WorldLII Home | Databases | WorldLII | Search | Feedback

EPIC Alert

You are here:  WorldLII >> Databases >> EPIC Alert >> 2005 >> [2005] EPICAlert 14

Database Search | Name Search | Recent Articles | Noteup | LawCite | Help

EPIC Alert 12.13 [2005] EPICAlert 14


Volume 12.13 June 30, 2005

Published by the Electronic Privacy Information Center (EPIC)
Washington, D.C.

Table of Contents

[1] EPIC Keeps Watchful Eye on US-VISIT
[2] Federal Agency Flouts Privacy Representations to the Public
[3] Groups Object to Massive Department of Defense Recruiting Database
[4] Appeals Court Limits Scope of California Financial Privacy Law
[5] United Kingdom's National ID Cards Bill Faces Opposition
[6] News in Brief
[7] EPIC Bookstore: Lawrence Lessig, How Media Uses Technology
[8] Upcoming Conferences and Events

[1] EPIC Keeps Watchful Eye on US-VISIT

Foreign visitors to the United States are experiencing a new kind of jetlag: delays and secondary security screenings prompted by technologicalglitches in the border security program known as the United StatesVisitor and Immigrant Status Indicator Technology (US-VISIT). Documentsobtained by EPIC under the Freedom of Information Act from theDepartment of Homeland Security show that US-VISIT has resulted in manycases of mistaken identity. Commercial aircrew members, vacationers, andbusinesspersons have all been delayed by the gaffes. The problems causedunnecessary delays in the visitors' travels and resulted in the improperflagging of crewmembers by government watch lists.

US-VISIT was launched at 115 airports and 14 seaports in January 2004.
By the end of 2005, the program will be operational at all of thenations more than 400 ports of entry. US-VISIT requires foreignnationals entering or exiting the country to submit biometric andbiographical information. This data collection often begins before avisitor buys her plane ticket, as U.S. consular offices abroad may,before issuing a U.S. visa, collect fingerscans from potential visitorsand compare them against those in a criminal database. Fingerscans areagain collected upon the visitor's arrival in the U.S. for verificationand then stored in a government database, as are travelers' arrival anddeparture records. Failure to be processed through this departureconfirmation system could jeopardize a visitor's re-admittance to theU.S., as the government compares the manifest information provided byair and cruise lines to ascertain that visitors have not overstayedtheir visas.

Last September, US-VISIT expanded to include visitors from the 27nations who are members of the Visa Waiver Program, thus requiring thescreening of an additional 33,000 persons per day. Except for visitingdiplomats and officials and persons under 14 or over 79 years old,US-VISIT now applies to virtually all foreign nationals holdingnonimmigrant visas, regardless of country of origin.

The documents obtained by EPIC show that some travelers are aware thatthe US-VISIT database contains erroneous information well before DHSrealizes its own mistake and fear that their next visit to the U.S. willresult in misidentification. Visitors reported missing their connectingflights due to errors in the database system, and airline crewmembersreported being delayed up to ninety minutes after a long internationalflight. Some travelers reported that the operator collecting fingerscansat a port had erroneously reversed their left and right indexfingerprints, labeled a husband's fingerprints as his wife's, failed tocollect the data required under US-VISIT, or collected data fromtravelers exempt from the program, such as holders of a G-4 visa.

Passengers' numerous requests to the DHS for correction of erroneouspersonal information suggest that the rush to implement US-VISIT hascome at the expense of data accuracy and passenger privacy. IDENT, thegovernment database containing US-VISIT fingerscans, is based ontechnology that even the DHS considers outdated, even though thegovernment has already invested about $1 billion in the program. Thecurrent fingerscan technology does not meet the government's biometricstandard, which mandates imaging of all ten fingerprints. Last fall,Stanford University professor Lawrence M. Wein testified before Congressthat the chance of identifying a terrorist by matching two indexfingerscans poorly imaged by IDENT against the government's biometricwatch list is no more than 53%. Privacy concerns are increasing as thegovernment turns to the private sector for full implementation ofUS-VISIT; global consultant Accenture received a $10 billion contractlast year for full-scale implementation over the next decade.

Freedom of Information Act documents obtained by EPIC on US-VISIT:


More information on the US-VISIT technology and cost is available at:

[2] Federal Agency Flouts Privacy Representations to the Public

The Transportation Security Administration has collected and maintaineddetailed commercial data about thousands of travelers in violation ofnotices issued last fall explicitly stating the agency would not storecommercial data.

