E P I C A l e r t
More than two years after Congress rushed through passage of the REAL ID Act, the Department of Homeland Security announced proposed regulations on March 1 that would turn the state driver's license into a national identity card. The estimated cost of the plan could be as high as $23.1 billion, according to the federal government, and the national ID system will increase security risks as well as the threats to personal privacy.
The federal agency claims that no national ID database will be created under these regulations, because there will not be a single database maintained by a federal agency. However, under the proposed regulations, DHS will impose new requirements on state motor vehicle agencies so that all state databases will be linked together. A national database with personal information of 245 million license and state ID cardholders across the country is a tempting target for identity thieves and other criminals. Yet the regulations merely include the vague requirement that states prepare a "comprehensive security plan" for REAL ID implementation. DHS does not set minimum security or privacy standards to protect a national database with sensitive personal information.
The creation of a national ID database under the REAL ID regulations comes at a time when security breaches and identity theft are on the rise. State DMVs already are the victims of outside attackers and insider license-for-bribe schemes. For the seventh year in a row, identity theft is the No. 1 concern of U.S. consumers, according to the Federal Trade Commission's annual report. Over 104 million data records of U.S. residents have been exposed due to security breaches since January 2005, according to a report from the Privacy Rights Clearinghouse.
The regulations also do not set adequate privacy and security standards for the identification card. The agency is "lean[ing] toward" using a two-dimensional bar code with encryption, but it does not require encryption. Although Homeland Security lays out the privacy and security problems associated with creating an unencrypted machine-readable zone on the license, such as allowing third parties to easily download the personal information on the license, it does not require encryption because there are concerns about "operational complexity." Homeland Security is also considering allowing radio frequency identification (RFID) technology in the cards, which means the sensitive data would be transmitted wirelessly and be vulnerable to interception by third parties. However, Homeland Security just abandoned a plan to include RFID chips in border identification documents because the pilot test was a failure. There were multiple security and privacy problems with the pilot program.
The REAL ID Act was appended to a bill providing tsunami relief and military appropriations, and passed with little debate and no hearings. It repealed provisions in the Intelligence Reform and Terrorism Prevention Act of 2004, which contained "carefully crafted language -- bipartisan language -- to establish standards for States issuing driver's licenses," Sen. Richard Durbin said at the time of REAL ID's passage. In response to the draft regulations, Sen. Patrick Leahy said, "It is ironic that we probably would have stronger drivers' licenses today if the original shared rulemaking procedures that Congress agreed to in 2004 had been allowed to move forward." Proposals to repeal Real ID have been adopted in the states and introduced in Congress.
The draft regulations are open for comment until May 8, 2007. To take
action and talk to Congress about this ill-conceived identification
scheme, visit the Electronic Frontier Foundation's Take Action page:
Department of Homeland Security's Notice of Proposed Rulemaking on REAL ID:
Senator Leahy's Press Release In Response to REAL ID Regulations:
Privacy Rights Clearinghouse's Chronology of Data Breaches:
EPIC's Testimony at Feb. 15, 2007, Hearing of the Maryland Senate Judicial Proceedings Committee (pdf):
EPIC's page on National ID Cards and the REAL ID Act:
EPIC's page on Secure Flight:
EPIC's Spotlight on Surveillance on REAL ID:
In testimony before the House Commerce Committee, EPIC staff counsel Allison Knight testified in support of H.R. 251, the Truth in Caller ID Act of 2007. EPIC said the bill rightly distinguishes between the appropriate and inappropriate uses of caller ID spoofing. EPIC testified on similar legislation in 2006.
EPIC noted that while spoofing caller ID numbers can create a real risk to individuals who might be defrauded or harmed by illegitimate uses of this technology, there are also several legitimate uses of spoofing that allow callers to limit the disclosure of their phone numbers in order to protect their privacy and in some cases their safety. This includes domestic violence survivors who are trying to reach family members and do not want their location revealed. Survivors may also need to use caller ID spoofing when calling companies that may have permissive data-sharing policies and sell information to brokers. Caller ID spoofing can also protect right of call recipients to be free from pretexting and other fraud that can lead to the loss of their privacy, and the threats of stalking, identity theft, and harassment.
