Home | Databases | WorldLII | Search | Feedback EPIC Alert

EPIC Alert 15.20 [2008] EPICAlert 20

E P I C A l e r t

http://www.epic.org/alert/EPIC_Alert_15.20.html

All U.S. agencies with counterterrorism programs that collect or "mine" personal data -- such as phone, medical, and travel records or Web sites visited -- should be required to systematically evaluate the programs' effectiveness, lawfulness, and impacts on privacy, says a new report from the National Research Council. Both classified and unclassified programs should be evaluated before they are set in motion and regularly thereafter for as long as they are in use, says the report.

The report also says that Congress should re-examine existing law to assess how privacy can be protected in such programs, and should consider restricting how personal data are used. And it recommends that any individuals harmed by violations of privacy be given a meaningful form of redress.

"The danger of terror attacks on the U.S. is real and serious, and we should use the information technologies at our disposal to combat this threat," said William Perry, co-chair of the committee that wrote the report, former U.S. secretary of defense. "However, the threat does not justify government activities that violate the law, or fundamental changes in the level of privacy protection to which Americans are entitled."

Each time a person makes a telephone call, uses a credit card, pays taxes, or takes a trip, he or she leaves digital tracks, records that often end up in massive corporate or government databases. Through formal or informal agreements, government has access to much of the data owned by private-sector companies. Agencies use sophisticated techniques to mine some of these databases -- searching for information on particular suspects, and looking for unusual patterns of activity that may indicate a terrorist network.

Pattern-Seeking Data-Mining Methods Are of Limited Usefulness

Routine forms of data mining can provide important assistance in the fight against terrorism by expanding and speeding traditional investigative work, the report says. Far more problematic are automated data-mining techniques that search databases for unusual patterns of activity not already known to be associated with terrorists, the report says. Although these methods have been useful in the private sector for spotting consumer fraud, they are less helpful for counterterrorism precisely because so little is known about what patterns indicate terrorist activity; as a result, they are likely to generate huge numbers of false leads. Actions such as arrest, search, or denial of rights should never be taken solely on the basis of an automated data-mining result, the report adds.

Oversight Needed to Protect Privacy, Prevent "Mission Creep"

Collecting and examining data to try to identify terrorists inevitably involves privacy violations, since even well-managed programs necessarily result in some "false positives" where innocent people are flagged as possible threats, and their personal information is examined. A mix of policy and technical safeguards could minimize these intrusions, the report says. Indeed, reducing the number of false positives also improves programs' effectiveness by focusing attention and resources on genuine threats.

Policymakers should consider establishing restrictions on the use of data, the committee said. Although some laws limit what types of data the government may collect, there are few legal limits on how agencies can use already-collected data, including those gathered by private companies. An agency could obtain and mine a database of financial records for counterterrorism purposes, for example, and then decide to use it for an entirely different purpose, such as uncovering tax evaders. Restrictions on use can help ensure that programs stay focused on the particular problems they were designed to address, and guard against unauthorized or unconsidered expansion of government surveillance power.

Poor-quality data are a major concern in protecting privacy because inaccuracies may cause data-mining algorithms to identify innocent people as threats, the report says. Linking data sources together tends to compound the problem; current literature suggests that a "mosaic" of data assembled from multiple databases is likely to be error-prone. Analysts and officials should be aware of this tendency toward errors and the consequent likelihood of false positives.

All information-based programs should be accompanied by robust, independent oversight to ensure that privacy safeguards are not bypassed in daily operations, the report says. Systems should log who accesses data, thus leaving a trail that can itself be mined to monitor for abuse.

The report notes that another area ripe for congressional action is legislation to clarify private-sector rights, responsibilities, and liability in turning over data to the government -- areas that are currently unclear. Although the committee did not recommend specific content for this legislation, it noted that private companies should not be held liable simply for complying with government requirements to turn over data.

EPIC has written extensively on the problems with data mining and opposed the establishment of Total Information Awareness.

