WorldLII Home | Databases | WorldLII | Search | Feedback

EPIC Alert

You are here:  WorldLII >> Databases >> EPIC Alert >> 2011 >> [2011] EPICAlert 18

Database Search | Name Search | Recent Articles | Noteup | LawCite | Help

EPIC Alert 18.18 [2011] EPICAlert 18

EPIC Alert 18.18

======================================================================= E P I C A l e r t ======================================================================= Volume 18.18 September 13, 2011 ----------------------------------------------------------------------- Published by the Electronic Privacy Information Center (EPIC) Washington, D.C. "Defend Privacy. Support EPIC." ======================================================================= Table of Contents ======================================================================= [1] EPIC Prevails in FOIA Body Scanner Litigation [2] EPIC Urges FTC to Examine Google's YouTube Search Rankings [3] Germany Finds No Practical Use for Airport Full Body Scanners [4] Documents Reveal New Details About DHS Mobile Body Scanners [5] California Passes Updated Data Breach Legislation [6] News in Brief [7] Book Review: 'Top Secret America' [8] Upcoming Conferences and Events TAKE ACTION: Remember the Response to 9/11 - READ The Defense of Freedom Statement: - READ EPIC's 9/11 Response: - READ Editorial Responses: - SUPPORT EPIC: ======================================================================= [1] EPIC Prevails in FOIA Body Scanner Litigation ======================================================================= A federal court ruled September 12 that EPIC "substantially prevailed" in its open government lawsuit against the Department of Homeland Security for information about the agency's airport body scanner program, and has awarded attorneys' fees to EPIC. This lawsuit stems from an April 2009 request for documents related to airport body scanners. When the agency failed to comply with statutory deadlines, EPIC filed suit in November 2009. EPIC's Freedom of Information Act case led to the disclosure of hundreds of pages of documents, including procurement specifications, operational requirements, contracts, and traveler complaints, and revealed that the body scanners are designed to store and transfer images. In the ruling, the court found that "The records disclosed to the plaintiff in the course of this litigation have provided a public benefit in that they were covered extensively in the news and cited frequently as a news source during the public debate surrounding the use of whole body imaging devices in airports." EPIC had also asked the court to reconsider an earlier ruling, in light of a recent Supreme Court FOIA decision, Milner v. Dept. of Navy. The Court denied that request for procedural reasons. The documents obtained through this lawsuit served as the factual underpinning for EPIC's subsequent lawsuit to suspend the airport body scanner program. In response, the court required the Department of Homeland Security to conduct a notice and comment rulemaking, which will give the American public an opportunity to weigh in on the scanner program. US District Court for District of Columbia: Holding (Sept. 12, 2011) EPIC v. DHS (FOIA, Body Scanners) EPIC: Body Scanner Technology EPIC v. DHS (Suspension of the Body Scanner Program) ======================================================================= [2] EPIC Urges FTC to Examine Google on YouTube Rankings ======================================================================= In a September 8 letter to the Federal Trade Commission, EPIC urged the agency to investigate the extent to which Google has used its search market dominance to influence the online video marketplace. EPIC's letter specifically cites Google's acquisition of YouTube and the resultant changes in YouTube search rankings, and recommends that the Commission "investigate the extent to which Google's ratings preference its own content and disfavor the content of others," adding, "Our concern is not primarily about anti-competitive market practices; it is about public access to information made available on the Internet." EPIC futher explains that Google substituted its own subjective "relevance" ranking in place of objective search criteria - such as "Hits" or "Views" - to preference its own video material over non- Google videos. As a result, EPIC contends, Google's own videos rank higher in search results. EPIC's letter includes several detailed examples of this outcome, using the search term "privacy." Google has acknowledged that the Commission has opened an antitrust investigation into the company's business practices. The investigation likely focuses on whether Google uses its search market dominance to inhibit competition in other areas. In 2007, EPIC opposed Google's acquisition of online advertiser DoubleClick, which was approved by the FTC over the objection of then- Commissioner Pamela Harbour. EPIC later testified before the Senate Judiciary Antitrust Subcommittee on Google's