WorldLII Home | Databases | WorldLII | Search | Feedback

EPIC Alert

You are here:  WorldLII >> Databases >> EPIC Alert >> 2011 >> [2011] EPICAlert 21

Database Search | Name Search | Recent Articles | Noteup | LawCite | Help

EPIC Alert 18.21 [2011] EPICAlert 21

EPIC Alert 18.21

======================================================================= E P I C A l e r t ======================================================================= Volume 18.21 October 26, 2011 ----------------------------------------------------------------------- Published by the Electronic Privacy Information Center (EPIC) Washington, D.C. "Defend Privacy. Support EPIC." ======================================================================= Table of Contents ======================================================================= [1] American Travelers to TSA: Body Scanners are Unsafe, Unacceptable [2] EPIC Urges Supreme Court to Uphold Privacy Enforcement Provisions [3] US Appeals Court Protects Employees from Covert Video Recording [4] Real-Life 'Minority Report'?: EPIC Obtains Government Documents [5] EPIC to Justice Dept.: Maintain Strong Open Government Regulations [6] News in Brief [7] Book Review: 'Unpopular Privacy' [8] Upcoming Conferences and Events TAKE ACTION: Know What Facebook Knows! Demand Your Data! - WATCH the Video: - DEMAND Your Facebook Data: - READ the Facebook Complaint: - SUPPORT EPIC: ======================================================================= [1] American Travelers to TSA: Body Scanners are Unsafe, Unacceptable ======================================================================= In response to an EPIC Freedom of Information Act request, the Transportation Security Administration has turned over 241 pages of passenger complaints about body scanners. The TSA established body scanners as the primary screening method for airports across the country in the spring of 2009, although it never undertook a public comment process, as it was legally required to do. The documents, dating back to January 2010, reveal that travelers are angry and frustrated about TSA screening procedures. The experience was described in detail in one complaint: "I was basically herded into the full body scanner and was not told I had the option of a pat down . . . I feel my privacy was violated, and if I had been given the choice as I was supposed to be according to TSA's guidelines, I would have chosen not to be scanned." Travelers expressed concern about radiation risks to children, the elderly, and those with special needs. Other travelers emphasized that the machines' ability to capture naked their images was unacceptable. One traveler said that "Using [the full body scanners] is an extreme invasion of privacy." Another openly attacked the TSA's policies: "The failure of airport security to locate would-be terrorists should not be paid for by law-abiding citizens with their liberty . . . instead of stripping individuals of their liberty, the government should be returning it so that they are even more equipped to defend themselves." A third summed up his beliefs simply: "No no no to full body scanners." In a previous FOIA lawsuit against the agency, EPIC obtained hundreds of pages of complaints. The documents also revealed that travelers were not being informed about the pat-down alternative to the scanners. Earlier this year, in EPIC v. DHS, EPIC also obtained a judgment from a federal appeals court in Washington, DC, requiring the TSA to conduct a public rulemaking on the program and ensuring passengers' rights to opt-out. The rulemaking that resulted from EPIC v. DHS is particularly important as it will allow the public to formally express its views to the TSA, and will require the agency to justify its screening practices. The agency's screening procedures will then be subject to court review, which will determinewhether the TSA has respected the rights of American travelers. EPIC: FOIA Request to TSA (April 27, 2011) EPIC: TSA Passenger Complaints EPIC: Sample of Previous Passenger Complaints to TSA EPIC: EPIC v. DHS (Suspension of Body Scanner Program) EPIC: Whole Body Imaging Technology ======================================================================= [2] EPIC Urges Supreme Court to Uphold Privacy Enforcement Provisions ======================================================================= In a "friend of the court" brief submitted to the US Supreme Court on October 18, EPIC urged the Court to affirm Congress' power to pass effective privacy laws by holding that individuals have "standing" to sue to enforce Congressionally created rights. "Standing" is a procedural hurdle that plaintiffs must clear to have the underlying merits of their claims decided by a federal court. The Supreme Court case, First American v. Edwards, concerns whether an individual has standing to sue to enforce a provision of the Real Estate