WorldLII Home | Databases | WorldLII | Search | Feedback

EPIC Alert

You are here:  WorldLII >> Databases >> EPIC Alert >> 2011 >> [2011] EPICAlert 10

Database Search | Name Search | Recent Articles | Noteup | LawCite | Help

EPIC Alert 18.10 [2011] EPICAlert 10

EPIC Alert 18.10

======================================================================= E P I C A l e r t ======================================================================= Volume 18.10 May 23, 2011 ----------------------------------------------------------------------- Published by the Electronic Privacy Information Center (EPIC) Washington, D.C. "Defend Privacy. Support EPIC." ======================================================================= Table of Contents ======================================================================= [1] White House Sets Out Cybersecurity Plan, International Strategy [2] Congress Moves to Limit Funding for Airport Body Scanners [3] EPIC Hosts Hill Briefing on Street View [4] Privacy Bills Introduced in Congress [5] FISA Orders Up 19%, No Surveillance Request Turned Down [6] News In Brief [7] EPIC Book Review: "Access Controlled" [8] Upcoming Conferences and Events TAKE ACTION: Computers, Freedom, & Privacy 2011! - REGISTER to attend - LIKE the page on, FOLLOW it on Twitter @cfp11! - SUPPORT EPIC EPIC 2011 Champion of Freedom Awards Dinner with danah boyd, Jeffrey Rosen, Rep. Jason Chaffetz, and Rep. Rush Holt Washington D.C. June 13, 2011 Register: ======================================================================= [1] White House Sets Out Cybersecurity Plan, International Strategy ======================================================================= The White House has unveiled its "International Strategy for Cyberspace: Prosperity, Security, and Openness in a Networked World." The Strategy is ambitious and far-reaching, covering economic policy, foreign affairs, homeland security, and defense. The White House's announcement follows its release of proposed cyber security legislation and the National Strategy for Trusted Identities in Cyberspace (NSTIC). On May 29,2009, the White House published the Cyberspace Policy Review, which reviewed U.S. policies and structures for cybersecurity and outlined the Administration's plans for the future of the Internet and cyberspace. Cybersecurity was a major focus of the review, which called for a national strategy to "secure the information and communications infrastructure," a national public awareness campaign to promote cybersecurity, and a cybersecurity incident response plan, among other things. Though the "International Strategy for Cyberspace" mentions privacy, it distinguishes it from other "fundamental freedoms" by including it in a separate category. The Strategy also suggests a trade-off between privacy protection and innovation, which reflects a fundamental misunderstanding of the role of cryptography in the growth of the modern Internet. To address growing concerns about online privacy, EPIC continues to recommended that the United States begin the process of ratifying the International Privacy Convention, which has been adopted by more than 40 countries. The Convention's objective is to secure the territory of each nation for every individual, whatever his nationality or residence, and provide respect for his rights and fundamental freedoms, and in particular his right to privacy, with regard to automatic processing of personal data relating to him. White House: International Strategy for Cyberspace White House: Proposed Cybersecurity Legislation White House: National Strategy for Trusted Identities in Cyberspace White House: 2009 Cyberspace Policy Review EPIC: National Strategy for Trusted Identities in Cyberspace EPIC: Council of Europe Privacy Convention EPIC: Letter to Secretary Clinton on the Privacy Convention EPIC: Cybersecurity Privacy Practical Implications ======================================================================= [2] Congress Moves to Limit Funding for Airport Body Scanners ======================================================================= A subcommittee in the House of Representatives, tasked with budget allocations for 2012, has decided to strip funding for airport body scanners. The TSA had earmarked the funding to purchase 275 additional airport body scanners. This move follows on the heels of multiple government hearings before the House Committee on Oversight and Government Accountability highlighting the ineffectiveness and health risks of their controversial body scanner program as well as the overall lack of agency transparency at the TSA and the Department of Homeland Security. EPIC testified in both hearings, the first titled "'TSA Oversight Part I: Whole Body Imaging," and the second "Why Isn't The Department Of