According to a notice and privacy impact assessment published in theFederal Register on June 22, TSA obtained passenger name recordsenhanced with commercial data during the testing Secure Flight, anairline passenger prescreening program currently under development bythe agency. The commercial data, which was obtained by contractorEagleForce Associates from commercial data brokers, included suchinformation as name, home address, phone number, date of birth, andgender. EagleForce then provided the enhanced passenger records to TSAon CD-ROMs for use in watch list match testing. TSA continues to storethis data.

These actions contradicted prior representations made by the agency tothe public. In fall 2004, TSA published a privacy impact assessment andthree notices describing the Secure Flight program and the agency'sorder requiring 72 commercial airlines to turn over passenger recordsfrom the month of June 2004 to test Secure Flight. The agency assuredthe public repeatedly it would not have access to or store data fromcommercial data aggregators during the test phase.

On June 15, just a few days before TSA published its notice on SecureFlight, the Department of Homeland Security Privacy Office announcedthat it has launched an investigation into whether the agency violatedfederal privacy law during the test phase of the program. According toChief Privacy Officer Nuala O'Connor Kelly, the investigation focuses onwhether the program's use of commercial databases and other details wereproperly disclosed to the public. She said her office is also examiningthe security of the Secure Flight system.

Violations of the Privacy Act of 1974, a federal law requiringgovernment agencies to meet certain obligations when creating andmaintaining systems of records, are civilly and criminally punishable.

In the midst of these developments, the House Committee on HomelandSecurity's Subcommittee on Economic Security, Infrastructure Protection,and Cybersecurity held a hearing on presecreening air passengers againstwatch lists. Former Representative to Congress John B. Andersontestified that he has been erroneously identified as a watch list match,and enlisted the help of his current Congressional representative toensure that his name was cleared. James May of the Air TransportAssociation, James Dempsey of the Center for Democracy and Technology,and Paul Rosenzweig of the Heritage Foundation discussed the TerroristScreening Center's consolidated watch list and challenges to SecureFlight's success. Justin Oberman, TSA's Administrator of Secure Flightand Registered Traveler, testified on Secure Flight's development andstatus. Oberman was peppered with questions about whether Secure Flightwill improve the current state of passenger prescreening, TSA'sconflicting representations about the scope of Secure Flight commercialdata testing, and missed milestones in the program's development.

Nov. 15, 2004 Notice of Final Order:

June 22, 2005 System of Records Notice:

House Committee on Homeland Security's Subcommittee on EconomicSecurity, Infrastructure Protection, and Cybersecurity hearing:
"Improving Pre-screening of Aviation Passengers Against Terrorist andOther Watch Lists":

EPIC's Secure Flight Page:

[3] Groups Object to Massive Department of Defense Recruiting Database

EPIC and eight privacy groups filed comments last week objecting to theDepartment of Defense's (DOD) creation of a giant "Joint Advertising andMarket Research" database for military recruiting purposes. Privacygroups learned of the database in May 2005, but late last week, the DODadmitted that it had already created the database in 2003, and it failedto notify the public of that fact despite the agency's duty to do sounder the Privacy Act of 1974. These developments have focusedsignificant public attention on the use of personal information by thegovernment for military direct marketing purposes, and legislation isbeing considered to protect privacy of young people being targeted forrecruitment.

The groups' comments objected to the enormity of the database, and theplethora of privacy-invasive design choices that DOD has taken toimplement it. Six aspects are worth noting: First, according to thePrivacy Act notice announcing the system of records, the database was tobe stored at "Benow" a private-sector direct marketing company. Thiscompany has no apparent privacy policy or person designated to overseesecurity of personal information.

Second, relying upon an Executive Order issued in the 1940s, DOD claimedthat it had the authority to index the database by citizens' SocialSecurity Numbers (SSNs) to eliminate duplicate records. However, SSNsare not necessary to purge a database of duplicates, and directmarketing companies no longer use them to clean their databases. Forreasons that are now obvious, collecting the SSN is a bad idea unless itis necessary for some legitimate agency function.

Third, the DOD exercised all of its "blanket routine uses," meaning thatinformation in the database could be transferred to other agencies forthirteen different reasons, including law enforcement andcounterintelligence activities.

