WorldLII Home | Databases | WorldLII | Search | Feedback

EPIC Alert

You are here:  WorldLII >> Databases >> EPIC Alert >> 2010 >> [2010] EPICAlert 25

Database Search | Name Search | Recent Articles | Noteup | LawCite | Help

EPIC Alert 17.25 [2010] EPICAlert 25

EPIC Alert 17.25

                            E P I C   A l e r t
Volume 17.25                                         December 17, 2010

                           Published by the
               Electronic Privacy Information Center (EPIC)
   Washington, D.C.


                    "Defend Privacy. Support EPIC."

                  Report All Screening Experiences at
                   EPIC Body Scanner Incident Report

Table of Contents
[1] U.S. Government Pressures Companies to Cut Off Wikileaks
[2] EPIC Submits Comments on DHS Fusion Center Proposals
[3] Congress,
FTC Privacy Report Examine Possibilities of Do Not Track 
[4] Briefing Schedule Announced in EPIC v. DHS, the Body Scanners Case
[5] Google's Street View Practices Face Continued Legal Scrutiny 
[6] News in Brief
[7] EPIC's Holiday Wish List: Gift Ideas
Upcoming Conferences and Events

TAKE ACTION: Stop Airport Strip Searches!
- JOIN Facebook Group "Stop Airport Strip Searches" and
INVITE Friends

[1] U.S. Government Pressures Companies to Cut Off Wikileaks

The release of thousands of leaked diplomatic cables by
WIkileaks has
prompted the United States government to pressure Internet companies to
discontinue hosting and donation services for
the organization.
Wikileaks allegedly obtained over 250,000 cables after they were leaked
by a member of the United States military.

The cables contain details about controversial activities of United
States diplomats and corporations overseas. After pressure from
United State's officials, including Senator Joe Lieberman (I-CN),
companies such as Amazon and Tableau stopped hosting the Wikileaks
documents. Financial companies, including Visa, Mastercard, and Paypal
also bowed to government pressure and cut off Internet users'
ability to
donate to Wikileaks.

In response to Internet companies' decision to cut off hosting and
donation services for Wikileaks,
a large, disbursed group of hackers,
calling themselves "Anonymous"; launched a series of "Denial of Service"
attacks on sites such
as Mastercard and Amazon. Anonymous, which is
unaffiliated with Wikileaks, dubbed the attacks "Operation: Payback" and
vowed to target
websites of any company that tried to censor Wikileaks.

In light of the government's action, EPIC has submitted Freedom of
Information Act requests to several government agencies to determine
whether confidential donor information was improperly released by Visa,
or Paypal. This information concerns First Amendment
protected activity and its disclosure to the government, absent adequate
process, could be unlawful.


Tableau Statement Regarding Wikileaks Documents

Senator Lieberman and Senator Collin's Statement Regarding Wikileaks
Senator Lieberman's Statement Regarding Wikileaks

[2] EPIC Submits Comments on DHS Fusion Center Proposals

EPIC has submitted comments to the National Protection and
Directorate and the Office of Operations, two components of the
Department of Homeland Security that wish to establish the
first federal
fusion center. As required by federal laws, the components published a
notice of the proposed program in the federal
register and allowed
thirty days for public comment. The components also published separate
notices to announce an intention to exempt
the program from key
protections in the Federal Privacy Act of 1974, including provisions
that require the government to notify an
individual about whom
information is collected and to give that individual a chance to correct
any erroneous data.

Fusion centers
are digital intelligence databases that compile
information on individuals from a variety of different sources,
including government
agencies, private sector firms, and anonymous
tipsters. These programs often have a substantial impact on individual
privacy due
limited safeguards on the accuracy and retention of the
large amounts information that they retain. Congress had suspended
for a similar program, Total Information Awareness, that sought
to aggregate large amounts of information on Americans suspected
of no

EPIC urged the Department to comply with Privacy Act
protections and to improve accountability and oversight of the
EPIC noted that "in order to preserve privacy rights, enumerated in the
U.S. Constitution and expanded on by statute, the DHS should narrow its
claimed exemptions from the Privacy Act of 1974 and provide for specific
and requirements to adequately notify, inform, and protect
the American public." Among other things, EPIC specifically recommended
that the Department "provide individuals with judicially enforceable
rights of access and correction" and "limit the mission and
goals of the
proposed [program] to enumerate standards to guide the collection of

