E P I C A l e r t
EPIC is seeking a smart, energetic, creative individual
for the position of Staff Counsel
Deadline: Nov. 30, 2007
Click here for more details http://www.epic.org/epic/jobs/counsel_1007.html
EPIC filed a friend of the court brief in Crawford v. Marion County, the Indiana voter photo identification case before the Supreme Court. EPIC and 10 legal scholars and technical experts urged the Court to invalidate an Indiana law requiring individuals to show a government-issued photo ID card before they were allowed to vote. Prior to the enactment of this law, voters were required only to sign a book at the polling place, where a photocopy of the voter's signature was kept on file.
EPIC's arguments in the case were twofold: "First, the Indiana law ostensibly seeks to address the problem of voter fraud through the establishment of photo requirement at the polling place, yet leaves open the ongoing risk of fraud made possible by absentee voting. As a matter of logic, the identification requirement is flawed. Second, the state voter ID law will almost certainly rely upon the federally mandated REAL ID, a controversial system of identification that will introduce additional privacy and security risks."
The identification scheme created under the Indiana law at issue does not solve the type of voter fraud that has been documented in the state, EPIC said. Neither the state nor the courts have been able to identify one case in which a photo ID requirement would have prevented voter fraud. Indiana has a recent and documented history of absentee voter fraud, but the law at issue creates an exception for absentee voters, allowing them to vote without presenting government-issued photo identification.
Another aspect of the voter photo identification system rests on the ability of poll workers to accurately identify a wide range of state and federal government documents as well as the person depicted in the photograph. There are a variety of points in the process of collecting, storing and sharing data at which errors could result in disenfranchisement of voters. "It is important that if the state of Indiana continues to rely upon voter registration records, that it develops data quality control protocols to improve the accuracy and reliability of this information," EPIC said.
Even though final regulations for the federal REAL ID national identification system have yet to be released from the Department of Homeland Security, Indiana began implementing changes in July to prepare for the national ID system. The state has admitted voters will likely be required to present REAL ID-compliant cards. EPIC has repeatedly detailed the myriad security and privacy programs associated with the system. Seventeen states have passed legislation against the scheme, and Congress is debating repealing REAL ID.
In the brief, EPIC explained, "The REAL ID Act of 2005 and the draft regulations promulgated by DHS create a fundamentally flawed national identification system that will not improve the security of Indiana's voter identification system. Integrating Indiana's voter system with REAL ID will make it easier to commit identification theft while preventing eligible individuals from exercising their right to vote."
EPIC's page on Crawford v. Marion County, Indiana:
EPIC's page on Voting and Privacy:
The National Committee for Voting Integrity:
EPIC's page on National ID Cards and REAL ID Act:
After completing its preliminary investigation, the European Commission Directorate on Competition has announced a four-month in-depth investigation into Google's $3.1 billion proposed merger with Internet advertising company DoubleClick. According to the Directorate, "[t]he Commission will, in particular, investigate whether without this transaction, DoubleClick would have grown into an effective competitor of Google in the market for online ad intermediation. It will also investigate whether the merger, which combines the leading providers of respectively, on the one hand, online advertising space and intermediation services, and, on the other hand, ad serving technology, could lead to anti-competitive restrictions for competitors operating in these markets and thus harm consumers."
The proposed merger is also under review by the U.S. Federal Trade Commission following complaints filed by EPIC, the Center for Digital Democracy and US PIRG that detail the reasons why the FTC needs to establish substantial privacy safeguards as a condition of the merger. The filings include proposals for a range of steps the Commission could take by means of a consent order to safeguard consumer privacy.
There have been increasing calls for oversight of the FTC's investigation into the proposed Google-DoubleClick merger. Last week, a dozen Republican members of the House Subcommittee on Commerce, Trade and Consumer Protection requested a hearing into the privacy aspects of the proposed Google-DoubleClick merger. In a letter, the members stated that the privacy implications of the merger "are enormous" and that a hearing is needed to understand how consumers' information is used and what can be done to better protect consumer privacy.
