EPIC Alert 18.15
======================================================================= E P I C A l e r t ======================================================================= Volume 18.15 August 2, 2011 ----------------------------------------------------------------------- Published by the Electronic Privacy Information Center (EPIC) Washington, D.C. http://www.epic.org/alert/epic_alert_1815.html "Defend Privacy. Support EPIC." http://epic.org/donate ======================================================================= Table of Contents ======================================================================= [1] House Committee Approves Controversial Data Retention Measure [2] EPIC Urges Seventh Circuit to Protect Student Privacy Rights [3] House Subcommittee Approves Weak Data Breach Bill [4] TSA Announces 'Stick Figure' Software for Some Body Scanners [5] EPIC v. NSA: Agency Can 'Neither Confirm Nor Deny' Google Ties [6] News in Brief [7] EPIC Book Review: 'In the Plex' [8] Upcoming Conferences and Events TAKE ACTION: Facebook Privacy 2011! - READ EPIC's complaint to FTC: http://epic.org/redirect/062011FB.html - WATCH EPIC on ABC Nightline: http://epic.org/redirect/062011FB.html - SUPPORT EPIC: http://www.epic.org/donate/ ======================================================================= [1] House Committee Approves Controversial Data Retention Measure ======================================================================= On July 28 the House of Representatives Judiciary Committee voted 19-10 to approve HR-1981, a bill requiring Internet Service Providers (ISPs) to retain personally identifiable data on every customer, thereby allowing the US government to identify and track their online activity for one year. The bill is designed to identify producers and consumers of online child pornography. EPIC Director Marc Rotenberg testified against the bill at the July 12 Judiciary Committee hearing, arguing that if the bill is enacted it should neither contain a data retention mandate nor immunity for ISPs for misuses of the data. EPIC's arguments were cited by committee members including Rep. Jerrold Nadler (D-NY), who also pointed out that storing more customer data would lead to an increase in the already high number of data breaches: "The more data we keep, the more likely we are to have such intrusions," said Nadler. During two days of deliberation, several amendments that would have removed or limited the bill's data retention requirements were all defeated. The most significant amendment to pass was introduced by the bill's sponsor, Rep. Lamar Smith (R-TX). The initial bill would have required ISPs to retain internet protocol (IP) addresses for 18 months, but the amendment lowers the duration to 12 months, a position advocated by EPIC. However, the amendment also requires ISPs to retain not only IP addresses, but also customer names, physical addresses, phone records, type and length of service, and credit card numbers. "This retention is a radical contradiction of the core American value that we are innocent until proven guilty," said Rep. Jason Chaffetz (R-UT). Judiciary Chairman Rep. James Sensenbrenner (R-WI) was "not convinced [the bill] will contribute in any meaningful way to prosecuting child pornography." Rep. Zoe Lofgren (D-CA) stated that it is an "unprecedented power grab by the federal government - it goes way beyond fighting child pornography." Rep. Scott said that the data would be available for many other uses, including copyright prosecution and divorce cases, while Rep. Darrell Issa (R-CA) stated that retained data will be made available to law enforcement officers without a warrant or judicial oversight. Rep. Lofgren went so far as to propose an amendment to rename the bill the "Keep Every American's Digital Data for Submission to the Federal Government Without a Warrant Act." The amendment failed. US House Judiciary Committee: Text of HR-1981 http://judiciary.house.gov/hearings/pdf/112hr1981.pdf US House Judiciary Committee: Amendment to HR-1981 http://epic.org/redirect/080211_HR1981_amendment.html EPIC: Testimony before Congress on HR-1981 (July 12, 2011) http://epic.org/redirect/080211_HR1981_EPIC_testimony.html EPIC: EPIC Urges Congress to Reject Data Retention Plan http://epic.org/2011/07/epic-urges-congress-to-reject.html EPIC: Data Retention http://epic.org/privacy/intl/data_retention.html allmediaLP: House Judiciary Data Retention Bill Markup Coverage http://epic.org/redirect/080211_HR1981_markup_coverage.html ======================================================================= [2] EPIC Urges Seventh Circuit to Protect Student Privacy Rights ======================================================================= EPIC has filed a "friend of the court" brief in Chicago Tribune v. University of Illinois Board of Trustees, a Seventh Circuit Court of Appeals case involving student privacy rights protected by the Family Educational Rights and Privacy Act (FERPA). The Chicago Tribune sought documents from the