In the past, the federal government
had continually asserted that fusion
centers were strictly state and local entities, though federal funding
and staff were provided.
A 2008 Freedom of Information Act request from
EPIC to the Virginia State Police revealed that the Federal Bureau of
Investigation, as a condition to funding, had
required the state fusion
center to comply with regulations restricting the disclosure of records
that would have otherwise been
available to the public under state laws.

EPIC: Comments to the National Protection and Programs Directorate

EPIC: Comments to the Office of Operations Coordination and Planning

DHS: Local and State Fusion Centers

Privacy Act of 1974
EPIC: Information Fusion Centers and Privacy

EPIC: Total Information Awareness

EPIC v. Virginia Department of State Police (Fusion Center Secrecy Bill)

[3] Congress, FTC Privacy Report Examine Possibilities of
Do Not Track

The Federal Trade Commission has released a
preliminary staff report on
privacy and the Internet, following a series of public roundtable
discussions. The report recommends
the establishment of a Do Not Track
mechanism, based in Internet browsers, which would enable users to
opt-out of third-party web
tracking, including behavioral advertising.
The report also calls for simplified consumer privacy notices and
recommends that "companies
. . . adopt a 'privacy by design' approach by
building privacy protections into their everyday business practices."

EPIC participated
in the roundtable discussions preceding the report,
and submitted a statement on the privacy implications of cloud computing
social networking. However, the Commission's report did not address
that issue. The Commission also did not consider the need for
a U.S.
privacy agency, or a comprehensive federal privacy law based on "Fair
Information Practices," as EPIC and other privacy groups
had urged.

Congress considered various proposals for a Do Not Track mechanism in a
hearing entitled "Do Not Track Legislation: Is
Now the Right Time?" The
House Energy and Commerce Committee Subcommittee on Commerce, Trade, and
Consumer Protection conducted the
hearing, which included witnesses from
the Department of Commerce, Federal Trade Commission, Consumer
Federation of America, TimeWarner,
and Symantec.

EPIC submitted a statement to the Committee following this hearing,
recommending that Congress review the lessons
learned from the history
of the Do Not Call List and the Telephone Consumer Protection Act. EPIC
said that an effective Do Not Track
initiative must ensure that a
consumer's decision to opt-out is "enforceable, persistent, transparent,
and simple."

FTC Privacy

FTC Privacy Roundtables

EPIC: Statement to FTC on Cloud Computing/Social Networking

EPIC: Statement on Do Not Track (December 2010)
House Energy and Commerce Committee: Do Not Track Hearing (December 2010)
National Do Not Call Registry

Telephone Consumer Protection Act

EPIC: Online Tracking and Behavioral Advertising
EPIC: Federal Trade Commission

[4] Briefing Schedule Announced in EPIC v. DHS, the Body
Scanners Case

In EPIC's suit against the Department of Homeland
Security to strike
down the body scanner program, the Court of Appeals has ordered a new
briefing schedule, following multiple motions
by the government to delay
the case.

The court set December 23, 2010 as the government's deadline for filing
a response to EPIC's
opening brief, which was filed on November 1, 2010.
EPIC's final reply brief is due on January 27, 2011.

As the case progresses,
evidence continues to mount that TSA's full-body
scanners are not designed to detect certain explosives or other
low-density materials
that pose a threat to airline safety. Leon Kaufman
and Joseph W. Carlson's new study finds that "Even if exposure were to
be increased
significantly, normal anatomy would make a dangerous amount
of plastic explosives with tapered edges difficult, if not impossible
detect."; Kaufman and Carlson's study examined the imaging and device
specifications of the backscatter machines to estimate the
penetration and exposure from the x-ray beam, as well as the machines'
sensitivity to contraband. The study also echoes concerns
about the
health risks associated with the devices.

