WorldLII Home | Databases | WorldLII | Search | Feedback

EPIC Alert

You are here:  WorldLII >> Databases >> EPIC Alert >> 2005 >> [2005] EPICAlert 10

Database Search | Name Search | Recent Articles | Noteup | LawCite | Help

EPIC Alert 12.09 [2005] EPICAlert 10


Volume 12.09 May 5, 2005

Published by the Electronic Privacy Information Center (EPIC)
Washington, D.C.

Table of Contents

[1] Congress May Pass Flawed ID Bill Without a Hearing
[2] Annual Reports Show Government Surveillance at an All-Time High
[3] U.S. Revises RFID Passport Proposal Amid Storm of Criticism
[4] EPIC Testifies About Risks of Voter Registration Databases
[5] Spotlight: Federal Grants Fund Surveillance Cameras in Cities
[6] News in Brief
[7] EPIC Bookstore: Judith Collins: Prevent Identify Theft in Business
[8] Upcoming Conferences and Events

[1] Congress May Pass Flawed ID Bill Without a Hearing

A bit of last-minute maneuvering is taking place in Washington asbackers of the REAL ID Act seek to attach the controversial proposal tounrelated legislation, hoping to avoid a public hearing on the nationalID plan. Republican and Democratic lawmakers in the Senate have urgedSen. Bill Frist to allow hearings on the bill and to permit a separatevote on the measure.

The REAL ID Act would mandate federal identification standards andrequire state DMVs to collect sensitive personal information. Sen.
Richard Durbin also expressed concern REAL ID would repeal earlierlegislation that contained "carefully crafted language - bipartisanlanguage - to establish standards for States issuing driver's licenses."

The proposal comes just weeks after the State Department backed off aflawed plan to require RFID chips in hi-tech electronic passports.
Security experts found significant weaknesses in the plan that wouldhave made it easy for identity thieves and those targeting Americancitizens traveling abroad to capture sensitive personal information.
Real ID would require state DMVs to collect similar data at the sametime that the states motor vehicle agencies have become the target ofidentity thieves.

In recent months three state DMVs have been penetratedby identity thieves. In March, burglars rammed a vehicle through a backwall at a DMV near Las Vegas and drove off with files, including SocialSecurity numbers, on about 9,000 people. Last week Florida policearrested 52 people, including 3 DMV examiners, in a scheme that soldmore than 2,000 fake driver's licenses. Two weeks ago Maryland policearrested three people, including a DMW worker, in a plot to sell about150 fake licenses.

The American Association of Motor Vehicle Administrators is opposed tothe REAL ID plan. The National Governors Association, the NationalConference of State Legislatures, the Council of State Governments, andmany others also oppose the proposal.

EPIC's National ID Cards page:

Text of H.R. 418, the Real ID Act:

Text of Senate floor speech made by Sen. Richard Durbin (D-IL) on April20, 2005:

Letter from Bipartisan Senate Coalition on Need for Hearing:

Schneier on Security, RFID Passports:

EPIC's RFID page:

"Authorities warn of consequences of DMV break-in" Las VegasReview-Journal, March 9, 2005:

[2] Annual Reports Show Government Surveillance at an All-Time High

Two annual reports recently released by government agencies show thatsurveillance activity conducted by the United States has continued torise dramatically since the 9/11 terrorist attacks, reaching an all-timehigh in 2004.

A report issued by the Administration Office of the United States Courtsshows that state and federal courts authorized 1,710 interceptions ofwire, oral, and electronic communications in 2004, an increase of 19percent over intercepts approved in 2003 and the greatest number everauthorized in a single year. Federal officials requested 730 interceptapplications in 2004, a 26 percent increase over the number requested in2003. No wiretap applications were denied last year.

According to the Department of Justice's 2004 Foreign IntelligenceSurveillance Act Annual Report, the Foreign Intelligence SurveillanceCourt granted 1,758 applications for secret surveillance in 2004, morethan in any previous year. The years 2003 and 2004 are the only onessince FISA's 1978 passage that more secret surveillance applicationswere granted than federal wiretap warrants, which are issued only undera more stringent legal standard.

In related news, EPIC filed a complaint this week asking a federal courtto force the FBI to disclose data about its use of expanded surveillanceauthority under sunsetting provisions of the USA PATRIOT Act. In April,the agency agreed to quickly process EPIC's Freedom of Information Actrequest for the information, but has not complied with the timeline foreven a standard FOIA request. The lawsuit comes amid numerouscongressional hearings reviewing controversial sections of the USAPATRIOT Act. Many of these provisions will expire at the end of the yearunless the administration makes the case for renewal.