EPIC pointed out that caller ID blocking isn't a complete solution for those trying to maintain privacy because automatic number identification systems and other technology can get around blocks, and some call recipients refuse to accept blocked calls. The bill as currently drafted addresses the privacy interests of both callers and call recipients by including an intent requirement in the ban on caller ID spoofing, so that spoofing is prohibited where it is clear that the person who does not provide accurate identifying information intends to defraud or cause harm.
By including an intent requirement the revised Truth in Caller ID Act of 2007 distinguishes between appropriate and inappropriate Caller ID spoofing and also preserves legitimate law enforcement techniques.
EPIC also called for the Federal Communications Commission to investigate the President's domestic surveillance program, and asked Members to support EPIC's recommendation that the Commission undertake an investigation of the possibly improper disclosure of telephone toll records by the telephone companies that are subject to the privacy obligations contained in the Communications Act.
EPIC's Testimony before the House Committee on Energy and Commerce on the Truth in Caller ID Act of 2007 (pdf):
The Truth in Caller ID Act of 2007:
EPIC's page on Domestic Surveillance:
Plans to use radio frequency identification (RFID) technology in the US-VISIT border security system have been abandoned after pilot testing failed, Department of Homeland Security Secretary Michael Chertoff admitted in Congressional testimony on February 9th. A government report released in January said testing of RFID tags embedded in I-94 documents was unsuccessful. Chertoff said about the program, "I think, yes, we're abandoning it. That's not going to be a solution."
In 2005, the Department of Homeland Security began testing RFID-enabled I-94 forms in its United States Visitor and Immigrant Status Indicator Technology (US-VISIT) program to track the entry and exit of visitors. The RFID-enabled forms stored a unique identification number, which is linked to data files containing foreign visitor's biographic information, including name, date of birth, country of citizenship, passport number and country of issuance, complete U.S. destination address, and digital fingerscans.
EPIC has warned that the proposal to embed RFID tags in travel documents places visitors to the United States at risk, citing the plan's lack of basic privacy and security safeguards. In October 2005 comments to the Department of Homeland Security, EPIC urged the Department to reject the proposal. EPIC asserted that the timesaving benefits of RFID tag use would be slight and significantly overshadowed by its privacy and security risks. EPIC explained, as an invisible technology, RFID allows a person's information to be accessed without his or her knowledge. Anytime a visitor is carrying his I-94 RFID-enabled form, unauthorized individuals could access his or her unique identification number, and thus the biographic information linked to that number.
In a July 2006 report, the Department of Homeland Security's Inspector General echoed EPIC's concerns, stating that the US-VISIT border security program fails to protect data collected through the use of RFID tags. The report found "security vulnerabilities that could be exploited to gain unauthorized or undetected access to sensitive data" associated with people who carried the RFID-enabled forms.
A report released by the Government Accountability Office in late January identified numerous performance and reliability issues in Department of Homeland Security's 15-month test. The report detailed the failure of RFID readers to detect a majority of visitors' identification numbers. US-VISIT officials had set a target read rate at 70 percent, but a weeklong test demonstrated that RFID readers correctly identified only 14 percent of identification numbers. Furthermore, the report said that even if such performance and reliability issues were addressed, questions remained about the program's future. The report said that RFID failed to "meet a key goal of US-VISIT -- ensuring that visitors who enter the country are the same ones who leave." Essentially, the I-94 form could not guarantee that the person to whom the form was issued would be the same individual exiting the country with the form.
Government Accountability Office report (pdf):
DHS Inspector General Report (redacted) (pdf):
EPIC's October 2005 comments to the Dept. of Homeland Security (pdf):
EPIC Guidelines on Commercial Use of RFID Technology (2004) (pdf):
EPIC's page on RFID:
EPIC's page on US-VISIT:
The Federal Trade Commission reports that the Child Online Privacy Protection Act (COPPA) has been successful at protecting children's privacy online. The report concludes that no changes to the regulations are warranted at this time, and that continuing enforcement with increasing civil penalties against significant violations will adequately deter unlawful conduct. The report was issued in according with Congressional demands for a "rule review" after 5 years.
Congress enacted COPPA in 1998, and the FTC issued rules which became effective in April of 2005. COPPA requires explicit parental consent of data collected on children under the age of 13; provides parents with the ability to see the data that was collected; and allows consent to be revoked and the data to be deleted. COPPA enforcement is via a mixture of FTC action and industry "safe harbor" self-regulation. The FTC has certified certain self-regulatory bodies, and it will not prosecute websites that comply with those bodies' standards.
