Home | Databases | WorldLII | Search | Feedback EPIC Alert

EPIC Alert 16.13 [2009] EPICAlert 13

E P I C A l e r t

http://www.epic.org/alert/EPIC_Alert_16.13.html

"Defend Privacy. Support EPIC." http://epic.org/facebook

On June 25, 2009, the Supreme Court ruled 8-1 that school officials' strip-search of a thirteen-year-old girl violated the Fourth Amendment. Safford, Arizona school employees forced middle school student Savana Redding to disrobe during their search for an ibuprofen tablet. Possession of such medication violates school rules, but the strip search failed to uncover a single pill. The search was conducted based on another student's allegations, and Ms. Redding alleged that it violated her Fourth Amendment right to be free from unreasonable searches or seizures.

Justice Souter, writing for the Court, held that school searches are permissible when they are "not excessively intrusive in light of the age and sex of the student and the nature of the infraction." However, the Court ruled that "[t]he strip search of Savana Redding was a violation of the Fourth Amendment" because "there were no reasons to suspect the drugs presented a danger or were concealed in her underwear." Ms. Redding's "subjective expectation of privacy against such a search" Justice Souter wrote, "is inherent in her account of it as embarrassing, frightening, and humiliating." Justice Thomas dissented from the decision, writing that "judges are not qualified to second-guess the best manner for maintaining quiet and order in the school environment."

A majority of the Justices also held that school officials were not liable for damages because it was not "clearly established" that their behavior was unlawful at the time of the search. Justices Stevens and Ginsburg disagreed, writing that a previous Supreme Court case made clear that the search was "excessively intrusive."

Previously, a federal appellate court held that the search in Redding was unreasonable and that a school official could be liable for violating the girl's Fourth Amendment rights. The school district and school officials appealed to the Supreme Court and argued that the search was reasonable based upon the allegations and the dangers of prescription drug abuse. Additionally, they argued that the school employees must have qualified immunity in exercising their discretion so that they are free to exercise their judgment regarding drug abuse in schools and, further, without such authority, the school authorities would not have the ability to respond in the face of threats to student safety in school.

The Redding decision comes on the heels of EPIC's "Stop Digital Strip Searches" campaign, which seeks to suspend the use of "Whole Body Imaging" -- devices that photograph American air travelers stripped naked in US airports. The body scanners subject US travelers to invasive, high-tech versions of the strip search characterized as "unconstitutional" in Redding. The EPIC campaign responds to a policy reversal by federal officials that would make the "digital strip search" mandatory, rather than voluntary as originally announced.

Supreme Court Opinion: http://epic.org/privacy/student/08-479.pdf

Supreme Court Docket: http://origin.www.supremecourtus.gov/docket/08-479.htm

Oral Arguments (transcript): http://epic.org/redirect/042809_Redding_OralArguments.html

EPIC's - Student Privacy: http://epic.org/privacy/student/

EPIC's "Stop Digital Strip Searches" Campaign: http://stopdigitalstripsearches.com/

On June 25, 2009, leaders of the House Homeland Security Committee sent a letter to the TSA regarding the bankruptcy of Verified Identity Pass, Inc. The Clear RT application process collected a great deal of personal information from members, such as proof of legal name, data of birth, citizenship status, home address, place of birth, and gender. The information was used to pre-screen travelers for express service through airport security checkpoints. The committee is investigating among other things: when the TSA became aware of the bankruptcy; whether they have asked the company for its plan regarding its RT data; if the agency is seeking a privacy impact assessment on the bankruptcy; and whether the agency has a contingency plan for safeguarding the data now that the company has gone out of business.

On June 22, 2009, Verified Identity Pass, Inc., a corporate participant in the Transportation Security Administration's Registered Traveler program ceased operations after declaring bankruptcy. Verified Identity Pass, Inc. operated "Clear," a TSA recognized RT program. The Registered Traveler program attempts to "establish requirements to implement trusted passenger programs and use available technologies to expedite security screening of passengers who participate in such programs." Trusted Traveler Programs claim to provide expedited travel for "pre-approved, low risk travelers through dedicated lanes and kiosks." Clear was the largest RT program in the nation operating out of 21 airports with more than 200,000 members. The TSA had also stated that "[a]ll passengers who volunteer and are deemed eligible for the RT pilot program will be required to undergo physical screening at the screening checkpoint in the selected pilot locations."