2004 Wiretap Report:

2004 Foreign Intelligence Surveillance Act Annual Report (pdf):

EPIC's Wiretap Page:



EPIC's USA PATRIOT Act Sunset Page:

[3] U.S. Revises RFID Passport Proposal Amid Storm of Criticism

The State Department is reassessing its plans to use passports withunencrypted Radio Frequency Identification (RFID) chips in response tocriticism from EPIC, other civil liberties groups, privacy and securityexperts, and the travel industry. The proposal would have made personaldata contained in hi-tech passports vulnerable to unauthorized access.

The new passports will be delayed so that the State Department canaddress the important privacy and security risks of "skimming" and"eavesdropping." Skimming occurs when information from an RFID chip issurreptitiously gathered by an unauthorized individual. Eavesdroppingoccurs when an individual intercepts passport data as it is read by anauthorized RFID reader. Tests have shown that the passports' RFID chipscan be read from two feet or more, posing a significant risk ofunauthorized access.

The State Department is seeking to protect the information by coveringthe passport booklet with metal threads to hamper data reading when thebooklet is not opened. The government is also reconsidering the use ofstandards from the International Civil Aviation Organization that it hadrejected earlier, which would secure the data by encrypting it. Thesestandards would not allow scanning at a distance until the passport hasfirst been optically scanned by a customs agent. With these proposedchanges, the main justification that the State Department used topromote the use of RFID technology - to save time at Customs bydistance scanning with no physical contact required - is invalidated.

EPIC and other civil liberties groups filed comments last month urgingthe State Department to abandon its plans to require RFID-enabledpassports for American travelers. The comments stated that the proposallacked evidence to support that RFID-enabled passports are necessary orthat their benefits outweigh the security risks inherent in having thedata in a contactless and unencrypted format. Most of these critiquesare still relevant today despite the solution proposed.

EPIC, EFF et al, Comments on RFID passports (pdf):

EPIC's RFID page:

[4] EPIC Testifies About Risks of Voter Registration Databases

Lillie Coney, EPIC Associate Director, testified before the U.S.
Election Assistance Commission (EAC) regarding the promulgation ofvoluntary guidelines to states on compliance with Section 303(a) of theHelp American Vote Act (HAVA). This Section of HAVA requires all statesto develop and maintain a single, uniform, centralized, interactivecomputerized statewide voter registration list by Jan. 1, 2006. Thislist must contain the name and registration information of everyregistered voter in the state.

Ms. Coney testified that policymakers, the public, and the media shouldcarefully investigate the risks associated with this proposal. Ms. Coneystressed that the states' centralization process should be transparentto the public. She urged strong privacy safeguards for voterinformation.

EPIC's open government work has revealed that state and localgovernments have relied heavily on the claims of vendors in theirdecisions to adopt e-voting technology, at times to the detriment ofvoters. In Ohio, documents obtained by EPIC revealed that Diebold misledstate officials about the capability of its voting machines.

Ms. Coney highlighted concerns about the use of private companies tobuild centralized voter registration databases. Florida, Pennsylvania,Colorado, Wisconsin, and Wyoming have hired information managementcompany Accenture to assist in developing their databases. Accenture isthe company responsible for creating an error-prone felon purge list forFlorida in 2004. Accenture had wrongly included 2,119 names among thoseslated for removal from Florida's voter registration rolls.

The EAC will continue to hear public comments on the draft VoluntaryPolicy Guidance for Implementation of Statewide Voter Registration Listsuntil May 25.

EPIC Testimony Before the EAC:

EPIC's Voter Registration page:

EAC Proposed Voluntary Guidance on Implementation of Statewide VoterRegistration Lists (pdf):

EAC site:

[5] Spotlight: Federal Grants Fund Surveillance Cameras in Cities

This month, Spotlight on Surveillance turns to the $2 billion that theDepartment of Homeland Security will provide to state and localgovernments. Some of this money will be for surveillance camera networksthat watch people in shopping centers and on public streets. Studieshave found that such surveillance systems have little impact on crime,and that it is more effective to place officers on the streets andimprove lighting in high-crime areas.

