WorldLII Home | Databases | WorldLII | Search | Feedback

EPIC Alert

You are here:  WorldLII >> Databases >> EPIC Alert >> 2004 >> [2004] EPICAlert 23

Database Search | Name Search | Recent Alerts | Noteup | LawCite | Help

EPIC Alert 11.23 [2004] EPICAlert 23 (8 December 2004)








EPIC ALERT


Volume 11.23 December 8, 2004


Published by the Electronic Privacy Information Center (EPIC)
Washington, D.C.

http://www.epic.org/alert/EPIC_Alert_11.23.html


Table of Contents



[1] EPIC FOIA Request Shows CIA Funded Internet Surveillance in U.S.

[2] Free Credit Reports Available; Credit Agencies Block Links to Them
[3] Congress Establishes Privacy Offices in Federal Agencies
[4] United Kingdom Takes Steps Toward National ID Card
[5] Global Coalition Launches Anti-Fingerprint Campaign in Europe
[6] News in Brief
[7] EPIC Bookstore: The Digital Person
[8] Upcoming Conferences and Events


[1] EPIC FOIA Request Shows CIA Funded Internet Surveillance in U.S.


Documents recently obtained by EPIC under the Freedom of InformationAct reveal details about a joint effort between the CIA and theNational Science Foundation to fund a program that, among otherthings, is researching ways to monitor online chat rooms for terroristactivities.

According to a Memorandum of Understanding signed by the CIA on April14, 2003, and the NSF on April 16, 2003, the agreement was reachedafter a workshop held by the intelligence community and NSF inNovember 2002. The memo shows that the program's research concentrateson energy sources, sensors and detectors, image reconstruction andanalysis, optical spectography, and mathematical techniques. Accordingto the document, NSF contributed $2.50 million in FY2003 and another$2.5 million in FY2004 toward the program. The total amount providedby the CIA is not given, but the memo states that NSF's contributionis 70 percent of the total. The document says that the initiative wasto remain in effect through FY2004 and beyond.

EPIC also obtained a September 17, 2004, email from an unidentifiedCIA official to Dr. Leland M. Jameson, the Program Director forComputational and Applied Mathematics at the NSF. The email states,
"We gratified [sic] that the scientific community wants to help thenation and contribute to the nation's security in a time of peril." Itcontinues, "As far as what we do with the technology -- we havethorough oversight by the US Congress and we strictly follow allapplicable laws." The CIA email was sent in response to a September17, 2004, news article about the chat room monitoring program and arequest for an interview of Jameson by a reporter in New Jersey.
Jameson informs the CIA official, "I will have to give anotherinterview. I was told the worst thing is for a reporter to write that'the NSF refused to comment.'"

The documents came to light just a month after former recipients ofthe Norbert Wiener Award, awarded annually by Computer Professionalsfor Social Responsibility, expressed "concern about the significantredirection in science funding toward the development of systems ofmass surveillance." The award winners said, "It is our view that thisresearch priority could pose a fundamental risk to political freedom,
privacy, and Constitutional liberty."

EPIC's Freedom of Information Act request:

http://www.epic.org/privacy/wiretap/nsf_foia.pdf

Memorandum of Understanding between the NSF and CIA:

http://www.epic.org/privacy/wiretap/nsf_mou.pdf

Email from CIA to Leland M. Jameson:

http://www.epic.org/privacy/wiretap/nsf_email.pdf

More information and FOIA documents are available at:

http://www.epic.org/privacy/wiretap/nsf_release



[2] Free Credit Reports Available; Credit Agencies Block Links to Them


As of December 1, residents of fourteen Western states can obtain afree copy of their credit reports annually from Experian, Trans Union,
and Equifax. The copies can be requested online, by phone call, or bywriting to a postal address. Under a rollout schedule determined bythe Federal Trade Commission, those in the Midwest will be eligiblestarting March 1, 2005; Southerners starting June 1, 2005, and Eastcoast residents starting September 1, 2005. These free reports are amajor consumer victory flowing from the 2003 passage of the Fair andAccurate Credit Transactions Act (see EPIC Alert 10.25).