Clear ID Pass documents were available to US citizens and permanent residents. In addition to the documents required to apply for the ID, applicants were required to submit digital images of their fingerprints and iris, and a digital photo to obtain the document. Clear then "created and stored a template, or mathematical representation, of the finger and iris images, to create a unique biometric ID of the Member." All of the data submitted by the applicant were sent to TSA, which created the applicant's "security threat assessment" based upon a background check that included its controversial "no-fly lists." After the verification process, each approved applicant was issued a "card" that allowed them to access designated airport security fast lanes for processing through security. The card also gave access to discount parking and speedy entry into major sports venues.

A service provider under the Registered Traveler program must adhere to the TSA January 2008 "Security, Privacy and Compliance Standards for Sponsoring Entities and Service Providers." The standard requires service providers to "establish a written privacy policy to govern the data collected in connection with the RT Program... [a]t a minimum, SPs should follow the Fair Information Practice Principles in developing their privacy policy. However, the security safeguards are silent on the issue of safeguarding passenger data upon a service provider's shutdown.

After the company abruptly closed operations on June 22, 2009, the company statement on its website about fate of information on customers has evolved several times. As of July 1, 2009 it states that "Applicant and Member data is currently secured by Lockheed Martin, and that they are working with Verified Identity Pass on securing the data. According to Steve Brill, Clear's founder who had left the company in February, TSA could quickly reclaim the data under Registered Traveler rules. Brill has also warned that the rules might have been altered since he left the company. Clear had "reserve[d] the right [] to change
[its] policies [from time to time]" by informing its "customers by email."

Previously, the Clear program had suffered from data breaches. In August 2008, the TSA had suspended the Clear enrollment "due to vulnerabilities discovered in the company's storage of Clear applicants' sensitive personal information." The vulnerabilities had come to light after an unencrypted laptop computer went missing from the San Francisco International Airport on July 26. The notebook contained pre-enrollment records of approximately 33,000 customers. However, a week later, the TSA resumed the Registered Traveler enrollment after conducting an audit of the laptop data.

EPIC's - Clear: http://epic.org/privacy/airtravel/clear

TSA - Registered Traveler: http://www.tsa.gov/approach/rt/index.shtm

TSA - Minimum Required RT Security Standards and Procedures for Assessing Compliance with RT Security Standards: http://www.tsa.gov/assets/pdf/rt_appendix_c.pdf

TSA - Registered Traveler Security, Privacy, and Compliance Standards for Sponsoring Entities and Service Providers: http://www.tsa.gov/assets/pdf/rt_standards.pdf

House Homeland Security Committee Letter: http://epic.org/dhs-committee_tsa-ltr.pdf

Clear's Privacy Policy: http://www.flyclear.com/clear_privacy.pdf

Clear's Online Privacy Policy: http://www.flyclear.com/clear_online.pdf

CBP - Trusted Traveler Programs: http://www.cbp.gov/xp/cgov/travel/trusted_traveler/

Airports Accepting the Clear Card (Archived): http://epic.org/privacy/airtravel/clear/clear-airports.pdf

EPIC - Spotlight on Surveillance - Registered Traveler Card: http://epic.org/privacy/surveillance/spotlight/1005/

EPIC - Air Travel Privacy: http://epic.org/privacy/airtravel/

EPIC - Secure Flight: http://epic.org/privacy/airtravel/secureflight.html

EPIC - Passenger Profiling: http://epic.org/privacy/airtravel/profiling.html

EPIC's testimony before Congress: "The Future of Registered Traveler," November 3, 2005: http://epic.org/privacy/airtravel/rt_test_110305.pdf

EPIC's testimony before Congress: "Ensuring America's Security: Cleaning Up the Nation's Watchlists", September 9, 2008: http://epic.org/privacy/airtravel/watchlist_test_090908.pdf

The Supreme Court ruled on various cases affecting the right to privacy near the end of its 2008 term. The topics ranged from strip-searches of teenage girls at schools (see article above) to access to DNA for proving post-conviction innocence. The Court also denied consideration of challenges to two state statutes that protect privacy rights.

