WorldLII Home | Databases | WorldLII | Search | Feedback

EPIC Alert

You are here:  WorldLII >> Databases >> EPIC Alert >> 2005 >> [2005] EPICAlert 17

Database Search | Name Search | Recent Articles | Noteup | LawCite | Help

EPIC Alert 12.16 [2005] EPICAlert 17


Volume 12.16 August 11, 2005

Published by the Electronic Privacy Information Center (EPIC)
Washington, D.C.

Table of Contents

[1] EPIC Opposes Georgia's Proposed ID Requirement for Voters
[2] Coalition Urges Court to Strike National Security Letter Authority
[3] Spotlight: Unmanned Planes Allow Secret Surveillance of Civilians
[4] Privacy Groups, Senators Oppose Preempting Anti-Telemarketing Laws
[5] EPIC: US-VISIT's Wireless Travel ID Plan is Flawed
[6] News in Brief
[7] EPIC Bookstore: Sheldon Charrett's "Modern Identity Changer"

[8] Upcoming Conferences and Events

[1] EPIC Opposes Georgia's Proposed ID Requirement for Voters

EPIC has submitted comments to the Department of Justice in oppositionto Georgia's proposal to require citizens to provide a government-issuedphoto ID to vote in a state or federal election. EPIC's opposes theproposal because it will negatively impact voter privacy, discouragevoter turnout, and is inconsistent with the federal Help America VoteAct.

Under the 1965 Voting Rights Act, Georgia, along with a number of otherstates, must submit any changes in voting laws to the Justice Departmentfor approval, in what is called "pre-clearance," before they can beimplemented.

EPIC's comments to the Justice Department stress the privacyimplications of the Georgia proposal to require citizens to present oneof a very narrow set of government-issued identification documents inorder to vote. The most common form of identification likely to be used
-- a Georgia driver's license -- was designed for and continues to beused to prove competence for operating a motor vehicle.

The information provided on a driver's license can disclose much morepersonal information than what is required to prove identity for votingpurposes. This information includes the voter's name, photographiclikeness, age, height, weight, driver's license number, restrictionsowing to disability or impairment (such as imperfect vision orprosthetic limbs), and fingerprints. Furthermore, the state of Georgia,not the applicant, has sole control over the information placed into astate-issued identification card, which is likely to be expanded underthe REAL ID Act.

EPIC also pointed out that the elderly, the poor, and the disabled wereless likely to posses a state driver's license than other eligiblevoters. Georgia Secretary of State Cathy Cox has objected to themeasure. She said that there have been no reports of peopleimpersonating voters at the polls.

The Voting Rights Act was passed in response to the efforts of certainstates to impose barriers to voting and discourage voter turnout.

EPIC's Comments to the Department of Justice (pdf):

EPIC's Voting Privacy Page:

National Committee for Voting Integrity:

Department of Justice's Voting Rights Laws Page:

[2] Coalition Urges Court to Strike National Security Letter Authority

EPIC and a coalition of open government organizations filed a "friend ofthe court" brief in Gonzales v. Doe, a lawsuit concerning the FBI'sauthority to issue national security letters to businesses for certaincustomer records without judicial approval. This investigative power,which is part of the Electronic Communications Privacy Act, also imposesa permanent nondisclosure order prohibiting the recipient from evertelling anyone he has received a national security letter.

Last year, an anonymous Internet service provider and the ACLUchallenged the constitutionality of this broad authority, arguing thatit violates the First and Fourth Amendments because the law fails toprovide adequate checks on the FBI's power to force companies to turnover sensitive customer information. They also argued that the "gag"
provision violates the First Amendment because it completely andpermanently forbids every recipient from disclosing the fact that hereceived a national security letter -- regardless of whether such asweeping ban is actually necessary.

A federal court in New York found the power unconstitutional on FirstAmendment grounds in September. The government is now challenging thatruling in the Second Circuit Court of Appeals.

The amicus brief, which was co-authored by EPIC and the NationalSecurity Archive, argues that the courts must provide meaningfuloversight of the government's investigative activity, and that the FBI'snational security letter power undermines government accountability.
Other organizations supporting the brief include the Project onGovernment Secrecy of the Federation of American Scientists and theNational Whistleblower Coalition.

The amicus brief (pdf):
Lower court opinion (2.1 MB pdf):

More information about the case:

[3] Spotlight: Unmanned Planes Allow Secret Surveillance of Civilians

This month's Spotlight on Surveillance shines on unmanned aerialvehicles (UAVs), equipped with cameras and sensors that producehigh-resolution imagery and track moving targets. UAVs, which cost$350,000 to $4.5 million each, were designed for military use and havebeen deployed in Afghanistan and Iraq. Now this military technologycould be used by the federal government for aerial surveillance ofcivilians in the United States.