University of Illinois under the Illinois Freedom of Information Act, as part of its ongoing investigation of alleged corruption in the University's admission practices. The University refused to disclose the applicants' records in response to the Tribune's request, arguing that FERPA, a federal law, prohibited their release, thus preempting the Illinois FOIA request. Congress enacted FERPA in 1974 via governmental Spending Clause power, attaching certain requirements to the receipt of federal education funding. The lower federal court therefore stated that universities have the option of turning down federal funding in order to avoid compliance with FERPA, and, as a result, the court found that the University of Illinois was not prohibited from disclosing student records under FERPA, nor could it invoke that particular exemption under the Illinois law. The central issue of the University's appeal is whether FERPA "prohibits" the release of university admission records under Illinois' Freedom of Information Act. EPIC's brief argues that both Congress and the State of Illinois intended to protect student records, including admissions files, from unauthorized release, and that Illinois' open government law must yield to the federal privacy law. EPIC also contends that since it is not feasible for any public university to forswear federal funding in order to disregard its FERPA obligations, FERPA's enforcement mechanism effectively prohibits universities from disclosing student records. The Department of Justice, the American Council on Education, and other Illinois public universities also filed briefs in support of student privacy protections under FERPA. EPIC: Amicus Brief in Chicago Tribune v. U. of Illinois (July 2011) http://epic.org/amicus/tribune/EPIC_brief_Chi_Trib_final.pdf EPIC: Chicago Tribune v. University of Illinois http://epic.org/amicus/tribune/ University of Illinois: Chicago Tribune v. University of Illinois http://www.uillinois.edu/our/news/2011/July.CourtFiling.cfm Chicago Tribune: "Clout Goes to College" http://www.chicagotribune.com/news/watchdog/college/ EPIC: Student Privacy http://epic.org/privacy/student/ ======================================================================= [3] House Subcommittee Approves Weak Data Breach Bill ======================================================================= A House of Representatives Commerce Subcommittee has voted in favor of a data breach bill entitled the "Secure and Fortify Electronic (SAFE) Data Act", sponsored by Rep. Mary Bono Mack (R-CA), Chair of the House Energy and Commerce Subcommittee on Commerce, Manufacturing and Trade. The SAFE Data Act requires companies to respond in the event of a data breach and encourages minimization of data collection and retention. Companies must identify those individuals whose personal information is affected and, within 48 hours of such identification, must notify the Federal Trade Commission. The deadline for commencing notification to affected individuals is 45 days after the discovery of the breach; however, notification can be delayed beyond the 45-day deadline based on law enforcement and national security exceptions. Breach victim notification is not required if the company determines that the breach presents no reasonable risk of identity theft or other unlawful conduct. All companies subject to the legislation are required to establish a plan that provides for the retention of personal information only as reasonably needed for business purposes or as necessary to comply with a legal obligation. Almost all states already have robust security breach laws, which the SAFE Data Act now would preempt. Many of these state laws are stronger than the SAFE Data Act. For example, the Act only requires that consumers be notified of their status via paper mail or email, rather than via text messaging or social network sites. The Act does not require that companies notify breach victims when the breached information is already available to the public. The SAFE Data Act also defines personal information narrowly; it suggests, for instance, that a social security number would not be personal information if it were not immediately associated with an individual's name. EPIC Executive Director Marc Rotenberg testified in July 2011 before Rep. Bono Mack and her subcommittee, emphasizing the growing problem of data breaches and the likelihood that breaches would increase as more user data moves to cloud-based services. Rotenberg highlighted the large number of recent high profile data breaches, including the large- scale breaches at Citigroup, Sony PlayStation Network, and Epsilon. EPIC maintains a webpage on Identity Theft and has testified before the Senate Banking Committee on breach notification legislation. US House of Representatives: Text of the SAFE Data Act (H.R. 2577) http://epic.org/redirect/080211_safedata_text.html House Dept. Energy and Commerce: SAFE Data Act Hearing (June 15, 2011) http://epic.org/redirect/080211_safedata_hearing.html EPIC: Testimony on SAFE Data Act (June 15, 2011) http://epic.org/redirect/080211_EPIC_testimony_safedata.html EPIC: Identity Theft http://epic.org/privacy/idtheft/ ======================================================================= [4] TSA Announces 'Stick Figure' Software for Some Body Scanners ======================================================================= The Transportation Security Administration (TSA) has announced that it will begin installing new software on some millimeter-wave airport body scanners that will display a generic human figure on a computer monitor rather than the naked bodies of individual air travelers. The Agency asserts that this software can automatically detect "anomalies" on passengers' bodies, and will highlight those areas on the displayed image. If the machine does not detect any threats, it will merely display a green "OK." Passengers will be able to view the same images as TSA employees. If an anomaly is detected, TSA employees will further screen the targeted areas via means like enhanced pat downs. The TSA maintains that this modification will mitigate travelers' privacy concerns and provide a better customer experience at checkpoints. The new system will also cut Agency costs, as additional TSA employees will no longer be needed to view the scanned images in a separate room. No plan currently exists to install similar software on the more widely used and more controversial "backscatter" x-ray scanners, although the TSA plans to conduct tests in Fall 2011. The system's effectiveness has been called into question, however; documents obtained via EPIC's Freedom of Information Act lawsuit against the Agency reveal that the scanners are not designed to detect powdered explosives like PETN, the explosive used in the failed 2009 Christmas Day "underwear bomb" plot. EPIC has been unable to determine whether or not the new software stores or transfers the underlying raw naked images captured before filtering. Twice in 2010 EPIC requested documents from the TSA under the Freedom of Information Act regarding the operations and capabilities of automated target recognition (AIT) software in airport body scanners. The Agency failed to provide the documents or give a legally adequate response to either request, and EPIC subsequently filed suit. Previously obtained documents indicate that, despite the TSA's claims to the contrary, body scanners were designed to store and transfer the naked images. TSA: 'TSA Takes Next Steps to Further Enhance Passenger Privacy' http://www.tsa.gov/press/releases/2011/0720.shtm EPIC: FOIA Request to TSA Re: Body Scanner Capabilities (Oct. 2010) http://epic.org/privacy/body_scanners/FOIA_ATR2_Final.pdf EPIC: Complaint for Release of Improperly Withheld TSA Records http://epic.org/privacy/body_scanners/Complaint_ATR2010-06-15.pdf EPIC: TSA Procurement Specifications for Body Scanners http://epic.org/open_gov/foia/TSA_Procurement_Specs.pdf EPIC: Body Scanner Technology http://epic.org/privacy/airtravel/backscatter/ EPIC: EPIC v. DHS (Suspension of Body Scanner Program) http://epic.org/redirect/080211_EPIC_v_DHS_scanners.html ======================================================================= [5] EPIC v. NSA: Agency Can 'Neither Confirm Nor Deny' Google Ties ======================================================================= A federal judge has issued an opinion in EPIC v. National Security Agency, accepting the Agency's claim that it can "neither confirm nor deny" a partnership with Google following a January 2010 incident in which Chinese hackers allegedly breached Google's corporate network. EPIC submitted a Freedom of Information Act request in February 2010, seeking documents pertaining to any agreement or communication between Google and the NSA on cybersecurity. Such documents could reveal that the NSA was developing technical standards that would enable greater surveillance of Internet users. At the time, the Agency denied EPIC's FOIA request, refusing to confirm or deny any relationship with Google. To "neither confirm nor deny" the existence of documents is known as a "Glomar response," a controversial legal doctrine that allows agencies to conceal records that might otherwise be subject to public disclosure. EPIC appealed the Agency's decision to deny its request. After the Agency failed to respond to EPIC's appeal within the statutory deadline, EPIC filed a complaint. EPIC plans to appeal the judge's decision. Currently, EPIC is also litigating to obtain the National Security Presidential Directive, which sets out the NSA's cybersecurity authority. In January 2008, President George W. Bush issued National Security Presidential Directive 54 (NSPD-54), which grants the National Security Administration broad authority over the security of American computer networks. The Directive created the Comprehensive National Cybersecurity Initiative (CNCI), a "multi-agency, multi-year plan that lays out twelve steps to securing the federal government's cyber networks." This Directive was not