WorldLII Home | Databases | WorldLII | Search | Feedback

EPIC Alert

You are here:  WorldLII >> Databases >> EPIC Alert >> 2006 >> [2006] EPICAlert 12

Database Search | Name Search | Recent Articles | Noteup | LawCite | Help

EPIC Alert 13.12 [2006] EPICAlert 12


Volume 13.12 June 16, 2006

Published by the Electronic Privacy Information Center (EPIC)
Washington, D.C.

Table of Contents

[1] Appeals Court Wrongly Extends Wiretap Requirements
[2] EPIC Testifies Before Homeland Security on Video Surveillance
[3] Documents Reveal More Potential PATRIOT Act Abuses
[4] Coalition Urges Strong International Privacy Rules
[5] Federal, State Governments Struggle to Investigate Domestic Spying
[6] News in Brief
[7] EPIC Bookstore: Stanton and Stam: The Visible Employee
[8] Upcoming Conferences and Events

[1] Appeals Court Wrongly Extends Wiretap Requirements

The U.S. Court of Appeals for the D.C. Circuit has decided (pdf) thatthe Federal Communications Commission can require broadband and VoIPproviders to make their services wiretap-friendly. The decision allowedthe FCC to apply the Communications Assistance for Law Enforcement Act(CALEA) to Internet-based communications, even though the law explicitlyexempted "information services."

CALEA, passed by Congress in 1994, was created when law enforcementofficials worried that advances in the traditional telephone system,including wireless technologies, might make wiretapping more difficult.
The solution proposed was to require telephone companies to constructtheir systems to allow easy eavesdropping by law enforcement.
Recognizing that wiretapping internet connections posed distinctproblems, however, the law did not apply to "information services" likeInternet service providers.

Last year, the FCC declared that, despite this prohibition, CALEA wouldapply to broadband Internet service providers and providers of voicecommunications over the Internet (known as voice over Internet Protocol,or VoIP). A broad coalition of privacy advocates, Internet providers,and educational institutions, who would now be required to design theirsystems to meet the government's surveillance needs.

The D.C. Circuit upheld the FCC's decision based upon a previouslyunused portion of CALEA that authorized the FCC to apply CALEA to any"wire or electronic communication switching service," so long as thatservice "is a replacement for a substantial portion of the localtelephone exchange service and. . . it is in the public interest to doso." The court sided with the FCC's argument that, since aspects ofbroadband Internet and VoIP services replace aspects of traditionaltelephone service, CALEA applies to these new technologies.

Judge Edwards, dissenting from the Circuit court's opinion, said thatthe FCC's interpretation of this provision runs squarely contrary to theinformation services exception. "If all information services that arecarried out 'via telecommunications' are subject to CALEA, then the'information services' exception is an empty set," he said. During oralargument, Edwards characterized the FCC's convoluted interpretation ofthe statute as "gobbledygook."

Senator Patrick Leahy, the primary sponsor of CALEA during its creationand passage, criticized the D.C. Circuit's interpretation of the law,saying that "Stretching a law written for the telephone system of 1994to cover the Internet of 2006 is simply inconsistent with congressionalintent."

D.C. Circuit Opinion (pdf):

Text of CALEA:

EPIC's Wiretap Page:

Senator Leahy's Statement:

[2] EPIC Testifies Before Homeland Security on Video Surveillance

In testimony before the Department of Homeland Security's Data Privacyand Integrity Advisory Committee, EPIC Associate Director Lillie Coneyhighlighted the threat that video surveillance poses to the rights ofprivacy and anonymity.

The meeting, held in San Francisco, focused on the use of radiofrequency identification devices (RFID) and the adoption of publicclosed-circuit television (CCTV) surveillance systems. The committeeadvises Homeland Security on policy and technology issues that relate toprivacy.

Coney's testimony emphasized that, even in public, individuals have aright to privacy in their anonymity. An individual in public, observedby strangers, has an expectation of privacy because she will not berecorded or scrutinized as a matter of course. CCTV systems remove theprivacy protections that human memory provides.

EPIC said that privacy in public spaces was a vital part of ourdemocratic experience. Video surveillance, in combination with newertechnologies like facial recognition systems, poses a real threat tolawful First Amendment protected activity. Documents obtained by EPICdemonstrate that CCTV systems have been used in Washington, D.C. torecord peaceful public demonstrations and identify individualparticipants within the captured images.

