You are here:
WorldLII >>
Databases >>
EPIC Alert >>
2006 >>
[2006] EPICAlert 12
Database Search
| Name Search
| Recent Articles
| Noteup
| LawCite
| Help
EPIC Alert 13.12 [2006] EPICAlert 12
EPIC ALERT
Volume 13.12 June 16, 2006
Published by the Electronic Privacy Information Center (EPIC)
Washington, D.C.
http://www.epic.org/alert/EPIC_Alert_13.12.html
Table of Contents
[1] Appeals Court Wrongly Extends Wiretap Requirements
[2] EPIC Testifies Before Homeland Security on Video Surveillance
[3] Documents Reveal More Potential PATRIOT Act Abuses
[4] Coalition Urges Strong International Privacy Rules
[5] Federal, State Governments Struggle to Investigate Domestic Spying
[6] News in Brief
[7] EPIC Bookstore: Stanton and Stam: The Visible Employee
[8] Upcoming Conferences and Events
[1] Appeals Court Wrongly Extends Wiretap Requirements
The U.S. Court of Appeals for the D.C. Circuit has decided (pdf) thatthe Federal Communications Commission can require broadband and
VoIPproviders to make their services wiretap-friendly. The decision allowedthe FCC to apply the Communications Assistance for Law
Enforcement Act(CALEA) to Internet-based communications, even though the law explicitlyexempted "information services."
CALEA, passed by Congress in 1994, was created when law enforcementofficials worried that advances in the traditional telephone system,including
wireless technologies, might make wiretapping more difficult.
The solution proposed was to require telephone companies to constructtheir systems to allow easy eavesdropping by law enforcement.
Recognizing that wiretapping internet connections posed distinctproblems, however, the law did not apply to "information services"
likeInternet service providers.
Last year, the FCC declared that, despite this prohibition, CALEA wouldapply to broadband Internet service providers and providers
of voicecommunications over the Internet (known as voice over Internet Protocol,or VoIP). A broad coalition of privacy advocates,
Internet providers,and educational institutions, who would now be required to design theirsystems to meet the government's surveillance
needs.
The D.C. Circuit upheld the FCC's decision based upon a previouslyunused portion of CALEA that authorized the FCC to apply CALEA to
any"wire or electronic communication switching service," so long as thatservice "is a replacement for a substantial portion of the
localtelephone exchange service and. . . it is in the public interest to doso." The court sided with the FCC's argument that, since
aspects ofbroadband Internet and VoIP services replace aspects of traditionaltelephone service, CALEA applies to these new technologies.
Judge Edwards, dissenting from the Circuit court's opinion, said thatthe FCC's interpretation of this provision runs squarely contrary
to theinformation services exception. "If all information services that arecarried out 'via telecommunications' are subject to CALEA,
then the'information services' exception is an empty set," he said. During oralargument, Edwards characterized the FCC's convoluted
interpretation ofthe statute as "gobbledygook."
Senator Patrick Leahy, the primary sponsor of CALEA during its creationand passage, criticized the D.C. Circuit's interpretation of
the law,saying that "Stretching a law written for the telephone system of 1994to cover the Internet of 2006 is simply inconsistent
with congressionalintent."
D.C. Circuit Opinion (pdf):
http://www.epic.org/privacy/wiretap/ace_v_fcc.pdf
Text of CALEA:
http://www.epic.org/privacy/wiretap/calea/calea_law.html
EPIC's Wiretap Page:
http://www.epic.org/privacy/wiretap/
Senator Leahy's Statement:
http://leahy.senate.gov/press/200606/060906.html
[2] EPIC Testifies Before Homeland Security on Video Surveillance
In testimony before the Department of Homeland Security's Data Privacyand Integrity Advisory Committee, EPIC Associate Director Lillie
Coneyhighlighted the threat that video surveillance poses to the rights ofprivacy and anonymity.
The meeting, held in San Francisco, focused on the use of radiofrequency identification devices (RFID) and the adoption of publicclosed-circuit
television (CCTV) surveillance systems. The committeeadvises Homeland Security on policy and technology issues that relate toprivacy.
