EPIC Alert 17.21
E P I C A l e r t
Volume 17.21 October 21, 2010
Published by the
Electronic Privacy Information Center (EPIC)
"Defend Privacy. Support EPIC."
Table of Contents
 EPIC Launches Privacy 2010 Campaign
 Obama Administration Receives Harsh Reviews in 2010 Report Card
 EPIC Receives Documents
on DHS Biometric Plans
 Public Voice Meeting to be Held in Jerusalem
 Investigation of Google Street View Moves Forward in
 News in Brief
 EPIC Book Review: "The Silent State"
 Upcoming Conferences and Events
TAKE ACTION: Stop Airport
- JOIN Facebook Group "Stop Airport Strip Searches" and INVITE Friends
- DISPLAY the IMAGE http://thepublicvoice.org/nakedmachine.jpg
- SUPPORT EPIC http://www.epic.org/donate/
 EPIC Launches Privacy 2010 Campaign
The Electronic Privacy Information Center (EPIC) launched the Privacy
2010 campaign at a press conference at the Mott House, next
Supreme Court on Capitol Hill. EPIC released a Privacy Platform with
recommended positions on ten key privacy issues. The
speakers from EPIC, the Center for Digital Democracy, Consumer Action,
the Council on American-Islamic Relations,
and the Liberty Coalition.
The speakers discussed a range of topics at the event, including
government surveillance and consumer
protection. Aaron Titus,
Information Privacy Director of the Liberty Coalition, delivered a
spellbinding speech on the forces eroding
public awareness of privacy.
"Elected officials have done little to advance the public discourse.
Instead, the public discussion
has been dominated by DHS, the TSA,
Google, Facebook, and others. These entities have drastically narrowed
the definition of privacy,
often attempting to narrow it to nothing more
Jeff Chester, the Executive Director of the Center for Digital
provided a rigorous analysis of "the business model created
by online marketers that continually expands the data collection and
profiling and targeting of consumers around the world." After addressing
the audience in attendance the speakers took questions from
As part of the Privacy 2010 campaign, EPIC launched a Facebook Cause
page. The Cause page allows people to sign on to
show their support,
donate, discuss emerging privacy issues regarding the upcoming
elections, and also features photographs from
events association with
the Campaign. As part of the campaign, EPIC released a Privacy Report
Card for the Obama administration with
grades on medical privacy, cyber
security, consumer privacy, and civil liberties.
EPIC: Privacy 2010 Campaign Platform
EPIC: Privacy 2010 Facebook Cause Page
EPIC: Body Scanners
EPIC: Medical Privacy
EPIC: Cloud Computing
 Obama Administration Receives Harsh Reviews in 2010
In a special event as part of the Privacy 2010
Campaign, the Electronic
Privacy Information Center (EPIC) has released the 2010 Privacy Report
Card for the Obama Administration.
The Report Card focuses on
developments over the past year in the areas of medical privacy, civil
liberties, consumer protection,
The report card was formerly unveiled at the Mott House, on Capital
Hill. EPIC's executive director, Marc Rotenberg,
briefly discussed the
grades from 2009 and the rationale for the new marks. 2010 grades
include two B's (medical privacy and cyber-security),
a C (consumer
privacy), and a D (civil liberties). These were significant drops from
2009, when the Administration received an Incomplete
privacy), an A- (medical privacy), a B (cyber-security), and a C+ (civil
After the unveiling, a panel composed
of privacy experts in each area
discussed their own views on the Administration. The panel included:
prominent consumer attorney
Philip Friedman, Dr. Latanya Sweeney of
Carnegie Mellon University, Paul Smith from Jenner and Block, and
Georgetown's Pablo G. Molina.
Following the presentations, guests asked questions and engaged the
speakers in a dialogue. When asked what they would like to see
Administration do over the coming year to improve grades in 2011, each
panelist offered recommendations, such as the creation
of private rights
of action for consumer privacy violations, cessation of the full body
scanner program, and the development of a
more robust privacy
The Privacy Report Card is a tradition that EPIC started in 2009 to
raise awareness of how privacy
issues are handled by the President and
his Administration. The Privacy 2010 Campaign encourages citizens to
on key privacy issues before the November elections.
