WorldLII Home | Databases | WorldLII | Search | Feedback

EPIC Alert
You are here:  WorldLII >> Databases >> EPIC Alert >> 2004 >> [2004] EPICAlert 5

Database Search | Name Search | Recent Articles | Noteup | LawCite | Help

EPIC Alert 11.05 [2004] EPICAlert 5







EPIC ALERT

Volume 11.05 March 9, 2004

Published by the Electronic Privacy Information Center (EPIC)
Washington, D.C.

http://www.epic.org/alert/EPIC_Alert_11.05.html
Table of Contents


[1] EPIC Files Brief in National DNA Database Case
[2] International Privacy Framework Almost Final
[3] EPIC Replies to Northwest's Defense of Privacy Policy Breach
[4] Electronic Voting Problems Plague Super Tuesday
[5] Gov't Seeks Public Comment on Important Privacy Regulations
[6] News in Brief
[7] EPIC Bookstore: Beyond Genetics
[8] Upcoming Conferences and Events

[1] EPIC Files Brief in National DNA Database Case

EPIC has filed an amicus brief in United States v. Kincade, a case inwhich a parolee is challenging a federal law that requires theproduction of a DNA sample for a national database operated by theDepartment of Justice. EPIC's brief agrees that a forced DNAextraction violates an individual's right against unlawful search andseizure in absence of suspicion that the individual has committedanother crime.

The DNA Analysis Backlog Elimination Act of 2000 provides that thegovernment may take DNA samples from individuals in federal custodyand parolees who have committed a qualifying offense. There is norequirement that the government take the DNA only in connection with aspecific criminal investigation, or that the government suspect thatthe individual will commit a crime in the future. Anyone failing tocooperate with the DNA extraction is guilty of a class A misdemeanorand may be imprisoned.

The DNA database, known as the Combined DNA Index System or CODIS,
includes DNA samples from persons convicted of crimes, crime victims,
and unknown DNA from crime scenes. It operates on federal, state andlocal levels. The government argues that the database is instrumentalin solving future crimes and DNA extractions are no more invasive thanfingerprinting.

EPIC's argument focuses on the false notion that DNA andfingerprinting involve the same privacy concerns. While a fingerprintmerely indicates whether an individual has been in a specificlocation, DNA can reveal health, gender, and familial information,
EPIC asserts. Furthermore, because members of the same family havesimilar DNA patterns, an individual's DNA profile may indirectlyimplicate a relative. Moreover, EPIC points out, there is no uniformstorage policy for DNA samples; rather, each state has a differentpolicy. Not only could samples end up in the hands of researchers,
but international cooperation among law enforcement agencies hasopened CODIS up to other governments.

After a three-judge panel sided with Mr. Kincade last year (2-1), thegovernment appealed and the Ninth Circuit granted a request for afull-panel rehearing of the case. Oral arguments will be heard by theappellate court in late March.

EPIC's amicus brief in United States v. Kincade:

http://www.epic.org/privacy/genetic/kincade_amicus.pdf

For more information about genetic privacy, see EPIC's Genetic PrivacyPage:

http://www.epic.org/privacy/genetic/


[2] International Privacy Framework Almost Final

The near final version of privacy guidelines was discussed at a recentmeeting of government representatives in the context of theAsia-Pacific Economic Cooperation (APEC). In 2003, the 21 countriescomposing APEC began drafting a privacy framework modeled after the1980 Organization for Economic Cooperation and Development (OECD)
Privacy Guidelines. The non-binding instrument is aimed atfacilitating the flows of individuals' personal information among APECmember states while protecting individuals' privacy interests. Itacknowledges the importance of privacy guidelines as a tool to promoteeffective information privacy protection together with the free flowof information in the Asia Pacific Region in order to improve consumerconfidence and ensure the growth of electronic commerce. Before therecent release, the process had been kept secret, limited toconsultations with government agencies, and in a few countries(including the United States), with business, legal professional andprivacy groups.