Settlement Procedures Act (RESPA), which gives individuals a right to "untainted" real estate referral services, and whether violators must pay a specified amount of damages. Because law in Edwards' home state of Ohio requires all insurance companies to charge the same price, Edwards did not have to pay a higher price for real estate services as a result of First American's RESPA violation. Thus, the Court must consider whether a statutory injury alone is enough to give a plaintiff standing to sue. First American v. Edwards has implications far beyond the real estate services industry. Enforcement provisions granting individuals' rights of action and awarding specified damages are found in almost all federal privacy statutes and help ensure compliance with Fair Information Practices, or FIPs, the foundation of modern privacy law. Set statutory damage provisions are necessary because privacy harms are often unquantifiable, and establishing a causal link between a privacy violation, like poor data security, and a resulting injury, like identity theft, is difficult. EPIC's brief argues that without statutory damages "it would become virtually impossible to enforce privacy safeguards in the United States." The case has attracted attention from a variety of firms that collect personal data, including Facebook, LinkedIn, Yahoo, and Zynga, which filed a brief supporting First American and arguing against enforcement of privacy statutes in certain circumstances. The Supreme Court is scheduled to hear oral argument in the case on November 28, 2011. EPIC: Brief in First American v. Edwards (Oct. 18, 2011) EPIC: First American v. Edwards US Ninth Circuit: Opinion in Edwards v. First American (June 2010) EPIC: Privacy Act ======================================================================= [3] US Appeals Court Protects Employees from Covert Video Recording ======================================================================= The US Third Circuit Court of Appeals ruled October 12 that a police deputy's privacy claims against her employer will proceed despite the government's objections. The case involves Jane Doe, an employee of Luzerne County, PA, who was secretly videotaped by a co-worker during a mandatory decontamination shower. The digital footage was uploaded onto a government computer and disclosed over the municipal network. The appeals court held that Ms. Doe had a reasonable expectation of privacy in remaining free from videotaping during the shower, and wrote that "the potential harm of nonconsensual disclosure [of the video] is exacerbated by the existence of the Internet, where one can upload image and video files and irretrievably share them with the world in a matter of moments." EPIC filed a brief and presented oral argument in the case. On September 13, EPIC Senior Counsel John Verdi argued that secretive video surveillance, coupled with the storage and dissemination of sensitive personal information, violates the right to informational privacy and should be prohibited. Verdi stated that the case "presents novel privacy issues involving new technology" and that "the District Court failed to appreciate the unique damage caused by unlawful disclosures over computer networks." On April 14, EPIC filed a "friend of the court" brief in the case, supporting Ms. Doe's recovery of monetary damages for privacy violations. EPIC argued that the case implicates "freedom, intimacy, autonomy, and human dignity," and urged the federal appeals court to hold that the Sheriff's Department violated Doe's Constitutional right to informational privacy. Luzerne County Deputy Chief Ryan Foy, the officer who conducted the video filming of Ms. Doe, served as the Sheriff's Department computer administrator in 2007. In April 2008, a Sheriff's Department employee found a digital copy of the video, as well as screenshots from the footage, on Foy's old computer. The video contained images revealing Ms. Doe's back, shoulders, and limbs. Doe testified that the rest of her body was covered only with "paper sheets, almost like when you're at a doctor's office." The trial court held that Doe's experience "d[id] not rise to the level of a shocking degradation or egregious humiliation" to merit Constitutional protection. The Third Circuit reversed. EPIC argued that "[t]he risk of improper disclosure of the naked images of an employee placed on a computer network goes far beyond what the Supreme Court called a 'mere possibility that security measures will fail.'" The Court's "mere possibility" standard is derived from the 2011 decision in NASA v. Nelson, which set the standard to bring claims under the Constitutional right to informational privacy. EPIC: Doe v. Luzerne EPIC: Friend of the Court Brief in Doe v. Luzerne (April 14, 2011) US Third Circuit Court: Opinion in Doe v. Luzerne (Oct. 12, 2011) EPIC: Audio of Oral Argument in Doe v. Luzerne (Sept. 13, 2011) EPIC: Video Surveillance ======================================================================= [4] Real-Life 'Minority Report'?: EPIC Obtains Government Documents ======================================================================= EPIC has obtained, via a Freedom of Information Act request, documents from the Department of Homeland Security about a secretive "pre-crime" detection program. Under the "Future Attribute Screening Technology" (FAST) program, the DHS will collect and retain a set of "physiological and behavioral signals" from individuals at large-scale venues. According to a 2008 Privacy Impact Assessment prepared by the agency, the DHS intends to monitor and collect data including "video images, audio recordings, cardiovascular signals, pheromones, electrodermal activity, and respiratory measurements," in order to attempt to determine perceived "mal-intent." EPIC filed the FOIA request after news sources reported that Homeland Security tested the FAST Project in a public location in early 2011. DHS acknowledged the test but has refused to disclose the test results. Similarly, the agency has refused to provide the test's location or duration, stating only that testing occurred in the "northeast" and in a "large venue that is a suitable substitute for an operational ssetting," although not an airport. According to the documents obtained by EPIC, Homeland Security is considering the use of the device at conventions and sporting events. The documents corroborate that a field test was conducted on the public, as well as on DHS employee volunteers. DHS, however, failed to comply with federal law when the agency neglected to do a privacy impact assessment regarding the public testing. EPIC: FAST Project EPIC: FOIA'd Documents FAST Privacy Threshold Analysis Declan McCullagh, CNet: Article on FAST Technology (Oct. 7, 2011) Department of Homeland Security: FAST Project ======================================================================= [5] EPIC to Justice Dept.: Maintain Strong Open Government Regulations ======================================================================= In extensive comments to the US Justice Department, EPIC has urged the agency to preserve current Freedom of Information Act (FOIA) rules. The Justice Department is considering regulations that would place new burdens on FOIA requesters, including raising qualification standards for educational and news media fee status; allowing agencies to terminate FOIA requests; misrepresenting the existence of documents; and destroying records subject to FOIA requests. In addition, the Justice Department's proposed changes would affect some FOIA procedures, including requirements for making FOIA requests; the timing of agency response to requests, including who qualifies to receive expedited processing; the degree of detail required to make a request; and administrative appeals procedures. EPIC's comments state that the proposed changes "would undermine the federal open government act, are contrary to law, and exceed the authority of the agency." EPIC also underscored that many of the proposed changes were directly contrary to statements made by President Obama and Attorney General Eric Holder about the importance of government transparency. EPIC has an extensive FOIA practice and has recently uncovered documents about the FBI's Watch List, airport body scanners, and the Department of Homeland Security's FAST "Pre-crime Detection" Program. EPIC also publishes the Litigation Under Federal Open Government Laws Guide, a leading source for FOIA practitioners and requesters. EPIC: Comments on DOJ Proposed Changes to FOIA (Oct. 18, 2011) Federal Register: Proposed FOIA Changes (Sept. 19, 2011) EPIC: Litigation Docket EPIC: FOIA on FBI Watch List EPIC: FAST Project FOIA Request Department of Homeland Security: FAST Project ======================================================================= [6] News in Brief ======================================================================= Supreme Court Hears Oral Argument in Strip Search Case The US Supreme Court heard oral arguments October 12 in Florence v. Board of Chosen Freeholders of the County of Burlington. At issue is whether the Fourth Amendment permits a jail to conduct a suspicionless strip-search of every suspect, even those arrested for minor traffic offenses. The Petitioner, Albert Florence, was arrested based on an inaccurate police record of his previously resolved traffic fine. Florence was held for six days and subject to multiple strip searches before he was eventually brought before a judge and released. EPIC successfully argued before the Third Circuit in a related case, Doe v. Luzerne, that an individual has a reasonable expectation of privacy in remaining free from the government's recording of nude images. EPIC also filed a "Friend of the Court" brief in Herring