WorldLII Home | Databases | WorldLII | Search | Feedback

EPIC Alert

You are here:  WorldLII >> Databases >> EPIC Alert >> 2005 >> [2005] EPICAlert 19

Database Search | Name Search | Recent Articles | Noteup | LawCite | Help

EPIC Alert 12.18 [2005] EPICAlert 19


Volume 12.18 September 9, 2005

Published by the Electronic Privacy Information Center (EPIC)
Washington, D.C.

Table of Contents

[1] EPIC Urges Senate to Question Roberts on Privacy Rights
[2] EPIC Calls for Government Watch List Accuracy
[3] Appeals Court: Floridians Eligible for Damages in Privacy Case
[4] EPIC Petitions FCC to Protect Phone Users' Privacy
[5] Report: Government Withholding More Information Than Ever Before
[6] News in Brief
[7] EPIC Bookstore: EPIC's "Privacy Law Sourcebook 2004"

[8] Upcoming Conferences and Events

[1] EPIC Urges Senate to Question Roberts on Privacy Rights

In a letter to the Senate Judiciary committee, members of the EPICAdvisory Board urged the senators to carefully explore the views ofJudge John G. Roberts, Jr., the nominee for Chief Justice of the SupremeCourt, on the right to privacy. The Senate confirmation hearings forJudge Roberts begin Monday.

EPIC discussed two issues in the letter: Judge Roberts's views onunlawful searches and his support for a national ID card. JudgeRoberts's views on unlawful searches are a far cry from those ofretiring Justice Sandra Day O'Connor. The exclusionary rule "wasestablished to provide a meaningful remedy in those circumstances wherethe police obtain evidence in violation of the Constitution. Not onlydoes the rule help prevent police misconduct, it may also play anincreasingly important role in ensuring the accuracy and reliability ofthe databases on which the police rely," EPIC said. In January 1983,while an attorney for President Reagan, Judge Roberts made clear hisopposition to the rule.

Judge Roberts has also expressed support for national ID cards, eventhough such cards have historically been rejected in the United States.
For example, EPIC said, in the legislation to create the Department ofHomeland Security, "members of Congress made clear their opposition tocreation of a national ID card. Section 554 states directly 'Nothing inthis Act shall be construed to authorize the development of a nationalidentification system in card.'" In an October 1983 White House memo,Judge Roberts said that privacy concerns were "largely symbolic so faras a national I.D. card is concerned."

EPIC said, "Although Judge Roberts is a distinguished lawyer and abrilliant jurist, we believe that he may have a very limited view ofboth the Court's role in protecting Constitutional rights and of theability of the Congress and the states to defend privacy throughlegislation." EPIC concluded that the United States is likely to faceenormous challenges to personal privacy in the years ahead, and "[a]
recognition of the need to uphold Constitutional responsibilities tocounterbalance law enforcement powers is crucial."

In the last several years, EPIC has participated in several cases beforethe Supreme Court, including Watchtower Bible v. Village of Stratton. Inthat case, EPIC filed an amicus brief in which it supported the rightsof Jehovah's Witnesses against an Ohio ordinance requiring allindividuals going door-to-door to register and identify themselves priorto expressing their political and religious views. EPIC said that theordinance forced individuals to sacrifice their anonymity and chilledactivity protected by the First Amendment. The Court agreed with thisreasoning and invalidated the statute.

According to the EPIC letter sent to the members of the JudiciaryCommittee, "this case also demonstrates how privacy interests helpprotect other Constitutional values, such as freedom of association andfreedom of expression."

EPIC's Letter to the Senate Judiciary Committee (pdf):

EPIC, Watchtower Bible v. Village Stratton (2002):

Senate Judiciary Committee:

New York Times, Supreme Court in Transition:

Wikipedia, John G. Roberts

[2] EPIC Calls for Government Watch List Accuracy

In comments to the FBI, EPIC has urged the agency not to expand theTerrorist Screening Center's watch list records system until the Bureauresolves significant privacy, transparency, and due process issues.
EPIC's recommendations were made in response to a notice, published bythe FBI on July 28, outlining plans for the creation of a records systemthat will encompass the government's consolidated watch listinformation, operational support records, and records related tocomplaints or inquiries from individuals about erroneous watch listmatches. A second notice published the same day exempted the database,the Terrorist Screening Records System, from numerous Privacy Actrequirements that ensure that agencies maintain accurate data and givepeople rights in their information.

In its comments, EPIC criticized the lack of transparency in thegovernment's development of the system. EPIC noted that the FBI hasdisclosed little information in response to a Freedom of Information Actrequest about the watch lists' use within the Secure Flight passengerprescreening program.

