WorldLII Home | Databases | WorldLII | Search | Feedback

EPIC Alert

You are here:  WorldLII >> Databases >> EPIC Alert >> 2010 >> [2010] EPICAlert 8

Database Search | Name Search | Recent Articles | Noteup | LawCite | Help

EPIC Alert 17.08 [2010] EPICAlert 8

EPIC Alert 17.08

                            E P I C   A l e r t
Volume 17.08                                            April 26, 2010

                           Published by the
               Electronic Privacy Information Center (EPIC)
   Washington, D.C.


		     "Defend Privacy. Support EPIC."
			 EPIC Awards Dinner
                            June 2, 2010
                           Washington, DC

Table of Contents
[1] Broad Coalition Petitions DHS to Shut Down Body Scanners
[2] DHS Has 2000 Body Scanner Images, But Refuses to Disclose Them
EPIC Demands Release of Classified Answers on Privacy and Internet
[4] No EU-US Agreement on Transfer of Financial Data or Body Scanners
[5] Supreme Court Hears Arguments in Text Message Privacy Case
[6] News in Brief
[7] EPIC Bookstore: "Can They Do That?"
[8] Upcoming
Conferences and Events

TAKE ACTION: Stop Airport Strip Searches!
- JOIN Facebook Group "Stop Airport Strip Searches" and INVITE

[1] Broad Coalition Petitions DHS to Shut Down Body Scanners

On April 21, 2010, EPIC and a broad coalition of organizations
submitted a formal petition to the Department of Homeland Security
demanding that the agency suspend the airport body scanner program. The
petition states that the "uniquely intrusive search" is unreasonable
and violates the Constitution. The petition further states the program
fails to comply with several federal laws, including the Religious
Freedom Restoration Act, the Privacy Act of 1974, and the
Administrative Procedures Act. The thirty organizations also argue that
the machines are ineffective
and that there are better, less costly
security technologies. The filing observes that the TSA has routinely
misled the pubic about
the ability of the devices to store and transmit
detailed images of travelers' naked bodies. In an ongoing Freedom of
Information Act lawsuit, EPIC has already obtained technical documents,
vendor contracts, and hundreds of traveler complaints.

The petition describes
the TSA's “pattern, practice, and policy” of
using body scanners as primary, mandatory screening in airports where
devices are installed. The petition notes that the TSA currently
aims to deploy approximately 1,000 machines, eventually using the
devices at all airport checkpoints. EPIC describes the body scanner
program as “enormously expensive,” costing taxpayers
at least $2.4
billion dollars. Air travelers have described the scanners as “a
disgusting violation of civil liberties and
privacy,” “for a bunch of
peeping toms,” “unconstitutional,” “intrusive and ridiculous”
and “a

In the immediate wake of the filing, EPIC President Marc Rotenberg
said, "at this point, there is no question
that the body scanner
program should be shut down. This is the worst type of government
boondoggle -- expensive, ineffective, and
offensive to Constitutional
rights and deeply held religious beliefs.” Chip Pitts, President of the
Bill of Rights Defense
Committee, added, “the program should be
suspended. The body scanners don't work for the purposes claimed and
actually harm
true security by diverting scarce resources and offending
allies and populations critical for genuine intelligence." Margaret
Executive Director of the Asian American Legal Defense and
Education Fund, said: “The use of full body scanners, without any
alternative procedure, has violated and will continue to violate the
civil rights of Muslims and other religious groups."

Recently, three United States Senators wrote to DHS, urging the agency
to reconsider the body scanner program. Senators Collins (R-ME),
(R-AZ), and Chambliss (R-GA) encouraged DHS to consider
"auto-detection" devices instead of human screeners. The Senators noted
that the current technology allows airport officials to "view detailed
images of passengers' bodies" and also that other systems
could "save
the government and airports money on physical space for screening." In
response to a Congressional inquiry led by Congressman
Bennie Thompson,
the TSA acknowledged that images on body scanner machines could be
recorded but claimed that traveler's images “would”
not be saved. EPIC
President Marc Rotenberg's testified before the Committee, urging
lawmakers to halt the plan to deploy body scanners
in the nation's
airports. In March, EPIC asked President Obama to suspend the
deployment of digital strip search devices until a
evaluation of the devices' effectiveness, health impacts, and privacy
safeguards is completed by an independent review

EPIC and 29 Other Groups' Petition to Suspend Body Scanners:

EPIC: Whole Body Imaging Technology

EPIC: EPIC v. Department of Homeland Security

EPIC Testimony to House Committee on Homeland Security

Coalition Letter to President Obama

[2] DHS Has 2000 Body Scanner Images, But Refuses to Disclose

As a result of a Freedom of Information Act lawsuit against the
Department of Homeland Security, EPIC has obtained hundreds of pages of
documents from the Department. The lawsuit
arose over two unfulfilled
FOIA requests that EPIC filed with the Department in 2009. 