The report identified the emerging issues of social networking sites and convergence of technologies. Social networking sites are covered by COPPA, but raise the new issue that the personal information is not simply collected, but also presented to other viewers. Convergence of technologies means that children will not be accessing the web solely on personal computers, but also with wireless handhelds and other such devices. This may make parental supervision more difficult.
EPIC filed comments for the report. In its comments, EPIC agreed that COPPA had been successful in protecting children's privacy online. EPIC also recommended more enforcement, in order to improve compliance and to clarify regulatory standards. EPIC also recommended that the FTC begin to look at cutting edge usability factors, in order to determine when websites are "directed at children." Lastly, EPIC recommended that the FTC take action to protect children's privacy offline.
FTC Report - Implementing COPPA - A Report to Congress (pdf):
EPIC Comments on COPPA:
EPIC's COPPA Page:
The US State Department has just released its annual human rights report. The report, spanning over 1800 pages and over 180 countries, describes the performance of governments in putting into practice their international commitments on human rights reflected in the United Nations Universal Declaration of Human Rights. Each country report includes a section on privacy.
Privacy and freedom of expression issues are addressed in the report mainly in the context of Internet censorship and surveillance. For example, the report documents the arrest and detention of Internet bloggers in Egypt and web journalists in China. Many countries passed legislation requiring Internet cafes to record the identities of its users and retain the data for law enforcement purposes.
The report also comments on limitations on Internet access. For example, in Turkmenistan, no new accounts have been allowed in the capital since September 2002; Vietnam forbids direct access to the Internet via Internet Service Providers; and Iran blocks access to various foreign news websites. Syria made use of its Emergency Law to censor citizens' access to the Internet.
The report states that although Chinese legislation to protect privacy exists, this was often ignored in practice in order to conduct warrantless surveillance. Authorities monitored telephone conversations, facsimile transmissions, e-mail, text messaging, and Internet communications. Authorities also opened and censored domestic and international mail. Interestingly, the US saw two similar developments in the past year as concerning anti-terrorism investigation: the revelation of its domestic surveillance program, which conducted electronic surveillance on American citizens without judicial authority, and the President's signing statement which purported to allow warrantless search of mail.
Although the introduction acknowledges that the report was released at a time when the United States' own record and actions taken have been questioned, the report does not include a section on US human rights performance.
US State Department Human Rights Report
Privacy and Human Rights 2005
Secure Flight Five Years Behind Schedule, Delayed Until 2010
Implementation of Secure Flight, a federal passenger screening program, will be delayed until 2010, at least five years behind schedule, according to the Transportation Security Administration. Secure Flight was designed to solve problems with people being mistakenly matched or mistakenly listed on government terrorism watch lists. The program was suspended a year ago after two government reports detailed security and privacy problems. One report found 144 security vulnerabilities. About $140 million has been spent on the program, and the TSA is seeking another $80 million for proposed changes.
Government Accountability Office, Testimony on Secure Flight on Feb. 9, 2006 (pdf):
EPIC's page on Secure Flight:
Five New Congressional Research Service reports have become available
Congressional Oversight of Intelligence: Current Structure and Alternatives, RL32525 (Feb. 15, 2007) (pdf). Among the alternatives this report examines are the proposals in the 9/11 Commission Report for creating a joint committee on intelligence or strengthening the individual committees with authorization and appropriations power.
Data Mining and Homeland Security: An Overview, RL 31798 (Jan. 18, 2007) (pdf). The overview includes the major DHS data mining initiatives and also notes limitations on the capability of data mining
Data Security: Federal Legislative Approaches, RL33273 (Jan. 25, 2007) (pdf). The report addresses proposed legislation for subject area; privacy safeguards; restrictions on the use of social security numbers; credit freezes; consumer reports; and preemption.
Remedies Available to Victims of Identity Theft, RL31919 (Jan. 23, 2007) (pdf). The report covers federal laws that help victims correct their credit records, as well as criminalize certain identity theft related activity.
Identity Theft: State Penalties and Remedies and Pending Federal Bills, RS 22484 (Jan. 11, 2007) (pdf). The reports lists state laws that provide criminal and civil penalties for identity theft; credit freezes; and social security number privacy.
