WorldLII Home | Databases | WorldLII | Search | Feedback

EPIC Alert

You are here:  WorldLII >> Databases >> EPIC Alert >> 2006 >> [2006] EPICAlert 14

Database Search | Name Search | Recent Articles | Noteup | LawCite | Help

EPIC Alert 13.14 [2006] EPICAlert 14


Volume 13.14 July 13, 2006

Published by the Electronic Privacy Information Center (EPIC)
Washington, D.C.

Table of Contents

[1] Georgia State, Federal Courts Halt Photo ID Requirement for Voters
[2] EPIC Supports Supreme Court Review of DNA Databases
[3] British ID Card Plan Stalls
[4] FBI Proposes Wiretap Law Expansion
[5] Defense Department Monitored Student Email
[6] News in Brief
[7] EPIC Bookstore: John Battelle's "The Search"

[8] Upcoming Conferences and Events

[1] Georgia State, Federal Courts Halt Photo ID Requirement for Voters

The second attempt by the Georgia General Assembly to require voters topresent photo identification as a pre-condition to cast a ballot wasstruck down by both state and federal courts in Georgia. Judge HaroldMurphy of the U.S. District Court for the Northern District of Georgiaissued a preliminary injunction preventing the state from demanding thatregistered voters present a government-issued photo ID at the polls.

A week earlier, Georgia's Fulton County Superior Court found the "2006Photo ID Act" imposed an unauthorized qualification on the right tovote, since the Georgia State Constitution only requires qualifiedvoters to be 18 years old, mentally competent, and state residents.
Accordingly, any of seventeen forms of proof of residence previouslyspecified in state law, including a signed affirmation certificate, willremain acceptable to identify an eligible elector at the polling place.

The state claim, filed by former Democratic Governor Roy E. Barnes,states that the new law would make it harder for minorities, theelderly, and the poor to participate in public elections. Defendant,Republican Governor Sonny Perdue, argued the Act was a reasonable meansto prevent voter fraud. In his opinion, state judge Melvin K.
Westmoreland rejected any political arguments raised by the partiesrelying solely on constitutional grounds stating, "Where the right ofsuffrage is fixed in the Constitution it cannot be restricted by thelegislature."

Secretary of State Cathy Cox had previously testified she "cannot recallone documented case of voter fraud. . . that specifically related to theimpersonation of a registered voter at voting polls." The Secretary ofState's office also estimated that as of 2005, 675,000 Georgiansotherwise eligible to vote lack a driver's license or state issued photoidentification card. In an official statement, Governor Perdue stated,
"dead people have cast votes in Georgia and. . . there was no way totell how many deceased voters, felons or even illegal aliens may havebeen casting ballots in Georgia elections." Governor Perdue's emergencyappeal of the decision to the Georgia Supreme Court was denied.

At the federal level, Judge Murphy had previously struck down an earlierlaw requiring voters present photo identification as a qualification tovote. The plaintiffs in this earlier case argued that the cost andinconvenience of obtaining such an ID was too much for many poor votersand therefore a violation of the Twenty-Fourth Amendment prohibition onpoll taxes. In response to that ruling, the Georgia enacted the 2006Photo ID Act mandating the same list of acceptable forms of photoidentification but provided a means for voters to obtain a photoidentification card at no cost.

Georgia's 2006 Photo ID Act:

Fulton County Superior Court Decision (pdf):

EPIC's Congressional Testimony on Voter ID Requirements (pdf):

EPIC's Voting Resources Page:

National Committee for Voting Integrity:

[2] EPIC Supports Supreme Court Review of DNA Databases

EPIC has filed a "friend of the court" brief asking the U.S. SupremeCourt to hear the case of a probationer who was forced to provide a DNAsample for inclusion in a federal database. The brief points out themore invasive nature of DNA profiling and also notes the lack ofadequate protections to ensure that tissue samples are not abused forother purposes.

One month prior to his release from probation, Lamar Johnson was orderedto provide the government with a blood sample, so that his DNA might beentered into a national database. Johnson refused, stating that thesample collection, being more invasive than fingerprinting, was aviolation of his Fourth Amendment rights against unreasonable searchesand seizures. He then filed for an injunction against the collection infederal district court. His case was dismissed by the federal districtcourt in Washington, D.C., and he appealed to the D.C. Circuit, whichupheld the district court's opinion, comparing the blood sample to afingerprinting.