As of this writing, the credit reporting agencies have blockedexternal web links to the free report site, claiming that links createsecurity risks. EPIC and a coalition of consumer and privacy groupshave urged the Federal Trade Commission to order the credit reportingagencies to refrain from blacklisting links to the site. Thecoalition letter argues that blocking links violates federalregulations; that it drives down search engine rankings for the freesite, making it more likely that individuals will find a fee-basedsite; and that "every subtle and not so subtle web design tactic hasbeen employed to make www.annualcreditreport.com difficult to find anduse. It appears this is unlikely to have occurred by accident,
because many of the tactics represent bad web design, mistakes thatonly beginner HTML authors would make."

Despite the attempts of the credit reporting agencies to obscure thefree site, the availability of annual free credit reports is animportant right that individuals should exercise regularly. With afree report from each of the credit reporting agencies, consumers canengage in credit monitoring without paying expensive fees associatedwith automated products marketed by Experian, Trans Union, andEquifax. Individuals can simply request a free report from oneagency, and then wait four months to request a report from another,
and so on. By requesting one of the three reports every four months,
consumers will be able to keep an eye on their credit report andminimize the fallout of identity theft.

The free report requirement also applies to "nationwide specialty"
credit reporting agencies, such as ChoicePoint and the MedicalInformation Bureau, that collect and sell employment, tenant, medical,
and insurance reports.

Under a rollout schedule determined by the FTC, those in the Midwestwill be eligible starting March 1, 2005; Southerners starting June 1,
2005, and East coast residents starting September 1, 2005.

Free credit report site for Experian, Trans Union, and Equifax thatincludes instructions for obtaining reports online, by phone, and bymail:

https://www.annualcreditreport.com

EPIC redirect link for the free site:

http://epic.org/privacy/fcra/freereportredirect.html

EPIC letter on blocked hyperlinks to the free site:

http://www.epic.org/privacy/fcra/freereportltr.html

Free specialty report site for ChoicePoint:

http://www.choicepoint.com/factact.html

Free report site for the Medical Information Bureau:

http://www.mib.com/html/request_your_record.html

Federal Trade Commission final rule on free credit reports:

http://www.ftc.gov/opa/2004/06/freeannual.htm

EPIC comments on free credit reports:

http://epic.org/privacy/fcra/freereport.html



[3] Congress Establishes Privacy Offices in Federal Agencies


A massive appropriations bill recently passed by Congress includesprovisions that establishes privacy officers in federal agencies. Thisaction follows some of the 9/11 Commission's recommendations onprivacy and security.

Shortly after the Commission issued its report, EPIC and a coalitionof more than 40 civil liberties organizations sent a letter to membersof Congress outlining key points to consider as the House and Senatecraft legislation based on the 9/11 Commission recommendations. Theletter proposed ways to ensure that the goals of security and freedomare both attained, specifically stating, "the appointment of Privacyand Civil Rights and Civil Liberties Protection Officers for eachfederal department would help ensure compliance with thosesafeguards."

The coalition letter also stated, "routine public reporting shouldalso be established to ensure that the public is able to evaluate thecosts and benefits of information sharing with the federalgovernment." The recently passed appropriations bill also directs thenew privacy offices to have a third party review the how the agencysafeguards personally identifiable information it manages at leastonce every two years.

The appropriations bill has been a lightning rod for privacy-relatedconflict. Last month the House approved a version of the bill with aprovision that would have given two Congressional committee chairmenaccess to any American's tax returns. The measure said, "Hereafter,
notwithstanding any other provision of law governing the disclosure ofincome tax returns or return information, upon written request of thechairman of the House or Senate Committee on Appropriations, thecommissioner of the Internal Revenue Service shall allow agentsdesignated by such chairman access to Internal Revenue Servicefacilities and any tax returns or return information containedtherein." Both the House and Senate eventually voted to kill theprovision. House Minority Leader Nancy Pelosi (D-CA) denounced themeasure, saying, "it should be of grave concern to all Americans thattheir privacy could be invaded by such an outrageous provision."