released to the public. EPIC is additionally seeking from the NSA information about Internet vulnerability assessments; the Director's classified opinions on how the NSA's practices impact Internet privacy; and the NSA's "Perfect Citizen" program - a formerly secret cybersecurity program to monitor the Internet for impending cyber attacks. EPIC v. NSA: D.C. District Court Opinion (July 8, 2011) https://ecf.dcd.uscourts.gov/cgi-bin/show_public_doc?2010cv1533-15 EPIC v. NSA: Complaint (Feb. 2010) http://epic.org/foia/NSPD54_complaint.pdf EPIC: NSA FOIA Request (NSA and Google relationship) (Feb. 2010) http://epic.org/privacy/nsa/foia/NSA-Google_FOIA_Request.pdf EPIC: NSA FOIA Request (Perfect Citizen Program) (July 2010) http://epic.org/redirect/080211_EPIC_v_NSA_perfectcitizen.html EPIC: EPIC v. NSA http://epic.org/privacy/nsa/epic_v_nsa.html ======================================================================= [6] News in Brief ======================================================================= EPIC Urges Court to Limit Pre-Trial DNA Collection from Defendants EPIC has filed a "friend of the court" brief in US v. Pool. The US Court of Appeals for the Ninth Circuit is hearing the case, which challenges the constitutionality of a federal law requiring that every felony defendant submit a DNA sample as a condition of bail, pending trial. The DNA is used to create profiles in a national DNA index system, otherwise known as CODIS. The FBI itself keeps the full DNA sample indefinitely. In its brief, EPIC observed: "Today's science shows that DNA reveals vastly more personal information than a fingerprint," including "genetic information that can reveal personal traits such as race, ethnicity and gender, as well as medical risk for conditions such as diabetes." A three-judge panel of the Ninth Circuit previously heard US v. Pool and handed down its opinion in September 2010. Pool's counsel then petitioned the Ninth Circuit to rehear the case with a full panel of judges, or "en banc". EPIC: Amicus Brief in US v. Pool (July 2011) http://epic.org/amicus/pool/EPIC_brief_Pool_Final.pdf EPIC: US v. Pool http://epic.org/amicus/pool/default.html EPIC: Genetic Privacy http://epic.org/privacy/genetic/default.html EPIC, Liberty Coalition Submit Comments on Internet Identities EPIC, joined by the nonpartisan Liberty Coalition, has submitted comments to the National Institute for Standards and Technology (NIST) on governance topics associated with the National Strategy for Trusted Identities in Cyberspace, or NSTIC. NSTIC proposes the creation of an "identity ecosystem," which would allow individuals to securely validate their identities online during sensitive transactions while remaining anonymous during general web browsing. EPIC's comments call for a structure that would "include protection of consumer information and implementation of strong privacy practices." EPIC has previously pressed the Obama Administration for a clearer definition of issues NSTIC was meant to address, and has advocated for the maintenance of a free and open Internet. EPIC: Comments to NIST on NSTIC (July 2011) http://epic.org/redirect/080211_NIST_NSTIC_comments.html EPIC: National Strategy for Trusted Identities in Cyberspace http://epic.org/privacy/nstic.html Liberty Coalition http://www.libertycoalition.net/ NIST: National Strategy for Trusted Identities in Cyberspace http://www.nist.gov/nstic/ White House: Cyberspace Policy Review http://epic.org/redirect/080211_whitehouse_cyber_review.html Facebook Makes Changes to Facial Recognition; Still Relying on Opt-Out In response to a letter from Connecticut Attorney General George Jepson, Facebook has agreed to run ads that link users to their privacy settings and show them how to opt-out of Facebook's new facial recognition feature. The first run of the online "Tag Suggest" ads resulted in over 400,000 impressions, according to Jepson's office; a second run will take place over a two-week period in July and August 2011. In June 2011, EPIC, along with several other organizations, filed a complaint with the Federal Trade Commission concerning Facebook's "unfair and deceptive" biometric data collection practices. EPIC urged the Commission to require Facebook to suspend the program pending a full investigation, as well as implement stronger privacy safeguards and a default opt-in for the facial recognition application. Connecticut AG: Press Release (July 26, 2011) http://www.ct.gov/ag/lib/ag/press_releases/2011/072611facebook.pdf EPIC: EPIC: Facebook Facial Recognition Complaint (June 10, 2011) http://epic.org/redirect/080211_FTC_facebook_complaint.html EPIC: Facebook and the Facial Identification of Users http://epic.org/redirect/080211_ facebook_facial_recognition.html Google Suspends Thousands of Google+ Accounts, Cites Use of Pseudonyms Some users of the social network site Google+ reported in late July that their accounts were deleted or suspended because the accounts were being used under pseudonyms rather than legal or "real" names. Google+'s