In September, the Senate Judiciary Committee's Subcommittee on Antitrust, Competition Policy and Consumer Rights held a hearing entitled "An Examination of the Google-DoubleClick Merger and the Online Advertising Industry: What Are the Risks for Competition and Privacy?" Senator Herb Kohl stated at the hearing that he believed privacy is an integral part of the antitrust review. "Some commentators believe that antitrust policymakers should not be concerned with these fundamental issues of privacy, and merely be content to limit their review to traditional questions of effects on advertising rates. We disagree," Sen. Kohl said. "The antitrust laws were written more than a century ago out of a concern with the effects of undue concentrations of economic power for our society as a whole, and not just merely their effects on consumers' pocketbooks. No one concerned with antitrust policy should stand idly by if industry consolidation jeopardizes the vital privacy interests of our citizens so essential to our democracy."
Last month, in a letter to the Subcommittee on Financial Services and General Government of the U.S. House Committee on Appropriations, EPIC urged oversight of the Federal Trade Commission's review of the proposed Google-DoubleClick merger. The Subcommittee is responsible for the annual appropriation for the Federal Trade Commission. EPIC set out the privacy concerns arising from the proposed merger as well as the statements of various experts. If the FTC fails to establish substantial privacy safeguards as a condition of the proposed Google-DoubleClick merger, "we believe there should be a comprehensive investigation of the factors that led to the FTC's decision," EPIC said.
European Commission Directorate on Competition, Press Release, Mergers: Commission opens in-depth investigation into Google's proposed take over of DoubleClick (November 13, 2007):
European Commission Directorate on Competition, Page on Investigation of Proposed Google-DoubleClick Merger:
Twelve Republican Members of Congress, Letter Requesting a Hearing on the Privacy Aspects of the Proposed Google/DoubleClick Merger (November 6, 2007) (pdf):
Senate Judiciary Committee, "An Examination of the Google-DoubleClick Merger and the Online Advertising Industry: What Are the Risks for Competition and Privacy?":
EPIC's Letter to the House Subcommittee on Financial Services and General Government (October 26, 2007) (pdf):
EPIC's page on Privacy? Proposed Google/DoubleClick Deal:
The Department of Homeland Security Privacy Office has announced a public workshop, "CCTV: Developing Privacy Best Practices," to be held in December. "This workshop will provide a forum to begin a discussion to inform development of best practices for the use of CCTV by government agencies," DHS said.
The agency also requests comments from the public on the following topics: "1. Are there existing state, local, or international programs that have developed privacy and civil liberties guidelines for CCTV that can serve as resources for the development of best practices? 2. How can CCTV systems be designed in a manner that respects privacy and civil liberties? 3. What measures are necessary to protect privacy and civil liberties when governments have the ability to link into privately owned CCTV networks or have access to images and footage that such networks have captured? 4. How can Privacy Impact Assessments (PIAs) be used as a means of protecting privacy in this area? What would make for an effective PIA? How can government agencies incorporate the findings of PIAs into their CCTV networks and guidelines? 5. What are the privacy and civil liberties best practices you would recommend for government use of CCTV?" All comments must include the docket number: DHS-2007-0076.
EPIC and others have detailed a number of problems with the use of video surveillance systems. In the past, EPIC has said that there "is concern not only about the amount of images and information collected, but its uses and the length of time it is retained. Many also question whether this surveillance impinges upon free speech and freedom of association - especially when it is used to monitor political protests and rallies." EPIC recommends "clear procedural guidelines and legislation that addresses the effectiveness, purpose, and usage of video surveillance, as well as the sharing and retention of the individuals' images recorded, and that provides for penalties and public oversight."
EPIC has further explained, "Some of the arguments invoked by law enforcement authorities to justify their use of video surveillance are that it helps prevent crime and that there is no expectation of privacy in public spaces. Evidence, however, has shown that video surveillance cameras have limited, if any, effects on crime prevention. In most cases, surveillance merely enhances people's sense of security rather than their actual physical security."
There is international debate about camera surveillance systems, as well. Last month, Privacy International filed a complaint with the Ontario Information and Privacy Commissioner's Office regarding plans to deploy 12,000 cameras across Toronto's transportation network of buses, streetcars, and subways at a cost of $18 million. According to Privacy International, the Toronto Transit Commission has repeatedly argued that Closed Circuit Television acts as a deterrent despite international criminological evidence proving otherwise.