In Defense of Freedom coalition letter to Congress:

http://www.indefenseoffreedom.org/statements/9-11_letter.pdf

The text of H.R. 4818:

http://thomas.loc.gov/cgi-bin/bdquery/z?d108:HR04818:

The text of H.R. 5424:

http://thomas.loc.gov/cgi-bin/bdquery/z?d108:HR05424:

For more information about taxpayer privacy, see EPIC's InternalRevenue Service Page:

http://www.epic.org/privacy/databases/irs



[4] United Kingdom Takes Steps Toward National ID Card


The United Kingdom government is going forward with its plans for amandatory national ID card in its Identity Cards Bill, recentlyannounced in the Queen's Speech, which sets out the government'slegislative program for the coming year. The bill was introduced inthe House of Commons several days ago.

The bill has not changed much from a draft published for consultationin April, when it had been released over opposition from severalcabinet ministers including former Home Secretary (now ForeignSecretary) Jack Straw. It has been strongly opposed by a wide varietyof groups in the UK including the Liberal Democrats party, the LawSociety and the Information Commissioner, and is expected to receiveserious scrutiny in the House of Lords. A public opinion poll,
commissioned by Privacy International earlier this year, found severalmillion people would conduct civil disobedience and one million wouldgo to jail before they submitted to the new card.

The Identity Cards Bill would require all citizens to get a new IDcard when they renew their passports. A central National IdentityRegister would contain the name, current and previous addresses, placeof birth, identifying characteristics, nationality and immigrationstatus of every UK resident. Biometrics (fingerprints and iris scans)
would be stored on the card and in the database. The card and theregister would be necessary to seek employment, to gain access tohealth and various other services, and would be used by police andimmigration officers. The proposed law gives the Home Secretary thepower to issue regulations to vastly expand the scope of the bill,
including making the card mandatory without needing changes to thelaw. It would cost at least USD $12 billion to implement the newidentity scheme. The card is expected to be phased in over 10 years,
starting in 2007-08, by replacing existing drivers licenses andpassport cards.

Since 1952, the issue of national ID cards has come up every few yearsin Great Britain and has been soundly rejected due to publicopposition. Shortly after September 11, 2001, Home Secretary DavidBlunkett again proposed the card but was forced to back away after itwas severely criticized. It has subsequently been promoted as a meansto prevent illegal immigration, improve public services and to preventterrorism.

For more information about national ID, see EPIC's National ID CardsPage:

http://www.epic.org/privacy/id_cards

More information on identity cards is available in Privacy and HumanRights 2004:

http://www.epic.org/bookstore/phr2004



[5] Global Coalition Launches Anti-Fingerprint Campaign in Europe


EPIC joined a coalition of privacy officials, non-governmentalorganizations, and individuals in sending an open letter to urge theEuropean Parliament to reject a proposed regulation that would requirebiometric identification of all European citizens and residents bytaking their fingerprints and digital photographs and storing them inpolice databases.

The letter argued that it is an unnecessary and rushed policy thatwill diminish Europeans' right to privacy. It also recommendedadditional oversight and the establishment of significant controls anda strong legal framework on the new biometric databases put in place.
The coalition specifically recommended the removal of theEuropean-wide fingerprinting requirement, arguing that it is anunnecessary and disproportionate measure to fight terrorism. Theletter referred to an academic analysis questioning the legal basis ofthe proposal by stating that the proposed regulation on EU passportswould breach the right to private life protected by European Communitylaw. Other critiques include unknown costs of the measures that wouldimplement the biometric scheme, and the secrecy and lack of publicoversight of the work of the committee working on its details.

The fingerprint biometric for all citizens and residents isunprecedented. While the the Council of the European Union is callingfor the use of two biometrics, the United States and the InternationalCivil Aviation Organization only require one, and the U.S. governmentdoes not plan to implement fingerprints in its citizens' passports.

Moreover, the Council appears to have deliberately acted in the lastfew months in a way that has precluded meaningful participation of theEuropean Parliament in the "consultation" procedure used to adoptCouncil regulations, despite Parliament members' critiques aimed atlimiting the scope of the draft regulation and securing oversight.

