	Home \| Databases \| WorldLII \| Search \| Feedback EPIC Alert

Home | Databases | WorldLII | Search | Feedback

EPIC Alert

You are here: WorldLII >> Databases >> EPIC Alert >> 2005 >> [2005] EPICAlert 27

Special EPIC Alert [2005] EPICAlert 27

EPIC ALERT

Year in Review December 30, 2005

Published by the Electronic Privacy Information Center (EPIC)
Washington, D.C.

http://www.epic.org/alert/EPIC_Alert_yir2005.html

2 0 0 5 P R I V A C Y Y E A R I N R E V I E W

It's been an eventful year in privacy, right up to the end, withrevelations of government surveillance of activists, warrantlesswiretaps by the National Security Agency, and a Congressional staringcontest over the renewal of the Patriot Act. And the months precedingthis one were no less impressive, with data security laws, RFID, andvoter privacy making headlines.

Here are the Top Ten Privacy Stories of 2005 from the ElectronicPrivacy Information Center (EPIC):

* * * * * * * * * * * * * * * * * * * * * * * *

PATRIOT Act Reauthorization Falls ShortThis year ended with one of the biggest Congressional cliffhangers inmemory, with House and Senate leaders agreeing to a last-minutetemporary extension of the Patriot Act. The controversial law was setto expire at the end of the year without Congressional authorization.
The debate leading up to December's last-minute brinksmanship centeredaround the different versions of the Patriot Act reauthorization inthe House and Senate, with the Senate version including more oversightfor the most embattled surveillance provisions. Fierce debate isexpected to carry over into next year.

* * * * * * * * * * * * * * * * * * * * * * * *

Security Breaches on the RiseThis past year, more than 130 security breaches exposed at least 55million Americans to ID theft. Culprits included poor securitypractices, malicious insiders, and in some cases, even sellinginformation directly to identity thieves. The breaches came to lightonly because of state laws that required companies to let consumersknow what had happened. This year, a gaggle of Congressional billscame forward to address the problem. Some might have helped, addingprotections on a federal level. Some would have made the problem farworse, by eliminating state protections and giving companiesincentives to hide their privacy and security failures.

* * * * * * * * * * * * * * * * * * * * * * * *

Defense Department Ignores Privacy LawsUncle Sam not only wants you, he wants your data, too. Earlier thisyear, the Department of Defense proposed a joint marketing andrecruiting database that would track students and target them forrecruitment into the armed forces. Among the information kept onstudents were ethnicity, phone numbers, e-mail addresses, intendedfields of study and extracurricular activities. The record systemeven included parents' attitudes about military recruitment. TheDefense Department eventually revealed that it set up the systembefore notifying the public, a clear violation of the Privacy Act.

* * * * * * * * * * * * * * * * * * * * * * * *

In Federal Court, a Good E-mail Privacy DecisionIn August, a federal appeals court ruled that intercepting e-mailsviolates the Wiretap Act, overturning a 2004 ruling by a three-judgepanel. The earlier decision said that if someone intercepted e-mailswhen they were momentarily stored on a server before they werereceived, the Wiretap Act didn't apply, since the Wiretap Act onlycovers communications "in transit." The full panel disagreed,protecting in-transit e-mails under the Wiretap Act, whether they areon a server or being transmitted from one place to another.

* * * * * * * * * * * * * * * * * * * * * * * *

Privacy for VotersThe privacy of voters gained attention in 2005, as government agenciestried to hammer out a set of guidelines for electronic voting systems.
Ensuring that the systems allow open auditing of the process, whilepreserving the confidentiality of a person's vote, is fundamental toany e-voting system. Voter privacy also won out in a recent Georgiacase, where a law requiring voters to present a state-issued photo IDat the polls was struck down as unconstitutional. The ID law, whichdid nothing to decrease registration fraud, would have discouragedvoter turnout among the poor, the elderly, and minority communities.

* * * * * * * * * * * * * * * * * * * * * * * *

State Department Drops Hi-Tech Passport Plan, But Problems RemainThe State Department planned to require small ID tags in new hi-techpassports, until technical experts realized that the passports wouldpaint a bullseye on US citizens traveling overseas. The StateDepartment withdrew the original plan and added a few securitysafeguards, but technology experts say travelers with the newpassports are still vulnerable. Projects are also underway to embedthe chips in immigration documents, government-issued ID, creditcards, and a variety of consumer products and packaging. Aluminumfoil, anyone?