A letter to EPIC reveals that the government
agency possesses about
2,000 body scanner photos from devices that the DHS said earlier "could
not store or record images." The Department
of Homeland Security has
stated that these images are test images, of Transportation Security
Administration models, not of American
citizens. But the Department
refuses to turn the images over because, it argues, public viewing of
the images would constitute a
national security threat.

As part of the litigation agreement, the Department has released
several sets of documents to EPIC. The
most recent set of documents
contained hundreds of pages of customer complaints, an updated
Procurement Specifications contract,
several vendor contracts, and the
revelation that the Department possesses body scanner images. Previous
document sets included Operational
Requirements, Procurement
Specifications, hundreds more pages of customer complaints, and vendor
contracts with Rapiscan and L3.

DHS: Letter to EPIC:

EPIC: EPIC v. Department of Homeland Security (including documents)

EPIC: Whole Body Imaging Technology

[3] EPIC Demands Release of Classified Answers on Privacy
and Internet

EPIC has filed a Freedom of Information Act (FOIA) request with the
National Security Agency (NSA) seeking the "classified supplement" that
Director Lt. Gen. Keith Alexander
filed with his answers to questions
from the Senate Armed Services Committee regarding his nomination to be
the Commander of the
newly formed United States Cyber Command. The
Cyber Command, or USCYBERCOM, was established in June 2009 by Secretary
of Defense
Robert Gates, with the plan to be fully operational by
October 2010. In October 2009, current NSA Director Alexander was
for the new joint position of NSA Director and Commander of

On April 15, 2010, the Senate Armed Services Committee held
a hearing
to consider the nomination of Lt. Gen. Alexander. In advance of that
hearing, the Committee submitted a list of questions
to be answered by
Lt. Gen. Alexander. He provided his responses in written form. Many of
his answers are available to the public
in unclassified form. However,
several of Lt. Gen. Alexander’s responses are instead contained in a
"classified supplement."

Several of Lt. Gen. Alexander's classified responses were to questions
regarding the privacy of Americans' communications. For example,
entire answer to the question "What would the impact [of potential
modifications to the architecture of the internet] be on privacy,
pro and con?" was deemed classified. EPIC's request urges the Agency to
make the full responses public. EPIC is also currently
in litigation
with the NSA to obtain the secret presidential directive authorizing
NSA surveillance authority over the internet and


Lt. Gen. Alexander's Unclassified Responses

EPIC vs. NSA, Civ. Action No. 10-0196(RMU) (D.D.C.)

[4] No EU-US Agreement on Transfer of Financial Data or
Body Scanners

Top United States counter-terrorism officials
and European counterparts
met in Madrid this month but did not come to an agreement to restart a
program that gave the US access
to European financial data. The
Terrorist Finance Tracking Program, launched after September 11,
provided the US government with
access to the SWIFT transaction
database, which houses data on international financial transfers. The
program operated in secret
from 2001 to 2006 until the program became
known. An interim deal was in operation until late 2009, and in
February 2010, the European
Parliament voted 378 to 196 to end the
deal, objecting to the program as a violation of EU privacy law.

Without an agreement in
place, the US does not have access to European
banking data. However, data protection is the priority for the European
The Parliament objects to the lack of legal protections for
the data on European citizens sought by the United States, as well as
the lack of clear standards for the use of data. European officials
have argued that Europeans should be given the right to appeal
American authorities if their data is misused or abused.

There also appeared to be no EU support for the further deployment of
body scanners in European airports. EPIC has raised several objections
to the body scanner program, including sending a formal petition,
the support of a broad coalition, to the Department of Homeland
Security to demand that the agency suspend the airport body
program. Additionally, EPIC has objected to use of the body scanners in
a letter with Ralph Nader to the Obama Administration,
in Congressional
Testimony, and in FOIA litigation, which revealed that the devices
store and record images.

