EPIC Alert 18.10
E P I C A l e r t
Volume 18.10 May 23, 2011
Published by the
Electronic Privacy Information Center (EPIC)
"Defend Privacy. Support EPIC."
Table of Contents
 White House Sets Out Cybersecurity Plan, International Strategy
 Congress Moves to Limit Funding for Airport Body Scanners
 EPIC Hosts Hill Briefing on Street View
 Privacy Bills Introduced in Congress
 FISA Orders Up 19%, No Surveillance Request
 News In Brief
 EPIC Book Review: "Access Controlled"
 Upcoming Conferences and Events
TAKE ACTION: Computers,
Freedom, & Privacy 2011!
- REGISTER to attend http://www.cfp.org/2011
- LIKE the page on Facebook.com/cfpconf, FOLLOW it on Twitter @cfp11!
- SUPPORT EPIC http://www.epic.org/donate/
EPIC 2011 Champion of Freedom Awards Dinner
with danah boyd, Jeffrey Rosen, Rep. Jason Chaffetz, and Rep. Rush Holt
June 13, 2011
 White House Sets Out Cybersecurity Plan, International
The White House has unveiled its "International
Strategy for Cyberspace:
Prosperity, Security, and Openness in a Networked World." The Strategy
is ambitious and far-reaching, covering
economic policy, foreign
affairs, homeland security, and defense. The White House's announcement
follows its release of proposed
cyber security legislation and the
National Strategy for Trusted Identities in Cyberspace (NSTIC).
On May 29,2009, the White House
published the Cyberspace Policy Review,
which reviewed U.S. policies and structures for cybersecurity and
outlined the Administration's
plans for the future of the Internet and
cyberspace. Cybersecurity was a major focus of the review, which called
for a national strategy
to "secure the information and communications
infrastructure," a national public awareness campaign to promote
a cybersecurity incident response plan, among other
Though the "International Strategy for Cyberspace" mentions privacy,
distinguishes it from other "fundamental freedoms" by including it in a
separate category. The Strategy also suggests a trade-off
privacy protection and innovation, which reflects a fundamental
misunderstanding of the role of cryptography in the growth
of the modern
To address growing concerns about online privacy, EPIC continues to
recommended that the United States begin
the process of ratifying the
International Privacy Convention, which has been adopted by more than 40
countries. The Convention's
objective is to secure the territory of each
nation for every individual, whatever his nationality or residence, and
for his rights and fundamental freedoms, and in
particular his right to privacy, with regard to automatic processing of
data relating to him.
White House: International Strategy for Cyberspace
White House: Proposed Cybersecurity Legislation
White House: National Strategy for Trusted Identities in Cyberspace
White House: 2009 Cyberspace Policy Review
EPIC: National Strategy for Trusted Identities in Cyberspace
EPIC: Council of Europe Privacy Convention
EPIC: Letter to Secretary Clinton on the Privacy Convention
EPIC: Cybersecurity Privacy Practical Implications
 Congress Moves to Limit Funding for Airport Body Scanners
A subcommittee in the House of Representatives, tasked with
allocations for 2012, has decided to strip funding for airport body
scanners. The TSA had earmarked the funding to purchase
airport body scanners. This move follows on the heels of multiple
government hearings before the House Committee on
Government Accountability highlighting the ineffectiveness and health
risks of their controversial body scanner program
as well as the overall
lack of agency transparency at the TSA and the Department of Homeland
EPIC testified in both hearings,
the first titled "'TSA Oversight Part
I: Whole Body Imaging," and the second "Why Isn't The Department Of
Homeland Security Meeting
The President's Standard On FOIA?" Executive
Director Marc Rotenberg and EPIC Senior Council John Verdi were invited
to detail the
Department of Homeland Security's systematic efforts to
shield and misrepresent the technical capabilities of the body scanner
Mr. Rotenberg stated that the body scanners failed to meet the
legal requirements courts have established for airport searches. EPIC
currently awaiting a judicial opinion in its lawsuit to suspend the
TSA's body scanner checkpoint program. Mr. Rotenberg cited
obtained by EPIC in a Freedom of Information Act lawsuit that showed
that the machines are designed to store and transfer images, and not
designed to detect powdered explosives.