In its complaint, Privacy International argues that the collection principles in the relevant legislation are not being sufficiently attended to in that the collection is not necessary, that the scheme is being deployed without consideration to privacy and associated protocols, and with insufficient consideration regarding access powers.
The Department of Homeland Security's two-day workshop on camera surveillance systems will be held on December 17 and December 18, 2007. The workshop is free and open to the public.
Department of Homeland Security Federal Register Notice on Town Hall:
Privacy International Complaint to Ontario Information and Privacy Commissioner's Office (Oct. 24, 2007) (pdf):
EPIC's page on Video Surveillance:
The US government has released its "National Strategy for Information Sharing." The strategy describes information sharing between state and local governments, the private sector and foreign governments, and includes the administration's "core privacy principles" for protecting privacy. Privacy guidelines, developed by the Attorney General and Director of National Intelligence, are built on these core principles.
Privacy is described as a "core facet" of information sharing efforts. The privacy principles limit information sharing to the broad and undefined "terrorism, homeland security or law enforcement information related to terrorism." Participation in information sharing is not conditioned on successful implementation of the principles. For implementation, the President directed the creation of the Privacy Guidelines Committee, consisting of the Attorney General, Director of National Intelligence and agency privacy officers. No citizen advocates sit on the committee.
The National strategy summarizes some of the completed information sharing tasks. The strategy touts the creation of an "Information Sharing Environment"; significant grant funding to stated and local "information fusion centers"; the consolidation of watchlists in a "terrorist screening center"; and the creation of the "Homeland Security Information Network" for two-way information sharing between federal and stated and local officials.
Per the strategy, information needs of state and local entities grow as they incorporate homeland security into their day-to-day crime fighting activities. Fusion centers are the are the "primary focal points" for sharing of terrorism related information. Private sector information sharing focuses on sharing with operators and owners of "critical infrastructure." In receiving foreign information the "guiding objective" is to ensure that the US can disseminate the information "as broadly as possible." The impact on US persons' privacy of sharing their information with foreign governments is to be "considered."
National Strategy for Information Sharing:
EPIC's page on Fusion Centers:
The Miller Center for Public Affairs of the University of Virginia hosted a national discussion on Privacy and Security after 9/11. Panelists debated the proposition: "In the war against terrorism, and with advances in technology, Americans need to lower their expectations of privacy."
Arguing for the proposition were professor Douglas Kmiec of the Pepperdine Law School and Kim Taipale, executive director of the Center for Advanced Studies in Science and Technology Policy. Arguing against the proposition were Lord John Alderdice, a member of the British House of Lords and a key negotiator in the peace agreement between the British and Irish governments, and Marc Rotenberg, executive director of the Electronic Privacy Information Center (EPIC) in Washington, DC.
Lord John Alderdice described the experience of terrorism up to the landmark Good Friday peace agreement said that the governments had made many mistakes. "When laws are passed without proper and due consideration, they're usually not very good laws, and we discover problems with them. And when governments act rapidly and without thought, it's frequently counterproductive."
In the debate exchange, Prof. Kmiec, the former head of the Office of Legal Counsel for President Reagan and President Bush, asked Rotenberg whether it would be permissible for the government to deploy a device that could detect weapons-grade plutonium without a court order. Rotenberg responded there would be no privacy objection, but said the example provided "is almost at the exact opposite end of the spectrum from the type of mass public surveillance we experience today in this country." Rotenberg described the the collection of the telephone records of U.S. citizens "suspected of no crimes, turned over by the telephone companies to the National Security Agency without a legal basis and without judicial authority."
Rotenberg then asked Kmiec whether he agreed with the President's assertion that he has inherent authority to conduct surveillance in the United States, and if so, is there any stopping point for the President's authority. Kmiec replied "the president had indeed a justifiable and plausible argument for the authority that he asserted" but went on to say that it was important to make sure that the information gathered "is only being used for terrorist prevention purposes and is not being either retained or disseminated in a fashion contrary to that objective."
Former Virginia Governor Gerald L. Bailes, director of the Miller Center, opened the event. NewsHour Senior Correspondent Ray Suarez served as moderator. The event was produced by MacNeil/Lehrer productions. A debate on the Huffington Post preceded the discussion. The Miller Center website features extensive materials on the debate topic, including a background paper, surveys and reports, key privacy law, polls, YouTube videos and a lesson plan for educators.
