WorldLII Home | Databases | WorldLII | Search | Feedback

EPIC Alert

You are here:  WorldLII >> Databases >> EPIC Alert >> 2011 >> [2011] EPICAlert 16

Database Search | Name Search | Recent Articles | Noteup | LawCite | Help

EPIC Alert 18.16 [2011] EPICAlert 16

EPIC Alert 18.16

======================================================================= E P I C A l e r t ======================================================================= Volume 18.16 August 17, 2011 ----------------------------------------------------------------------- Published by the Electronic Privacy Information Center (EPIC) Washington, D.C. "Defend Privacy. Support EPIC." ======================================================================= Table of Contents ======================================================================= [1] EPIC-Led Coalition Calls For Halt of Secret Government Watchlist [2] US Senate Unanimously Passes 'Faster FOIA Act' [3] DHS Terminates Secure Communities Agreements with States [4] New Body Scanner Software No Panacea for TSA Privacy Violations [5] California Protects the Privacy of Consumer Smart Meter Data [5] News in Brief [6] EPIC Book Review: 'Nothing to Hide' [7] Upcoming Conferences and Events TAKE ACTION: Facebook Privacy 2011! - READ EPIC's complaint to FTC: - WATCH EPIC on ABC Nightline: - SUPPORT EPIC ======================================================================= [1] EPIC-Led Coalition Calls for Halt of Secret Government Watchlist ======================================================================= Earlier this month, EPIC led a coalition of privacy, consumer rights, and civil rights organizations that submitted comments to suspend the Department of Homeland Security's controversial Watchlist program. In July, the agency proposed new expansions to the program while also claiming a series of exemptions from the duties and obligations laid out in the Privacy Act of 1974. The coalition recommended that the agency completely suspend the program and comply with Privacy Act obligations. The Watchlist program is a secretive government database comprised of personally identifiable information, including names, birth places and dates, biometric and photographic data, passport information, driver's license information, and "other available identifying particulars." The program transmits the records from the Federal Bureau of Investigation and the Department of Justice to the Department of Homeland Security and associated sub-departments. Sub-departments can record "encounters" with any person whose name is on the list, which is itself a secret, and send that information back to the Department of Homeland Security, the FBI and the Department of Justice. Officials at Homeland Security are planning to develop a Watchlist "mirror," a near-real-time copy of the original database that synchronizes itself by adding, modifying, or deleting data in accord with updates to records in the original. The Watchlist program is subject to Privacy Act requirements. The Privacy Act mandates that government agencies maintain accurate, complete records, and only when such records are relevant and necessary for an authorized purpose. The Act also requires agencies to give notice to data subjects, as well as providing subjects with access and the right to correct inaccurate information. The Department of Homeland Security claimed these obligations were unduly burdensome and hypothetically could interfere with investigations and with the automation and development of the Watchlist program and its "mirror" database. In a Notice of Public Rulemaking, the Department sought public input regarding its request for Privacy Act exemptions. EPIC's comments emphasized that Congress passed the Privacy Act "to maintain transparent and secure government recordkeeping systems." The coalition recommended a more general course correction regarding the agency's overall approach to centralizing large stores of sensitive data. As stated in the comments, the Watchlist program's database of individual records "will provide an appealing mark for thieves trying to create false identities for criminal activities." EPIC has previously testified that privacy is much better safeguarded by keeping information in multiple, decentralized locations, and collecting it only when necessary. EPIC: Comments on Watchlist Program Proposal (Aug. 5, 2011) DHS: Notice of Proposed Rulemaking (July 6, 2011) DHS: Systems of Record Notice (July 6, 2011) EPIC: Testimony Before House Security Subcommittee (Sep. 9, 2008) EPIC: "Spotlight on Surveillance" (Secure Flight) (Aug. 2007) ======================================================================= [2] US Senate Unanimously Passes 'Faster FOIA Act' ======================================================================= On August 2, the Senate unanimously approved bipartisan legislation, cosponsored by Senators Patrick Leahy (D-VT) and John Cornyn (R-TX), to improve Freedom of Information Act (FOIA) processing. The Senate previously passed the Faster FOIA Act in May 2011, but the bill failed to pass in the House of Representatives. During the Congressional debt ceiling debate, the bill, S.627, became part of the Budget Control Act of 2011, where most of its provisions were stripped. According to Senator Leahy's office, the bill was reintroduced on August 1, and now will return to the House to await action. The Faster FOIA Act will establish a panel to examine agency backlogs in processing FOIA requests and provide recommendations to Congress to accelerate agency response time. The panel will also identify methods to reduce FOIA processing delays, including determining whether the