In a critical case for the emerging field of identity management, the Supreme Court reversed a lower court opinion and ruled unanimously that individuals who provide identification numbers that are not their own, but don't intentionally impersonate others, cannot be subject to harsh criminal punishments under federal law. The case involved a mandatory 2-year prison term, added on to a prior conviction, for presenting a ake Social Security Number to an employer. EPIC filed an amicus brief in support of the petitioner, arguing that the "unknowing use of inaccurate credentials does not constitute identity theft."

In a 5-4 decision, the Supreme Court rejected the constitutional right of a convicted individual to access his DNA to prove innocence and reversed the decision of the Ninth Circuit. Chief Justice Roberts held that the task of harnessing "DNA's power to prove innocence without unnecessarily overthrowing the established system of criminal justice ...belongs primarily to the legislature." Justice Stevens, writing for four of the justices in dissent, said that "a decision to recognize a limited right of postconviction access to DNA testing would not prevent the States from creating procedures [to] ensure [] that [it] is nonarbitrary." EPIC has filed several amicus briefs advocating limits on the collection and use of genetic material. However, EPIC has also noted that DNA evidence should be available to prove innocence.

In another case, IMS Health v. Ayotte, the Court refused to hear a challenge to the New Hampshire, Prescription Confidentiality Act. The statute prohibits the sale of prescription information. The First Circuit had upheld the ban on the sale of such information. EPIC and 16 experts in privacy and technology filed a "friend of the court" brief, in favor of the upholding law, and detailed the substantial privacy interests in de-identified patient data. The petitioners claimed that the law infringed on their free speech rights. After the Supreme Court's denial, the First Circuit opinion became final.

In ABA v. Brown (formerly ABA v. Lockyear), the Ninth Circuit had ruled in favor of California Financial Information Privacy Act, commonly known as "SB1." The Supreme Court denied review of the case. The California law provides customers with privacy safeguards for financial data by limiting the sale of personal information by financial firms to affiliates, and imposes opt-in requirements for non-affiliate sales. EPIC's brief favored the law. The financial firms argued that the statute conflicts with other federal rules, but the Justice Department recommended that the Supreme Court leave the state statute in place.

During the term, the Supreme Court had also ruled on other cases related to identity theft, warrantless searches of cars after the arrest of a suspect, and validity of evidence obtained after illegal searches or arrests based on simple police mistakes.

The U.S. Supreme Court: http://www.supremecourtus.gov

Supreme Court Opinion in Flores-Figueroa v. United States: http://www.supremecourtus.gov/opinions/08pdf/08-108.pdf

"Friend-of-the-court," Brief by EPIC, Legal Scholars, Technical Experts, and Privacy and Civil Liberty Groups (Dec. 19, 2008): http://epic.org/privacy/flores-figueroa/121908_brief.pdf

US Supreme Court Docket page for Flores-Figueroa v. United States: http://www.supremecourtus.gov/docket/08-108.htm

EPIC's Flores-Figueroa v. United States page: http://epic.org/privacy/flores-figueroa/

Supreme Court Opinion: District Attorney's Office v. Osborne: http://www.supremecourtus.gov/opinions/08pdf/08-6.pdf

Ninth Circuit Opinion: http://epic.org/redirect/110708_CA9_Osborne.html

EPIC - District Attorney's Office v. Osborne: http://epic.org/privacy/osborne/

EPIC - Genetic Privacy: http://www.epic.org/privacy/genetic/

Supreme Court Docket: IMS Health v. Ayotte: http://origin.www.supremecourtus.gov/docket/08-1202.htm

First Circuit Opinion: http://epic.org/privacy/imshealth/11_18_08_order.pdf

Prescription Confidentiality Act: http://www.gencourt.state.nh.us/legislation/2006/HB1346.html

EPIC's Brief - IMS Health v. Ayotte: http://epic.org/privacy/imshealth/epic_ims.pdf

EPIC - IMS Health v. Ayotte: http://epic.org/privacy/imshealth/

Supreme Court Docket: A.B.A. v. Brown: http://origin.www.supremecourtus.gov/docket/08-730.htm

Ninth Circuit Opinion: http://epic.org/redirect/070209_ABAvBrownCA9opin.html

California Financial Information Privacy Act: http://epic.org/redirect/070209_California_SB1.html

EPIC's Brief - ABA v. Brown: http://epic.org/privacy/preemption/lockyer_brief.html

EPIC - ABA v. Brown: http://epic.org/privacy/preemption/abavlockyer.html

Facebook announced planned changes to user privacy controls. Chris Kelly, Facebook's Chief Privacy officer stated that new policy will promote "control, simplicity and connection" for user data. The new interface attempts to provide more granularity in privacy settings. The options include the ability to broadcast the information to any person online or restrict it to chosen people on a per-post basis. Also, the privacy settings would be displayed on a single page.

