E P I C A l e r t
"The President, Privacy, and Domestic Surveillance"
with Pulitzer Prize Winner Charlie Savage
Busboys & Poets, Washington DC
Friday, October 5, 2007
At the National Press Club on Monday, EPIC, the Center for Digital Democracy, and US PIRG announced a second supplement to the groups' original complaint and subsequent supplement with the Federal Trade Commission (FTC) concerning the proposed Google-DoubleClick merger. The amended complaint details new facts supporting the conclusion that the FTC should block Google's proposed acquisition of DoubleClick.
At the National Press Club discussion, "Google, Online Advertising, and Privacy," an expert panel reviewed recent developments with online privacy, including behavioral targeting, and the proposed merger of Google and DoubleClick. The panel, moderated by EPIC's Associate Director, Lillie Coney, included Melissa Ngo, Senior Counsel and Director of EPIC's Identification and Surveillance Project; Jeff Chester, Executive Director of the Center for Digital Democracy; Joe Turow, Professor of Communications at the University of Pennsylvania's Annenberg School for Communication; and Amina Fazlullah, Staff Attorney at US PIRG.
The experts discussed the privacy and antitrust problems created by the proposed Google-DoubleClick merger. Google and DoubleClick are both part of the online targeted ad market, with DoubleClick as the dominant force in rich media display ads. "[I]nstead of competing in the online targeted-ad market, Google is trying to quickly buy its way to total market dominance via a DoubleClick takeover," Chester said. He urged the FTC to block the merger.
The experts also criticized Google's recent call for new global privacy standards. Peter Fleischer, Google's Global Privacy Counsel, suggested that new standards be based on the APEC Privacy Framework. The APEC guidelines are "the weakest international privacy standards," Ngo said. For example, APEC sets no limits on the retention of personal information and places the burden on consumers to prove how and where they are harmed. Last year, EPIC led a coalition in submitting comments to the Department of Commerce detailing the shortcomings of the APEC standards, especially in relation to the OECD Guidelines.
The OECD Guidelines, which have been widely followed in the Americas, Europe, and Asia for more than 20 years, are much more protective of private data. The OECD Guidelines are based on the principles that individuals have the right to limit the use of personal information they disclose to others, and businesses have a duty to safeguard the data they collect. In their original complaint, EPIC, CDD and US PIRG alleged specifically that Google failed to follow the OECD standards. Google is calling for new global privacy standards as it is under investigation in the US, Canada, Australia and Europe for possible violations of the OECD standards.
Also on Monday, the Canadian Internet Policy and Public Interest Clinic (CIPPIC) filed a formal complaint with the Privacy Commissioner of Canada urging an investigation into the proposed merger. CIPPIC detailed several ways in which Google and DoubleClick may be violating Canada's Personal Information Protection and Electronic Documents Act, and suggested the possibility of even more serious and widespread privacy invasions if the merger is completed.
The Senate Judiciary Committee will hold a hearing entitled "An Examination of the Google-DoubleClick Merger and the Online Advertising Industry: What Are the Risks for Competition and Privacy?" on Thursday, September 27. Dave Drummond of Google, Brad Smith of Microsoft, Scott Cleland of Precursor, Thomas Lenard of the Progress & Freedom Foundation, and Marc Rotenberg of EPIC are expected to testify.
EPIC's Page on the Proposed Google-DoubleClick Merger (containing the original FTC complaint and supplements):
Senate Judiciary Committee, "An Examination of the Google-DoubleClick Merger and the Online Advertising Industry: What Are the Risks for Competition and Privacy?":
Canadian Internet Policy and Public Interest Clinic (CIPPIC) Complaint to the Privacy Commissioner of Canada (September 17, 2007) (pdf):
Peter Fleischer, Google Global Privacy Counsel, "Call for global privacy standards," September 14, 2007:
Coalition Comments on APEC Cross-Border Privacy Rules (June 2006) (pdf):
APEC Privacy Framework:
Organization for Economic Cooperation and Development Privacy Guidelines:
EPIC's Privacy Law Sourcebook 2004:
The 29th International Conference of Data Protection and Privacy Commissioners, hosted by the Office of the Privacy Commissioner of Canada, will be held on September 25-28, 2007, in Montreal, Canada. The annual event draws Commissioners from around the world, as well as a host of experts from academia, civil society and the private sector. The theme of this year's conference is “Privacy Horizons: Terra Incognita.”
