarlAuerbach, Brian Behlendorf, Laura Gould, Dan McCracken, Peter G.
Neumann, Severo Ornstein, Theodore A. Postol, Eric S. Raymond, BarbaraSimons, Richard M. Stallman, Barry Steinhardt, Joseph Weizenbaum, andPhilip Zimmermann. Rotenberg received the award in 2000.

The open letter from Norbert Wiener Award winners:
Computer Professionals for Social Responsibility:

[3] Ethics Committee Reprimands Congressman For Misleading Agency

A Congressional ethics committee unanimously voted earlier this monththat House Majority Leader Tom DeLay (R-TX) used his position to exertundue influence over a federal agency. The rebuke was the second oneDeLay received in a six-day period.

The U.S. House of Representatives' Committee on Standards of OfficialConduct admonished DeLay for misleading Federal AviationAdministration officials when he asked them to search for Texaslawmakers who left the state last year to prevent a vote oncongressional redistricting. The Committee concluded that DeLay'sconduct "raises serious concerns" under House rules that "precludeduse of government resources for a political undertaking." It notedthat one FAA official later said he felt he "had been used" forpolitical purposes. DeLay's role in the matter "raises seriousconcerns under these standards of conduct," the report said.

In response to a 2003 Freedom of Information Act request, EPICobtained audio recordings between the FAA's Washington office andfield offices indicating that FAA officials were led to believe thatDeLay's request was part of a formal Congressional investigation.

The committee also admonished DeLay for soliciting political donationsfrom Kansas-based Westar Energy Inc. that created an appearance thatsuch donations would lead to "special treatment or special access to[a] member" of the House. DeLay participated in a Westar golffundraiser, which raised money for DeLay's political committee aroundthe same time a House-Senate conference on major energy legislationwas to take place. The committee deferred a third part of thecomplaint, which dealt with the fundraising group Texans for aRepublican Majority Political Action Committee, to which DeLay isclosely linked.

Statement of the Committee:

FAA conversations on Texas Democrats obtained by EPIC under the FOIA:

[4] Federal Agency Approves RFID Implant for Health Care Use

The Food and Drug Administration has approved the use of animplantable computer chip for health care information applications.
VeriChip is a radio frequency identification (RFID) device about thesize of a grain of rice. Each chip contains a unique verificationnumber that is revealed by passing a scanner over the chip. Thisunique number in turn links to a medical record (blood type, patient'sallergies, prior treatments, etc.) stored on a database. The chipmanufacturer claims that the chip, by disclosing a patient's medicalinformation to doctors with a RFID reader, could save lives and limitinjuries from errors in medical treatment. The company promotes thechip as a universal means of identification, and expects the device tobe used in a variety of applications including financial andtransportation security, residential and commercial building access,
military and government security.

Although the RFID tag in the VeriChip is passive at this stage of thetechnology -- which makes it impossible for current RFID readers toscan the chip from more than a few feet away -- quick progress in thetechnology could soon make a chip active. This would enable the chipto spontaneously broadcast radio waves, allowing for human tracking ona permanent basis without requiring the presence of a scanner. Thechips have already been used in recent years for non-medical purposes.

Once implanted, a VericChip could threaten an individual's right toprivacy if she is not able to remove the chip or prevent furtherscanning of the chip. Indeed, The director of the Office of DeviceEvaluation at the FDA Center for Devices and Radiological Health toldthe Privacy Times (Vol. 24 Number 19, Oct. 20, 2004) that "by agreeingto have the chip implanted, the understanding would be that a patienthas tacitly agreed to make information [stored in the VeriChip]
available to someone with a reader." She added that the potential forunauthorized medical records access "is an issue."

Although no regulation currently exists in the United States torestrict potential abuses of the chip, the European Union and a fewother countries around the world already have rules or guidelines inplace that apply basic data protection principles to any collectionand use of information through the use of RFID technology. The U.S.
Federal Trade Commission recently acknowledged that it would havejurisdiction over unfair or deceptive practices that involve the useof RFID tags, particularly in cases where a companyinvolved in tagscanning does not comply with its posted privacy policy.