National Research Council: http://sites.nationalacademies.org/nrc/index.htm

"Protecting Individual Privacy in the Struggle Against Terrorism: A Framework for Program Assessment" (Overview): http://www.nationalacademies.org/morenews/20081007.html

"Protecting Individual Privacy in the Struggle Against Terrorism: A Framework for Program Assessment" (Report): http://www.nap.edu/catalog.php?record_id=12452

NRC Press Release, Oct. 8, 2008: http://epic.org/redirect/101008_NRC_terrorism.html

EPIC on Problems with Data mining: http://epic.org/privacy/profiling/datamining3.25.03.html

EPIC, Total Information Awareness: http://epic.org/privacy/profiling/tia/

On October 7, 2008, the U.S. Supreme Court heard arguments in Herring v. United States. EPIC filed a "friend of the court" brief in the case, urging the Justices to ensure the accuracy of police databases. The EPIC brief was filed on behalf of 27 legal scholars and technical experts and 13 privacy and civil liberty groups. EPIC explained how government databases are becoming increasingly unreliable according to the government's own studies, and urged the Court to "ensure an accuracy obligation on law enforcement agents who rely on criminal justice information systems." The amici warned that, "to permit a good faith reliance on data that is inaccurate, incomplete, or out of date will actually exacerbate the problem and increase the likelihood of unfair treatment in the criminal justice system."

In Herring v. US, the Court will determine whether an arrest based on inaccurate information in a criminal justice database should be upheld. Police arrested Bennie Dean Herring based on incorrect information in a government warrant database. He was searched incident to the improper arrest, and police discovered evidence of unrelated alleged crimes - drug and gun possession. Herring told the officers that no arrest warrant existed, and no officer had seen or could produce a copy of the warrant.

After he was indicted for drug possession, Herring petitioned the trial court to suppress the evidence gathered incident to his unlawful arrest, arguing that the exclusionary rule prevented the use of such evidence. The court refused to exclude the evidence, stating that the police relied on the erroneous information in good faith. Herring has asked the Supreme Court to overturn the decision.

Pamela S. Karlan, EPIC Advisory Board member and Stanford Law School professor, argued on behalf of Herring. "There's not a Barney Fife defense to the violation of the Fourth Amendment," she said, "if [the police] had been doing a good job of maintaining their records all along, this violation never would have occurred." Ms. Karlan further advocated for "a system in which suppression hearings can be conducted expeditiously based on the facts of particular cases."

EPIC's brief said that government database technology has changed dramatically since 1995, when the Court upheld the use of evidence obtained from an erroneous arrest record that was the product of a court clerk's mistake. In recent years, there has been an increase in information sharing not just among federal agencies but also between federal, state, local, tribal and commercial entities.

The policies and practices of modern policing have been changed by the federal government's Information Sharing Environment as well as state and local fusion centers. These developments allow broad data gathering and sharing. "Today, the police have within their electronic reach access to an extraordinary range of databases including: the National Crime Information Center, systems associated with the federal government's employment eligibility verification system, terrorist watch lists and various commercial databases," EPIC's brief said.

These government and commercial databases are filled with errors; according to the federal government's own reports. "Yet the government has further compounded the problems with record inaccuracies with two decisions: first, the increased distribution of the data not just among government agencies but among federal, state, local, tribal and commercial entities; and second, the exemption of database systems from important privacy and accuracy requirements set out in federal laws."

"Friend-of-the-court," Brief by EPIC, 27 Legal Scholars and Technical Experts and 13 Privacy and Civil Liberty Groups (May 16, 2008): http://epic.org/privacy/herring/07-513tsac_epic.pdf

Transcript of Herring v. US argument: http://epic.org/redirect/101008_SCOTUS_Herring.html

US Supreme Court Docket page for Herring v. US: http://www.supremecourtus.gov/docket/07-513.htm

EPIC page on Herring v. US: http://epic.org/privacy/herring/

EPIC's page on the 2003 online petition urging the reestablishment of accuracy requirements for the FBI's National Crime Information Center, the nation's largest criminal justice database: http://epic.org/privacy/ncic/

On October 3, 2008, The Department of Justice released revised guidelines governing the Federal Bureau of Investigation's surveillance of Americans. The guidelines will become effective on December 1, 2008. The revised guidelines grant federal agents authority to use more invasive investigation techniques more often. In response, Senator Patrick Leahy warned that the guidelines lack "clear rules, bright lines and close oversight," and noted that "the FBI has itself abused overly broad authorities it has been given in the past, including the misuse of National Security Letters."

