EPIC Alert 17.16
E P I C A l e r t
Volume 17.16 August 16, 2010
Published by the
Electronic Privacy Information Center (EPIC)
"Defend Privacy. Support EPIC."
Table of Contents
 Feds Admit that Body Scanner Machines Store Photos
 EPIC submits amicus in NASA v. Nelson
 Maine Law on Prescription Privacy
 Elena Kagan Confirmed as Supreme Court Justice
 Federal Appeals Court Requires Warrant for GPS Tracking
 News in
 EPIC Book Review: "Cyberwar"
 Upcoming Conferences and Events
TAKE ACTION: Stop Airport Strip Searches!
- JOIN Facebook
Group "Stop Airport Strip Searches" and INVITE Friends
- DISPLAY the IMAGE http://thepublicvoice.org/nakedmachine.jpg
- SUPPORT EPIC http://www.epic.org/donate/
 Feds Admit that Body Scanner Machines Store Photos
In an open government lawsuit against the United States Marshals
Service, EPIC has obtained more than one hundred images of undressed
individuals entering federal courthouses. The images, which are
routinely captured by the federal agency, prove that body scanning
devices store and record images of individuals stripped naked. The 100
images are a small sample of more than 35,000 collected by
EPIC has also pursued a FOIA lawsuit against the Department of Homeland
Security for images produced by the machines.
EPIC obtained agency
documents which revealed that the agency expressly required that
the full body scanners be able to store and
transmit images. The agency
has admitted to possessing around 2,000 stored images produced by the
machines, but refuses to turn them
EPIC has also filed suit to stop the deployment of the machines in US
airports. EPIC filed a petition for review and motion
for an emergency
stay, urging the D.C. Circuit Court to suspend the TSA's airportÊ
full body scanner program. EPIC said that the
"unlawful, invasive, and ineffective." EPIC argued that the federal
agency has violated the Administrative Procedures
Act, the Privacy Act,
the Religious Freedom Restoration Act, and the Fourth Amendment. EPIC
cited the invasive nature of the devices, the TSA's disregard of public
opinion, and the impact on
EPIC's Press Release Regarding Body Scanner Images
EPIC v. DOJ, EPIC's Complaint
EPIC v. DHS (FOIA)
EPIC v. DHS (Suspension of Body Scanner Program)
 EPIC Submits Amicus in NASA v. Nelson
On August 9, 2010, EPIC filed a "friend of the court" brief in the
United States Supreme Court, urging the Justices to protect the
of scientists working at NASA's Jet Propulsion Laboratory (JPL).
Twenty-seven legal and technical experts signed the brief.
In NASA v.
Nelson, the Court has been asked to determine whether the scientists'
right to "informational privacy" prohibits NASA
information concerning the individuals' medical records as a condition
of employment. EPIC's brief argues that compelled
disclosure would risk
exposing sensitive, personal health information that is insufficiently
protected by NASA.
In NASA v. Nelson,
federal contract employees at the Jet Propulsion
Laboratory filed suit against the agency. The scientists allege that
requirement that they submit to in-depth background
investigations violates the Administrative Procedure Act, their
right to informational privacy, and the Fourth
The scientists are employed by Caltech, and are not government
Rather, they are "low risk" contractors, and NASA admits
that they perform unclassified, non-sensitive work. The scientists
to NASA's policy requiring every JPL employee to submit to a
background investigation. The investigation requires the applicant to
disclose information concerning medical treatment.
The Supreme Court described the Americans' right to informational
privacy - the
"individual interest in avoiding disclosure of personal
matters." - in two 1977 cases: Whalen v. Roe and Nixon v. Administrator
General Services. EPIC's brief notes: "since the Court's 1977
analysis in Whalen, scholars and international courts have described
the importance of the right to informational privacy and opined on the
right's vital role in safeguarding individuals from data collection
disclosure." The brief details scholars' analyses of the importance of
the right to informational privacy.
Further, EPIC's brief
describes international courts' "widespread
recognition of the right to informational privacy." ÊInternational
courts have invoked
the right to informational privacy to protect
individuals' interests in their personal medical information.
have also applied the right to protect employees'
interests in refusing to disclose sensitive information to employers.
argues, "constitutional privacy safeguards are
particularly important in this case because NASA's failure to meet its
under the Privacy Act and the agency's poor data security
practices pose substantial risks to the scientists' personal
The brief details NASA's previous willful disclosure of
employees' sensitive health information, as well as the agency's
claims that its disclosures were lawful. Further, EPIC notes
that "even if the Scientists' information is ostensibly protected by
the Privacy Act, it might be disclosed through a data breach." "The
risks of such a disclosure are not, as [NASA] claim[s], a "remote
possibility." Instead, the risk of disclosure is substantial:
Independent investigators recently highlighted the agency's
to data breaches," EPIC wrote.