EuroParliament: SWIFT
- Civil Liberties Committee Recommends Rejecting
the Agreement

EuroParliament: EU-US SWIFT Agreement (June 28, 2007)  

EPIC: Spotlight on Surveillance on the SWIFT program   

European Parliament, Is Transatlantic Data Protected? (March 26,

Article 29 Working Group: opinion on the processing of personal data by
the Society for Worldwide Interbank Financial Telecommunication

US Dept. of Treasury: Terrorist Finance Tracking Program

EPIC Petition to Suspend Full Body Scanner Program

EPIC and Nader Letter to the President

EPIC Congressional Testimony


[5] Supreme Court Hears Arguments in Text Message Privacy

The U.S. Supreme Court held oral arguments in the case
of City of
Ontario v. Quon on April 19. The Court will determine whether a
government employer can review the contents of private
text messages
sent from an employee's pager through a private communications company.
The case is on appeal from the Ninth Circuit,
where the court ruled in
favor of the employee. EPIC filed a "friend of the court" brief in the
United States Supreme Court, urging
the Justices to protect the privacy
of public employees who use electronic communications devices. Ten
technology experts and legal
scholars joined EPIC in filing the brief
to bring attention to the importance of data minimization.

In its brief, EPIC's asserted
that while the Government may undertake
reasonable searches of public employees, they may not pursue unbounded
searches of personal
communications devices. Such searches run contrary
to best practices in the security industry and expose public employees
to unnecessary
risks. EPIC argued that data minimization practices
should be applied to public sector searches and detailed the various
ways employer-issued
devices collect and store detailed personal
information, including Internet search history, text messages, emails,
and locational
data. EPIC urged the court to consider the standards set
out in the Ninth Circuit case Comprehensive Drug Testing v. United
which instructs a government agency about how to undertake
appropriate searches without unnecessarily violating privacy interests.

In the oral argument, the Justices focused on the factual issues in the
case, and whether the plaintiff had a reasonable expectation
privacy, given the circumstances surrounding his use of the device.
Lawyers representing both the city and the federal government
that there was no reasonable expectation, even though the disclosure by
the wireless carrier was prohibited by the Stored
Communications Act.
The Court is likely to rule on the case before the end of the term in

EPIC City of Ontario v. Quon
EPIC Amicus Brief

ScotusWiki City of Ontario v. Quon

EPIC Workplace Privacy

Transcript of Oral Arguments: City of Ontario v. Quon

[6] News In Brief

Faster FOIA Act Heading for Senate Vote

A bill to improve the speed at which the government processes requests
under the Freedom
of Information Act, called the Faster FOIA Act of
2010, was passed by the Senate Judiciary Committee late last week and
has been reported to the full
Senate for a vote. The bill was
introduced in March by Senators Leahy (D-VT) and Cornyn (R-TX) and will
establish a 16-member commission
to conduct a study to determine the
methods for reducing delays in processing FOIA requests. The commission
will then make recommendations
to Congress and the President to
facilitate the efficient processing of FOIA requests. EPIC frequently
uses the FOIA to obtain information
from the government about
surveillance and privacy policy.

Faster FOIA Act 2010

EPIC: FOIA Litigation Docket

EPIC FOIA Litigation Manuel

Facebook Fails Stanford Privacy Test, a Stanford based project, reviews online and mobile
applications and the platforms
they run on for privacy, openness and
security. The site rated Facebook's privacy significantly lower than
that of other platforms
like Twitter, MySpace, and the iPhone. For
privacy, security and openness, Facebook is rated at 2 points out of 5,
with 5 being the
highest score. The scores are based on expert reviews
of an application or platform, which consist of answers to nine
questions related
to consumer values. In addition to expert ratings and
reviews, users can also comment and compare privacy settings. EPIC and
other groups have filed a complaint and supplemental complaint
with the FTC against Facebook in late 2009 for changes in its privacy
policy that result in unfair and deceptive trade practices.

WhatApp? Website

EPIC Facebook Complaint

EPIC Supplement Facebook Complaint

EPIC: In re Facebook

EPIC: Facebook Privacy

NTIA to Hold Public Meeting on Information Privacy

The National Telecommunications and Information Administration (NTIA)
hold a public meeting on "Information Privacy and Innovation in
the Internet Economy" on May 7. The NTIA is seeking comments from
Internet stakeholders, including the commercial, academic, and civil
society sectors, on the impact of current privacy laws
in the United
States and around the world on the pace of innovation in the
information economy." The discussion will center around
whether current
privacy laws serve consumer interests and fundamental democratic
values. EPIC has previously recommended comprehensive
privacy standards
for NTIA privacy working groups. EPIC has also filed friend of the
court brief against the NTIA's disclosure of
domain holder personal

NTIA: Public Meeting Announcement
EPIC: Recommendations to NTIA Regarding Comprehensive Privacy Standards
EPIC: Amicus Brief Against NTIA's Disclosure of Domain Holder Personal 
Senator Leahy Urges Attorney General to Implement Patriot Act Reforms

Senate Judiciary Committee Chairman Patrick Leahy (D-Vt.)
has sent a
letter to Attorney General Eric Holder regarding key privacy safeguards
for the PATRIOT Act. The Senate Judiciary Committee
passed the PATRIOT
Act Sunset Extension Act earlier in the year, which included many
reforms, but the full Senate did not act on
the measure Because the
administration supported the reforms within the bill, Sen. Leahy
advised the Attorney General that he can
voluntarily adopt many of the
reforms even without Congressional action. Senator Leahy expressed
particular concern about the possible
misuse of National Security
Letter authority.