National Discussion and Debate Series, Privacy (resources):
Miller Center Privacy Debate (QuickTime video):
Miller Center Privacy Debate (MP3 audio):
Miller Center Privacy Debate (Transcript):
Huffington Post Debate, "Privacy v. Security? Privacy" (Rotenberg):
Huffington Post Debate, "Privacy v. Security? Security" (Taipale):
EPIC Testimony on "Security and Liberty" before 9/11 Commission:
Final Report of the 9/11 Commission:
Homeland Security Backs Down on Flawed REAL ID Plan
The Department of Homeland Security has announced major changes to the planned REAL ID national identification system. The original deadline for implementation was 2008, but has been pushed back to 2013. Now, DHS may delay implementation until 2018 and may significantly reduce the requirements set out in draft regulations released in March of 2007. EPIC and others have repeatedly detailed security and privacy problems with the system that creates a national ID database and imposes federal responsibilities upon state agencies that have neither the trained employees nor the resources to fulfill these responsibilities. The final regulations, originally to be released in September of 2007, have yet to be published. Congress is debating legislation to repeal the national identification scheme.
Stop REAL ID Campaign site:
EPIC's page on National ID Cards and REAL ID Act:
European Union to Collect Passengers' Flight Information
The European Commission has unveiled a proposal to establish a passenger name records (PNR) system similar to that of the US. The European PNR system would require PNR data for all flights entering or departing the European Union. The data will be processed for the purpose of carrying out a risk assessment of passengers' "threat levels," in order to assist in terrorism and organized crime investigations. Air carriers already have an obligation to communicate Advance Passenger Information to Member States for the purpose of fighting illegal immigration. The new scheme increased the amount of data required, and the purposes for which it will be used.
EU PNR Proposal Press Release:
EPIC's page on EU-US Passenger Data Disclosure:
Privacy International Study on Journalist Privacy
UK-based Privacy International last week released a study on worldwide journalist protections. The study notes that the United States is one of the few democracies that does not provide nationwide protection for journalists. The study includes regional reports describing country-level protections. The regional reports are broken down into legal protections, searches, wiretapping and national security laws. Privacy International concludes with proposed guidelines on protection of journalists' sources.
"Silencing Sources: An International Survey of Protections and Threats to Journalists' Sources":
EPIC's page on Privileges:
Facebook Unveils New "Social Ads"
Social networking site Facebook.com unveiled a new advertising product called "social ads." Marketers create Facebook profiles and purchase advertising targeting other users' profile information. Further, users' name and pictures will be shown to their friends as promoting a product after that user interacts with the marketer in some way. Some law professors have questioned whether this violates the privacy tort prohibiting commercial appropriation of name and likeness. Facebook's privacy settings do not currently allow one to opt out of receiving marketing or being used in it.
Facebook Social Ads:
EPIC's page on Social Networking Privacy:
EAC Announces 2007 Voluntary Voting System Guidelines
On November 6, 2007 the Election Assistance Commission announced a public comment period for its 2007 version of the Voluntary Voting System Guidelines, which will end at 4:00 PM on March 5, 2008. The agency's first federally-approved guidance for electronic voting systems was approved in December 2005, but no voting system has been approved under the new federal testing and certification process. Only two systems of the nine currently under review for federal certification have applied under the 2005 voting system guidelines. The document open for comment is only available electronically on the agency's web site.
Voting Systems applying for certification:
Federal Register Notice:
EAC Document Open for Public Comment:
National Committee for Voting Integrity:
New Study: Sharing, Privacy and Trust in Our Networked World
The Online Computer Library Center has released its international study on online social spaces, entitled “Sharing, Privacy and Trust in Our Networked World.” The survey polled over 6,100 respondents from Canada, France, Germany, Japan, the UK and the US, as well as 382 US library directors. The study focuses on user practices and preferences in social spaces, user attitudes about sharing, information privacy, and librarian social networking practices and preferences.
OCLC Study: Sharing, Privacy and Trust in Our Networked World:
Privacy and Human Rights Report 2006:
EPIC's page on Social Networking Privacy:
"Whispering Wires" by Philip Metcalfe (Inkwater 2007)
Big Ray Olmstead was a prominent businessman in the Seattle of the 1920s. Well liked by politicians, with two brothers in the police department and a successful business that in good months brought in over $200,000, Olmstead was one of the best known bootleggers of the Prohibition era.