"Friend-of-the-court," Brief by EPIC in NASA v. Nelson (Aug. 9, 2010)
Supreme Court Docket page for NASA v. Nelson
EPIC's NASA v. Nelson page
 Maine Law on Prescription Privacy Upheld
The First Circuit Court of Appeals has upheld a Maine law that bans the
sale of prescriber-identifiable prescription drug data for
purposes. The law allows doctors who write prescriptions in Maine to
choose to make certain data about their prescription
unavailable for use by marketers. For doctors who have opted
out, the law "prohibits certain entities from licensing, using
selling, transferring, or exchanging this information for a
Data mining companies had challenged the law, claiming
that the privacy
measure violated their free speech rights. In IMS Health v. Mills, the
court rejected this argument because "the
statute regulates conduct,
not speech, and even if it regulates commercial speech, that regulation
satisfies constitutional standards."
The court also rejected an
argument by the companies that the statute should be void for
vagueness, finding that the legislature
spoke with sufficient
specificity for the law to be valid. Finally, the court rejected an
argument that Maine does not have the power
to protect its citizens'
privacy in this way.
The decision in IMS Health v. Mills followed a decision by a panel of
the same court
in IMS Health v. Ayotte, upholding a similar law in New
Hampshire. In Ayotte, as well as in a similar case still pending
a Vermont law (IMS Health v. Sorrell), EPIC and
several privacy and technology experts filed "friend of the court"
that there is a substantial state interest in privacy
protection and that the data miners' de-identification practices do
fact, protect patient privacy.
A decision in the Vermont case is expected soon.
First Circuit Opinion, IMS Health v. Mills
EPIC: IMS Health v. Ayotte
EPIC: IMS Health v. Sorrell
EPIC: Medical Privacy
 Elena Kagan Confirmed as Supreme Court Justice
This week the Senate confirmed Elena Kagan as the next Supreme Court
justice. Kagan graduated graduated summa cum laude from Princeton
University and magna cum laude from Harvard Law School. She is a former
dean of Harvard Law School and former Solicitor General in
In anticipation of Elena Kagan's confirmation hearings, EPIC sent a
letter to Senators Patrick Leahy
(D-VT) and Jeff Sessions (R-AL). In
addition to asking the Senators to consider Kagan's record on privacy,
the letter encouraged
them to ask the nominee probing questions about
her views on body scanners, consumer privacy and the Fourth Amendment,
emerging privacy issues.
As Deputy Assistant to the President for Domestic Policy and Deputy
Director of the Domestic Policy Council
for the Clinton Administration,
Kagan wrote on several privacy issues with present-day analogues. She
wrote in support of "hand held
gun detector devices" that would enable
"police...[to] potentially scan people in public places without their
knowledge." Kagan also
proposed guidelines to "allow officers to scan
liberally, particularly in airports, train stations and traffic stops."
these views pre-September 11, 2001, and the writings hint
at her views on controversial new search techniques like the TSA's full
body scanner program.
Also during her time under President Clinton, Kagan expressed views on
consumer privacy. She gave her support
to the Administration's health
care agenda, including " consumer protection reforms (to ensure
quality, prevent discrimination, and
protect privacy." Kagan also
supported privacy protection legislation to "establish strong federal
standards to ensure the confidentiality
of medical records."
More recently, as Solicitor General under President Obama, Kagan argued
against two important lower court rulings,
Comprehensive Drug Testing
v. United States and City of Ontario v. Quon. In Comprehensive Drug
Testing, the Ninth Circuit set forth
five guidelines meant to protect
privacy for law enforcement when conducting electronic searches. Kagan
argued that the Comprehensive
Drug Testing standards are too
cumbersome, and that they will undermine the ability of law enforcement
to catch criminals. Kagan
also filed an amicus brief on behalf of the
petitioners in Quon. In it, she argued that the government has no
obligation to limit
searches of text messages to protect individual
privacy. This argument is in direct opposition to the position taken in
in Quon, which argued that petitioners' searches were
overbroad and unnecessary.
Solicitor General Kagan did make several comments
during the hearing
about Constitutional interpretation and the Fourth Amendment. In
response to the first question she received from
Chairman Leahy, Kagan
said that the framers of the Constitution were wise to use broad terms.
She noted that they "didn't live with bomb sniffing dogs and heat
detecting devices." The Êstatement
was a reference to two important
Supreme Court cases, Illinois v. Caballes (2005) and Kyllo v. US (2001).