For more information about VeriChip, see EPIC's VeriChip Page:

For more information about radio frequency identification, see EPIC'sRFID Page:

[5] Foreign Government Seizes Indymedia Servers in UK

On October 7, hard drives from two Independent Media Center serverswere seized from the London office of the U.S.-owned web hostingcompany Rackspace. The seizure was performed at the request of theU.S. Justice Department, reportedly in collaboration with Italian andSwiss authorities. The drives were returned on October 12 with noexplanation.

Independent Media Center, commonly known as Indymedia, is a globalmedia network where independent media organizations and thousands ofjournalists offer grassroots coverage of news events. The seizure ofthe Indymedia servers has stifled expression and silenced independentreporting in about twenty countries whose Indymedia sites were hostedon the two UK servers.

Indymedia received no court order explaining the situation or itsrights because its property was seized from Rackspace. Rackspace wasserved with the court order and then prevented from providingIndymedia, the owner of the property, with any information as to whoconfiscated the servers and why. There had been no prior attempt tocontact the site administrators or the owners of the hardware. Afterthe seizure, Indymedia was left with no information and unsure ofwhich government to address. The organization remains uninformed asto which country initiated the seizure. Early reports suggested theservers were seized by the FBI, though the Bureau now denies thisrole. Attorneys from the Electronic Frontier Foundation have agreedto investigate.

Indymedia issued a statement saying, "We are concerned over thegrowing use of international co-operation frameworks by Governmentsand Law enforcement agencies which can be used to obscure clear legalprocess, and call for openness and clarity in internationalco-operation, to ensure due process and that civil liberties areprotected."

The United Nations is currently establishing a Working Group onInternet Governance to determine whether there is a need for some formof global Internet governance. This case makes it clear that thereare civil liberties loopholes in the current governance systems andraises significant questions about international law enforcementcooperation.

Indymedia and supporters have initiated a solidarity campaign anddrafted a petition against the takeover of their servers. They areappealing to UK MP David Blunkett and U.S. Attorney General JohnAshcroft for more information regarding the legality of the seizure,
the responsibilities of the server host, and the accountability of thecountries involved.

Indymedia's statement on the seizure:

For updates and news on the Working Group on Internet Governance, seethe Public Voice web site:

The Public Voice Action Alert:

[6] News in Brief

A three-judge panel of the U.S. Court of Appeals for the EleventhCircuit has ruled unanimously that the screening of protesters outsideof the School of the Americas is unconstitutional. Demonstratorsgather annually on public property outside of Fort Benning, Georgia toprotest the combat training of Latin American soldiers at the Schoolof the Americas (recently renamed the Western Hemisphere Institute forSecurity Cooperation). Prior to a November 2002 vigil outside thetraining facility, the city police instituted a search policyrequiring protesters to pass through metal detectors. The protestersargued this policy violated their First and Fourth Amendment rights,
but the city said the search was necessary due to the War on Terrorand fears of a terrorist attack. The judges responded, "We cannotsimply suspend or restrict civil liberties until the War on Terror isover, because the War on Terror is unlikely ever to be truly over."
Judge Gerald Tjoflat wrote in the opinion, "Sept. 11, 2001, already aday of immeasurable tragedy, cannot be the day liberty perished inthis country." Protesters gathering at the training facility nextmonth will have the right to free speech without first having to bescreened.

The Eleventh Circuit's decision in Bourgeois v. Peters:

For more information about protesters' rights, see EPIC's ProtesterPrivacy Page:

The architect of controversial government data mining programs hastaken his ideas to a private, offshore company, the Washington Posthas reported. Ben H. Bell III, the former director of the Office ofNational Risk Assessment, helped design the now-defunct ComputerAssisted Passenger Pre-Screening program (CAPPS II), and is now usingsimilar concepts and technology with his new employer, Bahama-basedGlobal Information Group Ltd. CAPPS II, a data mining system thatstrived to color-code threats by airline passengers based onpattern-matching algorithms, was derailed by Congress due to concernsabout effectiveness and privacy implications. Global Informationintends to privatize this "terrorist risk identity assessment," aswell as perform checks on cargo ship crews, foreign job candidates,
and those who wish to open U.S. bank accounts. By basing itsoperations in the Bahamas, the private company is able to avoid U.S.
regulatory standards and oversight of its handling of sensitivepersonal data.