Olmstead shunned the moonshine and other low-grade liquor that contributed to much of the Depression-era misery. He imported fine bonded liquors from Canada that were served in restaurants and clubs throughout Seattle.
Not surprisingly, there was not much interest in Seattle in prosecuting Mr. Olmstead, but over time federal agents came to the Northwest and built their case, not on the testimony of witnesses -- who would object? -- but using records of the telephone conversations between Olmstead and his associates.
Olmstead was aware of the wiretap operation and tried several techniques to defeat the feds. Calls were placed from public phones. Phone numbers would change. His wife obtained a party line so that the calls from their home were interspersed with the neighborhood chit-chat.
The problem for the federal agents was that wiretapping was against the law in Washington state. One of the key issues in the case against Olmstead was whether this new type of evidence could be admitted in court.
In addition to the colorful history of Prohibition-era Seattle and the Olmstead business operations, "Whispering Wires" recounts the excitement of the month-long trial, the front-page headlines, and the dramatic moments in the courtroom. Several of Seattle's prominent businessmen testified, including a young William Boeing who would help launch a new economy in the Queen City as the era of bootlegging drew to a close.
With an eye to the appeal ahead, Olmsteads's attorney argued to the jury, "I don't care any more about Roy Olmstead than you do. But his liberty has the same basis as yours. And if you steal his liberty on such evidence, then some day your liberty may be stolen in the same way."
Following the conviction, Olmstead's case went to the Supreme Court. At issue was the admissibility of the wiretap evidence. The telephone companies sided with the notorious bootlegger. But the Court rejected the appeal. Chief Justice Taft said that no search occurred. "The intervening wires," Taft wrote, "are not part of his house or office any more than are the highways along which they are stretched."
Justice Brandeis, borrowing from the fine brief of the telephone companies, reasoned that the intrusion into a telephone call was far more intrusive than the interception of a letter which was already protected by law. Brandeis's dissent in the Olmstead case, one of the most important in American law, argued that this was a search and the government's case should be tossed out.
It would take another forty years and another criminal -- this one calling in numbers from a payphone from a Los Angeles street corner -- for the Supreme Court to agree with Brandeis.
Philip Metcalfe's book brings to life the Prohibition era in the Pacific Northwest and with it one of the most remarkable chapters in the history of privacy law in the United States.
-- Marc Rotenberg
"Information Privacy Law: Cases and Materials, Second Edition" Daniel J.
Solove, Marc Rotenberg, and Paul Schwartz. (Aspen 2005).
This clear, comprehensive introduction to the field of information privacy law allows instructors to enliven their teaching of fundamental concepts by addressing both enduring and emerging controversies. The Second Edition addresses numerous rapidly developing areas of privacy law, including: identity theft, government data mining and electronic surveillance law, the Foreign Intelligence Surveillance Act, intelligence sharing, RFID tags, GPS, spyware, web bugs, and more. Information Privacy Law, Second Edition, builds a cohesive foundation for an exciting course in this rapidly evolving area of law.
"Privacy & Human Rights 2006: An International Survey of Privacy Laws
and Developments" (EPIC 2007). Price: $75.
This annual report by EPIC and Privacy International provides an overview of key privacy topics and reviews the state of privacy in over 75 countries around the world. The report outlines legal protections, new challenges, and important issues and events relating to privacy. Privacy & Human Rights 2006 is the most comprehensive report on privacy and data protection ever published.
"FOIA 2006: Litigation Under the Federal Open Government Laws," Harry A. Hammitt, Marc Rotenberg, Melissa Ngo, and Mark S. Zaid, editors (EPIC 2007). Price: $50. http://www.epic.org/bookstore/foia2006
This is the standard reference work covering all aspects of the Freedom of Information Act, the Privacy Act, the Government in the Sunshine Act, and the Federal Advisory Committee Act. The 23nd edition fully updates the manual that lawyers, journalists and researchers have relied on for more than 25 years. For those who litigate open government cases (or need to learn how to litigate them), this is an essential reference manual.