Privacy International:

http://www.privacyinternational.org

Privacy International, Statewatch and EDRI open letter:

http://www.epic.org/redirect/pi_fingerprint.html

Council draft regulation on biometric passports:

http://www.statewatch.org/news/2004/nov/biometric-proposal.pdf

General information on biometric passports is available in Privacy andHuman Rights 2004:

http://www.epic.org/bookstore/phr2004



[6] News in Brief


FTC FAILS TO ENFORCE CHILDREN'S PRIVACY LAW AGAINST AMAZON.COM
Federal Trade Commission staff have determined that Amazon.com's "ToyStore" web site is "not directed at children" for purposes of theChildren's Online Privacy Protection Act (COPPA). The agency alsofound that Amazon did not knowingly collect personal information fromchildren through its web site. COPPA requires child-oriented websites to provide extra protections for personal information submittedby children.

The FTC staff letter comes in response to an April 2003 complaint fromEPIC and other privacy groups arguing that the subject matter of thesite, the use of child models, and other factors made the sitedirected at children (see EPIC Alert 10.08). Several children hadalso registered on the site and in some cases, posted full names andpostal addresses. In its letter, the FTC relied heavily on a singlesentence in Amazon's privacy policy that stated that the company onlysells products to adults.

FTC letter:

http://www.epic.org/privacy/amazon/ftc_amazon.pdf

EPIC complaint:

http://www.epic.org/privacy/amazon/coppacomplaint.html

For more information about children's privacy, see the EPIC Children'sOnline Privacy Protection Act Page:

http://www.epic.org/privacy/kids

GOVERNMENT UNIONS PROTEST HOMELAND SECURITY SECRECY AGREEMENTS
The National Treasury Employees Union and the American Federation ofGovernment Employees have urged the Department of Homeland Security tostop requiring its 180,000 employees to sign nondisclosure agreementsthat keep them from providing, among other things, "sensitive butunclassified information" to the public. In a letter to the SecretaryTom Ridge, the unions said that they will challenge theconstitutionality of the secrecy agreements if the agency continues touse them.

Agency employees who violate the nondisclosure agreements risk beingfined, losing their jobs, and even prison time. One provision saysthat signers consent to government inspections "at any time or place"
to ensure that they are complying with the agreement.

Letter from National Treasury Employees Union and the AmericanFederation of Government Employees to Tom Ridge:

http://www.epic.org/redirect/nteu.html

The nondisclosure agreement:

http://www.epic.org/privacy/homeland/dhs_nda.pdf

WASHINGTON METRO INTRODUCES ACCESS TO RECORDS POLICY
Directors of the Washington Metropolitan Area Transit Authority haveproposed a formal policy that would govern how Metro handles requestsfor records and provide greater protection to electronic fare carddata. Though Metro is apparently not covered by Maryland, Virginia,
DC, or federal freedom of information laws, the proposed policy wouldallow individuals who are denied requests for information to sue Metroin court. The policy would also permit Metro to release SmarTrip carddata only when ordered to do so by a court, for law enforcementpurposes, or when the card holder gives written consent.

Metro encourages the public to comment on the proposed policy, whichwill be posted on Metro's web site by December 17. Comments may alsobe mailed to the Office of General Counsel, WMATA, 600 Fifth St. NW,
Washington, D.C. 20001 or submitted electronically.

For more information about the policy, see Metro's web site:

http://www.wmata.com/about/met_news/story.cfm?ID=95

Email comments on the proposal to:

comments at wmata.com



[7] EPIC Bookstore: The Digital Person


Daniel J. Solove, The Digital Person (New York University Press 2004).

http://www.powells.com/cgi-bin/biblio?inkey=2-0814798462-1
"Seven days a week, twenty-four hours a day, electronic databases arecompiling information about you. As you surf the Internet, anunprecedented amount of your personal information is being recordedand preserved forever in the digital minds of computers. For eachindividual, these databases create a profile of activities, interests,
and preferences used to investigate backgrounds, check credit, marketproducts, and make a wide variety of decisions affecting our lives.

"The creation and implementation of these databases -- which Daniel J.
Solove calls 'digital dossiers' -- has thus far gone largelyunchecked. In this startling account of new technologies for gatheringand using personal data, Solove explains why these digital dossierspose a grave threat to our privacy. For example, they increase ourvulnerability to identity theft, a serious crime that has beenescalating at an alarming rate. Moreover, since September 11, thegovernment has been tapping into vast stores of information collectedby businesses and using it to profile people for criminal or terroristactivity.