EPIC: Privacy 2010 Campaign Platform
EPIC: Privacy 2010 Facebook Cause Page
EPIC: 2009 Privacy Report Card
EPIC: 2010 Privacy Report Card
 EPIC Receives Documents on DHS Biometric Plans
EPIC has obtained hundreds of pages of government biometrics plans as a
result of a Freedom of Information Act (FOIA) Request. The documents,
from DHS, detail the agency's plans to implement biometric technology,
including facial recognition,
DNA identifiers, and iris scans.
These documents reveal that the agency plans to create vast biometric
databases, which will be
shared not only with other agencies, but also
with other countries. The list of cooperating countries currently
Canada, and the United Kingdom. DHS plans to expand
this information sharing community to include Germany, Korea, Czech
Latvia, Lithuania, Hungary, Slovakia, Estonia, Malta, Italy,
Spain, Portugual, and Mexico. These biometrics databases will also be
linked the terrorist watchlists.
The documents also reveal the agency plans to implement several new
technologies related to biometrics.
The DHS will implement biometric
technology on mobile devices and in crowd scanning technology.
While the documents were otherwise
quite detailed, privacy concerns were
only briefly mentioned.
EPIC has previously submitted comments on biometrics programs, including
January 19, 2010 comments to the US Customs and Border Protection urging
the agency to “to revise its establishment of the
Global Entry program
and to reconsider the privacy and security implications of the program.”
DHS: Biometrics Program Documents
EPIC: DHS Biometric Program
EPIC: Comments to Customs and Border Protection (January 19, 2010)
 Public Voice Meeting to be Held in Jerusalem
On October 25, 2010 the Public Voice will host, "Next Generation Privacy
Challenges and Opportunities" in Jerusalem, Israel. This
event will be
held in conjunction with the 32nd International Conference of Data
Protection and Privacy Commissioners from Oct. 27-29th
in Jerusalem. The
Organization for Economic Cooperation and Development (OECD) has also
scheduled a symposium on October 26th to
celebrate the 30th anniversary
of the OECD Privacy Guidelines.
The Public Voice Coalition was established in 1996 by the Electronic
Privacy Information Center (EPIC) to promote public participation in
decisions concerning the future of the Internet. The Public
pursued issues ranging from privacy and freedom of expression to
consumer protection and Internet governance.
international conferences, reports, and funding for travel, the
Public Voice project seeks to increase the presence of Non-Governmental
Organizations at meetings across the globe. In cooperation with the
OECD, the United Nations Educational Scientific and Cultural
Organizations (UNESCO), and other international organizations, the
Public Voice brings civil society leaders face to face with government
officials for constructive engagement about current policy issues.
Public Voice events have been held in Buenos Aires, Cape Town,
Hong Kong, Honolulu, Kuala Lumpur, Ottawa, Paris, Washington, and
The conference in Jerusalem will review progress
on the Madrid
Declaration and examine topics such as airport full body scanners,
biometric identity systems, and the establishment
frameworks for privacy protection. The conference is co-sponsored by the
Israeli Law, Information, and Technology
Lillie Coney, Associate Director of The Electronic Privacy Information
Center, will chair the event. Many other
groups from across the globe
are participating, including the Palestinian Peace Society, Association
for Civil Rights in Israel,
Consumers Korea, Interfaith Encounter,
Privacy International, Electronic Frontier Foundation, and the
Australian Privacy Foundation.
Public Voice Jerusalem Conference
32nd Int'l Conference of Data Protection and Privacy Commissioners
 Investigation of Google Street View Moves Forward
The Spanish Data Protection Agency has filed suit
against Google, Inc.
and Google Spain for five violations of Spanish law. The Agency found
that Google's Street View service infringed
the Spanish Data Protection
Act by collecting personal data from Wi-Fi networks and transferring
that data internationally.
suit followed an investigation begun in May 2010 by the Agency. The
investigation discovered that Google collected and stored personal
including names and addresses associated with email messages and social
network accounts and websites, transmitted through
open Wi-Fi networks.
The investigation also found that Google collected location
identification data of the wireless networks, such
as Service Set
Identifiers (SSIDs) and Media Access Control (MAC) addresses that
contained subscribers' real names. Google was found
not to have observed
the Data Protection Act's compliance requirements for the authorization
of international transfers of data.
Many other countries are currently investigating Google Street View. The
Office of the Privacy Commissioner of Canada concluded
investigation of Google Street View that Google had violated Canadian
law when Street View collected personally identifiable
Czech Office for Personal Data Protection turned down Google's
application to collect personal data for Street View.