Coney's testimony emphasized that, even in public, individuals have aright to privacy in their anonymity. An individual in public,
observedby strangers, has an expectation of privacy because she will not berecorded or scrutinized as a matter of course. CCTV systems
remove theprivacy protections that human memory provides.
EPIC said that privacy in public spaces was a vital part of ourdemocratic experience. Video surveillance, in combination with newertechnologies
like facial recognition systems, poses a real threat tolawful First Amendment protected activity. Documents obtained by EPICdemonstrate
that CCTV systems have been used in Washington, D.C. torecord peaceful public demonstrations and identify individualparticipants
within the captured images.
Not only does video surveillance affect fundamental privacy rights, itsability to deter and combat crime is often overstated. Research
on theeffectiveness of the technology for these purposes has not demonstrateda causal relationship between the technology and the
goals stated forits deployment.
EPIC recommended the development of model guidance to local, state, andfederal governments to discern the need for the technology
and guide itsuse. The lack of information on the cost benefit analysis and privacyimpacts assessments of CCTV technology should make
these the first stepsin the decision making process.
Coney's Testimony (pdf):
http://www.epic.org/privacy/surveillance/coneytest060706.pdf
EPIC's Video Surveillance Page:
http://www.epic.org/privacy/surveillance/
[3] Documents Reveal More Potential PATRIOT Act Abuses
FBI documents recently obtained by EPIC under the Freedom of InformationAct reveal forty-two cases of alleged FBI intelligence misconduct
deemedserious enough to refer to the Intelligence Oversight Board. Theseforty-two known cases occurred in 2000-2005.
One report indicated violations of the Foreign Intelligence SurveillanceAct, when information obtained under the Act was improperly
disclosed ina grand jury subpoena. Another report disclosed that an electroniccommunication was inadvertently intercepted because
of an error made byan Internet service provider. In another incident, call detailinformation was recorded inadvertently after a
surveillance targetchanged phone numbers. Yet another report cited wiretaps on the wrongcell phones. Records also indicated that
some surveillance operationscontinued past the authorized period.
Each of these reports was referred to the Intelligence Oversight Boardby the FBI's Office of General Counsel because of an executive
orderthat requires intelligence agencies to report "intelligence activitiesthat they have reason to believe may be unlawful or contrary
toExecutive Order or Presidential Directive." The IOB must then reportthese activities to the President and Attorney General, though
Congressis not notified of the allegations, or how the matters are resolved.
The recently disclosed documents were the latest in a series obtainedfrom the FBI by EPIC following a Freedom of Information Act request forrecords concerning the FBI's use of PATRIOT Act powers that wereoriginally set to sunset in 2005. Based on these documents,
EPIC hasrequested the Senate Judiciary Committee to consider legislation thatwould require the Attorney General to report cases of
allegedintelligence misconduct to the House and Senate Judiciary Committees, aswell as the Justice Department's response to such
incidents. The letterstated that the ever-increasing number of wretaps, and the expndingscope of domestic surveillance requires additional
oversight.
EPIC v. Dept. of Justice page:
http://www.epic.org/privacy/terrorism/usapatriot/foia/
EPIC's FOIA Request:
http://www.epic.org/redirect/fbi_foia_request.html
EPIC's letter to the Senate Judiciary Committee (pdf):
http://www.epic.org/privacy/surveillance/sen_iob_letter.pdf
[4] Coalition Urges Strong International Privacy Rules
A coalition of privacy groups urged the U.S. Department of Commerce tostrengthen privacy rules to protect personal data being transferredbetween
and out of the Asia Pacific Economic Cooperation Group (APEC).
The Department of Commerce sought comments on how to implement the APECPrivacy Framework in creating cross-border privacy rules, which
wouldgovern how information is transferred between APEC member countries.
The APEC Privacy Framework sets out a series of general privacyprinciples that member economies should follow in handling individuals'
personal information. Specific data privacy rules between membereconomies would have to abide by these principles.
The privacy groups emphasized the need for binding laws to protectprivacy, given the often-weak enforcement of self-regulatory industryschemes.
