E P I C A l e r t
On January 21, EPIC Executive Director Marc Rotenberg testified before the European Parliament on the privacy policies of Internet search engines. The hearing, entitled "Data Protection and Search Engines on Internet: the Google-DoubleClick case," explored the privacy implications of the Google-DoubleClick merger. EPIC highlighted the increased risk of individual user identification associated with database consolidation, storage of search queries, user IP addresses, and information on user online activity.
Rotenberg stated that the European Commission must establish privacy safeguards because the US Federal Trade Commission failed to do so during the US merger review of Google and ad company DoubleClick. Rotenberg also stated that Google was beginning to reveal the characteristics of an "information monopolist" and that it was important for governments to act to preserve the rights of citizens and to safeguard competition and innovation in the information economy. While the privacy implications of such mergers were largely ignored by the FTC's Google-DoubleClick decision, EPIC emphasizes that the privacy concerns were clearly recognized in the United States Congress. Bipartisan support for an investigation into the matter was forthcoming as numerous leading congressmen, senators, and consumer protection experts voiced their concern about the privacy implications of the merger.
One of the most interesting discussions to come out of the hearing dealt with the question of whether an IP address constitutes personally identifiable information. If so, then the practices of the major search engines would violate the EU Data Directive. Germany's data protection commissioner, Peter Schaar, said that an IP address "has to be regarded as personal data" when someone is identified by it. Google retains the IP address, the search query, the Google cookie and the time and date of the search for two years for every single search request on every Internet user in the world who uses the Google search product.
European Parliament, "Do internet companies protect personal data well enough?" (press release):
EPIC's Testimony before the European Parliament (pdf):
EPIC's page on Privacy? Proposed Google-DoubleClick Merger:
In comments filed January 15 with the Department of Homeland Security, EPIC detailed its "Framework for Protecting Privacy & Civil Liberties If CCTV Systems Are Contemplated." EPIC explained that it "does not support the creation nor the expansion of video surveillance systems, because their limited benefits do not outweigh their enormous monetary and social costs." EPIC's guidelines explain that (1) alternatives to CCTV are preferred; (2) there must be a demonstrated need for the system; (3) the public and privacy and security experts must be consulted before the system is created; (4) Fair Information Practices must govern any use of video surveillance; (5) there must be a privacy and civil liberties assessment; and (6) there needs to be room to create enhanced safeguards for any enhanced surveillance.
Despite an exponential increase in the number of publicly-funded CCTV systems being deployed across the country, no uniform rules or guidelines exist to protect the privacy rights or civil liberties of individuals who are the subject of video surveillance. Since 2003, the Department of Homeland Security has allocated $230 million in grants to communities and law enforcement bodies for creating and maintaining camera surveillance systems, all without demonstrating that the money is being effectively allocated. In its submission, EPIC argued that CCTV systems are not effective law enforcement tools, and that studies show that public money is put to better use by investing in proven law enforcement and crime prevention techniques such as increasing the number of police officers in communities.
CCTV surveillance systems not only waste limited public resources, they also create a significant power imbalance that makes it all too easy for individuals' privacy rights and civil liberties to be ignored by public officials. The watched do not know who is watching, for the reason they are being watch, or how the data is being recorded, stored or used. Camera operators, on the other hand, are anonymous and may find that they are in a position of power in which no one monitors their use of the powerful technology at their disposal. Technological advancements have made storage and consolidation of data easy, which creates some very serious potential risks to privacy and civil liberties.
Within the few short years that publicly-funded CCTV systems have been proliferating there have been many examples of the technology being misused or abused by officials. At the 2004 Republican National Convention in New York City, a police helicopter equipped with an infrared camera was deployed to monitor protesters but instead filmed a couple's intimate romantic activity on their terrace; the couple had believed themselves shielded from public view by thick shrubbery. In 2005, a police officer used surveillance cameras to gaze at women's breasts and buttocks at the San Francisco International Airport. Video surveillance has also been used to record and identify individuals engaged in peaceful protests, creating a chill on lawful activities protected by the First Amendment. CCTV has also been proven to facilitate discriminatory behavior. For example, studies have found that black males are disproportionately singled out for additional scrutiny when camera systems are used.