"The Digital Person not only explores these problems, but provides acompelling account of how we can respond to them. Using a widevariety of sources, including history, philosophy, and literature,
Solove puts forth a new understanding of what privacy is, one that isappropriate for the new challenges of the Information Age. Soloverecommends how the law can be reformed to simultaneously project ourprivacy and allow us to enjoy the benefits of our increasingly digitalworld."



"FOIA 2004: Litigation Under the Federal Open Government Laws," HarryHammitt, David Sobel and Tiffany Stedman, editors (EPIC 2004). Price:
$40. http://www.epic.org/bookstore/foia2004

This is the standard reference work covering all aspects of theFreedom of Information Act, the Privacy Act, the Government in theSunshine Act, and the Federal Advisory Committee Act. The 22ndedition fully updates the manual that lawyers, journalists andresearchers have relied on for more than 25 years. For those wholitigate open government cases (or need to learn how to litigatethem), this is an essential reference manual.



"The Public Voice WSIS Sourcebook: Perspectives on the World Summit onthe Information Society" (EPIC 2004). Price: $40.

http://www.epic.org/bookstore/pvsourcebook

This resource promotes a dialogue on the issues, the outcomes, and theprocess of the World Summit on the Information Society (WSIS). Thisreference guide provides the official UN documents, regional andissue-oriented perspectives, as well as recommendations and proposalsfor future action, as well as a useful list of resources and contactsfor individuals and organizations that wish to become more involved inthe WSIS process.



"The Privacy Law Sourcebook 2003: United States Law, InternationalLaw, and Recent Developments," Marc Rotenberg, editor (EPIC 2003).
Price: $40. http://www.epic.org/bookstore/pls2003

The "Physicians Desk Reference of the privacy world." An invaluableresource for students, attorneys, researchers and journalists who needan up-to-date collection of U.S. and International privacy law, aswell as a comprehensive listing of privacy resources.



"Filters and Freedom 2.0: Free Speech Perspectives on Internet ContentControls" (EPIC 2001). Price: $20.
http://www.epic.org/bookstore/filters2.0

A collection of essays, studies, and critiques of Internet contentfiltering. These papers are instrumental in explaining why filteringthreatens free expression.



"The Consumer Law Sourcebook 2000: Electronic Commerce and the GlobalEconomy," Sarah Andrews, editor (EPIC 2000). Price: $40.
http://www.epic.org/cls
The Consumer Law Sourcebook provides a basic set of materials forconsumers, policy makers, practitioners and researchers who areinterested in the emerging field of electronic commerce. The focus ison framework legislation that articulates basic rights for consumersand the basic responsibilities for businesses in the online economy.



"Cryptography and Liberty 2000: An International Survey of EncryptionPolicy," Wayne Madsen and David Banisar, authors (EPIC 2000). Price:
$20. http://www.epic.org/bookstore/crypto00&

EPIC's third survey of encryption policies around the world. Theresults indicate that the efforts to reduce export controls on strongencryption products have largely succeeded, although severalgovernments are gaining new powers to combat the perceived threats ofencryption to law enforcement.



EPIC publications and other books on privacy, open government, freeexpression, crypto and governance can be ordered at:

EPIC Bookstore http://www.epic.org/bookstore

"EPIC Bookshelf" at Powell's Books http://www.powells.com/features/epic/epic.html



[8] Upcoming Conferences and Events


Meeting of the Information Security and Privacy Advisory Board.
Department of Commerce. December 14-15, 2004. Washington, DC. Formore information: http://csrc.nist.gov/ispab.

3rd Annual Digital Rights Management Conference 2005. Ministry ofScience and Research of the State Northrhine Westfalia, Germany.
January 13-24, 2005. Berlin, Germany. For more information:
http://www.digital-rights-management.org/start.php.

12th Annual Network and Distributed System Security Symposium. TheInternet Society. February 3-4, 2005. San Diego, CA. For moreinformation: http://www.isoc.org/isoc/conferences/ndss/05/index.shtml.

14th Annual RSA Conference. RSA Security. February 14-18, 2005. SanFrancisco, CA. For more information:
http://2005.rsaconference.com/us/general/default.aspx.