The comments also addressed the FBI's decision to exempt the system fromlegal requirements that agencies maintain only accurate, timely,complete, relevant and necessary information about people. Not only willthe Terrorist Screening Center use data that does not meet theserequirements to screen individuals, but the agency has also failed toprovide meaningful avenues for individuals to access personalinformation and correct inaccuracies. EPIC also said that the system'sbroadly drawn "routine uses" of watch list data would only heighten thesystem's privacy problems.

EPIC urged that development of the system should be suspended until theFBI is willing to disclose more information about the system to thepublic and address its substantial privacy issues.

EPIC's Comments to the FBI:

EPIC's Secure Flight page:

[3] Appeals Court: Floridians Eligible for Damages in Privacy Case

In an important victory for privacy rights, the 11th Circuit Court ofAppeals has held that individuals suing under the Drivers PrivacyProtection Act can qualify to receive monetary damages even if they didnot suffer financial harm. The decision places a limit on Doe v. Chao,a case from the Supreme Court where "liquidated" damages were notavailable to plaintiffs suing under the Privacy Act of 1974 unless theysuffered actual harm. Liquidated damages are important in privacy casesbecause victims of business or government use of personal informationoften suffer damages that are difficult to quantify, such as mentaldistress and simple annoyance from receiving telemarketing and junkmail. The court recognized this, holding that:

"Damages for a violation of an individual's privacy are a quintessentialexample of damages that are uncertain and possibly unmeasurable. Sinceliquidated damages are an appropriate substitute for the potentiallyuncertain and unmeasurable actual damages of a privacy violation, itfollows that proof of actual damages is not necessary for an award ofliquidated damages. To us, the plain meaning of the statue is clear --
a plaintiff need not prove actual damages to be awarded liquidateddamages"

The EPIC brief in the case, Kehoe v. Fidelity Bank, argued that Congressestablished liquidated damages for successful plaintiffs in passing theDPPA. That law limits use of motor vehicle records to a limited set ofpermissible purposes, and requires consent from the individual beforepersonal information can be used for marketing. Prior to 1998, the DPPAhad an opt-out standard for marketing use, and when the statute wasstrengthened, the Florida legislature failed to update their driverprivacy statute. Data brokers knew that the federal law had changed(they had lobbied against it), but they continued to buy millions ofrecords from the Florida government for a penny each. Last year,Florida patched its statute.

EPIC argued that without liquidated damages, unaccountable data brokerswould continue to purchase personal information in violation of the law,relying on the fact that it is difficult to quantify damages from thesale. A brief submitted in the case by data brokers strenuously arguedthat access to drivers' information is necessary for law enforcement andnational security purposes. Especially because, after the September 11,
2001 terrorist attacks, data brokers have used anti-fraud and securityjustifications as cover for their marketing activities.

The 11th Circuit's decision makes it economically viable for plaintiffs'
attorneys to remedy systematic violations of drivers' privacy inFlorida. The Kehoe attorneys are currently litigating a similar claimin Fresco v. Automotive Directions et al, a case where 13 companies arealleged to have bought drivers' records for marketing purposes. Also,last Friday, the Kehoe attorneys filed a class action suit against Bankof America for purchasing several thousand records of drivers who ownedhigh-end automobiles in Palm Beach County, presumably for marketingpurposes.

EPIC's Amicus Brief in Kehoe v. Fidelity:

EPIC's Drivers Privacy Protection Act page:

[4] EPIC Petitions FCC to Protect Phone Users' Privacy

EPIC has petitioned the Federal Communications Commission to initiate arulemaking to enhance security protections for individuals' phonerecords and renewed a call at the Federal Trade Commission for aninvestigation of online data brokers for selling personal informationillegally.

At issue is customer proprietary network information (CPNI). CPNIincludes calling history and activity, billing records, and unlistedtelephone numbers of service subscribers. CPNI can only be released inlimited circumstances, but online data brokers and private investigatorswidely advertise online that they can procure this information withoutinforming the account holder. It is believed that the information isobtained principally through "pretexting," the practice of accessingpersonal information by pretending to be the account holder. Becausedata brokers and private investigators have access to Social Securitynumbers and other biographical identifiers used to verify individuals'
identity, they can easily pose as another person in order tofraudulently obtain records.

EPIC's petition seeks to mandate heightened security standards,including encryption of records, requiring audit logs to track whoaccesses account information and why, and limits on the amount of timethat data is retained by the carrier. Most importantly, EPIC urged theagency to reduce carriers' reliance on biographical identifiers, likeSocial Security numbers and dates of birth, to safeguard accounts.
Customers' accounts would be better protected through passwords chosenat service activation.