Homeland Security Meeting The President's Standard On FOIA?" Executive Director Marc Rotenberg and EPIC Senior Council John Verdi were invited to detail the Department of Homeland Security's systematic efforts to shield and misrepresent the technical capabilities of the body scanner devices. Mr. Rotenberg stated that the body scanners failed to meet the legal requirements courts have established for airport searches. EPIC is currently awaiting a judicial opinion in its lawsuit to suspend the TSA's body scanner checkpoint program. Mr. Rotenberg cited TSA documents obtained by EPIC in a Freedom of Information Act lawsuit that showed that the machines are designed to store and transfer images, and not designed to detect powdered explosives. Representatives questioned John Verdi about the DHS "Awareness" program, which singles out FOIA requests for additional scrutiny by political appointees based on the subject of the requests and the identities of the requesters. Mr. Verdi called the program "uniquely harmful" and "unlawful." He pointed to Supreme Court precedent and to the factual delay in FOIA processing caused by the program, stating that "since 2009, the agency has failed to comply with FOIA deadlines in 100% of requests filed by EPIC." Chairman Jason Chaffetz (R-UT) said that the body scanners are "a nuisance. They're slow. And they're ineffective." Chaffetz previously won a 310-118 vote on the House floor to prohibit the use of body scanners as a routine, primary screening technique. On May 5, 2011, Chaffetz wrote a letter to Secretary of Homeland Security Janet Napolitano about a homemade video featuring TSA agents patting down young children. The letter objects to Napolitano's statement that the TSA agents portrayed in the video conducted these pat-downs "professionally and according to the protocols." Chaffetz reminded the Secretary of TSA's publicly stated policy that children under the age of 13 are supposed to be exempt from enhanced pat-downs. He also questioned the agency's substandard processes and criteria for hiring airport security personnel. EPIC: TSA Body Scanner Technical Specifications EPIC: Testimony on TSA Oversight (Mar. 16, 2011) EPIC: Testimony on DHS FOIA Practices (Mar. 31, 2011) Rep. Chaffetz: Letter to DHS Secretary Janet Napolitano EPIC: EPIC v. DHS: Suspension of Body Scanner Program EPIC: Whole Body Imaging Technology ======================================================================= [3] EPIC Hosts Hill Briefing on Street View ======================================================================= EPIC, together with Former Federal Trade Commission (FTC) Commissioner Pamela Jones Harbour, hosted a Capital Hill briefing on "Street View, Privacy, and the Security of Wireless Networks" on May 18, 2011. The well-attended briefing featured FTC Commissioner David Vladeck, Skyhook CEO Ted Morgan, Gerard Waldron of Covington & Burling, and EPIC President Marc Rotenberg. Just over one year ago, Google admitted that it had been secretly collecting Wi-Fi data with its Street View vehicles. The company has, to date, never fully explained this behavior. Google has claimed that the collection was accidental, but it had previously filed a patent application for this collection technology. Panelists discussed the legality of Google's Street View Wi-Fi data collection, analyzing Google's actions under the Federal Communications Act and the Federal Trade Commission's "Unfair and Deceptive Trade Practices" standard. They also discussed the status of investigations abroad, including South Korea's raid on Google's offices in Seoul. Panelists spoke about the FTC's decision to close its investigation of Google Street View. EPIC has filed a lawsuit under the Freedom of Information Act in pursuit of documents related to this decision. EPIC filed a “friend of the court” brief in a 9th Circuit case against Google and its Street View data collection, arguing that Google’s collection of wi-fi data was a violation of U.S. law. EPIC: Street View, Privacy, and the Security of Wireless Networks EPIC: Investigations of Google Street View P. Harbour: Collecting the World's Data, One Year Later (May 14, 2011) EPIC: Amicus Brief in re: Google Street View, 9th Cir. (April 11, 2011) EPIC v. FTC: Complaint (May 12, 2011) ======================================================================= [4] Privacy Bills Introduced in Congress ======================================================================= Members of Congress have introduced bills to codify privacy protections for consumers in both the House and the Senate. First, in the House, Representatives Markey (D-MA) and Barton (R-TX) released a discussion draft of the "Do Not Track Kids Act of 2011." The draft would amend the Children’s Online Privacy Protection