The previous Congressional spending legislation for hiring and training
to implement the body scanners program expires on December 18,
2010. Lawmakers are considering an omnibus appropriations package
will allocate approximately three billion dollars to the agency for the
purchase of an additional five thousand screeners.

District of Columbia Circuit Court of Appeals Briefing Schedule Order

EPIC's Opposition to Government's Motion to Extend Filing Deadline

Evaluation of Airport X-ray Backscatter Units
[5] Google's Street View Practices Face Continued Legal

Connecticut Attorney General and Senator-elect
Richard Blumenthal issued
a "civil investigative demand," similar to a subpoena, for access to the
data collected from homes and
businesses in Connecticut by Google's
Street View cars. Google has been purposefully and secretively
collecting wi-fi data in thirty
countries over a three-year period
through its Street View vehicles, which Google originally maintained
merely collected images.
"Google's story changed," Blumenthal said,
"first claiming only fragments were collected, then acknowledging entire

Federal Communications Commission (FCC) opened an investigation into
Google's actions after EPIC filed a complaint asking the Commission
investigate Google's possible violations of federal wiretap law and the
U.S. Communications Act. The Federal Trade Commission
(FTC) recently
ended its "inquiry" into Street View. Despite requests from Members of
Congress, the FTC never pursued an independent
investigation of Street
View, examined the data collected by Google in the United States, or
even acknowledged the findings of other
agencies. The Representatives
asked the FTC to determine whether Google's actions "form the basis of
an unfair or deceptive act or
practice that constitutes harm to
consumers" and whether Google's actions are "illegal under federal law."
EPIC has requested documents
from the FTC under the Freedom of
Information Act to determine the scope of inquiry and the reason it was

Google's wi-fi data collection practices have fun afoul of privacy
in other countries as well. The New Zealand Privacy Commissioner found
that Google had "failed to tell people that it was collecting
the open
wi-fi information and what it was going to use it for." She added,
"Google also breached our privacy law when it collected
the content of
people's communications."

British officials recently announced that Google's Street View wi-fi
data collection violated
UK data protection laws. The UK Information
Commissioner stated, "the collection of this information was not fair or
lawful and constitutes
a significant breach of the first principle of
the Data Protection Act." Google practices have also been found to
violate Canadian
law, and the Spanish Data Protection Agency has filed
suit against Google for five violations of Spanish law.

Connecticut Attorney
General Announcement   

Wall Street Journal: FCC Investigation  

EPIC: Letter to FCC (May 21, 2010)  

FTC: Letter to Google (Oct. 27, 2010)  

Letter from Markey and Barton to FTC (May 19, 2010)  

New Zealand Privacy Commission: Press Release
Spanish DPA: Press Release     

Office of the Privacy Commissioner of Canada: Press Release 

EPIC: Google Street View 

[6] News in Brief

Vermont Urges Supreme Court to Overturn Medical Privacy Decision

The State of Vermont has petitioned the Supreme Court to review
a Court
of Appeals decision striking down the state's prescription
confidentiality law. The law regulates data mining companies that
or use doctors' prescribing records containing personal information on
patients. EPIC had filed a "friend of the court" brief
in support of the
law. The decision, issued by the Second Circuit, diverged significantly
with two previous decisions upholding similar
laws in the First Circuit.
Vermont's brief emphasized the importance of consistency across state
boundaries, listing twenty-six other
states considering proposed
prescription confidentiality laws. The Vermont Attorney General wrote,
"As the ability to amass volumes
of information about prospective
customers - including health care providers - grows, States and other
regulators need guidance as
to the scope of their ability to allow
individual Americans to control access to and use of their information."

