WorldLII Home | Databases | WorldLII | Search | Feedback

EPIC Alert

You are here:  WorldLII >> Databases >> EPIC Alert >> 2004 >> [2004] EPICAlert 24

Database Search | Name Search | Recent Articles | Noteup | LawCite | Help

EPIC Alert 11.24 [2004] EPICAlert 24


Volume 11.24 December 23, 2004

Published by the Electronic Privacy Information Center (EPIC)
Washington, D.C.

Table of Contents

[1] EPIC Hosts Privacy and Public Voice Conference in Africa
[2] Intelligence Reform Law Creates New Standards for ID Documents
[3] EPIC Seeks Investigation of ChoicePoint, Data Brokers
[4] Coalition Objects to Selective Service, University Data Matching
[5] EPIC FOIA Request Shows Postal Machines Take and Store Photos
[6] News in Brief
[7] EPIC Bookstore: 9/11 and Terrorist Travel
[8] Upcoming Conferences and Events

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


EPIC works to protect privacy, freedom of expression, democraticvalues, and to promote the Public Voice in decisions concerning thefuture of the Internet. We rely on support from foundations andindividual donors to maintain our programs.

Please make a tax-deductible donation to EPIC today.

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

[1] EPIC Hosts Privacy and Public Voice Conference in Africa

On December 6 EPIC held the Africa Electronic Privacy and Public VoiceSymposium in Cape Town, South Africa, which took place in conjunctionwith the first meeting of the Internet Corporation for Assigned Namesand Numbers (ICANN). The symposium featured panel discussions on dataprotection and freedom of expression in Africa, Internet policy inAfrica, and African perspectives on global Internet governance.

Participants discussed the role of privacy as a foreign concept tomost Africans, both in terms of their culture of community opennessand as a concern of only the elite. Panelists believed privacy is animportant issue for Africa, which traditionally has not emphasizedother individual values such as freedom of expression. All panelistsfelt this needs to change quickly, and there is broad-based supportfor considering privacy issues in the contexts of informationtechnology and in the World Summit on the Information Society.

Elizabeth Bakibinga, Senior Legislative Council to the Parliament ofUganda, explored the legal basis of the right to privacy in Uganda.
She described a multi-part approach to privacy protection and setforward a model for privacy legislation in Africa. She also explainedthat in Africa the community comes first, but that privacy will be animportant concern as the information technology revolution advances.
"One can have privacy and still be part of the community," sheconcluded.

Joi Ito, the newest member of the ICANN board, provided a comparativeapproach to privacy with the example of Japan. He said that privacyprotection is critical in Japan, though it is a traditional societysimilar to Africa, to help sustain democracy. However, there areserious challenges after 9/11. Information communication technology"now hides government activity but exposes individuals. This needs tobe reversed," he said. He called on participants to educategovernment officials about these issues. He asserted, "if you loseyour privacy, you lose your democracy."

The Association for Progressive Communications demonstrated the newAfrica ICT Monitor, a tool that will allow the public to postinformation communication technology-related issues and legislation.
He demonstrated the site for participants and showed it as one tool tobuild a movement to protect privacy. Nnenna Nwakanma, a member of theAfrican Civil Society for the Information Society, spoke about therole of African civil society and emphasized that "action takes placeat the grassroots level." She outlined several goals, includingtechnical support, partnerships, information, content, and training.
Participants also discussed participation in regional and globalInternet governance and urged that governance is best when it'sclosest to the people.

EPIC Executive Director Marc Rotenberg concluded the conference bycomparing the challenge of privacy protection in the informationsociety to the challenge of environmental protection in the industrialsociety. As symposium participants described, privacy is asignificant but futuristic and elite issue in Africa that requiresimmediate attention, advocacy, and publicity in the region as theinformation age progresses.

EPIC is very grateful to the Open Society Institute, the FordFoundation, Afilias and in particular the Public Interest Registry(.org) for their generous support and assistance in the planning andimplementation of the symposium.

