WorldLII Home | Databases | WorldLII | Search | Feedback

EPIC Alert

You are here:  WorldLII >> Databases >> EPIC Alert >> 2006 >> [2006] EPICAlert 13

Database Search | Name Search | Recent Articles | Noteup | LawCite | Help

EPIC Alert 13.13 [2006] EPICAlert 13


Volume 13.13 June 30, 2006

Published by the Electronic Privacy Information Center (EPIC)
Washington, D.C.

Table of Contents

[1] Government Program Probes Financial Records
[2] EPIC Opposes Photo ID Requirements for Voting
[3] Lawmakers, Industry, Call for Federal Privacy Law
[4] FTC Calls for Open Access to WHOIS
[5] Experts Find Wiretaps Weaken Security
[6] News in Brief
[7] EPIC Bookstore: Vernor Vinge's "Rainbows End"

[8] Upcoming Conferences and Events

[1] Government Program Probes Financial Records

Government officials confirmed last week that the Bush administrationhas been secretly examining banking transactions of thousands ofAmericans and others. The official confirmations followed news reportsthat revealed the program, the latest in a series of secret surveillanceprograms conducted by the government. News reports previously revealedthat the National Security Agency was eavesdropping on Americans' phonecalls and collecting domestic phone records without warrants.

The program, begun after the Sept. 11, 2001 attacks, is run by the CIAand overseen by the Treasury Department. The government used broad,secret subpoenas to review transactions from Brussels-based bankingconsortium Society for Worldwide Interbank Financial Telecommunications(SWIFT), which routes information among 7,800 financial institutions inmore than 200 countries.

London-based Privacy International has filed complaints with dataprotection and privacy regulators in 33 European countries againstSWIFT. Privacy International contends that SWIFT acted "without regardto legal process under Data Protection law when it secretly provided theTreasury Department with confidential banking transactions of thousandsof international customers. SWIFT's actions are also being scrutinizedby the Belgian government, which is investigating the legality of thesecret transactions.

President Bush and others in his administration are attacking newspapersfor reporting about and investigating recently discovered secretsurveillance programs. He claimed that such news reports helpedterrorists by publicizing that their financial transactions were beingwatched. However, Bush already announced this intention to terroriststwo weeks after the Sept. 11, 2001, attacks. On Sept. 24, 2001, Bushsaid, "We're putting banks and financial institutions around the worldon notice -- we will work with their governments, ask them to freeze orblock terrorists' ability to access funds in foreign accounts."

Treasury Department Press Release Confirming Secret Program:

SWIFT Press Release Explaining Program:

Privacy International Press Release Describing Complaints:

European Union Data Protection Laws:

EPIC's Domestic Surveillance Resources Page:

EPIC's "Privacy Law Sourceboook," explaining U.S. and internationallaws:

[2] EPIC Opposes Photo ID Requirements for Voting

The House Committee on Administration held a hearing on a proposal torequire newly registered voters to produce proof of citizenship. EPICprovided comments on the hearing, urging the Committee to address realthreats to election integrity. EPIC stated that there were twoconditions that must be satisfied to meet the requirements of a free,fair, and democratic election: all those who are eligible to vote mustbe allowed to do so, while those are not eligible must be prevented fromvoting. Violation of either of these two requirements undermines theintegrity of a public election.

In its comments, EPIC stressed that the voter registration processshould determine voter eligibility, not an ad hoc process conducted onthe day of the election. "The role of the poll worker is to authenticatevoters without consideration of their income, language of origin,education, gender, race, or ethnicity," EPIC said.

EPIC also noted the difference between proving citizenship and provingvoter eligibility. For instance, documents that provide proof ofcitizenship do not prove eligibility to vote: A passport that indicatesbirthplace, does not indicate whether the holder is currently a residentof the community in which she wishes to vote. EPIC pointed out thatthere is no evidence, research or reporting to substantiate the threatof illegal or ineligible voters' participation in public elections. EPICalso noted that the committee hearing did not address the more pressingand proven problem of fraud in absentee ballots.

Increased voter registration requirements in the past have led to voterdisenfranchisement, EPIC said. Requiring voters to affirmatively provethat they can vote, after they have already done so at registration,placed an unconstitutional burden upon voters. EPIC also raised theconcern that policymakers seeking additional verification may imposeother identification requirements which would infringe upon the validityof the secret ballot.