Fourth, while a citizen can opt out of military solicitation, one cannotopt out of this database. This means that even the citizen who isineligible for military service could be included in the database.

Fifth, the Privacy Act and the DOD's internal regulations require theagency to collect information directly from the citizen where possible.
However, the database would be largely populated from other sources,including from state motor vehicle department databases, schoolenrollment data, and commercial information vendors. The main commercialvendors that sell students' data, American Student List and StudentMarketing Group, were both pursued recently by consumer protectionauthorities for setting up front groups that tricked students intorevealing their personal information.

Finally, the database plans represent a government foray into directmarketing practices. EPIC argued that direct marketing is not anappropriate government function, and that existing laws to addressdirect marketing practices would not apply to military recruiters.

The creation of the database caused many to revisit public policychoices made by Congress on military recruiting. Under the No Child LeftBehind law, Congress forced public and private schools receiving federaleducational fund to release secondary students' names, addresses andtelephone numbers to military recruiters who request them. Parents orstudents may request that the information not be released to recruitersby signing a form distributed by schools early in the school year.
Legislation introduced by Representative Mike Honda in February toreverse this presumption, and require affirmative consent beforepersonal information is transferred from schools to recruiters, is beingrevisited by lawmakers. The legislation would not address the practiceof recruiters buying personal information from direct marketingcompanies, or limit recruiters' access to personal information held bystate motor vehicle departments.

Privacy Act Notice Describing the Recruiting Database:

Department of Defense Media Roundtable:

EPIC's Department of Defense Recruiting page:

EPIC's Student Privacy page:

H.R. 551, the Student Privacy Protection Act of 2005:

[4] Appeals Court Limits Scope of California Financial Privacy Law

A three-judge panel of the Ninth Circuit Court of Appeals hasinvalidated a portion of California's landmark financial privacy law,SB1. As passed, SB1 allowed individuals to opt out of "affiliatesharing," the practice of selling personal information amongst financialinstitutions (banks, insurance, and brokerage companies) that havecommon ownership. The law also required financial institutions to gainCalifornians' affirmative consent before selling personal data tonon-affiliated third parties.

The Court held that "at least some part of SB1's affiliate-sharingprovisions" were preempted by the federal Far Credit Reporting Act(FCRA). The FCRA, passed in 1970 and amended significantly in 1996 and2003, regulates the trading of "consumer reports," compilations ofpersonal information that are used for determining one's eligibility forcredit, insurance, or employment. In amending the FCRA, the Court held,Congress superceded state laws concerning these consumer reports.
Therefore, Californians will not be able to opt out from having theirconsumer reports traded amongst affiliated financial institutions.

While it is clear that the trade in "consumer reports" cannot be limitedby SB1, the full effect of the decision is not clear. In the 13-pageopinion, the Court discussed the differences among "consumer reports,"
"experience" information, and "non-experience" information, but didn'tclearly state whether regulation of the latter categories were preemptedby the FCRA. These latter categories include information purchased bycommercial vendors of personal information, information gleaned fromcheck payments and credit card use, and information individuals submitin making loan or account applications. The Court remanded the case to alower court to determine the precise extent to which SB1 was superceded,frustrating banking officials who argued that all state privacy lawshould be preempted.

In an amicus brief, EPIC and a coalition of groups representing 41million individuals argued that preemption of SB1 would weakenprotections against identity theft and erode consumer privacy. Thecoalition maintains that as financial institutions grow, affiliatesharing is becoming a major privacy risk, since federal law allowscompanies with common ownership to exploit personal information to anunlimited degree. Limits on financial institutions' use of personalinformation also shields individuals from telemarketing and junk mail.

More generally, preemption of state law has become a threat to consumerprotection and privacy. Banks have petitioned the Federal CommunicationsCommission to invalidate a number of state anti-telemarketing laws. Ifthese laws are preempted, even phones on the Do-Not-Call Registry willbegin to ring again, as banks and all other companies will be able tocall any consumer who has purchased a product from the caller in thepast 18 months. Banks, commercial data brokers, and retailers also areseeking preemption of California's security breach notification lawsthat have exposed embarrassing security problems at Choicepoint,Lexisnexis, and Citibank.

The good news is that Californians will still enjoy most of SB1'sprotections. The law still requires financial institutions to obtainaffirmative consent before selling personal information tonon-affiliated third party companies. It appears that Californiaresidents will be able to opt out from some affiliate sharing, althoughthe extent of that ability will be determined over the next year by afederal district court.