Act of 1998 to update provisions relating to the collection, use and disclosure of children’s personal information. Representative Barton stated "Every day we hear of new accounts of consumers' personal information being mishandled and misused including our most vulnerable population - children . . .We have reached a troubling point in the state of business when companies that conduct business online are so eager to make a buck, they resort to targeting our children." In December 2010, EPIC submitted a statement to the House Energy and Commerce Committee, following a hearing titled "Do Not Track Legislation: Is Now the Right Time?" EPIC said that an effective Do Not Track initiative must ensure that a consumer’s decision to opt-out is "enforceable, persistent, transparent, and simple." In February 2011, Rep. Speier (D-CA) introduced the broader “Do Not Track Me Online Act.” Jeff Chester, the Executive Director of the Center for Digital Democracy referred to Representatives Markey and Barton as the "dynamic duo of privacy." On the Senate side, Senator Patrick Leahy (D-VT) has introduced the “Electronic Communications Privacy Act (ECPA) Amendments Act” to update the 1986 law for electronic mail and stored communications. The bill includes new provisions that clarify access by government agents to consumer’s location data, but stops short of regulating the use of location data by private firms. Leahy stated: "[s]ince the Electronic Communications Privacy Act was first enacted in 1986, ECPA has been one of our nation’s premiere privacy laws. But today this law is significantly outdated and out-paced by rapid changes in technology." In a Congressional Hearing before the House Committee on the Judiciary, EPIC said that safeguards for location data are critical for users of new modern communications services. EPIC also filed a "friend of the court" brief in the Northern District of California, arguing that ECPA prohibits companies from capturing data from unsecured Wi-Fi hotspot routers. Also in the Senate, Senators John Kerry (D-MA) and John McCain (R-AZ) introduced the "Commercial Privacy Bill of Rights Act of 2011," in April, aimed at protecting consumers' privacy both online and offline. The Bill endorses several "Fair Information Practices," gives consumers the ability to opt-out of data disclosures to third-parties, and restricts the sharing of sensitive information. However, the Bill does not allow for a private right of action, it preempts more protective state privacy laws, and it includes a "safe harbor" arrangement that exempts companies from significant privacy requirements. ECPA Amendments Act Do Not Track Kids Act of 2011 EPIC: Statement for Hearing on ECPA Reform (Jun. 24, 2010) Rep. Markey: Press Release, Do Not Track Kids Act of 2011 (May 6, 2011) Do Not Track Me Online Act EPIC: Commercial Privacy Bill of Rights Act of 2011 ======================================================================= [5] FISA Orders Up 19%, No Surveillance Request Turned Down ======================================================================= The U.S. Department of Justice has released the 2010 Foreign Intelligence Surveillance Act (FISA) report. In 2010, the Justice Department submitted 1,579 FISA search warrant applications to the Foreign Intelligence Surveillance Court, a 19% increase over 2009. Most of them (1,506) were for electronic surveillance rather than physical searches. Five were withdrawn by the government. The FISA court did not deny or modify a single FISA application in 2010. Also in 2010, the FBI made 24,287 National Security Letter requests for information pertaining to 14,212 different U.S. persons. This is a substantial increase from 14,788 national security letter requests concerning 6,114 U.S. persons in 2009. The Foreign Intelligence Surveillance Court’s reluctance to question the Department of Justice is not new; in 2009, the 11-member court denied just one of 1,329 search warrant requests from the Justice Department. Since it was created in 1979, the Court has denied just 11 of 30,348 such requests. In its comments to the Foreign Intelligence Surveillance Court last year, EPIC recommended that the court maintain its independence from the Executive Branch and improve its accountability to the public. Justice Department: 2010 FISA Report (Apr. 29, 2011) EPIC: Comments to FISA Court on Proposed Rules Changes (Oct. 4, 2010) EPIC: The Foreign Intelligence Surveillance Court EPIC: Foreign Intelligence Surveillance Act Court Orders 1979-2010 ======================================================================= [6] News In Brief ======================================================================= Federal Trade Commission Settles Kids' Privacy Case with Playdom Playdom has agreed to pay $3 million to