WorldLII Home | Databases | WorldLII | Search | Feedback

EPIC Alert

You are here:  WorldLII >> Databases >> EPIC Alert >> 2005 >> [2005] EPICAlert 18

Database Search | Name Search | Recent Articles | Noteup | LawCite | Help

EPIC Alert 12.17 [2005] EPICAlert 18


Volume 12.17 August 25, 2005

Published by the Electronic Privacy Information Center (EPIC)
Washington, D.C.

Table of Contents

[1] EPIC Testifies Before the U.S. Election Assistance Commission
[2] Victory for Internet Privacy: Email Interception Decision Reversed
[3] FTC Ends Experian "Free" Credit Report Bait and Switch
[4] Justice Appropriations Bill Would Create Privacy Office, Task Force
[5] Florida Committee Recommends Regulation of Data Brokers
[6] News in Brief
[7] EPIC Bookstore: Geoffrey Stone's "Perilous Times"

[8] Upcoming Conferences and Events

[1] EPIC Testifies Before the U.S. Election Assistance Commission

The U.S. Election Assistance Commission held the third and final publichearing Wednesday in Denver, Colo., on the draft Voluntary Voting SystemGuidelines. The commission is nearing the end of a process began lastyear, which is intended guide the design of voting systems used inpublic elections.

EPIC and the National Committee for Voting Integrity (NCVI)
have worked with civil rights groups, voting rights groups andtechnologists to increase awareness of the threats to elections posed byunauditable election technology. EPIC Associate Director Lillie Coneytestified before the commission and urged its members to promotereliable, secure, accessible, transparent, accurate, and auditablepublic elections.

EPIC urged the Commission to stress in the guidance strong support ofopen government procedures that allow public access to the electionadministration process. EPIC also urged the Commission to includeguidance that addresses the need to minimize and, wherever possible,eliminate the threat to voters' privacy, including that of absenteevoters.

The Commission was also urged to ban the use of infrared technology invoting systems, or to at least establish safeguards if the technologywas used because of the security risks involved. EPIC also recommendedthat the Commission direct the states to prepare realistic contingencyplans in the event of electronic voting system failures that jeopardizethe completion of the election process.

Post-election analysis of 2000 and 2004, and legal challenges, whichfollowed these presidential elections, have identified many obstacles toreliable public election. These include problems with: voterregistration, voter roll purges, poll place practices, accessiblepolling locations, and voting technology, usability of votingmechanisms, absentee ballot problems, and vote tabulation. Between 4 and6 million voters were disenfranchised by the public election process in2000.

EPIC's testimony:
EPIC's Voting page:

National Committee for Voting Integrity:

[2] Victory for Internet Privacy: E-mail Interception Decision Reversed

In a 5-2 decision, the full Court of Appeals for the First Circuit hasruled in United States v. Councilman that the interception of e-mailtemporarily stored while en route to its final destination violatesfederal wiretap law.

The holding reversed a three-judge panel's earlier ruling that an e-mailservice provider did not violate the law by acquiring users' incominge-mails without their knowledge or consent to gain a commercialadvantage over a competitor. Because the e-mails were not actually inwires or cables between computers when accessed, but were insteadtemporarily stored on the service provider's computer system, the panelhad found the e-mails could not have been "intercepted" in violation ofwiretap law.

The First Circuit decided to rehear the case last fall. EPIC joinedwith other civil liberties groups to file a "friend of the court" briefsupporting the reversal of the panel's decision. Senator Patrick Leahyand a group of technical experts also submitted briefs arguing in favorof electronic communications privacy.

Judge Kermit V. Lipez, writing for the majority of the full FirstCircuit, concluded that the federal Wiretap Act's definition of anelectronic communication that can be intercepted under the law "includestransient electronic storage that is intrinsic to the communicationprocess for such communications." However, the court stopped short ofdeciding whether an electronic communication can be intercepted withinthe meaning of the law "after a message has crossed the finish line oftransmission[.]"

