E P I C A l e r t
The US Supreme Court agreed on Tuesday to consider Herring v. US, a challenge to an arrest based on inaccurate information in a government database. The Court will decide whether to suppress the evidence obtained.
An earlier case is important. The 1995 case Arizona v. Evans involved evidence seized incident to an illegal arrest; in this case a court clerk had made the error leading to the arrest. The Supreme Court did not suppress the evidence, but did state there might be a different conclusion if the error was made by law enforcement personnel.
In Herring v. US, a man was searched, evidence was gathered against him, and he was arrested based on incorrect information in a government database given to the arresting officers by another county's sheriff's department clerk. Because the database had not been updated, the police relied on an arrest warrant that had been rescinded five months before the search. Herring petitioned the district court to suppress the evidence gathered incident to his unlawful arrest, claiming the "exclusionary rule" prevented the use of such evidence.
The district court ruled against Herring and cited to Justice Sandra Day O'Connor's concurrence in Arizona v. Evans. According to the district court, Justice O'Connor "notes that the invocation of the good-faith exception to the exclusionary rule should depend on the reasonableness of the police officers' reliance on the recordkeeping system itself. Thus the good-faith exception should not apply where there is 'no mechanism to ensure [the recordkeeping's] system accuracy over time" and where the system "routinely leads to false arrests.'" The district court found that the good-faith exception applied in Herring's case, noting "the mistake was discovered and corrected within ten to 15 minutes. In addition, there is no credible evidence of routine problems with disposing of reliable warrants." The Eleventh Circuit Court of Appeals later affirmed the district court's ruling.
In the Arizona v. Evans concurrence, Justice O'Connor also wrote, "In recent years, we have witnessed the advent of powerful, computer-based recordkeeping systems that facilitate arrests in ways that have never before been possible. The police, of course, are entitled to enjoy the substantial advantages this technology confers. They may not, however, rely on it blindly. With the benefits of more efficient law enforcement mechanisms comes the burden of corresponding constitutional responsibilities."
EPIC has highlighted problems with inaccurate government databases in formal comments to federal agencies and a 2003 online campaign urging the reestablishment of accuracy requirements for the FBI's National Crime Information Center (NCIC) database, the nation's largest criminal justice database. In 2003, the Justice Department administratively discharged the FBI of its statutory duty to ensure the accuracy and completeness of the over 39 million criminal records maintained in the NCIC. The Privacy Act of 1974 requires the FBI to make reasonable efforts to ensure the accuracy and completeness of the records in the NCIC system. EPIC and 85 other organizations campaigned against this change, stating that, "This action poses significant risks to privacy and effective law enforcement. The NCIC system provides over 80,000 law enforcement agencies with access to data on wanted persons, missing persons, gang members, as well as information about stolen cars, boats, and other information."
US Supreme Court Docket for Herring v. US:
2003 Campaign to Reestablish Accuracy Requirements for the NCIC:
EPIC's page on Herring v. US:
EPIC's page on Sandra Day O'Connor's Legacy:
Arizona v. Evans  USSC 19; 514 U.S. 1 (1995):
The House of Representatives recessed last week without voting on a Senate bill extending the President's expanded warrantless surveillance powers and granting immunity to telecommunications companies that participated in the Presidents warrantless surveillance program. This caused the expanded surveillance powers provided in last summer's Protect America Act (PAA) to expire this weekend. Earlier, the House attempted to provide a short extension to the PAA, but administration supporters caused that extension to fail. The President had threatened to veto any law which did not include immunity for the telecommunications companies. Last fall, the House passed the RESTORE Act, which provided these expanded powers, included oversight, and did not include immunity. The Senate did not consider the RESTORE Act.