The previous standards set forth separate standards regarding criminal law enforcement activities; national security efforts; foreign intelligence collection; and other activities. The separate guidelines restricted the use of invasive surveillance techniques to specific circumstances, and offered some privacy protections for individuals who were not suspected of a crime. For example, the previous guidelines permitted preliminary physical surveillance of citizens if law enforcement agents had particularized suspicion of criminal activity, but barred such spying if the government had no suspicion of criminal activity.

The new guidelines permit widespread, invasive physical surveillance of citizens without suspicion of criminal wrongdoing. In addition, the new guidelines permit federal agents to recruit new informants to spy on Americans before an investigation is even opened by the FBI. The guidelines also permit the collection of foreign intelligence information inside the United States through both "assessments" and predicated "full investigations" with little explicit protection for information gathered, as well as broad information-sharing provisions with few constraints.

Questions remain regarding the relationship between the consolidated guidelines and the FBI's 2003 rules prohibiting the use of race as the sole factor in federal law enforcement investigations. The new guidelines reference the 2003 protections, but the 2003 document is based on the distinctions between criminal law enforcement activities, national security efforts, and foreign intelligence collection that are eliminated in the new, consolidated rules. This conflict raises the threat of racial profiling by federal law enforcement agents.

On September 17, 2008, the Senate Judiciary Committee held a hearing titled "Oversight of the Federal Bureau of Investigation" regarding the revised guidelines. FBI Director Robert Mueller III testified, and Senators expressed concern regarding the FBI's lack of collaboration with Congress regarding the new guidelines. Senators have voiced concerns regarding the use of intrusive investigative techniques without any factual basis. Senators Russ Feingold, Edward Kennedy, Richard Durbin and Sheldon Whitehouse urged the FBI to include bare minimum safeguards, such as: banning surveillance or other investigative activity based on a suspect's race, ethnicity, national origin or religion; requiring some factual proof for opening inquiries; and taking steps to protect the information that the FBI collects about U.S. citizens and residents, particularly in gathering foreign intelligence data.

Previously, Congressmen John Conyers, Jr., Robert C. Scott and Jerrold Nadler, members of the House of Representatives Judiciary Committee, questioned the need to consolidate the FBI guidelines during the waning days of the Bush Administration. They voiced doubts regarding the effect of such amendments on Americans' constitutional rights. The Congressmen also raised the specter of innocent citizens coming under a cloud of suspicion for legitimate religious and political activities.

EPIC page on Attorney General Guidelines: http://epic.org/privacy/fbi/

Reaction Of Senator Patrick Leahy To The Attorney General Consolidated Guidelines: http://leahy.senate.gov/press/200810/100308a.html

Attorney General Consolidated Guidelines: http://www.usdoj.gov/opa/opa_documents.htm

Attorney General Memorandum to Department Components on Guidelines for Domestic FBI Operations: http://www.usdoj.gov/ag/readingroom/guidelines-memo.pdf

US Department of Justice 2003 Guidelines Regarding Racial Profiling: http://epic.org/redirect/092608_USDOJ_race_prof.html

Senators express concern to the Attorney General over FBI Guidelines: http://feingold.senate.gov/~feingold/releases/08/08/20080820.html

Testimony of the FBI Director to the Senate Judiciary Committee: http://www.fbi.gov/congress/congress08/mueller091708.htm

Testimony of FBI General Counsel to the Senate Intelligence Committee: http://www.fbi.gov/congress/congress08/caproni092308.htm

Skype is a popular instant messenger plus Voice-over-Internet Protocol (VoIP) software. While calls from computer to computer is free, calls from computer to landline telephones come for a small fee. The software also allows file transfers, video conferencing and texting to cellphones. Skype, owned by eBay, went into a joint venture with TOM Online, a wireless provider based in China, to create a co-branded version of Skype for exclusive use in China, dubbed the "TOM-Skype."

To comply with Chinese laws, TOM operates a text filter in TOM-Skype which automatically blocked certain words from appearing in text-chats. In 2006, Skype declared that if the messages were found to be unsuitable for displaying, it was simply discarded and not displayed or transmitted anywhere.