Writing in dissent, Judge Juan Torruella argued that the serviceprovider did not violate the law: "the Wiretap Act's prohibition onintercepting electronic communications does not apply when they arecontained in electronic storage, whether such storage occurs pre- orpost-delivery, and even if the storage lasts only a few milliseconds."
He also asserted that if an e-mail service provider "intercept[s] itscustomers' messages in breach of a privacy agreement, the remedy lies incontract, not in the Wiretap Act."

United States v. Councilman (1st Cir. Aug. 11, 2005) (pdf):

Amicus brief of civil liberties groups (pdf):

Amicus brief of technical experts (pdf):

EPIC's United States v. Councilman Page:

[3] FTC Ends Experian "Free" Credit Report Bait and Switch

The Federal Trade Commission has settled a complaint against creditreporting agency Experian for operating a Web site that offered "free"
credit reports but instead signed consumers up for expensive creditmonitoring services. The company must change representations on its Website, give refunds to certain individuals who used the site between 2000and 2003, and disgorge almost $1 million received in the bait and switchscam.

Individuals who want their free credit reports can obtain them, the site established by Congress to providethree reports per year at no cost to the consumer, or by calling1-877-322-8228. (By requesting a report by phone instead of online, oneavoids providing the consumer reporting agencies with superfluousinformation, such as e-mail addresses.) Also, instead of purchasingexpensive credit monitoring services, consumers can monitor their creditthemselves by staggering their requests for free credit reports so as toobtain one every four months.

EPIC filed a complaint against Experian with the FTC in September 2003,arguing that television commercials and the company's site "locksconsumers into a high-cost, long-term subscription service withoutadequate notice of the terms of service, including opt-out procedures."
Separately, the World Privacy Forum published a report showing thathundreds of Web sites had been registered to take advantage of consumerswho misspelled the Web address of the official site for free creditreports. The FTC has sent letters to the owners of 130 Web sitesinforming them that it is illegal to mislead consumers into thinkingthat they have reached the official free site.

Although unaddressed by the FTC, EPIC also argued that the creditmonitoring services marketed by Experian should be free to consumersunder the Fair Credit Reporting Act (FCRA). The FCRA requires consumerreporting agencies to protect the security of credit reports, and ensurethat procedures are followed to ensure "maximum possible accuracy" ofcredit reports.

FTC Settlement with Experian:

EPIC Complaint In Re Experian:

World Privacy Forum Reports on Free Credit Report Sites:

[4] Justice Appropriations Bill Would Create Privacy Office, Task Force

The House Judiciary Committee has approved a Justice Departmentauthorization bill that would create a privacy office and privacy taskforce, as well as require that the Department ensure it maintainspersonal information in compliance with fair information practices andexisting privacy law.

The proposed legislation would require that the Attorney General appointa privacy officer to ensure, among other things, that the JusticeDepartment's "use of technologies sustain, and do not erode, privacyprotections relating to the use, collection and disclosure of personallyidentifiable information." In addition, the officer would ensure thatthe Justice Department handles personal information in accordance withfair information practices. The privacy officer would also be taskedwith assessing the implications of the Justice Department's proposedrules that involve personally identifiable information, and reporting toCongress annually on "activities of the Department that affect privacy."
The privacy officer would not, however, be vested with investigativepowers or the authority to initiate enforcement actions for privacyviolations.

The Justice Department appropriations bill would also require theAttorney General to establish a task force to "report on policies,procedures, and technological issues that may affect the privacy andconfidentiality of victims of domestic violence, dating violence,stalking and sexual assault." The task force would be charged withdeveloping a model of best practices to protect the personal informationof such victims from being released and used in ways that could endangerthem. The bill would fund the task force with $1,000,000 for each of thefiscal years 2006 through 2009.

Additionally, the bill would require the Department to conduct a reviewto ensure that its handling of personal information complies withfederal privacy laws, and to improve the "accuracy, quality, timeliness,immediate accessibility and integration of state criminal history andrelated records."