The next Public Voice event will be held in conjunction with theupcoming ICANN meeting in Mar de Plata, Argentina in April 2005.

Africa Electronic Privacy and Public Voice Symposium:


APC Africa ICT Policy Monitor:


[2] Intelligence Reform Law Creates New Standards for ID Documents

On December 17 President Bush signed into law the NationalIntelligence Reform Act of 2004. Among other things, the legislationwill require standardization of birth certificates and driver'slicenses for acceptance by federal agencies.

The law states that the Secretary of Health and Human Services willestablish minimum standards for birth certificates for use by federalagencies for official purposes, which may include the use of birthcertificates to establish identity for those applying for visas andregistering for social security benefits, Medicaid or Medicarecoverage, and Federal Emergency Management Agency assistance. TheSecretary is directed to establish requirements for proof andverification of identity as a condition of issuing a birthcertificate.

The law also requires the Secretary of Transportation to consult withthe Secretary of Homeland Security to establish standards for driver'slicenses and state identification documents that can be accepted byfederal agencies. The licenses and documents must include full legalname, date of birth, gender, drivers license or personalidentification card number, a digital photograph, residential address,
and signature.

The law also establishes standards for common machine-readableidentity information to be included on each driver's license orpersonal identification card, including defined minimum data elementswhich have yet to be outlined. Identification security standards arerequired to ensure that driver's licenses and personal identificationcards are resistant to tampering, alteration, or counterfeiting. Thecards must be capable of accommodating and ensuring the security of adigital photograph or other unique identifier. A state may confiscatea driver's license or personal identification card if any component orsecurity feature of the document is compromised.

The law notes the need to protect the privacy of individuals who applyfor and hold driver's licenses and personal identification cards, butdoes not charge an authority with the responsibility of safeguardingthe privacy of applicants.

In two years, no federal agency will accept a driver's license orpersonal identification card issued by a state unless the documentconforms to the federally established minimum standards.

National Intelligence Reform Act of 2004:


For more information about national identification, see EPIC'sNational ID Page:

For more information about driver privacy, see EPIC's Driver RecordsPage:

For more information about the 9/11 Commission's recommendations, seeEPIC's 9-11 Commission Report Page

[3] EPIC Seeks Investigation of ChoicePoint, Data Brokers

In a letter to the Federal Trade Commission, EPIC urged the agency toinvestigate the compilation and sale of personal dossiers by databrokers such as ChoicePoint. EPIC argued that the dossiers mayconstitute "consumer reports" for purposes of the Fair CreditReporting Act, thus subjecting both the information seller and thebuyer to regulation under the Act. Furthermore, EPIC argued that itis incumbent upon the Commission to analyze whether the sale of thesedossiers circumvents the Act, giving businesses, privateinvestigators, and law enforcement access to data that previously hadbeen subjected to Fair Information Practices.

ChoicePoint, a major information aggregator, is selling dossiers thatare used by law enforcement, government, and the private sector tomake important decisions about people. Some dossier products, such asthe company's AutoTrackXP report, are sold without complying with thesubstantive and procedural protections in the Fair Credit ReportingAct, a 1970 law that broadly regulates the compilation, use, anddissemination of "consumer reports."

AutoTrackXP reports contain Social Security Numbers; driver licensenumbers; address history; phone numbers; property ownership andtransfer records; vehicle, boat, and plane registrations; UniformCommercial Code filings; financial information such as bankruptcies,
liens, and judgments; professional licenses; business affiliations;
"other people who have used the same address of the subject,"
"possible licensed drivers at the subject's address," and informationabout the data subject's relatives and neighbors. They are similar inscope and in use to standard credit reports normally protected by theAct. By selling them without the Act's protections, ChoicePoint issubverting the policy goals of federal information privacy law.