The Senate bill, S. 2248, had only a few days earlier cleared the Senate after a long fight on whether to include immunity. The House was asked by the administration to hurriedly accept the Senate bill, which differed significantly from the RESTORE Act. The RESTORE Act provides more avenues for Foreign Intelligence Surveillance Act (FISA) court review. The FISA court would review the procedures used to target people abroad. Further it narrows the scope of new surveillance authorities to include only terrorism and national security, and not broader foreign intelligence information. The RESTORE Act increases the size of the FISA court from 11 to 15 judges; allows the court to sit together in an en-banc review of individual judges; and authorizes more expenditures on administration staff to handle surveillance applications. Intelligence officials must report their surveillance orders to Congress, as well as perform regular audits every three months. Congress also requests an audit of all warrantless surveillance programs. The new provisions of the RESTORE Act would be set to expire in December of 2009.
Last summer's PAA removed some surveillance from the limited FISA court review, allowed the government to create more surveillance programs with limited review, and immunized from lawsuits telecommunications companies who participate in these programs. The surveillance programs already initiated under the PAA can continue past its expiration.
EPIC and other groups are suing the Department of Justice for information on its warrantless surveillance program. EPIC's Freedom of Information Act request, filed shortly after the revelation of the program, demands, among other things, the legal opinions describing the legality of the program.
Senate Bill 2248:
EPIC's Page on FISA:
EPIC's Page on NSA FOIA:
In a Freedom of Information Act appeal filed on February 12, 2008, EPIC challenged the Federal Trade Commission's failure to make public documents relating to the role of the Jones Day law firm in the Google-Doubleclick merger review. The appeal follows EPIC’s original Freedom of Information Act (FOIA) request, which sought the expedited release of all documents concerning Jones Day's participation in the Commission's merger review, as well as Jones Day's involvement in other matters regarding consumer privacy. The Commission failed to produce the documents within the statutorily prescribed time, and EPIC appealed.
During the Commission’s review of the Google-Doubleclick merger, Jones Day publicly stated that it represented Doubleclick regarding the merger. EPIC learned that FTC Chairman Deborah Platt Majoras' husband, John M. Majoras, is a Jones Day partner, and sought Chairman Majoras’ recusal from the merger review. Jones Day then contradicted its previous public statements, and deleted a web page detailing the firm’s representation of Doubleclick from the Jones Day web site.
In its recusal petition, EPIC noted that Chairman Majoras had previously recused herself in other matters involving apparent conflicts of interest with the Jones Day firm. John Majoras is Jones Day’s "global coordinator of competition law litigation" – the very practice area implicated by the Google-Doubleclick merger. However, Chairman Majoras declined to recuse herself and continued to participate in the Google-Doubleclick review and voted to approve the merger without conditions, despite privacy groups' warnings that the merger would threaten consumer privacy.
Before learning of Chairman Majoras' apparent conflict of interest, EPIC urged the FTC to conduct a comprehensive review of the merger's consumer privacy implications. EPIC warned that the merger posed serious privacy threats, and recommended that the Commission impose conditions on the merger. Numerous privacy groups and government leaders echoed EPIC’s request that the Commission address the merger's privacy implications. For example, Senators Herb Kohl and Orrin Hatch, Chairman and Ranking Member of the Senate Judiciary Committee's Subcommittee on Antitrust, Competition Policy and Consumer Rights, stated that "[the Google-Doubleclick] deal raises fundamental consumer privacy concerns worthy of serious scrutiny."
EPIC's Freedom of Information Act Appeal (PDF):
EPIC's Freedom on Information Act Request (PDF):
EPIC's Complaint Requesting FTC Chairman Majoras' Recusal (PDF):
Jones Day's Statement Regarding Representation of DoubleClick (archived document – since deleted from the Jones Day web site) (PDF):
EPIC's page on the Google/Doubleclick Deal:
On February 12, 2008, EPIC filed a Freedom of Information Act (FOIA) request with the Virginia State Police. EPIC's request seeks documents about a plan that would shroud the Virginia Fusion Center, a database that collects detailed information on ordinary citizens, in secrecy. The Virginia legislature is considering a bill that would limit Virginia's open government and privacy statutes, as well as Virginia's common law right of privacy, for Virginia agencies connected to the Fusion Center.