The announcement states there will be no changes in term of "the information Facebook provides to advertisers" but does not address concerns about the information provided by Facebook to application developers. Currently, Facebook is not equipped to guarantee that all platform developers will abide by agreements to respect individual privacy settings and strictly limit their collection, use, and storage of information. Additionally, Facebook does not screen or approve Platform Developers and cannot control how such Platform Developers use any personal information that they may obtain in connection with Platform Applications.

In June, the Article 29 Working Party warned about the dissemination and use of information available on Social Networking Sites for other secondary, unintended purposes. The officials issued an opinion requiring robust security, privacy-friendly default settings, and the application of European privacy law. The European Privacy Commissioners recommended that controllers take "appropriate technical and organizational measures, 'both at the time of the design of the processing system and at the time of the processing itself' to maintain security and prevent unauthorized processing, taking into account the risks represented by the processing and the nature of the data." Earlier, in January, EPIC had suggested the regulation of Social Network Service partners, including advertisers and application developers.

Also, in February, Facebook announced that it was opening its site governance to user voting after the new Terms of Service were widely criticized, and were to be the subject of an EPIC complaint to the Federal Trade Commission. Facebook restored the old terms and sought user feedback on the new terms. About 75 percent of the users voted to adopt new terms after being re-drafted from user feedback. Under the updated terms, users had the right to "own and control their information." Facebook also took steps to improve account deletion, to limit sublicenses, and reduce data exchanges with application developers. EPIC supported the adoption of the new terms.

Facebook: Improving Sharing Through Control, Simplicity and Connection: http://blog.facebook.com/blog.php?post=101470352130

Article 29 Working Party Opinion of Social Networking Sites: http://epic.org/privacy/socialnet/Opinion_SNS_090316_Adopted.pdf

Article 29 Working Party: http://epic.org/redirect/040109_A29WP.html

Facebook Terms of Service: http://www.facebook.com/terms.php

Facebook Site Governance: http://www.facebook.com/fbsitegovernance

EPIC's Suggestion on Social Networking Privacy: http://www.cpdpconferences.org/L-Z/rotenberg.html

Directive 95/46/EC: http://epic.org/redirect/062209_EU9546EC.html

Directive 2002/58/EC on data protection and privacy: http://epic.org/redirect/091208_eu.html

EPIC's - Social Networking Privacy: http://epic.org/privacy/socialnet/default.html

The Third Phase of the White House Open Government Initiative, "Drafting," will continue until July 3rd and voting will stay open through the holiday weekend, until July 6th. In the First Phase of its open government proposal, "Brainstorming," the White House had received several public comments. EPIC made five recommendations to promote government transparency and accountability. The second phase, "Discussion," invited comments focusing on several transparency themes. The current phase aims to create draft recommendations that translate the earlier ideas into specific actions that can be taken to achieve open government.

As part of the Open Government Initiative, The Public Interest Declassification Board is seeking comments on how classified national security information policy should be revised. The Board is an advisory committee established to promote public access to accurate documentary record of "significant U.S. national security decisions and activities." In May, President Obama had signed a Memorandum ordering the review of Executive Order 12958, which prescribes a system for classifying, safeguarding, and declassifying national security information. Comments are being sought in the four areas: Declassification policy, a National Declassification Center, Classification policy, and Technology Issues and Challenges. The Board will host a public meeting at the National Archives on July 8, 2009, to discuss the revisions and solicit public comment. The blog will conclude on July 10, 2009.

Senator Leahy, marking the 43rd anniversary of the Freedom of Information Act coming into force, commented that "FOIA remains an indispensable tool for shedding light on bad policies and government abuses. The Act has helped to guarantee the public's "right to know" for generations of Americans. The Leahy-Cornyn OPEN Government Act makes the FOIA request processing faster and more transparent and also created the Office of Government Information Services within the National Archives and Records Administration. Miriam Nisbet was recently appointed to lead the Office. The Office is charged with mediating FOIA disputes and review agency compliance with FOIA.