EPIC argued that companies like ChoicePoint are returning people to apre-Fair Credit Reporting Act era, one marked by "unaccountable datacompanies that reported inaccurate, falsified, and irrelevantinformation on Americans, sometimes deliberately to drive up theprices of insurance or credit. For instance, erroneous ChoicePointdata sold without the FCRA's protections were relied upon in Floridato cleanse voting registration rolls of felons prior to the 2000election, resulting in the disenfranchisement of thousands of eligiblevoters."

EPIC's letter on ChoicePoint:

For more information about Choicepoint, see EPIC's ChoicePoint Page:

For more information about the Fair Credit Reporting Act, see EPIC'sFair Credit Reporting Act Page:

[4] Coalition Objects to Selective Service, University Data Matching

Privacy Journal, Consumer Action, Privacy Rights Now Coalition,
Privacy Rights Clearinghouse, American Association of UniversityProfessors, and the World Privacy Forum joined EPIC is opposing a newdata matching agreement between the Selective Service System and theDepartment of Education.

Under the matching agreement, the Selective Service proposed toautomatically match its registration records with a database offederal loan recipients held by the Department of Education. Thepurpose of the data match is to determine whether college anduniversity students who receive federal student loans have registeredfor the draft.

The groups wrote that the data matching program raises significantprivacy risks, as an unverified computer match may disrupt theacademic progress of a student. Furthermore, the matching programsuffered from a number of procedural shortcomings, and it is not incompliance with the privacy and security safeguards specified by theComputer Matching Amendments to the Privacy Act of 1974. The groupsrequested that the data matching system be suspended unless it can bebrought into full compliance with the Computer Matching and PrivacyActs.

Coalition letter to the Selective Service System on data matching:

For more information about education record privacy, see EPIC'sStudent Privacy Page:

[5] EPIC FOIA Request Shows Postal Machines Take and Store Photos

EPIC has obtained documents under the Freedom of Information Actshowing that the Postal Service's new self-service postage machinestake and retain portrait-style photographs of customers.

The Automated Postal Center kiosks allow people to mail letters orpackages, buy stamps, and look up information. One document obtainedby EPIC states that "[i]n order to augment security, a digitalphotograph will be necessary for some transactions." Another documentreads, "[c]amera required by FAA. Privacy Office is requiring a noticefor customers, advising that photograph may be taken during thetransaction."

According to the documents, the Automated Postal Center system"retains transaction data, application logs, user photographs, andalerts for a relatively short period of time." Photos of customersand machine servicers are retained for 30 days on a Windows XPplatform.

The system also retains credit card data, though it is unclear howlong such information is stored. One document states, "[n]o revenuetransactions shall be permitted to complete in the event the analysisof the photograph determines the photograph to be compromised."

The documents are available at:

For more information about postal privacy, see EPIC's Postal ServicePrivacy Page:

[6] News in Brief

Senator Bill Nelson (D-FL) has called upon the Federal TradeCommission to abandon a proposed loophole to the telemarketingDo-Not-Call Registry. The loophole would allow companies to sendrecorded messages to persons with whom they have done business. In aletter to the Commission, Nelson warned that the loophole threatens toerode consumer privacy and flood homes with unwanted messages. Thepublic is urged to comment on prerecorded telemarketing by January 10,

Senator Nelson's letter opposing the loophole to the Do-Not-CallRegistry:

Instructions on how to comment can be found on EPIC's TelemarketingPage:

For the second time in three months, EPIC has asked a federal courtfor an emergency court order to force the FBI to turn over informationabout the Terrorist Screening Database and how it will be used inSecure Flight. In October, EPIC sued the agency when it refused torecognize that EPIC was entitled to a quick release of the documents.
The FBI backed down and the case was dismissed, but the agency has notgiven EPIC the information.

EPIC's motion for preliminary injunction:

Under amendments to the Fair Credit Reporting Act, the threenationwide credit reporting agencies are required to operate a website to provide a free credit report once a year. However, shortlyafter the site went live on December 1, EPIC and other groupsdiscovered that the credit reporting agencies were blocking hyperlinksto the site, citing security concerns. EPIC and five privacy andconsumer groups called upon the Federal Trade Commission to halt theblocking.