Given the significant potential for inappropriate or illegal behavior on the part of CCTV operators, EPIC stated that public video surveillance should only be deployed or expanded if the six stringent conditions are met. The conditions set out in EPIC's comments will minimize the negative impact that such systems, if deployed, would have on privacy rights and civil liberties.
EPIC's Comments to the DHS (pdf):
EPIC's Page on Video Surveillance:
Privacy International's Page on Video Surveillance:
DHS Privacy Office Page (includes information about DHS Privacy Workshops):
On January 18, EPIC and five other privacy organizations filed a complaint with the Federal Trade Commission against Ask.com alleging that Ask.com is engaging in unfair and deceptive trade practices with the representations concerning AskEraser, a new search service that purports to protect privacy. On its site, Ask.com claimed that once enabled, AskEraser would allow users to have more control of their search activities and that all search activities would be deleted from Ask.com servers "within hours." Ask.com also asserted that the new search tool "will offer its searchers unmatched control over their privacy."
Following the release of AskEraser last month, EPIC and several other privacy organizations wrote to Ask.com's CEO Jim Lazone and requested the company to modify some of the functions of this new product. After a detailed study of the new search tool, EPIC found that Ask Eraser (1) requires a confusing and misleading opt-out cookie, where once deleted, the privacy setting is lost and Ask.com no longer honors the user's privacy setting; (2) creates a quasi-unique identifier, where Ask.com inserts the exact time (down to the second) that the user enabled Ask Eraser; and (3) will be disabled without notice; despite indicating to the user that the AskEraser function is enabled.
Ask.com has not yet responded to these requests. Pending an adequate resolution of the issues identified in the complaint, EPIC and the other privacy groups called on the Commission to promote the development of genuine Privacy Enhancing Techniques that would protect the privacy interests of American consumers. Specifically, the complaint urged the Commission to use its authority to review AskEraser's privacy flaws and order Ask.com to remove AskEraser from the marketplace.
As a condition of offering AskEraser in the future, Ask.com should meaningfully address the various privacy flaws associated with AskEraser by (1) Ceasing to use the opt-out cookie; (2) Ceasing to create a Persistent Identifier on customers; (3) Providing meaningful notice if the service will be disabled; and (4) Establishing enforceable privacy safeguards for the transfer of user information to third parties, consistent with Ask.com's own policies.
EPIC's Complaint to the FTC (pdf):
EPIC's letter to Ask.com (December 20, 2007) (pdf):
Ask.com's Ask Eraser's FAQ Page:
On January 11, Department of Homeland Security Secretary Michael Chertoff released the agency's final regulations for REAL ID, the national identification system. The proposal has drawn sharp criticism from state governments, members of Congress, civil liberties advocates, and security experts. The law was passed in 2005 and will require significant changes to the state driver's license if such ID cards are to be use for "federal purposes."
REAL ID was appended to a bill providing tsunami relief and military appropriations, and passed with little debate and no hearings. The REAL ID Act repealed provisions in the Intelligence Reform and Terrorism Prevention Act of 2004, which contained "carefully crafted language -- bipartisan language -- to establish standards for States issuing driver's licenses," according to Sen. Richard Durbin.
In the final regulations, Secretary Chertoff scaled back some of the requirements, reduced the cost, and extended the deadline for state compliance. As part of the cost-saving effort, Homeland Security has decided not to encrypt the data that will be stored on the card, leaving the data open for download by third parties, such as clubs and bars. The agency said that it would make $360 million available to the states to implement REAL ID -- $80 million in dedicated funding and the agency will allow the states can use up to $280 million in homeland security grant funding. States argue that those grants are apportioned to first responder training, port security, and other homeland security programs, and that funds should not be diverted away from these programs to pay for the national identification system.
Homeland Security says that states must apply to the agency for an extension and promise to implement the REAL ID national identification system or else the states' driver's licenses and ID cards will not be "accepted for federal purposes" beginning on May 11, 2008. Currently, "federal purposes" is defined as entering federal buildings, boarding commercial flights, and entering nuclear facilities. However, Secretary Chertoff also indicated that the REAL ID card would be used for a wide variety of purposes, unrelated to the law that authorized the system, including employment verification and immigration determination. He also indicated that the agency would not prevent the use of the card by private parties for non-government purposes.