Customs and Border Protection, a part of the Department of HomelandSecurity, has tested UAVs along the Mexican border, and is consideringusing these surveillance planes permanently. The Coast Guard, also underthe umbrella of Homeland Security, has bought 45 of Bell Helicopter's"Eagle Eye" tilt-rotor UAVs and will begin rolling them out inSeptember. Each Eagle Eye costs $5.5 million. The U.S. military has usedUAVs in reconnaissance missions in the wars in Afghanistan and Iraq, andsome are equipped with weapons.

The "Predator B" UAVs was tested in 2003 and 2004 in the U.S. by theBorder Patrol and the Coast Guard. "Hermes 450" UAVs scanned theArizona-Mexico border in 2004. The Border Patrol is expected to conducta second test of UAVs along the Arizona-Mexico border in September. TheDepartment of Homeland Security also plans to test the UAVs along theCanadian border and in Puerto Rico.

UAVs are touted as being less expensive and safer than manned aircraft.
However, the surveillance planes are prone to crashing, and areexpensive to replace. Another problem is that UAV images can bedistorted by inclement weather, cloudy conditions, high humidity, roughterrain and dense foliage.

This increase in surveillance and monitoring systems has not helped theBorder Patrol's bottom line -- apprehensions. In 2000, there were 1.6million apprehensions. Every year since then, the number has steadilyfallen to half that - in 2004, there were 800,000 apprehensions. Also, areport about UAVs prepared earlier this year for Congress warned thatthe surveillance planes' effectiveness "may not be so significant whenterrorists, like the September 11 hijackers, can and have entered thecountry through more easily accessible official ports of entry."

EPIC's August 2005 Spotlight on Surveillance:

[4] Privacy Groups, Senators Oppose Preempting Anti-Telemarketing Laws

In a submission to the Federal Communications Commission, EPIC and 11consumer advocacy groups urged the agency not to determine that federallaw "preempts," or supercedes, strong state anti-telemarketingprotections. The submission responded to a series of petitions filed bybanks, major retailers, and telemarketers that sought to invalidate allstate telemarketing laws. Invalidation of these laws would lead to anincrease of unwanted telemarketing.

Several of the businesses' petitions focused on forcing states torecognize large loopholes in federal regulations concerning "establishedbusiness relationships" and "pre-recorded voice" telemarketing. Theestablished business relationship loophole allows companies to contacttheir current customers, even if they are on the Do-Not-Call Registry.
While this sounds reasonable, the loophole is overbroad because anypurchase, no matter how small, or a simple request for information,creates an established business relationship. Pre-recorded voicetelemarketing is a practice where a telemarketer uses a computer to calland deliver a message automatically. Telemarketers add "ums" andbackground noises to the recorded message to fool the listener intothinking that the call is from a live person. Unlike live telemarketing,pre-recorded voice requires the fewer resources, allowing telemarketersto initiate millions of calls per day.

EPIC's comments argue that telemarketers have not met the legal burdennecessary to support preemption of the state laws. Well-established caselaw holds that the telemarketers must show that Congresses clearlyintended to invalidate state laws. However, federal law is silent onthe issue, and Congress has had numerous opportunities to invalidatelaws that telemarketers have had to comply with for almost 15 years.

The comments also argue that technically, telemarketers can comply withstate and federal privacy regulations. There are many examples of datacompanies that can "segment" the public, down to the zip code level, andtreat people differently. These profiling technologies, EPIC argued,could be employed to comply with state and federal mandates.

Sen. Bill Nelson and nine other senators from states that would beaffected by the FCC's decision wrote separately to oppose preemption ofthe state anti-telemarketing laws. DMNews reported that over 8,000consumers filed comments opposing preemption.

Coalition Comments Against Preemption:
Letter from 10 U.S. Senators Opposing Preemption (pdf):

EPIC's Telemarketing Preemption Page:

[5] EPIC: US-VISIT's Wireless Travel ID Plan is Flawed

In comments to the Department of Homeland Security (DHS), EPIC has urgedthe agency to abandon a proposal to embed Radio Frequency Identification(RFID) tags into the Form I-94 or Form I-94W, which is theArrival-Departure record issued to a traveler to the United States.
US-VISIT will test the use of passive RFID tags to "automatically,passively, and remotely" record the entry and exit of coveredindividuals, DHS said. EPIC said the plan lacks basic privacy andsecurity safeguards, and repeats many of the problems with thecontroversial proposal of the State Department for wireless passports.