settle charges that it violated the Children's Online Privacy Protection Act (COPPA). The virtual game company failed to obtain notice and consent from parents before the collection and use of children's information. EPIC previously testified before the Senate Commerce Committee on the need to update COPPA and to clarify the law's application to mobile and social networking services. EPIC submitted similar comments to the Federal Trade Commission. FTC: FTC Settles with Playdom (May 12, 2011) FTC: Children's Online Privacy Protection Act EPIC: EPIC Testimony: Before Senate Hearing on COPPA (Apr. 29, 2010) EPIC: EPIC FTC Comments on COPPA (July 9, 2010) Senate Holds Hearing on Mobile Privacy The Senate Commerce Committee held a hearing on “Consumer Privacy and Protection in the Mobile Marketplace.” Chairman Rockefeller said that users of mobile services have "an expectation of privacy . . . a right to privacy." The FTC's David Vladeck stated that consumers face new threats in the mobile marketplace and described the agency's recent actions against Twitter and Google. In 2010, EPIC recommended new privacy safeguards for location data. EPIC: Statement on Use of Location Data (Feb. 24, 2010) Senate Commerce Committee Senate Commerce Committee: Mobile Privacy Hearing (May 19, 2011) Chairman John Rockefeller: Statement on Consumer Privacy (May 19, 2011) David Vladeck: Statement to Senate Commerce Committee (May 19, 2011) EPIC Champions of Freedom Dinner EPIC will host its annual Champion of Freedom Awards Dinner on June 13 at 6:30 pm at The Fairfax on Embassy Row in Washington, DC. The event will be hosted by Law Professor Jeffrey Rosen and Social Media Scholar and Critic danah boyd. Honorees include Representatives Jason Chaffetz and Rush Holt, both who have worked tirelessly in the House of Representatives to protect privacy and civil liberties and fight domestic surveillance. EPIC will also honor The Wall Street Journal for its "What They Know" series, which helped to shed light on marketers that spy on internet users. EPIC: Champion of Freedom Awards Dinner Jason Chaffetz Official House Webpage Rush Holt Official House Webpage Wall Street Journal Official Website ======================================================================= [7] EPIC Book Review: "Fertile Ground" ======================================================================= "Fertile Grounds: The Facilitation of Financial Identity Theft in the United States and the Netherlands," Nichole van der Meulen “Fertile Grounds: the Facilitation of Financial Identity Theft in the United States and the Netherlands” is the culmination of extensive research Nicole van der Meulen conducted during her time at the International Victimology Institute at Tilburg University in the Netherlands. Ms. van der Meulen rejects the notion that identity theft is an issue that only affects the United States, arguing instead that advances in digital technology both exacerbated the issue in the United States and spread it to other countries. "Fertile Grounds" examines the various factors that contribute and perpetuate identity theft in order to help interested actors address the problem more effectively. Ms. van der Meulen provides an in-depth comparative analysis of the United States and the Netherlands with a focus on three sets of actors influencing the spread of financial identity theft: the state, financial service providers, and consumers. Her work delves into each category to demonstrate how local factors can either preempt or precipitate identity theft at the macro level. The state protects consumers with data protection laws and regulatory initiatives, or it leaves them to the wolves. With the Identity Theft and Assumption Deterrence Act (ITADA) of 1998, the United States' made a meaningful federal legislative effort to address the issue. In contrast, the Netherlands lacks a separate criminal offense for identity theft, which makes considerable consumer protection nearly impossible. In both countries, financial service providers have tried to popularize credit products with aggressive marketing techniques. In the U.S., the effort was successful. Credit cards have transcended social and economic boundaries. Credit cards never gained popularity in the Netherlands, however, which van der Meulen believes has led to better protection of consumer information. As for consumers, Ms. van der Meulen concludes that consumers fall into two broad categories: involuntary facilitation and voluntary facilitation. Some consumers are not aware of the consequences of providing personal information to third parties. Others knowingly avail themselves to the consequences. At times, Ms. van der Meulen's analysis is excessively theoretical. The introductory chapter offers a detailed etymological