EPIC, in its pursuit of enabling an Open Government, has made frequent use of the Freedom of Information Act to obtain data from the government about surveillance and privacy policies. Public disclosure of obtained information improves government oversight and accountability and keeps the public informed about the activities of the government. EPIC has sued several agencies to seek out information which the public has a right to know. Recently, EPIC filed FOIA requests with DHS seeking the full text of the National Security Presidential Directive 54 and the Comprehensive National Cybersecurity Initiative, and with HHS for documents related to privacy protection policies and procedures to safeguard personal health information included in the Health IT technology systems.

Open Government Directive, Phase Three- Drafting: http://www.mixedink.com/opengov/

Open Government Initiative: http://www.whitehouse.gov/open/

Office of Science and Technology Policy, Executive Office of the President, Transparency and Open Government: http://edocket.access.gpo.gov/2009/pdf/E9-12026.pdf

Phase II: Discussion: http://blog.ostp.gov/

PIDB Public Meeting: http://edocket.access.gpo.gov/2009/E9-14691.htm

Amendment to Executive Order 12958: http://epic.org/redirect/070209_EO12958_Amend_SecClass.html

Memorandum for the Heads of Executive Departments and Agencies, Classified Information and Controlled Unclassified Information, White House Press Release, May 27, 2009: http://epic.org/redirect/070209_WH_Memo_ClassDeclass.html

Senator Leahy: Press Statement: http://leahy.senate.gov/press/200906/062509b.html

White House Declassification Policy: http://epic.org/redirect/070209_WH_Declass_Policy.html

OSTP Blog: Declassification: http://blog.ostp.gov/category/declass/

Press Release, The National Archives: http://www.archives.gov/press/press-releases/2009/nr09-93.html

EPIC's - Open Government: http://epic.org/open_gov/

EPIC's FOIA Litigation Manual 2008: http://epic.org/bookstore/foia2008/

E-Verify Funding Extended by Two Years

The House approved a bill sponsored by Rep. David Price which will fund the E-Verify program of the Department of Homeland Security for two years. The bill, H.R. 2892 was passed by the House, 389-37. The Senate introduced a bill, S. 1298, approving a three-year extension. Earlier this year, DHS Secretary Napolitano had issued a directive aimed at measuring employer compliance and participation in E-Verify. EPIC has noted that E-Verify could deny many eligible individuals - including U.S. citizens and legal immigrants - the opportunity to work, and is ineffective as a solution to U.S. immigration problems. Last year, EPIC had filed a Freedom of Information request with the DHS seeking documents concerning promotion of E-Verify.

House Bill: http://thomas.loc.gov/cgi-bin/query/z?c111:H.R.2892:

Senate Bill: http://thomas.loc.gov/cgi-bin/query/z?c111:S.1298:

DHS E-Verify program: http://www.dhs.gov/e-verify

Testimony of Secretary Napolitano: http://www.dhs.gov/ynews/testimony/testimony_1235577134817.shtm

EPIC, "Spotlight on Surveillance: E-Verify System - DHS Changes Name, But Problems Remain for U.S. Workers.": http://epic.org/privacy/surveillance/spotlight/0707/default.html

"Employment Verification - Challenges Exist in Implementing a Mandatory Electronic Employment Verification System," United States Government Accountability Office," June 10, 2008: http://www.gao.gov/new.items/d08895t.pdf

TJX Settles with 41 States to Close Data Breach Investigations

TJX Companies Inc. signed an agreement to pay approximately $9.8 million to 41 state attorney generals to cease the investigation involving a data breach of 45 to 100 million credit card numbers. The agreement also requires TJX to implement extensive data security measures to protect personal information. Last year, the FTC settled actions against TJX without imposing fines. The Commission alleged that the companies "failed to provide reasonable and appropriate security for sensitive consumer information," which led to data breaches. EPIC has long advocated various ways and means to curbing the problem of identity theft. In 2008, EPIC filed comments with the FTC urging them to include civil penalties in settlements arising from data breaches. These cases were also mentioned in FTC's Report on Identity Theft.