The problems with the proposal to use RFID-enabled I-94 forms are verysimilar to the problems found in the State Department's flawed proposalto include RFID tags in U.S. passports. The State Department isreassessing the plan after receiving a storm of criticism from civilliberties, security and privacy groups, including EPIC. Problems in thepassport proposal, which are also problems in the RFID-enabled I-94 formproposal, include skimming and eavesdropping. Skimming occurs wheninformation from an RFID chip is surreptitiously gathered by anunauthorized individual. Eavesdropping occurs when an individualintercepts data as it is read by an authorized RFID reader. Tests haveshown that RFID tags can be read from thirty feet or more, posing asignificant risk of unauthorized access.

Another significant security risk inherent in the RFID proposal is thatof clandestine tracking. DHS itself has said that there is a risk thatthe RFID tag "could be used to conduct surreptitious locationalsurveillance of an individual; i.e., to use the presence of the tag tofollow an individual as he or she moves about in the U.S." Anytime avisitor is carrying his I-94 RFID-enabled form, his uniqueidentification number, which is linked to his individual biographicinformation, could be accessed by unauthorized individuals. So long asthe RFID tag can be read by unauthorized individuals, foreign visitorscould be identified as such merely because they carry an RFID-enabledI-94 form.

EPIC has submitted a series of comments on database proposals undertakenby the DHS regarding the development of the US-VISIT program. InFebruary 2004, we wrote to urge DHS to determine how it will applyPrivacy Act obligations to the program and to prohibit the expansion ofUS-VISIT uses outside the program's defined mission. In November 2004,we warned DHS that, in its continued implementation of US-VISIT, it mustevaluate the accuracy and security of its pilot program, and recognize aright of judicial review for individuals adversely affected by theprogram.

EPIC's recent comments (in html and pdf):


EPIC's RFID page:

[6] News in Brief

EPIC Wins ABA Cyberspace AwardEPIC received the American Bar Association Cyberspace Law ExcellenceAward at the annual ABA Conference in Chicago. The Award recognizessubstantial contributions to the development of the law of cyberspacethrough scholarship, participation in the legislative process, orlitigation. EPIC was cited for addressing the challenge of security andprivacy "not in the heat of the moment or only in partisan arenas, butdeliberately, neutrally, and thoughtfully." The ABA Cyberspace LawCommittee said, "EPIC's efforts in this vein have served us all well."

ABA Cyberspace Law Committee:

Court Dismisses Privacy Lawsuit Against Jet BlueA New York district court last week dismissed a nationwide class actionprivacy lawsuit against JetBlue Airways, data aggregator AcxiomCorporation, and government contractors SRS Technologies and TorchConcepts. The suit was based on the transfer of passenger informationfrom JetBlue and Acxiom to Torch Concepts for a Pentagon data miningstudy. JetBlue passengers argued that the disclosure of their personalinformation without their knowledge or consent violated the ElectronicCommunications Privacy Act, as well as state privacy laws and torts.
JetBlue admitted that the disclosure contradicted its publicly postedprivacy policy. The judge found, however, that the passengers did notprove they were harmed by the disclosure, and were therefore notentitled to damages. The passenger data disclosure led EPIC to file acomplaint with the Federal Trade Commission in 2003 arguing that thepassenger data transfers violated JetBlue and Acxiom's privacy policies,and were therefore an unfair and deceptive trade practice. (See EPICAlert 10.20.) The Commission has not publicly announced a decision oraction in response to the complaint.

The decision (pdf):

EPIC's complaint to the Federal Trade Commission:

EPIC's Air Travel Privacy Page:

Wiretap Mandates Extended to Broadband, Internet TelephonyResponding to a petition by federal law enforcement agencies, theFederal Communications Commission has determined that the CommunicationsAssistance for Law Enforcement Act (CALEA) applies to broadband Internetproviders and Internet telephony. As a result, some providers of bothservices will have to make their systems easier to wiretap. Passed in1994, CALEA requires telecommunications providers to customize theirsystems so that law enforcement can easily surveil wire and electroniccommunications. The FCC order does not specify how service providersmust alter their systems, the amount of wiretapping that the systemsmust accommodate, enforcement of the requirements, or the amountproviders will be reimbursed for wiretapping. Companies have 18 monthsto comply with the mandate.