The states are rebelling against the national ID scheme. On January 18, Montana governor Brian Schweitzer wrote to the governors of 17 states asking them to join him in rejecting the REAL ID system. Montana is one of 17 that has passed legislation against REAL ID. "Today, I am asking you to join with me in resisting the DHS coercion to comply with the provisions of REAL ID," Gov. Schweitzer wrote. "I would like us to speak with one, unified voice and demand the Congress step in and fix this mess."
Congress is considering legislation to repeal REAL ID. Sen. Patrick Leahy, who co-sponsored legislation to replace REAL ID with the negotiated rulemaking process originally enacted in the 2004 Intelligence Reform and Terrorist Prevention Act, criticized the final regulations. "The Bush administration's REAL ID program will not only lead to long lines at every DMV across the country, it will impose a massive unfunded mandate on state governments while offering absolutely no federal privacy protections to our citizens," Sen. Leahy said. "It is unfortunate that instead of addressing the fundamental problems this law poses for the states, the Administration appears content merely to prolong a contentious and unproductive battle to force the states to comply."
The Department of Homeland Security has also been criticized for its own poor security practices. In May 2007, a Homeland Security office lost the personal data of 100,000 employees. According to security expert Bruce Schneier, "Measures like REAL ID have limited security benefit. Identification systems are complex, and the unforgability of the plastic card is only a small part of the security equation. Issuance procedures, verification procedures, and the back-end database are far more vulnerable to abuse, and -- perversely -- a harder-to-forge card makes subverting the system even more valuable. Good security doesn't try to divine intentionality from identification, but instead provides for broad defenses regardless of identification."
Department of Homeland Security's Page on REAL ID (including links to Final Rule and final Privacy Impact Assessment):
Sen. Patrick Leahy, Press Release about REAL ID Final Regulations (Jan. 11, 2008):
Letter From Montana Governor to 17 States (Jan. 18, 2008) (pdf):
Stop REAL ID Campaign:
EPIC's Press Release: Homeland Security Department Announces Deeply Flawed Regulations For National ID System (Jan. 11, 2008):
EPIC's Page on National ID Cards and REAL ID Act (includes links to states' anti-REAL ID legislation):
Earlier this month, the First Circuit Court of Appeals heard oral arguments in a case concerning a New Hampshire state law banning the sale of prescribe-identifiable prescription drug data for marketing purposes. In August, EPIC and 16 experts in privacy and technology filed a "friend of the court" brief urging the First Circuit Court of Appeals to reverse the ruling of the lower court, which held that the NH Prescription Confidentiality Act violated the free speech rights of data mining companies.
On June 30, 2006, the New Hampshire legislature unanimously passed the Prescription Confidentiality Act, which prohibits prescription information records that contain patient- or prescriber-identifiable data from being transferred, licensed, sold, or used for most commercial purposes. This includes marketing, advertising, and other forms of promotion. The Act specifically bars the use of prescriber-identifiable data for "physician detailing," which involves the sale of patient prescription records to datamining firms that generate sales leads for pharmaceutical companies. The Act explicitly permitted the use of this data for such non-commercial purposes as research and education.
The Plaintiffs-Appellees, IMS Health and Verispan, are both data mining companies which purchase and compile prescription information in order to sell the data. In the District Court, IMS Health and Verispan alleged that the new Act violated their First Amendment right to free speech, claiming that: 1) the law was subject to strict scrutiny because it provided a content-based restriction on non-commercial free speech; 2) the law violated the First Amendment because it was not narrowly tailored to serve compelling state interests; and 3) if the judge determined that the law was subject to intermediate scrutiny because it only restricted commercial speech, it still did not advance a substantial government interest in a narrowly tailored way.