growing dominance of essential Internet services. The Subcommittee's agenda in the current Congress is said to include a focus on competition in online markets and Internet search. EPIC: Letter to Federal Trade Commission (Sept. 8, 2011) Google: "Supporting Choice, Insuring Economic Opportunity" (June 2011) EPIC: Complaint in re: Google DoubleClick (April 20, 2007) Pamela Harbour: Dissenting Statement in re Google/DoubleClick EPIC: Senate Testimony (Sept. 27, 2007) Senator Herb Kohl (D-WI): Antitrust Annoucement (March 10, 2011) EPIC: Google/DoubleClick EPIC: FTC ======================================================================= [3] Germany Finds No Practical Use for Airport Full Body Scanners ======================================================================= After extensive testing, the German government has decided not to deploy body scanners at the nation's airports. Officials from Germany's Interior Ministry field-tested the scanners at Hamburg Airport, screening more than 800,000 passengers between September 2010 and July 2011. German Interior Minister Hans-Peter Friedrich said in an official statement that the tests demonstrated that the body scanners were not effective enough for nationwide rollout, citing that the devices produced too many false alarms. Italy also removed the scanners from its airports in late 2010. Following field tests in Rome, Milan, Palermo, and Venice, the Italian Civil Aviation Authority determined that the scanners were both inconvenient and inaccurate. Similarly, the European Commission has stated that body scanners raise "several serious fundamental rights and health concerns," and has recommended less intrusive security measures. In the US, former 9-11 Study Commission Chairs Lee Hamilton and Thomas Keen have released a "Tenth Anniversary Report Card," assessing the status of the recommendations made by the 9-11 Commission. The report finds that even "with significant federal funding . . . explosive detection technology lacks reliability" and that "the next generation of whole body scanning machines are not effective at detecting explosives hidden within the body and raise privacy and health concerns that DHS has not fully addressed." EPIC has petitioned a federal appeals court to rehear EPIC's challenge to the Transportation Security Administration's controversial body scanner program. In the petition, EPIC cited erroneous findings that the devices would detect liquid and powdered explosives, contrary to the evidence on the record. However, the court denied the petition this week. In the July 2011 opinion, the appeals court ruled that the TSA violated federal law when it installed airport body scanners without first soliciting public comment. However, the court also stated that the machines were not in violation of the Fourth Amendment, as EPIC had contended. In an interview with ABC News, EPIC Senior Counsel John Verdi said, "When [the body scanners] can't distinguish between body sweat and explosives, they aren't making anyone safer." German Interior Ministry: Press Release on Scanners (Sept. 2, 2011) ABC News: Airport Scanner Manufacturer Under Scrutiny (Sept. 2, 2011) Italian Civil Aviation Authority 9-11 Commission: 10th Anniversary Report (Sept. 2011) EPIC v. DHS: Petition for Rehearing En Banc (July 15, 2011) EPIC: EPIC v. DHS (Suspension of Body Scanner Program) ======================================================================= [4] Documents Reveal New Details About DHS Mobile Body Scanners ======================================================================= EPIC has obtained more than 150 pages of documents detailing the Department of Homeland Security's development of mobile body scanners and other crowd surveillance technologies. The documents were obtained as a result of a Freedom of Information Act lawsuit brought by EPIC against the agency. According to the acquired documents, vehicles known as "Z Backscatter Vans" can be equipped with mobile body scanners designed to examine crowds and pedestrians. Scanners on Z Backscatter Vans can penetrate bags, clothing, and even other vehicles. The documents also reveal that due to the high level of radiation output, Z Backscatter Vans are not and will never be American National Standards Institute-approved "certified people scanners." The Department of Homeland Security has tested other mobile body scanners at surface transportation stations in both the US and abroad. In the summer of 2009, the PATH train system, in conjunction with DHS, tested body scanner technology on PATH travelers. According to the documents, the "inexpensive, high resolution" mobile body scanners used in the tests are powerful enough to "employ multiple sensors to determine the presence of explosives on people, including observing and following individuals, identifying explosive residues or heat signatures on the outer surface of their clothing." In March 2010, the Obama Administration released a "Surface Transportation Security Priority Assessment," which