However, a recent joint report of the Information Warfare Monitor and ONI Asia, authored by Nart Villeneuve, paints a contrary, darker picture. The report found that full text chat messages of TOM-Skype users and other Skype users who have communicated with TOM-Skype users, are regularly scanned for sensitive keywords and then the information is uploaded and stored on servers in China. This data, along with other records containing personal information and contact details are then stored on the insecure, publicly accessible web server. As the encryption key is also stored at the same location, it was possible for anyone to decrypt the data.

The report further highlighted the keywords that trigger the data capture; and the subsequent uploading pertain to keywords relating to political topics or obscenity. The TOM-Skype surveillance network consists of eight servers that were part of the network and includes a version meant for cybercafes which contained log files and information revealing the list of censored words.

With a total of over a million messages, the personal information in the log files of the server contained IP addresses from over 59 different countries, usernames, date and time of entry and call records. The content filter logs dating from August 2008 contained identifying information including email addresses, passwords, phone numbers, package tracking numbers and bank card numbers.

The report findings raise questions about the degree of cooperation between TOM Online and Skype with the Chinese government in monitoring the communication of activists and dissidents as well as ordinary citizens. In the last few days, the President of Skype addressed the issue by expressing that he was not aware of TOM's policy of uploading and storing of chat messages from Skype and he was in the process of obtaining information from TOM regarding the secret change of policy. He declared that the accessibility of TOM's servers were a security breach which had been fixed.

In 2004, Shi Tao, a Chinese journalist was arrested and then imprisoned by the Chinese authorities for 'disclosure of state secrets' by forwarding an email after Yahoo cooperated with the Chinese authorities which led to Tao's arrest. Yahoo was subsequently questioned by the House Foreign Affairs Committee over this decision.

The EPIC publication on Privacy and Human Rights brings to the fore such issues prevalent in China and other parts of the world. China regularly monitors all internet activity and actively censors content it deems objectionable. As an example, although the Chinese Foreign Ministry assured guests of privacy during the Beijing Olympic Games, Senator Brownback stated that he had obtained an order from the Chinese Public Security Bureau directing all hotels to intercept and record internet activities of all guests.

Breaching Trust: An analysis of surveillance and security practices on China's TOM-Skype platform: http://www.infowar-monitor.net/breachingtrust.pdf

Comments about Skype chat text filtering in China (April 2006): http://epic.org/redirect/101008_SKYPE_comments.html

Skype President addresses Chinese Privacy Breach (October 2008): http://epic.org/redirect/101008_SKYPE_president.html

EPIC's page on Olympic Privacy: http://epic.org/privacy/olympic/default.html

EPIC's link on Privacy & Human Rights (2006): http://epic.org/phr06/

Bruce Schneier, noted author and internationally recognized security expert, and Philip Friedman, a Washington DC consumer protection attorney participated in a Privacy '08 National Press Club event on Monday, October 6, 2008.

The event was organized by the Electronic Privacy Information Center (EPIC) to promote public discussion about privacy and the Presidential campaign. Earlier, in September, EPIC held a Privacy '08 event at the National Press Club, during which Bob Barr, the Libertarian Party candidate for President, addressed privacy concerns facing the American public. Congressman Barr spoke about numerous privacy topics, and exhorted other candidates to debate on wiretapping and surveillance issues. Barr also urged the public to challenge elected officials to articulate their positions on how citizens' privacy relates to the government's need to promote industry and prevent crime.

The Privacy 08 effort sought that the moderators of the Presidential and Vice Presidential debates ask the candidates a question about privacy. Gwen Ifill, moderator of the Vice Presidential Debate, did ask a about privacy. Both Senators McCain and Obama have posted policy statements about privacy on their web site, but neither candidate has addressed this issue directly during the campaign.

Although Senator Obama and Senator McCain have not made privacy central to their platforms, privacy issues have affected the campaigns. In March 2008, the State Department determined that three private contractors accessed the confidential passport files of Presidential candidates Hillary Clinton, John McCain, and Barack Obama. An independent government report later criticized lax federal protections for sensitive passport data.

