Epic Alert 17.20
E P I C A l e r t
Volume 17.20 October 14, 2010
Published by the
Electronic Privacy Information Center (EPIC)
"Defend Privacy. Support EPIC."
Table of Contents
 Supreme Court to Examine Personal Privacy Rights of Corporations
 EPIC Seeks Details on New Government Crypto Regulations
 Senate Considers Data Security and Breach Notification Bill
 EPIC Submits Comments on Foreign Intelligence Surveillance Court
 Federal Court Protects Innocent Targets of Government Surveillance
 News in Brief
 EPIC Book Review: "Keeping Faith with
 Upcoming Conferences and Events
TAKE ACTION: Stop Airport Strip Searches!
- JOIN Facebook Group "Stop Airport Strip Searches" and INVITE Friends
- DISPLAY the IMAGE http://thepublicvoice.org/nakedmachine.jpg
- SUPPORT EPIC http://www.epic.org/donate/
 Supreme Court to Examine Personal Privacy Rights of
The Supreme Court has agreed to review AT&T
v. FCC, a case in which the
Third Circuit Court of Appeals held that corporations have personal
The case will determine
the fate of a Freedom of Information Act request
from 2005. An industry group named CompTel filed the request for the
details about AT&T's government contract work in New
Connecticut. The work was regulated by the Federal Communications
AT&T wrote to the Commission, arguing that
it qualifies for FOIA
Exemption 7(C). Congress designed the exemption in question to prevent
any public disclosure of law enforcement
records which "could constitute
an unwarranted invasion of personal privacy." The Commission dismissed
the company's argument, holding
that corporations do not qualify for
personal privacy rights. AT&T appealed to the Third Circuit. On
September 22, 2009, The Third
Circuit overturned the FCC's decision, and
the Supreme Court granted review of the case on Sep. 28, 2010.
The case hinges on FOIA
Exemption 7(C) and the breadth of the term
"personal privacy." The Third Circuit reasoned that "personal" derives
and that "person" is defined in the Freedom of
Information Act to include corporations. The court did not address if
"personal" has any special meaning, such as "intimate," or if the
phrase "personal privacy" derives from "person."
EPIC, which advocates both for privacy and open government, is likely to
Supreme Court Grant of Certiorari for FCC v. AT&T, Inc.
Third Circuit Court of Appeals Opinion
EPIC: FCC v. AT&T
EPIC: Open Government
 EPIC Seeks Details on New Government Crypto Regulations
EPIC has sent Freedom of Information Act (FOIA) requests to the
Department of Justice, the Federal Bureau of Investigation, and the
National Security Agency for information
about a proposal to expand
Internet surveillance and deploy weakened security standards. Federal
law enforcement and national security
officials are pushing for these
changes, and the Obama administration plans to submit a bill to Congress
requires Internet companies to develop network services
that will enable government access to private communications, including
on peer-to-peer networks, such as Skype. In order to comply,
companies would be forced to develop ways to unscramble all encrypted
messages, preventing delay in pursuing government wiretaps. The new
regulations would apply to "communication service providers"
the U.S., as well as to foreign-based providers that do business here.
Critics of the proposal worry that requiring companies
to intercept and
decrypt data could create a "back door" for hackers, and could "raise
costly impediments to innovation by small
providers of encryption services will likely object to this proposal as
it will inhibit their ability to
globally market their products.
In 1996, the National Resource Council (NRC) concluded that such
technical standards make network
communications more vulnerable to cyber
attack. The NRC highlighted the importance of strong encryption for
"It is true that the spread of encryption
technologies will add to the burden of those in government who are
charged with carrying
out certain law enforcement and intelligence
activities. But the many benefits to society of widespread commercial
and private use
of cryptography outweigh the disadvantages."
This is not the first time the U.S. government has sought crypto
regulations. In 1994,
the White House announced the adoption of the
Clipper Chip, a cryptographic device intended to protect private
permitting government agents to obtain the
decryption keys upon presentation of what was vaguely characterized as
Through a FOIA request, EPIC obtained previously
unreleased documents about the Clipper Chip. The Clipper Chip died
Freedom of Information Act
EPIC: FOIA request to DOJ
New York Times: U.S. Tries to Make It Easier to Wiretap the Internet
National Resource Council Report
EPIC: Cryptography Policy
EPIC: Clipper Chip
EPIC: The Clipper Papers
 Senate Considers Data Security and Breach Notification
On September 22, 2010, the Senate Commerce Committee
Consumer Protection, Product Safety, and Insurance held a hearing on S.