Administration Committee Hearing on Voting ID Requirements:

EPIC's Comments to the Committee (pdf):

EPIC's Voting Page:

National Committee for Voting Integrity:

[3] Lawmakers, Industry, Call for Federal Privacy Law

On June 16, Senator Hillary Rodham Clinton (D-NY) announced plans tointroduce comprehensive privacy legislation. At a meeting of theAmerican Constitution Society, Clinton called for a "Privacy Bill ofRights" that would create privacy protections in the private sector,strengthen enforcement of medical privacy laws, and ensure checks andbalances on government surveillance. Clinton criticized the current lackof privacy protections in the United States, saying, "at all levels, theprivacy protections for ordinary citizens are broken, inadequate, andout of date."

Clinton announced that her consumer protection proposals were to beincorporated in a bill known as the "Privacy Rights and Oversight forElectronic and Commercial Transactions," or PROTECT, Act. The bill wouldprevent companies from sharing a person's personal information unlessthe person had opted in to that sharing. It would also grant consumersthe right to freeze their credit, an effective means of preventingidentity theft. Data brokers would have to grant consumers access totheir own records, and notify consumers if data has been breached.
Violators would be subject to private suit, in a tiered system designedto insulate small businesses.

The proposed law also would increase the breadth and enforcement ofmedical privacy laws, which Clinton noted were extremely lax. Of over35,000 privacy law complaints, "not a single, civil, monetary penaltyhas been imposed," she said. Clinton also criticized the Bushadministration on its warrantless surveillance programs, calling forsurveillance programs to be reviewed by the legislative and judicialbranches, to ensure the protection of privacy and civil liberties.

The PROTECT Act also creates a high-level privacy czar in the Office ofManagement and Budget, to oversee the federal government's privacypractices. "We had a privacy czar during the Clinton Administration, butthe current administration shoes not to follow that model," Clintonsaid.

In related news, Peter Swire, the former Clinton administration privacyczar, testified before a subcommittee of the House Energy and CommerceCommittee on June 20, representing the Consumer Privacy LegislativeForum, a consortium of businesses also calling for federal lawsregarding privacy and data security. The businesses called for a morelimited law that would grant consumers "reasonable" access toinformation held about them, but that would preempt state law, likelystriking down stronger state protections. Executives fromHewlett-Packard and eBay, members of the Forum, also testified, alongwith Dr. Thomas Lenard, of the Progress and Freedom Foundation, and EvanHendricks of Privacy Times.

Representatives from both parties agreed that national legislation wasnecessary, but many remained concerned as to whether the companies' planwould have effective enforcement. Representative Stearns (R-FL), Chairof the subcommittee, suggested that a private right of action mightencourage compliance with the law and grant individual consumers anamount of redress. Representative Barton (R-TX), Chair of the full HouseCommerce Committee, also appeared to support some form of a privateright, as did Representative Gonzalez (D-TX). Representative Schakowsky(D-IL), Ranking Member of the subcommittee, also promoted the idea ofcreating a cross-agency privacy czar.

Senator Clinton's Press Release on Comprehensive Privacy Legislation:

Text of Senator Clinton's speech:

Consumer Privacy Legislative Forum Statement on Federal PrivacyLegislation (pdf):

Testimony of Prof. Peter Swire, on behalf of the Consumer PrivacyLegislative Forum (pdf):

EPIC's Privacy and Preemption page:

[4] FTC Calls for Open Access to WHOIS

At the annual meeting of the Internet Corporation for Assigned Names andNumbers (ICANN), U.S. Federal Trade Commissioner Jonathan Leibowitzcalled for open access to the WHOIS database, as part of the FTC's fightagainst online fraud. WHOIS allows the public to view the name andpersonal information of any domain name holder. In order to protecttheir privacy, many domain name holders register through a proxyservice, so that users can contact them via the proxy while theirpersonal information remains protected.

At the Marrakech meeting of the domain name authority, Leibowitz notedthat the database helps law enforcement track down spyware, spam, andInternet fraud. However, the commissioner also stated that the WHOISdatabase "is most useful when it is accurate." Ensuring accuracy inWHOIS, however, threatens the ability of users to engage in anonymousfree speech online. Recently, the U.S. National Telecommunications andInformation Administration prohibited registrars of domain names endingin ".US" from offering proxy services. (EPIC filed a "friend of thecourt" brief supporting a challenge to this policy in April.)