* * * * * * * * * * * * * * * * * * * * * * * *

NSA Domestic Spying DisclosedSome of the biggest news in the privacy world waited until the veryend of 2005. In December, the New York Times reported that PresidentBush had authorized the National Security Agency to spy on Americansafter September 11, 2001. The secretive agency is generally notauthorized to conduct domestic surveillance, and the ForeignIntelligence Surveillance Act requires judicial review of wiretapsrelated to national security. Now the White House is investigating theNew York Times for running the story.

* * * * * * * * * * * * * * * * * * * * * * * *

Problems Remain with Travel Screening PlansGovernment agencies that profile airline passengers came underincreased scrutiny in 2005. Reports revealed that airlines disclosedpassenger information to the FBI and other government agencies. TheTSA attempted to expand its no-fly and selectee lists, despite thefact that passengers often have no reliable way of finding out how tocorrect errors on their records.

* * * * * * * * * * * * * * * * * * * * * * * *

Credit Freeze Laws on the RiseIdentity theft isn't just a problem of people having their informationstolen; it's a problem of creditors giving out accounts to thieves,without checking to see if they are who they say they are. With thisin mind, states like New York and Maryland moved forward "creditfreeze" laws, which would let consumers stop credit grantors fromopening new accounts without their permission.

* * * * * * * * * * * * * * * * * * * * * * * *

Surveillance of Activists RevealedThe Defense Department is busy keeping America safe from the Quakers,apparently. Recently revealed documents showed that an anti-warmeeting at a Quaker meeting house was considered by the Pentagon to bea "threat." Other "threats" included a protest at the University ofCalifornia in Santa Cruz and a number of other protests of militaryrecruiting. The documents show the increasing role of the military indomestic policing and surveillance.

ISSUES TO WATCH IN 2006

The USA PATRIOT Act is yet again up for renewal, biometrictechnologies are on the rise, and students are being used as theguinea pigs for the next generation of privacy-invading policies.
Issues both new and familiar will be making their way into the privacydebate in 2006.

* * * * * * * * * * * * * * * * * * * * * * * *

Nomination of Samuel Alito2006 begins with the hearings for Supreme Court nominee Samuel Alito.
But which Alito will testify? Will it be the Princeton student whowrote a remarkable report on the need to safeguard privacy in America,or will it be the Justice Department attorney who said that theAttorney General should be immune from lawsuits for unlawfulsurveillance? Members of the Senate Judiciary Committee will be eagerfor answers.

* * * * * * * * * * * * * * * * * * * * * * * *

Future of REAL IDIn 2005 Congress quietly passed a law to turn the state driverslicense into a national ID card without a hearing or a vote. ButREALID opponents are gathering support and the Department of HomelandSecurity may face a real battle when federal officials start saying toUS citizens, "your papers, please."

* * * * * * * * * * * * * * * * * * * * * * * *

"Welcome to the US. Fingerprints, please."

The United States is dramatically expanding the collection offingerprints, particularly for visitors to the United States. TheUS-VISIT program is set to take the fingerprints of every foreignvisitor to the United States. But the inaccuracies of fingerprintidentification, and the ease with which fingerprint scanners can befooled, continue to plague fingerprint ID systems.

* * * * * * * * * * * * * * * * * * * * * * * *

Workplace PrivacyThe computer you use at work belongs to your employer; the time youspend at work belongs to your employer
--
who does your privacy belongto? Increasingly, companies are placing surveillance measures in theworkplace, either to provide security or to monitor productivity. In2006, the high court of Massachusetts will decide whether a publicemployer could secretly install video cameras to watch its employees.
As cameras become more ubiquitous inside and outside the workplace, itwill be come more and more likely that some Little Brother will bewatching you as well.

* * * * * * * * * * * * * * * * * * * * * * * *

Student PrivacySchools are becoming the new frontline in the battle over privacy.
RFID vendors are pressing schools to mandate spychip-equipped studentIDs. Metal detectors, cameras, and more invasive searches are alsobecoming more commonplace. Nor is students' information privacy safefrom invasion. Increasingly, students are encouraged to give up theirpersonal information in school where it is relayed to third partiesfor marketing and recruiting purposes. But students and parents arefighting back. Last year a spychip plan in California failed andparents rallied against the Defense Department recruitment database.
Look for the protest to go online in 2006.