Petition for Certiorari
by State of Vermont

EPIC "Friend of the Court" Brief in Second Circuit Case

EPIC: IMS Health v. Sorrell

EPIC: IMS Health v. Ayotte

European Union Opens Anti-Trust Investigation of Google
The European Commission announced it is investigating Google for
anti-trust violations. The Commission decided to initiate
formal proceedings against Google after complaints from search-service
providers "about unfavorable treatment of their services in Google's
unpaid and sponsored search results coupled with an alleged
placement of Google's own services." EPIC previously filed a complaint
with the Federal Trade Commission regarding Google's
proposed merger
with the advertising company DoubleClick and its implications for
consumer privacy. EPIC Executive Director Marc
Rotenberg also testified
in Congress during the review of this merger, urging the Federal Trade
Commission to establish privacy safeguards
as a condition of the merger.
When the Agency approved the merger without this conditions, EPIC
charged that the Agency had "reason
to act, and authority to act, but
failed to do so."
European Commission Announcement
EPIC FTC Complaint (April 2007)

EPIC Senate Testimony (September 2007)

EPIC Letter to FTC (December 2007)

EPIC: Google/Double Click Merger

ACLU Publishes of Location-Based Services: Time for a Privacy Check-In

The ACLU of Northern California released a report examining
considerations for mobile location-based services. Location-based
services (LBS) include navigation tools, social networking,
searches for businesses and events, and applications linking a user's
location to other activities. Smartphones, laptops, and
in-car GPS
devices, as well as other location-aware devices, can make use of LBS.
Companies offering LBS assemble significant profiles
of users; the
profiles are vulnerable to privacy breaches and are highly sought by law
enforcement. In addition to the report, the
ACLU of Northern California
provides a side-by-side comparison of the most popular LBSs (Foursquare,
Facebook Places, Yelp, Gowall,
Twitter and Loopt). They urge Congress to
update the Electronic Communications Privacy Act (ECPA) to better
protect consumers from
the significant risks associated with LBS.

ACLU of Northern California
LBS Report: "Location-Based Services: Time for a Privacy Check-In"

Location-Based Services: Side-by-Side Comparison

Electronic Communications Privacy Act (ECPA)

EPIC: Locational Privacy

EPIC: Commonwealth v. Connolly

Healthcare Technology Panel Releases Report on Medical Privacy

The President's Council of Advisors on Science and Technology has
released a report entitled "Realizing the Full Potential of Health
Information Technology to Improve Healthcare for Americans: The
Forward." The report culls advice from industry and technology experts,
privacy groups, healthcare professionals and other experts
to offer
recommendations for adoption of a "universal exchange language" allowing
health care professionals to gain real-time access
to patient data while
maximizing privacy protections and patient control. Among other
recommendations, the report suggests embedding
privacy rules, policies
and patient preferences in the metadata that will travel with patient
records as they are exchanged. The
Council further recommends that
patient records be protected by regulation and criminal law as technical
protections alone would
not provide sufficient security against misuse.
The report finds that the Health Insurance Portability and
Accountability Act (HIPAA)
insufficiently protects patient privacy and
control, in part because most patients do not fully understand their
rights under the

The President's Council of Advisors on Science and Technology

President's Council of Advisors on Science and Technology Report
Health Insurance Portability and Accountability Act (HIPAA) of 1996

U.S. Department of Health & Human Services, Health Information Privacy

EPIC: Medical Record Privacy

DOJ Agrees to Minimize Information in National Security Letters

The Department of Justice has volunteered to implement civil liberties
protections that Senator Patrick Leahy (D-VT) originally requested as
amendments to the USA Patriot Act Reauthorization Bill. According
to the
Attorney General, the Federal Bureau of Investigation will minimize the
collection, use, and storage of information derived
from National
Security Letters. The minimization measure was approved in committee,
but had not yet cleared the full Senate when
Sen. Leahy advised the
Attorney General that he could voluntarily adopt many of the reforms
even without Congressional action. The
Attorney General then sent a
letter to the Senator to announce that the Bureau has formalized the
procedures. After receiving the
letter on December 9, 2010, Senator
Leahy praised the move. 

Letter from Attorney General to Senator Patrick Leahy
S. 1692: U.S. PATRIOT Act Sunset Extension of 2009
EPIC: National Security Letters

EPIC FOIA Request Reveals DOJ Security Lapses and Impairment

EPIC has published government records it retrieved under a Freedom
Information Act request. The request sought all documents relating to an
Intelligence Oversight Board audit of the FBI. The disclosure reveals
to secure sensitive information stored on the Bureau's
classified network and failures comply with Department of Justice
Chief among the incidents discussed in the audit is a
reported security breach by a clerical support employee at the Bureau.
At the
request of two supervisory special agents, the unnamed employee
distributed classified documents "to 126 email recipients, both within
and outside of the FBI." The audit also contains numerous reports of
failures to comply with reporting requirements. The audit report
considers those failures to have substantial impaired DOJ oversight of
certain FBI investigations. The report states "[w]here, as
here, there
is no notice whatsoever of the existence of the investigation, there can
be no oversight."