detailed plans to utilize both the private and public sectors in implementing new body scanner technologies on US surface transportation systems, including "mass transit, commuter and long-distance passenger rail, freight rail, commercial vehicles (including intercity buses) . . . and roads and highways." In November 2010 EPIC submitted a written FOIA request to Homeland Security for agency records detailing federal law enforcement plans to implement body scanner technology on surface transportation. In April 2011 EPIC filed an administrative appeal challenging DHS's partial withholding of documents requested by the FOIA request; in August 2011, DHS sent documents complying with EPIC's administrative appeal. EPIC: Mobile Body Scanner FOIA Documents (Aug. 15, 2011) EPIC: Mobile Body Scanner Complaint (May 20, 2011) White House: Surface Transportation Priority Assessment (Mar. 2010) EPIC: DHS FOIA Request (Nov. 2010) ======================================================================= [5] California Passes Updated Data Breach Legislation ======================================================================= California has enacted Senate Bill 24, which strengthens the state's existing 2002 data breach notification law. Senate Bill 24 specifies the information that data holders should provide to individuals in the event of a breach, including instructions on how to contact credit agencies. The law also requires that the state Attorney General be notified in the event of breaches affecting more than 500 California residents. Since 2002, California law has required data holders to notify individuals if their data is lost or stolen. Prior law did not provide for a standardized list of information to be included in notifications. The new law, however, requires each notice to contain in "plain language" the name and contact information of the data holder, the types of personal information compromised by the breach, a brief description of the incident, contact information for the major credit reporting agencies, and whether the notification was delayed as a result of an investigation by law enforcement. Senate Bill 24 will become effective on January 1, 2012. Forty-five other states, as well as the District of Columbia, Puerto Rico, and the US Virgin Islands, also have data breach notification laws, many of which similarly regulate the content of their notifications. EPIC has testified before Congress on several occasions on the subject of national data breach legislation. Executive Director Marc Rotenberg has praised state breach notification bills like CA Senate Bill 24, stating that such laws help "ensure that companies carry the responsibility for their data practices." State of California: Senate Bill 24 (Aug. 2011) State of California: Original data breach legislation (2002) Nat. Conf. of State Legislatures: State Breach Notification Laws EPIC: US House Testimony on Federal Breach Legislation (June 15, 2011) EPIC: US House Testimony on Federal Breach Legislation (May 2009) ======================================================================= [6] News in Brief ======================================================================= DC Circuit Court Grants Access to Cell Phone Surveillance Records The Circuit Court for the District of Columbia ruled September 6 that the Department of Justice must release information regarding government surveillance of cell phone location data. In 2008, the American Civil Liberties Union filed a Freedom of Information Act request for information regarding current and past cases in which the Department of Justice had accessed cell phone location data without a warrant. The agency sought to keep this information secret, claiming that releasing cell phone tracking data could affect the privacy of investigation subjects. The court, however, disagreed, stating: "The disclosure sought by the plaintiffs would inform this ongoing public policy discussion by shedding light on the scope and effectiveness of cell phone tracking as a law enforcement tool." ACLU v. DOJ: Court Ruling (Sept. 6, 2011) American Civil Liberties Union EPIC: Wiretapping EPIC: Electronic Surveillance 1968-2010 Federal Appeals Court Says Individuals Have Right to Record Officials The First Circuit Court of Appeals has held that the First Amendment protects "the filming of government officials engaged in their duties in a public place." In Glik v. City of Boston - a case in which a man using his cell phone to film a police arrest was himself arrested - the court found that members of the public enjoy the same rights as credentialed members of the press, emphasizing that "the public's right of access to information is coextensive with the press." The court further held that, in arresting Glik, the City of Boston violated the Fourth Amendment's probable cause requirement, given there was no reason to believe that Gilk had violated any state law. EPIC agreed that the Massachusetts state wiretap law was not intended to limit the public's ability