Cities such as Baltimore, Chicago, and New Orleans have installed camerasurveillance networks with financing from the federal government. Suchcameras, which can $60,000 each, can be remotely controlled by police topan, tilt, zoom and rotate; have day and night vision capabilities, andwireless technologies. Chicago has 2,250 cameras in its "HomelandSecurity Grid, " which DHS helped finance with a $5.1 million grant.
The cameras are linked to a $43-million operations center constantlymonitored by police officers. Baltimore has used federal grants tofinance its camera system and $1.3 million "Watch Center. " The planis for five counties in Maryland - Anne Arundel, Baltimore, Carroll,Hartford and Howard - to connect with the city's surveillance system.

Though cities are spending millions for these systems, studies haveshown that they do not decrease criminal activity. Last year, aMilwaukee study found that law enforcement officials in cities such asDetroit, Mich.; Miami, Fla.; and Oakland, Calif., abandoned the use ofthese surveillance systems because they had little effect on crimeprevention. There are also concerns that the homeland security camerasystems will be misused or abused. The University of Nevada at Reno hasbeen accused of using its homeland security camera system to spy on aprofessor who filed a complaint against the school.

EPIC has been following the growth in the use of such camera systems foryears. In 2002, EPIC launched the Observing Surveillance project. Theproject includes a map of camera locations in areas of downtownWashington, D.C., which indicates both the locations of surveillancecameras installed by the D.C. Metropolitan Police Department and theprojected surveillance radius of those cameras.

EPIC's Spotlight on Surveillance page:

EPIC's Domestic Spending on Surveillance Programs page:

Observing Surveillance Web Site:

[6] News in Brief

EPIC West Testifies on California Data Broker BillLast week, EPIC West Director Chris Hoofnagle testified on CaliforniaSenate Bill 550, a measure aimed at adding accountability to thecommercial data broker industry. Introduced by Sen. Jackie Speier(D-San Francisco), SB 550 would allow individuals to access and correcttheir dossiers. Individuals would also receive notice when otherspurchase their files. Finally, the bill would give individuals a freecredit freeze whenever a commercial data broker experienced a securitybreach.

EPIC Testimony on SB 550

Text of California SB 550

EPIC Urges Scrutiny of Agency's Budget RequestsIn a letter to a Senate committee reviewing the Transportation SecurityAdministration's proposed budget for Fiscal Year 2006, EPIC urgedscrutiny of the agency's programs. EPIC said the agency has a history ofsecrecy in developing its programs, and has shown a proclivity to usingpersonal information for reasons other than the ones for which it wasgathered. Recent government reports issued by the GovernmentAccountability Office and the Department of Homeland Security InspectorGeneral state that there are many questions about the agency's datacollection, use, and privacy safeguards in its programs. The agency mustanswer these questions before more taxpayer money is poured into itsprograms.

EPIC's Letter to the Senate Committee on Commerce, Science andTransportation:

EPIC's Domestic Spending on Surveillance page:

Non-profits Protest Growing Surveillance InfrastructuresThe International Campaign Against Mass Surveillance (ICAMS), founded bythe American Civil Liberties Union, Focus on the Global South, theFriends' Committee on National Legislation and other NGOs, is protestingthe increasing registration of populations and building of surveillanceinfrastructures. Many governments around the world are creating theseprograms under the banner of the "war on terror" and the need for globalsecurity. ICAMS's campaign declaration urges governments to abandonintrusive and discriminatory surveillance measures, recommends thestrengthening of privacy standards, and urges inter-governmental bodiesto operate with more openness and accountability. ICAMS describes tensignposts that show the extent of current government surveillance, fromthe creation of a global system of surveillance for identification,movement-tracking and interception of electronic communications, to theconvergence of national and international databases and the erosion ofdemocratic values. ICAMS is asking organizations to endorse thedeclaration.

Campaign Declaration:

List of endorsing organizations:

Senators Introduce Bill To Defend E-Mail PrivacySens. Patrick Leahy and John Sununu have introduced a bill that wouldstrengthen privacy protections for email in light of a controversialcourt ruling. The E-Mail Privacy Act of 2005 would clarify that itviolates federal wiretap law to "intercept" communications when they aretemporarily in electronic storage, but still in transit to their finaldestinations. Last year, a three-judge panel of the First Circuit Courtof Appeals ruled in United States v. Councilman that a company did notviolate federal wiretap law when it used an e-mail service it providedto its subscribers to access their e-mails so it could review messagessent to them by a rival company. The full appellate court is nowreviewing the decision. In November, EPIC joined an amicus brief filedby a coalition of civil liberties groups arguing that the panel'sdecision creates serious constitutional questions under the FourthAmendment guarantee against unreasonable search and seizure.