3742, The Data Security and Breach Notification
Act of 2010. The
Subcommittee oversees consumer protection efforts of the Federal Trade
Commission (FTC), the National Highway Traffic
and the Consumer Product Safety Commission.
The bill focuses mainly on businesses and organizations, including
non-profits, which maintain large consumer databases, requiring them to
implement protocols to protect these databases. In the case
of a breach,
the organizations will have to notify all those affected in a timely
manner. The bill also regulates "information brokers,"
collect and sell personal information to third parties for profit, by
giving consumers the ability to access and correct
Additionally, the bill creates a national data protection standard,
pre-empting existing state laws.
is co-sponsored by Senators Pryor(D-AR) and Rockefeller(D-WV).
Senator Rockefeller, in his prepared statement, explained that the
represents a "carefully crafted compromise between consumer groups and
the business community."
Witnesses testified at the
hearing on behalf of the FTC, Consumers
Union, and multiple industry trade groups. The witnesses generally
supported the bill, but
disagreed on a few key points: the rebuttable
presumption that encrypted data is not subject to the bill's
requirements, the pre-emption
issue, and potential overlap with other
federal data protection laws.
A similar bill, H.R. 2221, passed the House last year. EPIC
Marc Rotenberg testified in support of the House bill, also recommending
that lawmakers strengthen the proposed law by adopting
definition of "personally identifiable information" and permitting
stronger state laws to remain. The Senate has not yet
Senate Commerce Committee Consumer Protection Subcommittee
Hearing Announcement and Testimony
Sen. Pryor Statement
EPIC: House Testimony
EPIC: Identity Theft
 EPIC Submits Comments on Foreign Intelligence Surveillance
EPIC has submitted comments on the proposed amendments
to the Rules of
Procedure for the Foreign Intelligence Surveillance Court (FISC).
Created by the Foreign Intelligence Surveillance
Act (FISA) of 1978, the
FISC hears applications and grants orders for electronic surveillance
and physical searches of foreign nationals
living in the United States
to gather foreign intelligence.
The FISC is a secret court and is largely non-adversarial, though
communications service providers may appear to challenge or
modify an order. The subject of an order is likely to neither learn that
he is under surveillance nor have an opportunity to appear before the
FISC. The government needs only to present evidence of probable
that the target is a foreign power or an agent of one in order to
receive a surveillance order. FISA also created the Foreign
Surveillance Court of Review to handle appeals from applications denied
The current Rules of Procedure were
promulgated in 2006. EPIC’s comments
on the proposed amendments focused on judicial independence,
congressional oversight and
transparency. The proposed amendments make a
cognizable effort towards these ends. EPIC has frequently drawn
attention to the constitutional
role of the courts as a check on the
Executive Branch. To preserve its independence and create greater
transparency, EPIC urged the
FISC to regularly publish its opinions and
allow the government to release copies of Court orders and records to
must be given more extensive reporting about the types of
applications presented, approved, and denied by the Court. Therefore,
also urged the FISC to enhance its annual reporting, increase
information available to the public, and establish a web presence.
EPIC: Comments on Proposed FISC Rules of Procedure
FISC: 2010 Proposed Rules of Procedure
FISC: 2006 Rules of Procedure
EPIC: Foreign Intelligence Surveillance Court
EPIC: Foreign Intelligence Surveillance Act
 Federal Court Protects Innocent Targets of
A federal appeals court in New York
overruled a lower court order that
would have disclosed thousands of wiretapped conversations to the
Security and Exchange Commission.
The Commission is suing Raj Rajaratnam
in a civil suit for insider trading. Mr. Rajaratnam is the founder of
the Galleon Group, a
hedge fund management firm.
The Commission sought recordings and transcripts of 18,150 private
conversations between more than 500
different individuals, which had
been compiled by the Federal Bureau of Investigation. The SEC alleges
that the communications reveal
Rajaratnam and other defendants'
involvement in insider trading. The wiretaps also include private
communications, including conversations
between Rajaratnam and his wife,
his daughter, other family members, and his doctor.
The court granted the Commission's request
to turn over all recordings
before any determination was made on whether the interceptions were
relevant or lawful. At the time of
the order, a hearing was pending in a
related criminal case to decide the legality of the wiretaps.
EPIC filed a "friend of the
court" brief on behalf of "the privacy
rights of hundreds of individuals" who had no involvement in the case.