Letter from Senator Leahy to Attorney General Holder

Senator Leahy Press Release
EPIC National Security Letters

Congress Passes Bill Banning Caller ID Spoofing

On April 15, the House of Representatives passed the Truth in Caller ID
Act of
2010, which bans the transmission of misleading or inaccurate
caller ID information "with the intent to defraud, cause harm, or
obtain anything of value." EPIC recommended this intent
requirement in testimony before the House in 2006 and 2007, and before
Senate in 2007 so that privacy techniques would be protected. The
bill has already passed the Senate and will likely be enacted into

H.R. 1258, Truth in Caller ID Act of 2010

EPIC House Testimony, 2006

EPIC House Testimony, 2007

EPIC Senate Testimony, 2007

[7] EPIC Bookstore: "Can They Do That?"

“Can They Do That?" looks at the workplace through the lens of the 21st
Century, where hidden cameras, drug testing,  background
checks, credit
checks, and genetic data can lead to immediate termination.
Employees should beware of employers bearing gifts. The
information age has given employers new tools to “better manage
employees," such as requiring employees to carry cell
phones with GPS
or assigning employees laptops for weekend use that are monitored  Many
employers use automated means to screen employee
communications for key
words or phrases and flag message for reading. Even when employees
access personal e-mail while at work the
privacy of those messages is
not protected. Work Internet access or communications using employer
provided devices are not a free
speech zone.  Unflattering comments
(even if true) about your boss or company can get you fired.

Employers can require that employees
take a psychological test that
asks very personal questions. According  to Maltby one of the worst and
most privacy invasive psychological
tests is the Minnesota Mutiphasic
Personality Inventory, which measures your answers to questions with a
control group. The test
was developed in 1942 at a state mental
hospital in Minnesota as an effort to diagnose “deep-seated and serious
mental conditions.”
The control group was all white Minnesotans most
were married and had an eight-grade education. Failing to answer
questions on the
test as the control group responded means you would
fail the test. Maltby did praise the Myers-Briggs Type Indicator as a
good psychological
test for employment screening.

He contends that workers do need human rights and legal protection from
the crazy things that some
employers might want use to fire employees. 
Dismissals short of unethical, illegal, dangerous, or threatening
behavior by employees
should come under very strict scrutiny.  Labor
unions have proven adequate at developing a governance structure
designed to protect
union members and fellow employees from abuse, and
arbitrary action by employers. But many workers do not belong to
unions, so much
more remains to be done to protect employee privacy.

--Lillie Coney

EPIC Publications:

Under the Federal Open Government Laws 2008," edited by
Harry A. Hammitt, Marc Rotenberg, John A. Verdi, and Mark S. Zaid
(EPIC 2008).
Price: $60.
Litigation Under the Federal Open Government Laws is the most
comprehensive, authoritative discussion of the federal open access
laws. This updated version includes new material regarding the
substantial FOIA amendments enacted on December 31, 2007. Many of
recent amendments are effective as of December 31, 2008. The standard
reference work includes in-depth analysis of litigation
under Freedom
of Information Act, Privacy Act, Federal Advisory Committee Act,
Government in the Sunshine Act. The fully updated 2008 volume is the
24th edition of
the manual that lawyers, journalists and researchers
have relied on for more than 25 years.


Privacy Law: Cases and Materials, Second Edition" Daniel
J. Solove, Marc Rotenberg, and Paul Schwartz. (Aspen 2005). Price: $98.

This clear, comprehensive introduction to the field of information
privacy law allows instructors to enliven their teaching of fundamental
concepts by addressing both enduring and emerging controversies. The
Second Edition addresses numerous rapidly developing areas of
law, including: identity theft, government data mining and electronic
surveillance law, the Foreign Intelligence Surveillance
intelligence sharing, RFID tags, GPS, spyware, web bugs, and more.
Information Privacy Law, Second Edition, builds a cohesive
for an exciting course in this rapidly evolving area of law.


"Privacy & Human Rights
2006: An International Survey of Privacy Laws
and Developments" (EPIC 2007). Price: $75.