EPIC supported Johnson's request for the Supreme Court to hear his case,noting in its "friend of the court" brief that collecting a tissuesample for DNA profiling was far more invasive than collecting afingerprint. While a fingerprint does not reveal any characteristicsabout an individual, a DNA profile can reveal an individual's likelyrace and sex. Close relatives also share similar profiles, so collectingone person's DNA may easily implicate her immediate family. The briefalso states that there are insufficient safeguards on the use of theoriginal tissue sample, from which a vast amount of personalinformation, including personal traits and medical information, can begleaned. There are no uniform guidelines determining how long thisinformation-rich sample can be held, nor whether the sample will bedestroyed if a conviction is overturned or a sentence served.

The collection and use of DNA continues to expand, with laws nowallowing police to collect DNA samples not only from convictedcriminals, but from individuals who are arrested or merely detained bythe government. Law enforcement has begun to use DNA collected fromfamily members to implicate suspects, and the wealth of informationcontained within federal DNA databases allows for unanticipated uses andabuses in the absence of adequate safeguards.

EPIC's Johnson v. Quander Page:

EPIC Brief in Johnson v. Quander (pdf):

Johnson's Petition for Certiorari (pdf):

EPIC's Genetic Privacy Page:

[3] British ID Card Plan Stalls

Plans for a mandatory national ID card in the United Kingdom havestalled after internal emails revealing severe problems with the planwere leaked from the UK's Home Office. The plan, originally scheduled toroll out in 2008, is now subject to further review and likelyrescheduling, according to the government. Opponents of the plan,however, are pointing to the delay as evidence that the plan isunworkable.

Despite public assertions from Home Office officials and Prime MinisterBlair that the ID cards would combat terrorism, crime, illegalimmigration and fraud, the internal emails, leaked to the Sunday Times,reveal that officials privately doubted that the plans were feasible oreffective. One email states that the plans "lack clear benefits fromwhich to demonstrate a return on investment." Another reveals that, dueto fears that the plan cannot be implemented, a "face-saving,"
scaled-back plan could be introduced, where personal information andbiometric data is stored in a national database, but not printed oncards.

The original plan called for a mandatory ID card that would bear theholder's name, address, photograph, and other biometric data, such asiris scans and fingerprints. Government officials have placed the costof the scheme at around 6 billion pounds, whereas a study last year bythe London School of Economics estimated the cost at closer to 19.2billion pounds. The report also noted that the card scheme faced massivetechnical issues, created potential security risks, and faced widespreadopposition from UK citizens. Furthermore, the study found that creationof the national database would likely run afoul of a number of nationallaws and international agreements.

A recent report on counter-terrorism by the Home Office also failed tomention the ID cards as part of Britain's national security strategy,raising additional doubts as to the viability of the card plan.

Leaked Emails from the Home Office:,,2087-2261631,00.html

London School of Economics 2005 Study of the ID Card Plan:

London School of Economics 2006 Study (pdf):

EPIC's National ID Card Page:

Privacy International on National ID Cards:

[4] FBI Proposes Wiretap Law Expansion

The FBI has proposed that Congress pass a law that would expand a 1994telephone wiretapping law to apply to Internet and voice over Internetprotocol (VoIP) services. Among other things, the as-yet uncirculatedproposal would require manufacturers of routing equipment to designsystems so that the government can easily wiretap Internetcommunications.

The Communications Assistance for Law Enforcement Act (CALEA) was passedin 1994, after law enforcement officials worried that new technologies,like mobile phones, were making it difficult to wiretap telephoneconversations. The law therefore required that telephone companies buildtheir systems to allow easy eavesdropping by the government. Recognizingthat wiretapping Internet connections posed distinct problems, however,the law did not apply to "information services" like Internet serviceproviders.

The proposed law does more than apply the wiretap requirements toInternet services, however. The bill also would require serviceproviders to process or filter customer communications to identify andisolate the types of communications law enforcement requested, and earlyreports indicate that it would eliminate the current requirement thatthe Justice Department report the number of wiretaps it grants eachyear.

The proposed law follows a recent decision by the D.C. Circuit Court ofAppeals that allowed the FCC to expand the reach of CALEA to theInternet without changing the law. Businesses, schools, and publicinterest groups, including EPIC, had challenged the FCC decision, whichwas upheld by a 2-1 panel. Changing CALEA through legislative actioncould prevent appeal or reconsideration of the Circuit Court's decision.