H.R. 3402: Department of Justice Appropriations Authorization Act:

[5] Florida Committee Recommends Regulation of Data Brokers

A committee convened by Florida's Supreme Court has made severalrecommendations to promote access to public records while shieldingpersonal information contained within them. The first recommendation,which passed unanimously, urged the Florida legislature and Congress tocomprehensively regulate commercial data brokers. The committee proposedthat "the Florida Legislature enact laws that effectively protect theinterests of Floridians regarding personal information in the possessionof state agencies and data companies. Regulation should go beyondrequiring consumer notification of an improper release of information,and should define the rights of consumers, the responsibilities of datacompanies, remedies for violations, and an effective enforcement system."

Florida's Committee on Privacy and Court Records recommendedprotections at the federal level that do not preempt or supercede theability of the states to pass laws that concern commercial data brokers.
The group also recommended that the courts allow anonymous access torecords, and that courts minimize the amount of information they collectfrom individuals.

Many of these positions were recommended by EPIC in a submission thatargued that Florida residents are the most profiled in the nationbecause the state pours personal information into public recordsindiscriminately. EPIC's submission included documents obtained underthe Freedom of Information Act showing prices for data sold byChoicepoint on Florida residents to the Drug Enforcement Agency.

Also notable was a letter from Choicepoint to the committee in which thecompany claimed that its practices were adequate to address risks toprivacy and security. The letter, dated October 29, 2004, read in part:
"ChoicePoint controls access to its database by requiring every customerto fill out an application . . . . We then verify the informationprovided to us. . . . We believe these safeguards are effectiveprotection against the misuse of information in our databases . . . ."
According to a Choicepoint filing at the Securities and ExchangeCommission, the company had discovered its security breach on September27, 2004, a month before the letter to the committee was sent. Thatbreach involved Choicepoint's sale of the personal information of145,000 people to an identity theft ring.

Report on Privacy of Trial Court Records:

EPIC Submission to the Committee (pdf):

EPIC's Choicepoint page:

[6] News in Brief

Millions of Americans and Britons Choose to Block Telemarketers' CallsThe Federal Trade Commission announced this week that the National DoNot Call Registry has topped 100 million phone numbers. The registrybegan accepting phone numbers more than two years ago. Also this week,British Telecom announced that one million households have signed up toits free privacy service. People are registering at a rate of 30,000 perday, the company said. The service, launched in mid-July, gives freecaller display and registers BT customers with the Telephone PreferenceService - thereby filtering out around 90% of unsolicited marketingcalls.

EPIC's Do Not Call page:

Report: Many American Companies Misuse Customer Data Gathered OnlineA new report has determined that many major American companies misuseconsumer information they collect through the Internet. The CustomerRespect Group's 2005 Privacy Report analyzed 464 corporate Web sites,and found that 72 percent of those companies had "poor" policiesconcerning reusing personal data for marketing purposes. The worstperformer was the pharmaceutical and health care industry.

Customer Respect Group's site:

EPIC's Privacy and Consumer Profiling page:

Court: No Fourth Amendment Violation in AOL Subscriber Info CaseA federal court judge recently ruled that two police detectives did notviolate a man's rights under the Fourth Amendment when they submitted awarrant without a judge's signature to America Online whileinvestigating allegedly threatening e-mails Freedman sent anonymously.
AOL provided the officers with Clifton Freedman's name, address, phonenumbers, and various pieces of information relating to his account.
Judge Peter C. Dorsey also stated that a jury must decide other claimsin Freedman's civil suit against the town of Fairfield, Conn.,including: whether Freedman's right to free speech was violated, whetherthe detectives violated Freedman's right to privacy by improperlyobtaining his Internet subscriber information, and whether the townshould be held liable for the actions of its employees.

Web site of the U.S. District Court of the District of Connecticut:

Man Who Took Photo Up Woman's Skirt Did Not Violate Privacy, Court FindsA man who took a photo by aiming his cell phone camera up a woman'sskirt was acquitted of invasion of privacy this week. A Pennsylvaniajudge did find the man guilty of disorderly conduct. The man faces amaximum term of a year in prison and a $2,500 fine. The judge said thatPennsylvania's privacy statute, last revised in 1998, did not anticipatecamera phones and does not have provisions barring the man's actions.
There is a bill pending in the state legislature to close this loopholein the privacy law.