Representatives questioned John Verdi about the DHS "Awareness" program,
which singles out FOIA requests for additional scrutiny
appointees based on the subject of the requests and the identities of
the requesters. Mr. Verdi called the program "uniquely
"unlawful." He pointed to Supreme Court precedent and to the factual
delay in FOIA processing caused by the program,
stating that "since
2009, the agency has failed to comply with FOIA deadlines in 100% of
requests filed by EPIC."
Chaffetz (R-UT) said that the body scanners are "a
nuisance. They're slow. And they're ineffective." Chaffetz previously
310-118 vote on the House floor to prohibit the use of body
scanners as a routine, primary screening technique. On May 5, 2011,
wrote a letter to Secretary of Homeland Security Janet
Napolitano about a homemade video featuring TSA agents patting down
children. The letter objects to Napolitano's statement that the
TSA agents portrayed in the video conducted these pat-downs
and according to the protocols." Chaffetz reminded the
Secretary of TSA's publicly stated policy that children under the age of
are supposed to be exempt from enhanced pat-downs. He also questioned
the agency's substandard processes and criteria for hiring
EPIC: TSA Body Scanner Technical Specifications
EPIC: Testimony on TSA Oversight (Mar. 16, 2011)
EPIC: Testimony on DHS FOIA Practices (Mar. 31, 2011)
Rep. Chaffetz: Letter to DHS Secretary Janet Napolitano
EPIC: EPIC v. DHS: Suspension of Body Scanner Program
EPIC: Whole Body Imaging Technology
 EPIC Hosts Hill Briefing on Street View
EPIC, together with Former Federal Trade Commission (FTC) Commissioner
Pamela Jones Harbour, hosted a Capital Hill briefing on "Street
Privacy, and the Security of Wireless Networks" on May 18, 2011. The
well-attended briefing featured FTC Commissioner David
CEO Ted Morgan, Gerard Waldron of Covington & Burling, and EPIC
President Marc Rotenberg.
Just over one year ago,
Google admitted that it had been secretly
collecting Wi-Fi data with its Street View vehicles. The company has, to
date, never fully
explained this behavior. Google has claimed that the
collection was accidental, but it had previously filed a patent
for this collection technology.
Panelists discussed the legality of Google's Street View Wi-Fi data
collection, analyzing Google's
actions under the Federal Communications
Act and the Federal Trade Commission's "Unfair and Deceptive Trade
They also discussed the status of investigations
abroad, including South Korea's raid on Google's offices in Seoul.
about the FTC's decision to close its investigation of
Google Street View. EPIC has filed a lawsuit under the Freedom of
Information Act in pursuit of documents related to this decision. EPIC
filed a “friend of the court” brief in a 9th Circuit case against
and its Street View data collection, arguing that Google’s collection of
wi-fi data was a violation of U.S. law.
Street View, Privacy, and the Security of Wireless Networks
EPIC: Investigations of Google Street View
P. Harbour: Collecting the World's Data, One Year Later (May 14, 2011)
EPIC: Amicus Brief in re: Google Street View, 9th Cir. (April 11, 2011)
EPIC v. FTC: Complaint (May 12, 2011)
 Privacy Bills Introduced in Congress
Members of Congress have introduced bills to codify privacy protections
for consumers in both the House and the Senate. First, in
Representatives Markey (D-MA) and Barton (R-TX) released a discussion
draft of the "Do Not Track Kids Act of 2011." The
draft would amend the
Children’s Online Privacy Protection Act of 1998 to update provisions
relating to the collection, use
and disclosure of children’s personal
information. Representative Barton stated "Every day we hear of new
accounts of consumers'
personal information being mishandled and misused
including our most vulnerable population - children . . .We have reached
point in the state of business when companies that conduct
business online are so eager to make a buck, they resort to targeting
In December 2010, EPIC submitted a statement to the House Energy and
Commerce Committee, following a hearing titled
"Do Not Track
Legislation: Is Now the Right Time?" EPIC said that an effective Do Not
Track initiative must ensure that a consumer’s
decision to opt-out is
"enforceable, persistent, transparent, and simple." In February 2011,
Rep. Speier (D-CA) introduced the broader
“Do Not Track Me Online Act.”