Not only does video surveillance affect fundamental privacy rights, itsability to deter and combat crime is often overstated. Research on theeffectiveness of the technology for these purposes has not demonstrateda causal relationship between the technology and the goals stated forits deployment.

EPIC recommended the development of model guidance to local, state, andfederal governments to discern the need for the technology and guide itsuse. The lack of information on the cost benefit analysis and privacyimpacts assessments of CCTV technology should make these the first stepsin the decision making process.

Coney's Testimony (pdf):

EPIC's Video Surveillance Page:

[3] Documents Reveal More Potential PATRIOT Act Abuses

FBI documents recently obtained by EPIC under the Freedom of InformationAct reveal forty-two cases of alleged FBI intelligence misconduct deemedserious enough to refer to the Intelligence Oversight Board. Theseforty-two known cases occurred in 2000-2005.

One report indicated violations of the Foreign Intelligence SurveillanceAct, when information obtained under the Act was improperly disclosed ina grand jury subpoena. Another report disclosed that an electroniccommunication was inadvertently intercepted because of an error made byan Internet service provider. In another incident, call detailinformation was recorded inadvertently after a surveillance targetchanged phone numbers. Yet another report cited wiretaps on the wrongcell phones. Records also indicated that some surveillance operationscontinued past the authorized period.

Each of these reports was referred to the Intelligence Oversight Boardby the FBI's Office of General Counsel because of an executive orderthat requires intelligence agencies to report "intelligence activitiesthat they have reason to believe may be unlawful or contrary toExecutive Order or Presidential Directive." The IOB must then reportthese activities to the President and Attorney General, though Congressis not notified of the allegations, or how the matters are resolved.

The recently disclosed documents were the latest in a series obtainedfrom the FBI by EPIC following a Freedom of Information Act request forrecords concerning the FBI's use of PATRIOT Act powers that wereoriginally set to sunset in 2005. Based on these documents, EPIC hasrequested the Senate Judiciary Committee to consider legislation thatwould require the Attorney General to report cases of allegedintelligence misconduct to the House and Senate Judiciary Committees, aswell as the Justice Department's response to such incidents. The letterstated that the ever-increasing number of wretaps, and the expndingscope of domestic surveillance requires additional oversight.

EPIC v. Dept. of Justice page:

EPIC's FOIA Request:

EPIC's letter to the Senate Judiciary Committee (pdf):

[4] Coalition Urges Strong International Privacy Rules

A coalition of privacy groups urged the U.S. Department of Commerce tostrengthen privacy rules to protect personal data being transferredbetween and out of the Asia Pacific Economic Cooperation Group (APEC).
The Department of Commerce sought comments on how to implement the APECPrivacy Framework in creating cross-border privacy rules, which wouldgovern how information is transferred between APEC member countries.

The APEC Privacy Framework sets out a series of general privacyprinciples that member economies should follow in handling individuals'
personal information. Specific data privacy rules between membereconomies would have to abide by these principles.

The privacy groups emphasized the need for binding laws to protectprivacy, given the often-weak enforcement of self-regulatory industryschemes. The groups also stated that existing privacy laws in the membercountries should be built upon, and that individuals within a countrywith strong privacy laws should not lose those protections simplybecause their data is transferred to a country with weaker laws. Thecoalition also said that businesses within APEC countries should nottransfer data to countries with unacceptably weak data protection laws,or at least should face stricter penalties if data transferred to theseother countries is compromised.

The groups also advocated creating a monitoring committee that wouldoversee APEC members' compliance with the privacy framework and theindividual cross-border rules, issuing warnings to businesses and otherorganizations that violate those rules, and recommending enforcementactions against violators to the appropriate government officials.

The privacy groups jointly commenting on the plan included ConsumerFederation of America, EPIC, the National Consumers League, PrivacyRights Clearinghouse, Privacy Times, U.S. Public Interest ResearchGroup, and the World Privacy Forum.