TJX Settlement Announced: http://epic.org/redirect/070209_TJX_Settlement_Ann.html

TJX Settlement: http://www.ohioattorneygeneral.gov/press/09/06/pr090623.pdf

Agency Announces Settlement of Separate Actions Against Retailer TJX, and Data Brokers Reed Elsevier and Seisint for Failing to Provide Adequate Security for Consumers' Data: http://www.ftc.gov/opa/2008/03/datasec.shtm

President's Task Force Report on Identity Theft: http://www.ftc.gov/os/2008/10/081021taskforcereport.pdf

EPIC's - Identity Theft: http://epic.org/privacy/idtheft/

China Postpones Internet Filtering

The Chinese Ministry of Industry and Information Technology announced a postponement in the implementation of enforcement of a rule requiring manufacturers to install internet filtering softwares at the time of purchasing a new computer. The filtering program has been dubbed "Green Dam-Youth Escort" and is supposed to be designed to filter out internet porn and violence. However, it is believed that it can also block "subversive content." Last year, security officials chilled press freedoms by backtracking from temporary regulations that allowed foreign journalists access to Chinese organizations and citizens. Access was granted based only upon government consent. The government uses internet filters to block websites associated with Tibet, Tiananmen Square and any site which it considers subversive. EPIC was the first organization to oppose the use of Internet content filters and has published reports and books on the topic.

China View: China postpones mandatory installation of controversial filtering software: http://news.xinhuanet.com/english/2009-06/30/content_11628335.htm

Human Rights Watch, China: Olympics Media Freedom Commitments Violated, July 7, 2008: http://www.hrw.org/english/docs/2008/07/03/china19250.htm

EPIC, Filters and Freedom 2.0: Free Speech Perspectives on Internet Content Controls: http://epic.org/bookstore/filters2.0/

EPIC, "Faulty Filters: How Content Filters Block Access to Kid-Friendly Information on the Internet": http://epic.org/reports/filter_report.html

TSA Responds to Whole Body Imaging Objections

The Transportation Security Administration has replied to the Privacy Coalition statement on whole body imaging systems. The agency claims that the Privacy Impact Assessment provides adequate protection. The Privacy Coalition letter challenged the agency's position on the issue of privacy and whole body imaging systems. Their letter to the agency stated "the devices are designed to capture, record, and store detailed images of individuals undressed" and said that "[i]f the public understood this, they would be outraged by the use of these devices by the US government on US citizens." The Privacy Coalition said that the use of the devices should be suspended pending an investigation. The letter was prompted by the TSA's announcement that Whole Body Imaging would replace metal detectors as the primary screening technique at US airports. The House of Representatives approved by a vote of 310 to 118 a bill that would limit the use of Whole-Body Imaging machines at US airports.

EPIC Whole Body Imaging Page: http://epic.org/privacy/airtravel/backscatter/

EPIC Air Travel Privacy Page: http://epic.org/privacy/airtravel

Privacy Coalition Letter to TSA: http://epic.org/redirect/060809_EPIC_DHS_Napolitano_WBI.html

TSA Letter in reply to Privacy Coalition Letter: http://privacycoalition.org/dhs-reply-wbi_ltr.pdf

House Vote on Chaffetz Amendment: http://clerk.house.gov/evs/2009/roll305.xml

Chaffetz Amendment (Section 215): http://thomas.loc.gov/cgi-bin/query/z?c111:H.R.2200:

Whole-Body Imaging: http://www.tsa.gov/approach/tech/body_imaging.shtm

EPIC's Campaign to Stop TSA's Use of Whole Body Imaging: http://privacycoalition.org/stopwholebodyimaging/

Facebook Group: Stop Airport Strip Searches: http://www.facebook.com/group.php?gid=179598280013

Federal Government Unveils Expense Website

The US Chief Information Officer, Vivek Kundra, launched a new website which provides details of Federal information technology investments and provides users with the ability to track the progress of investments over time. The IT Dashboard displays data received from agency reports to the Office of Management and Budget, including general information on over 7,000 Federal IT investments. Agency CIOs are responsible for evaluating and updating select data on a monthly basis, which is accomplished through interfaces provided on the website. The "dashboard" is aimed at increasing transparency and open government within the administration

IT Dashboard: http://it.usaspending.gov

ICANN's 35th International Meeting

From June 21-26, the Internet Corporation for Assigned Names and Numbers, the corporation that manages the assignment of domain names to Internet Protocol addresses, held its 35th meeting in Sydney, Australia.

The meeting was held around the following issues (1) New generic top-level domain (gTLDs); (2) Internationalization Domain Names; and (3) Improving ICANN's institutional confidence.