The APEC Privacy Framework acknowledges that it holds the potential toincrease the flow of personal information among APEC trading countriesif it can increase individuals' confidence in electronic commerce andin the international transfer of their personal information. Theinstrument recognizes that confidence could increase if individuals'
privacy interests are adequately protected. The current version ofthe Framework contains nine privacy principles (Preventing Harm;
Notice; Collection Limitation; Uses of Personal Information; Choice;
Integrity of Personal Information; Security Safeguards; Access andCorrection; and Accountability). While similar to the 1980 OECDPrivacy Guidelines, some of the principles further weaken them bydiluting the substance of individuals' privacy protections. As anexample, a new Preventing Harm Principle is treated as equal to otherprivacy principles even though its purpose might provide opportunitiesfor wholesale exemptions from the other principles. The Choice andNotice principles are similarly weakened by allowing companies not tonotify and provide for clear explanations to individuals about theircollection, use and disclosure practices when they use informationthat is publicly available about them. Although strong, the Accessand Correction Principle is nevertheless severely limited by anexemption that provides that information should not be disclosed dueto legal or commercial proprietary reasons, thereby leaving the dooropen to potential abuses. Some principles, however, go beyond theOECD Guidelines, as in the case of the Purpose Specification principle(called Uses of Personal Information in the APEC Framework).

Although non-binding, the instrument could serve as guidelines thatenable multinational companies which collect, process and disclosecustomers and consumers' personal information to develop and implementuniform internal mechanisms or codes of conduct to adequately protecttheir privacy. It could also foster the emergence of data protectionlaws in APEC countries without legal regimes in place. As such, thisdevelopment may constitute a significant step in the attempt by manycountries to develop new guidelines or laws to regulate internationaltransfers of personal information. It could also, however, triggerfuture trade disputes between APEC countries and the European Union ifboth economic entities' rules governing international data transferswere to diverge and therefore limit information flows or make themmore burdensome.

More consultations between governments and other stakeholders have totake place in the coming months on the final form of the Framework.
The public is therefore invited to comment on the current draft of theAPEC Privacy Framework. Any member of the public interested in havinga copy of the latest draft of the APEC Privacy Framework and in makingcomments can do so by e-mailing Ms. Arrow Augerot at the Department ofCommerce (arrow_augerotita.doc.gov).

More information about APEC meeting documents will soon be availableat:

http://www.export.gov/apececommerce/

For more information about international privacy, see EPIC'sInternational Privacy Standards Page:

http://www.epic.org/privacy/intl/


[3] EPIC Replies to Northwest's Defense of Privacy Policy Breach

EPIC has filed a reply to Northwest Airlines' attempt to justify itsdisclosure of millions of passenger records to the federal governmentin violation of the airline's publicly posted privacy policy, whichthe airline called "an appropriate instance of industry and governmentcooperation."

Northwest's defense came in response to a complaint EPIC filed inJanuary with the Department of Transportation arguing that the airlinecommitted an unfair and deceptive trade practice when it disclosedmillions of passenger records to the government. (See EPIC Alert11.02.) Northwest claimed that its disclosure was "entirelyappropriate" because September 11 diminished "whatever minimalexpectation of privacy in air travel [that] existed before."
Furthermore, Northwest argued, it did not violate any expressassurance made in its privacy policy, and so did not commit an unfairor deceptive trade practice.

EPIC's reply asserts that Northwest should not cite the events of 9/11as an excuse for being dishonest with passengers about what theairline does with their personal information. EPIC notes that theDepartment of Transportation has a responsibility to enforcerepresentations that airlines make to consumers regarding use ofpassengers' personal information, and has told the European Union thatit will exercise this enforcement authority aggressively.

EPIC emphasizes that Northwest assured consumers who provided personalinformation through the airline's website that they had "completecontrol" over the use of that information. At no time did Northwesttell passengers that it would disclose personal information to thegovernment without the knowledge or consent of those passengers,
despite the fact that the airline expressly and specifically disclosedother uses of passenger information in its privacy policy.
Furthermore, after it came to light that JetBlue Airways disclosedpassenger information to a Defense Department contractor, a spokesmanfor Northwest and the airline's CEO assured the public that Northwestwould not make such disclosures. For these reasons, EPIC argues, theTransportation Department should investigate the airline's privacypractices and impose appropriate penalties for unfair and deceptivetrade practices.