The appeals court found
the order "clearly exceeded its discretion by
failing to limit the disclosure of the wiretapped conversations to
It also held that "the more prudent course in
the instant case may have been to adjourn" until after the question of
SEC v. Galleon
EPIC: SEC v. Galleon: "Friend of the Court" Brief
EPIC: SEC v. Galleon
 News In Brief
National Academies Releases New Report on Biometrics
The National Academies of Science has released a report entitled
Recognition: Challenges and Opportunities." The report
concluded that biometric recognition technologies are inherently
and inherently fallible. Sources of uncertainty in
biometric systems include variation within persons, sensors, feature
and matching algorithms, and data integrity. The report
recommends a more comprehensive systems level approach to the contexts,
and use of biometric technologies as well as peer-reviewed
testing and evaluation of the technologies. EPIC has urged the
of Defense to establish privacy safeguards for the biometric
database the US established of Iraqis.
The National Academies of Science
Report: "Biometric Recognition: Challenges and Opportunities"
EPIC: Letter to Secretary Gates
EPIC: Biometric Identifiers
EPIC: Iraqi Biometric Identification System
Five Billion Have Right to Information
Human rights organization Article 19 reported that over 90 countries
have adopted laws,
constitutional amendments or regulations protecting
the right to freedom of information. Additionally, over 50 countries are
proposals to adopt laws that will protect citizens’ right to
know. Article 19 commends the World Bank for its transparency
the United Nation’s Environmental Programme for enhanced access to
environmental information, and the efforts of the
U.S. and UK
governments to launch open data sites.
Five Billion Have Right to Know Statement
EPIC: Open Government
Senator Collins Responds to EPIC`s Letter on Airport Body Scanners
Senator Susan Collins has sent a letter to EPIC Director Marc
and consumer advocate Ralph Nader regarding airport body scanners.
Senator Collins stated in the letter "I agree wholeheartedly
must ensure that this new security technology is proven effective and
comes with sufficient protections to the health and
privacy of all
persons." Mr. Rotenberg and Mr. Nader had sent Senator Collins a request
for a public hearing about the security agency's
body scanner program.
The US Senate has not yet scheduled such a hearing, but leaders in the
European Parliament will examine the
issue of body scanners on October
6, 2010. EPIC will be participating in that hearing.
EPIC: Letter to Senator Collins and Senator
EPIC: Senator Collins' Response
Alliance of Liberals and Democrats for Europe
Google Adds Two-Factor Authentication to Google Apps
Google announced today that it is adding two-factor verification
Google Applications. This will allow users to set up a one-time code
delivered to a mobile phone, in addition to a regular password.
Currently this option is only available for paid Google apps, although
it will be available to all users in the coming months. If
administrator of a paid Google Apps account enables two-factor
verification, then all users will be required to submit their mobile
phone number. Google Apps operate by using cloud computing. In March
2009, EPIC filed a complaint with the Federal Trade Commission
Google's lack of adequate safeguards for its Cloud Computing Services.
Google: Two-Factor Verification
EPIC: Cloud Computing
EPIC: FTC Complaint
EPIC and 14 other privacy and consumer protection groups sent a
this new policy, twelve specific Google privacy policies
replaced by a single policy that will enable greater data sharing within
the corporation. EPIC previously raised similar
concerns about Google
Buzz in a complaint to the Federal Trade Commission. In the complaint,
EPIC argued that Google's Gmail-specific
EPIC: Letter to Google
Google: Google Buzz
EPIC: FTC Complaint
EPIC: Google Buzz
EPIC, Privacy Groups Comment on Draft Cybersecurity Policies
EPIC has joined other Privacy Groups, including the American Library
Association and the Center for Media and Democracy, in order to submit
comments on the "National Strategy for Trusted Identities
Cyberspace," (NS-TIC). The NS-TIC is a recently released draft on
policies designed to confront fraud and identity theft on the
In comment, the groups focus on "the most pressing issues for privacy,
civil liberties, and consumer rights," maintaining
that policies should
be "designed in a manner that does not discourage lawful,
constitutionally protected activity."