The coalition letter argues that blocking links violates federalregulations, and that, "[w]hether intentional or not, every subtle andnot so subtle web design tactic has been employed to difficult to find and use." Blocking thelinks makes it difficult for search engines to locate the free site,
and keyword searches currently rank for-fee sites above the free one.
The free site also lacks HTML "meta" tags that are normally includedto describe a web site's content. Finally, the free site does notcomply with Section 508, making it unusable by people withdisabilities or people using text-only browsers.

Until the Commission takes action, EPIC has posted a webpage thatcircumvents the blocking.

Coalition letter on blocking links to the free credit report site:

Redirect to free credit report site:

Congress has passed the Intellectual Property Protection and CourtsAmendments Act of 2004, which includes the Fraudulent Online IdentitySanctions Act. The new law criminalizes any inaccurate informationprovided to a domain name registry if the web site is found toinfringe on a copyright. The Act amends the law to impose stiffcriminal penalties upon those who have provided "materially falsecontact information to a domain name registrar, domain name registry,
or other domain name registration authority." The Act will increaseprison sentences by up to seven years in criminal cases where someoneconvicted of a felony "knowingly registered" a domain name andknowingly used that domain in the offense. The issue at hand is theaccuracy of information in the WHOIS database, a public directory ofdomain registrant data available and searchable online. Currently,
registrants must enter information as personal as name, address,
telephone number, and email address in addition to all of thetechnical contact information, all of which can then be found on thepublic WHOIS database.

Intellectual Property Protection and Courts Amendments Act of 2004:

For more information about the WHOIS database, see EPIC's WHOIS page:

An unsigned report published by the Board of Governors of the Federal Reserve System argues that prescreened offers of credit should not be further restricted by privacy laws. Prescreened offers are invitations to credit cards and insurance products that are targeted to persons with specific credit histories. It is estimated that 5 billion offers are mailed every year. Current privacy law allows consumer to opt out of prescreened offers by calling 1-888-5OPTOUT.

The report is highly biased in favor of the credit card industry. For instance, the Federal Reserve obtained statistics from the credit industry that helped the agency conclude that no new privacy protections should be in place. At the same time, the Federal Reserve apparently did not seek out or acquire data that the credit industry maintains demonstrating the fraud and identity theft that results from prescreened offers.

Nevertheless, the report has interesting statistics on credit card marketing and opting out: 53% of new credit accounts are established through prescreened direct mail offers, 17% are acquired non-prescreened mail offers, and 8% come from prescreened telemarketing offers. 6% of consumers with credit reports have opted out of prescreened offers, and more would do so, if they knew of the opt out system. People with high credit limits, many credit cards,
and high credit scores are more likely to opt out than others. More than 99% of prescreened offers end up in the trash.

Federal Reserve report on prescreened offers of credit:
For more information about privacy of credit information, see EPIC'sFair Credit Reporting Act Page:

[7] EPIC Bookstore: 9/11 and Terrorist Travel

National Commission on Terrorist Attacks, 9/11 and Terrorist Travel: AStaff Report of the National Commission on Terrorist Attacks Upon theUnited States (Providence Publishing Corporation 2004).


"Before 19 hijackers could commit the terrorist attacks of September11, 2001, they passed through U.S. border security 68 times. In all,
they had 25 contacts with consular officers and 43 contacts withimmigration and customs authorities -- none of whom suspected theywere al Qaeda operatives.

"In the words of the 9/11 Commission's Executive Director, this staffreport "offered substantial information or analysis not wellrepresented in the Commission's report." Now for the first time inbook form, 9/11 and Terrorist Travel also includes full color digitalimages of the travel documents used by the 9/11 hijackers.