EPIC's Reply:

http://www.epic.org/privacy/airtravel/nwa_reply.pdf

Northwest's Answer:

http://www.epic.org/privacy/airtravel/nwa_answer.pdf

EPIC's Complaint to the Department of Transportation:

http://www.epic.org/privacy/airtravel/nwa_comp.pdf

For more information about air travel privacy, see EPIC's PassengerProfiling Page:

http://www.epic.org/privacy/airtravel/profiling.html


[4] Electronic Voting Problems Plague Super Tuesday

Early post-March 2 primary election reports offered positive feedbackon the functioning of electronic voting technology with only briefmentions of "glitches." However, later reports detailed problems withelectronic voting technology including, but not limited to,
malfunctions in booting up machines; system server card failures thatresulted in hours of delays in getting final vote totals; problems inprogramming the smart cards used by voters to cast their ballots; andpower fluctuations that caused mechanical malfunctions in electronicvoting machines. The reports from Super Tuesday are consistent withreports on the use of electronic voting technology from the 2002primary election season.

In Orange County, CA, approximately 7,000 voters where given incorrectcomputer access codes by poll workers unfamiliar with how thedistrict's electronic voting technology worked, resulting in votersreceiving wrong ballots. Voting technology in some Orange Countyprecincts recorded more votes than voters, and other precinctsreported lower voter turnouts than usual. As a result of theseproblems, five of the county's six congressional races, four of itsfive state Senate elections and five of its nine Assembly contestswere affected. Voting delays in Alameda and San Diego countiesprompted the San Diego and Imperial Counties' chapter of the AmericanCivil Liberties Union to request a review by a panel of experts,
community leaders, and county elections administrators of problemswith electronic voting technology experienced in their localities.

Other states also encountered complications with electronic votingtechnology. In Maryland, one polling place switched to paper ballotswhen its new electronic voting machines did not work. Paper ballotsalso came in handy at a Georgia polling place when it was discoveredthat county officials had forgotten to program the encoding devicesused to program access cards used by voters to cast ballots.

These descriptions of problems with electronic voting machines raisequestions about how the technology passed federal and statecertification. The machines used in the Super Tuesday elections didpass one or more technical accreditation processes required by oldfederal and state review statutes. These same machines were laterfound to have serious security flaws by several independent securityreviews.

The Help America Vote Act, passed in 2002, was enacted to resolve manyproblems highlighted by the 2000 Florida General Election, one ofwhich is the technical review of voting machines. The law places thedevelopment of standards for electronic voting technology under thedirection of the new U.S. Elections Assistance Commission. The lawalso designates the National Institute of Standards and Technology,
under the direction of the new commission, to lead the effort toprovide tighter security review and standards development for themanufacture and acquisition of electronic voting technology for use inelections. The institute, which has a long history in standards work,
was designated to assist in developing tighter security standard forvoting technology used in U.S. elections. However, it received nofunding in the 2004 fiscal year for work on electronic voting securityand standards development.

For more information about electronic voting, see EPIC's Voting Page:

http://www.epic.org/privacy/voting/

National Committee for Voting Integrity:

http://www.votingintegrity.org/

California voters on their Election Day experience:

http://www.calvoter.org/news/blog/index.html

The Help America Vote Act is available at:

http://www.fec.gov/hava/hava.htm

Verifiedvoting.org:

http://www.verifiedvoting.org/newsfeed.asp


[5] Gov't Seeks Public Comment on Important Privacy Regulations

Federal government agencies are soliciting public comment on a numberof important privacy issues. The Federal Trade Commission hasannounced a workshop on "Monitoring Software on Your PC: Spyware,
Adware, and Other Software," to be held on April 19, 2004. Any memberof the public may submit comments on these technologies by sendinge-mail to spywareworkshop2004ftc.gov by March 19, 2004. Separately,
legislation to limit spyware has been introduced in the Senate bySenators Burns (R-MT), Wyden (D-OR) and Boxer (D-CA). In the House,
Representatives Bono (D-CA) and Towns (D-NY) have been perfecting H.R.
2929, the Safeguard Against Privacy Invasions Act.

Several agencies are soliciting comments on "short privacy notices"
under the Gramm-Leach-Bliley Act. These are alternative notices thatseek to inform individuals of financial services institutions' privacypolicies in plain language. The agencies are primarily consideringwhether to develop a model short notice for financial servicesinstitutions to use. Any member of the public may submit comments onproposed form or content of these short notices by sending e-mail toregs.commentsocc.treas.gov by March 29, 2004.