system for charging and waiving FOIA fees should be reformed. "According to the Department of Justice's Freedom of Information Act Annual Report for Fiscal Year 2009, the Department had a backlog of almost 5,000 FOIA requests at the end of 2009. The Department of Homeland Security's report for the same period shows a backlog of 18,918 FOIA requests. These mounting FOIA backlogs are simply unacceptable," said Senator Leahy at the original introduction of the bill. EPIC has testified previously before the House Oversight Committee about FOIA delays and politicized processing within the Department of Homeland Security. US Senate: The Faster FOIA Act Sen. Patrick Leahy: Press Release on Faster FOIA Act (Aug. 2, 2011) EPIC: Testimony Before the House Oversight Committee (Mar. 31, 2011) EPIC: FOIA Litigation ======================================================================= [3] DHS Terminates Safe Communities Agreements with States ======================================================================= The Department of Homeland Security informed state governors this month that its Secure Communities program intends to terminate agreements with 40 state and local governments and will continue collecting biometric data without the permission of local officials. Secure Communities collects and discloses biometric information obtained from individuals who come into contact with police. The data is used to determine whether those individuals have prior criminal records and whether they are in the US illegally. If so, Immigration and Customs Enforcement (ICE) often seeks to deport them. According to the letter from Secure Communities director John Morton, "Once a state or local law enforcement agency voluntarily submits fingerprint data to the federal government, no agreement with the state is legally necessary for one part of the federal government to share it with another part." However, neither Morton nor any official within Secure Communities, Immigration and Customs Enforcement, or Homeland Security has identified the legal authority permitting the agency's unilateral termination of the agreements. Morton's letter follows lawmakers' recent criticisms of Secure Communities. In June 2011, officials in Illinois, New York and Massachusetts notified DHS that their states would no longer participate in the program. Also in June, California legislators urged Governor Jerry Brown to suspend that state's participation,citing a "crisis of confidence" in Secure Communities. The lawmakers identified numerous risks raised by the program and noted, "victims of domestic violence have been [wrongfully] placed into deportation proceedings as the result of Secure Communities when they simply called the police for help." In response to concerns that the Secure Communities program silences crime victims and witnesses and promotes racial and ethnic profiling, Morton and Homeland Security Director Janet Napolitano have announced new guidelines and training for ICE officers. Many human rights and civil liberties groups, including EPIC, have opposed the Secure Communities program, citing potential privacy and legal violations. Homeland Security seeks to deploy Secure Communities nationwide by 2013. ICE: Secure Communities Letter to State Officials (Aug. 2011) CA State Reps. Roybal-Allard et al.: Letter to Gov. Brown (June 2011) ICE: Memorandum on Prosecutorial Discretion (June 2011) ICE: Secure Communities EPIC: Secure Communities ======================================================================= [4] New Body Scanner Software No Panacea for TSA Privacy Violations ======================================================================= As part of a Freedom of a Information Act (FOIA) lawsuit against the Transportation Security Administration (TSA), EPIC has obtained an initial set of documents that describe the new software the agency is installing on airport millimeter-wave full-body scanners. The heavily redacted documents include procurement contracts, training materials, and technical specifications for the software, which shows human forms as "stick figures" rather than naked bodies. The TSA began testing the software in 2010, and over the next few months hopes to have it installed on every currently deployed millimeter-wave body scanner. The TSA maintains that this modification will mitigate privacy risks to travelers and provide a better customer experience at checkpoints. However, EPIC's documents indicate that the new software still may be capable of storing and transmitting unfiltered images of naked airline travelers. The documents also indicate that passengers passing through the machines will be identified by gender and assigned a unique identification number. No plan currently exists to install similar software on the more widely used and more controversial "backscatter" x-ray scanners, although the TSA plans to conduct tests in Fall 2011. Documents obtained by EPCIC under a previous Freedom of Information Act lawsuit against the Agency reveal that neither millimeter-wave nor backscatter scanners are designed to detect powdered explosives like PETN, the explosive used in the failed 2009 Christmas Day "underwear bomb" plot. EPIC currently is pursuing other FOIA lawsuits related to radiation emitted from body scanners as well as the development and use of mobile body scanners. EPIC v. TSA: Complaint, Case No. 11-0290 (Feb. 2, 2011) EPIC v. TSA: Documents Obtained Under FOIA TSA: Press Release on Passenger Privacy (July 20, 2011) EPIC: Whole Body Imaging Technology and Body Scanners ======================================================================= [5] California Protects the Privacy of