The groups also stated that existing privacy laws in the membercountries should be built upon, and that individuals within a countrywith
strong privacy laws should not lose those protections simplybecause their data is transferred to a country with weaker laws. Thecoalition
also said that businesses within APEC countries should nottransfer data to countries with unacceptably weak data protection laws,or
at least should face stricter penalties if data transferred to theseother countries is compromised.
The groups also advocated creating a monitoring committee that wouldoversee APEC members' compliance with the privacy framework and
theindividual cross-border rules, issuing warnings to businesses and otherorganizations that violate those rules, and recommending
enforcementactions against violators to the appropriate government officials.
The privacy groups jointly commenting on the plan included ConsumerFederation of America, EPIC, the National Consumers League, PrivacyRights
Clearinghouse, Privacy Times, U.S. Public Interest ResearchGroup, and the World Privacy Forum.
Coalition Comments on APEC Cross-Border Privacy Rules (pdf):
http://www.epic.org/privacy/intl/apec_cmts.pdf
Comment Notice:
http://www.epic.org/redirect/apec_notice.html
APEC Privacy Framework (pdf):
http://www.epic.org/redirect/apec_framework.html
Organization for Economic Cooperation and Development Privacy Guidelines:
http://www.epic.org/redirect/oecd_guidelines.html
EPIC's Privacy Law Sourcebook 2004 (containing the text of the APECPrivacy Framework)
http://www.epic.org/bookstore/pls/2004/
[5] Federal, State Governments Struggle to Investigate Domestic Spying
On June 6, the Senate Judiciary Committee decided not to subpoenatelephone company executives in its investigation of the NationalSecurity
Agency's domestic surveillance program. Committee ChairmanArlen Specter backed away from earlier calls to bring the companies into
testify in exchange for support of a bill that Specter has proposedto allow a review of the program by the special court created
by theForeign Intelligence Surveillance Act (FISA).
Following this exchange, however, Specter took the unusual step ofwriting an open letter to Vice President Cheney, rebuking the VicePresident
for privately encouraging other senators to oppose hearingswith the telephone companies. In the letter, Specter stated that"[t]here
is no doubt that the NSA program violates the ForeignIntelligence Surveillance Act..." Specter also indicated that he mayproceed
with subpoenas if he cannot reach an agreement with the WhiteHouse on the issue.
The surveillance program, first reported on by USA Today in May,apparently relied upon telephone companies to secretly hand overmillions
of customers' detailed call records to the NSA, in an effort toanalyze the data for supposed terrorist calling patterns. According
tothe USA Today report, no warrants were issued or requested by thegovernment in collecting any of this information.
The Senate is not the only government body to call for an investigationinto the program. Federal Communications Commissioner Michael
Copps hasalso publicly called for investigations of the phone companies allegedlyinvolved, noting that their actions would have violated
provisions ofthe Communications Act that require them to keep customer recordsconfidential. EPIC has joined the call for FCC investigation,
thoughFCC Chairman Kevin Martin has so far declined, citing the likelihoodthat the program's classified nature would preclude an
investigation.
The executive branch has also taken drastic steps to oppose the effortsof state governments to investigate the potential violations,
suing thestate of New Jersey to prevent the state attorney general frominvestigating phone companies allegedly involved in the program.
Companies required by the state to respond to the subpoenas were alsowarned by federal authorities that responding to the subpoenas
would bea violation of federal law.
Letter of Senator Specter to Vice President Cheney (pdf):
http://www.epic.org/privacy/surveillance/specter-ltr_6-06.pdf
Statement of FCC Commissioner Michael Copps (pdf):
http://hraunfoss.fcc.gov/edocs_public/attachmatch/DOC-265373A1.pdf
EPIC's letter to FCC Chairman Martin (pdf):
http://www.epic.org/privacy/wiretap/epic-fcc-nsa.pdf
EPIC Resources on Domestic Surveillance http://www.epic.org/features/surveillance.html
[6] News in Brief
Veterans Affairs Data Theft Widens, Includes Active PersonnelThe personal information of about 1.1 million active-duty militarypersonnel,
430,000 members of the National Guard and 645,000 members ofthe Reserves, was stolen in the recent theft of computer data from theDepartment
of Veterans Affairs, the agency announced last week. Theagency previously said that all 26.5 million people affected by the datatheft
were veterans and their spouses. The data include Social Securitynumbers and disability ratings. The FBI has set up a 24-hour tip
line at1-800-CALL-FBI for information on the burglary. Congress continues tohold hearings on the theft of sensitive personal information
on veteransand active duty military personnel.