The World Summit on the Information Society PrepCom 2. February17-25, 2005. Geneva, Switzerland. For more information:
http://www.itu.int/wsis/preparatory2/hammamet/index.html.

3rd International Conference of Information Commissioners. FederalInstitute of Access to Information. February 20-23, 2005. Cancun,
Mexico. For more information:
http://www.icic-cancun.org.mx/index.php?lang=eng.

The Concealed I: Anonymity, Identity, and the Prospect of Privacy. Onthe Identity Trail and the Law and Technology Program at theUniversity of Ottawa. March 4-5, 2005. Ottawa, Canada. For moreinformation: http://www.anonequity.org/concealedI.

O'Reilly Emerging Technology Conference. March 14-17, 2005. SanDiego, CA. For more Information:
http://conferences.oreillynet.com/etech.

7th International General Online Research Conference. GermanSociety for Online Research. March 22-23, 2005. Zurich, Switzerland.
For more information: http://www.gor.de.

5th Annual Future of Music Policy Summit. Future of MusicCoalition. April 10-11, 2005. Washington DC. For more information:
http://www.futureofmusic.org/events/summit05/index.cfm.

CFP2005: Fifteenth Annual Conference on Computers, Freedom andPrivacy. April 12-15, 2005. Seattle, WA. For more information:
http://www.cfp2005.org.

2005 IEEE Symposium on Security and Privacy. IEEE Computer SocietyTechnical Committee on Security and Privacy in cooperation with TheInternational Association for Cryptologic Research. May 8-11, 2005.
Berkeley, CA. For more information:
http://www.ieee-security.org/TC/SP2005/oakland05-cfp.html.

SEC2005: Security and Privacy in the Age of Ubiquitous Computing.
Technical Committee on Security & Protection in Information ProcessingSystems with the support of Information Processing Society of Japan.
May 30-June 1, 2005. Chiba, Japan. For more information:
http://www.sec2005.org.

3rd International Human.SocietyInternet Conference. July 27-29,
2005. Tokyo, Japan. For more information: http://hsi.itrc.net.

The World Summit on the Information Society. Government of Tunisia.
November 16-18, 2005. Tunis, Tunisia. For more information:
http://www.itu.int/wsis.


Subscription Information


Subscribe/unsubscribe via web interface:

https://mailman.epic.org/cgi-bin/mailman/listinfo/epic_news

Back issues are available at:

http://www.epic.org/alert

The EPIC Alert displays best in a fixed-width font, such as Courier.


Privacy Policy


The EPIC Alert mailing list is used only to mail the EPIC Alert and tosend notices about EPIC activities. We do not sell, rent or share ourmailing list. We also intend to challenge any subpoena or other legalprocess seeking access to our mailing list. We do not enhance (linkto other databases) our mailing list or require your actual name.

In the event you wish to subscribe or unsubscribe your e-mail addressfrom this list, please follow the above instructions under"subscription information."


About EPIC


The Electronic Privacy Information Center is a public interestresearch center in Washington, DC. It was established in 1994 tofocus public attention on emerging privacy issues such as the ClipperChip, the Digital Telephony proposal, national ID cards, medicalrecord privacy, and the collection and sale of personal information.
EPIC publishes the EPIC Alert, pursues Freedom of Information Actlitigation, and conducts policy research. For more information, seehttp://www.epic.org or write EPIC, 1718 Connecticut Ave., NW, Suite200, Washington, DC 20009. +1 202 483 1140 (tel), +1 202 483 1248(fax).

If you'd like to support the work of the Electronic PrivacyInformation Center, contributions are welcome and fullytax-deductible. Checks should be made out to "EPIC" and sent to 1718Connecticut Ave., NW, Suite 200, Washington, DC 20009. Or you cancontribute online at:

http://www.epic.org/donate

Your contributions will help support Freedom of Information Act andFirst Amendment litigation, strong and effective advocacy for theright of privacy and efforts to oppose government regulation ofencryption and expanding wiretapping powers.

Thank you for your support.

END EPIC Alert 11.23

.


WorldLII: Copyright Policy | Disclaimers | Privacy Policy | Feedback
URL: http://www.worldlii.org/int/journals/EPICAlert/2004/23.html