Text of S. 936, the E-Mail Privacy Act of 2005:

Amicus brief filed by civil liberties groups in United States v.
Councilman (pdf):

EPIC's United States v. Councilman Page: Bans Software With Adware or, a major online source for computer software programs, hasannounced that it will not host any software that tests positive foradware or spyware. In response to the announcement, several softwarecompanies already have removed spyware and adware from their products.
Speaking at an event associated with the anti-spyware move, EPIC WestDirector Chris Hoofnagle argued that there should also be a discussionabout whether third-party advertising cookies constitute a form ofobjectionable online tracking that should be subject to anti-spywareregulation. Spyware Confidential:

[7] EPIC Bookstore: Judith Collins: Prevent Identify Theft in Business

Judith M. Collins, Preventing Identity Theft in Your Business: How toProtect Your Business, Customers, and Employees (John Wiley & Sons 2005)

"[R]ecent studies indicate that at least 50 percent or more of identitythefts are committed inside the workplace by a dishonest few employeeswho steal the Social Security, credit card, banking, or other numbersfrom their coworkers and customers," argues Judith Collins, a professorat the School of Criminal Justice at Michigan State University. Workingfrom this premise, Collins suggests a four-factor model to addressidentity theft risks in the workplace: companies should secure personalinformation by focusing on personnel, processes, proprietaryinformation, and transactions. Collins's book is chock full of helpfulexercises and compliance systems for businesses to reduce the risk ofmisuse of personal information. While the book is a great starting pointfor businesses concerned about employee deviance, it does not addressthe larger problems driving identity theft, such as instant creditgranting and poor authentication practices in the retail industry.
Nevertheless, Collins's book provides useful guidance in securingpersonal information; guidance that is highly valuable in light of newrequirements that businesses disclose security breaches.

-- Chris Jay Hoofnagle

EPIC Publications:

"Privacy & Human Rights 2004: An International Survey of Privacy Lawsand Developments" (EPIC 2004). Price: $35.

This survey, by EPIC and Privacy International, reviews the state ofprivacy in more than sixty countries around the world. The surveyexamines a wide range of privacy issues including data protection,passenger profiling, genetic databases, video surveillance, ID systemsand freedom of information laws.

"FOIA 2004: Litigation Under the Federal Open Government Laws," HarryHammitt, David Sobel and Tiffany Stedman, editors (EPIC 2004). Price:

This is the standard reference work covering all aspects of theFreedom of Information Act, the Privacy Act, the Government in theSunshine Act, and the Federal Advisory Committee Act. The 22ndedition fully updates the manual that lawyers, journalists andresearchers have relied on for more than 25 years. For those wholitigate open government cases (or need to learn how to litigatethem), this is an essential reference manual.

"The Public Voice WSIS Sourcebook: Perspectives on the World Summit onthe Information Society" (EPIC 2004). Price: $40.

This resource promotes a dialogue on the issues, the outcomes, and theprocess of the World Summit on the Information Society (WSIS). Thisreference guide provides the official UN documents, regional andissue-oriented perspectives, as well as recommendations and proposalsfor future action, as well as a useful list of resources and contactsfor individuals and organizations that wish to become more involved inthe WSIS process.

"The Privacy Law Sourcebook 2003: United States Law, InternationalLaw, and Recent Developments," Marc Rotenberg, editor (EPIC 2003).
Price: $40.

The "Physicians Desk Reference of the privacy world." An invaluableresource for students, attorneys, researchers and journalists who needan up-to-date collection of U.S. and International privacy law, aswell as a comprehensive listing of privacy resources.

"Filters and Freedom 2.0: Free Speech Perspectives on Internet ContentControls" (EPIC 2001). Price: $20.

A collection of essays, studies, and critiques of Internet contentfiltering. These papers are instrumental in explaining why filteringthreatens free expression.

"The Consumer Law Sourcebook 2000: Electronic Commerce and the GlobalEconomy," Sarah Andrews, editor (EPIC 2000). Price: $40.

The Consumer Law Sourcebook provides a basic set of materials forconsumers, policy makers, practitioners and researchers who areinterested in the emerging field of electronic commerce. The focus ison framework legislation that articulates basic rights for consumersand the basic responsibilities for businesses in the online economy.

"Cryptography and Liberty 2000: An International Survey of EncryptionPolicy," Wayne Madsen and David Banisar, authors (EPIC 2000). Price:

EPIC's third survey of encryption policies around the world. Theresults indicate that the efforts to reduce export controls on strongencryption products have largely succeeded, although severalgovernments are gaining new powers to combat the perceived threats ofencryption to law enforcement.