* * * * * * * * * * * * * * * * * * * * * * * *

Location TrackingHighway administrators in the US and UK are looking for new ways tomeasure traffic flow and decrease congestion, as well as collect taxeson the use of roads. This has led to the development of many vehicletracking systems, based either on roadside license plate readers or ontracking the movement of signals sent by drivers' phones. While someprograms delete the personally identifying data from the cell-trackingsystems, implications for "mission creep" are clear, since severalrecent cases show that law enforcement is making more use of mobilephone tracking as an investigative tool.

* * * * * * * * * * * * * * * * * * * * * * * *

New Revelations About Government DataminingIt was not long ago that John Poindexter's Total Information Awarenesswas brought to an end. But datamining in the federal governmentdidn't stop. It went underground. In 2006 there will be new andsurprising revelations about the scope of government datamining andthe amount of personal information on American citizens that is beingcollected by the private sector and handed over to the government.

* * * * * * * * * * * * * * * * * * * * * * * *

Wiretapping the Internet2006 will see a major debate over wiretapping and the Internet. TheFederal Communications Commission wants to apply a 1994 law intendedfor wiretapping the telephone network to new communication services onthe Internet. But privacy groups and communications companies object.
A federal court will have to decide next year whether the governmentcould some day regulate computer software.

* * * * * * * * * * * * * * * * * * * * * * * *

DNA Databases and Genetic Privacy LegislationPolice are stepping up efforts to build DNA profiling databases.
The hope is that these measures will allow investigators to compareDNA found at a crime scene against a database of known individuals.
The danger is that the chance of false positives may be downplayed,and that ordinary citizens would be forced to divulge their DNAprofiles with no evidence of any wrongdoing. In other matters, stateregulators are coming to grips with the risk that people's geneticinformation may be used to discriminate against them, if their genesshow tendencies towards health problems or disabilities. Regulationson genetic privacy could be forthcoming in the states next year, aswell as in the US Congress.

* * * * * * * * * * * * * * * * * * * * * * * *

Data Broker RegulationWith security breaches on the rise and the cost of identity theftpassing the $50b mark, Congress will almost certainly act in 2006 ondata broker legislation. Not only are legislators concerned withrequiring companies to disclose data breaches, many are arguing forincreased oversight of the largely unregulated data broker industry.

The EPIC Alert mailing list is used only to mail the EPIC Alert and tosend notices about EPIC activities. We do not sell, rent or share ourmailing list. We also intend to challenge any subpoena or other legalprocess seeking access to our mailing list. We do not enhance (linkto other databases) our mailing list or require your actual name.

In the event you wish to subscribe or unsubscribe your e-mail addressfrom this list, please follow the above instructions under"subscription information."

About EPIC

The Electronic Privacy Information Center is a public interestresearch center in Washington, DC. It was established in 1994 tofocus public attention on emerging privacy issues such as the ClipperChip, the Digital Telephony proposal, national ID cards, medicalrecord privacy, and the collection and sale of personal information.
EPIC publishes the EPIC Alert, pursues Freedom of Information Actlitigation, and conducts policy research. For more information, visithttp://www.epic.org or write EPIC, 1718 Connecticut Ave., NW, Suite200, Washington, DC 20009. +1 202 483 1140 (tel), +1 202 483 1248(fax).

If you'd like to support the work of the Electronic PrivacyInformation Center, contributions are welcome and fullytax-deductible. Checks should be made out to "EPIC" and sent to 1718Connecticut Ave., NW, Suite 200, Washington, DC 20009. Or you cancontribute online at:

http://www.epic.org/donate

Your contributions will help support Freedom of Information Act andFirst Amendment litigation, strong and effective advocacy for theright of privacy and efforts to oppose government regulation ofencryption and expanding wiretapping powers.

Thank you for your support.

End EPIC 2005 Year in Review

WorldLII: Copyright Policy | Disclaimers | Privacy Policy | Feedback
URL: http://www.worldlii.org/int/journals/EPICAlert/2005/27.html