EPIC, Letter to Senators
Leahy and Sessions
EPIC, Elena Kagan and Privacy
EPIC, City of Ontario v. Quon
EPIC, Amicus Brief in City of Ontario v. Quon
Kagan's Amicus Brief in Support of Reversal in City of Ontario v. Quon
 Federal Appeals Court Requires Warrant for GPS Tracking
On August 6, 2010, the D.C. Circuit Court of Appeals ruled
must obtain a warrant before using Global Positioning System (GPS)
devices to monitor vehicles. GPS tracking constitutes
a seizure under
the U.S. Constitution because "prolonged GPS monitoring reveals an
intimate picture of the subject's life that he expects no one to have,"
the Court held.
In United States v. Maynard, criminal defendants challenged the
constitutionality of warrantless electronic tracking of civilians'
by the police. DC Police installed a global positioning system ("GPS")
device on Jones's Jeep, and tracked his movements around
the clock. The
tracking data was used as evidence at the criminal trial. GPS-based
systems can record a vehicle's location and speed
around the clock, and
transmit the data to law enforcement agents. Jones argued that the
conviction "should be overturned because
the police violated the Fourth
Amendment prohibition of_unreasonable searches by tracking his
movements 24 hours a day for four weeks
É without a valid warrant."
The court held that the police's GPS surveillance was unlawful, because
it enabled the police to "track
Jones's movements 24 hours a day for 28
days as he moved among scores of places, thereby discovering the
totality and pattern of
his movements from place to place to place."
The court noted that United States v. Knotts, a 1983 Supreme Court case
rudimentary warrantless electronic surveillance of cars,
does not authorize warrantless GPS tracking.
The DC Circuit decision follows
two other federal appeals court
opinions that authorized warrantless GPS tracking, United States v.
Pineda-Moreno and United States
v. Garcia. Conversely, the New York and
Washington state supreme courts have barred warrantless GPS tracking.
The Massachusetts Supreme
Judicial Court also held that a warrant is
required for the use of a GPS tracking device. EPIC filed an amicus
brief in the case,
Commonwealth v. Connolly. EPIC urged the Justices to
require a warrant before police covertly track drivers using concealed
technology. EPIC said the proliferation of police tracking
devices "creates a large, and largely unregulated, repository
detailed travel profiles of American citizens." The EPIC
brief warned that "law enforcement access to such information raises
specter of mass, pervasive surveillance without any predicate act
that would justify this activity."
EPIC said that GPS systems
are becoming increasingly widespread, and
identified particular growth among vehicle-installed GPS systems. The
is currently tracking drivers in six states using
GPS tracking systems designed to assess a mileage tax as an adjunct or
for federal gasoline tax revenue. Several states, including
Massachusetts, have proposed similar plans, which are often called "VMT
(Vehicle Miles Traveled)" regimes. Some private firms, including UPS,
mandate GPS tracking on their vehicles. Others, such as OnStar,
GPS tracking services to the public. The brief explains that, as GPS
trackers become more commonplace, it is easier for law
engage in large-scale, simultaneous surveillance of multiple
individuals. Such ease raises the troubling prospect
of mass, pervasive
surveillance. EPIC's brief urges the court to require a warrant, based
on independent judicial review of the evidence,
prior to law
enforcement use of GPS tracking.
DC Circuit decision - United States v. Maynard
"Friend-of-the-court," Brief by EPIC in Commonwealth v. Connolly
Massachusetts Supreme Judicial Court Docket page forÊ
Commonwealth v. Connolly
EPIC's Commonwealth v. Connolly page
 News in Brief
Governments Demand Unencrypted Message Data from Blackberry Devices
Several countries have made demands on Blackberry's parent
company, Research in Motion (RIM). Saudi Arabia, India, and others have
demanded that the company, which relies on its security as
point, begin turning over unencrypted message data to law enforcement.
The Saudi and Indian governments are threatening
to shut down RIM's
services in their respective countries if the company doesn't comply.
Sources have reported that RIM has reached
an agreement with the Saudi
government that will allow for the sharing of at least some data.
EPIC: Privacy and Human Rights
Research in Motion
Town Uses Google Maps to Check for Pools
Riverhead, New York, a town on Long Island, used Google Maps to
investigate which of
its residents have pools, then checked those
addresses against its own database to find pools without proper
permits. Town officials
report that they found roughly 250 unlicensed
pools, totaling fees around $75,000.