Center for Media and Democracy
DHS: National Strategy for Trusted Identies in Cyberspace
EPIC: Statement on National Strategy for Trusted Identies in Cyberspace
EPIC: Cybersecurity Privacy Practical Implications
 EPIC Book Review: "Keeping Faith with the Constitution"
"Keeping Faith with the Constitution," Goodwin Liu, Pamela S. Karlan,
Christopher H. Schroeder
In this accessible theoretical and legal discussion of constitutional
fidelity, law professors Goodwin Liu (also a nominee to the
Circuit), Pamela S. Karlan, and Christopher H. Schroeder, analyze
constitutional interpretation by highlighting the dynamism
founding document. The authors argue that keeping faith with the
Constitution means being "faithful to what the Constitution is: not a
legal code, not a lawyer's contract, but a basic charter of government
whose practical meaning arises from the continual
adaptation of its
enduring text and principles to the conditions and challenges facing
The authors posit that
the broad language chosen by the Framers to
express constitutional principles reflects an intention that the
of rights should not unduly limit the scope of
inalienable rights and liberties we possess." The Framers did not intend
the Constitution to be fossilized. Rather, they envisioned a document
whose vitality is realized when its principles are applied to new
thus providing opportunities for a more complete understanding
of their ideals.
Keeping Faith can be divided into three parts. The
first third of the
book discusses the history of the Constitution itself and the impact of
certain amendments, like the Reconstruction Amendments. In fact, the
authors describe the Reconstruction
Amendments as the second founding of
the United States, for it was in the Thirteenth, Fourteenth, and
Fifteenth Amendments that the
principles which guided the Framers were
The second part provides a critique of other forms of judicial
particularly that of originalism, strict
constructionism, and the living Constitution. The final third, then,
applies constitutional fidelity to broad principles— equality, freedom
of speech, promoting the general
welfare, separation of powers,
democracy, criminal justice, and liberty—by analyzing the related case
law to demonstrate how
the broad language of the constitution is given
weight and texture through judicial interpretation.
The authors' critique of dominant
forms of constitutional interpretation
is grounded in a belief that the Constitution does not change unless
properly amended. Nevertheless, the Constitution is responsive to the
social changes and consequent legal challenges that affect successive
generations of Americans (consider for
example the application of the
Fourth Amendment's 18th century language to twenty-first century
arrive at the subtle and very important point the authors are
making. Strict constructionism and originalism fail as interpretive
strategies because they result in too much uncertainty. How can we know
which Framer's interpretation of the language should be given
The living Constitution perspective fails as well because it minimizes
the fixed and enduring character of the written text. Context helps us
meaning. Constitutional fidelity pays attention to how the
principles of the Constitution are given meaning in new contexts. They
explain, "attention to real-world consequences—or to the reasonableness
judgments concerning real-world consequences—is an
ordinary part of constitutional adjudication."
Liu, Karlan, and Schroeder
succeed in providing a measured alternative
to competing forms of constitutional interpretation. They offer
grounding in the significant
cases that inform our contemporary
understanding of rights, and present a theoretical framework which first
situates the Constitution in its historical context, then explains how
the intent of the Framers is realized when we carry the values embedded
in the Constitution into our contemporary moment. The law is shaped not
only by judicial interpretation but also by how the will of the people,
in the laws passed by our legislatures. This dynamic
interplay reflects a commitment to making the Constitution relevant to
-- Nichole Rustin-Paschal
"Litigation Under the Federal
Open Government Laws 2008," edited by
Harry A. Hammitt, Marc Rotenberg, John A. Verdi, and Mark S. Zaid
(EPIC 2008). Price: $60.
Litigation Under the Federal Open Government Laws is the most
comprehensive, authoritative discussion of the federal open access
laws. This updated version includes new material regarding the
substantial FOIA amendments enacted on December 31, 2007. Many of
recent amendments are effective as of December 31, 2008. The standard
reference work includes in-depth analysis of litigation
of Information Act, Privacy Act, Federal Advisory Committee Act,
Government in the Sunshine Act. The fully updated 2008 volume is the
24th edition of
the manual that lawyers, journalists and researchers
have relied on for more than 25 years.
Privacy Law: Cases and Materials, Second Edition" Daniel
J. Solove, Marc Rotenberg, and Paul Schwartz. (Aspen 2005). Price: $98.
This clear, comprehensive introduction to the field of information
privacy law allows instructors to enliven their teaching of fundamental
concepts by addressing both enduring and emerging controversies. The
Second Edition addresses numerous rapidly developing areas of
law, including: identity theft, government data mining and electronic
surveillance law, the Foreign Intelligence Surveillance
intelligence sharing, RFID tags, GPS, spyware, web bugs, and more.
Information Privacy Law, Second Edition, builds a cohesive
for an exciting course in this rapidly evolving area of law.
"Privacy & Human Rights
2006: An International Survey of Privacy Laws
and Developments" (EPIC 2007). Price: $75.