Office of the Privacy Commissioner's media release explains that the theme highlights the emphasis that conference organizers are placing on the challenging issues that data protection and privacy commissioners will need to address in the coming years. A group of leading international privacy experts will tackle these issues in various workshop, plenary and breakout sessions that deal with transborder data flows, ubiquitous computing, youth privacy, biometrics, globalization, public safety, and the intersect between law and technology.
Privacy Commissioner of Canada, Jennifer Stoddart, stated that, “[o]ur goal is to push the discussion on privacy rights and expectations further this year, challenging commonly held assumptions and spearheading innovative solutions to public and private sector issues.”
A civil society workshop, entitled “Privacy in a World Under Surveillance,” will take place one day before the conference, on September 24, 2007. This one-day workshop aims to increase awareness, develop a broader understanding and a common analysis of privacy-related issues among individuals, civil society organizations, the media, and Data Protection and Privacy Commissioners, all the while strengthening the capacity for action. Some of the issues to be addressed will include: the efficacy of various regimes of privacy and data protection, the surveillance of movement through monitoring and profiling of travelers and implementation of new generation of entry-exit schemes, the surveillance of telecommunications and financial transactions, the implication of large scale IT systems across public sector including health databases, and sharing of information and the principle of interoperability.
29th International Conference of Data Protection and Privacy Commissioners:
Civil Society Workshop: Privacy in a World Under Surveillance:
On September 6, a Federal court struck down a provision of the PATRIOT Act relating to the use of National Security Letters (NSLs). The NSL power is an extraordinary search procedure which gives the FBI the power to compel the disclosure of costumer records held by banks, telephone companies, Internet service providers and others without a warrant or other judicial procedure. Recipients of NSL are prohibited from disclosing their receipt of the NSL. This gag provision was the subject of the lawsuit, filed by the ACLU.
The court stated that the gag provision was an unjustified restriction on speech. The PATRIOT Act reauthorization allowed the FBI to bar the recipients of NSLs from disclosing the fact that they have received such a letter when the Director certifies that disclosure may result in danger to national security or life or interference with a criminal, intelligence or counterterrorism investigation. The recipient of the NSL has a limited right to challenge the gag. Since the judiciary does not have meaningful review of the gag order, the court found this was a violation of first amendment free speech rights as well as the principle of separation of powers.
The gag rule makes oversight of NSL uses difficult. EPIC, through its various FOIA requests, and the Inspector General of the FBI have previously discovered abuses of the NSL power. Since the PATRIOT Act enhanced the NSL authority, government use of NSLs and their gag provision has grown dramatically, from a total of 8,500 letters issued in the years prior to the enactment of the PATRIOT Act, and rising to over 40,000 per year post-enactment. EPIC has called on congress to scale back the NSL authority to pre-PATRIOT Act levels.
ACLU v. Gonzales, 04 Civ. 2614 (September 6, 2007) (pdf):
EPIC's page on National Security Letters:
The Data Privacy and Integrity Advisory Committee of the Department of Homeland Security held a series of panel discussions on "information fusion centers." The principal role of the fusion center is to compile, analyze, and disseminate criminal/terrorist information and intelligence and other information (including, but not limited to, public safety, law enforcement, public health, social services, and public works) to support efforts to anticipate, identify, prevent, and/or monitor criminal/terrorist activity. Participants in the fusion center development can include local, state, and federal law enforcement; national security agencies; the Department of Defense; and private sector companies.