Privacy Rights Clearinghouse Report: "Real ID Act Will Increase Exposure to ID Theft"
In an alert posted on Feburary 28, Privacy Rights Clearinghouse reports that the REAL ID Act will increase individuals' exposure to ID theft. The report states that one difficulty that ID theft victims face is the presumption that the transactions completed in their name are legitimate. Real ID may strengthen that presumption, because victims would have to confront a perception that Real IDs are more secure and difficult to obtain fraudulently. The report further states that Real ID will create new opportunities for ID thieves, because the law creates a national database of scanned copies of birth certificates, Social Security cards, and any other documents that individuals present when they apply for a license, and it mandates a nationally standardized “machine-readable zone” that will let bars, merchants and other private parties scan personal data off licenses with greater ease than ever before, putting all that information into even greater circulation.
Privacy Rights Clearinghouse Alert on REAL ID:
EPIC's page on National ID and REAL ID Act:
Hearing in the European Parliament on Passenger Name Records
On March 26, the European Parliament Committee on Civil Liberties, Justice and Home Affairs (LIBE) will hold a public seminar on Transatlantic Relations and Data Protection regarding passenger name record information, SWIFT financial data, and the Safe Harbour agreement. Growing EU concern about the privacy of personal data, particularly after the disclosure of the US' use of the Automated Targeting System on individuals, will weigh heavily in negotiations of a new EU-US passenger name record transfer agreement this spring. The European Parliament has adopted a Resolution on SWIFT, the PNR agreement and the transatlantic dialogue on these issues, which calls for Parliamentary involvement, greater transparency and the inclusion of redress measures in future agreements.
European Parliament Hearings page:
LIBE Committee on Civil Liberties, Justice and Home Affairs:
European Parliament resolution on SWIFT, the PNR agreement and the transatlantic dialogue on these issues:
EU-US Interim Agreement on the Transfer of Passenger Name Records (October 2006):
EPIC's page on EU-US Airline Passenger Data Disclosure:
EPIC's page on Passenger Profiling:
Canada lawmakers let anti-terror measures expire
Two anti-terror measures adopted as part of Canada's response to the 9/11 expired last week. The opposition party defeated Prime Minister Stephen Harper's bid to extend the measures for three years. In their five years of existence, neither provision had ever been used. The measures empower authorities to arrest and detain suspects for three days without charge and to compel individuals with knowledge of terrorist activity to testify before a judge. The vote not to renew the provisions came only days after Canada's Supreme Court struck down a provision of the Immigration and Refugee Protection Act allowing the government to detain foreign terror suspects indefinitely while the courts review their deportation orders.
The Anti-Terrorism Act (Bill C-36):
Charkaoui v. Canada (Citizenship and Immigration), 2007 SCC 9:
Canadian Survey on Identity Fraud
The Canadian Strategic Counsel recently published its annual Fraud Prevention Report for 2006. The survey found that 86% of Canadians across all demographic groups consider marketing fraud to be a serious problem, a slightly higher rate than the 2005 survey. Almost the same number of respondents believes that identity theft is on the rise. 1 in 6 Canadians surveyed reported having been victimized by identity theft in 2006. However, few individuals make a significant effort to report or resolve the incident. The most common reasons for not taking action include that it requires too much effort to report, or the amount of money was not significant enough to bother. Canada's Privacy Commissioner has called for anti-spam legislation, noting that Canada is the only G-8 country without such a law.
Canadian Strategic Counsel Fraud Prevention Report 2006 (pdf):
EPIC's page on Identity Theft:
Report on the Use of Government Watch Lists
The Constitution Project released a report entitled, "Promoting Accuracy and Fairness in the Use of Government Watch Lists," which includes a strong bipartisan call for protecting individual rights when the government uses terrorist watch lists. The report urges policymakers to promptly restrict the use of such watch lists, and adopt important reforms to govern the situations in which they are used. The report notes that the use of such lists extends well beyond airport security, and the recent revelation of the existence of an “Automated Targeting System” that gathers data on travelers and assigns computer generated risk scores further underscores the need for clear policy reform.
The Constitution Project report “Promoting Accuracy and Fairness in the Use of Government Watch Lists" (pdf):
EPIC's page on Passenger Profiling:
EPIC's Spotlight on Surveillance on the Automated Targeting System:
2007 National Freedom of Information Day Conference
National FOI Day is an annual, daylong program of speaking and discussion by specialists in various aspects of freedom of information, updating developments in FOI over the preceding year. This year's conference, “Access: Oversight & Priorities,” held on March 16, will include discussions of government secrecy, publication of classified information and access priorities for the coming year. The American Library Association will present its annual James Madison Awards, and new reports and publications will be released. The ninth annual FOI Day Conference is sponsored by the First Amendment Center. Sunshine Week will co-sponsor the event, which will be held in cooperation with the American Library Association, OpenTheGovernment.org and the Coalition of Journalists for Open Government.