National Commission on Computing and Liberty (CNIL) released a report on
its investigation, finding that Google "saved
passwords for access to
mailboxes" and obtained electronic messages. Among U.S. states
investigating Google Street View are Connecticut,
Massachusetts, and Missouri.
In May, EPIC urged the Federal Communications Commission to open an
into Street View, as Google's practices appear to violate
U.S. federal wiretap laws as well as the U.S. Communications Act. Google
has admitted that it intercepted and stored Wi-Fi transmission data.
Spanish Data Protection Agency (APED)
Spanish DPA: Press Release
Office of the Privacy Commissioner of Canada, Press Release,
EPIC: Letter to Jules Genachowski, FCC Chairmen (May 18, 2010)
Google Official Blog: Wi-Fi Data Collection
EPIC: Google Streetview
 News In Brief
Canada: Google Street View Violates Privacy Laws
Canada's Privacy Commissioner has determined that Google violated
law when the company's Street View cars collected user
information from wireless networks. The personal information Google
included e-mails and the names, addresses, and home phone
numbers of people suffering from a certain medical condition. The
called on Google to strengthen its controls and designate
an individual to be responsible for privacy issues. In May, EPIC urged
the Federal Communications Commission to open an investigation into
Street View, as Google's practices appear to violate U.S. federal
wiretap laws as well as the U.S. Communications Act.
Privacy Commissioner of Canada: News Release on Google Street View
EPIC: Google Street View
U.S. Federal Wiretap Laws
U.S. Communications Act
New Social Networking Privacy Poll Released, Kids Privacy Campaign Launched
According to a national poll from Common Sense Media,
three out of four
parents believe that social network services do not adequately protect
children's online privacy. The Common Sense
Media "Protect Our Privacy -
Protect Our Kids" campaign calls for opt-in consent, clear and simple
privacy statements, updated privacy
laws, and a prohibition on
behavioral marketing for kids. EPIC filed comments with the Federal
Trade Commission aimed at improving
the Children's Online Privacy
Protection Act (COPPA). Marc Rotenberg, executive director of the
Electronic Privacy Information Center,
testified before the Senate
Commerce Committee earlier this year, and urged Congress to extend COPPA
to cover social networks and
Common Sense Media: Poll Results
EPIC: Comments to FTC on COPPA
Children's Online Privacy Protection Act
EPIC: Marc Rotenberg COPAA Testimony
Senate Commerce Committee: Consumer Products Subcommittee
Web Companies Defend Data Collection Practices, Google Absent
Eleven Internet companies responded to Rep. Markey and Rep. Barton's
request for information regarding their data collection practices.
However, the companies said that it is "impossible" for them to
eliminate online tracking of consumer behavior. Google refused to
respond to the survey questions. At the same time, Microsoft, Intel
Corp. and E-bay announced support for Rep. Rush's "Best Practices Act."
This bill contains a private right of action as well as a
for companies that comply with a self-regulatory "Choice Program"
approved by the Federal Trade Commission. Marc Rotenberg,
director of the Electronic Privacy Information Center, recently
testified before Chairman Rush's committee and recommended
safeguards for Internet users.
Rep. Markey and Rep. Barton Request for Information
Internet Companies' Responses to Rep. Markey and Rep. Barton
H.R.5777: "Best Practices Act"
EPIC: Marc Rotenberg Testimony at House Energy and Commerce Committee
EPIC: Identity Theft
Congressmen Question Facebook About Latest Privacy Breach
Congressmen Ed Markey (D-MA) and Joe Barton (R-TX) sent a letter to
Facebook about the news that Facebook's business partners transmitted
personal user data to advertising and Internet tracking companies
violation of the company's policy. EPIC has two complaints pending at
the Federal Trade Commission regarding Facebook's unfair
Rep. Markey and Rep. Barton Letter to Facebook
Facebook: Engineer Blog Post
EPIC: FTC Facebook Complaint
EPIC: FTC Facebook Complaint II
FTC Proposes Consent Decree in U.S. Search Case
The FTC is asking for comments on a proposed settlement of the Agency's
against U.S. Search for deceptive practices. U.S. Search sold
customers a "privacy lock" service which the company falsely claimed
would prevent customers' personal information from appearing on the U.S.