Leibowitz also criticized ICANN's vote in April to define the purpose ofthe WHOIS database narrowly. The adopted definition stated that WHOISshould be used to allow users to contact domain name holders to resolve"issues related to the configuration of the records associated with thedomain name within a DNS nameserver." Leibowitz worried that adefinition of WHOIS that did not include law enforcement as a purposefor the database would hamper law enforcement access to the personalinformation of domain name holders.

The commissioner did acknowledge, however, that enforcement can continueeven without accurate data, citing cases where the FTC was able to trackdown fraudsters who had used obviously phony names. Others at themeeting also noted that the existing definition of the purpose of WHOISdoes not mean that WHOIS data will be removed from public access.

FTC Press Release on WHOIS Access (with link to Leibowitz statement):

Communique of ICANN's Governmental Advisory Committee (pdf):

EPIC's WHOIS page:

EPIC's Peterson v. NTIA page:

[5] Experts Find Wiretaps Weaken Security

According to a report by the Information Technology Association ofAmerica, attempts to create wiretap-friendly Internet and VoIP serviceswill build security vulnerabilities into the services. This reportfollows a recent ruling by the D.C. Circuit Court of Appeals thatrequires broadband and VoIP providers to build systems that thegovernment can wiretap easily. However, technology experts say that thisrequires either a massive change in Internet infrastructure, or theintroduction of serious security risks.

The report notes that, unlike the traditional phone system, thedecentralized nature of the Internet makes it extremely difficult, ifnot impossible, to simply extract the desired information from Internetrouters. Doing so would require the restructuring of "a very largeportion of the routing infrastructure." Other dangers include the easeof accidentally intercepting innocent parties' communications; creatingeavesdropping systems that could be readily co-opted by bad actors; andthe detection or possible interception of the transmission to the lawenforcement agency itself. Technical hurdles included the relative lackof physical security surrounding Internet routing equipment, as well asthe ease with which identities can change on the Internet.

The report, authored by a group of technology and network experts,outlines the technical dangers to applying the Communications Assistancefor Law Enforcement Act (CALEA) to Internet services. CALEA was createdin 1994, when law enforcement agencies grew concerned that thedevelopment of wireless and other telephone technologies would hampertheir ability to wiretap phone calls. CALEA required telephone companiesto build systems that the government could wiretap easily, but,recognizing the differences between telephone service and Internetservices, Congress did not apply the law to "information services." Arecent ruling, however, upheld the Federal Communications Commission'sextension of CALEA to VoIP services and broadband.

ITAA Report (pdf):

Opinion in ACE v FCC (pdf):

EPIC's Wiretap page:

[6] News in Brief

EPIC Opposes D.C. Police's Proposed Expansion of CCTV SystemIn comments to the Metropolitan Police Department, EPIC opposed aproposed pilot project that would expand the District's limited systemto a system of constant, surreptitious surveillance of the public.
However, if the project goes forward, EPIC urged the MPD not to changeits public notification standards. As proposed, the new regulationswould allow the police chief to install and maintain a system of secretvideo cameras without informing the public. Also, EPIC urged the MPD toset clear, objective standards for evaluating the success of theexpanded system.

EPIC's comments (pdf):

Metropolitan Police Department's site:

EPIC's Video Surveillance page: Veterans Affairs Laptop and Hard Drive Are FoundThe stolen laptop computer and hard drive containing sensitive data forup to 26.5 million veterans, their spouses, and active-duty militarypersonnel have been found, according to Veterans Affairs Secretary JimNicholson. This comes as newly discovered documents show that VeteransAffairs had given permission in 2002 for the analyst, from whom theequipment was stolen, to work from home with data that included millionsof Social Security numbers, disability ratings and other personalinformation. Agency officials previously said the analyst was firedbecause he violated agency procedure by taking the data home.

EPIC's Veterans Affairs page:

Department of Veterans Affairs site: Privacy Policy Claims Control over Customers' InfoA new privacy policy unveiled for AT&T's Internet TV offerings claimsthat customers' personal information belongs to the company. "While yourAccount information may be personal to you, there records constitutebusiness records that are owned by AT&T, " the policy stated. The policyalso notes that information on users' browsing and viewing habits willbe recorded. The disclosure of such information by cable companies tothird parties is prohibited by the Cable Communications Policy Act.
However, it is unlikely that the Act would apply to an Internet providerlike AT&T.