Fusion centers are a means of bringing together information from distributed sources for the purpose of collection, retention, analysis, and dissemination. The Virginia Fusion Center was established in 2005 and is one of several similar entities established by state governments throughout the United States.
Federal guidelines state that the Fusion Center should accumulate and retain information from a wide range of public and private sources. Such information includes, but is not limited to: financial records; credit reports; medical records; internet and email data; video surveillance from retail stores and sporting facilities; data from preschools; and welfare records. Press groups have criticized the proposed law, and warned that, if passed, Virginia citizens can "say hello to Big Brother."
The Virginia Fusion Center's operations involve contact with federal agencies, including the U.S. Department of Homeland Security and the U.S. Department of Justice, as well as other federal programs, including the National Criminal Intelligence Sharing Plan and the Criminal Intelligence Coordinating Council. The federal government has spent at least $380 million to support the state Fusion Centers and other similar entities. EPIC's FOIA request focuses on the possible role of the US Department of Justice and the US Department of Homeland Security in the development of the Virginia legislation.
EPIC's FOIA Request to the Virginia State Police (PDF):
EPIC's Page on Fusion Centers:
EPIC's Page on Open Government:
Virginia Fusion Center website:
On February 14, 2008, Representative Edward Markey (D-Mass.) and Representative Rahm Emanuel (D-Ill.) sponsored a bill that aims to promote information technology (IT) while protecting patient privacy. The Technologies for Restoring Users' Security and Trust (TRUST) in Health Information Act has been endorsed by several groups, including Patient Privacy Rights, the American Association of Practicing Psychiatrists, and the National Association of Social Workers.
The TRUST Act will enable patients to exercise greater control over their health information data and enjoy better security. In particular, it allows patients to keep their medical records out of the IT systems unless they consent to it, it requires that patients be notified in case of databank and record security breaches, and requires the use of encryption and other security technology for the information collected. Violations can result in civil or criminal penalties.
Representative Markey has stated, "The spread of health IT holds tremendous promise for improving patient care, reducing medical errors and lowering costs. But this dream could quickly turn into a nightmare for consumers without sufficient privacy and security safeguards to protect personal medical records from unauthorized access."
Previous health IT bills, which are still pending, did not adequately address the privacy problems with the current regulations, according to patient privacy advocates. In October 2007, the Coalition for Patient Privacy called on Congress to refrain from passing health IT legislation that did not protect health information privacy.
In a recently released report, the World Privacy Forum highlighted the privacy risks associated with personal health records, which are health records for consumers that are often made accessible online and comprised of data collected from a variety of sources. Personal health records are considered a new convenience technology but many fall outside the purview of the Health Insurance Portability and Accountability Act and can threaten patient privacy.
Press Release – Representative Markey's homepage:
TRUST Act, HR 5442 (PDF):
Patient Privacy Rights:
World Privacy Forum Report - Personal Health Records: Why Many PHRs Threaten Privacy (PDF):
EPIC's page on medical privacy:
Search Histories Subject to European Privacy Rules
European privacy officials determined this week that companies operating search engines will be subject to European privacy rules that limit the collection, use, and disclosure of personal information. The privacy officials who make up the Article 29 Working Group stated that "The protection of the users' privacy and the guaranteeing of their rights, such as the right to access to their data and the right to information as provided for by the applicable data protection regulations, remain the core issues of the ongoing debate." Earlier this year, EPIC urged the European Parliament to protect the privacy of search histories. A report from the Article 29 Working Group on Search Engines and Privacy is expected in April.
Press Release - Article 29 Data Protection Working Group
EPIC Testimony on Search Engine Privacy in European Parliament
RCMP Retention of Secret Files Unwarranted, Canada's Privacy Commissioner
In a special report to Parliament, the Privacy Commissioner of Canada, Jennifer Stoddart, stated that many of the national security and criminal operational intelligence files in Royal Canadian Mounted Police (RCMP) databanks are kept without justification. Commissioner Stoddart’s office conducted an audit of exempt data banks held by federal government departments and agencies, which was presented in the special report to the House of Commons in February 2008.