Privacy '08 Letter to Jim Lehrer: http://www.privacy08.org/pdf/Privacy08_Letter_to_Lehrer.pdf

Privacy '08 - a Time for Debate: http://www.privacy08.org/debates.php

Privacy Statement by Four Presidential Candidates: http://www.votenader.org/weagree/

Privacy '08 Facebook Cause: http://www.epic.org/redirect/fbprivacy08.html

Privacy '08 on Twitter: http://twitter.com/privacy08

Privacy '08 CafePress: http://www.cafepress.com/epicorg

On October 11, 2008, many people around the world will raise their voice against all mass scale surveillance and data retention practices under the slogan of 'Freedom not Fear - Stop the Surveillance mania!" From protest in the streets of Berlin and DJ parties in Paris to workshops on privacy enhancing technologies and media campaigns in Argentina, Guatemala, Peru and Chile, many citizens in 22 Europeans countries, United States and Latin America will support the Freedom not Fear Worldwide Action Day in their own creative way.

"Support the campaigning, organize a conference, blog, moblog, podcast the event, take pictures of all camera surveillance on the streets and post it on your blog, raise your voice!" Beatriz Busaniche from Fundacion Via Libre Argentina, said.

"Guatemala has a history of informers in every corner that led to major human rights abuses. We learned from the past. Let us not repeat the history. Let's take care our freedoms on October 11," Renata Avila, Global Voices, Guatemala added.

In recognition of October 11, Freedom not Fear Day, many US organizations set out the following recommendations:

* End Watch Lists, Fusion Centers and other data profiling programs that fail to comply with the full requirements of the federal Privacy Act;

* Affirm international human rights, including freedom of expression and privacy protection so as to strengthen democratic institutions and protect the rights of individuals;

* Repeal the Patriot Act and other legal authorities that permit warrantless surveillance and unconstitutional monitoring and tracking of individuals;

* End the culture of secrecy that allows government officials to hide mismanagement, fraud, and incompetence behind the veil of "homeland security";

* Establish comprehensive data protection legislation that will safeguard personal information and reduce the risk of identity theft and security breaches.

In the United States, Marc Rotenberg, EPIC Executive Director said "Many programs established by the United States after 9/11 have done little to promote security, but they have diminished privacy and cost taxpayers dearly. It is time to replace fear with reason, and secrecy with transparency. EPIC supports the Freedom not Fear campaign and joins with other groups in urging national governments to respect individual rights, the rule of law, and democratic institutions."

More information: Freedom not Fear Day in Washington, D.C., United States: http://www.thepublicvoice.org/fnf-dc/

Freedom not Fear Day, Worldwide Action Day: http://wiki.vorratsdatenspeicherung.de/Freedom_Not_Fear_2008

German Working Group on Data Retention (AK Vorrat): http://www.vorratsdatenspeicherung.de/index.php?lang=en

Freedom not Fear Day in Buenos Aires, Argentina: http://www.privacidad.org.ar

Freedom not Fear Day in Paris, France: http://www.humanrights21.org/

Freedom not Fear Day in Guatemala City, Guatemala: http://freedomnotfear.wordpress.com/

The Public Voice Facebook on Freedom Not Fear: http://www.facebook.com/group.php?gid=16165509212

Senators Question Secret Trade Agreement

Sens. Patrick Leahy and Arlen Specter of the Senate Judiciary Committee expressed concern that the Anti-Counterfeiting Trade Agreement (ACTA), currently under negotiation by the U.S. Trade Representative may not have been drafted with sufficient flexibility and could limit Congress's ability to make appropriate refinements to intellectual property law in the future. The senators questioned the lack of transparency and the quick deliberations accompanying the negotiations. In a letter to the U.S. Trade Representative, Susan Schwab, the senators asked that the liability of service providers or technological protection measures be left out from the agreement. The letter also warned of a possibility of a significant impact in intellectual property protections taking effect without formal Congressional involvement. ACTA was announced in October 2007, but the lack of transparency in the negotiating process and a leaked discussion paper have caused alarm among consumer rights groups and two of them have submitted a Freedom of Information request in June this year asking for all the records. In September, EPIC alerted readers about public interest NGO's expressing concern about the ACTA Draft Treaty and the possibility of policies that may limit legitimate business activity, the participative web, and e-government service delivery.