Communications experts from the Information Technology Association ofAmerica have criticized applying CALEA to Internet services, noting thatthe decentralized structure of the Internet makes it difficult to applyCALEA without simultaneously wiretapping innocent individuals,introducing major security risks, or restructuring the network's nature.

Text of CALEA:

D.C. Circuit Decision in ACE v. FCC (pdf):

Justice Department's Annual Wiretap Reports:

ITAA Report on Applying CALEA to the Internet (pdf):

[5] Defense Department Monitored Student Email

The Department of Defense confirmed allegations that it had monitoredthe email of students who were preparing to protest against militarypolicies, according to the Chronicle of Higher Education. Targets of thesurveillance were engaged in organizing protests against the war in Iraqand the military's "don't ask don't tell" policy that prevents openlygay individuals from serving in the military. The Defense Departmentbegan the surveillance after being notified of protests through itsTALON network, a system intended to inform the Department of potentialterrorist threats.

Instead, reports from the TALON system, released under a Freedom ofInformation Act request submitted by the Servicemembers Legal DefenseNetwork, revealed the Defense Department investigating student protestsagainst on-campus military recruitment. The released documents indicatedsurveillance of student speech at the State University of New York atAlbany, Southern Connecticut State University, the University ofCalifornia at Berkeley, and William Paterson University of New Jersey.

Other programs within the Defense Department also focus on collectingstudent information. In May 2005, the Department announced that it wasgoing to create a massive database for recruiting. The Pentagon's "JointAdvertising and Market Research" system proposed to combine studentinformation, Social Security numbers, and information from state motorvehicle repositories into a unified database housed at a private directmarketing firm. Approximately 25 million individuals' information wouldbe in the database, and individuals would not be allowed to opt out ofinclusion. In June 2005, EPIC and 8 privacy and consumer groups objectedto the creation of the database, arguing that it violated the PrivacyAct and was unnecessarily invasive.

In reaction to the database announcement, over 100 groups sent a letterto Secretary of Defense Rumsfeld protesting the database. To date,Secretary Rumsfeld has not acknowledged receipt of the letter.

FOIA Documents Revealing Student Monitoring (pdf):

EPIC Memo on DOD Database (pdf):

Coalition Letter to the DOD Criticizing JAMRS:

[6] News in Brief

Congress Investigates Financial Surveillance ProgramThe Bush administration failed to adequately inform Congress of therecently revealed secret banking surveillance program by briefing only ahandful of members, according to the chairwoman of the Subcommittee onOversight and Investigations of the House Committee on FinancialServices. At a hearing about the program Tuesday, N.Y. Rep. Sue Kellysaid she has asked for a Government Accountability Office investigationof the program. The government is using broad, secret subpoenas toreview confidential financial transactions from a banking consortiumthat routes data in more than 200 countries.

Hearing Information on "The Terror Finance Tracking Program: RFID Needs Better Security, Report SaysThe Department of Homeland Security's Inspector General stated that theUS-VISIT border security program fails to protect data collected throughthe use of radio frequency identification (RFID) tags. US-VISIT has beentesting RFID-enabled I-94 visa forms and has distributed more than150,000 of them. The Inspector General's report found "securityvulnerabilities that could be exploited to gain unauthorized orundetected access to sensitive data" associated with people who carriedthe RFID-enabled forms.

DHS Inspector General Report (redacted) (pdf):

EPIC's US-VISIT page: Fined $550,000 for Privacy FailuresIn a settlement reached with the Federal Communications Commission, AT&Tagreed to pay $550,000 for failures to adequately safeguard consumerprivacy. According to the settlement, AT&T may have improperly usedcustomer data for marketing purposes. AT&T also agreed to improveprocedures for opt-out notification. This investigation was prompted byan EPIC petition submitted to the FCC in August 2005. FCC CommissionerAdelstein praised the settlement, noting that "enforcement is essentialto promote compliance with our consumer privacy rules." Adelstein alsoencouraged the FCC to move forward on a pending rulemaking more fullyaddressing EPIC's petition to better protect consumers' phone records.

Text of the Settlement (pdf):

Adelstein's Statement on the Settlement (pdf):

EPIC's Phone Records Page: Outlaws Pretexting, Adopts New Privacy SafeguardsIllinois Governor Rod R. Blagojevich signed legislation last weekoutlawing "pretexting:" pretending to be an account holder so as toobtain access to someone else's personal information. In the past year,Illinois has passed several laws to protect consumer privacy, includingmeasures that address identity theft, limit the use of the SocialSecurity Number, require notification of security breeches, and allowstate residents to put a security freeze on their credit report if theybelieve their personal information has been compromised.