policy requires that users be publicly identified under the name that they "commonly go by in daily life." Policy violators reported conflicting consequences; some users claimed that they lost access to any GMail, Calendar, and Google Docs accounts that were linked to their Google+ accounts. Google responded that account suspensions or deletions should only affect social applications such as Google+ and Buzz. Google now has modified its policy to provide a warning to users and an opportunity to comply with the policy before suspending their accounts. EPIC opposes both commercial and government practices that restrict anonymous Internet speech. Google: Your Name and Google Profiles http://www.google.com/support/+/bin/answer.py?hl=en&answer=1228271 Google: Official Blog Post on Account Suspensions https://plus.google.com/u/0/113116318008017777871/posts/VJoZMS8zVqU EPIC: Internet Anonymity http://www.epic.org/privacy/anonymity/ EPIC: Social Networking Privacy http://www.epic.org/privacy/socialnet/ Google Buys Facial Recognition Software Company Facial recognition software company Pittsburgh Pattern Recognition ("PittPatt") announced on July 22 that it had been acquired by Google. The terms of the deal were not disclosed, but Google already employs similar "computer vision" technology in Google Image Search, YouTube, and Picasa. Google's acquisition follows competitor Facebook's June 7 announcement that it had deployed "Tag Suggestions" facial recognition technology over the last several months. On June 10, EPIC filed a complaint with the Federal Trade Commission, arguing that biometric data collection for the purposes of facial recognition and online identification presents privacy and safety concerns for consumers. Pittsburgh Pattern Recognition: Google Acquisition Announcement http://www.pittpatt.com/ EPIC: Facebook Facial Recognition Complaint (June 10, 2011) http://epic.org/redirect/080211_FTC_facebook_complaint.html EPIC: Face Recognition http://epic.org/privacy/facerecognition/ EPIC: Facebook and Facial Recognition http://epic.org/redirect/080211_ facebook_facial_recognition.html ======================================================================= [7] EPIC Book Review: 'In the Plex' ======================================================================= "In the Plex: How Google Thinks, Works, and Shapes Our Lives," Steven Levy http://epic.org/redirect/080211_levy_in_the_plex.html "In the Plex: How Google Thinks, Works, and Shapes Our Lives" is both a digital-age tragedy and a love story about the genius, drive, and sheer audacity of Google's founders and engineers. While veteran tech journalist Steven Levy dutifully recounts Google's gradual, hubristic descent into censorship, anti-trust lawsuits and public privacy outrages, he appears so infatuated with Google's astounding inventiveness that he can't actually condemn founders Larry Page and Sergey Brin. The result is a dizzyingly fast ride through the last 12 years of technological development - an "entire generation" of the Internet, as Levy himself puts it - in which Levy does his best to shield the company's beloved principals from blame. Although most readers of "In the Plex" should be familiar with the basic storyline of Google's skyrocket from radically new search engine to aggressive, market-dominant promoter of "cloud computing," Levy's narrative is linear and suspenseful. Indeed, like a good detective novelist, Levy casually mentions the seeds of Google's own destruction in Chapter 1: Page and Brin's obsession with collecting and analyzing vast amounts of user data in order to further their own and their company's ambitions. Even in 1999, says Levy, Google's engineering team knew that it "had the capacity to capture everything people did on the site . . . a digital trail of activities whose retention could provide a key to future innovations." Levy's chronological litany of Google's acquisitions and product releases - from Gmail to Google Maps to Android - is simultaneously jolting and nostalgic. Perhaps just jolting is Google's seemingly arithmetic expansion into larger and larger office complexes, constant buy-outs of smaller start-ups, and the hardening of an ever more cumbersome and "un-Googley" corporate bureaucracy. Concurrent with Google's growth are the increasingly common lapses in user privacy, beginning with the furor over Gmail's storage and targeted advertising, and culminating with the disastrous privacy oversights of Google Buzz. In both cases, privacy issues were vetted or perhaps disregarded by Google employees themselves, who successfully used Gmail and Buzz in-house before the products' public release. But, as Levy reiterates, Google and its employees see the world, and data, differently: "They considered . . . privacy concerns illogical. They trusted machines, and their own intentions were pure - ergo, people should have trusted them." Google's own motto was "Don't Be Evil." Levy treats Google's privacy missteps fairly but sympathetically. He devotes an entire