One of the more significant recommendation for the new gTLDs is that all registries offer a "Thick" Whois service, which includes a broader set of data elements including contact information for the registrant and designated administrative and technical contacts.

According to ICANN's Explanatory Memorandum: "Registrars would continue to display detailed contact information associated with registrations, so there is no question about the total set of data elements that will be published concerning each registration - the only question is whether all of the data will be maintained/published by both the registry and the registrar, or whether the full data will be displayed by the registrar only and the registry could, if it so elected, maintain just a subset of data as in the example above." There were no privacy impact assessments presented. At the conclusion of the Meeting, ICANN appointed Rod Beckstrom as its new CEO and president.

ICANN 35 | Sydney: http://syd.icann.org/full-sched

ICANN Transcripts Presentations: http://syd.icann.org/syd/transcripts

Explanatory Memorandum: Thick vs. Thin Whois for New gTLDs: http://epic.org/redirect/070209_ICANN_Memo_gTLD.html

The Pubic Voice http://www.thepublicvoice.org

"The Broken Window" by Jeffrey Deaver

http://www.amazon.com/gp/product/1416549978?tag=e03a6-20

Commercial data brokers gather little pieces of information from individuals in myriad ways: credit card purchases, Internet searches, government documents, and medical records. Serious privacy concerns arise as the data market continues to grow. Author Jeffrey Deaver offers a fictional account of a worst-case scenario – a serial killer with access to the most detailed information about our lives.

The Broken Window makes for an interesting summer read, especially for privacy advocates. The antagonist has access to the information accumulated by Strategic Systems Datacorp, the largest data collector in the U.S. He uses this information to track vulnerable individuals; some of those individuals feed his passion for murder, while others serve as human shields as he frames them for his crimes. He accomplishes all of this with the help of the massive database at his fingertips.

The novel offers a poignant look at the underlying issues of identity theft. Although the central plot is a murder mystery, Deaver offers detailed analysis on the ways in which data is collected everyday, and with every transaction. Some of the discussion of new technologies and information collection seemed forced and remedial for the characters. While not an engaging read, The Broken Window does highlight the privacy issues surrounding the commercial data industry with surprising depth.

-- Courtney A. Barclay

"Litigation Under the Federal Open Government Laws 2008," edited by Harry A. Hammitt, Marc Rotenberg, John A. Verdi, and Mark S. Zaid (EPIC 2008). Price: $60.

http://epic.org/bookstore/foia2008/

Litigation Under the Federal Open Government Laws is the most comprehensive, authoritative discussion of the federal open access laws. This updated version includes new material regarding the substantial FOIA amendments enacted on December 31, 2007. Many of the recent amendments are effective as of December 31, 2008. The standard reference work includes in-depth analysis of litigation under Freedom of Information Act, Privacy Act, Federal Advisory Committee Act, Government in the Sunshine Act. The fully updated 2008 volume is the 24th edition of the manual that lawyers, journalists and researchers have relied on for more than 25 years.

"Information Privacy Law: Cases and Materials, Second Edition" Daniel J. Solove, Marc Rotenberg, and Paul Schwartz. (Aspen 2005). Price: $98.

http://www.epic.org/redirect/aspen_ipl_casebook.html

This clear, comprehensive introduction to the field of information privacy law allows instructors to enliven their teaching of fundamental concepts by addressing both enduring and emerging controversies. The Second Edition addresses numerous rapidly developing areas of privacy law, including: identity theft, government data mining and electronic surveillance law, the Foreign Intelligence Surveillance Act, intelligence sharing, RFID tags, GPS, spyware, web bugs, and more. Information Privacy Law, Second Edition, builds a cohesive foundation for an exciting course in this rapidly evolving area of law.

"Privacy & Human Rights 2006: An International Survey of Privacy Laws and Developments" (EPIC 2007). Price: $75.
http://www.epic.org/phr06/

This annual report by EPIC and Privacy International provides an overview of key privacy topics and reviews the state of privacy in over 75 countries around the world. The report outlines legal protections, new challenges, and important issues and events relating to privacy. Privacy & Human Rights 2006 is the most comprehensive report on privacy and data protection ever published.