The committee heard from Department of Homeland Security officials, a representative from the State of Maryland's fusion center, a privacy and civil liberties officer from the Director of National Intelligence, and a panel of privacy and civil liberties advocates. EPIC provided testimony to the committee on the need to make the process transparent and accountable.
Fusion center surveillance projects are not new, and have been pursued in other forms under the titles Total Information Awareness Project and MATRIX. The fusion center development and implementation process has progressed to the issuance of several policy guidelines and implementation of architecture. The Institute for Intergovernmental Research, a Department of Justice funded project, published the guidance documents for fusion center development. These documents include the Fusion Center Guidelines, and A Framework for Justice Information Sharing: Service-Oriented Architecture, and Privacy, Civil Rights, and Civil Liberties.
The guidance on Privacy, Civil Rights, and Civil Liberties supports the consideration of Organization for Economic Co-operation and Development privacy guidelines, which have no statutory enforcement authority within the United States. The Federal Privacy Act, which governs the actions of federal government agencies, is argued to not apply because fusion centers are not said to be federal entities.
The Department of Homeland Security has provided $380 million in grants for the development and deployment of 43 fusion centers on the local and state level. There is a goal of supporting the creation of 70 fusion centers throughout the nation.
EPIC's page on Total Information Awareness:
EPIC's page on Fusion Centers:
Fusion Center Guidelines (pdf):
Fusion Center Privacy, Civil Rights and Civil Liberties (pdf):
A Framework for Justice Information Sharing: Service-Oriented Architecture (pdf):
Recent election reform news in the United States include a court ruling on photo voter identification requirements and electronic voting system standards development. A federal court ruled in favor of the State of Georgia on the requirement that voters must present a photo voter ID when voting in public elections. The law was passed based on unsubstantiated fears about voter fraud in public elections in the state. The Georgia has issued 3,000 free photo identification documents to date under the new photo voter identification requirement. According to a US Census report, as of July 2005 the state of Georgia had an estimated voting-age population of 6.4 million with only 4.5 million state-issued photo identification documents.
An Elections Canada decision to allow veiled voters to cast ballots in public elections was critiqued by Prime Minister Stephen Harper, who said that the agency had defied Parliament by allowing women to wear veils and burqas while voting. Prime Minister Harper was referring to a recently enacted law intended to address voter fraud, but it did not require visual identification. The law requires voters to provide one piece of photo identification issued by any level of government, or the voter may present two pieces of identification regardless of the issuer which establish their name and address.
In other US voting news, the US Election Assistance Commission has made public the draft 2007 voluntary voting system guidelines, which will be open for a 120-day public comment period. The draft document is a complete overhaul of the standards published in the federal register in 2006. The standards will not take effect before the 2008 general elections.
Election Assistance Commission:
EPIC's page on Voting and Privacy:
National Committee for Voting Integrity:
Illinois Gets New Public School Biometric Privacy Protection Law
Parents of Illinois public school children are given a new tool to protect the privacy of their children. The new law requires that parents be given effective notice when “unique behavioral or physiological characteristics, including fingerprint, hand geometry, voice, or facial recognition or iris or retinal scans.” Parents must provide an opt-in for their children to participate in any biometric identification program prior to the collection of fingerprint, iris, or other biometric database creation process. Parents can at any time request that their child's information be removed from a biometric system of records, and the school cannot retain the information after a child is no longer enrolled.
The law was strongly supported by concern parents who discovered that contrary to their wishes their children had been enrolled into fingerprint identification systems associated with school lunch programs.
Illinois Act Concerning Education, SB1702:
EPIC's page on Biometric Identifiers:
EPIC's page on Theme Park Privacy:
GAO Reports on Progress at Homeland Security
The Government Accountability Office (GAO) reported that the Department of Homeland Security (DHS) has made "varying" progress in achieving its mission and management objectives. The GAO found more progress in mission areas than in management, and has seen more progress in DHS developing plans than in implementing them. Of the department's 171 performance expectations -- drawn from executive orders, legislation and other administration sources -- 78 were achieved, 83 not achieved and 10 were not assessed. The greatest progress was made in maritime security, while the least progress was made in emergency management and in information technology management.