In the State's defense, the Attorney General argued: 1) that the law did not implicate the First Amendment because it did not regulate speech; and even if the Act did implicate speech, 2) the law should survive intermediate scrutiny because it advanced the State's substantial interests in promoting public health, controlling health care costs and protecting the privacy of patients and doctors, while still allowing the data to be used for non-commercial purposes. The District Court rejected all of the Attorney General's arguments, finding that the government did not have an interest in "preventing the dissemination of truthful commercial information" and that the law was more expansive than necessary to promote the State's interests. The District Court held that the Act did not advance a substantial interest in protecting the privacy of patients and health care providers. New Hampshire appealed to the First Circuit Court of Appeals, which will soon hear the case.
There are approximately 1.4 million health care providers in the United States. These providers write billions of prescriptions each year for more than 8,000 different pharmaceutical products, which are filled at 54,000 retail pharmacies throughout the country. For every prescription they fill, the retail pharmacies acquire records, which include: patient name; prescriber identification; drug name; dosage requirement; quantity; and date filled. In order to comply with federal and state privacy laws, patient-identifying information is encrypted and de-identified, often with software installed by the datamining companies themselves. The rest of the prescription record remains intact. Thus, a patient's entire drug history is correlated, and each provider can be identified along with its prescribing habits. This practice raises privacy concerns for both patients and health care providers, said EPIC and the 16 experts in their brief.
EPIC and the experts said the lower court should be reversed, because it failed to consider the substantial privacy interest in de-identified patient data. Although de-identification measures are increasingly innovative and computationally complex, patient data is still vulnerable to attacks because sophisticated re-identification programs are also being developed, the experts said. Individuals can be re-identified using information such as zip code, date of birth, and gender and then comparing that data to publicly available information. Such information is easily accessible via birth and death records, incarceration reports, voter registration files, and driver's license information.
This privacy interest in part flows from the reality that data may not be, in fact, truly de-identified, and also because de-identified data does impact actual individuals. The experts explained that (1) the information is not truly anonymized; (2) as a result, there are real dangers to patient privacy in having this data trade, and therefore (3) the state interest in protecting patient privacy, ignored by the court below, requires reversal.
Also this month, the nation's first law requiring consumer notification of security breaches concerning medical data went into effect. California's AB1298 expands the state's data breach notification law to include: unencrypted medical histories, mental or physical conditions, medical treatments and diagnoses, unencrypted insurance policy or subscriber numbers, applications for insurance, and claims histories and appeals. The law applies to all state agencies and companies that do business with state residents.
California's AB1298, expanding state data breach notification law to include medical information (pdf):
Amicus Brief of EPIC and 16 Experts in Privacy Law and Technology (August 20, 2007) (pdf):
Opinion of the District Court (April 30, 2007) (pdf):
New Hampshire Prescription Confidentiality Act:
EPIC's page on IMS Health v. Ayotte:
UK Considers Implanting Prisoners With RFID Chips
The United Kingdom is planning to implant "machine-readable" radio frequency identification (RFID) tags under the skin of thousands of offenders in a move to create more space in British jails. Amid concerns about the security and removal of existing tagging systems, the Ministry of Justice is investigating the use of satellite and radio-wave technology to monitor criminals placed in the community. But instead of being contained in bracelets worn around the ankle, the tiny chips would be surgically inserted under the skin of offenders. The RFID tags, as long as two grains of rice, are able to carry scanable personal information about individuals, including their identities, address and offending record. EPIC has spoken out against the use of RFID technology for identifying individuals, highlighting the privacy and security issues. In October 2007, California became the third state to sign into a law a bill that broadly prohibits the implantation of RFID chips into humans without consent.
EPIC's page on RFID Systems:
Reports: Privacy and Security in Government
The Congressional Research Service released a report on intelligence issues facing Congress in the new year. The Report summarizes the debate on changes to the Foreign Intelligence Surveillance Act. The report also discusses the implementation of the Intelligence Reform Act, which created the position of the Director of National Intelligence. The Research Service provides policy and legal analysis in a non-partisan basis to members of Congress.
The Government Accountability Office (GAO) has found that the IRS has made "limited progress" in addressing information security weaknesses. The GAO previously identified 98 weaknesses, and of these only 29 have been adequately addressed. The IRS continues to issue passwords that are not complex, grants excessive access to individuals without need, and fails to install security patches in a timely manner. These and other weaknesses threaten the confidentiality of IRS data processing systems.