Text of the Illinois Law (pdf):

EPIC's Pretexting and Phone Records Page:

National Conference of State Legislatures Privacy Page: Multiple Security Failures at Veterans AffairsIn the wake of May's massive data theft, the Department of VeteransAffairs falls under the Spotlight on Surveillance. The immense data losscould easily happen again because of weak security at the agency,Spotlight reports. Veterans Affairs was warned about security weaknessesfor many years, but failed to act, according to government officials.
Documents reveal that the agency had given permission for the analyst,from whom the equipment was stolen, to work from home with the sensitivepersonal data. Agency officials previously said the analyst violatedagency procedure by taking the data home.

Spotlight on Surveillance: Veterans Affairs Data Breach

[7] EPIC Bookstore: John Battelle's "The Search"

The Search: How Google and Its Rivals Rewrote the Rules of Business andTransformed Our Culture. John Battelle. Portfolio, 2005."What does the world want? According to John Battelle, a company thatanswers that question — in all its shades of meaning — can unlock themost intractable riddles of business and arguably of human cultureitself. And for the past few years, that's exactly what Google has beendoing.

Jumping into the game long after Yahoo, Alta Vista, Excite, Lycos, andother pioneers, Google offered a radical new approach to search,redefined the idea of viral marketing, survived the dot-com crash, andpulled off the largest and most talked-about initial public offering inthe history of Silicon Valley.

But The Search offers much more than the inside story of Google'striumph. It's also a big-picture book about the past, present, andfuture of search technology and the enormous impact it's starting tohave on marketing, media, pop culture, dating, job hunting,international law, civil liberties, and just about every other sphere ofhuman interest.

More than any of its rivals, Google has become the gateway to instantknowledge. Hundreds of millions of people use it to satisfy their wants,needs, fears, and obsessions, creating an enormous artifact thatBattelle calls the Database of Intentions. Somewhere in Google'sarchives, for instance, you can find the agonized research of a gay manwith AIDS, the silent plotting of a would-be bomb maker, and the anxietyof a woman checking out her blind date. Combined with the databases ofthousands of other search-driven businesses, large and small, it alladds up to a gold mine of information that powerful organizations(including the government) will want to get their hands on."
EPIC Publications:

"Information Privacy Law: Cases and Materials, Second Edition" Daniel J.
Solove, Marc Rotenberg, and Paul Schwartz. (Aspen 2005). Price: $98.

This clear, comprehensive introduction to the field of informationprivacy law allows instructors to enliven their teaching of fundamentalconcepts by addressing both enduring and emerging controversies. TheSecond Edition addresses numerous rapidly developing areas of privacylaw, including: identity theft, government data mining,and electronicsurveillance law, the Foreign Intelligence Surveillance Act,intelligence sharing, RFID tags, GPS, sypware, web bugs, and more.
Information Privacy Law, Second Edition, builds a cohesive foundationfor an exciting course in this rapidly evolving area of law.

"Privacy & Human Rights 2004: An International Survey of Privacy Lawsand Developments" (EPIC 2004). Price: $50.

This annual report by EPIC and Privacy International provides anoverview of key privacy topics and reviews the state of privacy in over60 countries around the world. The report outlines legal protections,new challenges, and important issues and events relating to privacy.
Privacy & Human Rights 2004 is the most comprehensive report on privacyand data protection ever published.

"FOIA 2004: Litigation Under the Federal Open Government Laws," HarryHammitt, David Sobel and Tiffany Stedman, editors (EPIC 2004). Price:

This is the standard reference work covering all aspects of the Freedomof Information Act, the Privacy Act, the Government in the Sunshine Act,and the Federal Advisory Committee Act. The 22nd edition fully updatesthe manual that lawyers, journalists and researchers have relied on formore than 25 years. For those who litigate open government cases (orneed to learn how to litigate them), this is an essential referencemanual.

"The Public Voice WSIS Sourcebook: Perspectives on the World Summit onthe Information Society" (EPIC 2004). Price: $40.

This resource promotes a dialogue on the issues, the outcomes, and theprocess of the World Summit on the Information Society (WSIS). Thisreference guide provides the official UN documents, regional andissue-oriented perspectives, and recommendations and proposals forfuture action, as well as a useful list of resources and contacts forindividuals and organizations that wish to become more involved in theWSIS process.