Ninth Circuit Decision in ABA v. Lockyer (pdf):

Coalition Amicus Brief:

EPIC's Preemption Page:



[5] United Kingdom's National ID Cards Bill Faces Opposition

A proposal to create a nationwide ID Card in the UK narrowly avoideddefeat Tuesday in Parliament. Some members charged that UK ministershave failed to define clear goals for the program and areunderestimating its cost. They seek tighter controls over thedissemination of information to law enforcement and other groups.

The proposed Identity Cards Bill would create a National ID Registerthat would contain information on all UK residents older than 16 years.
In addition to storing general information (name, date of birth,address, etc.), the Register would store a biometric identifier(photograph, fingerprint, or other). Once implemented, the card will beused for a variety of purposes, including access to health care, to seekemployment and as a tool for law enforcement.

A London School of Economics report estimates the new ID system couldeventually cost more than 20 billion ($36B), disputing the 6 billion($11B) estimate claimed by the government. The costs of the system willbe borne by the public, which will be required to purchase a card everyfive to ten years.

Critics of the bill are hopeful that this narrow win in the House ofCommons will lead to changes, especially since more opposition isexpected in the House of Lords. Prime Minister Tony Blair has indicatedthat he will address the concerns of the dissenting members.

London School of Economics Report:

EPIC's National ID Cards and REAL ID Act page:

[6] News in Brief

Senators Specter and Leahy Introduce Comprehensive Privacy LegislationThe leading Republican and Democrat on the Senate Judiciary Committeehave introduced the Personal Data and Security Act of 2005. The billwould strengthen penalties for identity theft, create new rights ofdata access, establish security standards, limit the sale and displayof the social security number, and require the government to establishsafeguards for personal information held by data brokers.

Personal Data and Security Act of 2005 (pdf):

EPIC's Choicepoint page:

Model Privacy Regime:

Congresswoman Calls for Hearings on Social Security Disclosure PolicyCongresswoman Carolyn Maloney continued last week to push forinvestigation into the Social Security Administration's (SSA)
information disclosure policy. In a letter to Chairman William Thomas ofthe Ways and Means Committee and Chairman Tom Davis of the Committee onGovernment Reform, Representative Maloney called for hearings on theSSA's release of sensitive personal information to law enforcement andthe lack of oversight of the agency's actions. The request follows aninquiry to the SSA Commissioner last month about this issue. Documentsobtained through a FOIA request by EPIC sparked the inquiry, revealingthat the SSA adopted an "ad-hoc" policy allowing the liberal release ofpersonal information in connection with 9/11 investigations. In a letterto Congresswoman Maloney, the SSA Commissioner denied that the agencymade any change to its disclosure policy, and had instead "invoked itslong-standing ad hoc authority" to release information in connectionwith 9/11 investigations.

Letter to Chairman Thomas and Chairman Davis from Congresswoman Maloney(pdf):

Letter to Social Security Administration from Congresswoman Maloney(pdf):

Response from the Social Security Administration to CongresswomanMaloney (pdf):

Freedom of Information documents obtained by EPIC on the Social SecurityAdministration's "ad hoc" policy for disclosing personal information inconnection with 9/11 investigations (pdf):

EPIC & Hoofnagle Receive Consumer Protection AwardEPIC's West Coast Director, San Francisco attorney Chris Hoofnagle, hasreceived a 2005 Consumer Excellence Award from Consumer Action. ConsumerAction is a non-profit organization focusing on consumer education andadvocacy in telecommunications and financial services. Upon acceptingthe award, Hoofnagle warned that consumer advocates face difficultchallenges ahead, as collection of personal information can enablesubtle discriminatory practices, such as digital redlining anddiscriminatory pricing. Also recognized was California AssemblymemberJudy Chu, for her work to protect immigrants from fraud.

Consumer Action's site:

Congress Opens Junk Fax Floodgates with New LawCongress Tuesday passed a bill that would permanently allow an"existing business relationship" exemption for commercial "junkfaxes." Under the law, if an individual does business with any company,the company can begin to send the individual junk faxes, even if theindividual does not provide the business with a fax number. The lawallows direct marketers to troll the Internet, phone books, andadvertisements to harvest fax numbers of their customers. The bill setsno time limit for an existing business relationship, unlike thenational no-call list, which limits such relationships to those whomade a purchase in the past 18 months or an inquiry in the past threemonths.