Coalition Comments on APEC Cross-Border Privacy Rules (pdf):

Comment Notice:

APEC Privacy Framework (pdf):

Organization for Economic Cooperation and Development Privacy Guidelines:

EPIC's Privacy Law Sourcebook 2004 (containing the text of the APECPrivacy Framework)

[5] Federal, State Governments Struggle to Investigate Domestic Spying

On June 6, the Senate Judiciary Committee decided not to subpoenatelephone company executives in its investigation of the NationalSecurity Agency's domestic surveillance program. Committee ChairmanArlen Specter backed away from earlier calls to bring the companies into testify in exchange for support of a bill that Specter has proposedto allow a review of the program by the special court created by theForeign Intelligence Surveillance Act (FISA).

Following this exchange, however, Specter took the unusual step ofwriting an open letter to Vice President Cheney, rebuking the VicePresident for privately encouraging other senators to oppose hearingswith the telephone companies. In the letter, Specter stated that"[t]here is no doubt that the NSA program violates the ForeignIntelligence Surveillance Act..." Specter also indicated that he mayproceed with subpoenas if he cannot reach an agreement with the WhiteHouse on the issue.

The surveillance program, first reported on by USA Today in May,apparently relied upon telephone companies to secretly hand overmillions of customers' detailed call records to the NSA, in an effort toanalyze the data for supposed terrorist calling patterns. According tothe USA Today report, no warrants were issued or requested by thegovernment in collecting any of this information.

The Senate is not the only government body to call for an investigationinto the program. Federal Communications Commissioner Michael Copps hasalso publicly called for investigations of the phone companies allegedlyinvolved, noting that their actions would have violated provisions ofthe Communications Act that require them to keep customer recordsconfidential. EPIC has joined the call for FCC investigation, thoughFCC Chairman Kevin Martin has so far declined, citing the likelihoodthat the program's classified nature would preclude an investigation.

The executive branch has also taken drastic steps to oppose the effortsof state governments to investigate the potential violations, suing thestate of New Jersey to prevent the state attorney general frominvestigating phone companies allegedly involved in the program.
Companies required by the state to respond to the subpoenas were alsowarned by federal authorities that responding to the subpoenas would bea violation of federal law.

Letter of Senator Specter to Vice President Cheney (pdf):

Statement of FCC Commissioner Michael Copps (pdf):

EPIC's letter to FCC Chairman Martin (pdf):

EPIC Resources on Domestic Surveillance

[6] News in Brief

Veterans Affairs Data Theft Widens, Includes Active PersonnelThe personal information of about 1.1 million active-duty militarypersonnel, 430,000 members of the National Guard and 645,000 members ofthe Reserves, was stolen in the recent theft of computer data from theDepartment of Veterans Affairs, the agency announced last week. Theagency previously said that all 26.5 million people affected by the datatheft were veterans and their spouses. The data include Social Securitynumbers and disability ratings. The FBI has set up a 24-hour tip line at1-800-CALL-FBI for information on the burglary. Congress continues tohold hearings on the theft of sensitive personal information on veteransand active duty military personnel.

Latest Information on the Theft from Veterans Affairs:

ID Theft Prevention Tips for Veterans from Privacy Rights Clearinghouse: Files Reply Comments on Phone Record SecurityEPIC has filed reply comments on the Federal Communications Commission'sproposal to require phone companies to increase security for consumers'
phone records. In its comments, EPIC urges the FCC to adopt rules thatprevent poor security practices, such as using easily obtainedbiographical information as passwords for users to access accountinformation. EPIC also responded to comments from telephone companiesclaiming that audit trails were too expensive, noting that manytelephone companies already use audit trails in fraud prevention.
Finally, EPIC objected to a "safe harbor" proposal that would allowcompanies to avoid responsibility for consumer privacy.

EPIC Reply Comments (pdf):

EPIC's Illegal Sale of Phone Records Page: of US and UK Firms Read Employees' E-mailMore than one-third (38%) of large companies in the US and UK read theiremployees' e-mail, and another 24% of US firms and 33% of UK firms planto implement such surveillance, according to a new study from a companythat offers corporate e-mail protection. However, about 20% of US andUK firms surveyed do not have a written policy about e-mail use andmonitoring. Proofpoint Inc. and Forrester Research surveyed 406 US andUK companies with more than 1,000 employees.