Department of Homeland Security: Progress Report on Implementation of Mission an Management Functions GAO-07-1240T (pdf):
Justice Dept. Report: Terrorist Screening Database Error-Filled
The government's watchlists of known or suspected terrorists remain filled with errors that can obstruct the capture of terrorists, according to a report from the Justice Department's Inspector General. "Furthermore, inaccurate, incomplete, and obsolete watchlist information increases the chances of innocent persons being stopped or detained during an encounter because of being misidentified as a watchlist identity," and the Inspector General went on to criticize the redress procedures. EPIC has repeatedly detailed the privacy and security problems created by these inaccurate watchlists and their opaque redress systems. Full application of the Privacy Act requirements to government record systems is the only way to ensure that data is accurate and complete, which is especially important in the context of watch lists, where mistakes and misidentifications are costly.
Department of Justice, Office of Inspector General, "Follow-Up Audit of the Terrorist Screening Center, Audit Report 07-41 (Redacted for Public Release)," September 2007 (pdf):
EPIC's Page on Secure Flight:
Cities Consider ID Cards for Undocumented Immigrants
San Francisco and New York are debating proposals to create city identification cards that would be available to any resident, regardless of citizenship status. Such cards would establish legal identity and residency and allow cardholders to access basic city services such as banking, aid for the homeless and library access. In July, New Haven, Conn., began issuing the first such city-sponsored ID cards to undocumented immigrants. More than 1,500 people have applied for the New Haven cards.
New York City Council Int. No. 602:
EPIC's Page on National ID Cards and the REAL ID Act:
“The Terror Presidency: Law and Judgment Inside the Bush Administration” by Jack Goldsmith (Norton & Co. 2007)
On December 24, 2005, the New York Times reported that the President had authorized electronic surveillance within the United States without judicial approval. Within hours, EPIC submitted a Freedom of Information Act request to the Department of Justice for the documents that were drafted to support the President's decision.
We were interested in the legal basis for the program since two public laws - the FISA and the 1968 wiretap law - are described as the "exclusive means" for electronic surveillance in the United States. We were curious about the reasoning that would permit the President to obtain (and the telephone companies to disclose) the private communications of American citizens outside the scope of the public law.
It may seem to odd to think that the memos written by a few lawyers determine the reach of Presidential powers, but that is the reality of the Office of Legal Counsel within the Department of Justice and the basis for this fascinating book by former OLC head Jack Goldsmith. Goldsmith, who is now a professor at Harvard Law School, describes the significant powers of the office, noting at one point that it essentially issues “Get out of Jail free” cards to both government officials and private corporations who might otherwise be found guilty of, say, violating federal wiretap laws.
To be fair, the opinions of the Office of Legal Counsel are given such deference because they reflect the work of very well trained lawyers who, though generally associated with the political views of the President they serve, try to maintain the integrity and dispassion of a good legal scholar. It is this tradition that Goldsmith wrestles with during the difficult post-9/11 era in which many government officials went to bed at night genuinely thankful that the United States had not suffered a second terrorist attack.
Goldsmith writes that in the modern era the United States confronts an increasingly complex web of legal rules and international obligations (the Geneva Convention comes to mind) that limit actions by the President and subject individuals to legal liability. Some conservative critics have derided these rules as “lawfare,” an effort by countries weaker than the United States to use legal procedures against the US. Others might view this framework of international obligations and respect for human rights as the realization of rule of law that has helped promote peace and stability.