Commissioner Stoddart said the results were "disturbing" in the light of a previous audit conducted 20 years ago which revealed compliance problems that the RCMP had committed to address. The retention of secret files can adversely affect Canadians trying to obtain an employment security clearance or crossing the border.
Press release – Office of the Privacy Commissioner of Canada
Audit report of the Privacy Commissioner of Canada (PDF):
EPIC's page on Domestic Surveillance:
Proposal to Gather Biometrics From All Non-European Union Visitors to EU
The European Commission responsible for Justice, Liberty and Security on February 13 released a proposal, "New tools for an integrated European Border Management Strategy." Among other things, the proposal recommends the creation of a visitor entry/exit system that would require any non-EU visitors requiring visas "to provide their biometric data when applying for a visa." The Commission also proposes a "European Border Surveillance System" be created, using satellites and unmanned aircraft watch the borders. The proposals would need to be approved by all EU member states. Meanwhile, in the US, the FBI last week awarded Lockheed Martin a $1 billion, 10-year contract to build a massive biometrics database including iris scans and palm prints of U.S. residents. The FBI also has proposed an international biometrics database, where the US and EU countries would share data. Critics have highlighted the problems created by such massive system that would share data, including inaccurate or fake information.
European Commission, New tools for an integrated European Border Management Strategy (February 13, 2008):
EPIC page on Biometrics:
Legislation Makes Do-Not-Call List Permanent
New legislation will provide protection for people who sign up on the national registry from telemarketers. The Do-Not-Call Improvement Act of 2007 effectively prevents telemarketers from calling people who signed up on the national registry. The bill was first introduced in September of 2007. The House passed the bill in December of 2007, and the Senate passed the bill in February of this year. As of last week, President Bush signed the bill into law. The new legislation will allow consumers to stay on the Do-Not-Call list permanently, instead of having to renew their listing every five years.
Do-Not-Call Improvement Act of 2007:
EPIC’s page on Do-Not-Call Registry:
ALC and EFF File Suit Against DHS For Information On Border Searches.
The Electronic Frontier Foundation (EFF) and the Asian Law Caucus (ALC) recently filed suit against the Department of Homeland Security (DHS) for denying access to public records on the searching of travelers by border agents at the U.S. borders. Travelers have complained about being questioned about their religious and political affiliations. Other complaints involve border agents checking personal items of travelers such as their computers, business cards, handwritten notes, and cell phone directories. The EFF and ALC are asking DHS to disclose its policy for searching travelers on what are First-Amendment protected activities. In other words, the DHS should explain why border agents are often asking very personal questions or sifting through personal documents at the U.S. Border. An EFF attorney has stated that the public has a right to know the standards for border searches.
Press Release - EFF:
EFF and ALC complaint for injunctive relief (PDF):
APEC Data Privacy Sub Group Meets in Lima, Peru
On February 19 and 20, the Peruvian Economy of the Asia Pacific Economic Cooperation (APEC) Forum hosted two capacity building workshops on the implementation of the APEC Privacy Framework, to coincide with the APEC Data Privacy Sub-Group meeting to be held in Lima, Peru on February 22. The workshops brought together APEC member economies to discuss the practical mechanisms for the international implementation of the APEC Privacy Framework, including the Data Privacy Pathfinder projects.
APEC Technical Assistance Seminar website:
APEC Data Privacy Sub Group of the Electronic Commerce Steering Group website:
The Public Voice:
Privacy Law Sourcebook 2004:
Open Target: Where America Is Vulnerable to Attack, by Clark Kent Ervin (Palgrave Macmillan: 2006)
Clark Kent Ervin, the former Inspector General of the Department of Homeland Security (DHS) describes several DHS programs, the vulnerabilities they are meant to address, and the vulnerabilities he feels are unaddressed. He writes from the point of view of a security bureaucrat. When addressing changes allowing flyers to stand within 30 minutes of airspace in DC, he acknowledges that the change increases convenience and provides little insecurity. But he still includes the note: "shouldn't we be tightening rather than loosening national security?" Consistent with that attitude, Ervin lists one alarming vulnerability after another.