Intelligence Oversight Board
Matter 2007-2099

Intelligence Oversight Board Mattes 2008-102, 2008-128 to 2008-136

EPIC: Open Government

[7] EPIC's Holiday Wish List: Gift Ideas

The Insider, Reece Hirsch
Fast-paced thriller featuring a San Francisco law firm, a crypto
company, the NSA, the Russian mafia, and a former EPIC clerk.

The Social Network (Two-Disc Collector's Edition) (2010)
You've seen the movie. Now see it again. And then check your privacy

Fair Game, Valerie Plame Wilson
Imagine what fun Dick Cheney might have had with Wikileaks.

RADTriage 2.0 Personal Radiation Detector
A U.S. Military-grade personal radiation detector that instantly detects
radiation exposure in the event of a dirty bomb, nuclear
accident and other sources of radiation. This always-on wallet
card/badge radiation detector does not require batteries or
The white sensor bar instantly turns blue when it detects harmful levels
of radiation. The darker the sensor bar turns,
the higher the radiation
dose. (

Privacy: The Game
A Ballot Box of Fun! This secret ballot game will keep you guessing so
vote early and vote often! Players vote by answering a question
placing a Yes or No reply disc in the secret envelope and dropping it
into the ballot box. Honesty counts, so answer truthfully.
Then predict
how many Yes answers are in the box. Guessing the correct number or
coming closest to it wins you big points. So get
out and rock the vote!

ScreenGuardZ 4-Way Privacy Screen Protector for iPhone 4
Keep those prying eyes away from your iPhone .  . .

Privacy Screen Filter for Blackberry Bold 9000
. . . and your Blackberry.

Photo Radar Blocker License Plate Privacy Cover 
Blocks the photo radar camera from seeing your license plate number from
cameras along the side of the road. (

Touch My Junk! TSA X-Ray T-Shirt
Display prominently in airports and other places where TSA agents may be

EPIC Publications:

"Litigation Under the Federal Open Government Laws 2010," edited by
Harry A. Hammitt, Marc Rotenberg, John A. Verdi, Ginger McCall,
and Mark
S. Zaid (EPIC 2010). Price: $75

Litigation Under the Federal Open Government Laws is the most
comprehensive, authoritative discussion of the federal open access
This updated version includes new material regarding President Obama's
2009 memo on Open Government, Attorney General Holder's
March 2009 memo
on FOIA Guidance, and the new executive order on declassification. The
standard reference work includes in-depth
analysis of litigation under:
the Freedom of Information Act, the Privacy Act, the Federal Advisory
Committee Act, and the Government in the Sunshine Act. The fully updated
2010 volume is the
25th edition of the manual that lawyers, journalists
and researchers have relied on for more than 25 years.


"Information Privacy Law: Cases and Materials, Second Edition" Daniel
J. Solove, Marc Rotenberg, and Paul Schwartz. (Aspen 2005).
Price: $98.

This clear, comprehensive introduction to the field of information
privacy law allows instructors to enliven their teaching of fundamental
concepts by addressing both enduring and emerging controversies. The
Second Edition addresses numerous rapidly developing areas of
law, including: identity theft, government data mining and electronic
surveillance law, the Foreign Intelligence Surveillance
intelligence sharing, RFID tags, GPS, spyware, web bugs, and more.
Information Privacy Law, Second Edition, builds a cohesive
for an exciting course in this rapidly evolving area of law.


"Privacy & Human Rights
2006: An International Survey of Privacy Laws
and Developments" (EPIC 2007). Price: $75.

This annual report by EPIC and Privacy International provides an
overview of key privacy topics and reviews the state of privacy
in over
75 countries around the world. The report outlines legal protections,
new challenges, and important issues and events relating
to privacy.
Privacy & Human Rights 2006 is the most comprehensive report on privacy
and data protection ever published.