The petition is the latest step in a campaign to stop the illegal saleof personal information by online data brokers and privateinvestigators. In July, EPIC urged the Federal Trade Commission toinvestigate the entire industry, because many Web sites offer to sellprotected personal information to anyone. In update to the Julysubmission, EPIC provided a list of 40 different Web sites that offer tosell protected phone records and evidence that identity thieves useonline data brokers.

Until the agencies take action, individuals can protect their privacy bycalling their landline and wireless telephone carriers to opt out ofCPNI sharing, and to place passwords on their accounts. Placingpasswords on the accounts should shield CPNI from improper disclosure.

EPIC's FCC Petition on CPNI:

EPIC's Letter to the FTC:

[5] Report: Government Withholding More Information Than Ever Before

The recent "Secrecy Report Card 2005" by showsthat government secrecy is growing considerably. This report comes at atime when government is being criticized for failures to protectindividual privacy rights. In July, the Government Accountability Officereported to Congress that the Transportation Security Administrationviolated the Privacy Act when it obtained personal information aboutairline passengers from commercial data brokers during the test phase ofthe Secure Flight passenger prescreening program.

The secrecy report found that federal agencies spent a record $148creating and storing new secrets for each $1 spent declassifying oldsecrets in 2004. The government classified 15.6 million documents "topsecret," "secret" or "confidential." This tops the 14.2 milliondocuments classified in 2003, and is almost double the 8.6 documentsclassified in 2001. While the number of classified documents hasincreased, the number of declassified documents has steadily decreasedfor a fourth straight year. In 2004, 28.4 million documents weredeclassified, far below the 100 million that were declassified in 2001,the report said.

The report also found that Freedom of Information Act (FOIA) requestswere at an all-time high last year, with more than 4 million requestsmade. However, there were 14 federal agencies reporting no backlog insuch requests, double the number in 2003. The government is oftencriticized for its reluctance to release documents to the public.

EPIC's Open Government Project files FOIA requests to ensure governmentaccountability and transparency. In a FOIA case brought by EPIC againstthree federal agencies, a federal court held in July that theTransportation Security Agency and Department of Homeland Security maynot withhold a document sought by the public simply by saying itcontains "sensitive security information." Though federal agencies "arenot required to describe the withheld portions in so much detail that itreveals the sensitive security information itself," the court said theyare required to "provide a more adequate description" to explain whymaterial is not made public. Secrecy Report Card 2005 (pdf):

EPIC v. Department of Homeland Security, et al:

EPIC's Open Government Project:

[6] News in Brief

Spotlight: Database Tracks Every Move of Foreign Students, VisitorsEPIC's September "Spotlight on Surveillance" scrutinizes the Student andExchange Visitor Information System (SEVIS), a Homeland Securityprogram. SEVIS is also a part of the US-VISIT program, which has beencriticized as flawed. Through SEVIS, the federal government isaccumulating a massive amount of data on foreign students and exchangevisitors, such as biographical information of the student or exchangevisitor and their dependents (name, place and date of birth, spouse andchildren's data); academic information (status, date of studycommencement, degree program, field of study, institutional disciplinaryaction); and employment information (employer name and address,employment beginning and end dates). The stated goals of SEVIS arerelated to immigration and education; however, the database is alsoavailable to other federal, local, state, tribal and foreign agencies,as well as immigration and education agencies. SEVIS represents amassive surveillance system that monitors and tracks students andexchange visitors at all times.

September Spotlight on Surveillance:


Report: Agencies' Privacy Protections Lacking in Data Mining ProjectsA recent Government Accountability Office report found that federalagencies are failing to adequately protect privacy rights when usingdata mining or knowledge discovery tools to find patterns andassociations in massive amounts of information. The report said thatalthough most agencies are notifying the public that they are usingpersonal information, few are notifying people about the intended usesof that information. A previous government program that sifted thoughtroves of personal information, the Total Information Awareness project,was shut down amidst privacy and security criticism.

Government Accountability Office report (pdf):

EPIC's Total Information Awareness page:

Get Your Free Credit Reports, and Correct and Monitor ThemNew regulations have taken effect that entitle all Americans to a freecopy of their credit report from all three of the big consumer reportingagencies. Free credit reports can be obtained by or by calling 1-877-322-8228. After obtaining acredit report, it should be carefully checked for errors, any errorsshould be disputed, and any documentation generated in the processshould be kept. A person can avoid signing up for expensivecredit-monitoring services by self-monitoring. By ordering one of thethree reports every four months, important developments in creditrecords can be monitored at no cost.