EPIC publications and other books on privacy, open government, freeexpression, crypto and governance can be ordered at:

EPIC Bookstore

"EPIC Bookshelf" at Powell's Books

EPIC also publishes EPIC FOIA Notes, which provides brief summariesof interesting documents obtained from government agencies under theFreedom of Information Act.

Subscribe to EPIC FOIA Notes at:

[8] Upcoming Conferences and Events

2005 IEEE Symposium on Security and Privacy. IEEE Computer SocietyTechnical Committee on Security and Privacy in cooperation with TheInternational Association for Cryptologic Research. May 8-11, 2005.
Berkeley, CA. For more information:

Symposium "Lier la recherche sur les technologies de l'information et dela communication (TICs) au développement" (Link Research on Informationand communication Technologies to Development). Azur Développement.
Brazzaville, Republic of Congo. May 16-18, 2005 (in French only). Formore information:

58th Annual New York University Conference on Labor:Workplace Privacy:
Here and Abroad. May 19-20, 2005. NYU School of Law. For moreinformation:

Sixth Annual Institute on Privacy Law: Data Protection - The Convergenceof Privacy & Security. May 23-24, 2005. Atlanta, Ga. For moreinformation:

SEC2005: Security and Privacy in the Age of Ubiquitous Computing.
Technical Committee on Security & Protection in Information ProcessingSystems with the support of Information Processing Society of Japan.
May 30-June 1, 2005. Chiba, Japan. For more information:

Sixth Annual Institute on Privacy Law: Data Protection - The Convergenceof Privacy & Security. June 6-7, 2005. San Francisco, CA. For moreinformation:

Sixth Annual Institute on Privacy Law: Data Protection - The Convergenceof Privacy & Security. June 20-21, 2005. New York, NY. For moreinformation:

Internet Corporation For Assigned Names and Numbers (ICANN) Meeting.
July 11-15, 2005. Luxembourg City, Luxenbourg. For more information:

3rd International Human.SocietyInternet Conference. July 27-29,
2005. Tokyo, Japan. For more information:

PEP05: UM05 Workshop on Privacy-Enhanced Personalization. July 2005.
Edinburgh, Scotland. For more information:

5th Annual Future of Music Policy Summit. Future of Music Coalition.
September 11-13, 2005. Washington DC. For more information:

6th Annual Privacy and Security Workshop. Centre for Innovation Law andPolicy (University of Toronto) and the Center for Applied CryptographicResearch (University of Waterloo). November 3-4, 2005. University ofToronto. For more information:

The World Summit on the Information Society. Government of Tunisia.
November 16-18, 2005. Tunis, Tunisia. For more information:

Internet Corporation For Assigned Names and Numbers (ICANN) Meeting.
November 30-December 4, 2005. Vancouver, Canada. For moreinformation: target="new">

Subscription Information

Subscribe/unsubscribe via web interface:


Back issues are available at:

The EPIC Alert displays best in a fixed-width font, such as Courier.

Privacy Policy

The EPIC Alert mailing list is used only to mail the EPIC Alert and tosend notices about EPIC activities. We do not sell, rent or share ourmailing list. We also intend to challenge any subpoena or other legalprocess seeking access to our mailing list. We do not enhance (linkto other databases) our mailing list or require your actual name.

In the event you wish to subscribe or unsubscribe your e-mail addressfrom this list, please follow the above instructions under"subscription information."

About EPIC

The Electronic Privacy Information Center is a public interestresearch center in Washington, DC. It was established in 1994 tofocus public attention on emerging privacy issues such as the ClipperChip, the Digital Telephony proposal, national ID cards, medicalrecord privacy, and the collection and sale of personal information.
EPIC publishes the EPIC Alert, pursues Freedom of Information Actlitigation, and conducts policy research. For more information, see or write EPIC, 1718 Connecticut Ave., NW, Suite200, Washington, DC 20009. +1 202 483 1140 (tel), +1 202 483 1248(fax).

If you'd like to support the work of the Electronic PrivacyInformation Center, contributions are welcome and fullytax-deductible. Checks should be made out to "EPIC" and sent to 1718Connecticut Ave., NW, Suite 200, Washington, DC 20009. Or you cancontribute online at:

Your contributions will help support Freedom of Information Act andFirst Amendment litigation, strong and effective advocacy for theright of privacy and efforts to oppose government regulation ofencryption and expanding wiretapping powers.

Thank you for your support.


WorldLII: Copyright Policy | Disclaimers | Privacy Policy | Feedback