The Department of the Treasury is seeking public comment on the use ofbiometrics to combat identity theft. EPIC testified before Congressin July 2002 that biometrics would not solve the identity theftproblem, and would pose new security and privacy risks. EPIC furthercommented that less invasive and costly policy alternatives, includinglimiting the use of the Social Security Number, could combat identitytheft effectively. Any member of the public may submit comments bysending e-mail to factabiometricstudydo.treas.gov by April 1, 2004.

FTC Public Workshop: Monitoring Software on Your PC: Spyware, Adware,
and Other Software:

http://www.epic.org/redirect/workshop.html

S. 2145, Software Principles Yielding Better Levels of ConsumerKnowledge Act:

http://thomas.loc.gov/cgi-bin/bdquery/z?d108:s.02145:

H.R. 2929, Safeguard Against Privacy Invasions Act:

http://thomas.loc.gov/cgi-bin/bdquery/z?d108:h.r.02929:

Interagency Proposal to Consider Alternative Forms of Privacy NoticesUnder the Gramm-Leach-Bliley Act:

http://www.epic.org/redirect/notices.html

Public Comment on Formulating and Conducting a Study on the Use ofBiometrics and Other Similar Technologies to Combat Identity Theft:

http://www.epic.org/redirect/biometrics.html

EPIC's Testimony on Biometrics and Identity Theft is available at:

http://www.epic.org/privacy/biometrics/testimony_071802.html


[6] News in Brief

EPIC SUPPORTS IPv6 DEPLOYMENT
On March 8, EPIC filed comments with the U.S. Department of Commerce,
urging the deployment and use of strong privacy protectingtechnologies in IPv6. IPv6 is the protocol that is designed toreplace the current network protocol in use on the Internet. IPv6also promises to extend the Internet into more areas, through supportfor mobile devices. Because of this potential new reach of theInternet and vulnerabilities in the existing protocol, the IPv6protocol includes privacy and security enhancing features such asencryption. EPIC recommended that all IPv6 vendors incorporate suchprivacy protections as standard. EPIC also said that the privacy andsecurity features within IPv6 should not be compromised withvulnerabilities by the application of the Communications Assistance toLaw Enforcement Act which would threaten both the security of networkcommunications and the stability of the network architecture.

EPIC Comments on IPv6:

http://www.epic.org/privacy/internet/PIv6_comments.pdf

NTIA Request for Comments on IPv6:

http://www.ntia.doc.gov/ntiahome/frnotices/2004/IPv6RFCFinal.htm

EPIC LAUNCHES DIPLOMATIC COMMUNICATIONS PAGE
EPIC has added a webpage on privacy of diplomatic communications toits website. The page was created in response to the recentrevelation that United Nations Secretary General Kofi Annan'stelephone communications and private conversations were bugged by theU.S. National Security Agency and the British GovernmentCommunications Headquarters. Other United Nations officials, as wellas ambassadors to the United Nations, have reported similareavesdropping by American and British intelligence agencies againstthem and their countries.

EPIC's new Diplomatic Communications Page is available at:

http://www.epic.org/privacy/wiretap/diplomatic.html

EPIC JOINS COALITION URGING REJECTION OF EU IP ENFORCEMENT DIRECTIVE
EPIC has joined an international coalition of civil liberties andconsumer groups to oppose the European Union Intellectual PropertyRights Enforcement Directive. The directive would create a new "Rightof Information" that allows rightsholders to obtain personalinformation on users of P2P file-sharing software, possibly withoutjudicial review. The proposal would require Internet ServiceProviders, phone and cable companies, and other third partyintermediaries to turn over personal information about theircustomers, even before there has been a finding of intellectualproperty infringement or an opportunity for the customer to be heard.
The Directive has been rushed through public debate and was sent tothe European Parliament without adequate opportunity for comments fromthe public and stakeholders. The coalition's call for action urgesthe directive proposal to go through a "Second Reading" procedurewhere its provisions can be publicly considered.