This annual report by EPIC and Privacy International provides an
overview of key privacy topics and reviews the state of privacy
in over
75 countries around the world. The report outlines legal protections,
new challenges, and important issues and events relating
to privacy.
Privacy & Human Rights 2006 is the most comprehensive report on privacy
and data protection ever published.


"The Public Voice WSIS Sourcebook: Perspectives on the World Summit on
the Information Society" (EPIC 2004). Price: $40.

This resource promotes a dialogue on the issues, the outcomes, and the
process of the World Summit on the Information Society (WSIS).
reference guide provides the official UN documents, regional and
issue-oriented perspectives, and recommendations and proposals
future action, as well as a useful list of resources and contacts for
individuals and organizations that wish to become more
involved in the
WSIS process.


"The Privacy Law Sourcebook 2004: United States Law, International
and Recent Developments," Marc Rotenberg, editor (EPIC 2005). Price:

The Privacy Law Sourcebook, which has been called the "Physician's Desk
Reference" of the privacy world, is the leading resource
for students,
attorneys, researchers, and journalists interested in pursuing privacy
law in the United States and around the world.
It includes the full
texts of major privacy laws and directives such as the Fair Credit
Reporting Act, the Privacy Act, and the OECD
Privacy Guidelines, as
well as an up-to-date section on recent developments. New materials
include the APEC Privacy Framework, the
Video Voyeurism Prevention Act,
and the CAN-SPAM Act.


"Filters and Freedom 2.0: Free Speech Perspectives
on Internet Content
Controls" (EPIC 2001). Price: $20.

A collection of essays, studies, and critiques of Internet content
filtering. These papers are instrumental in explaining why filtering
threatens free expression.


EPIC publications and other books on privacy, open government, free
expression, crypto and governance can be ordered at:

EPIC Bookstore


EPIC also publishes EPIC FOIA Notes, which provides brief summaries of
interesting documents
obtained from government agencies under the
Freedom of Information Act.

Subscribe to EPIC FOIA Notes at:

[8] Upcoming Conferences and Events

"IAPP 10th Anniversary Webcast"
National Press Club, Washington, DC, March 16, 2010
For more information:

"Third Annual Freedom of Information Day Celebration:
Washington College of Law, Washington, DC, March 16, 2010
For more information:

"Privacy 2010"
Stanford, CA, March 23 - 25, 2010.
For more information:

"Smartgrid Policy Summit"
Washington, DC, April 8, 2010
For more information:

"Developing a Trusted Cyber-Infrastructure"
Toronto, ON, May 12, 2010
For more information:

EPIC Awards Dinner
June 2, 2010
Washington, DC
For more information:

"Computers, Freedom, and Privacy"
San Jose, June 15-18, 2010.
For more information:

"32nd Int'l Conference of Data Protection and Privacy Commissioners"
Jerusalem, October 2010.
For more information:

Join EPIC on Facebook

Join the Electronic Privacy Information Center on Facebook


Start a discussion on privacy. Let us know your thoughts.
Stay up to date with EPIC's events.
Support EPIC.

Privacy Policy

The EPIC Alert mailing list is used only
to mail the EPIC Alert and to
send notices about EPIC activities. We do not sell, rent or share our
mailing list. We also intend
to challenge any subpoena or other legal
process seeking access to our mailing list. We do not enhance (link to
other databases)
our mailing list or require your actual name.

In the event you wish to subscribe or unsubscribe your e-mail address
from this list,
please follow the above instructions under "subscription

About EPIC

The Electronic Privacy Information Center is
a public interest research
center in Washington, DC. It was established in 1994 to focus public
attention on emerging privacy issues
such as the Clipper Chip, the
Digital Telephony proposal, national ID cards, medical record privacy,
and the collection and sale
of personal information. EPIC publishes the
EPIC Alert, pursues Freedom of Information Act litigation, and conducts
policy research. For more information, see or write
EPIC, 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009. +1 202
483 1140 (tel), +1 202 483 1248 (fax).

Donate to EPIC

If you'd like to support the work of the
Electronic Privacy Information
Center, contributions are welcome and fully tax-deductible. Checks
should be made out to "EPIC" and
sent to 1718 Connecticut Ave., NW,
Suite 200, Washington, DC 20009. Or you can contribute online at:

Your contributions will help support Freedom of Information Act and
First Amendment litigation, strong and effective advocacy for the right
of privacy and efforts to oppose government regulation
of encryption and
expanding wiretapping powers.

Thank you for your support.

Subscription Information

Subscribe/unsubscribe via web interface:

Back issues are available at:

The EPIC Alert displays best in a fixed-width font, such as Courier.

------------------------- END EPIC Alert 17.01 ------------------------

WorldLII: Copyright Policy | Disclaimers | Privacy Policy | Feedback