"The Public Voice WSIS Sourcebook: Perspectives on the World Summit on
the Information Society" (EPIC 2004). Price: $40.

This resource promotes a dialogue on the issues, the outcomes, and the
process of the World Summit on the Information Society (WSIS).
reference guide provides the official UN documents, regional and
issue-oriented perspectives, and recommendations and proposals
future action, as well as a useful list of resources and contacts for
individuals and organizations that wish to become more
involved in the
WSIS process.


"The Privacy Law Sourcebook 2004: United States Law, International
and Recent Developments," Marc Rotenberg, editor (EPIC 2005). Price:

The Privacy Law Sourcebook, which has been called the "Physician's Desk
Reference" of the privacy world, is the leading resource
for students,
attorneys, researchers, and journalists interested in pursuing privacy
law in the United States and around the world.
It includes the full
texts of major privacy laws and directives such as the Fair Credit
Reporting Act, the Privacy Act, and the OECD
Privacy Guidelines, as
well as an up-to-date section on recent developments. New materials
include the APEC Privacy Framework, the
Video Voyeurism Prevention Act,
and the CAN-SPAM Act.


"Filters and Freedom 2.0: Free Speech Perspectives
on Internet Content
Controls" (EPIC 2001). Price: $20.

A collection of essays, studies, and critiques of Internet content
filtering. These papers are instrumental in explaining why filtering
threatens free expression.


EPIC publications and other books on privacy, open government, free
expression, crypto and governance can be ordered at:

EPIC Bookstore


EPIC also publishes EPIC FOIA Notes, which provides brief summaries of
interesting documents obtained
from government agencies under the
Freedom of Information Act.

Subscribe to EPIC FOIA Notes at:

[8] Upcoming Conferences and Events

"Computers, Privacy, and Data Protection Conference European Data
Protection: In Good Health?" Brussels, Belgium, 25-28 January
2011. For
More Information:

"The Tenth Workshop on Economics of Information Security." The George
Mason University, 14-15 June 2011. For More Information:

"Computers, Freedom, and Privacy 2011." Georgetown Law Center,
Washington D.C., 14-16 June 2011. For More Information:

Join EPIC on Facebook

Join the Electronic Privacy Information Center on Facebook

Start a discussion on privacy. Let us know your thoughts.
Stay up to date with EPIC's events.
Support EPIC.

Privacy Policy

The EPIC Alert mailing list is used only
to mail the EPIC Alert and to
send notices about EPIC activities. We do not sell, rent or share our
mailing list. We also intend
to challenge any subpoena or other legal
process seeking access to our mailing list. We do not enhance (link to
other databases)
our mailing list or require your actual name.

In the event you wish to subscribe or unsubscribe your e-mail address
from this list,
please follow the above instructions under "subscription

About EPIC

The Electronic Privacy Information Center is
a public interest research
center in Washington, DC. It was established in 1994 to focus public
attention on emerging privacy issues
such as the Clipper Chip, the
Digital Telephony proposal, national ID cards, medical record privacy,
and the collection and sale
of personal information. EPIC publishes the
EPIC Alert, pursues Freedom of Information Act litigation, and conducts
policy research. For more information, see or write
EPIC, 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009. +1 202
483 1140 (tel), +1 202 483 1248 (fax).

Donate to EPIC

If you'd like to support the work of the
Electronic Privacy Information
Center, contributions are welcome and fully tax-deductible. Checks
should be made out to "EPIC" and
sent to 1718 Connecticut Ave., NW,
Suite 200, Washington, DC 20009. Or you can contribute online at:

Your contributions will help support Freedom of Information Act and
First Amendment litigation, strong and effective advocacy for the right
of privacy and efforts to oppose government regulation
of encryption and
expanding wiretapping powers.

Thank you for your support.

Subscription Information

Subscribe/unsubscribe via web interface:

Back issues are available at:

The EPIC Alert displays best in a fixed-width font, such as Courier.

------------------------- END EPIC Alert 17.25 ------------------------

WorldLII: Copyright Policy | Disclaimers | Privacy Policy | Feedback