For more information about CAPPS II, see EPIC's Passenger ProfilingPage:

Bowing to intense industry pressure, the Federal CommunicationsCommission has delayed implementation of new rules that would prevent"junk faxes," unsolicited commercial facsimile messages that wereprohibited by Congress in 1991. The new rule requires commercial faxsenders to obtain written consent from recipients, and limits the"established business relationship" exemption, shortening the lengthof time that solicitations could be sent to eighteen months after apurchase or transaction, and three months after a customer makes aninquiry to a business (see EPIC Alert 11.11). The rules now will nottake effect until June 30, 2005.

The stay gives Congress more time to consider junk fax regulation.
Earlier this year, the House passed legislation, but the full Senatehas yet to consider a bill (see EPIC Alert 11.15). In testimonybefore the Senate Commerce Committee in September, EPIC cautioned thatloosening the regulations "will open individuals to hundreds or eventhousands of unwanted commercial fax solicitations."

A few days after the FCC's stay, the California and Indiana AttorneysGeneral secured a broad-ranging preliminary injunction, a prominent junk fax company, and the company's principals.
The injunction requires to comply with the Telephone ConsumerProtection Act of 1991, and prohibits the company from engaging in"war dialing," the practice of randomly calling numbers in order toidentify fax lines.

EPIC's testimony on junk fax regulation:

For more information about junk faxing, see the EPIC Telemarketing andJunk Fax Page:

The National Crime Victim Bar Association recently awarded NewHampshire Attorney David Gottesman the Frank Carrington Champion ofCivil Justice Award. The award is presented each year to an attorneywho best exemplifies a commitment to helping victims of crime securejustice through the civil courts.

Gottesman received the award for his work in Remsburg v. Docusearch,
Inc., in which he represented the estate of twenty-year-old Amy Boyerin a lawsuit against an Internet-based information broker. Docusearchsold a stalker personal information about Boyer, including her workaddress, which was obtained under false pretenses. Boyer's stalkerused the information to track her down and fatally shoot her as sheleft work. The New Hampshire Supreme Court ruled that businesses mustuse reasonable care when selling personal information and thatobtaining that information under false pretenses violates the ConsumerProtection Act. The court further held that a jury could decide thatselling a person's Social Security Number is sufficiently offensive towarrant monetary damages.

EPIC submitted an amicus brief in the case supporting greater privacyprotections against pretextual calling and the sale of Social SecurityNumbers. EPIC also argued in favor of stronger state privacy laws.

The National Crime Victim Bar Association:

EPIC's amicus brief in Remsberg v. Docusearch:

For more information about the Amy Boyer case, see EPIC's page onRemsberg v. Docusearch:

The Federal Trade Commission is planning a public workshop onpeer-to-peer file sharing. The event, entitled "Peer-to-PeerFile-Sharing Technology: Consumer Protection and Competition Issues,"
will be held December 15-16 at the FTC Conference Center inWashington, DC. The workshop is free and open to the public.
Pre-registration is not necessary. Topics will include how P2Pfile-sharing works, current and future applications, risks toconsumers, and competition issues such as P2P's effect on copyrightholders. The FTC is seeking public comment and requests toparticipate as workshop panelists.

For more information, see the FTC's P2P workshop page:

For information on submitting comments or panel participation, see theFTC's Federal Register notice:

EPIC's open letter on P2P privacy:

[7] EPIC Bookstore: The Identity Theft Protection Guide

Amanda Welsh, Ph.D., The Identity Theft Protection Guide (St. Martin'sGriffin 2004).

"Identity theft is the fastest-growing category of crime in the U.S.
today -- each year, over ten million Americans wake up to find their'identity stolen.' It's become clear that dealing with privacy andidentity issues is an essential part of life in our modern society.
Each chapter in this invaluable book contains a self-quiz to identifypersonal areas of concern, information to help 'take action' and more.