to record police activity, but did not file an amicus, or "friend of the court," brief in the case. US First Circuit Appeals Court: Glik v. City of Boston (Aug. 26, 2011) EPIC: EPIC Amicus Curiae Briefs Survey: Americans Still Favor Civil Liberties in Post-9/11 Era The Center for Public Affairs Research, a joint project of the Associated Press and the National Opinion Research Center, recently published "Civil Liberties and Security: 10 Years After 9/11." The detailed report analyzes public opinion on national security and civil liberties issues a decade after 9/11. The survey, given to 1,087 US adults in July and August 2011, found that Americans are divided on the so-called "war on terror". Of those surveyed, 85% said that the events following 9/11 have had some impact on their individual rights and freedoms. A slim majority also said that the protection of civil liberties should take priority over national security. Only 23% favored the government's warrantless wiretapping program. Overall, however, survey participants were closely divided over a number of civil liberties issues, sometimes contradictorily. According to the report, "While 60 percent of Americans think the government is doing enough to protect the rights and freedoms of US citizens, the number in favor of certain specific activities that may interfere with those rights . . . varies widely." Associated Press/NORC: Poll on Civil Liberties (Aug. 15, 2011) EPIC: 9/11 Commission Report EPIC: Public Opinon on Privacy US, EU Consumer Groups Oppose New Industry Proposal on Self-Regulation The Transatlantic Consumer Dialogue (TACD) has sent a letter to US and European Union officials, requesting that they reject an advertising industry proposal to protect online privacy through self-regulation. The industry proposal relies on opt-out techniques that force consumers to click on small, hard-to-locate icons on the websites they visit. The TACD letter describes the icon regime as "inadequate," adding that the icons are "an insufficient means of [giving] notice to a user about the wide range of data collection that they routinely face." In 1998, EPIC conducted the first evaluation of industry self-regulation to protect online privacy, and concluded that "Notice is Not Enough." TACD: Letter to Officials on Industry Self-Regulation (Sept. 8, 2011) Behavioral Advertisers: Updated Self-Regulatory Program (June 2011) EPIC: Consumer Guidance on Behavioral Profiling EPIC: Online Tracking and Behavioral Profiling EPIC: FTC ======================================================================= [7] EPIC Book Review: 'Top Secret America' ======================================================================= "Secret America: The Rise of the New American Security State," Dana Priest and William M. Arkin Prior to September 11, 2001, American national defense and intelligence assets were overwhelmingly focused away from the American shore. Post- 9/11, efforts have been trained towards US citizens. Washington Post reporters Dana Priest and William Arkin show their readers a thin but disturbing slice of the post-September 11, 2001 American security apparatus in their new book, "Top Secret America: The Rise of the New American Security State." The American security state generally keeps itself well hidden from the eyes of the general American public; consequently, this book provides so much new information on its creation and massive growth that you should set aside time to read it with a highlighter and sticky tabs. In some respects, security efforts in post- 9/11 America seem reasonable and prudent, given an enemy that proved it could strike within US borders using unconventional means. According to Priest and Arkin, however, the security overload we face today was the fault of our elected leaders being unwilling or unable to engage in expectations management: In the frightened national mood after 9/11, there was no way to promise that under all conditions and circumstances the US government could keep all of its citizens safe all of the time. In an attempt to hide this fact, Congress and both the Bush and Obama Administrations have feverishly spent taxpayer dollars in the most aggressive defense buildup since the bombing of Pearl Harbor, in which, seemingly, no cost has been too great and no program's replication and overlap too excessive to fund. But who runs or even knows about all these programs? Priest and Arkin lay out a chilling prospect: No single individual or group in the federal government, including the secretive clandestine community of old and new intelligence agencies, know everything that should be known about the post-9/11 security bureaucracy. The Office of the Director National Intelligence (ODNI), Cyber Command, the Northern Command (NorthCom), and fusion centers are just a few of the new tools American taxpayers have purchased in the battle against Al Qaeda. Warfare has changed forever; manned fighter jets and bans on noncriminal domestic surveillance are now relics of the "good old days". Too many entities that are not and may never be known are installed in communities across the nation and they intend to stay in business, war or no war. US intelligence and defense agencies can be credited with finding the masterminds of the 9/11 attacks. However, all is not well with the new American security state: It is not a monolithic creation; it does not speak the same language as other parts of the government; it produces too much information to be consumed by those who need it. According to the book, soldiers and commanders in the field judge much of the collected data to be useless. The DoD, its components, and its contractors create their own intelligence resources. Information is so duplicative it often can be categorized as "busywork". In fact, there is so much information out there that actionable items (knowing who, and what) can be missed; two examples given are the Christmas Day 2009 attempted "underwear bombing" and the Fort Hood army psychiatrist who killed fellow US soldiers. One way to improve the US's overall financial health, the book suggests, is to understand where federal funding is going and why it is going there. However, a larger issue is to make sure the US "does the right thing" after the troops in Iraq and Afghanistan have been drawn down; in other words, we need a good gardener to pull the weeds, make sure that the productive, healthy components have oversight and accountability, and assure that the transition from war to peacetime vigilance is orderly and transparent to the American people. -- Lillie Coney ================================ EPIC Publications: "Litigation Under the Federal Open Government Laws 2010," edited by Harry A. Hammitt, Marc Rotenberg, John A. Verdi, Ginger McCall, and Mark S. Zaid (EPIC 2010). Price: $75 Litigation Under the Federal Open Government Laws is the most comprehensive, authoritative discussion of the federal open access laws. This updated version includes new material regarding President Obama's 2009 memo on Open Government, Attorney General Holder's March 2009 memo on FOIA Guidance, and the new executive order on declassification. The standard reference work includes in-depth analysis of litigation under: the Freedom of Information Act, the Privacy Act, the Federal Advisory Committee Act, and the Government in the Sunshine Act. The fully updated 2010 volume is the 25th edition of the manual that lawyers, journalists and researchers have relied on for more than 25 years. ================================ "Information Privacy Law: Cases and Materials, Second Edition" Daniel J. Solove, Marc Rotenberg, and Paul Schwartz. (Aspen 2005). Price: $98. This clear, comprehensive introduction to the field of information privacy law allows instructors to enliven their teaching of fundamental concepts by addressing both enduring and emerging controversies. The Second Edition addresses numerous rapidly developing areas of privacy law, including: identity theft, government data mining and electronic surveillance law, the Foreign Intelligence Surveillance Act, intelligence sharing, RFID tags, GPS, spyware, web bugs, and more. Information Privacy Law, Second Edition, builds a cohesive foundation for an exciting course in this rapidly evolving area of law. ================================ "Privacy & Human Rights 2006: An International Survey of Privacy Laws and Developments" (EPIC 2007). Price: $75. This annual report by EPIC and Privacy International provides an overview of key privacy topics and reviews the state of privacy in over 75 countries around the world. The report outlines legal protections, new challenges, and important issues and events relating to privacy. Privacy & Human Rights 2006 is the most comprehensive report on privacy and data protection ever published. ================================ "The Public Voice WSIS Sourcebook: Perspectives on the World Summit on the Information Society" (EPIC 2004). Price: $40. This resource promotes a dialogue on the issues, the outcomes, and the process of the World Summit on the Information Society (WSIS). This reference guide provides the official UN documents, regional and issue-oriented perspectives, and recommendations and proposals for future action, as well as a useful list of resources and contacts for individuals and organizations that wish to become more involved in the WSIS process. ================================ "The Privacy Law Sourcebook 2004: United States Law, International Law, and Recent Developments," Marc Rotenberg, editor (EPIC 2005). Price: $40. The Privacy Law Sourcebook, which has been called the "Physician's Desk Reference" of the privacy world, is the leading resource for students, attorneys, researchers, and journalists interested in pursuing privacy law in the United States and around the world. It includes the full texts of major privacy laws and directives such as the Fair Credit Reporting Act, the Privacy Act, and the OECD Privacy Guidelines, as well as an up-to-date section on recent