examination of financial identity theft as a concept. According to Ms. van der Meulen, identity theft took time to develop as an impending concern for policymakers in the United States because its citizens struggled with the intangible nature of the word “theft.” which was usually associated with a physical intrusion. The term itself required an expansion of legal definitions. While this meticulous scholarship is helpful to the academic community, Ms. van der Meulen's exhaustive review of terms like “financial,” “identity,” and “theft” might strike more policy minded readers as a distraction from the core contributions of her work. Both sets of readers, though, will find that "Fertile Grounds" is an apt title for the book. Thoughtful and comprehensive, Ms. van der Meulen provides activists and scholars alike with an objective assessment of the international struggle to combat identity theft. According to van der Meulen, the international identity theft panorama would significantly change if credit card companies quit chasing consumers. -- Michelle Benard ================================ EPIC Publications: "Litigation Under the Federal Open Government Laws 2010," edited by Harry A. Hammitt, Marc Rotenberg, John A. Verdi, Ginger McCall, and Mark S. Zaid (EPIC 2010). Price: $75 Litigation Under the Federal Open Government Laws is the most comprehensive, authoritative discussion of the federal open access laws. This updated version includes new material regarding President Obama's 2009 memo on Open Government, Attorney General Holder's March 2009 memo on FOIA Guidance, and the new executive order on declassification. The standard reference work includes in-depth analysis of litigation under: the Freedom of Information Act, the Privacy Act, the Federal Advisory Committee Act, and the Government in the Sunshine Act. The fully updated 2010 volume is the 25th edition of the manual that lawyers, journalists and researchers have relied on for more than 25 years. ================================ "Information Privacy Law: Cases and Materials, Second Edition" Daniel J. Solove, Marc Rotenberg, and Paul Schwartz. (Aspen 2005). Price: $98. This clear, comprehensive introduction to the field of information privacy law allows instructors to enliven their teaching of fundamental concepts by addressing both enduring and emerging controversies. The Second Edition addresses numerous rapidly developing areas of privacy law, including: identity theft, government data mining and electronic surveillance law, the Foreign Intelligence Surveillance Act, intelligence sharing, RFID tags, GPS, spyware, web bugs, and more. Information Privacy Law, Second Edition, builds a cohesive foundation for an exciting course in this rapidly evolving area of law. ================================ "Privacy & Human Rights 2006: An International Survey of Privacy Laws and Developments" (EPIC 2007). Price: $75. This annual report by EPIC and Privacy International provides an overview of key privacy topics and reviews the state of privacy in over 75 countries around the world. The report outlines legal protections, new challenges, and important issues and events relating to privacy. Privacy & Human Rights 2006 is the most comprehensive report on privacy and data protection ever published. ================================ "The Public Voice WSIS Sourcebook: Perspectives on the World Summit on the Information Society" (EPIC 2004). Price: $40. This resource promotes a dialogue on the issues, the outcomes, and the process of the World Summit on the Information Society (WSIS). This reference guide provides the official UN documents, regional and issue-oriented perspectives, and recommendations and proposals for future action, as well as a useful list of resources and contacts for individuals and organizations that wish to become more involved in the WSIS process. ================================ "The Privacy Law Sourcebook 2004: United States Law, International Law, and Recent Developments," Marc Rotenberg, editor (EPIC 2005). Price: $40. The Privacy Law Sourcebook, which has been called the "Physician's Desk Reference" of the privacy world, is the leading resource for students, attorneys, researchers, and journalists interested in pursuing privacy law in the United States and around the world. It includes the full texts of major privacy laws and directives such as the Fair Credit Reporting Act, the Privacy Act, and the OECD Privacy Guidelines, as well as an up-to-date section on recent developments. New materials include the APEC Privacy Framework, the Video Voyeurism Prevention Act, and the CAN-SPAM Act. ================================ "Filters and Freedom 2.0: Free Speech Perspectives on Internet Content Controls" (EPIC 2001). Price: $20. A collection of essays, studies, and