[7] EPIC Bookstore: Geoffrey Stone's "Perilous Times"

Geoffrey Stone, Perilous Times: Free Speech in Wartime from TheSedition Act of 1798 to The War on Terrorism (Norton & Co., 2004)

"Geoffrey Stone's Perilous Times incisively investigates how the FirstAmendment and other civil liberties have been compromised in Americaduring wartime. Stone delineates the consistent suppression of freespeech in six historical periods from the Sedition Act of 1798 to theVietnam War, and ends with a coda that examines the state of civilliberties in the Bush era. Full of fresh legal and historical insight,Perilous Times magisterially presents a dramatic cast of characters whoinfluenced the course of history over a two-hundred-year period: fromthe presidents —- Adams, Lincoln, Wilson, Roosevelt, and Nixon —- to theSupreme Court justices -— Taney, Holmes, Brandeis, Black, and Warren-—to the resisters —- Clement Vallandingham, Emma Goldman, FredKorematsu, and David Dellinger. Filled with dozens of rare photographs,posters, and historical illustrations, Perilous Times is resonant in itscall for a new approach in our response to grave crises."

EPIC Publications:

"Privacy & Human Rights 2004: An International Survey of Privacy Lawsand Developments" (EPIC 2004). Price: $50. survey, by EPIC and Privacy International, reviews the state ofprivacy in more than sixty countries around the world. The surveyexamines a wide range of privacy issues including data protection,passenger profiling, genetic databases, video surveillance, ID systemsand freedom of information laws.

"FOIA 2004: Litigation Under the Federal Open Government Laws," HarryHammitt, David Sobel and Tiffany Stedman, editors (EPIC 2004). Price:
$40. is the standard reference work covering all aspects of the Freedomof Information Act, the Privacy Act, the Government in the SunshineAct, and the Federal Advisory Committee Act. The 22nd edition fullyupdates the manual that lawyers, journalists and researchers haverelied on for more than 25 years. For those who litigate opengovernment cases (or need to learn how to litigate them), this is anessential reference manual.

"The Public Voice WSIS Sourcebook: Perspectives on the World Summit onthe Information Society" (EPIC 2004). Price: $40. resource promotes a dialogue on the issues, the outcomes, and theprocess of the World Summit on the Information Society (WSIS). Thisreference guide provides the official UN documents, regional andissue-oriented perspectives, and recommendations and proposals forfuture action, as well as a useful list of resources and contacts forindividuals and organizations that wish to become more involved in theWSIS process.

"The Privacy Law Sourcebook 2003: United States Law, International Law,and Recent Developments," Marc Rotenberg, editor (EPIC 2003). Price:
$40. "Physicians Desk Reference of the privacy world." An invaluableresource for students, attorneys, researchers and journalists who needan up-to-date collection of U.S. and international privacy law, as wellas a comprehensive listing of privacy resources.

"Filters and Freedom 2.0: Free Speech Perspectives on Internet ContentControls" (EPIC 2001). Price: $20. collection of essays, studies, and critiques of Internet contentfiltering. These papers are instrumental in explaining why filteringthreatens free expression.

"The Consumer Law Sourcebook 2000: Electronic Commerce and the GlobalEconomy," Sarah Andrews, editor (EPIC 2000). Price: $40. Consumer Law Sourcebook provides a basic set of materials forconsumers, policy makers, practitioners and researchers who areinterested in the emerging field of electronic commerce. The focus ison framework legislation that articulates basic rights for consumersand the basic responsibilities for businesses in the online economy.

"Cryptography and Liberty 2000: An International Survey of EncryptionPolicy," Wayne Madsen and David Banisar, authors (EPIC 2000). Price:

EPIC's third survey of encryption policies around the world. Theresults indicate that the efforts to reduce export controls on strongencryption products have largely succeeded, although severalgovernments are gaining new powers to combat the perceived threats ofencryption to law enforcement.