First Amendment Center National FOI Day page:
EPIC's FOIA Notes page:
"Who Controls the Internet: Illusions of a Borderless World" by Jack Goldsmith and Tim Wu (Oxford University Press 2006).
“Is the Internet truly "flattening" the modern world? Will national boundaries crumble beneath the ever-increasing volume of Internet traffic? Goldsmith and Wu, both professors of law (Goldsmith at Harvard, Wu at Columbia), think not, and they present an impressive array of evidence in their favor. The authors argue national governments will continue to maintain their sovereignty in the age of the Internet, largely because of economics: e-businesses - even giants such as Yahoo, Google and eBay - need governmental support in order to function. When Yahoo, an American company, was tried in French court for facilitating the auctioning of Nazi paraphernalia in violation of French law, the company was eventually forced to comply with local laws or risk losing the ability to operate in France. As eBay grew into an Internet powerhouse, its "feedback" system could not keep up with cunning con artists, so it hired hundreds of fraud prevention specialists (known as "eBay cops"). Goldsmith and Wu begin with an overview of the Internet's early days, replete with anecdotes and key historical chapters that will be unknown to many readers, but their book quickly introduces its main contention: that existing international law has the power to control the Internet, a conclusion web pundits, cyberlaw specialists and courts across the globe will inevitably challenge. Wu's and Goldsmith's account of the power struggle between the Utopian roots of the Internet and the hegemony of national governments is a timely chronicle of a history still very much in the works.”
"Information Privacy Law: Cases and Materials, Second Edition" Daniel J.
Solove, Marc Rotenberg, and Paul Schwartz. (Aspen 2005).
This clear, comprehensive introduction to the field of information privacy law allows instructors to enliven their teaching of fundamental concepts by addressing both enduring and emerging controversies. The Second Edition addresses numerous rapidly developing areas of privacy law, including: identity theft, government data mining and electronic surveillance law, the Foreign Intelligence Surveillance Act, intelligence sharing, RFID tags, GPS, spyware, web bugs, and more. Information Privacy Law, Second Edition, builds a cohesive foundation for an exciting course in this rapidly evolving area of law.
"Privacy & Human Rights 2005: An International Survey of Privacy Laws
and Developments" (EPIC 2006). Price: $60.
This annual report by EPIC and Privacy International provides an overview of key privacy topics and reviews the state of privacy in over 70 countries around the world. The report outlines legal protections, new challenges, and important issues and events relating to privacy. Privacy & Human Rights 2005 is the most comprehensive report on privacy and data protection ever published.
"FOIA 2004: Litigation Under the Federal Open Government Laws," Harry
Hammitt, David Sobel and Tiffany Stedman, editors (EPIC 2004).
This is the standard reference work covering all aspects of the Freedom of Information Act, the Privacy Act, the Government in the Sunshine Act, and the Federal Advisory Committee Act. The 22nd edition fully updates the manual that lawyers, journalists and researchers have relied on for more than 25 years. For those who litigate open government cases (or need to learn how to litigate them), this is an essential reference manual.
"The Public Voice WSIS Sourcebook: Perspectives on the World Summit on
the Information Society" (EPIC 2004). Price: $40.
This resource promotes a dialogue on the issues, the outcomes, and the process of the World Summit on the Information Society (WSIS). This reference guide provides the official UN documents, regional and issue-oriented perspectives, and recommendations and proposals for future action, as well as a useful list of resources and contacts for individuals and organizations that wish to become more involved in the WSIS process.
"The Privacy Law Sourcebook 2004: United States Law, International Law,
and Recent Developments," Marc Rotenberg, editor (EPIC 2005).
The Privacy Law Sourcebook, which has been called the "Physician's Desk Reference" of the privacy world, is the leading resource for students, attorneys, researchers, and journalists interested in pursuing privacy law in the United States and around the world. It includes the full texts of major privacy laws and directives such as the Fair Credit Reporting Act, the Privacy Act, and the OECD Privacy Guidelines, as well as an up-to-date section on recent developments. New materials include the APEC Privacy Framework, the Video Voyeurism Prevention Act, and the CAN-SPAM Act.