chapter to the google.cn debacle, and yet never says outright that Google had been naive or self-serving in trying to court the Chinese search market. He states the facts, then turns to quote or even legitimize the motivations of the Google "troika" - Page, Brin, and CEO Eric Schmidt. Rather, Levy's ire seems directed at, quoting Brin, "'. . . the kinds of things privacy nuts take advantage of to cause paranoia.'" "In the Plex" was published in April 2011, days after the Google Books settlement was overturned due to user privacy concerns. Nevertheless, Levy uses the Google Books/Google Library initiative as the project most symbolic of the increasing disconnect between Google's belief that it was creating a valuable, lasting service to humankind, and the public's perception that Google was trying to exploit and control access to the informational world. A melancholy epilogue entitled "Chasing Taillights" chronicles Google's increasingly flailing attempts to enter the social networking space, implicitly speculating that Google's primacy in the online world is not only finite, but ending. "In the Plex" is a breathtaking read about how our hunger for data shapes our society - a hybrid corporate biography and technological sociogram. At the same time, one can't help but wish that Levy himself had been a little less drawn into the Google cult. -- Beth Rosenberg ================================ EPIC Publications: "Litigation Under the Federal Open Government Laws 2010," edited by Harry A. Hammitt, Marc Rotenberg, John A. Verdi, Ginger McCall, and Mark S. Zaid (EPIC 2010). Price: $75 http://epic.org/bookstore/foia2010/ Litigation Under the Federal Open Government Laws is the most comprehensive, authoritative discussion of the federal open access laws. This updated version includes new material regarding President Obama's 2009 memo on Open Government, Attorney General Holder's March 2009 memo on FOIA Guidance, and the new executive order on declassification. The standard reference work includes in-depth analysis of litigation under: the Freedom of Information Act, the Privacy Act, the Federal Advisory Committee Act, and the Government in the Sunshine Act. The fully updated 2010 volume is the 25th edition of the manual that lawyers, journalists and researchers have relied on for more than 25 years. ================================ "Information Privacy Law: Cases and Materials, Second Edition" Daniel J. Solove, Marc Rotenberg, and Paul Schwartz. (Aspen 2005). Price: $98. http://www.epic.org/redirect/aspen_ipl_casebook.html This clear, comprehensive introduction to the field of information privacy law allows instructors to enliven their teaching of fundamental concepts by addressing both enduring and emerging controversies. The Second Edition addresses numerous rapidly developing areas of privacy law, including: identity theft, government data mining and electronic surveillance law, the Foreign Intelligence Surveillance Act, intelligence sharing, RFID tags, GPS, spyware, web bugs, and more. Information Privacy Law, Second Edition, builds a cohesive foundation for an exciting course in this rapidly evolving area of law. ================================ "Privacy & Human Rights 2006: An International Survey of Privacy Laws and Developments" (EPIC 2007). Price: $75. http://www.epic.org/phr06/ This annual report by EPIC and Privacy International provides an overview of key privacy topics and reviews the state of privacy in over 75 countries around the world. The report outlines legal protections, new challenges, and important issues and events relating to privacy. Privacy & Human Rights 2006 is the most comprehensive report on privacy and data protection ever published. ================================ "The Public Voice WSIS Sourcebook: Perspectives on the World Summit on the Information Society" (EPIC 2004). Price: $40. http://www.epic.org/bookstore/pvsourcebook This resource promotes a dialogue on the issues, the outcomes, and the process of the World Summit on the Information Society (WSIS). This reference guide provides the official UN documents, regional and issue-oriented perspectives, and recommendations and proposals for future action, as well as a useful list of resources and contacts for individuals and organizations that wish to become more involved in the WSIS process. ================================ "The Privacy Law Sourcebook 2004: United States Law, International Law, and Recent Developments," Marc Rotenberg, editor (EPIC 2005). Price: $40. http://www.epic.org/bookstore/pls2004/ The Privacy Law Sourcebook, which has been called the "Physician's Desk Reference" of the privacy world, is the leading resource for students, attorneys, researchers, and journalists interested in pursuing privacy law in the United States and around the world. It includes the full texts of major privacy laws and directives such as the Fair Credit Reporting Act, the Privacy Act, and the OECD Privacy Guidelines, as well as an up-to-date section on recent developments. New