Consumer Smart Meter Data ======================================================================= The California Public Utility Commission has established new rules to protect information about consumer use of "smart meter" electrical services. The California decision, the first in the US, establishes fair information practice requirements, including a consumer right of access and control, data minimization obligations, use and disclosure limitations, and data quality and integrity requirements. Electric utilities and their contractors, as well as third parties who receive electricity usage data from utilities, are subject to the new rules. However, not all entities will be covered by these rules. Exemptions include organizations that collect data directly from energy users, such as appliance and electric vehicle manufacturers whose products collect consumer energy consumption and product usage, then send data back to the manufacturer. In 2010, EPIC submitted extensive comments to the California Public Utility Commission regarding privacy safeguards for consumer energy usage data. In its comments, EPIC said that utility customers should control the use of personal information generated by Smart Grid services. Otherwise, EPIC warned, companies may use the data for purposes not related to electricity delivery, consumption management, or payment. EPIC urged the California Commission to include a requirement limiting the use of personal data by third party providers offering energy management services. The Commission acknowledged EPIC's comments in its previous proposed California Smart Grid plan. EPIC also coordinated extensive comments from a group of 23 NGOs, legal, and technology experts on the National Institute of Standards and Technology's 2009 Guidelines for Smart Grid Cyber Security. Additionally, EPIC Associate Director Lillie Coney testified on Smart Grids before the House Committee on Science and Technology. In her prepared statement, Coney told Congress that the "basic architecture of the Smart Grid presents several thorny privacy issues" and explained how smart meters and appliances transmitting user data wirelessly introduced threats to consumers. She also described how strong security and privacy standards can address the risks of identity theft, unauthorized access, and individual surveillance. California Public Utility Commission: Rulemaking (July 28, 2011) CA Public Utility Commission: Proposed Smart Grid Plan (May 21, 2010) EPIC: Comments on CA Smart Grid Plan (Mar. 9, 2010) EPIC: Comments (April 7, 2010) Comments to NIST (Dec. 1, 2009) EPIC: Testimony (July 1, 2010) EPIC: Smart Grid Privacy ======================================================================= [6] News in Brief ======================================================================= DHS Refuses to Disclose Details of Mobile Body Scanner Technology New documents released by the Department of Homeland Security to EPIC indicate the the agency continues to hide details about body scanners. In November 2010, EPIC filed a Freedom of Information Act request with the agency regarding the deployment of body scanners in surface transit and street-roving vans. In its latest document release, the agency supplied several pages that were completely redacted. As a result of the agency's failure to comply with the Freedom of Information Act, EPIC has filed suit to force disclosure of the records. EPIC: FOIA Note #20 EPIC: FOIA Request Regarding Mobile Body Scanners (Nov. 24, 2010) EPIC v. DHS (Mobile Body Scanners) EPIC: Whole Body Imaging Technology GAO: Agencies Must Improve Social Networking Privacy, Security A June 2011 report from the independent, nonpartisan Government Accountability Office (GAO) recommends that federal agencies "improve their development and implementation of policies and procedures for managing and protecting information associated with social media use." Between July 2010 and January 2011, the Government Accountability Office surveyed 23 federal agencies about their privacy and security policies. At the time, only half of the agencies had updated their privacy policies to take account of personal information collected through social media monitoring, while only only a quarter had conducted privacy impact assessments of agency social media activities. The GAO also noted that only seven of the surveyed agencies had identified and documented social-media security risks. In March 2011, EPIC filed comments regarding DHS's Social Media Monitoring and Situational Awareness Initiative, identifying substantial privacy and security risks. Government Accountability Office: Social Media Report (June 2011) EPIC: Comments to DHS on Social Media Privacy (March 3, 2011) EPIC: Social Networking Privacy TSA Expands Behavioral Profiling at Boston's Logan Airport The Transportation Security Administration has begun training screeners at Logan International Airport in Boston to engage in behavioral profiling of air travelers. The program authorizes Transportation Security Officers to ask airline passengers personal questions concerning their travel plans and employment. Some travelers will be subjected to additional searches based on their responses, including handwanding, pat-downs, and hand inspection of baggage. TSA: Behavioral Detection and Profiling Logan International Airport: Security Information DHS: Privacy Impact Assessment for the SPOT Program (Aug. 5, 2008) EPIC: Air Travel Privacy ======================================================================= [7] EPIC Book Review: 'Nothing to Hide' ======================================================================= "Nothing to Hide: The False Tradeoff