European Digital Rights (EDRi) Press Release on the Coalition:

http://www.edri.org/cgi-bin/index?funktion=view&id=000100000134

ACXIOM EXPANDS INTERNATIONAL DATA ACCESS
The Wall Street Journal reported last week that information brokerAcxiom has acquired a number of international data companies. Acxiomagreed to buy consumer lifestyle database operations covering England,
France, Spain and Germany from Seat Pagine Gialle SpA for $37.5million. Earlier in the year, Acxiom acquired the "Claritas marketinginformation operations based in England, France, Germany, TheNetherlands, Spain, Portugal and Poland, from Dutch marketing andmedia research giant VNU NV." The purchases raise the risk thatAcxiom could become a major provider of international data to thegovernment. Last month, EPIC acquired a document under the Freedom ofInformation Act from the Department of Defense office that wascreating "Total Information Awareness" (see EPIC Alert 11.03). Itread in part: "Ultimately, the US may need huge databases ofcommercial transactions that cover the world or certain areas outsidethe US. This information provides economic utility, and thus providestwo reasons why foreign countries would be interested. Acxiom couldbuild this mega-scale database."

Wall Street Journal Article on Acxiom:

http://online.wsj.com/article/0,,BT_CO_20040301_004351,00.html

DARPA E-mail obtained by EPIC under the Freedom of Information Act:

http://www.epic.org/privacy/profiling/tia/darpaacxiom.pdf

METRO AG SCALES BACK TRACKING TECHNOLOGY
Reeling from an onslaught of criticism by privacy groups, the Germancompany Metro AG is scaling back its ambitious plans to start usingradio frequency identification chips in various aspects of its ExtraFuture Store. The Extra Future Store is an initiative by a consortiumof technology providers and the food giant. It was fashioned to testthe latest technology in the retail environment. The supermarket hadhoped to use the tracking system to verify ages of customers so thatDVD trailers could be tailored accordingly.

Metro Group Future Store Initiative:

http://www.future-store.org

For more information about radio frequency identification systems, seeEPIC's RFID Page:

http://www.epic.org/privacy/rfid

GENERAL ACCOUNTING OFFICE REPORTS ON FOIA
The General Accounting Office has released a report evaluating trendsin annual Freedom of Information Act reports issued by 25 agenciesfrom 2000 to 2002. Congress' investigative office found that from2000 to 2002, the agencies received and processed an increasing numberof FOIA requests, granted or partially granted a greater number ofrequests each year, and decreased backlogs of requests remaining atthe end of each year. The report also showed that the number of FOIArequests denied decreased drastically between 2001 and 2002. Nineteenagencies reported processing expedited requests between 2000 and 2002.
The report noted that the Department of Justice took more than 100days to process some "expedited" requests during each of the threeyears examined.

General Accounting Office, Information Management: Update on Freedomof Information Act Implementation Status (February 2004):

http://www.gao.gov/cgi-bin/getrpt?GAO-04-257.pdf

Highlights of the Report:

http://www.gao.gov/highlights/d04257high.pdf


[7] EPIC Bookstore: Beyond Genetics

Beyond Genetics: Putting the Power of DNA to Work In Your Life, byGlenn McGee (William Morrow, 2003).

http://www.powells.com/cgi-bin/biblio?inkey=8-0060008008-0

DNA technology will transform our lives in the 21st Century the waycomputer technology transformed lives in the 20th Century, assertsProfessor Glenn McGee, Associate Director for Education at the Centerfor Bioethics at the University of Pennsylvania Medical School. Inhis vision of the future, "it is likely that within three years I canhave a portable DNA representation of 'me.' The digitization of mygenes will do for genetics what the digitization of music did forentertainment. I will be able to e-mail my genes, to sell them oneBay, to use them as the basis for art and to have them analyzed onthe fly on my PalmPilot. The potential for portable, wireless,
commodified genomic information is staggering, and the ethicalimplications cry out for discussion in a public forum."

Professor McGee's book, Beyond Genetics, explores profound ethical andphilosophical questions raised by advances in genetics. Should wetake a particular genetic test when genetic testing becomes moreaccurate, less expensive and more accessible? How much should we tellothers about our genes? Can we tell the difference between genetherapy that might be helpful and gene research that might do moreharm than good? Should we risk eating genetically modified food orinsist on food that has been produced by traditional means? Shouldcompanies be permitted to patent, buy and sell our personal geneticinformation? Should we plan our future or our children's future basedon genetic potential? To what extent should we be able to control thegenetic characteristics of our unborn children?