Goldsmith was prepared to engage in the difficult work of crafting the legal opinions that would support the White House's terrorism policies, but in the end concludes, in a subtle but powerful acknowledgment of the rule of law, that the President's actions rested on “severely damaged legal foundations.” The opinions written by his predecessors were sloppy and asserted extraordinary Presidential powers. Goldsmith went about revising these legal judgments and, in effect, changing the scope of permissible actions by the US government, most notably in the area of torture during interrogation.
Goldsmith also makes the pragmatic observation that when other Presidents faced great challenges to US security - Lincoln during the civil war, Roosevelt just prior to the US entry into the Second World War -- they reached out to Congress and members of the opposing party to explain their actions and build support for their efforts. The Bush administration typically informed Congress, in highly classified settings, only for the purpose of ensuring that future criticism could be answered that key oversight committees were “kept in the loop.” Conspiracy is another word that might apply.
Goldsmith presents some evidence that there was in fact a government within the government - comprised of Dick Cheney and David Addington - that took the occasion of a terrorist attack upon the United States to refight old battles and to realign Constitutional powers in a manner more to their liking. And it should be noted, also short-circuited the high-level vetting of OLC opinions by outside experts that helped ensure the President received the very best legal advice.
EPIC still has not obtained the documents we requested the day the President's domestic surveillance program was disclosed, though we recently received a favorable decision from a district court judge in Washington, DC that has grown impatient with the government's stonewalling. Considering the testimony of former Justice Department official James Comey, this book by Jack Goldsmith, and the widely reported effort by Alberto Gonzalez and White House Chief Staff Andrew Card to get an ailing John Ashcroft on a hospital bed to continue the President's surveillance program, one suspects that a “Go directly to Jail, do not pass Go, do not collect $200” card may be found among the legal opinions prepared by the Office of Legal Counsel.
- Marc Rotenberg
"Information Privacy Law: Cases and Materials, Second Edition" Daniel J.
Solove, Marc Rotenberg, and Paul Schwartz. (Aspen 2005).
This clear, comprehensive introduction to the field of information privacy law allows instructors to enliven their teaching of fundamental concepts by addressing both enduring and emerging controversies. The Second Edition addresses numerous rapidly developing areas of privacy law, including: identity theft, government data mining and electronic surveillance law, the Foreign Intelligence Surveillance Act, intelligence sharing, RFID tags, GPS, spyware, web bugs, and more. Information Privacy Law, Second Edition, builds a cohesive foundation for an exciting course in this rapidly evolving area of law.
"Privacy & Human Rights 2005: An International Survey of Privacy Laws
and Developments" (EPIC 2006). Price: $60.
This annual report by EPIC and Privacy International provides an overview of key privacy topics and reviews the state of privacy in over 70 countries around the world. The report outlines legal protections, new challenges, and important issues and events relating to privacy. Privacy & Human Rights 2005 is the most comprehensive report on privacy and data protection ever published.
"FOIA 2004: Litigation Under the Federal Open Government Laws," Harry
Hammitt, David Sobel and Tiffany Stedman, editors (EPIC 2004).
This is the standard reference work covering all aspects of the Freedom of Information Act, the Privacy Act, the Government in the Sunshine Act, and the Federal Advisory Committee Act. The 22nd edition fully updates the manual that lawyers, journalists and researchers have relied on for more than 25 years. For those who litigate open government cases (or need to learn how to litigate them), this is an essential reference manual.
"The Public Voice WSIS Sourcebook: Perspectives on the World Summit on
the Information Society" (EPIC 2004). Price: $40.
This resource promotes a dialogue on the issues, the outcomes, and the process of the World Summit on the Information Society (WSIS). This reference guide provides the official UN documents, regional and issue-oriented perspectives, and recommendations and proposals for future action, as well as a useful list of resources and contacts for individuals and organizations that wish to become more involved in the WSIS process.
"The Privacy Law Sourcebook 2004: United States Law, International Law,
and Recent Developments," Marc Rotenberg, editor (EPIC 2005).