between Privacy and Security," Daniel Solove Privacy law expert Daniel Solove's latest book, "Nothing to Hide: The False Tradeoff between Privacy and Security," guides readers on a clear, thorough, and often cleverly constructed journey through the history and legal issues surrounding today's security/privacy dichotomy. Solove's analysis and suggestions, particularly with respect to revamping Fourth Amendment law, alternate between conservative and radical. Throughout, Solove makes strong and coherent arguments about how and why US privacy law must keep up with today's rapidly evolving technology. "Nothing to Hide" is divided into four sections: "Values," "Times of Crisis," "Constitutional Rights," and "New Technologies." Some chapters within each section read as if they were originally written as individual essays and seem only tenuously knit to the whole. Solove nevertheless maintains logical continuity between his initial refutation of common anti-privacy rationales (including the titular "Nothing to Hide" argument) and his ultimate condemnation of 21st- century security policy and technology. Neither individuals nor society really know or understand what privacy means, he argues, and without an educated definition of privacy itself, privacy law will always fall short or be subverted. Solove's focus on Fourth Amendment law reveals not only the antiquated application of the Fourth Amendment in the digital age, but also demonstrates how technological progress perpetually outstrips the law's ability to deal with it. One of Solove's examples is the "Third Party Doctine," in which your intellectual or physical property falls outside your Fourth Amendment rights if it is being held by someone other than you: "The government doesn't need to enter your home to find out what you're reading and writing - it can get your Web-surfing records from your ISP, your credit card records, your purchase records from merchants like None of this receives Fourth Amendment protection thanks to the Supreme Court's view that privacy is equivalent to secrecy," he says. While Solove lambastes the privacy policies of Google, Facebook, commercial data miners and the rest of the usual private-sector suspects, more of his ire is directed at US government policies. He slams the courts and Congress for being overly deferential to security experts, and the executive branch for developing, implementing, and then lying about secretive, invasive or even illegal practices. Nor do fellow privacy scholars receive gentle treatment: Solove seems to reference experts with whom he disagrees far more often than those with whom he concurs. Solove's bleak view of privacy's future at the federal level is only tempered by his wan hope that an educated, activist citizenry can convince state and local legislators and judges to enact more pro- privacy laws. However, the cumulative effect of "Nothing to Hide" is that Solove perceives himself as a lone defender of privacy and individual freedoms, a singular thinker whose reasonable ideas are somehow viewed as too radical to gain traction in a bureaucratic, obsessively fearful society. -- Beth Rosenberg ================================ EPIC Publications: "Litigation Under the Federal Open Government Laws 2010," edited by Harry A. Hammitt, Marc Rotenberg, John A. Verdi, Ginger McCall, and Mark S. Zaid (EPIC 2010). Price: $75 Litigation Under the Federal Open Government Laws is the most comprehensive, authoritative discussion of the federal open access laws. This updated version includes new material regarding President Obama's 2009 memo on Open Government, Attorney General Holder's March 2009 memo on FOIA Guidance, and the new executive order on declassification. The standard reference work includes in-depth analysis of litigation under: the Freedom of Information Act, the Privacy Act, the Federal Advisory Committee Act, and the Government in the Sunshine Act. The fully updated 2010 volume is the 25th edition of the manual that lawyers, journalists and researchers have relied on for more than 25 years. ================================ "Information Privacy Law: Cases and Materials, Second Edition" Daniel J. Solove, Marc Rotenberg, and Paul Schwartz. (Aspen 2005). Price: $98. This clear, comprehensive introduction to the field of information privacy law allows instructors to enliven their teaching of fundamental concepts by addressing both enduring and emerging controversies. The Second Edition addresses numerous rapidly developing areas of privacy law, including: identity theft, government data mining and electronic surveillance law, the Foreign Intelligence Surveillance Act, intelligence sharing, RFID tags, GPS, spyware, web bugs, and more. Information Privacy Law, Second Edition, builds a cohesive foundation for an exciting course in this rapidly evolving area of law. ================================ "Privacy & Human Rights 2006: An International Survey of Privacy Laws and Developments" (EPIC 2007). Price: $75. This annual report by EPIC and Privacy International provides an overview of key privacy topics and reviews the state of privacy in over 75 countries around the world. The report outlines legal protections, new challenges, and important issues and events relating to privacy. Privacy & Human Rights 2006 is the most comprehensive report on privacy and data protection ever published. ================================ "The Public Voice WSIS Sourcebook: Perspectives on the World Summit on the Information Society" (EPIC 2004). Price: $40. This resource promotes a dialogue on the issues, the outcomes, and the process of the World Summit on the Information Society (WSIS). This reference guide