Most ethical questions in genetics involve privacy issues. Genetictests provide information not only about the individual being tested,
but also about the individual's biological relatives, who may feelthat their privacy is being violated. Telling others about one'sgenes involves disclosure of highly personal information withconsequences that may not be predictable. Research that might resultin better drugs or more effective therapies involves large geneticdatabases that link genetic information with medical histories andlifestyle information, creating a possibility of detailed individualprofiles. Using drugs designed for our specific gene set may resultin disclosing not only the condition for which the drug is being used,
but other predispositions and characteristics responsible for ourchoice of that particular drug.

The issues are complicated because science is ahead of our thinkingabout its legal and ethical implications. For example, learnedcommissions in different countries have recommended that DNA databanksshould be specially regulated, at least in part because of the concernabout the violations of individual privacy that might result fromunauthorized access to genetic material. Yet blood and tissue banksthat can serve as sources for DNA have existed for decades andcontinue to exist without being clouded by such worries. According toProfessor McGee, commissions, public hearings and "expert genetics"
show society's failure to acknowledge that biotechnology has alreadyshifted from basic science to a commercial undertaking and thatcompanies will to a large extent control future development ofbiotechnology. According to him, the next generation of young peoplewill be as comfortable with "geneware" -- software and hardware tomanipulate DNA -- as today's young people are with computer technologyand will see many of today's concerns as a reflection of our fear ofwhat we do not understand.

The parallel between genetics and computer technology provides apicture of future genetic privacy that is not reassuring. We are onlynow beginning to realize the full implications of large computerizeddatabases of personal information collected by private companieswithout regulation. These companies claim to own information about usand claim the right to analyze, sell and use that information withoutour knowledge and often for purposes we do not approve. Is thisreally how we want our genetic future to look? As Professor McGeepoints out, ethical and moral implications of genetic technology cryout for discussion in a public forum. Privacy implications of genetictechnology should be a major topic of such discussions. BeyondGenetics provides an interesting, if sometimes irreverent,
contribution to this debate.

-- Anna Slomovic

EPIC Publications:

"The Privacy Law Sourcebook 2003: United States Law, InternationalLaw, and Recent Developments," Marc Rotenberg, editor (EPIC 2003).
Price: $40. http://www.epic.org/bookstore/pls2003/

The "Physicians Desk Reference of the privacy world." An invaluableresource for students, attorneys, researchers and journalists who needan up-to-date collection of U.S. and International privacy law, aswell as a comprehensive listing of privacy resources.


"FOIA 2002: Litigation Under the Federal Open Government Laws," HarryHammitt, David Sobel and Mark Zaid, editors (EPIC 2002). Price: $40.
http://www.epic.org/bookstore/foia2002/

This is the standard reference work covering all aspects of theFreedom of Information Act, the Privacy Act, the Government in theSunshine Act, and the Federal Advisory Committee Act. The 21stedition fully updates the manual that lawyers, journalists andresearchers have relied on for more than 25 years. For those wholitigate open government cases (or need to learn how to litigatethem), this is an essential reference manual.


"Privacy & Human Rights 2003: An International Survey of Privacy Lawsand Developments" (EPIC 2002). Price: $35.
http://www.epic.org/bookstore/phr2003/

This survey, by EPIC and Privacy International, reviews the state ofprivacy in over fifty-five countries around the world. The surveyexamines a wide range of privacy issues including data protection,
passenger profiling, genetic databases, video surveillance, ID systemsand freedom of information laws.


"Filters and Freedom 2.0: Free Speech Perspectives on Internet ContentControls" (EPIC 2001). Price: $20.
http://www.epic.org/bookstore/filters2.0/

A collection of essays, studies, and critiques of Internet contentfiltering. These papers are instrumental in explaining why filteringthreatens free expression.


"The Consumer Law Sourcebook 2000: Electronic Commerce and the GlobalEconomy," Sarah Andrews, editor (EPIC 2000). Price: $40.
http://www.epic.org/cls/

The Consumer Law Sourcebook provides a basic set of materials forconsumers, policy makers, practitioners and researchers who areinterested in the emerging field of electronic commerce. The focus ison framework legislation that articulates basic rights for consumersand the basic responsibilities for businesses in the online economy.