Text of S. 714: Junk Fax Prevention Act of 2005:

EPIC's Sept. 21, 2004, congressional testimony on junk fax regulation:

EPIC's Telemarketing and Junk Fax page:

US, Europe Discuss Transatlantic Issues in Privacy, Data ProtectionThe Atlantic Council along with the European Parliament sponsored adiscussion this week on transatlantic privacy and data protectionissues. Topics discussed included biometric passports, the US-VISITprogram, airline passenger name records, and other types of public andprivate surveillance in the US. Choicepoint executive David Davisdescribed his company's role in consolidating public records andproviding data to US government agencies. EPIC Executive Director MarcRotenberg discussed general privacy laws in the US. Several members ofthe European Parliament were outraged about the lack of privacyprotections in the US for EU citizens. They urged the establishment ofbetter regulations and non-discriminatory measures to protect EUcitizens' privacy in the US, as the privacy of American citizens' isprotected in the EU. They advised that the Privacy Act of 1974 beamended to also protect those who are neither US citizens nor lawfulpermanent residents.

Atlantic Council Program on Transatlantic Relations:

DOJ Urged to Clarify Privacy Obligations of Storing Biological EvidenceEPIC has submitted comments urging the Justice Department to identifyand ensure compliance with existing privacy protections when preservingbiological evidence during the investigation of a federal crime forwhich an individual is in prison. Congress has stated, "DNA testing hasthe capacity not only to identify the perpetrators of crimes but alsoto exonerate the innocent." EPIC argued that the agency should limitaccess to material that must be preserved under law to governmentagencies that will use the material to further this legislativepurpose.

EPIC's Comments on the Preservation of Biological Evidence Under 18U.S.C. 3600A:

EPIC's Genetic Privacy page:

Orlando Airport Debuts Biometric ID Traveler SystemOrlando International Airport has begun test operations of a registeredtraveler program. In exchange for an exclusive security line and aguarantee against random secondary pat-down check, travelers offer theirbiometric information, fingerprints and iris scans, and undergo abackground check by the Department of Homeland Security. Programparticipants, who must pay an $80 annual fee, still must have bagsscreened and go through a metal detector.

EPIC's Passenger Profiling page:

EPIC's Biometrics page:

EPIC: E-mail Users Should Be Able to Opt-Out from List BrokersEPIC recently submitted comments to the Federal Trade Commission aboutproposed changes to the CAN-SPAM Act, which penalizes senders ofdeceptive spam advertising. EPIC argued that individuals should be ableto prevent direct marketing "list brokers" from selling lists containingtheir e-mail addresses. List brokers actively buy, sell, and rent listsof consumers' personal information. Although there are thousands ofthese list brokers in operation, the top 100 brokers are the drivingforce behind much of the spam in the U.S. EPIC urged the FTC to giveconsumers the right to opt out of inclusion in the brokers' databases.
It would be more efficient for the consumer to be able to opt out of thetop brokers' lists than having to opt out of each online merchantssending spam individually, EPIC said.

EPIC Comments on CAN-SPAM Act Rulemaking, Project No. R411008:

EPIC's Consumer Profiling page:

Committee for Voting Integrity Recommends Enhanced StandardsThe National Committee for Voting Integrity has submitted comments tothe Senate Rules Committee, which held a hearing on Voter Verificationin the Federal Elections Process. NCVI said that current votingtechnology does not meet a standard that can assure voters that votesare recorded and counted as cast. NCVI made recommendations to theSenate on ways to improve transparency, privacy and security of ballots.

Comments of the National Committee for Voting Integrity on VoterVerification in the Federal Elections Process (pdf):

National Committee for Voting Integrity's site:

Groups to FTC: Kids' Privacy Improving, but Law Needs EnforcementConsumer privacy groups have filed comments to the Federal TradeCommission as part of its review of the Children's Online PrivacyProtection Act (COPPA). The groups argue that COPPA has improvedchildren's privacy online. There is a continuing need to continue toclarify COPPA via enforcement and research into the cutting-edgetechniques being used to direct Web sites at children. Further action isstill needed to address the privacy concerns raised in the offlinemarket for children's personal information.