Free reports are available online at:

EPIC's Fair Credit Reporting Act page:

California RFID Bill Is Resurrected

A California State Senator has resurrected legislation that was shelvedafter an intense anti-privacy lobbying effort. The bill SB 682, was heldby the Assembly Appropriations Committee, effectively ending its chancesof passage this year. But Sen. Joe Simitian (San Mateo) worked with theAssembly leadership to "gut and amend" another bill and revive theeffort to place limits on government use of Radio FrequencyIdentification (RFID technology) to identify and track Californians. Thelegislation, now designated SB 768, the Identity Information ProtectionAct of 2005, would establish security standards for RFID or other"contactless" identity cards, and criminalize the remote, unauthorizedreading of personal information.

California's SB 768:

EPIC's RFID page:

JetBlue, Sun Country Install Surveillance Cameras on PlanesJetBlue and Sun Country airlines have installed surveillance camerasthat allow pilots to monitor passengers in an effort to avert ahijacking. Nearly a dozen airlines received federal grants to test thesystems for future use. The systems are not mandated by the FederalAviation Administration. Critics caution that guidelines are needed toensure surveillance cameras aboard aircraft do not violate a passenger'sprivacy rights. In recent years, there has been considerable growth inthe use of camera surveillance systems.

EPIC's May Spotlight on Surveillance about Camera Systems:

Observing Surveillance Web site:

[7] EPIC Bookstore: EPIC's "Privacy Law Sourcebook 2004"

Marc Rotenberg, ed., The Privacy Law Sourcebook 2004: United States Law,International Law, and Recent Developments (EPIC, 2005)
The Privacy Law Sourcebook, which has been called the "Physician's DeskReference" of the privacy world, is the leading resource for students,attorneys, researchers, and journalists interested in pursuing privacylaw in the United States and around the world. It includes the fulltexts of major privacy laws and directives such as the Fair CreditReporting Act, the Privacy Act, and the OECD Privacy Guidelines, as wellas an up-to-date section on recent developments. New materials includethe APEC Privacy Framework, the Video Voyeurism Prevention Act, and theCAN-SPAM Act.

EPIC Publications:

"Privacy & Human Rights 2004: An International Survey of Privacy Lawsand Developments" (EPIC 2004). Price: $50. survey, by EPIC and Privacy International, reviews the state ofprivacy in more than sixty countries around the world. The surveyexamines a wide range of privacy issues including data protection,passenger profiling, genetic databases, video surveillance, ID systemsand freedom of information laws.

"FOIA 2004: Litigation Under the Federal Open Government Laws," HarryHammitt, David Sobel and Tiffany Stedman, editors (EPIC 2004). Price:
$40. is the standard reference work covering all aspects of the Freedomof Information Act, the Privacy Act, the Government in the SunshineAct, and the Federal Advisory Committee Act. The 22nd edition fullyupdates the manual that lawyers, journalists and researchers haverelied on for more than 25 years. For those who litigate opengovernment cases (or need to learn how to litigate them), this is anessential reference manual.

"The Public Voice WSIS Sourcebook: Perspectives on the World Summit onthe Information Society" (EPIC 2004). Price: $40. resource promotes a dialogue on the issues, the outcomes, and theprocess of the World Summit on the Information Society (WSIS). Thisreference guide provides the official UN documents, regional andissue-oriented perspectives, and recommendations and proposals forfuture action, as well as a useful list of resources and contacts forindividuals and organizations that wish to become more involved in theWSIS process.

"The Privacy Law Sourcebook 2004: United States Law, International Law,and Recent Developments," Marc Rotenberg, editor (EPIC 2005). Price:
$40. "Physicians Desk Reference of the privacy world." An invaluableresource for students, attorneys, researchers and journalists who needan up-to-date collection of U.S. and international privacy law, as wellas a comprehensive listing of privacy resources.

"Filters and Freedom 2.0: Free Speech Perspectives on Internet ContentControls" (EPIC 2001). Price: $20. collection of essays, studies, and critiques of Internet contentfiltering. These papers are instrumental in explaining why filteringthreatens free expression.

"The Consumer Law Sourcebook 2000: Electronic Commerce and the GlobalEconomy," Sarah Andrews, editor (EPIC 2000). Price: $40. Consumer Law Sourcebook provides a basic set of materials forconsumers, policy makers, practitioners and researchers who areinterested in the emerging field of electronic commerce. The focus ison framework legislation that articulates basic rights for consumersand the basic responsibilities for businesses in the online economy.