"Cryptography and Liberty 2000: An International Survey of EncryptionPolicy," Wayne Madsen and David Banisar, authors (EPIC 2000). Price:
$20. http://www.epic.org/bookstore/crypto00&/

EPIC's third survey of encryption policies around the world. Theresults indicate that the efforts to reduce export controls on strongencryption products have largely succeeded, although severalgovernments are gaining new powers to combat the perceived threats ofencryption to law enforcement.


EPIC publications and other books on privacy, open government, freeexpression, crypto and governance can be ordered at:

EPIC Bookstore
http://www.epic.org/bookstore/

"EPIC Bookshelf" at Powell's Books http://www.powells.com/features/epic/epic.html


[8] Upcoming Conferences and Events

Securing Privacy in the Internet Age. Stanford Law School. March13-14, 2004. Palo Alto, CA. For more information:
http://cyberlaw.stanford.edu/privacysymposium.

DIMACS/PORTIA Workshop on Privacy-Preserving Data Mining. Center forDiscrete Mathematics & Theoretical Computer Science and the PORTIAProject. Piscataway, NJ. March 15-16, 2004. For more information:
http://dimacs.rutgers.edu/Workshops/Privacy/.

Sixth Annual National Freedom of Information Day Conference. FirstAmendment Center, in cooperation with the American LibraryAssociation. March 16, 2004. Arlington, VA. E-mailfoidayconferencefreedomforum.org.

Internet Commons Congress. Inflexion Communications and New Yorkersfor Fair Use. March 24-25, 2004. Washington, DC. For moreinformation: http://www.internationalunity.org.

FRAMED!! How Law Constructs and Constrains Culture. The Center forthe Study of the Public Domain at Duke Law School. April 2, 2004.
Durham, NC. For more information:
http://www.law.duke.edu/cspd/framed.pdfhttp://www.internationalunity.org.

Debate on Domestic Spying with EPIC's Marc Rotenberg and Former DeputyAttorney General Victoria Toensing. Justice Talking. April 12, 2004.
Philadelphia, PA. For more information:
http://www.justicetalking.org.

Workshop: Monitoring Software on Your PC: Spyware, Adware, and OtherSoftware. Federal Trade Commission. April 19, 2004. Washington, DC.
For more information: http://www.ftc.gov/opa/2004/02/spyware.htm.

CFP2004: 14th Annual Conference on Computers, Freedom, and Privacy.
Association for Computing Machinery (ACM). April 20-23, 2004.
Berkeley, CA. For more information: http://www.cfp2004.org.

29th Annual AAAS Colloquium on Science and Technology Policy.
American Association for the Advancement of Science. April 22-23,
2004. Washington, DC. For more information:
http://www.aaas.org/spp/rd/colloqu.htm

2004 IEEE Symposium on Security and Privacy. IEEE Computer SocietyTechnical Committee on Security and Privacy, in cooperation with theInternational Association for Cryptologic Research (IACR). May 9-12,
2004. Oakland, CA. For more information:
http://www.cs.berkeley.edu/~daw/oakland04-cfp.html.

International Conference on Data Privacy and Security in a GlobalSociety. Wessex Institute. May 11-13, 2004. Skiathos, Greece. Formore information:
http://www.wessex.ac.uk/conferences/2004/datasecurity04/index.html.

The Third Annual Workshop on Economics and Information Security.
University of Minnesota Digital Technology Center. May 13-14, 2004.
Minneapolis, MN. For more information:
http://www.dtc.umn.edu/weis2004.

Workshop on Privacy Enhancing Technologies. University of Toronto.
May 26-28, 2004. Toronto, Canada. For more information:
http://petworkshop.org/2004.

RSA Conference 2004. RSA Security. May 31-June 1, 2004. Tokyo,
Japan. For more information:
http://www.medialive.jp/events/rsa2004/eng/default.html.

Fifth Annual Institute on Privacy Law: New Developments & ComplianceIssues in a Security-Conscious World. Practising Law Institute. June7-8, 2004. San Francisco, CA. For more information:
http://www.pli.edu.

TRUSTe Symposium: Privacy Futures. June 9-11, 2004. InternationalAssociation of Privacy Professionals. San Francisco, CA. For moreinformation: http://www.privacyfutures.org.