"Filters and Freedom 2.0: Free Speech Perspectives on Internet Content
Controls" (EPIC 2001). Price: $20.
A collection of essays, studies, and critiques of Internet content filtering. These papers are instrumental in explaining why filtering threatens free expression.
EPIC publications and other books on privacy, open government, free expression, crypto and governance can be ordered at:
EPIC Bookstore http://www.epic.org/bookstore
"EPIC Bookshelf" at Powell's Books
EPIC also publishes EPIC FOIA Notes, which provides brief summaries of interesting documents obtained from government agencies under the Freedom of Information Act.
Subscribe to EPIC FOIA Notes at:
RFID and Ubiquitous Computing. Trans Atlantic Consumer Dialogue. March
12, 2007. Brussels, Belgium. For more information:
4th Annual Electronic Health Records Conference. Insight Information.
March 13, 2007. Vancouver, Canada. For more information:
Consumer Authentication: How Do You Know It Is Really Me? American Bar Association, Section of Business Law. March 16, 2007. Washington, DC.
National FOI Day Conference. March 16, 2007. Washington DC. For more information: http://www.firstamendmentcenter.org
Workshop on Surveillance & Inequality. Arizona State University. March
16-18, 2007. Tempe, Arizona. For more information:
Patient Privacy Coalition meeting. March 21, 2007. Washington DC. For more information contact Dr. Deborah Peel at: firstname.lastname@example.org
Data Privacy and Integrity Advisory Committee meeting. Department of Homeland Security. March 21, 2007. Washington, DC. For more information contact: PrivacyCommittee@dhs.gov
5th Conference on Privacy and Public Access to Court Records. Center for
Legal and Court Technology and Administrative Office of the
States Courts. March 22-23, 2007. Williamsburg, Virginia. For more
The Policy Challenges of Electronic Privacy. European Parliamentary Technology Assessment organization. March 28, 2007. Brussels, Belgium. For more information contact email@example.com
Communications event. American Bar Association. March 28, 2007. Washington DC.
Privacy Coalition meeting. March 30, 2007. Washington DC. For information contact Lillie Coney at: firstname.lastname@example.org
Proof Positive: New Directions for ID Authentication Public Workshop. Federal Trade Commission. April 23 and 24, 2007. Washington DC. For more information contact: email@example.com
CFP2007: Computers, Freedom, and Privacy Conference. Association for
Computing Machinery. May 2007. Montreal, Canada. For more information:
Conference on Interdisciplinary Studies in Information Privacy and Security. Rutgers University. May 22, 2007. New Brunswick. For more information: http://www.scils.rutgers.edu/ci/isips/
Privacy Compliance Conference. The Canadian Institute. May 30-31, 2007.
Toronto, Canada. For more information:
29th International Conference of Data Protection and Privacy
Commissioners. September 25-28, 2007. Montreal, Canada. For more
Subscribe/unsubscribe via web interface:
Back issues are available at:
The EPIC Alert displays best in a fixed-width font, such as Courier.
The EPIC Alert mailing list is used only to mail the EPIC Alert and to send notices about EPIC activities. We do not sell, rent or share our mailing list. We also intend to challenge any subpoena or other legal process seeking access to our mailing list. We do not enhance (link to other databases) our mailing list or require your actual name.
In the event you wish to subscribe or unsubscribe your e-mail address from this list, please follow the above instructions under "subscription information."
The Electronic Privacy Information Center is a public interest research center in Washington, DC. It was established in 1994 to focus public attention on emerging privacy issues such as the Clipper Chip, the Digital Telephony proposal, national ID cards, medical record privacy, and the collection and sale of personal information. EPIC publishes the EPIC Alert, pursues Freedom of Information Act litigation, and conducts policy research. For more information, see http://www.epic.org or write EPIC, 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009. +1 202 483 1140 (tel), +1 202 483 1248 (fax).
If you'd like to support the work of the Electronic Privacy Information Center, contributions are welcome and fully tax-deductible. Checks should be made out to "EPIC" and sent to 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009. Or you can contribute online at:
Your contributions will help support Freedom of Information Act and First Amendment litigation, strong and effective advocacy for the right of privacy and efforts to oppose government regulation of encryption and expanding wiretapping powers.
Thank you for your support.