"Cryptography and Liberty 2000: An International Survey of EncryptionPolicy," Wayne Madsen and David Banisar, authors (EPIC 2000). Price:

EPIC's third survey of encryption policies around the world. Theresults indicate that the efforts to reduce export controls on strongencryption products have largely succeeded, although severalgovernments are gaining new powers to combat the perceived threats ofencryption to law enforcement.

EPIC publications and other books on privacy, open government, freeexpression, crypto and governance can be ordered at:

EPIC Bookstore "EPIC Bookshelf" at Powell's Books

EPIC also publishes EPIC FOIA Notes, which provides brief summariesof interesting documents obtained from government agencies under theFreedom of Information Act.

Subscribe to EPIC FOIA Notes at:

[8] Upcoming Conferences and Events

NGO Pre-Event to the Data Protection Commissioners Conference 2005:
Strategies for International Privacy Protection - Issues, Actors, andFuture cooperation. September 13, 2005. Montreux, Switzerland. For moreinformation: Comparative IP & Cyberlaw Conference. University ofOttawa. September 30 and October 1, 2005. Ottawa, Ontario. For moreinformation:

Access to Information: Analyzing the State of the Law. RileyInformation Services. September 8, 2005. Ottawa, Ontario. For moreinformation:

5th Annual Future of Music Policy Summit. Future of Music Coalition.
September 11-13, 2005. Washington DC. For more information: On Passenger Facilitation & Immigration: Newest trends inachieving a seamless experience in air travel International AirTransport Association (IATA) and Singapore Aviation Academy (SAA)
October 3-5, 2005 Singapore Aviation Academy. For more information: & Privacy Workshop 2005: Toolkit For Change. Ontario Ministry ofGovernment Service’s Access & Privacy Office. October 6- 7, 2005.
Toronto, Ontario. For more information:

Public Voice Symposium: "Privacy and Data Protection in Latin America -
Analysis and Perspectives." Launch of the first Spanish version of"Privacy and Human Rights." October 20-21, 2005, Auditorio AlbertoLleras Camargo de la Universidad de los Andes, Bogota, Colombia.
Organizers: Electronic Privacy Information Center (EPIC), Grupo deEstudios en Internet, Comercio Electrónico, Telecomunicaciones eInformática (GECTI), Law School of the Universidad de los Andes, Bogota,Colombia, Computer Professional for Social Responsibility-Peru(CPSR-Perú). For more information:

6th Annual Privacy and Security Workshop. Centre for Innovation Law andPolicy (University of Toronto) and the Center for Applied CryptographicResearch (University of Waterloo). November 3-4, 2005. University ofToronto. For more information: World Summit on the Information Society. Government of Tunisia.
November 16-18, 2005. Tunis, Tunisia. For more information: Corporation For Assigned Names and Numbers (ICANN) Meeting.
November 30-December 4, 2005. Vancouver, Canada. For moreinformation:
Subscription Information

Subscribe/unsubscribe via web interface: issues are available at: EPIC Alert displays best in a fixed-width font, such as Courier.

Privacy Policy

The EPIC Alert mailing list is used only to mail the EPIC Alert and tosend notices about EPIC activities. We do not sell, rent or share ourmailing list. We also intend to challenge any subpoena or other legalprocess seeking access to our mailing list. We do not enhance (link toother databases) our mailing list or require your actual name.

In the event you wish to subscribe or unsubscribe your e-mail addressfrom this list, please follow the above instructions under"subscription information."

About EPIC

The Electronic Privacy Information Center is a public interest researchcenter in Washington, DC. It was established in 1994 to focus publicattention on emerging privacy issues such as the Clipper Chip, theDigital Telephony proposal, national ID cards, medical record privacy,and the collection and sale of personal information. EPIC publishes theEPIC Alert, pursues Freedom of Information Act litigation, and conductspolicy research. For more information, see orwrite EPIC, 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009.
+1 202 483 1140 (tel), +1 202 483 1248 (fax).

If you'd like to support the work of the Electronic Privacy InformationCenter, contributions are welcome and fully tax-deductible. Checksshould be made out to "EPIC" and sent to 1718 Connecticut Ave., NW,Suite 200, Washington, DC 20009. Or you can contribute online at: contributions will help support Freedom of Information Act andFirst Amendment litigation, strong and effective advocacy for the rightof privacy and efforts to oppose government regulation of encryptionand expanding wiretapping powers.

Thank you for your support.


WorldLII: Copyright Policy | Disclaimers | Privacy Policy | Feedback