Comments of EPIC, et al., in the Matter of COPPA Rule Review 2005,Project No. P054505:

EPIC's Children's Online Privacy Protection Act page:

[7] EPIC Bookstore:

Lawrence Lessig, Free Culture: How Big Media Uses Technology and the Lawto Lock Down Culture and Control Creativity (Penguin Press HC, 2004)

"A landmark manifesto about the genuine closing of the American mind.

Lawrence Lessig could be called a cultural environmentalist. One ofAmerica's most original and influential public intellectuals, his focusis the social dimension of creativity: how creative work builds on thepast and how society encourages or inhibits that building with laws andtechnologies. In his two previous books, Code and The Future of Ideas,Lessig concentrated on the destruction of much of the original promiseof the Internet. Now, in Free Culture, he widens his focus to considerthe diminishment of the larger public domain of ideas. In this powerfulwake-up call he shows how short-sighted interests blind to the long-termdamage they're inflicting are poisoning the ecosystem that fostersinnovation.

All creative works-books, movies, records, software, and so on-are acompromise between what can be imagined and what ispossible-technologically and legally. For more than two hundred years,laws in America have sought a balance between rewarding creativity andallowing the borrowing from which new creativity springs. The originalterm of copyright set by the Constitution in 1787 was seventeen years.
Now it is closer to two hundred. Thomas Jefferson considered protectingthe public against overly long monopolies on creative works an essentialgovernment role. What did he know that we've forgotten?

Lawrence Lessig shows us that while new technologies always lead to newlaws, never before have the big cultural monopolists used the fearcreated by new technologies, specifically the Internet, to shrink thepublic domain of ideas, even as the same corporations use the sametechnologies to control more and more what we can and can't do withculture. As more and more culture becomes digitized, more and morebecomes controllable, even as laws are being toughened at the behest ofthe big media groups. What's at stake is our freedom-freedom to create,freedom to build, and ultimately, freedom to imagine."

EPIC Publications:

"Privacy & Human Rights 2004: An International Survey of Privacy Lawsand Developments" (EPIC 2004). Price: $35.

This survey, by EPIC and Privacy International, reviews the state ofprivacy in more than sixty countries around the world. The surveyexamines a wide range of privacy issues including data protection,passenger profiling, genetic databases, video surveillance, ID systemsand freedom of information laws.

"FOIA 2004: Litigation Under the Federal Open Government Laws," HarryHammitt, David Sobel and Tiffany Stedman, editors (EPIC 2004). Price:

This is the standard reference work covering all aspects of theFreedom of Information Act, the Privacy Act, the Government in theSunshine Act, and the Federal Advisory Committee Act. The 22ndedition fully updates the manual that lawyers, journalists andresearchers have relied on for more than 25 years. For those wholitigate open government cases (or need to learn how to litigatethem), this is an essential reference manual.

"The Public Voice WSIS Sourcebook: Perspectives on the World Summit onthe Information Society" (EPIC 2004). Price: $40.

This resource promotes a dialogue on the issues, the outcomes, and theprocess of the World Summit on the Information Society (WSIS). Thisreference guide provides the official UN documents, regional andissue-oriented perspectives, as well as recommendations and proposalsfor future action, as well as a useful list of resources and contactsfor individuals and organizations that wish to become more involved inthe WSIS process.

"The Privacy Law Sourcebook 2003: United States Law, InternationalLaw, and Recent Developments," Marc Rotenberg, editor (EPIC 2003).
Price: $40.

The "Physicians Desk Reference of the privacy world." An invaluableresource for students, attorneys, researchers and journalists who needan up-to-date collection of U.S. and International privacy law, aswell as a comprehensive listing of privacy resources.

"Filters and Freedom 2.0: Free Speech Perspectives on Internet ContentControls" (EPIC 2001). Price: $20.

A collection of essays, studies, and critiques of Internet contentfiltering. These papers are instrumental in explaining why filteringthreatens free expression.

"The Consumer Law Sourcebook 2000: Electronic Commerce and the GlobalEconomy," Sarah Andrews, editor (EPIC 2000). Price: $40.

The Consumer Law Sourcebook provides a basic set of materials forconsumers, policy makers, practitioners and researchers who areinterested in the emerging field of electronic commerce. The focus ison framework legislation that articulates basic rights for consumersand the basic responsibilities for businesses in the online economy.

"Cryptography and Liberty 2000: An International Survey of EncryptionPolicy," Wayne Madsen and David Banisar, authors (EPIC 2000). Price:
EPIC's third survey of encryption policies around the world. Theresults indicate that the efforts to reduce export controls on strongencryption products have largely succeeded, although severalgovernments are gaining new powers to combat the perceived threats ofencryption to law enforcement.