materials include the APEC Privacy Framework, the Video Voyeurism Prevention Act, and the CAN-SPAM Act. ================================ "Filters and Freedom 2.0: Free Speech Perspectives on Internet Content Controls" (EPIC 2001). Price: $20. http://www.epic.org/bookstore/filters2.0 A collection of essays, studies, and critiques of Internet content filtering. These papers are instrumental in explaining why filtering threatens free expression. ================================ EPIC publications and other books on privacy, open government, free expression, crypto and governance can be ordered at: EPIC Bookstore http://www.epic.org/bookstore ================================ EPIC also publishes EPIC FOIA Notes, which provides brief summaries of interesting documents obtained from government agencies under the Freedom of Information Act. Subscribe to EPIC FOIA Notes at: http://mailman.epic.org/mailman/listinfo/foia_notes ======================================================================= [8] Upcoming Conferences and Events ======================================================================= Privacy Platform Meeting on The Transatlantic Dimension of Data Protection. Brussels, Belgium, 7 September 2011. For More Information: sophie.bots@europarl.europa.eu. EPIC Public Voice Conference. Mexico City, Mexico, 31 October 2011. For More Information: http://www.thepublicvoice.org/. 33rd International Conference of Data Protection and Privacy Commissioners (ICDPPC 2011). Mexico City, Mexico, 2-3 November 2011. For more information: http://www.privacyconference2011.org/. 8th Conference on Privacy and Public Access to Court Records. Sponsored by the College of William and Mary School of Law. Williamsburg, VA, 3-4 November 2011. For More Information: http://www.legaltechcenter.net/aspx/conferences.aspx. Computers, Privacy, & Data Protection 2012: European Data Protection: Coming of Age. Brussels, Belgium, 25-27 January 2012, Call for Papers Abstracts Deadline 1 June 2011. For More Information: http://www.cpdpconferences.org. ======================================================================= Join EPIC on Facebook ======================================================================= Join the Electronic Privacy Information Center on Facebook http://facebook.com/epicprivacy http://epic.org/facebook Start a discussion on privacy. Let us know your thoughts. Stay up to date with EPIC's events. Support EPIC. ======================================================================= Privacy Policy ======================================================================= The EPIC Alert mailing list is used only to mail the EPIC Alert and to send notices about EPIC activities. We do not sell, rent or share our mailing list. We also intend to challenge any subpoena or other legal process seeking access to our mailing list. We do not enhance (link to other databases) our mailing list or require your actual name. In the event you wish to subscribe or unsubscribe your e-mail address from this list, please follow the above instructions under "subscription information." ======================================================================= About EPIC ======================================================================= The Electronic Privacy Information Center is a public interest research center in Washington, DC. It was established in 1994 to focus public attention on emerging privacy issues such as the Clipper Chip, the Digital Telephony proposal, national ID cards, medical record privacy, and the collection and sale of personal information. EPIC publishes the EPIC Alert, pursues Freedom of Information Act litigation, and conducts policy research. For more information, see http://www.epic.org or write EPIC, 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009. +1 202 483 1140 (tel), +1 202 483 1248 (fax). ======================================================================= Donate to EPIC ======================================================================= If you'd like to support the work of the Electronic Privacy Information Center, contributions are welcome and fully tax-deductible. Checks should be made out to "EPIC" and sent to 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009. Or you can contribute online at: http://www.epic.org/donate Your contributions will help support Freedom of Information Act and First Amendment litigation, strong and effective advocacy for the right of privacy and efforts to oppose government regulation of encryption and expanding wiretapping powers. Thank you for your support. ======================================================================= Subscription Information ======================================================================= Subscribe/unsubscribe via web interface: http://mailman.epic.org/mailman/listinfo/epic_news Back issues are available at: http://www.epic.org/alert The EPIC Alert displays best in a fixed-width font, such as Courier. ------------------------- END EPIC Alert 18.15 ------------------------