Proofpoint and Forrester Research Survey (pdf):

EPIC's Workplace Privacy page: Cab Drivers Protest GPS TrackingDozens of cab drivers protested in front of Philadelphia's City Hallafter the Philadelphia Parking Authority's plan to mandate that all ofthe city's taxi drivers install Global Positioning Satellite (GPS)
systems in their cabs. Drivers went on strike to reject the systems,which are high-tech devices that would allow the Parking Authority totrack all city cabs and passengers. After installation, the cab ownerswould have to pay an $18 per month maintenance fee for the systems.

Privacy and Human Rights 2004 on satellite surveillance: Data Transfer on G-8 AgendaThe controversial plan that allowed European airlines to transferpassenger data to the U.S. government will be raised at this week's G-8summit. The agreement, struck down on narrow procedural grounds by theEuropean Court of Justice recently, is likely to be renegotiated in adifferent format in accordance with the court's ruling. The newframework for the program, however, is likely to expand, not limit, thedata airlines must provide the U.S., according to Homeland SecuritySecretary Michael Chertoff.

Ruling by the European Court of Justice:

[7] EPIC Bookstore: Stanton and Stam: The Visible Employee

Jeffrey M. Stanton and Kathryn R. Stam. The Visible Employee: UsingWorkplace Monitoring and Surveillance to Protect InformationAssets
Without Compromising Employee Privacy or Trust. InformationToday, 2006.

"For business owners, managers, and IT staff interested in learning howto effectively and ethically monitor and influence workplace behavior,this guide is a roadmap to ensuring security without risking employeeprivacy or trust. The misuse of information systems by wiredworkers—either through error or by intent—is discussed in detail, as arepossible results such as leaked or corrupted data, crippled networks,lost productivity, legal problems, or public embarrassment. Thisanalysis of an extensive four-year research project conducted by theauthors covers not only a range of security solutions for at-riskorganizations but also the perceptions and attitudes of employees towardworkplace surveillance."

EPIC Publications:

"Information Privacy Law: Cases and Materials, Second Edition" Daniel J.
Solove, Marc Rotenberg, and Paul Schwartz. (Aspen 2005). Price: $98.

This clear, comprehensive introduction to the field of informationprivacy law allows instructors to enliven their teaching of fundamentalconcepts by addressing both enduring and emerging controversies. TheSecond Edition addresses numerous rapidly developing areas of privacylaw, including: identity theft, government data mining,and electronicsurveillance law, the Foreign Intelligence Surveillance Act,intelligence sharing, RFID tags, GPS, sypware, web bugs, and more.
Information Privacy Law, Second Edition, builds a cohesive foundationfor an exciting course in this rapidly evolving area of law.

"Privacy & Human Rights 2004: An International Survey of Privacy Lawsand Developments" (EPIC 2004). Price: $50.

This annual report by EPIC and Privacy International provides anoverview of key privacy topics and reviews the state of privacy in over60 countries around the world. The report outlines legal protections,new challenges, and important issues and events relating to privacy.
Privacy & Human Rights 2004 is the most comprehensive report on privacyand data protection ever published.

"FOIA 2004: Litigation Under the Federal Open Government Laws," HarryHammitt, David Sobel and Tiffany Stedman, editors (EPIC 2004). Price:

This is the standard reference work covering all aspects of the Freedomof Information Act, the Privacy Act, the Government in the Sunshine Act,and the Federal Advisory Committee Act. The 22nd edition fully updatesthe manual that lawyers, journalists and researchers have relied on formore than 25 years. For those who litigate open government cases (orneed to learn how to litigate them), this is an essential referencemanual.

"The Public Voice WSIS Sourcebook: Perspectives on the World Summit onthe Information Society" (EPIC 2004). Price: $40.

This resource promotes a dialogue on the issues, the outcomes, and theprocess of the World Summit on the Information Society (WSIS). Thisreference guide provides the official UN documents, regional andissue-oriented perspectives, and recommendations and proposals forfuture action, as well as a useful list of resources and contacts forindividuals and organizations that wish to become more involved in theWSIS process.