critiques of Internet content filtering. These papers are instrumental in explaining why filtering threatens free expression. ================================ EPIC publications and other books on privacy, open government, free expression, crypto and governance can be ordered at: EPIC Bookstore ================================ EPIC also publishes EPIC FOIA Notes, which provides brief summaries of interesting documents obtained from government agencies under the Freedom of Information Act. Subscribe to EPIC FOIA Notes at: ======================================================================= [8] Upcoming Conferences and Events ======================================================================= "The Digital Grapevine: Should Government Keep the Right to Monitor Us?" European Parliament, Room PHS 3 C 5, 1 June 2011. For More Information: Mr. Khalid Bouffadis at "EPIC Champion of Freedom Awards Dinner." The Fairfax at Embassy Row, Washington, D.C., 13 June 2011. For More Information: "The Tenth Workshop on Economics of Information Security." The George Mason University, 14-15 June 2011. For More Information: "Computers, Freedom, and Privacy 2011." Georgetown Law Center, Washington D.C., 14-16 June 2011. For More Information: "Online Tracking Protection and Browsers." Brussels, Belgium, 22-23 June 2011. For More Information: ICANN Board Meeting. Singapore. 19-24 June 2011. For More Information: "Aligning Privacy Accountability with your Business Strategy:" Privacy Laws and Business 24th Annual International Conference. St. John's College, Cambridge, United Kingdom, 11-13 July 2011. For More Information: EPIC Public Voice Conference. Mexico City, Mexico, 31 October 2011. For More Information: Computers, Privacy, & Data Protection 2012: European Data Protection: Coming of Age. Brussels, Belgium, 25-27 January 2012, Call for Papers Abstracts Deadline 1 June 2011. For More Information: ======================================================================= Join EPIC on Facebook ======================================================================= Join the Electronic Privacy Information Center on Facebook Start a discussion on privacy. Let us know your thoughts. Stay up to date with EPIC's events. Support EPIC. ======================================================================= Privacy Policy ======================================================================= The EPIC Alert mailing list is used only to mail the EPIC Alert and to send notices about EPIC activities. We do not sell, rent or share our mailing list. We also intend to challenge any subpoena or other legal process seeking access to our mailing list. We do not enhance (link to other databases) our mailing list or require your actual name. In the event you wish to subscribe or unsubscribe your e-mail address from this list, please follow the above instructions under "subscription information." ======================================================================= About EPIC ======================================================================= The Electronic Privacy Information Center is a public interest research center in Washington, DC. It was established in 1994 to focus public attention on emerging privacy issues such as the Clipper Chip, the Digital Telephony proposal, national ID cards, medical record privacy, and the collection and sale of personal information. EPIC publishes the EPIC Alert, pursues Freedom of Information Act litigation, and conducts policy research. For more information, see or write EPIC, 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009. +1 202 483 1140 (tel), +1 202 483 1248 (fax). ======================================================================= Donate to EPIC ======================================================================= If you'd like to support the work of the Electronic Privacy Information Center, contributions are welcome and fully tax-deductible. Checks should be made out to "EPIC" and sent to 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009. Or you can contribute online at: Your contributions will help support Freedom of Information Act and First Amendment litigation, strong and effective advocacy for the right of privacy and efforts to oppose government regulation of encryption and expanding wiretapping powers. Thank you for your support. ======================================================================= Subscription Information ======================================================================= Subscribe/unsubscribe via web interface: Back issues are available at: The EPIC Alert displays best in a fixed-width font, such as Courier. ------------------------- END EPIC Alert 18.10 ------------------------

WorldLII: Copyright Policy | Disclaimers | Privacy Policy | Feedback