CRS: Intelligence Issues for Congress (pdf):
GAO: IRS Needs to Address Pervasive Weaknesses (pdf):
EPIC's page on FISA:
Study: Americans Increasingly Concerned About Online Privacy
Privacy concerns stemming from online shopping rose in 2007, a new study finds, as the loss or theft of credit card information and other personal data soared to unprecedented levels. Sixty-one percent of adult Americans said they were very or extremely concerned about the privacy of personal information when buying online, an increase from 47 percent in 2006. Before last year, that figure had largely been dropping since 2001. People who do not shop online tend to be more worried, as are newer Internet users, regardless of whether they buy things on the Internet, according to the survey from the University of Southern California's Center for the Digital Future.
2008 Digital Future Report Highlights:
EPIC's page on Social Networking Privacy:
Facebook Data Retention Investigated in UK
Social networking site Facebook is under investigation by the UK Information Commissioner for its data retention practices. Facebook users may "deactivate" their accounts, leaving their personal information on Facebook servers but inaccessible to the public. Users have to individually delete each profile element. The investigation follows a complaint from a user unable to fully delete his profile. The Information Commissioner is an independent authority that protects personal information.
EPIC's page on Facebook:
Legacy of Ashes: The History of the CIA by Tim Weiner (Doubleday 2007).
"For the last sixty years, the CIA has managed to maintain a formidable reputation in spite of its terrible record, burying its blunders in top-secret archives. Its mission was to know the world. When it did not succeed, it set out to change the world. Its failures have handed us, in the words of President Eisenhower, “a legacy of ashes.”
“Now Pulitzer Prize-winning author Tim Weiner offers the first definitive history of the CIA-and everything is on the record. LEGACY OF ASHES is based on more than 50,000 documents, primarily from the archives of the CIA itself, and hundreds of interviews with CIA veterans, including ten Directors of Central Intelligence. It takes the CIA from its creation after World War II, through its battles in the cold war and the war on terror, to its near-collapse after 9/ll.”
“Tim Weiner's past work on the CIA and American intelligence was hailed as “impressively reported” and “immensely entertaining” in The New York Times. The Wall Street Journal called it “truly extraordinary . . . the best book ever written on a case of espionage.” Here is the hidden history of the CIA: why eleven presidents and three generations of CIA officers have been unable to understand the world; why nearly every CIA director has left the agency in worse shape than he found it; and how these failures have profoundly jeopardized our national security."
"Information Privacy Law: Cases and Materials, Second Edition" Daniel J.
Solove, Marc Rotenberg, and Paul Schwartz. (Aspen 2005).
This clear, comprehensive introduction to the field of information privacy law allows instructors to enliven their teaching of fundamental concepts by addressing both enduring and emerging controversies. The Second Edition addresses numerous rapidly developing areas of privacy law, including: identity theft, government data mining and electronic surveillance law, the Foreign Intelligence Surveillance Act, intelligence sharing, RFID tags, GPS, spyware, web bugs, and more. Information Privacy Law, Second Edition, builds a cohesive foundation for an exciting course in this rapidly evolving area of law.
"Privacy & Human Rights 2006: An International Survey of Privacy Laws
and Developments" (EPIC 2007). Price: $75.
This annual report by EPIC and Privacy International provides an overview of key privacy topics and reviews the state of privacy in over 75 countries around the world. The report outlines legal protections, new challenges, and important issues and events relating to privacy. Privacy & Human Rights 2006 is the most comprehensive report on privacy and data protection ever published.
"FOIA 2006: Litigation Under the Federal Open Government Laws," Harry A. Hammitt, Marc Rotenberg, Melissa Ngo, and Mark S. Zaid, editors (EPIC 2007). Price: $50. http://www.epic.org/bookstore/foia2006
This is the standard reference work covering all aspects of the Freedom of Information Act, the Privacy Act, the Government in the Sunshine Act, and the Federal Advisory Committee Act. The 23nd edition fully updates the manual that lawyers, journalists and researchers have relied on for more than 25 years. For those who litigate open government cases (or need to learn how to litigate them), this is an essential reference manual.