EPIC publications and other books on privacy, open government, freeexpression, crypto and governance can be ordered at:

EPIC Bookstore "EPIC Bookshelf" at Powell's Books

EPIC also publishes EPIC FOIA Notes, which provides brief summariesof interesting documents obtained from government agencies under theFreedom of Information Act.

Subscribe to EPIC FOIA Notes at:

[8] Upcoming Conferences and Events

Canada-Australia Comparative IP & Cyberlaw Conference. University ofOttawa. September 30 and October 1, 2005. Ottawa, Ontario. For moreinformation:

Access to Information: Analyzing the State of the Law. RileyInformation Services. September 8, 2005. Ottawa, Ontario. For moreinformation:

5th Annual Future of Music Policy Summit. Future of Music Coalition.
September 11-13, 2005. Washington DC. For more information: On Passenger Facilitation & Immigration: Newest trends inachieving a seamless experience in air travel International AirTransport Association (IATA) and Singapore Aviation Academy (SAA)
October 3-5, 2005 Singapore Aviation Academy. For more information: & Privacy Workshop 2005: Toolkit For Change. Ontario Ministry ofGovernment Service’s Access & Privacy Office. October 6- 7, 2005.
Toronto, Ontario. For more information:

Public Voice Symposium: "Privacy and Data Protection in Latin America -
Analysis and Perspectives." Launch of the first Spanish version of"Privacy and Human Rights." October 20-21, 2005, Auditorio AlbertoLleras Camargo de la Universidad de los Andes, Bogota, Colombia.
Organizers: Electronic Privacy Information Center (EPIC), Grupo deEstudios en Internet, Comercio Electrónico, Telecomunicaciones eInformática (GECTI), Law School of the Universidad de los Andes, Bogota,Colombia, Computer Professional for Social Responsibility-Peru(CPSR-Perú). For more information:

6th Annual Privacy and Security Workshop. Centre for Innovation Law andPolicy (University of Toronto) and the Center for Applied CryptographicResearch (University of Waterloo). November 3-4, 2005. University ofToronto. For more information: World Summit on the Information Society. Government of Tunisia.
November 16-18, 2005. Tunis, Tunisia. For more information: Corporation For Assigned Names and Numbers (ICANN) Meeting.
November 30-December 4, 2005. Vancouver, Canada. For moreinformation:
Subscription Information

Subscribe/unsubscribe via web interface: issues are available at: EPIC Alert displays best in a fixed-width font, such as Courier.

Privacy Policy

The EPIC Alert mailing list is used only to mail the EPIC Alert and tosend notices about EPIC activities. We do not sell, rent or share ourmailing list. We also intend to challenge any subpoena or other legalprocess seeking access to our mailing list. We do not enhance (link toother databases) our mailing list or require your actual name.

In the event you wish to subscribe or unsubscribe your e-mail addressfrom this list, please follow the above instructions under"subscription information."

About EPIC

The Electronic Privacy Information Center is a public interest researchcenter in Washington, DC. It was established in 1994 to focus publicattention on emerging privacy issues such as the Clipper Chip, theDigital Telephony proposal, national ID cards, medical record privacy,and the collection and sale of personal information. EPIC publishes theEPIC Alert, pursues Freedom of Information Act litigation, and conductspolicy research. For more information, see orwrite EPIC, 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009.
+1 202 483 1140 (tel), +1 202 483 1248 (fax).

If you'd like to support the work of the Electronic Privacy InformationCenter, contributions are welcome and fully tax-deductible. Checksshould be made out to "EPIC" and sent to 1718 Connecticut Ave., NW,Suite 200, Washington, DC 20009. Or you can contribute online at: contributions will help support Freedom of Information Act andFirst Amendment litigation, strong and effective advocacy for the rightof privacy and efforts to oppose government regulation of encryptionand expanding wiretapping powers.

Thank you for your support.


WorldLII: Copyright Policy | Disclaimers | Privacy Policy | Feedback