Latest Information on the Theft from Veterans Affairs:
http://firstgov.gov/veteransinfo.shtml
ID Theft Prevention Tips for Veterans from Privacy Rights Clearinghouse:
http://www.privacyrights.org/ar/VABreach.htmEPIC Files Reply Comments on Phone Record SecurityEPIC has filed reply comments on the Federal Communications Commission'sproposal
to require phone companies to increase security for consumers'
phone records. In its comments, EPIC urges the FCC to adopt rules thatprevent poor security practices, such as using easily obtainedbiographical
information as passwords for users to access accountinformation. EPIC also responded to comments from telephone companiesclaiming
that audit trails were too expensive, noting that manytelephone companies already use audit trails in fraud prevention.
Finally, EPIC objected to a "safe harbor" proposal that would allowcompanies to avoid responsibility for consumer privacy.
EPIC Reply Comments (pdf):
http://www.epic.org/privacy/iei/rm_reply_cmts.pdf
EPIC's Illegal Sale of Phone Records Page:
http://www.epic.org/privacy/ieiOne-Third of US and UK Firms Read Employees' E-mailMore than one-third (38%) of large companies in the US and UK read theiremployees'
e-mail, and another 24% of US firms and 33% of UK firms planto implement such surveillance, according to a new study from a companythat
offers corporate e-mail protection. However, about 20% of US andUK firms surveyed do not have a written policy about e-mail use
andmonitoring. Proofpoint Inc. and Forrester Research surveyed 406 US andUK companies with more than 1,000 employees.
Proofpoint and Forrester Research Survey (pdf):
http://www.epic.org/privacy/workplace/proof_email2006.pdf
EPIC's Workplace Privacy page:
http://www.epic.org/privacy/workplace/Philadelphia Cab Drivers Protest GPS TrackingDozens of cab drivers protested in front of Philadelphia's City Hallafter the Philadelphia
Parking Authority's plan to mandate that all ofthe city's taxi drivers install Global Positioning Satellite (GPS)
systems in their cabs. Drivers went on strike to reject the systems,which are high-tech devices that would allow the Parking Authority
totrack all city cabs and passengers. After installation, the cab ownerswould have to pay an $18 per month maintenance fee for the
systems.
Privacy and Human Rights 2004 on satellite surveillance:
http://www.epic.org/redirect/phr2004_sat.htmlPassenger Data Transfer on G-8 AgendaThe controversial plan that allowed European airlines to transferpassenger data to the U.S. government
will be raised at this week's G-8summit. The agreement, struck down on narrow procedural grounds by theEuropean Court of Justice
recently, is likely to be renegotiated in adifferent format in accordance with the court's ruling. The newframework for the program,
however, is likely to expand, not limit, thedata airlines must provide the U.S., according to Homeland SecuritySecretary Michael
Chertoff.
Ruling by the European Court of Justice:
http://www.epic.org/redirect/ec_court_passenger.html
[7] EPIC Bookstore: Stanton and Stam: The Visible Employee
Jeffrey M. Stanton and Kathryn R. Stam. The Visible Employee: UsingWorkplace Monitoring and Surveillance to Protect InformationAssets
--
Without Compromising Employee Privacy or Trust. InformationToday, 2006.
http://www.powells.com/partner/24075/biblio/0910965749
"For business owners, managers, and IT staff interested in learning howto effectively and ethically monitor and influence workplace
behavior,this guide is a roadmap to ensuring security without risking employeeprivacy or trust. The misuse of information systems
by wiredworkers—either through error or by intent—is discussed in detail, as arepossible results such as leaked or corrupted
data, crippled networks,lost productivity, legal problems, or public embarrassment. Thisanalysis of an extensive four-year research
project conducted by theauthors covers not only a range of security solutions for at-riskorganizations but also the perceptions and
attitudes of employees towardworkplace surveillance."