FCC Order (pdf):
EPIC's Comments to the FCC Opposing CALEA Expansion (pdf):

EPIC's Letter to the FCC Opposing CALEA Expansion:

British Government Embeds RFID Chips Into License PlatesThe British government is preparing to test new high-tech license platescontaining Radio Frequency Identification chips capable of transmittingunique vehicle identification numbers and other data to readers morethan 300 feet away. "A single reader can identify dozens of vehiclesfitted with an e-Plate moving at any speed at a distance of up to 100metres [328 feet]," according to e-Plate manufacturer HillsNumberplates. The RFID-enabled license plates can cost up to 10 timesmore than regular plates. The British government will begin using themlater this year.

Hills Numberplates' E-Plates:

EPIC's RFID page:

Googling of Google's CEO Causes ConsternationAccording to CNET News, Google has blacklisted the entire news agencybecause one of its reporters published an article that includedinformation on Google's CEO gleaned from the company's own searchengine. The article, by Elinor Mills, explored the difficult privacyissues implicated by search engines, and began with a listing ofpersonal interests and basic biographical information about Google CEOEric Schmidt. Google's retaliation is interesting because the companylargely hasn't confronted the privacy implications of its own products.
The company manages privacy issues by claiming that it strictly followsa "don't be evil" mantra. But "don't be evil" differs substantially from"be good." And while Google itself avoids being "evil," users of itstools and the steadily growing pot of publicly available personalinformation, are not bound to such commandments.

CNET News Story on Google and Privacy:

EPIC's Page on Google Gmail:

[7] EPIC Bookstore: Sheldon Charrett's "Modern Identity Changer"

Sheldon Charrett, The Modern Identity Changer: How to Create a NewIdentity for Privacy and Personal Freedom (Paladin Press, 2004)

"As governments worldwide have increased their stranglehold on thepersonal information of ordinary citizens, advocates of new andalternate identities have developed creative new methods and modes ofthinking to meet the challenge. Sheldon Charrett is a long-time fighterfor identity freedom, and now has taken the battle into the challengingarena of the 21st century.

In this revised and updated edition of his best-selling book The ModernIdentity Changer, you will learn how to acquire a new identity, producethe documents necessary to support it, and obtain residence, credit,employment and banking privileges to enjoy it. Read all-new and expandedinformation on:

-- evaluating the pros and cons of segmented ID change vs. total IDchange
-- creating alternate identity documents from scratch
-- working around the onerous new rules for mail drops and privatemailboxes
-- establishing real estate residence without ever signing a document
-- making your own notary embossing plate
-- interpreting, applying for, and using Social Security numbersBesides getting Charrett’s latest solutions to Big Brother’s alarmingassaults on privacy, you will also benefit from reader feedback on thefirst edition, with verified tips and tricks from the trenches in theongoing struggle to maintain our cherished freedoms."

EPIC Publications:

"Privacy & Human Rights 2004: An International Survey of Privacy Lawsand Developments" (EPIC 2004). Price: $50. survey, by EPIC and Privacy International, reviews the state ofprivacy in more than sixty countries around the world. The surveyexamines a wide range of privacy issues including data protection,passenger profiling, genetic databases, video surveillance, ID systemsand freedom of information laws.

"FOIA 2004: Litigation Under the Federal Open Government Laws," HarryHammitt, David Sobel and Tiffany Stedman, editors (EPIC 2004). Price:
$40. is the standard reference work covering all aspects of the Freedomof Information Act, the Privacy Act, the Government in the SunshineAct, and the Federal Advisory Committee Act. The 22nd edition fullyupdates the manual that lawyers, journalists and researchers haverelied on for more than 25 years. For those who litigate opengovernment cases (or need to learn how to litigate them), this is anessential reference manual.

"The Public Voice WSIS Sourcebook: Perspectives on the World Summit onthe Information Society" (EPIC 2004). Price: $40. resource promotes a dialogue on the issues, the outcomes, and theprocess of the World Summit on the Information Society (WSIS). Thisreference guide provides the official UN documents, regional andissue-oriented perspectives, and recommendations and proposals forfuture action, as well as a useful list of resources and contacts forindividuals and organizations that wish to become more involved in theWSIS process.

"The Privacy Law Sourcebook 2003: United States Law, International Law,and Recent Developments," Marc Rotenberg, editor (EPIC 2003). Price:
$40. "Physicians Desk Reference of the privacy world." An invaluableresource for students, attorneys, researchers and journalists who needan up-to-date collection of U.S. and international privacy law, as wellas a comprehensive listing of privacy resources.

"Filters and Freedom 2.0: Free Speech Perspectives on Internet ContentControls" (EPIC 2001). Price: $20. collection of essays, studies, and critiques of Internet contentfiltering. These papers are instrumental in explaining why filteringthreatens free expression.