Senators' letter to USTR: http://ip-watch.org/files/acta_letter.pdf

Announcement of ACTA: http://epic.org/redirect/101008_USTR_acta.html

EPIC Alert 15.18 ACTA article: http://epic.org/alert/EPIC_Alert_15.18.html#acta

President Signs Satellite Surveillance Bill On October 7, 2008, President Bush signed a law permitting the Department of Homeland Security to begin a satellite spy program targeting US land. The provisions, part of a large budget bill, provide funding for the federal government to expand its surveillance of US territory via satellite. Independent federal investigators at the Government Accountability Office have questioned the program's compliance with federal privacy and civil liberties obligations. Federal officials failed to release the investigators' full report. Congressman Bennie G. Thompson, Chairman of the House Homeland Security Committee, has called for a halt to the program, and referred to the spy plan "Big Brother in the Sky."

Congressmen Call for Moratorium on Spy Satellite Program: http://homeland.house.gov/issues/index.asp?ID=262

Department of Homeland Security Fact Sheet -National Applications Office: http://www.dhs.gov/xnews/releases/pr_1187188414685.shtm

PBS Series Highlights Surveillance State

Thought Total Information Awareness was dead? The "Last Enemy" is now showing in the US on Sunday evenings on PBS. The popular BBC series brings John Poindexter's surveillance fantasy to life with a rock star cast in London and enough digital dystopia to make even the folks at the Department of Homeland Security take a breath. For the full October 2008 Orwell movie festival experience, be sure to see also "Eagle Eye," starring Shia LaBeouf, and "Body of Lies" with Russell Crowe and Leonardo DiCaprio.

PBS Masterpiece, The "Last Enemy": http://www.pbs.org/wgbh/masterpiece/lastenemy/

"The Last Enemy" on YouTube (with creepy Total Information Awareness opening): http://www.youtube.com/watch?v=EmGIuSncvd4

IMDb, "Eagle Eye": http://www.imdb.com/title/tt1059786/

IMDb, "Body of Lies": http://www.imdb.com/title/tt0758774/

Article 29 Working Party agrees to nine country mutual data protection:

The European Union Article 29 Data Protection Working Party approved and agreed that the countries of France, Germany, Ireland, Italy, Latvia, Luxembourg, Netherlands, Spain and the United Kingdom give mutual recognition to Binding Corporate Rules (BCR) on Data Protection. The countries agreed to have the BCRs sent through the BCR coordination procedure.

Once the Lead Authority on Data Protection circulates the approved draft, other Data Protection Authorities to recognize it as a policy commitment and permit and authorize the binding corporate rules directly or advice the body which in turn provides that authorization.

Privacy Laws & Business, October 8, 2008: http://http://www.privacylaws.com

Article 29 Working Party has many doubts about US electronic visas

The European Union Privacy Commissioners is seeking to clarify many aspects of the US Electronic System for Travel Authorization (ESTA). ESTA requires passengers to submit telephone numbers, email addresses and other data which will be retained for a period of 75 years. It will replace the existing paper I-94W filled in by travelers on flight to the United States. While ESTA is now on a voluntary basis since August 2008, the Privacy Commissioners are seeking more information on how the existing sensitive data that is already collected is being dealt with, how travelers will have access to their information and update its accuracy over time. The Privacy Commissions also want to know the consequences when travel authorization documents are lost or stolen.

Electronic System for Travel Authorization (ESTA): http://www.cbp.gov/esta

EPIC's page on Air Travel Privacy: http://epic.org/privacy/airtravel/

Privacy Laws & Business, October 8, 2008 http://http://www.privacylaws.com

"Playing the Identity Card" Edited by Colin J. Bennett and David Lyon

http://www.powells.com/biblio/72-9780415465649-0

In a world where a person is dependent on documents to establish that they 'are who they say they are' the ubiquity of identity cards hardly seems surprising. But, the extent to which identity cards form a mode of governance and are seen as an exercise of authority by the State or alternately the conferring of benefits, remains a matter of perception within the designated populace.

"Playing the Identity Card' provides a valuable insight into the present methods of identification around the world. This book also includes future suggested changes from eleven countries having the largest population in addition to two international organizations. Each country profile is written by a different author and offers a local flavor of how an identity document is viewed, its origins and socio- political perspectives.