developments. New materials include the APEC Privacy Framework, the Video Voyeurism Prevention Act, and the CAN-SPAM Act. ================================ "Filters and Freedom 2.0: Free Speech Perspectives on Internet Content Controls" (EPIC 2001). Price: $20. A collection of essays, studies, and critiques of Internet content filtering. These papers are instrumental in explaining why filtering threatens free expression. ================================ EPIC publications and other books on privacy, open government, free expression, crypto and governance can be ordered at: EPIC Bookstore ================================ EPIC also publishes EPIC FOIA Notes, which provides brief summaries of interesting documents obtained from government agencies under the Freedom of Information Act. Subscribe to EPIC FOIA Notes at: ======================================================================= [8] Upcoming Conferences and Events ======================================================================= 5th Annual International Right-to-Know Day Celebration. American University Law School, Washington, DC, 28 September 2011. For More Information: EPIC Public Voice Conference. Mexico City, Mexico, 31 October 2011. For More Information: 33rd International Conference of Data Protection and Privacy Commissioners (ICDPPC 2011). Mexico City, Mexico, 2-3 November 2011. For more information: 8th Conference on Privacy and Public Access to Court Records. Sponsored by the College of William and Mary School of Law. Williamsburg, VA, 3-4 November 2011. For More Information: 2nd Annual GridWise(R) Global Forum, Co-Hosted by the GridWise(R) Alliance and the US Dept. of Energy. Washington, DC, 8-10 November 2011. For More Information: Workshop on Cryptography for Emerging Technologies and Applications. NIST Campus, Gaithersburg, MD, 7-8 November 2011. For More Information: Computers, Privacy, & Data Protection 2012: European Data Protection: Coming of Age. Brussels, Belgium, 25-27 January 2012, Call for Papers Abstracts Deadline 1 June 2011. For More Information: ======================================================================= Join EPIC on Facebook and Twitter ======================================================================= Join the Electronic Privacy Information Center on Facebook and Twitter: Join us on Twitter for #privchat, Tuesdays, 11:00am ET. Start a discussion on privacy. Let us know your thoughts. Stay up to date with EPIC's events. Support EPIC. ======================================================================= Privacy Policy ======================================================================= The EPIC Alert mailing list is used only to mail the EPIC Alert and to send notices about EPIC activities. We do not sell, rent or share our mailing list. We also intend to challenge any subpoena or other legal process seeking access to our mailing list. We do not enhance (link to other databases) our mailing list or require your actual name. In the event you wish to subscribe or unsubscribe your e-mail address from this list, please follow the above instructions under "subscription information." ======================================================================= About EPIC ======================================================================= The Electronic Privacy Information Center is a public interest research center in Washington, DC. It was established in 1994 to focus public attention on emerging privacy issues such as the Clipper Chip, the Digital Telephony proposal, national ID cards, medical record privacy, and the collection and sale of personal information. EPIC publishes the EPIC Alert, pursues Freedom of Information Act litigation, and conducts policy research. For more information, see or write EPIC, 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009. +1 202 483 1140 (tel), +1 202 483 1248 (fax). ======================================================================= Donate to EPIC ======================================================================= If you'd like to support the work of the Electronic Privacy Information Center, contributions are welcome and fully tax-deductible. Checks should be made out to "EPIC" and sent to 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009. Or you can contribute online at: Your contributions will help support Freedom of Information Act and First Amendment litigation, strong and effective advocacy for the right of privacy and efforts to oppose government regulation of encryption and expanding wiretapping powers. Thank you for your support. ======================================================================= Subscription Information ======================================================================= Subscribe/unsubscribe via web interface: Back issues are available at: The EPIC Alert displays best in a fixed-width font, such as Courier. ------------------------- END EPIC Alert 18.18 ------------------------

WorldLII: Copyright Policy | Disclaimers | Privacy Policy | Feedback