"The Privacy Law Sourcebook 2004: United States Law, International Law,and Recent Developments," Marc Rotenberg, editor (EPIC 2005). Price:

The Privacy Law Sourcebook, which has been called the "Physician's DeskReference" of the privacy world, is the leading resource for students,attorneys, researchers, and journalists interested in pursuing privacylaw in the United States and around the world. It includes the fulltexts of major privacy laws and directives such as the Fair CreditReporting Act, the Privacy Act, and the OECD Privacy Guidelines, as wellas an up-to-date section on recent developments. New materials includethe APEC Privacy Framework, the Video Voyeurism Prevention Act, and theCAN-SPAM Act.

"Filters and Freedom 2.0: Free Speech Perspectives on Internet ContentControls" (EPIC 2001). Price: $20.

A collection of essays, studies, and critiques of Internet contentfiltering. These papers are instrumental in explaining why filteringthreatens free expression.

EPIC publications and other books on privacy, open government, freeexpression, crypto and governance can be ordered at:

EPIC Bookstore

"EPIC Bookshelf" at Powell's Books

EPIC also publishes EPIC FOIA Notes, which provides brief summaries ofinteresting documents obtained from government agencies under theFreedom of Information Act.

Subscribe to EPIC FOIA Notes at:

[8] Upcoming Conferences and Events

7th Annual Institute on Privacy Law: Evolving Laws and Practices in aSecurity-Driven World. Practising Law Institute. June 19-20, New York,New York. July 17-18, Chicago, Illinois. Live webcast available. Formore information:

identitymashup: Who Controls and Protects the Digital Me? Berkman Centerfor Internet & Society, Harvard Law School. June 19-21, 2006. Cambridge,Massachusetts. For more information:

Call for papers for Identity and Identification in a Networked World.
Submissions due by July 5. New York University. Symposium on September29-30, 2006. New York, New York. For more information:

Infosecurity New York. Reed Exhibitions. September 12-14, 2006. NewYork, New York. For more information:

34th Research Conference on Communication, Information, and InternetPolicy. Telecommunications Policy Research Conference. September29-October 1, 2006. Arlington, Virginia. For more information:

6th Annual Future of Music Policy Summit. Future of Music Coalition.
October 5-7, 2006. Montreal, Canada. For more information:

The IAPP Privacy Academy 2006. International Association of PrivacyProfessionals. October 18-20, 2006. Toronto, Ontario, Canada. For moreinformation:

International Conference on Privacy, Security, and Trust (PST 2006).
University of Ontario Institute of Technology. October 20-November 1,
2006. Markham, Ontario, Canada. For more information:

BSR 2006 Annual Conference. Business for Social Responsibility. November7-10, 2006. New York, New York. For more information:

CFP2007: Computers, Freedom, and Privacy Conference. Association forComputing Machinery. May 2007. Montreal, Canada. For more information:

Subscription Information

Subscribe/unsubscribe via web interface:

Back issues are available at:

The EPIC Alert displays best in a fixed-width font, such as Courier.

Privacy Policy

The EPIC Alert mailing list is used only to mail the EPIC Alert and tosend notices about EPIC activities. We do not sell, rent or share ourmailing list. We also intend to challenge any subpoena or other legalprocess seeking access to our mailing list. We do not enhance (link toother databases) our mailing list or require your actual name.

In the event you wish to subscribe or unsubscribe your e-mail addressfrom this list, please follow the above instructions under "subscriptioninformation."

About EPIC

The Electronic Privacy Information Center is a public interest researchcenter in Washington, DC. It was established in 1994 to focus publicattention on emerging privacy issues such as the Clipper Chip, theDigital Telephony proposal, national ID cards, medical record privacy,and the collection and sale of personal information. EPIC publishes theEPIC Alert, pursues Freedom of Information Act litigation, and conductspolicy research. For more information, see or writeEPIC, 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009. +1 202483 1140 (tel), +1 202 483 1248 (fax).

If you'd like to support the work of the Electronic Privacy InformationCenter, contributions are welcome and fully tax-deductible. Checksshould be made out to "EPIC" and sent to 1718 Connecticut Ave., NW,Suite 200, Washington, DC 20009. Or you can contribute online at:

Your contributions will help support Freedom of Information Act andFirst Amendment litigation, strong and effective advocacy for the rightof privacy and efforts to oppose government regulation of encryption andexpanding wiretapping powers.

Thank you for your support.


WorldLII: Copyright Policy | Disclaimers | Privacy Policy | Feedback