The nature and consequences of sharing and processing personal information across bureaucratic divides mandates inter-agency cooperation. The need for standardized information interchange amidst different types of identity cards, corporate influence and ultimate needs and goals for the government form the focal points in each country's discussion.

Although concepts of privacy differ from country to country, identity cards are tools of governance that help in classifying differing levels of authorization. In spite of the fact that they are termed voluntary, opting out may impose significant disadvantages on the citizen. Drawing conclusions from the past experiences of identity card holders yields valuable information in extrapolating to future implementation in other scenarios. Analyzing the motivations behind the need for identity documents is essential to understanding possible alternatives.

Overall, the book examines different angles leading up to and the supporting basis of the requirement of identity cards, set against political cultures and policy legacies of each State and offer a factual account of existing identity card regimes. The authors conclude that identity cards do stand out as a classic, authority-based model of government based on command and sanction in an era when policy-making is characterized by new governance arrangements and innovative ways to co-regulate society.

-- Anirban Sen

EPIC Publications:

"Litigation Under the Federal Open Government Laws 2008", edited by Harry A. Hammitt, Marc Rotenberg, John A. Verdi, and Mark S. Zaid (EPIC 2008). Price: $60.

http://epic.org/bookstore/foia2008/

Litigation Under the Federal Open Government Laws is the most comprehensive, authoritative discussion of the federal open access laws. This updated version includes new material regarding the substantial FOIA amendments enacted on December 31, 2007. Many of the recent amendments are effective as of December 31, 2008. The standard reference work includes in-depth analysis of litigation under Freedom of Information Act, Privacy Act, Federal Advisory Committee Act, Government in the Sunshine Act. The fully updated 2008 volume is the 24th edition of the manual that lawyers, journalists and researchers have relied on for more than 25 years.

"Information Privacy Law: Cases and Materials, Second Edition" Daniel J. Solove, Marc Rotenberg, and Paul Schwartz. (Aspen 2005). Price: $98.

http://www.epic.org/redirect/aspen_ipl_casebook.html

This clear, comprehensive introduction to the field of information privacy law allows instructors to enliven their teaching of fundamental concepts by addressing both enduring and emerging controversies. The Second Edition addresses numerous rapidly developing areas of privacy law, including: identity theft, government data mining and electronic surveillance law, the Foreign Intelligence Surveillance Act, intelligence sharing, RFID tags, GPS, spyware, web bugs, and more. Information Privacy Law, Second Edition, builds a cohesive foundation for an exciting course in this rapidly evolving area of law.

"Privacy & Human Rights 2006: An International Survey of Privacy Laws and Developments" (EPIC 2007). Price: $75.
http://www.epic.org/phr06/

This annual report by EPIC and Privacy International provides an overview of key privacy topics and reviews the state of privacy in over 75 countries around the world. The report outlines legal protections, new challenges, and important issues and events relating to privacy. Privacy & Human Rights 2006 is the most comprehensive report on privacy and data protection ever published.

"The Public Voice WSIS Sourcebook: Perspectives on the World Summit on the Information Society" (EPIC 2004). Price: $40.

http://www.epic.org/bookstore/pvsourcebook

This resource promotes a dialogue on the issues, the outcomes, and the process of the World Summit on the Information Society (WSIS). This reference guide provides the official UN documents, regional and issue-oriented perspectives, and recommendations and proposals for future action, as well as a useful list of resources and contacts for individuals and organizations that wish to become more involved in the WSIS process.

"The Privacy Law Sourcebook 2004: United States Law, International Law, and Recent Developments," Marc Rotenberg, editor (EPIC 2005). Price: $40.

http://www.epic.org/bookstore/pls2004/

The Privacy Law Sourcebook, which has been called the "Physician's Desk Reference" of the privacy world, is the leading resource for students, attorneys, researchers, and journalists interested in pursuing privacy law in the United States and around the world. It includes the full texts of major privacy laws and directives such as the Fair Credit Reporting Act, the Privacy Act, and the OECD Privacy Guidelines, as well as an up-to-date section on recent developments. New materials include the APEC Privacy Framework, the Video Voyeurism Prevention Act, and the CAN-SPAM Act.