Jeff Chester, the Executive Director of the Center for Digital Democracy
referred to Representatives
Markey and Barton as the "dynamic duo of
On the Senate side, Senator Patrick Leahy (D-VT) has introduced the
Communications Privacy Act (ECPA) Amendments Act” to update
the 1986 law for electronic mail and stored communications. The
includes new provisions that clarify access by government agents to
consumer’s location data, but stops short of regulating
the use of
location data by private firms. Leahy stated: "[s]ince the Electronic
Communications Privacy Act was first enacted in
1986, ECPA has been one
of our nation’s premiere privacy laws. But today this law is
significantly outdated and out-paced by
rapid changes in technology."
In a Congressional Hearing before the House Committee on the Judiciary,
EPIC said that safeguards
for location data are critical for users of
new modern communications services. EPIC also filed a "friend of the
court" brief in
the Northern District of California, arguing that ECPA
prohibits companies from capturing data from unsecured Wi-Fi hotspot
Also in the Senate, Senators John Kerry (D-MA) and John McCain (R-AZ)
introduced the "Commercial Privacy Bill of Rights Act of 2011,"
April, aimed at protecting consumers' privacy both online and offline.
The Bill endorses several "Fair Information Practices,"
the ability to opt-out of data disclosures to third-parties, and
restricts the sharing of sensitive information.
However, the Bill does
not allow for a private right of action, it preempts more protective
state privacy laws, and it includes a
"safe harbor" arrangement that
exempts companies from significant privacy requirements.
ECPA Amendments Act
Do Not Track Kids Act of 2011
EPIC: Statement for Hearing on ECPA Reform (Jun. 24, 2010)
Rep. Markey: Press Release, Do Not Track Kids Act of 2011 (May 6, 2011)
Do Not Track Me Online Act
EPIC: Commercial Privacy Bill of Rights Act of 2011
 FISA Orders Up 19%, No Surveillance Request Turned
The U.S. Department of Justice has released the 2010
Intelligence Surveillance Act (FISA) report. In 2010, the Justice
Department submitted 1,579 FISA search warrant applications
Foreign Intelligence Surveillance Court, a 19% increase over 2009. Most
of them (1,506) were for electronic surveillance rather
searches. Five were withdrawn by the government.
The FISA court did not deny or modify a single FISA application in
Also in 2010, the FBI made 24,287 National Security Letter requests for
information pertaining to 14,212 different U.S. persons.
This is a
substantial increase from 14,788 national security letter requests
concerning 6,114 U.S. persons in 2009.
Intelligence Surveillance Court’s reluctance to question the
Department of Justice is not new; in 2009, the 11-member court
just one of 1,329 search warrant requests from the Justice Department.
Since it was created in 1979, the Court has denied
just 11 of 30,348
such requests. In its comments to the Foreign Intelligence Surveillance
Court last year, EPIC recommended that
the court maintain its
independence from the Executive Branch and improve its accountability to
2010 FISA Report (Apr. 29, 2011)
EPIC: Comments to FISA Court on Proposed Rules Changes (Oct. 4, 2010)
EPIC: The Foreign Intelligence Surveillance Court
EPIC: Foreign Intelligence Surveillance Act Court Orders 1979-2010
 News In Brief
Federal Trade Commission Settles Kids' Privacy Case with Playdom
Playdom has agreed to pay $3 million to settle charges that it
the Children's Online Privacy Protection Act (COPPA). The virtual game
company failed to obtain notice and consent from
parents before the
collection and use of children's information. EPIC previously testified
before the Senate Commerce Committee on
the need to update COPPA and to
clarify the law's application to mobile and social networking services.