This annual report by EPIC and Privacy International provides an
overview of key privacy topics and reviews the state of privacy
75 countries around the world. The report outlines legal protections,
new challenges, and important issues and events relating
Privacy & Human Rights 2006 is the most comprehensive report on privacy
and data protection ever published.
"The Public Voice WSIS Sourcebook: Perspectives on the World Summit on
the Information Society" (EPIC 2004). Price: $40.
This resource promotes a dialogue on the issues, the outcomes, and the
process of the World Summit on the Information Society (WSIS).
reference guide provides the official UN documents, regional and
issue-oriented perspectives, and recommendations and proposals
future action, as well as a useful list of resources and contacts for
individuals and organizations that wish to become more
involved in the
"The Privacy Law Sourcebook 2004: United States Law, International
and Recent Developments," Marc Rotenberg, editor (EPIC 2005). Price:
The Privacy Law Sourcebook, which has been called the "Physician's Desk
Reference" of the privacy world, is the leading resource
attorneys, researchers, and journalists interested in pursuing privacy
law in the United States and around the world.
It includes the full
texts of major privacy laws and directives such as the Fair Credit
Reporting Act, the Privacy Act, and the OECD
Privacy Guidelines, as
well as an up-to-date section on recent developments. New materials
include the APEC Privacy Framework, the
Video Voyeurism Prevention Act,
and the CAN-SPAM Act.
"Filters and Freedom 2.0: Free Speech Perspectives
on Internet Content
Controls" (EPIC 2001). Price: $20.
A collection of essays, studies, and critiques of Internet content
filtering. These papers are instrumental in explaining why filtering
threatens free expression.
EPIC publications and other books on privacy, open government, free
expression, crypto and governance can be ordered at:
EPIC also publishes EPIC FOIA Notes, which provides brief summaries of
interesting documents obtained
from government agencies under the
Freedom of Information Act.
Subscribe to EPIC FOIA Notes at:
 Upcoming Conferences and Events
"he Public Voice Civil Society Meeting: "Next Generation Privacy
Challenges and Opportunities." Jerusalem, Israel, 25 October 2010.
More Information: http://thepublicvoice.org/events/israel10/
Conference on the Evolving Role of the Individual in Privacy Protection:
"30 Years after the OECD Privacy Guidelines" Jerusalem,
October 2010. For More Information:
"32nd Int'l Conference of Data Protection and Privacy Commissioners"
Jerusalem, Israel, October 2010. For More Information:
"Computers, Privacy, and Data Protection Conference European Data
Protection: In Good Health?" Brussels, Belgium, 25-28 January
More Information: http://www.cpdpconferences.org/
Join EPIC on Facebook
Join the Electronic Privacy Information Center on Facebook
Start a discussion on privacy. Let us know your thoughts.
Stay up to date with EPIC's events.
The EPIC Alert mailing list is used only
to mail the EPIC Alert and to
send notices about EPIC activities. We do not sell, rent or share our
mailing list. We also intend
to challenge any subpoena or other legal
process seeking access to our mailing list. We do not enhance (link to
our mailing list or require your actual name.
In the event you wish to subscribe or unsubscribe your e-mail address
from this list,
please follow the above instructions under "subscription
The Electronic Privacy Information Center is
a public interest research
center in Washington, DC. It was established in 1994 to focus public
attention on emerging privacy issues
such as the Clipper Chip, the
Digital Telephony proposal, national ID cards, medical record privacy,
and the collection and sale
of personal information. EPIC publishes the
EPIC Alert, pursues Freedom of Information Act litigation, and conducts
policy research. For more information, see http://www.epic.org or write
EPIC, 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009. +1 202
483 1140 (tel), +1 202 483 1248 (fax).
Donate to EPIC
If you'd like to support the work of the
Electronic Privacy Information
Center, contributions are welcome and fully tax-deductible. Checks
should be made out to "EPIC" and
sent to 1718 Connecticut Ave., NW,
Suite 200, Washington, DC 20009. Or you can contribute online at:
Your contributions will help support Freedom of Information Act and
First Amendment litigation, strong and effective advocacy for the right
of privacy and efforts to oppose government regulation
of encryption and
expanding wiretapping powers.
Thank you for your support.
Subscribe/unsubscribe via web interface:
Back issues are available at:
The EPIC Alert displays best in a fixed-width font, such as Courier.
------------------------- END EPIC Alert 17.20 ------------------------