This book shows you how to:

* Minimize the risk of identity theft * React to stolen identity * Obtain and repair credit and insurance reports * Deal with direct marketers, junk mailers, telephone solicitors * Protect from hacking and spam * Keep kids safe in the online environment * Be aware of surveillance in today's electronic world * Repair a stolen or damaged identity.

These invaluable survival skills can no longer be considered optional
-- they are essential for life in a wired society. The Identity TheftPrevention Guide is the most complete, authoritative and easy-to-useresource on this crucial topic."

EPIC Publications:

"FOIA 2004: Litigation Under the Federal Open Government Laws," HarryHammitt, David Sobel and Tiffany Stedman, editors (EPIC 2004). Price:

This is the standard reference work covering all aspects of theFreedom of Information Act, the Privacy Act, the Government in theSunshine Act, and the Federal Advisory Committee Act. The 22ndedition fully updates the manual that lawyers, journalists andresearchers have relied on for more than 25 years. For those wholitigate open government cases (or need to learn how to litigatethem), this is an essential reference manual.

"The Public Voice WSIS Sourcebook: Perspectives on the World Summit onthe Information Society" (EPIC 2004). Price: $40.

This resource promotes a dialogue on the issues, the outcomes, and theprocess of the World Summit on the Information Society (WSIS). Thisreference guide provides the official UN documents, regional andissue-oriented perspectives, as well as recommendations and proposalsfor future action, as well as a useful list of resources and contactsfor individuals and organizations that wish to become more involved inthe WSIS process.

"The Privacy Law Sourcebook 2003: United States Law, InternationalLaw, and Recent Developments," Marc Rotenberg, editor (EPIC 2003).
Price: $40.

The "Physicians Desk Reference of the privacy world." An invaluableresource for students, attorneys, researchers and journalists who needan up-to-date collection of U.S. and International privacy law, aswell as a comprehensive listing of privacy resources.

"Privacy & Human Rights 2003: An International Survey of Privacy Lawsand Developments" (EPIC 2002). Price: $35.
This survey, by EPIC and Privacy International, reviews the state ofprivacy in over fifty-five countries around the world. The surveyexamines a wide range of privacy issues including data protection,
passenger profiling, genetic databases, video surveillance, ID systemsand freedom of information laws.

"Filters and Freedom 2.0: Free Speech Perspectives on Internet ContentControls" (EPIC 2001). Price: $20.

A collection of essays, studies, and critiques of Internet contentfiltering. These papers are instrumental in explaining why filteringthreatens free expression.

"The Consumer Law Sourcebook 2000: Electronic Commerce and the GlobalEconomy," Sarah Andrews, editor (EPIC 2000). Price: $40.
The Consumer Law Sourcebook provides a basic set of materials forconsumers, policy makers, practitioners and researchers who areinterested in the emerging field of electronic commerce. The focus ison framework legislation that articulates basic rights for consumersand the basic responsibilities for businesses in the online economy.

"Cryptography and Liberty 2000: An International Survey of EncryptionPolicy," Wayne Madsen and David Banisar, authors (EPIC 2000). Price:

EPIC's third survey of encryption policies around the world. Theresults indicate that the efforts to reduce export controls on strongencryption products have largely succeeded, although severalgovernments are gaining new powers to combat the perceived threats ofencryption to law enforcement.

EPIC publications and other books on privacy, open government, freeexpression, crypto and governance can be ordered at:

EPIC Bookstore

"EPIC Bookshelf" at Powell's Books

[8] Upcoming Conferences and Events

2004 Big Brother Awards Netherlands. October 24, 2004. Amsterdam,
Netherlands. For more information:

DRM 2004: The Fourth ACM Workshop on Digital Rights Management.
Association for Computing Machinery Special Interest Group onSecurity, Audit and Control. October 25, 2004. Washington, DC. Formore info:

2004 Big Brother Awards Austria. October 26, 2004. Vienna, Austria.
For more information:

Sunshine on Public Data: Conference on Freedom of ElectronicInformation. Hungarian Ministry of Informatics and Communications andCentral European University. October 26, 2004. Budapest, Hungary.
E-mail krisztina.pentekne at