EPIC publications and other books on privacy, open government, freeexpression, crypto and governance can be ordered at:

EPIC Bookstore

"EPIC Bookshelf" at Powell's Books

EPIC also publishes EPIC FOIA Notes, which provides brief summariesof interesting documents obtained from government agencies under theFreedom of Information Act.

Subscribe to EPIC FOIA Notes at:

[8] Upcoming Conferences and Events

Internet Corporation For Assigned Names and Numbers (ICANN) Meeting.
July 11-15, 2005. Luxembourg City, Luxenbourg. For more information:

TTI/Vanguard conference: "Evolving Systems," Miami, Florida, July 12-13,
2005. For more information:

3rd International Human.SocietyInternet Conference. July 27-29,
2005. Tokyo, Japan. For more information:

PEP05: UM05 Workshop on Privacy-Enhanced Personalization. July 2005.
Edinburgh, Scotland. For more information:

Access to Information: Analyzing the State of the Law. RileyInformation Services. September 8, 2005. Ottawa, Ontario. For moreinformation:

5th Annual Future of Music Policy Summit. Future of Music Coalition.
September 11-13, 2005. Washington DC. For more information:

Conference On Passenger Facilitation & Immigration: Newest trends inachieving a seamless experience in air travel International AirTransport Association (IATA) and Singapore Aviation Academy (SAA)
October 3-5, 2005 Singapore Aviation Academy. For more information:

Public Voice Symposium: "Privacy and Data Protection in Latin America -
Analysis and Perspectives." Launch of the first Spanish version of"Privacy and Human Rights." October 20-21, 2005, Auditorio AlbertoLleras Camargo de la Universidad de los Andes, Bogota, Colombia.
Organizers: Electronic Privacy Information Center (EPIC), Grupo deEstudios en Internet, Comercio Electrónico, Telecomunicaciones eInformática (GECTI), Law School of the Universidad de los Andes, Bogota,Colombia, Computer Professional for Social Responsibility-Peru(CPSR-Perú). For more information:

6th Annual Privacy and Security Workshop. Centre for Innovation Law andPolicy (University of Toronto) and the Center for Applied CryptographicResearch (University of Waterloo). November 3-4, 2005. University ofToronto. For more information:

The World Summit on the Information Society. Government of Tunisia.
November 16-18, 2005. Tunis, Tunisia. For more information:

Internet Corporation For Assigned Names and Numbers (ICANN) Meeting.
November 30-December 4, 2005. Vancouver, Canada. For moreinformation: target="_blank">

Subscription Information

Subscribe/unsubscribe via web interface:


Back issues are available at:

The EPIC Alert displays best in a fixed-width font, such as Courier.

Privacy Policy

The EPIC Alert mailing list is used only to mail the EPIC Alert and tosend notices about EPIC activities. We do not sell, rent or share ourmailing list. We also intend to challenge any subpoena or other legalprocess seeking access to our mailing list. We do not enhance (linkto other databases) our mailing list or require your actual name.

In the event you wish to subscribe or unsubscribe your e-mail addressfrom this list, please follow the above instructions under"subscription information."

About EPIC

The Electronic Privacy Information Center is a public interestresearch center in Washington, DC. It was established in 1994 tofocus public attention on emerging privacy issues such as the ClipperChip, the Digital Telephony proposal, national ID cards, medicalrecord privacy, and the collection and sale of personal information.
EPIC publishes the EPIC Alert, pursues Freedom of Information Actlitigation, and conducts policy research. For more information, see or write EPIC, 1718 Connecticut Ave., NW, Suite200, Washington, DC 20009. +1 202 483 1140 (tel), +1 202 483 1248(fax).

If you'd like to support the work of the Electronic PrivacyInformation Center, contributions are welcome and fullytax-deductible. Checks should be made out to "EPIC" and sent to 1718Connecticut Ave., NW, Suite 200, Washington, DC 20009. Or you cancontribute online at:

Your contributions will help support Freedom of Information Act andFirst Amendment litigation, strong and effective advocacy for theright of privacy and efforts to oppose government regulation ofencryption and expanding wiretapping powers.

Thank you for your support.


WorldLII: Copyright Policy | Disclaimers | Privacy Policy | Feedback