"The Consumer Law Sourcebook 2000: Electronic Commerce and the GlobalEconomy," Sarah Andrews, editor (EPIC 2000). Price: $40. Consumer Law Sourcebook provides a basic set of materials forconsumers, policy makers, practitioners and researchers who areinterested in the emerging field of electronic commerce. The focus ison framework legislation that articulates basic rights for consumersand the basic responsibilities for businesses in the online economy.

"Cryptography and Liberty 2000: An International Survey of EncryptionPolicy," Wayne Madsen and David Banisar, authors (EPIC 2000). Price:

EPIC's third survey of encryption policies around the world. Theresults indicate that the efforts to reduce export controls on strongencryption products have largely succeeded, although severalgovernments are gaining new powers to combat the perceived threats ofencryption to law enforcement.

EPIC publications and other books on privacy, open government, freeexpression, crypto and governance can be ordered at:

EPIC Bookstore "EPIC Bookshelf" at Powell's Books

EPIC also publishes EPIC FOIA Notes, which provides brief summariesof interesting documents obtained from government agencies under theFreedom of Information Act.

Subscribe to EPIC FOIA Notes at:

[8] Upcoming Conferences and Events

Access to Information: Analyzing the State of the Law. RileyInformation Services. September 8, 2005. Ottawa, Ontario. For moreinformation:

5th Annual Future of Music Policy Summit. Future of Music Coalition.
September 11-13, 2005. Washington DC. For more information: On Passenger Facilitation & Immigration: Newest trends inachieving a seamless experience in air travel International AirTransport Association (IATA) and Singapore Aviation Academy (SAA)
October 3-5, 2005 Singapore Aviation Academy. For more information: & Privacy Workshop 2005: Toolkit For Change. Ontario Ministry ofGovernment Service’s Access & Privacy Office. October 6- 7, 2005.
Toronto, Ontario. For more information:

Public Voice Symposium: "Privacy and Data Protection in Latin America -
Analysis and Perspectives." Launch of the first Spanish version of"Privacy and Human Rights." October 20-21, 2005, Auditorio AlbertoLleras Camargo de la Universidad de los Andes, Bogota, Colombia.
Organizers: Electronic Privacy Information Center (EPIC), Grupo deEstudios en Internet, Comercio Electrónico, Telecomunicaciones eInformática (GECTI), Law School of the Universidad de los Andes, Bogota,Colombia, Computer Professional for Social Responsibility-Peru(CPSR-Perú). For more information:

6th Annual Privacy and Security Workshop. Centre for Innovation Law andPolicy (University of Toronto) and the Center for Applied CryptographicResearch (University of Waterloo). November 3-4, 2005. University ofToronto. For more information: World Summit on the Information Society. Government of Tunisia.
November 16-18, 2005. Tunis, Tunisia. For more information: Corporation For Assigned Names and Numbers (ICANN) Meeting.
November 30-December 4, 2005. Vancouver, Canada. For moreinformation:
Subscription Information

Subscribe/unsubscribe via web interface: issues are available at: EPIC Alert displays best in a fixed-width font, such as Courier.

Privacy Policy

The EPIC Alert mailing list is used only to mail the EPIC Alert and tosend notices about EPIC activities. We do not sell, rent or share ourmailing list. We also intend to challenge any subpoena or other legalprocess seeking access to our mailing list. We do not enhance (link toother databases) our mailing list or require your actual name.

In the event you wish to subscribe or unsubscribe your e-mail addressfrom this list, please follow the above instructions under"subscription information."

About EPIC

The Electronic Privacy Information Center is a public interest researchcenter in Washington, DC. It was established in 1994 to focus publicattention on emerging privacy issues such as the Clipper Chip, theDigital Telephony proposal, national ID cards, medical record privacy,and the collection and sale of personal information. EPIC publishes theEPIC Alert, pursues Freedom of Information Act litigation, and conductspolicy research. For more information, see orwrite EPIC, 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009.
+1 202 483 1140 (tel), +1 202 483 1248 (fax).

If you'd like to support the work of the Electronic Privacy InformationCenter, contributions are welcome and fully tax-deductible. Checksshould be made out to "EPIC" and sent to 1718 Connecticut Ave., NW,Suite 200, Washington, DC 20009. Or you can contribute online at: contributions will help support Freedom of Information Act andFirst Amendment litigation, strong and effective advocacy for the rightof privacy and efforts to oppose government regulation of encryptionand expanding wiretapping powers.

Thank you for your support.


WorldLII: Copyright Policy | Disclaimers | Privacy Policy | Feedback