Search website. The proposed settlement requires U.S. Search
fees and bars the company from further deceptive practices, but does not
stop them from charging for this type of opt-out
FTC: News Release
FTC: Proposed Consent Decree
FTC: Complaint against U.S. Search
 EPIC Book Review: "The Silent State"
"The Silent State: Secrets, Surveillance and the Myth of British
Democracy," Heather Brooke
Heather Brooke's The Silent State is
a scathing attack on British
democracy, or, more accurately, the lack of it. Brooke is one of
Britain's most prominent investigate
journalists; she was the force
behind the recent scandal that exposed the misuse of taxpayer funds by
Members of Parliament. The
book is written similar to a manifesto,
exposing the myriad of ways in which the government of Britain attempts
to hide and distort
information that Brooke believes citizens have a
right to know.
Brooke begins with a discussion of how much information the government
collects about each individual citizen, especially children. She
describes in detail the various government databases and how they
up a massive "surveillance bureaucracy." This data the government
collects can become "dangerous," according to Brooke, when
takes over your identity." "In secrecy," she writes, "bureaucracies
grow large, ungainly and unaccountable to those they
are meant to
Brooke then turns her attention to an examination of the government
public relations machine and the way in
which it manufactures reality.
In contrast to the first part of the book, here she emphasizes the
minimal information the government
is willing to reveal to its citizens.
Brooke points out how much more money is spent on public relations and
spin, as opposed to
actual action, and how official spokespeople are
often quoted anonymously, allowing them to escape individual
what they say. On the topic of police department
public relations, Brooke analyzes how crime statistics are manipulated
to give citizens
a false sense of security.
More importantly than the way the British government spins the
information it reveals is how it hides
even the most basic of
information from its citizens. British citizens lack access to all kinds
of information that we take for granted
in the United States: for
example, there is no easy way to find out school testing results or how
a Member of Parliament voted on
an issue. When citizens attempted to
build websites publicizing civic information, Brooke's details how
government officials stymied
them at every turn. This type of secrecy
extends to the judicial system in Britain as well, where you are not
allowed to take notes
during the proceedings and reporters have
difficulty accessing information on cases.
Brooke writes informally, as if she is talking,
and often shouting,
directly at the reader. This can be tiring at times, though it does not
cloud the central theme of her work and
how she has exposed the "myth of
British democracy." The Silent State reminds us all that in order to
function properly, democracies
need the constant vigilance and activism
of citizens like Brooke.
-- Sharon Goott Nissim
"Litigation Under the Federal Open Government Laws 2008," edited by
Harry A. Hammitt, Marc Rotenberg, John A. Verdi,
and Mark S. Zaid
(EPIC 2008). Price: $60.
Litigation Under the Federal Open Government Laws is the most
comprehensive, authoritative discussion of the federal open access
laws. This updated version includes new material regarding the
substantial FOIA amendments enacted on December 31, 2007. Many of
recent amendments are effective as of December 31, 2008. The standard
reference work includes in-depth analysis of litigation
of Information Act, Privacy Act, Federal Advisory Committee Act,
Government in the Sunshine Act. The fully updated 2008 volume is the
24th edition of
the manual that lawyers, journalists and researchers
have relied on for more than 25 years.
Privacy Law: Cases and Materials, Second Edition" Daniel
J. Solove, Marc Rotenberg, and Paul Schwartz. (Aspen 2005). Price: $98.
This clear, comprehensive introduction to the field of information
privacy law allows instructors to enliven their teaching of fundamental
concepts by addressing both enduring and emerging controversies. The
Second Edition addresses numerous rapidly developing areas of
law, including: identity theft, government data mining and electronic
surveillance law, the Foreign Intelligence Surveillance
intelligence sharing, RFID tags, GPS, spyware, web bugs, and more.
Information Privacy Law, Second Edition, builds a cohesive
for an exciting course in this rapidly evolving area of law.
"Privacy & Human Rights
2006: An International Survey of Privacy Laws
and Developments" (EPIC 2007). Price: $75.
This annual report by EPIC and Privacy International provides an
overview of key privacy topics and reviews the state of privacy
75 countries around the world. The report outlines legal protections,
new challenges, and important issues and events relating
Privacy & Human Rights 2006 is the most comprehensive report on privacy
and data protection ever published.
"The Public Voice WSIS Sourcebook: Perspectives on the World Summit on
the Information Society" (EPIC 2004). Price: $40.