"The Public Voice WSIS Sourcebook: Perspectives on the World Summit on the Information Society" (EPIC 2004). Price: $40.

http://www.epic.org/bookstore/pvsourcebook

This resource promotes a dialogue on the issues, the outcomes, and the process of the World Summit on the Information Society (WSIS). This reference guide provides the official UN documents, regional and issue-oriented perspectives, and recommendations and proposals for future action, as well as a useful list of resources and contacts for individuals and organizations that wish to become more involved in the WSIS process.

"The Privacy Law Sourcebook 2004: United States Law, International Law, and Recent Developments," Marc Rotenberg, editor (EPIC 2005). Price: $40.

http://www.epic.org/bookstore/pls2004/

The Privacy Law Sourcebook, which has been called the "Physician's Desk Reference" of the privacy world, is the leading resource for students, attorneys, researchers, and journalists interested in pursuing privacy law in the United States and around the world. It includes the full texts of major privacy laws and directives such as the Fair Credit Reporting Act, the Privacy Act, and the OECD Privacy Guidelines, as well as an up-to-date section on recent developments. New materials include the APEC Privacy Framework, the Video Voyeurism Prevention Act, and the CAN-SPAM Act.

"Filters and Freedom 2.0: Free Speech Perspectives on Internet Content Controls" (EPIC 2001). Price: $20.

http://www.epic.org/bookstore/filters2.0

A collection of essays, studies, and critiques of Internet content filtering. These papers are instrumental in explaining why filtering threatens free expression.

EPIC publications and other books on privacy, open government, free expression, crypto and governance can be ordered at:

EPIC Bookstore
http://www.epic.org/bookstore

"EPIC Bookshelf" at Powell's Books
http://www.powells.com/bookshelf/epicorg.html

EPIC also publishes EPIC FOIA Notes, which provides brief summaries of interesting documents obtained from government agencies under the Freedom of Information Act.

Subscribe to EPIC FOIA Notes at: https:/mailman.epic.org/mailman/listinfo/foia_notes

"The Transformation of Privacy Policy," Institutions, Markets Technology Institute for Advanced Studies (IMT), Lucca, Italy, July 2-4, 2009.

Engaging Data: First International Forum on the Application and Management of Personal Electronic Information hosted by SENSEable City Lab, Massachusetts Institute of Technology. October 12-13, 2009. Submission Deadline - July 13, 2009, 5:00 p.m. For more information, http://senseable.mit.edu/engagingdata

Pan-European Dialogue on Internet Governance (EuroDIG), Geneva, Switzerland, September 14-15, 2009. For more information,
http://www.eurodig.org/

ASAP FOIA/Privacy Act Workshop, Chicago, Illinois, September 21-23, 2009. Registration: July 7, 2009 - September 11, 2009. For more information, http://www.accesspro.org/

Join the Electronic Privacy Information Center on Facebook
http://epic.org/facebook

Start a discussion on privacy. Let us know your thoughts. Stay up to date with EPIC's events. Support EPIC.

The EPIC Alert mailing list is used only to mail the EPIC Alert and to send notices about EPIC activities. We do not sell, rent or share our mailing list. We also intend to challenge any subpoena or other legal process seeking access to our mailing list. We do not enhance (link to other databases) our mailing list or require your actual name.

In the event you wish to subscribe or unsubscribe your e-mail address from this list, please follow the above instructions under "subscription information."

The Electronic Privacy Information Center is a public interest research center in Washington, DC. It was established in 1994 to focus public attention on emerging privacy issues such as the Clipper Chip, the Digital Telephony proposal, national ID cards, medical record privacy, and the collection and sale of personal information. EPIC publishes the EPIC Alert, pursues Freedom of Information Act litigation, and conducts policy research. For more information, see http://www.epic.org or write EPIC, 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009. +1 202 483 1140 (tel), +1 202 483 1248 (fax).

If you'd like to support the work of the Electronic Privacy Information Center, contributions are welcome and fully tax-deductible. Checks should be made out to "EPIC" and sent to 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009. Or you can contribute online at:

http://www.epic.org/donate

Your contributions will help support Freedom of Information Act and First Amendment litigation, strong and effective advocacy for the right of privacy and efforts to oppose government regulation of encryption and expanding wiretapping powers.

Thank you for your support.

Subscribe/unsubscribe via web interface:
http://mailman.epic.org/mailman/listinfo/epic_news

Back issues are available at:
http://www.epic.org/alert

The EPIC Alert displays best in a fixed-width font, such as Courier.

.