The real value of the book, though, is in the tales of his independent position conflicting with the rest of the department. The Inspector General serves as "an independent and objective inspection, audit, and investigative body to promote effectiveness, efficiency, and economy" in DHS. The office is tasked with "prevent[ing] and detect[ing] fraud, abuse, mismanagement, and waste" within the department. DHS was not just any other agency -- it was a brand new, and large agency, quickly cobbled together from 22 others. It was not just large but unwieldy -- the department CFO did not have authority over the component CFOs. Ditto for procurement officers, and information officers. The oversight mission would be difficult in that environment.
From these interactions -- of the independent auditor against the political appointees -- we see glimpses of how politics trumps policy, and how spin rather than reform is the answer to poor performance. Frequently, outsiders are shocked by his briefings and reports. Insiders, however, are concerned with making bad results look good rather than improving the results. The head of the Transportation Security Administration interrupted a briefing on the performance of passengers screeners to ask why the metric reported was a "failure rate" rather than the mathematically equivalent -- but better sounding -- "pass rate."
This attitude went to the top. After his second meeting with the Secretary, Ervin concluded that Ridge was an "adversary, not an ally." Following the release of a report on border vulnerabilities, secretary Ridge asked for a meeting, and told of being "reamed" on the Hill for it. "Why do you keep putting out these damning reports," Ridge asked. Notably, Tom Ridge, Director of DHS, asked Ervin: "Are you my Inspector General." Presumably forgetting the independent mission of the office, Ervin was asked to delay his reports. To make sure that his reports matched the message from the secretary's press office. These are the tactics of damage control, not of reform.
Ervin's conclusion mirrors the layout of the book: a list of policy recommendations for each type of vulnerability -- borders, air attack, port security, mass transit, critical infrastructure, intelligence, preparedness and wasteful spending. However the best conclusion is one we are left to draw: DHS would be better served by more and more powerful Ervins -- running not just oversight, but actually implementing programs.
- Guilherme Roschke
"Information Privacy Law: Cases and Materials, Second Edition" Daniel J.
Solove, Marc Rotenberg, and Paul Schwartz. (Aspen 2005).
This clear, comprehensive introduction to the field of information privacy law allows instructors to enliven their teaching of fundamental concepts by addressing both enduring and emerging controversies. The Second Edition addresses numerous rapidly developing areas of privacy law, including: identity theft, government data mining and electronic surveillance law, the Foreign Intelligence Surveillance Act, intelligence sharing, RFID tags, GPS, spyware, web bugs, and more. Information Privacy Law, Second Edition, builds a cohesive foundation for an exciting course in this rapidly evolving area of law.
"Privacy & Human Rights 2006: An International Survey of Privacy Laws
and Developments" (EPIC 2007). Price: $75.
This annual report by EPIC and Privacy International provides an overview of key privacy topics and reviews the state of privacy in over 75 countries around the world. The report outlines legal protections, new challenges, and important issues and events relating to privacy. Privacy & Human Rights 2006 is the most comprehensive report on privacy and data protection ever published.
"FOIA 2006: Litigation Under the Federal Open Government Laws," Harry A. Hammitt, Marc Rotenberg, Melissa Ngo, and Mark S. Zaid, editors (EPIC 2007). Price: $50. http://www.epic.org/bookstore/foia2006
This is the standard reference work covering all aspects of the Freedom of Information Act, the Privacy Act, the Government in the Sunshine Act, and the Federal Advisory Committee Act. The 23nd edition fully updates the manual that lawyers, journalists and researchers have relied on for more than 25 years. For those who litigate open government cases (or need to learn how to litigate them), this is an essential reference manual.