"The Public Voice WSIS Sourcebook: Perspectives on the World Summit on
the Information Society" (EPIC 2004). Price: $40.
This resource promotes a dialogue on the issues, the outcomes, and the process of the World Summit on the Information Society (WSIS). This reference guide provides the official UN documents, regional and issue-oriented perspectives, and recommendations and proposals for future action, as well as a useful list of resources and contacts for individuals and organizations that wish to become more involved in the WSIS process.
"The Privacy Law Sourcebook 2004: United States Law, International Law,
and Recent Developments," Marc Rotenberg, editor (EPIC 2005).
The Privacy Law Sourcebook, which has been called the "Physician's Desk Reference" of the privacy world, is the leading resource for students, attorneys, researchers, and journalists interested in pursuing privacy law in the United States and around the world. It includes the full texts of major privacy laws and directives such as the Fair Credit Reporting Act, the Privacy Act, and the OECD Privacy Guidelines, as well as an up-to-date section on recent developments. New materials include the APEC Privacy Framework, the Video Voyeurism Prevention Act, and the CAN-SPAM Act.
"Filters and Freedom 2.0: Free Speech Perspectives on Internet Content
Controls" (EPIC 2001). Price: $20.
A collection of essays, studies, and critiques of Internet content filtering. These papers are instrumental in explaining why filtering threatens free expression.
EPIC publications and other books on privacy, open government, free expression, crypto and governance can be ordered at:
EPIC Bookstore http://www.epic.org/bookstore
"EPIC Bookshelf" at Powell's Books
EPIC also publishes EPIC FOIA Notes, which provides brief summaries of interesting documents obtained from government agencies under the Freedom of Information Act.
Subscribe to EPIC FOIA Notes at:
Computer Professionals for Social Responsibility: Technology in Wartime Conference. January 26, 2008. Stanford University. For more information: http://cpsr.org/news/compiler/2007/Compiler200707#twc
Mobility, Data Mining And Privacy: Preserving Anonymity in Geographically Referenced Data. February 14, 2008. Rome, Italy. For more information http://wiki.kdubiq.org/mobileDMprivacyWorkshop
ALI-ABA, Privacy Law: Developments, Planning, and Litigation. March 13-14, 2008. Washington, D.C. For more information http://www.ali-aba.org/CN090
CFP 2008: Technology Policy 08. New Haven, Connecticut. May 19-23, 2008. For more information http://www.cfp2008.org
Future of the Internet Economy - OECD Ministerial Meeting. June 17-18,
2008. Seoul, Korea. For more information:
Conference on Ethics, Technology and Identity. The Hague. June 18-20, 2008. For more information http://www.ethicsandtechnology.eu/ETI
Subscribe/unsubscribe via web interface:
Back issues are available at:
The EPIC Alert displays best in a fixed-width font, such as Courier.
The EPIC Alert mailing list is used only to mail the EPIC Alert and to send notices about EPIC activities. We do not sell, rent or share our mailing list. We also intend to challenge any subpoena or other legal process seeking access to our mailing list. We do not enhance (link to other databases) our mailing list or require your actual name.
In the event you wish to subscribe or unsubscribe your e-mail address from this list, please follow the above instructions under "subscription information."
The Electronic Privacy Information Center is a public interest research center in Washington, DC. It was established in 1994 to focus public attention on emerging privacy issues such as the Clipper Chip, the Digital Telephony proposal, national ID cards, medical record privacy, and the collection and sale of personal information. EPIC publishes the EPIC Alert, pursues Freedom of Information Act litigation, and conducts policy research. For more information, see http://www.epic.org or write EPIC, 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009. +1 202 483 1140 (tel), +1 202 483 1248 (fax).
If you'd like to support the work of the Electronic Privacy Information Center, contributions are welcome and fully tax-deductible. Checks should be made out to "EPIC" and sent to 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009. Or you can contribute online at:
Your contributions will help support Freedom of Information Act and First Amendment litigation, strong and effective advocacy for the right of privacy and efforts to oppose government regulation of encryption and expanding wiretapping powers.
Thank you for your support.