Private and Private International Law Issues Raised by ElectronicCommerce. The Hague Conference on Private International Law, theNetherlands Government and the International Chamber of Commerce.
October 26-27, 2004. The Hague, Netherlands. For more information:

IAPP Privacy and Data Security Academy & Expo. InternationalAssociation of Privacy Professionals. October 27-29, 2004. NewOrleans, LA. For more information:

Privacy and Security: Seeking the Middle Path. Office of theInformation & Privacy Commissioner of Ontario; Centre for InnovationLaw and Policy, University of Toronto; and Center for AppliedCryptographic Research, University of Waterloo. Toronto, Ontario,
Canada. October 28-29, 2004. For more information:

2004 Big Brother Awards Germany. October 29, 2004. Bielefeld,
Germany. For more information:

The 2004 Isaac Pitblado Lectures: Privacy -- Another Snail in theGinger Beer. The Law Society of Manitoba, The Manitoba BarAssociation and the University of Manitoba Faculty of Law. November19-20, 2004. Manitoba, Canada. For more information:

2004 Big Brother Awards Hungary. November 25, 2004. Budapest,
Hungary. For more information:

National Security, Law Enforcement and Data Protection. BritishInstitute of International and Comparative Law Data ProtectionResearch and Policy Group. December 8, 2004. London, UK. For moreinformation:

14th Annual RSA Conference. RSA Security. February 14-18, 2005. SanFrancisco, CA. For more information:

O'Reilly Emerging Technology Conference. March 14-17, 2005. SanDiego, CA. For more Information:

7th International General Online Research Conference. GermanSociety for Online Research. March 22-23, 2005. Zurich, Switzerland.
For more information:

5th Annual Future of Music Policy Summit. Future of MusicCoalition. April 10-11, 2005. Washington DC. For more information:

CFP2005: Fifteenth Annual Conference on Computers, Freedom andPrivacy. April 12-15, 2005. Seattle, WA. For more information:

2005 IEEE Symposium on Security and Privacy. IEEE Computer SocietyTechnical Committee on Security and Privacy in cooperation with TheInternational Association for Cryptologic Research. May 8-11, 2005.
Berkeley, CA. For more information:

SEC2005: Security and Privacy in the Age of Ubiquitous Computing.
Technical Committee on Security & Protection in Information ProcessingSystems with the support of Information Processing Society of Japan.
May 30-June 1, 2005. Chiba, Japan. For more information:

Subscription Information

Subscribe/unsubscribe via web interface:

Back issues are available at:

The EPIC Alert displays best in a fixed-width font, such as Courier.

Privacy Policy

The EPIC Alert mailing list is used only to mail the EPIC Alert and tosend notices about EPIC activities. We do not sell, rent or share ourmailing list. We also intend to challenge any subpoena or other legalprocess seeking access to our mailing list. We do not enhance (linkto other databases) our mailing list or require your actual name.

In the event you wish to subscribe or unsubscribe your e-mail addressfrom this list, please follow the above instructions under"subscription information."

About EPIC

The Electronic Privacy Information Center is a public interestresearch center in Washington, DC. It was established in 1994 tofocus public attention on emerging privacy issues such as the ClipperChip, the Digital Telephony proposal, national ID cards, medicalrecord privacy, and the collection and sale of personal information.
EPIC publishes the EPIC Alert, pursues Freedom of Information Actlitigation, and conducts policy research. For more information, see or write EPIC, 1718 Connecticut Ave., NW, Suite200, Washington, DC 20009. +1 202 483 1140 (tel), +1 202 483 1248(fax).

If you'd like to support the work of the Electronic PrivacyInformation Center, contributions are welcome and fullytax-deductible. Checks should be made out to "EPIC" and sent to 1718Connecticut Ave., NW, Suite 200, Washington, DC 20009. Or you cancontribute online at:

Your contributions will help support Freedom of Information Act andFirst Amendment litigation, strong and effective advocacy for theright of privacy and efforts to oppose government regulation ofencryption and expanding wiretapping powers.

Thank you for your support.

END EPIC Alert 11.20


WorldLII: Copyright Policy | Disclaimers | Privacy Policy | Feedback