NBC New York, Heads Up! Google Earth Used to
Track Illegal Pools onÊ
Fox News, Google Earth Watching Your Backyard ...And Maybe More
Google Office Raided in South Korea over Street View Wi-Fi
Google's office in Seoul, South Korea has been raided by the Korean
National Police Agency over the company's collection of unencrypted
Wi-Fi data through its Google Earth street mapping program. According
to a statement from the agency, officials arrived at the office with a
search warrant, seized materials, and will ask Google to turn
data that the company collected since it launched the program in Korea.
The raid involved the agency's Cyber Terror Response
Center. With this
action, South Korea becomes the latest in a long line of countries and
U.S. states that have begun investigations
into Google's collection of
wireless internet data.
KNPA Press Release (translated from Korean)
ÊÊ Ê http://www.epic.org/redirect/081110newsrelease.html
EPIC: Investigations of Google Street View
ÊÊ Ê http://epic.org/privacy/streetview/
New York Times, Police in South Korea Raid Google's Office
 EPIC Book Review
"Cyberwar" - Richard A Clarke
Available for purchase at: http://epic.org/redirect/081610booklink.html
Richard A. Clarke, who served as an advisor to Presidents George H.W.
Bush, Bill Clinton, and George W. Bush, explores the threats
solutions presented by our wired society in his new book "Cyberwar."
Clarke's book allows the reader to see how the government
cyber security threats.
Clarke begins the book by describing several attempts at cyberwar that
have already occurred.
His narratives involving cyber conflicts in
Georgia, Estonia, and Korea are compelling. Clarke describes cyber
threats in ways that
are easy for laymen to understand. Clarke also
recounts the state of cyber security in the past three administrations
and finds each
Along the way, Clarke touches on many old conflicts between the cyber
security community and the privacy
and civil liberties communities,
including the controversy over the clipper chip. EPIC actively opposed
the clipper chip technology,
which would have created a backdoor into
individuals' private computers. The program failed in the face of
Clarke criticizes the lack of organization within the government,
especially within the Department of Homeland Security, and faults
the Obama Administration's "inaction" on cyber security issues.
President Obama has, however, been working with Howard Schmidt,
a former Microsoft security executive who has now been appointed
cyber security coordinator for the administration and with Timothy
Edgar, a former American Civil Liberties Union attorney, to assure
that a balance is struck between cyber security and civil liberties.
In a speech on cyber security in May 2009, Obama stated "Our pursuit
of cybersecurity will not include Ñ I repeat, will not include
monitoring private sector networks or internet traffic." "We will
preserve and protect the personal privacy and civil liberties
we cherish as Americans," he said.
Clarke acknowledges that privacy and civil liberties are
important issues in any discussion
regarding cyber security. He
concedes that, in recent years, the government has done much to lose
the trust of the American public
and advocates the creation of
"empowered, independent organizations to investigate whether abuses are
occurring and to bring legal
action against those who are violating
privacy laws and civil liberties." But Clarke fails to acknowledge the
of post-hoc immunity and toothless "independent"
federal agencies. Even independent agencies that are empowered to
enforce law and
regulation often lack political will to do so.
Experts have also questioned the extent of the risk presented by cyber
runs through several scenarios which, while well
written and interesting, may be hyperbolic. In a recent debate hosted
Squared, EPIC Director Marc Rotenberg and security
expert Bruce Schneier argued that the threat of cyberwar has been
Intelligence Squared Debate available at:
ÊÊ Ê http://www.epic.org/redirect/081110debate.html
"Litigation Under the Federal Open Government Laws 2008," edited by
Harry A. Hammitt, Marc Rotenberg, John A. Verdi,
and Mark S. Zaid
(EPIC 2008). Price: $60.
Litigation Under the Federal Open Government Laws is the most
comprehensive, authoritative discussion of the federal open access
laws. This updated version includes new material regarding the
substantial FOIA amendments enacted on December 31, 2007. Many of
recent amendments are effective as of December 31, 2008. The standard
reference work includes in-depth analysis of litigation
of Information Act, Privacy Act, Federal Advisory Committee Act,
Government in the Sunshine Act. The fully updated 2008 volume is the
24th edition of
the manual that lawyers, journalists and researchers
have relied on for more than 25 years.
Privacy Law: Cases and Materials, Second Edition" Daniel
J. Solove, Marc Rotenberg, and Paul Schwartz. (Aspen 2005). Price: $98.
This clear, comprehensive introduction to the field of information
privacy law allows instructors to enliven their teaching of fundamental
concepts by addressing both enduring and emerging controversies. The
Second Edition addresses numerous rapidly developing areas of
law, including: identity theft, government data mining and electronic
surveillance law, the Foreign Intelligence Surveillance
intelligence sharing, RFID tags, GPS, spyware, web bugs, and more.