"The Privacy Law Sourcebook 2004: United States Law, International Law,and Recent Developments," Marc Rotenberg, editor (EPIC 2005). Price:

The Privacy Law Sourcebook, which has been called the "Physician's DeskReference" of the privacy world, is the leading resource for students,attorneys, researchers, and journalists interested in pursuing privacylaw in the United States and around the world. It includes the fulltexts of major privacy laws and directives such as the Fair CreditReporting Act, the Privacy Act, and the OECD Privacy Guidelines, as wellas an up-to-date section on recent developments. New materials includethe APEC Privacy Framework, the Video Voyeurism Prevention Act, and theCAN-SPAM Act.

"Filters and Freedom 2.0: Free Speech Perspectives on Internet ContentControls" (EPIC 2001). Price: $20.

A collection of essays, studies, and critiques of Internet contentfiltering. These papers are instrumental in explaining why filteringthreatens free expression.

EPIC publications and other books on privacy, open government, freeexpression, crypto and governance can be ordered at:

EPIC Bookstore

"EPIC Bookshelf" at Powell's Books

EPIC also publishes EPIC FOIA Notes, which provides brief summaries ofinteresting documents obtained from government agencies under theFreedom of Information Act.

Subscribe to EPIC FOIA Notes at:

[8] Upcoming Conferences and Events

7th Annual Institute on Privacy Law: Evolving Laws and Practices in aSecurity-Driven World. Practising Law Institute. June 19-20, New York,New York. July 17-18, Chicago, Illinois. Live webcast available. Formore information:

identitymashup: Who Controls and Protects the Digital Me? Berkman Centerfor Internet & Society, Harvard Law School. June 19-21, 2006. Cambridge,Massachusetts. For more information:

Call for papers for Identity and Identification in a Networked World.
Submissions due by July 5. New York University. Symposium on September29-30, 2006. New York, New York. For more information:

Infosecurity New York. Reed Exhibitions. September 12-14, 2006. NewYork, New York. For more information:

34th Research Conference on Communication, Information, and InternetPolicy. Telecommunications Policy Research Conference. September29-October 1, 2006. Arlington, Virginia. For more information:

6th Annual Future of Music Policy Summit. Future of Music Coalition.
October 5-7, 2006. Montreal, Canada. For more information:

The IAPP Privacy Academy 2006. International Association of PrivacyProfessionals. October 18-20, 2006. Toronto, Ontario, Canada. For moreinformation:

International Conference on Privacy, Security, and Trust (PST 2006).
University of Ontario Institute of Technology. October 20-November 1,
2006. Markham, Ontario, Canada. For more information:

BSR 2006 Annual Conference. Business for Social Responsibility. November7-10, 2006. New York, New York. For more information:

CFP2007: Computers, Freedom, and Privacy Conference. Association forComputing Machinery. May 2007. Montreal, Canada. For more information:

Subscription Information

Subscribe/unsubscribe via web interface:

Back issues are available at:

The EPIC Alert displays best in a fixed-width font, such as Courier.

Privacy Policy

The EPIC Alert mailing list is used only to mail the EPIC Alert and tosend notices about EPIC activities. We do not sell, rent or share ourmailing list. We also intend to challenge any subpoena or other legalprocess seeking access to our mailing list. We do not enhance (link toother databases) our mailing list or require your actual name.

In the event you wish to subscribe or unsubscribe your e-mail addressfrom this list, please follow the above instructions under "subscriptioninformation."

About EPIC

The Electronic Privacy Information Center is a public interest researchcenter in Washington, DC. It was established in 1994 to focus publicattention on emerging privacy issues such as the Clipper Chip, theDigital Telephony proposal, national ID cards, medical record privacy,and the collection and sale of personal information. EPIC publishes theEPIC Alert, pursues Freedom of Information Act litigation, and conductspolicy research. For more information, see or writeEPIC, 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009. +1 202483 1140 (tel), +1 202 483 1248 (fax).

If you'd like to support the work of the Electronic Privacy InformationCenter, contributions are welcome and fully tax-deductible. Checksshould be made out to "EPIC" and sent to 1718 Connecticut Ave., NW,Suite 200, Washington, DC 20009. Or you can contribute online at:

Your contributions will help support Freedom of Information Act andFirst Amendment litigation, strong and effective advocacy for the rightof privacy and efforts to oppose government regulation of encryption andexpanding wiretapping powers.

Thank you for your support.


WorldLII: Copyright Policy | Disclaimers | Privacy Policy | Feedback