AT&T's Privacy Policy for AT&T Yahoo! and Video Services:

Cable Communications Policy Act, Section 551: Department Considers Data Retention PlanThe U.S. Department of Justice met with representatives of technologycompanies and privacy organizations to discuss its Internet dataretention plans. These plans would require Internet service providers tostore all user records so that law enforcement can later examine themfor evidence of wrongdoing. The data retention scheme is being presentedas part of an initiative to combat child pornography. The JusticeDepartment has not provided details on this plan, nor has it stated whythe drastic step of retaining every user's records is necessary.

EPIC's Data Retention Page: Finds Yahoo's China Filters Most RestrictiveA study released by Reporters Without Borders revealed that, of varioussearch engines operating in China, Yahoo's filters removed the mostinformation from search results. China severely restricts access toInternet information, employing filters that block dissident materialfrom being viewed. The study compared the results returned from searchengines Yahoo, Google, MSN, and local competitor Baidu when researcherssearched for material on topics like "Tibet Independence," "democracy,"
and "human rights." Yahoo and Baidu were also found to prevent users whosearched for such topics from conducting any additional searches, evenon neutral topics, for an hour.

Reporters Without Borders Study:

[7] EPIC Bookstore: Vernor Vinge's "Rainbows End"

Vernor Vinge. Rainbows End. Tor Books, 2006.

"Robert Gu is a recovering Alzheimer's patient. The world that heremembers was much as we know it today. Now, as he regains his facultiesthrough a cure developed during the years of his near-fatal decline, hediscovers that the world has changed and so has his place in it.
With knowledge comes risk. When Robert begins to re-train at FairmontHigh, learning with other older people what is second nature to Miri andother teens at school, he unwittingly becomes part of a wide-rangingconspiracy to use technology as a tool for world domination.

In a world where every computer chip has Homeland Security built-in,this conspiracy is something that baffles even the most sophisticatedsecurity analysts, including Robert's son and daughter-in law, two toppeople in the U.S. military. And even Miri, in her attempts to protecther grandfather, may be entangled in the plot.

As Robert becomes more deeply involved in conspiracy, he is shocked tolearn of a radical change planned for the UCSD Geisel Library; all thebooks there, and worldwide, would cease to physically exist. He and hisfellow re-trainees feel compelled to join protests against the change.
With forces around the world converging on San Diego, both theconspiracy and the protest climax in a spectacular moment as unique andsatisfying as it is unexpected. This is science fiction at its verybest, by a master storyteller at his peak."
EPIC Publications:

"Information Privacy Law: Cases and Materials, Second Edition" Daniel J.
Solove, Marc Rotenberg, and Paul Schwartz. (Aspen 2005). Price: $98.

This clear, comprehensive introduction to the field of informationprivacy law allows instructors to enliven their teaching of fundamentalconcepts by addressing both enduring and emerging controversies. TheSecond Edition addresses numerous rapidly developing areas of privacylaw, including: identity theft, government data mining,and electronicsurveillance law, the Foreign Intelligence Surveillance Act,intelligence sharing, RFID tags, GPS, sypware, web bugs, and more.
Information Privacy Law, Second Edition, builds a cohesive foundationfor an exciting course in this rapidly evolving area of law.

"Privacy & Human Rights 2004: An International Survey of Privacy Lawsand Developments" (EPIC 2004). Price: $50.

This annual report by EPIC and Privacy International provides anoverview of key privacy topics and reviews the state of privacy in over60 countries around the world. The report outlines legal protections,new challenges, and important issues and events relating to privacy.
Privacy & Human Rights 2004 is the most comprehensive report on privacyand data protection ever published.

"FOIA 2004: Litigation Under the Federal Open Government Laws," HarryHammitt, David Sobel and Tiffany Stedman, editors (EPIC 2004). Price:

This is the standard reference work covering all aspects of the Freedomof Information Act, the Privacy Act, the Government in the Sunshine Act,and the Federal Advisory Committee Act. The 22nd edition fully updatesthe manual that lawyers, journalists and researchers have relied on formore than 25 years. For those who litigate open government cases (orneed to learn how to litigate them), this is an essential referencemanual.

"The Public Voice WSIS Sourcebook: Perspectives on the World Summit onthe Information Society" (EPIC 2004). Price: $40.

This resource promotes a dialogue on the issues, the outcomes, and theprocess of the World Summit on the Information Society (WSIS). Thisreference guide provides the official UN documents, regional andissue-oriented perspectives, and recommendations and proposals forfuture action, as well as a useful list of resources and contacts forindividuals and organizations that wish to become more involved in theWSIS process.