Information Privacy Law, Second Edition, builds a cohesive
for an exciting course in this rapidly evolving area of law.
"Privacy & Human Rights
2006: An International Survey of Privacy Laws
and Developments" (EPIC 2007). Price: $75.
This annual report by EPIC and Privacy International provides an
overview of key privacy topics and reviews the state of privacy
75 countries around the world. The report outlines legal protections,
new challenges, and important issues and events relating
Privacy & Human Rights 2006 is the most comprehensive report on privacy
and data protection ever published.
"The Public Voice WSIS Sourcebook: Perspectives on the World Summit on
the Information Society" (EPIC 2004). Price: $40.
This resource promotes a dialogue on the issues, the outcomes, and the
process of the World Summit on the Information Society (WSIS).
reference guide provides the official UN documents, regional and
issue-oriented perspectives, and recommendations and proposals
future action, as well as a useful list of resources and contacts for
individuals and organizations that wish to become more
involved in the
"The Privacy Law Sourcebook 2004: United States Law, International
and Recent Developments," Marc Rotenberg, editor (EPIC 2005). Price:
The Privacy Law Sourcebook, which has been called the "Physician's Desk
Reference" of the privacy world, is the leading resource
attorneys, researchers, and journalists interested in pursuing privacy
law in the United States and around the world.
It includes the full
texts of major privacy laws and directives such as the Fair Credit
Reporting Act, the Privacy Act, and the OECD
Privacy Guidelines, as
well as an up-to-date section on recent developments. New materials
include the APEC Privacy Framework, the
Video Voyeurism Prevention Act,
and the CAN-SPAM Act.
"Filters and Freedom 2.0: Free Speech Perspectives
on Internet Content
Controls" (EPIC 2001). Price: $20.
A collection of essays, studies, and critiques of Internet content
filtering. These papers are instrumental in explaining why filtering
threatens free expression.
EPIC publications and other books on privacy, open government, free
expression, crypto and governance can be ordered at:
EPIC also publishes EPIC FOIA Notes, which provides brief summaries of
obtained from government agencies under the
Freedom of Information Act.
Subscribe to EPIC FOIA Notes at:
 Upcoming Conferences and Events
Privacy and Security
in the Future Internet
3rd Network and Information Security (NIS'10) Summer School
Crete, Greece, September 13-17 2010.
Internet Governance Forum 2010
Vilnius, Lithuania, 14-16 September 2010.
For more information:
"32nd Int'l Conference of Data Protection and Privacy Commissioners"
Jerusalem, October 2010.
For more information:
The Public Voice Civil Society Meeting:
"Next Generation Privacy Challenges and Opportunities"
Jerusalem, October 25, 2010
Join EPIC on Facebook
Join the Electronic Privacy Information Center on Facebook
Start a discussion on privacy. Let us know your thoughts.
Stay up to date with EPIC's events.
The EPIC Alert mailing list is used only
to mail the EPIC Alert and to
send notices about EPIC activities. We do not sell, rent or share our
mailing list. We also intend
to challenge any subpoena or other legal
process seeking access to our mailing list. We do not enhance (link to
our mailing list or require your actual name.
In the event you wish to subscribe or unsubscribe your e-mail address
from this list,
please follow the above instructions under "subscription
The Electronic Privacy Information Center is
a public interest research
center in Washington, DC. It was established in 1994 to focus public
attention on emerging privacy issues
such as the Clipper Chip, the
Digital Telephony proposal, national ID cards, medical record privacy,
and the collection and sale
of personal information. EPIC publishes the
EPIC Alert, pursues Freedom of Information Act litigation, and conducts
policy research. For more information, see http://www.epic.org or write
EPIC, 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009. +1 202
483 1140 (tel), +1 202 483 1248 (fax).
Donate to EPIC
If you'd like to support the work of the
Electronic Privacy Information
Center, contributions are welcome and fully tax-deductible. Checks
should be made out to "EPIC" and
sent to 1718 Connecticut Ave., NW,
Suite 200, Washington, DC 20009. Or you can contribute online at:
Your contributions will help support Freedom of Information Act and
First Amendment litigation, strong and effective advocacy for the right
of privacy and efforts to oppose government regulation
of encryption and
expanding wiretapping powers.
Thank you for your support.
Subscribe/unsubscribe via web interface:
Back issues are available at:
The EPIC Alert displays best in a fixed-width font, such as Courier.
------------------------- END EPIC Alert 17.15 ------------------------