EPIC Publications:
"Information Privacy Law: Cases and Materials, Second Edition" Daniel J.
Solove, Marc Rotenberg, and Paul Schwartz. (Aspen 2005). Price: $98.
http://www.epic.org/redirect/aspen_ipl_casebook.html
This clear, comprehensive introduction to the field of informationprivacy law allows instructors to enliven their teaching of fundamentalconcepts
by addressing both enduring and emerging controversies. TheSecond Edition addresses numerous rapidly developing areas of privacylaw,
including: identity theft, government data mining,and electronicsurveillance law, the Foreign Intelligence Surveillance Act,intelligence
sharing, RFID tags, GPS, sypware, web bugs, and more.
Information Privacy Law, Second Edition, builds a cohesive foundationfor an exciting course in this rapidly evolving area of law.
"Privacy & Human Rights 2004: An International Survey of Privacy Lawsand Developments" (EPIC 2004). Price: $50.
http://www.epic.org/bookstore/phr2004
This annual report by EPIC and Privacy International provides anoverview of key privacy topics and reviews the state of privacy in
over60 countries around the world. The report outlines legal protections,new challenges, and important issues and events relating
to privacy.
Privacy & Human Rights 2004 is the most comprehensive report on privacyand data protection ever published.
"FOIA 2004: Litigation Under the Federal Open Government Laws," HarryHammitt, David Sobel and Tiffany Stedman, editors (EPIC 2004).
Price:
$40.
http://www.epic.org/bookstore/foia2004
This is the standard reference work covering all aspects of the Freedomof Information Act, the Privacy Act, the Government in the Sunshine Act,and the Federal Advisory Committee Act. The 22nd edition fully updatesthe manual
that lawyers, journalists and researchers have relied on formore than 25 years. For those who litigate open government cases (orneed
to learn how to litigate them), this is an essential referencemanual.
"The Public Voice WSIS Sourcebook: Perspectives on the World Summit onthe Information Society" (EPIC 2004). Price: $40.
http://www.epic.org/bookstore/pvsourcebook
This resource promotes a dialogue on the issues, the outcomes, and theprocess of the World Summit on the Information Society (WSIS).
Thisreference guide provides the official UN documents, regional andissue-oriented perspectives, and recommendations and proposals
forfuture action, as well as a useful list of resources and contacts forindividuals and organizations that wish to become more involved
in theWSIS process.
"The Privacy Law Sourcebook 2004: United States Law, International Law,and Recent Developments," Marc Rotenberg, editor (EPIC 2005).
Price:
$40.
http://www.epic.org/bookstore/pls2004/
The Privacy Law Sourcebook, which has been called the "Physician's DeskReference" of the privacy world, is the leading resource for
students,attorneys, researchers, and journalists interested in pursuing privacylaw in the United States and around the world. It
includes the fulltexts of major privacy laws and directives such as the Fair CreditReporting Act, the Privacy Act, and the OECD Privacy
Guidelines, as wellas an up-to-date section on recent developments. New materials includethe APEC Privacy Framework, the Video Voyeurism
Prevention Act, and theCAN-SPAM Act.
"Filters and Freedom 2.0: Free Speech Perspectives on Internet ContentControls" (EPIC 2001). Price: $20.
http://www.epic.org/bookstore/filters2.0
A collection of essays, studies, and critiques of Internet contentfiltering. These papers are instrumental in explaining why filteringthreatens
free expression.
EPIC publications and other books on privacy, open government, freeexpression, crypto and governance can be ordered at:
EPIC Bookstore http://www.epic.org/bookstore
"EPIC Bookshelf" at Powell's Bookshttp://www.powells.com/features/epic/epic.html
EPIC also publishes EPIC FOIA Notes, which provides brief summaries ofinteresting documents obtained from government agencies under
theFreedom of Information Act.