"The Privacy Law Sourcebook 2004: United States Law, International Law,and Recent Developments," Marc Rotenberg, editor (EPIC 2005). Price:

The Privacy Law Sourcebook, which has been called the "Physician's DeskReference" of the privacy world, is the leading resource for students,attorneys, researchers, and journalists interested in pursuing privacylaw in the United States and around the world. It includes the fulltexts of major privacy laws and directives such as the Fair CreditReporting Act, the Privacy Act, and the OECD Privacy Guidelines, as wellas an up-to-date section on recent developments. New materials includethe APEC Privacy Framework, the Video Voyeurism Prevention Act, and theCAN-SPAM Act.

"Filters and Freedom 2.0: Free Speech Perspectives on Internet ContentControls" (EPIC 2001). Price: $20.

A collection of essays, studies, and critiques of Internet contentfiltering. These papers are instrumental in explaining why filteringthreatens free expression.

EPIC publications and other books on privacy, open government, freeexpression, crypto and governance can be ordered at:

EPIC Bookstore

"EPIC Bookshelf" at Powell's Books

EPIC also publishes EPIC FOIA Notes, which provides brief summaries ofinteresting documents obtained from government agencies under theFreedom of Information Act.

Subscribe to EPIC FOIA Notes at:

[8] Upcoming Conferences and Events

7th Annual Institute on Privacy Law: Evolving Laws and Practices in aSecurity-Driven World. Practising Law Institute. June 19-20, New York,New York. July 17-18, Chicago, Illinois. Live webcast available. Formore information:

identitymashup: Who Controls and Protects the Digital Me? Berkman Centerfor Internet & Society, Harvard Law School. June 19-21, 2006. Cambridge,Massachusetts. For more information:

Call for papers for Identity and Identification in a Networked World.
Submissions due by July 5. New York University. Symposium on September29-30, 2006. New York, New York. For more information:

Infosecurity New York. Reed Exhibitions. September 12-14, 2006. NewYork, New York. For more information:

34th Research Conference on Communication, Information, and InternetPolicy. Telecommunications Policy Research Conference. September29-October 1, 2006. Arlington, Virginia. For more information:

6th Annual Future of Music Policy Summit. Future of Music Coalition.
October 5-7, 2006. Montreal, Canada. For more information:

The IAPP Privacy Academy 2006. International Association of PrivacyProfessionals. October 18-20, 2006. Toronto, Ontario, Canada. For moreinformation:

International Conference on Privacy, Security, and Trust (PST 2006).
University of Ontario Institute of Technology. October 20-November 1,
2006. Markham, Ontario, Canada. For more information:

BSR 2006 Annual Conference. Business for Social Responsibility. November7-10, 2006. New York, New York. For more information:

CFP2007: Computers, Freedom, and Privacy Conference. Association forComputing Machinery. May 2007. Montreal, Canada. For more information:

Subscription Information

Subscribe/unsubscribe via web interface:

Back issues are available at:

The EPIC Alert displays best in a fixed-width font, such as Courier.

Privacy Policy

The EPIC Alert mailing list is used only to mail the EPIC Alert and tosend notices about EPIC activities. We do not sell, rent or share ourmailing list. We also intend to challenge any subpoena or other legalprocess seeking access to our mailing list. We do not enhance (link toother databases) our mailing list or require your actual name.

In the event you wish to subscribe or unsubscribe your e-mail addressfrom this list, please follow the above instructions under "subscriptioninformation."

About EPIC

The Electronic Privacy Information Center is a public interest researchcenter in Washington, DC. It was established in 1994 to focus publicattention on emerging privacy issues such as the Clipper Chip, theDigital Telephony proposal, national ID cards, medical record privacy,and the collection and sale of personal information. EPIC publishes theEPIC Alert, pursues Freedom of Information Act litigation, and conductspolicy research. For more information, see or writeEPIC, 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009. +1 202483 1140 (tel), +1 202 483 1248 (fax).

If you'd like to support the work of the Electronic Privacy InformationCenter, contributions are welcome and fully tax-deductible. Checksshould be made out to "EPIC" and sent to 1718 Connecticut Ave., NW,Suite 200, Washington, DC 20009. Or you can contribute online at:

Your contributions will help support Freedom of Information Act andFirst Amendment litigation, strong and effective advocacy for the rightof privacy and efforts to oppose government regulation of encryption andexpanding wiretapping powers.

Thank you for your support.


WorldLII: Copyright Policy | Disclaimers | Privacy Policy | Feedback