"Filters and Freedom 2.0: Free Speech Perspectives on Internet Content Controls" (EPIC 2001). Price: $20.

http://www.epic.org/bookstore/filters2.0

A collection of essays, studies, and critiques of Internet content filtering. These papers are instrumental in explaining why filtering threatens free expression.

EPIC publications and other books on privacy, open government, free expression, crypto and governance can be ordered at:

EPIC Bookstore
http://www.epic.org/bookstore

"EPIC Bookshelf" at Powell's Books
http://www.powells.com/bookshelf/epicorg.html

EPIC also publishes EPIC FOIA Notes, which provides brief summaries of interesting documents obtained from government agencies under the Freedom of Information Act.

Subscribe to EPIC FOIA Notes at: https:/mailman.epic.org/mailman/listinfo/foia_notes

Europe-wide action day "Freedom not fear." October 11, 2008. Multiple sites. For more information:
http://wiki.vorratsdatenspeicherung.de/Freedom_Not_Fear_2008

International Symposium on Data Protection in Social Networks. October 13, 2008, Strasbourg. For more information:
http://epic.org/intsymposium_sns.html

30th International Data Protection and Privacy Conference: Protecting Privacy in a Borderless World. October 15-17, 2008, Strasbourg. For more information:
http://www.privacyconference2008.org

European Dialogue on Internet Governance (EuroDIG). October 20-21, 2008, Strasbourg, France http://www.eurodig.org/

Privacy in Social Network Sites Conference October 23-24, 2008. Delft University of Technology, Faculty of TPM, The Netherlands. For more information: http://www.ethicsandtechnology.eu

Third Internet Governance Forum. December 3-6, 2008. Hyderabad, India. For more information: http://www.intgovforum.org

Tilting perspectives on regulating technologies, Tilburg Institute for Law and Technology, and Society, Tilburg University. December 10-11, Tilburg, Netherlands
http://www.tilburguniversity.nl/tilt/conference

The American Conference Institute is hosting the 8th National Symposium on Privacy and Security of Consumer and Employee Information at the Four Points by Sheraton , Washington, DC. January 27-28, 2009, Washington, DC.

http://www.americanconference.com/Privacy.htm

Subscribe/unsubscribe via web interface: https://mailman.epic.org/mailman/listinfo/epic_news

Back issues are available at:
http://www.epic.org/alert

The EPIC Alert displays best in a fixed-width font, such as Courier.

The EPIC Alert mailing list is used only to mail the EPIC Alert and to send notices about EPIC activities. We do not sell, rent or share our mailing list. We also intend to challenge any subpoena or other legal process seeking access to our mailing list. We do not enhance (link to other databases) our mailing list or require your actual name.

In the event you wish to subscribe or unsubscribe your e-mail address from this list, please follow the above instructions under "subscription information."

The Electronic Privacy Information Center is a public interest research center in Washington, DC. It was established in 1994 to focus public attention on emerging privacy issues such as the Clipper Chip, the Digital Telephony proposal, national ID cards, medical record privacy, and the collection and sale of personal information. EPIC publishes the EPIC Alert, pursues Freedom of Information Act litigation, and conducts policy research. For more information, see http://www.epic.org or write EPIC, 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009. +1 202 483 1140 (tel), +1 202 483 1248 (fax).

If you'd like to support the work of the Electronic Privacy Information Center, contributions are welcome and fully tax-deductible. Checks should be made out to "EPIC" and sent to 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009. Or you can contribute online at:

http://www.epic.org/donate

Your contributions will help support Freedom of Information Act and First Amendment litigation, strong and effective advocacy for the right of privacy and efforts to oppose government regulation of encryption and expanding wiretapping powers.

Thank you for your support.

If you would like more information on Privacy '08, go online and search for "Privacy 08." You'll find a Privacy08 Cause at Facebook, Privacy08 at Twitter, a Privacy08 Channel on YouTube to come soon, and much more. You can also order caps and t-shirts at CafePress Privacy08.

Start a discussion. Hold a meeting. Be creative. Spread the word. You can donate online at epic.org. Support the campaign.

Facebook Cause:
http://www.epic.org/redirect/fbprivacy08.html

Twitter:
http://twitter.com/privacy08

CafePress:
http://www.cafepress.com/epicorg