The Privacy Law Sourcebook, which has been called the "Physician's Desk Reference" of the privacy world, is the leading resource for students, attorneys, researchers, and journalists interested in pursuing privacy law in the United States and around the world. It includes the full texts of major privacy laws and directives such as the Fair Credit Reporting Act, the Privacy Act, and the OECD Privacy Guidelines, as well as an up-to-date section on recent developments. New materials include the APEC Privacy Framework, the Video Voyeurism Prevention Act, and the CAN-SPAM Act.
"Filters and Freedom 2.0: Free Speech Perspectives on Internet Content
Controls" (EPIC 2001). Price: $20.
A collection of essays, studies, and critiques of Internet content filtering. These papers are instrumental in explaining why filtering threatens free expression.
EPIC publications and other books on privacy, open government, free expression, crypto and governance can be ordered at:
EPIC Bookstore http://www.epic.org/bookstore
"EPIC Bookshelf" at Powell's Books
EPIC also publishes EPIC FOIA Notes, which provides brief summaries of interesting documents obtained from government agencies under the Freedom of Information Act.
Subscribe to EPIC FOIA Notes at:
PIPA Conference: Private Sector Privacy in a Changing World. September
20-21, 2007. Vancouver, Canada. For more information:
3rd 2007 Technical Assistance Seminar on International Implementation of the APEC Privacy Framework. September 22-23, 2007. Vancouver, Canada. For more information: http://www.oipcbc.org/APEC_2007.htm
Civil Society Privacy Conference: Privacy Rights in a World Under
Surveillance. September 25, 2007. Montreal, Canada. For more
29th International Conference of Data Protection and Privacy
Commissioners. September 25-28, 2007. Montreal, Canada. For more
Georgetown University Law Center: Global Antitrust Enforcement
Symposium. September 26, 2007. Washington DC. For more information
Dialogue Forum on Internet Rights. September 27, 2007. Rome, Italy. For more information: http://www.funzionepubblica.it/dfir/
OECD and Industry Canada: Shaping Policies for Creativity, Confidence
and Convergence in the Digital World. October 3, 2007. Ottawa,
For more information:
University of Ottawa Faculty of Law: The Revealed "I". October 25-27,
2007. Ottawa, Canada. For more information:
Computer Professionals for Social Responsibility: Technology in Wartime Conference. AJanuary 26, 2008. Stanford University. For more information: http://cpsr.org/news/compiler/2007/Compiler200707#twc
Future of the Internet Economy - OECD Ministerial Meeting. June 14-18,
2008. Seoul, Korea. For more information:
Subscribe/unsubscribe via web interface:
Back issues are available at:
The EPIC Alert displays best in a fixed-width font, such as Courier.
The EPIC Alert mailing list is used only to mail the EPIC Alert and to send notices about EPIC activities. We do not sell, rent or share our mailing list. We also intend to challenge any subpoena or other legal process seeking access to our mailing list. We do not enhance (link to other databases) our mailing list or require your actual name.
In the event you wish to subscribe or unsubscribe your e-mail address from this list, please follow the above instructions under "subscription information."
The Electronic Privacy Information Center is a public interest research center in Washington, DC. It was established in 1994 to focus public attention on emerging privacy issues such as the Clipper Chip, the Digital Telephony proposal, national ID cards, medical record privacy, and the collection and sale of personal information. EPIC publishes the EPIC Alert, pursues Freedom of Information Act litigation, and conducts policy research. For more information, see http://www.epic.org or write EPIC, 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009. +1 202 483 1140 (tel), +1 202 483 1248 (fax).
If you'd like to support the work of the Electronic Privacy Information Center, contributions are welcome and fully tax-deductible. Checks should be made out to "EPIC" and sent to 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009. Or you can contribute online at:
Your contributions will help support Freedom of Information Act and First Amendment litigation, strong and effective advocacy for the right of privacy and efforts to oppose government regulation of encryption and expanding wiretapping powers.
Thank you for your support.