EPIC submitted similar comments
to the Federal Trade Commission.
FTC: FTC Settles with Playdom (May 12, 2011)
FTC: Children's Online Privacy Protection Act
EPIC: EPIC Testimony: Before Senate Hearing on COPPA (Apr. 29, 2010)
EPIC: EPIC FTC Comments on COPPA (July 9, 2010)
Senate Holds Hearing on Mobile Privacy
The Senate Commerce Committee held a hearing on “Consumer Privacy and
in the Mobile Marketplace.” Chairman Rockefeller said that
users of mobile services have "an expectation of privacy . . . a
to privacy." The FTC's David Vladeck stated that consumers face new
threats in the mobile marketplace and described the agency's
actions against Twitter and Google. In 2010, EPIC recommended new
privacy safeguards for location data.
EPIC: Statement on
Use of Location Data (Feb. 24, 2010)
Senate Commerce Committee
Senate Commerce Committee: Mobile Privacy Hearing (May 19, 2011)
Chairman John Rockefeller: Statement on Consumer Privacy (May 19, 2011)
David Vladeck: Statement to Senate Commerce Committee (May 19, 2011)
EPIC Champions of Freedom Dinner
EPIC will host its annual Champion of Freedom Awards Dinner on June 13
at 6:30 pm at The
Fairfax on Embassy Row in Washington, DC. The event
will be hosted by Law Professor Jeffrey Rosen and Social Media Scholar
danah boyd. Honorees include Representatives Jason Chaffetz
and Rush Holt, both who have worked tirelessly in the House of
to protect privacy and civil liberties and fight
domestic surveillance. EPIC will also honor The Wall Street Journal for
They Know" series, which helped to shed light on marketers
that spy on internet users.
EPIC: Champion of Freedom Awards Dinner
Jason Chaffetz Official House Webpage
Rush Holt Official House Webpage
Wall Street Journal Official Website
 EPIC Book Review: "Fertile Ground"
"Fertile Grounds: The Facilitation of Financial Identity Theft in the
United States and the Netherlands," Nichole van der Meulen
“Fertile Grounds: the Facilitation of Financial Identity Theft in the
United States and the Netherlands” is the culmination
research Nicole van der Meulen conducted during her time at the
International Victimology Institute at Tilburg University
Netherlands. Ms. van der Meulen rejects the notion that identity theft
is an issue that only affects the United States, arguing
advances in digital technology both exacerbated the issue in the United
States and spread it to other countries. "Fertile
Grounds" examines the
various factors that contribute and perpetuate identity theft in order
to help interested actors address the
problem more effectively.
Ms. van der Meulen provides an in-depth comparative analysis of the
United States and the Netherlands
with a focus on three sets of actors
influencing the spread of financial identity theft: the state, financial
and consumers. Her work delves into each category to
demonstrate how local factors can either preempt or precipitate identity
at the macro level. The state protects consumers with data
protection laws and regulatory initiatives, or it leaves them to the
wolves. With the Identity Theft and Assumption Deterrence Act (ITADA) of
1998, the United States' made a meaningful federal legislative
address the issue. In contrast, the Netherlands lacks a separate
criminal offense for identity theft, which makes considerable
protection nearly impossible.
In both countries, financial service providers have tried to popularize
credit products with
aggressive marketing techniques. In the U.S., the
effort was successful. Credit cards have transcended social and
Credit cards never gained popularity in the
Netherlands, however, which van der Meulen believes has led to better
protection of consumer
information. As for consumers, Ms. van der
Meulen concludes that consumers fall into two broad categories:
and voluntary facilitation. Some consumers are
not aware of the consequences of providing personal information to third
Others knowingly avail themselves to the consequences.