"The Public Voice WSIS Sourcebook: Perspectives on the World Summit on
the Information Society" (EPIC 2004). Price: $40.
This resource promotes a dialogue on the issues, the outcomes, and the process of the World Summit on the Information Society (WSIS). This reference guide provides the official UN documents, regional and issue-oriented perspectives, and recommendations and proposals for future action, as well as a useful list of resources and contacts for individuals and organizations that wish to become more involved in the WSIS process.
"The Privacy Law Sourcebook 2004: United States Law, International Law,
and Recent Developments," Marc Rotenberg, editor (EPIC 2005).
The Privacy Law Sourcebook, which has been called the "Physician's Desk Reference" of the privacy world, is the leading resource for students, attorneys, researchers, and journalists interested in pursuing privacy law in the United States and around the world. It includes the full texts of major privacy laws and directives such as the Fair Credit Reporting Act, the Privacy Act, and the OECD Privacy Guidelines, as well as an up-to-date section on recent developments. New materials include the APEC Privacy Framework, the Video Voyeurism Prevention Act, and the CAN-SPAM Act.
"Filters and Freedom 2.0: Free Speech Perspectives on Internet Content
Controls" (EPIC 2001). Price: $20.
A collection of essays, studies, and critiques of Internet content filtering. These papers are instrumental in explaining why filtering threatens free expression.
EPIC publications and other books on privacy, open government, free expression, crypto and governance can be ordered at:
EPIC Bookstore http://www.epic.org/bookstore
"EPIC Bookshelf" at Powell's Books
EPIC also publishes EPIC FOIA Notes, which provides brief summaries of interesting documents obtained from government agencies under the Freedom of Information Act.
Subscribe to EPIC FOIA Notes at:
ALI-ABA, Privacy Law: Developments, Planning, and Litigation. March
13-14, 2008. Washington, D.C. For more information:
First Annual Freedom of Information Day Celebration. March 17, 2008.
American University Washington College of Law, DC. For more information:
Openthegovernment.org, "Government Secrecy: Censoring Your Right to
Know." March 19, 2008. National Press Club, DC. For more information:
CFP 2008: Technology Policy 08. New Haven, Connecticut. May 19-23, 2008. For more information: http://www.cfp2008.org
Future of the Internet Economy - OECD Ministerial Meeting. June 17-18,
2008. Seoul, Korea. For more information:
Conference on Ethics, Technology and Identity. The Hague. June 18-20, 2008. For more information http://www.ethicsandtechnology.eu/ETI
Subscribe/unsubscribe via web interface:
Back issues are available at:
The EPIC Alert displays best in a fixed-width font, such as Courier.
The EPIC Alert mailing list is used only to mail the EPIC Alert and to send notices about EPIC activities. We do not sell, rent or share our mailing list. We also intend to challenge any subpoena or other legal process seeking access to our mailing list. We do not enhance (link to other databases) our mailing list or require your actual name.
In the event you wish to subscribe or unsubscribe your e-mail address from this list, please follow the above instructions under "subscription information."
The Electronic Privacy Information Center is a public interest research center in Washington, DC. It was established in 1994 to focus public attention on emerging privacy issues such as the Clipper Chip, the Digital Telephony proposal, national ID cards, medical record privacy, and the collection and sale of personal information. EPIC publishes the EPIC Alert, pursues Freedom of Information Act litigation, and conducts policy research. For more information, see http://www.epic.org or write EPIC, 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009. +1 202 483 1140 (tel), +1 202 483 1248 (fax).
If you'd like to support the work of the Electronic Privacy Information
Center, contributions are welcome and fully tax-deductible.
should be made out to "EPIC" and sent to 1718 Connecticut Ave., NW,
Suite 200, Washington, DC 20009. Or you can contribute
Your contributions will help support Freedom of Information Act and First Amendment litigation, strong and effective advocacy for the right of privacy and efforts to oppose government regulation of encryption and expanding wiretapping powers.
Thank you for your support.