This resource promotes a dialogue on the issues, the outcomes, and the
process of the World Summit on the Information Society (WSIS).
reference guide provides the official UN documents, regional and
issue-oriented perspectives, and recommendations and proposals
future action, as well as a useful list of resources and contacts for
individuals and organizations that wish to become more
involved in the
"The Privacy Law Sourcebook 2004: United States Law, International
and Recent Developments," Marc Rotenberg, editor (EPIC 2005). Price:
The Privacy Law Sourcebook, which has been called the "Physician's Desk
Reference" of the privacy world, is the leading resource
attorneys, researchers, and journalists interested in pursuing privacy
law in the United States and around the world.
It includes the full
texts of major privacy laws and directives such as the Fair Credit
Reporting Act, the Privacy Act, and the OECD
Privacy Guidelines, as
well as an up-to-date section on recent developments. New materials
include the APEC Privacy Framework, the
Video Voyeurism Prevention Act,
and the CAN-SPAM Act.
"Filters and Freedom 2.0: Free Speech Perspectives
on Internet Content
Controls" (EPIC 2001). Price: $20.
A collection of essays, studies, and critiques of Internet content
filtering. These papers are instrumental in explaining why filtering
threatens free expression.
EPIC publications and other books on privacy, open government, free
expression, crypto and governance can be ordered at:
EPIC also publishes EPIC FOIA Notes, which provides brief summaries of
interesting documents obtained
from government agencies under the
Freedom of Information Act.
Subscribe to EPIC FOIA Notes at:
 Upcoming Conferences and Events
"Future Tense." The New America Foundation, Washington, D.C., 25 October
2010. For More Information:
Hearing: "Data Protection in a Transatlantic Perspective." European
Parliament Committee on Civil Liberties, Justice, and Home
(LIBE), Brussels, Belgium, 25 October 2010. For More Information:
"The Public Voice Civil Society Meeting: Next Generation Privacy
Challenges and Opportunities." Jerusalem, Israel, 25 October 2010.
More Information: http://thepublicvoice.org/events/israel10/.
Conference on the Evolving Role of the Individual in Privacy Protection:
"30 Years after the OECD Privacy Guidelines" Jerusalem,
October 2010. For More Information:
"32nd Int'l Conference of Data Protection and Privacy Commissioners"
Jerusalem, Israel, October 2010. For More Information:
"Broadband Networks and Smart Grid at the Crossroad Between ICT &
Energy." Columbia Business School, New York, New York, 3 December
For More Information:
"Computers, Privacy, and Data Protection Conference European Data
Protection: In Good Health?" Brussels, Belgium, 25-28 January
More Information: http://www.cpdpconferences.org/.
"The Tenth Workshop on Economics of Information Security." The George
Mason University, 14-15 June 2011. For More Information:
Join EPIC on Facebook
Join the Electronic Privacy Information Center on Facebook
Start a discussion on privacy. Let us know your thoughts.
Stay up to date with EPIC's events.
The EPIC Alert mailing list is used only
to mail the EPIC Alert and to
send notices about EPIC activities. We do not sell, rent or share our
mailing list. We also intend
to challenge any subpoena or other legal
process seeking access to our mailing list. We do not enhance (link to
our mailing list or require your actual name.
In the event you wish to subscribe or unsubscribe your e-mail address
from this list,
please follow the above instructions under "subscription
The Electronic Privacy Information Center is
a public interest research
center in Washington, DC. It was established in 1994 to focus public
attention on emerging privacy issues
such as the Clipper Chip, the
Digital Telephony proposal, national ID cards, medical record privacy,
and the collection and sale
of personal information. EPIC publishes the
EPIC Alert, pursues Freedom of Information Act litigation, and conducts
policy research. For more information, see http://www.epic.org or write
EPIC, 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009. +1 202
483 1140 (tel), +1 202 483 1248 (fax).
Donate to EPIC
If you'd like to support the work of the
Electronic Privacy Information
Center, contributions are welcome and fully tax-deductible. Checks
should be made out to "EPIC" and
sent to 1718 Connecticut Ave., NW,
Suite 200, Washington, DC 20009. Or you can contribute online at:
Your contributions will help support Freedom of Information Act and
First Amendment litigation, strong and effective advocacy for the right
of privacy and efforts to oppose government regulation
of encryption and
expanding wiretapping powers.
Thank you for your support.
Subscribe/unsubscribe via web interface:
Back issues are available at:
The EPIC Alert displays best in a fixed-width font, such as Courier.
------------------------- END EPIC Alert 17.21 ------------------------