At times, Ms. van der Meulen's analysis is excessively theoretical. The
chapter offers a detailed etymological examination of
financial identity theft as a concept. According to Ms. van der Meulen,
theft took time to develop as an impending concern for
policymakers in the United States because its citizens struggled with
intangible nature of the word “theft.” which was usually associated
with a physical intrusion. The term itself required
an expansion of
legal definitions. While this meticulous scholarship is helpful to the
academic community, Ms. van der Meulen's exhaustive
review of terms like
“financial,” “identity,” and “theft” might strike more policy minded
as a distraction from the core contributions of her work.
Both sets of readers, though, will find that "Fertile Grounds" is an apt
title for the book. Thoughtful and comprehensive, Ms. van der Meulen
provides activists and scholars alike with an objective assessment
the international struggle to combat identity theft. According to van
der Meulen, the international identity theft panorama would
significantly change if credit card companies quit chasing consumers.
-- Michelle Benard
"Litigation Under the Federal Open Government Laws 2010," edited by
Harry A. Hammitt, Marc Rotenberg, John A. Verdi,
Ginger McCall, and Mark
S. Zaid (EPIC 2010). Price: $75
Litigation Under the Federal Open Government Laws is the most
comprehensive, authoritative discussion of the federal open access
This updated version includes new material regarding President Obama's
2009 memo on Open Government, Attorney General Holder's
March 2009 memo
on FOIA Guidance, and the new executive order on declassification. The
standard reference work includes in-depth
analysis of litigation under:
the Freedom of Information Act, the Privacy Act, the Federal Advisory
Committee Act, and the Government in the Sunshine Act. The fully updated
2010 volume is the
25th edition of the manual that lawyers, journalists
and researchers have relied on for more than 25 years.
"Information Privacy Law: Cases and Materials, Second Edition" Daniel
J. Solove, Marc Rotenberg, and Paul Schwartz. (Aspen 2005).
This clear, comprehensive introduction to the field of information
privacy law allows instructors to enliven their teaching of fundamental
concepts by addressing both enduring and emerging controversies. The
Second Edition addresses numerous rapidly developing areas of
law, including: identity theft, government data mining and electronic
surveillance law, the Foreign Intelligence Surveillance
intelligence sharing, RFID tags, GPS, spyware, web bugs, and more.
Information Privacy Law, Second Edition, builds a cohesive
for an exciting course in this rapidly evolving area of law.
"Privacy & Human Rights
2006: An International Survey of Privacy Laws
and Developments" (EPIC 2007). Price: $75.
This annual report by EPIC and Privacy International provides an
overview of key privacy topics and reviews the state of privacy
75 countries around the world. The report outlines legal protections,
new challenges, and important issues and events relating
Privacy & Human Rights 2006 is the most comprehensive report on privacy
and data protection ever published.
"The Public Voice WSIS Sourcebook: Perspectives on the World Summit on
the Information Society" (EPIC 2004). Price: $40.
This resource promotes a dialogue on the issues, the outcomes, and the
process of the World Summit on the Information Society (WSIS).
reference guide provides the official UN documents, regional and
issue-oriented perspectives, and recommendations and proposals
future action, as well as a useful list of resources and contacts for
individuals and organizations that wish to become more
involved in the
"The Privacy Law Sourcebook 2004: United States Law, International
and Recent Developments," Marc Rotenberg, editor (EPIC 2005). Price:
The Privacy Law Sourcebook, which has been called the "Physician's Desk
Reference" of the privacy world, is the leading resource
attorneys, researchers, and journalists interested in pursuing privacy
law in the United States and around the world.