Access & Privacy Conference 2004: Sorting It Out. Government Studies,
Faculty of Extension. June 10-11, 2004. University of Alberta.
Edmonton, Alberta, Canada. For more information:
http://www.govsource.net/programs/iapp/conference/main.nclk.

13th Annual CTCNet Conference: Building Connected Communities: ThePower of People & Technology. June 11-13, 2004. Seattle, Washington.
For more information: http://www2.ctcnet.org/conf/2004/session.asp.

Fifth Annual Institute on Privacy Law: New Developments & ComplianceIssues in a Security-Conscious World. Practising Law Institute. June21-22, 2004. New York, NY. For more information: http://www.pli.edu.

PORTIA Workshop on Sensitive Data in Medical, Financial, andContent-Distribution Systems. PORTIA Project. July 8-9, 2004.
Stanford, CA. For more information:
http://crypto.stanford.edu/portia/workshop.html.

O'Reilly Open Source Convention. July 26-30, 2004. Portland, OR. Formore information: http://conferences.oreilly.com/oscon.

First Conference on Email and Anti-Spam. American Association forArtificial Intelligence and IEEE Technical Committee on Security andPrivacy. July 30-31, 2004. Mountain View, CA. For more information:
http://www.ceas.cc.

Crypto 2004: The Twenty-Fourth Annual IACR Crypto Conference.
International Association for Cryptologic Research, IEEE ComputerSociety Technical Committee on Security and Privacy, and the ComputerScience Department of the University of California, Santa Barbara.
Santa Barbara, CA. August 15-19, 2004. For more information:
http://www.iacr.org/conferences/crypto2004.

The Right to Personal Data Protection -- the Right to Dignity. 26thInternational Conference on Data Protection and Privacy Commissioners.
September 14-16, 2004. Wroclaw, Poland. For more information:
http://www.giodo.gov.pl/252/j/en/.

2004 Telecommunications Policy Research Conference. National Centerfor Technology & Law, George Mason University School of Law. October1-3, 2004. Arlington, VA. For more information:
http://www.tprc.org/TPRC04/call04.htm.

Subscription Information

Subscribe/unsubscribe via Web interface:

http://mailman.epic.org/cgi-bin/mailman/listinfo/epic_news

Back issues are available at:

http://www.epic.org/alert/

The EPIC Alert displays best in a fixed-width font, such as Courier.

Privacy Policy

The EPIC Alert mailing list is used only to mail the EPIC Alert and tosend notices about EPIC activities. We do not sell, rent or share ourmailing list. We also intend to challenge any subpoena or other legalprocess seeking access to our mailing list. We do not enhance (linkto other databases) our mailing list or require your actual name.

In the event you wish to subscribe or unsubscribe your e-mail addressfrom this list, please follow the above instructions under"subscription information". Please contact infoepic.org if you wouldlike to change your subscription e-mail address, if you areexperiencing subscription/unsubscription problems, or if you have anyother questions.

About EPIC

The Electronic Privacy Information Center is a public interestresearch center in Washington, DC. It was established in 1994 tofocus public attention on emerging privacy issues such as the ClipperChip, the Digital Telephony proposal, national ID cards, medicalrecord privacy, and the collection and sale of personal information.
EPIC publishes the EPIC Alert, pursues Freedom of Information Actlitigation, and conducts policy research. For more information,
e-mail infoepic.org, http://www.epic.org or write EPIC, 1718Connecticut Ave., NW, Suite 200, Washington, DC 20009. +1 202 483 1140(tel), +1 202 483 1248 (fax).

If you'd like to support the work of the Electronic PrivacyInformation Center, contributions are welcome and fullytax-deductible. Checks should be made out to "EPIC" and sent to 1718Connecticut Ave., NW, Suite 200, Washington, DC 20009. Or you cancontribute online at:

http://www.epic.org/donate/

Your contributions will help support Freedom of Information Act andFirst Amendment litigation, strong and effective advocacy for theright of privacy and efforts to oppose government regulation ofencryption and expanding wiretapping powers.

Thank you for your support.

END EPIC Alert 11.05

.

WorldLII: Copyright Policy | Disclaimers | Privacy Policy | Feedback
URL: http://www.worldlii.org/int/journals/EPICAlert/2004/5.html