provides the official UN documents, regional and issue-oriented perspectives, and recommendations and proposals for future action, as well as a useful list of resources and contacts for individuals and organizations that wish to become more involved in the WSIS process. ================================ "The Privacy Law Sourcebook 2004: United States Law, International Law, and Recent Developments," Marc Rotenberg, editor (EPIC 2005). Price: $40. The Privacy Law Sourcebook, which has been called the "Physician's Desk Reference" of the privacy world, is the leading resource for students, attorneys, researchers, and journalists interested in pursuing privacy law in the United States and around the world. It includes the full texts of major privacy laws and directives such as the Fair Credit Reporting Act, the Privacy Act, and the OECD Privacy Guidelines, as well as an up-to-date section on recent developments. New materials include the APEC Privacy Framework, the Video Voyeurism Prevention Act, and the CAN-SPAM Act. ================================ "Filters and Freedom 2.0: Free Speech Perspectives on Internet Content Controls" (EPIC 2001). Price: $20. A collection of essays, studies, and critiques of Internet content filtering. These papers are instrumental in explaining why filtering threatens free expression. ================================ EPIC publications and other books on privacy, open government, free expression, crypto and governance can be ordered at: EPIC Bookstore ================================ EPIC also publishes EPIC FOIA Notes, which provides brief summaries of interesting documents obtained from government agencies under the Freedom of Information Act. Subscribe to EPIC FOIA Notes at: ======================================================================= [8] Upcoming Conferences and Events ======================================================================= Privacy Platform Meeting on The Transatlantic Dimension of Data Protection. Brussels, Belgium, 7 September 2011. For More Information: EPIC Public Voice Conference. Mexico City, Mexico, 31 October 2011. For More Information: 33rd International Conference of Data Protection and Privacy Commissioners (ICDPPC 2011). Mexico City, Mexico, 2-3 November 2011. For more information: 8th Conference on Privacy and Public Access to Court Records. Sponsored by the College of William and Mary School of Law. Williamsburg, VA, 3-4 November 2011. For More Information: Workshop on Cryptography for Emerging Technologies and Applications. NIST Campus, Gaithersburg, MD, 7-8 November 2011. For More Information: Computers, Privacy, & Data Protection 2012: European Data Protection: Coming of Age. Brussels, Belgium, 25-27 January 2012, Call for Papers Abstracts Deadline 1 June 2011. For More Information: ======================================================================= Join EPIC on Facebook ======================================================================= Join the Electronic Privacy Information Center on Facebook Start a discussion on privacy. Let us know your thoughts. Stay up to date with EPIC's events. Support EPIC. ======================================================================= Privacy Policy ======================================================================= The EPIC Alert mailing list is used only to mail the EPIC Alert and to send notices about EPIC activities. We do not sell, rent or share our mailing list. We also intend to challenge any subpoena or other legal process seeking access to our mailing list. We do not enhance (link to other databases) our mailing list or require your actual name. In the event you wish to subscribe or unsubscribe your e-mail address from this list, please follow the above instructions under "subscription information." ======================================================================= About EPIC ======================================================================= The Electronic Privacy Information Center is a public interest research center in Washington, DC. It was established in 1994 to focus public attention on emerging privacy issues such as the Clipper Chip, the Digital Telephony proposal, national ID cards, medical record privacy, and the collection and sale of personal information. EPIC publishes the EPIC Alert, pursues Freedom of Information Act litigation, and conducts policy research. For more information, see or write EPIC, 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009. +1 202 483 1140 (tel), +1 202 483 1248 (fax). ======================================================================= Donate to EPIC ======================================================================= If you'd like to support the work of the Electronic Privacy Information Center, contributions are welcome and fully tax-deductible. Checks should be made out to "EPIC" and sent to 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009. Or you can contribute online at: Your contributions will help support Freedom of Information Act and First Amendment litigation, strong and effective advocacy for the right of privacy and efforts to oppose government regulation of encryption and expanding wiretapping powers. Thank you for your support. ======================================================================= Subscription Information ======================================================================= Subscribe/unsubscribe via web interface: Back issues are available at: The EPIC Alert displays best in a fixed-width font, such as Courier. ------------------------- END EPIC Alert 18.16 ------------------------

WorldLII: Copyright Policy | Disclaimers | Privacy Policy | Feedback