It includes the full
texts of major privacy laws and directives such as the Fair Credit
Reporting Act, the Privacy Act, and the OECD
Privacy Guidelines, as
well as an up-to-date section on recent developments. New materials
include the APEC Privacy Framework, the
Video Voyeurism Prevention Act,
and the CAN-SPAM Act.
"Filters and Freedom 2.0: Free Speech Perspectives
on Internet Content
Controls" (EPIC 2001). Price: $20.
A collection of essays, studies, and critiques of Internet content
filtering. These papers are instrumental in explaining why filtering
threatens free expression.
EPIC publications and other books on privacy, open government, free
expression, crypto and governance can be ordered at:
EPIC also publishes EPIC FOIA Notes, which provides brief summaries of
interesting documents obtained
from government agencies under the
Freedom of Information Act.
Subscribe to EPIC FOIA Notes at:
 Upcoming Conferences and Events
"The Digital Grapevine: Should Government Keep the Right to Monitor Us?"
European Parliament, Room PHS 3 C 5, 1 June 2011. For More
Mr. Khalid Bouffadis at firstname.lastname@example.org.
"EPIC Champion of Freedom Awards Dinner." The Fairfax at Embassy Row,
Washington, D.C., 13 June 2011. For More Information:
"The Tenth Workshop on Economics of Information Security." The George
Mason University, 14-15 June 2011. For More Information:
"Computers, Freedom, and Privacy 2011." Georgetown Law Center,
Washington D.C., 14-16 June 2011. For More Information:
"Online Tracking Protection and Browsers." Brussels, Belgium, 22-23 June
2011. For More Information: email@example.com.
ICANN Board Meeting. Singapore. 19-24 June 2011. For More Information:
"Aligning Privacy Accountability with your Business Strategy:" Privacy
Laws and Business 24th Annual International Conference.
College, Cambridge, United Kingdom, 11-13 July 2011. For More
EPIC Public Voice Conference. Mexico City, Mexico, 31 October 2011. For
More Information: http://www.thepublicvoice.org/.
Computers, Privacy, & Data Protection 2012: European Data Protection:
Coming of Age. Brussels, Belgium, 25-27 January 2012, Call
Abstracts Deadline 1 June 2011. For More Information:
Join EPIC on Facebook
Join the Electronic Privacy Information Center on Facebook
Start a discussion on privacy. Let us know your thoughts.
Stay up to date with EPIC's events.
The EPIC Alert mailing list is used only
to mail the EPIC Alert and to
send notices about EPIC activities. We do not sell, rent or share our
mailing list. We also intend
to challenge any subpoena or other legal
process seeking access to our mailing list. We do not enhance (link to
our mailing list or require your actual name.
In the event you wish to subscribe or unsubscribe your e-mail address
from this list,
please follow the above instructions under "subscription
The Electronic Privacy Information Center is
a public interest research
center in Washington, DC. It was established in 1994 to focus public
attention on emerging privacy issues
such as the Clipper Chip, the
Digital Telephony proposal, national ID cards, medical record privacy,
and the collection and sale
of personal information. EPIC publishes the
EPIC Alert, pursues Freedom of Information Act litigation, and conducts
policy research. For more information, see http://www.epic.org or write
EPIC, 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009. +1 202
483 1140 (tel), +1 202 483 1248 (fax).
Donate to EPIC
If you'd like to support the work of the
Electronic Privacy Information
Center, contributions are welcome and fully tax-deductible. Checks
should be made out to "EPIC" and
sent to 1718 Connecticut Ave., NW,
Suite 200, Washington, DC 20009. Or you can contribute online at:
Your contributions will help support Freedom of Information Act and
First Amendment litigation, strong and effective advocacy for the right
of privacy and efforts to oppose government regulation
of encryption and
expanding wiretapping powers.
Thank you for your support.
Subscribe/unsubscribe via web interface:
Back issues are available at:
The EPIC Alert displays best in a fixed-width font, such as Courier.
------------------------- END EPIC Alert 18.10 ------------------------