"The Public Voice WSIS Sourcebook: Perspectives on the World Summit on
the Information Society" (EPIC 2004). Price: $40.
This resource promotes a dialogue on the issues, the outcomes, and the process of the World Summit on the Information Society (WSIS). This reference guide provides the official UN documents, regional and issue-oriented perspectives, and recommendations and proposals for future action, as well as a useful list of resources and contacts for individuals and organizations that wish to become more involved in the WSIS process.
"The Privacy Law Sourcebook 2004: United States Law, International Law,
and Recent Developments," Marc Rotenberg, editor (EPIC 2005).
The Privacy Law Sourcebook, which has been called the "Physician's Desk Reference" of the privacy world, is the leading resource for students, attorneys, researchers, and journalists interested in pursuing privacy law in the United States and around the world. It includes the full texts of major privacy laws and directives such as the Fair Credit Reporting Act, the Privacy Act, and the OECD Privacy Guidelines, as well as an up-to-date section on recent developments. New materials include the APEC Privacy Framework, the Video Voyeurism Prevention Act, and the CAN-SPAM Act.
"Filters and Freedom 2.0: Free Speech Perspectives on Internet Content
Controls" (EPIC 2001). Price: $20.
A collection of essays, studies, and critiques of Internet content filtering. These papers are instrumental in explaining why filtering threatens free expression.
EPIC publications and other books on privacy, open government, free expression, crypto and governance can be ordered at:
EPIC Bookstore http://www.epic.org/bookstore
"EPIC Bookshelf" at Powell's Books
EPIC also publishes EPIC FOIA Notes, which provides brief summaries of interesting documents obtained from government agencies under the Freedom of Information Act.
Subscribe to EPIC FOIA Notes at:
US Department of Homeland Security E-Verify Stakeholder Meeting. Washington DC. Tuesday, November 27, 2007. For more information, email MarshaLyons@westat.com
Internet Identity Workshop. Mountain View, CA. December 3-5, 2007. For more information http://www.windley.com/events/iiw2007b/register.shtml
Seattle Technology Law Conference. December 13-14, 2007. Seattle, WA. For more information: http://www.lawseminars.com/seminars/07COMWA.php
US Department of Homeland Security Privacy Office Public Workshop: CCTV - Developing Privacy Best Practices. Arlington, VA. December 17-18, 2007. For more information, email firstname.lastname@example.org
ACI’s 7th National Symposium on Privacy & Security of Consumer and Employee Information. January 23-24, 2008. Philadelphia, PA. For more information: http://www.americanconference.com/privacy
Computer Professionals for Social Responsibility: Technology in Wartime Conference. January 26, 2008. Stanford University. For more information: http://cpsr.org/news/compiler/2007/Compiler200707#twc
Future of the Internet Economy - OECD Ministerial Meeting. June 14-18,
2008. Seoul, Korea. For more information:
Subscribe/unsubscribe via web interface:
Back issues are available at:
The EPIC Alert displays best in a fixed-width font, such as Courier.
The EPIC Alert mailing list is used only to mail the EPIC Alert and to send notices about EPIC activities. We do not sell, rent or share our mailing list. We also intend to challenge any subpoena or other legal process seeking access to our mailing list. We do not enhance (link to other databases) our mailing list or require your actual name.
In the event you wish to subscribe or unsubscribe your e-mail address from this list, please follow the above instructions under "subscription information."
The Electronic Privacy Information Center is a public interest research center in Washington, DC. It was established in 1994 to focus public attention on emerging privacy issues such as the Clipper Chip, the Digital Telephony proposal, national ID cards, medical record privacy, and the collection and sale of personal information. EPIC publishes the EPIC Alert, pursues Freedom of Information Act litigation, and conducts policy research. For more information, see http://www.epic.org or write EPIC, 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009. +1 202 483 1140 (tel), +1 202 483 1248 (fax).
If you'd like to support the work of the Electronic Privacy Information Center, contributions are welcome and fully tax-deductible. Checks should be made out to "EPIC" and sent to 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009. Or you can contribute online at:
Your contributions will help support Freedom of Information Act and First Amendment litigation, strong and effective advocacy for the right of privacy and efforts to oppose government regulation of encryption and expanding wiretapping powers.
Thank you for your support.