"The National Commission on Terrorist Attacks Upon the United Stateswas established by law in November 2002. Congress and President GeorgeW. Bush gave this independent, bipartisan Commission the mandate tostudy, evaluate, and report on "immigration, nonimmigrant visas andborder security" as these areas relate to 9/11.

"This report includes the complete 9/11 and Terrorist Travel monographproduced by the staff, including:

* A chronology of the 9/11 terrorist travel operation and the hijackers' contacts with U.S. border officials;

* Color reproductions of travel and identification documents used by the hijackers;

* Detailed descriptions of Al Qaeda travel tactics;

* Counterterrorism policies of the border security community prior to 9/11;

* Complete, highly descriptive endnotes; and
* Comprehensive appendices which include a detailed account of the Saudi flights, including the Bin Ladin flight, out of the U.S. after 9/11."

"FOIA 2004: Litigation Under the Federal Open Government Laws," HarryHammitt, David Sobel and Tiffany Stedman, editors (EPIC 2004). Price:

This is the standard reference work covering all aspects of theFreedom of Information Act, the Privacy Act, the Government in theSunshine Act, and the Federal Advisory Committee Act. The 22ndedition fully updates the manual that lawyers, journalists andresearchers have relied on for more than 25 years. For those wholitigate open government cases (or need to learn how to litigatethem), this is an essential reference manual.

"The Public Voice WSIS Sourcebook: Perspectives on the World Summit onthe Information Society" (EPIC 2004). Price: $40.

This resource promotes a dialogue on the issues, the outcomes, and theprocess of the World Summit on the Information Society (WSIS). Thisreference guide provides the official UN documents, regional andissue-oriented perspectives, as well as recommendations and proposalsfor future action, as well as a useful list of resources and contactsfor individuals and organizations that wish to become more involved inthe WSIS process.

"The Privacy Law Sourcebook 2003: United States Law, InternationalLaw, and Recent Developments," Marc Rotenberg, editor (EPIC 2003).
Price: $40.

The "Physicians Desk Reference of the privacy world." An invaluableresource for students, attorneys, researchers and journalists who needan up-to-date collection of U.S. and International privacy law, aswell as a comprehensive listing of privacy resources.

"Filters and Freedom 2.0: Free Speech Perspectives on Internet ContentControls" (EPIC 2001). Price: $20.

A collection of essays, studies, and critiques of Internet contentfiltering. These papers are instrumental in explaining why filteringthreatens free expression.

"The Consumer Law Sourcebook 2000: Electronic Commerce and the GlobalEconomy," Sarah Andrews, editor (EPIC 2000). Price: $40.
The Consumer Law Sourcebook provides a basic set of materials forconsumers, policy makers, practitioners and researchers who areinterested in the emerging field of electronic commerce. The focus ison framework legislation that articulates basic rights for consumersand the basic responsibilities for businesses in the online economy.

"Cryptography and Liberty 2000: An International Survey of EncryptionPolicy," Wayne Madsen and David Banisar, authors (EPIC 2000). Price:

EPIC's third survey of encryption policies around the world. Theresults indicate that the efforts to reduce export controls on strongencryption products have largely succeeded, although severalgovernments are gaining new powers to combat the perceived threats ofencryption to law enforcement.

EPIC publications and other books on privacy, open government, freeexpression, crypto and governance can be ordered at:

EPIC Bookstore

"EPIC Bookshelf" at Powell's Books target="new">

[8] Upcoming Conferences and Events

3rd Annual Digital Rights Management Conference 2005. Ministry ofScience and Research of the State Northrhine Westfalia, Germany.
January 13-24, 2005. Berlin, Germany. For more information:

12th Annual Network and Distributed System Security Symposium. TheInternet Society. February 3-4, 2005. San Diego, CA. For moreinformation: target="new">

14th Annual RSA Conference. RSA Security. February 14-18, 2005. SanFrancisco, CA. For more information:

The World Summit on the Information Society PrepCom 2. February17-25, 2005. Geneva, Switzerland. For more information:

3rd International Conference of Information Commissioners.
FederalInstitute of Access to Information. February 20-23, 2005.
Mexico. For more information:

The Concealed I: Anonymity, Identity, and the Prospect of Privacy. Onthe Identity Trail and the Law and Technology Program at theUniversity of Ottawa. March 4-5, 2005. Ottawa, Canada. For moreinformation: target="new">

O'Reilly Emerging Technology Conference. March 14-17, 2005. SanDiego, CA. For more Information:

7th International General Online Research Conference. GermanSociety for Online Research. March 22-23, 2005. Zurich, Switzerland.
For more information: target="new">

The 2005 Nonprofit Technology Conference. Nonprofit TechnologyEnterprise Network. March 23-25, 2005. Chicago, IL. For moreinformation: target="new">

Internet Corporation For Assigned Names and Numbers (ICANN) Meeting.
April 4-8, 2005. Mar del Plata, Argentina. For more information:

5th Annual Future of Music Policy Summit. Future of MusicCoalition. April 10-11, 2005. Washington DC. For more information:

CFP2005: Fifteenth Annual Conference on Computers, Freedom andPrivacy. April 12-15, 2005. Seattle, WA. For more information:

2005 IEEE Symposium on Security and Privacy. IEEE Computer SocietyTechnical Committee on Security and Privacy in cooperation with TheInternational Association for Cryptologic Research. May 8-11, 2005.
Berkeley, CA. For more information:

SEC2005: Security and Privacy in the Age of Ubiquitous Computing.
Technical Committee on Security & Protection in Information ProcessingSystems with the support of Information Processing Society of Japan.
May 30-June 1, 2005. Chiba, Japan. For more information:

Internet Corporation For Assigned Names and Numbers (ICANN) Meeting.
July 11-15, 2005. Luxembourg City, Luxenbourg. For more information:

3rd International Human.SocietyInternet Conference. July 27-29,
2005. Tokyo, Japan. For more information:

The World Summit on the Information Society. Government of Tunisia.
November 16-18, 2005. Tunis, Tunisia. For more information:

Internet Corporation For Assigned Names and Numbers (ICANN) Meeting.
November 30-December 4, 2005. Vancouver, Canada. For moreinformation: target="new">

Subscription Information

Subscribe/unsubscribe via web interface:


Back issues are available at:

The EPIC Alert displays best in a fixed-width font, such as Courier.

Privacy Policy

The EPIC Alert mailing list is used only to mail the EPIC Alert and tosend notices about EPIC activities. We do not sell, rent or share ourmailing list. We also intend to challenge any subpoena or other legalprocess seeking access to our mailing list. We do not enhance (linkto other databases) our mailing list or require your actual name.

In the event you wish to subscribe or unsubscribe your e-mail addressfrom this list, please follow the above instructions under"subscription information."

About EPIC

The Electronic Privacy Information Center is a public interestresearch center in Washington, DC. It was established in 1994 tofocus public attention on emerging privacy issues such as the ClipperChip, the Digital Telephony proposal, national ID cards, medicalrecord privacy, and the collection and sale of personal information.
EPIC publishes the EPIC Alert, pursues Freedom of Information Actlitigation, and conducts policy research. For more information, see or write EPIC,
1718 Connecticut Ave., NW, Suite200, Washington, DC 20009. +1 202 483 1140 (tel), +1 202 483 1248(fax).

If you'd like to support the work of the Electronic PrivacyInformation Center, contributions are welcome and fullytax-deductible. Checks should be made out to "EPIC" and sent to 1718Connecticut Ave., NW, Suite 200, Washington, DC 20009. Or you cancontribute online at:

Your contributions will help support Freedom of Information Act andFirst Amendment litigation, strong and effective advocacy for theright of privacy and efforts to oppose government regulation ofencryption and expanding wiretapping powers.

Thank you for your support.

END EPIC Alert 11.24


WorldLII: Copyright Policy | Disclaimers | Privacy Policy | Feedback