Subscribe to EPIC FOIA Notes at:
https://mailman.epic.org/cgi-bin/control/foia_notes
[8] Upcoming Conferences and Events
7th Annual Institute on Privacy Law: Evolving Laws and Practices in aSecurity-Driven World. Practising Law Institute. June 19-20,
New York,New York. July 17-18, Chicago, Illinois. Live webcast available. Formore information:
www.pli.edu
identitymashup: Who Controls and Protects the Digital Me? Berkman Centerfor Internet & Society, Harvard Law School. June 19-21,
2006. Cambridge,Massachusetts. For more information:
http://www.identitymash-up.org/
Call for papers for Identity and Identification in a Networked World.
Submissions due by July 5. New York University. Symposium on September29-30, 2006. New York, New York. For more information:
http://www.easst.net/node/976
Infosecurity New York. Reed Exhibitions. September 12-14, 2006. NewYork, New York. For more information:
http://www.infosecurityevent.com
34th Research Conference on Communication, Information, and InternetPolicy. Telecommunications Policy Research Conference. September29-October
1, 2006. Arlington, Virginia. For more information:
http://www.tprc.org/TPRC06/2006.htm
6th Annual Future of Music Policy Summit. Future of Music Coalition.
October 5-7, 2006. Montreal, Canada. For more information:
http://www.futureofmusic.org/events/summit06/
The IAPP Privacy Academy 2006. International Association of PrivacyProfessionals. October 18-20, 2006. Toronto, Ontario, Canada. For
moreinformation:
www.privacyassociation.org
International Conference on Privacy, Security, and Trust (PST 2006).
University of Ontario Institute of Technology. October 20-November 1,
2006. Markham, Ontario, Canada. For more information:
http://www.businessandit.uoit.ca/pst2006/
BSR 2006 Annual Conference. Business for Social Responsibility. November7-10, 2006. New York, New York. For more information:
http://www.bsr.org/BSRConferences/index.cfm
CFP2007: Computers, Freedom, and Privacy Conference. Association forComputing Machinery. May 2007. Montreal, Canada. For more information:
http://www.cfp2007.org
Subscription Information
Subscribe/unsubscribe via web interface:
https://mailman.epic.org/cgi-bin/mailman/listinfo/epic_news
Back issues are available at:
http://www.epic.org/alert
The EPIC Alert displays best in a fixed-width font, such as Courier.
Privacy Policy
The EPIC Alert mailing list is used only to mail the EPIC Alert and tosend notices about EPIC activities. We do not sell, rent or
share ourmailing list. We also intend to challenge any subpoena or other legalprocess seeking access to our mailing list. We do
not enhance (link toother databases) our mailing list or require your actual name.
In the event you wish to subscribe or unsubscribe your e-mail addressfrom this list, please follow the above instructions under "subscriptioninformation."
About EPIC
The Electronic Privacy Information Center is a public interest researchcenter in Washington, DC. It was established in 1994 to focus
publicattention on emerging privacy issues such as the Clipper Chip, theDigital Telephony proposal, national ID cards, medical record
privacy,and the collection and sale of personal information. EPIC publishes theEPIC Alert, pursues Freedom of Information Act litigation, and conductspolicy research. For more information, see http://www.epic.org or writeEPIC, 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009. +1 202483 1140 (tel), +1 202 483 1248 (fax).
If you'd like to support the work of the Electronic Privacy InformationCenter, contributions are welcome and fully tax-deductible.
Checksshould be made out to "EPIC" and sent to 1718 Connecticut Ave., NW,Suite 200, Washington, DC 20009. Or you can contribute
online at:
http://www.epic.org/donate
Your contributions will help support Freedom of Information Act andFirst Amendment litigation, strong and effective advocacy for the rightof privacy and efforts to oppose government regulation
of encryption andexpanding wiretapping powers.
Thank you for your support.
.
WorldLII:
Copyright Policy
|
Disclaimers
|
Privacy Policy
|
Feedback
URL: http://www.worldlii.org/int/journals/EPICAlert/2006/12.html