v. US, a related case involving a Fourth Amendment challenge to an arrest and search based on incorrect information in a government database. SCOTUSblog: Florence v. Board of Chosen Freeholders EPIC: Doe v. Luzerne County EPIC: Herring v. U.S. Sen. Rockefeller Requests FTC Report on Facial Recognition Technology Senator John D. Rockefeller IV (D-WV) has sent a letter to the Federal Trade Commission, requesting that the Commission submit a report summarizing the use of facial recognition technology and recommend potential legislative solutions to protect privacy. Rockefeller's letter specifically cited mobile applications such as SceneTap, which "tracks the male/female ratio and age mix of the crowd [in bars]" and digital advertising at the Venetian Resort in Las Vegas that tailors ads to the person standing in front of the display based on age and gender. The Federal Trade Commission will hold a workshop on facial recognition technology on December 8, 2011. EPIC's complaint regarding Facebook's use of facial recognition technology is still pending before the FTC. Sen. J. Rockefeller: Letter to FTC (Oct. 12, 2011) FTC: Workshop on Facial Recognition Technology EPIC: Complaint Re: Facebook Facial Recognition (June 10, 2011) EPIC: In re Facebook EPIC: Facial Recognition Congressional Watchdog: DHS Data Mining Programs Pose Risk to Privacy The Government Accountability Office (GAO) has performed a detailed evaluation of data mining practices at the Department of Homeland Security. According to the GAO's report, privacy protections and transparency are vital to data mining operations; however, the report states that Homeland Security's practices did not "adequately ensure the protection of privacy-related information." in 2009, EPIC called for an investigation of the DHS Privacy Office and maintained that the agency's Chief Privacy Officer was not complying with the statutory requirements necessary to protect privacy. GAO: Report on DHS Data Mining Practices (Sept. 2011) EPIC: Letter to Congress Re: DHS Chief Privacy Officer (Oct. 23, 2009) DHS: Privacy Office EPIC: DHS Chief Privacy Officer and Privacy Appeals Court: ECPA Protects Noncitizens The Ninth Circuit Federal Appeals Court ruled October 3 that foreign citizens are protected by the Electronic Communications Privacy Act, or ECPA . The court's decision in Suzlon Energy v. Microsoft Corp. reaffirms that ECPA protects consumer data without regard to nationality, by forbidding companies in most circumstances from disclosing communications data with third parties. Suzlon involves a civil suit in which Microsoft refused to disclose data from the Hotmail email account of Rajagopalan Sridhar, an Indian citizen. Indian company Suzlon Energy claimed that Sridhar, an employee, had committed fraud. Ninth Circuit Court: Suzlon Energy v. Microsoft Corp. (Oct. 3, 2011) Electronic Communications Privacy Act EPIC: Wiretapping and Electronic Surveillance ======================================================================= [7] EPIC Book Review: 'Unpopular Privacy' ======================================================================= "Unpopular Privacy: What Must We Hide?" Anita L. Allen In "Unpopular Privacy," Anita L. Allen, a professor of Law and Philosophy at Penn State University, explores the ethical and philosophical underpinnings of privacy law by addressing a difficult question: When should the government "enact or enforce coercive privacy laws that affected individuals may not welcome?" By analyzing the normative foundations of privacy law, as well as recent developments in physical and informational privacy, Allen offers the contentious claim that "privacy is so important and so neglected in contemporary life that democratic states, though liberal and feminist, could be justified in undertaking a rescue mission that includes enacting paternalistic privacy laws for the benefit of uneager beneficiaries." "Unpopular Privacy" is made up of three parts. In Part One, "Normative Foundations," Allen explores "the case within liberal political and moral theory for imposing unwelcome duties of privacy and limiting the alienability of privacy rights." In Part Two, "Physical Privacies: Seclusion and Concealment," she explores the divergent treatment and moral underpinnings of "modesty" and "nudity" laws in the United States and Europe. Part Three, "Information Privacies: Confidentiality and Data Protection," makes the case for "confidentiality" mandates, cautions against the expansion of "racial privacy" laws, and decries the refusal of adults and children alike to respect their own privacy in the digital space. Each section contains a series of short essays organized by topic, with provocative titles like "Privacies Not Wanted," "Seclusion," "Modesty," "Nudity," "Confidentiality," "Racial Privacy," "The Electronic Data Give-Away," and "Popular Paternalism." "Unpopular Privacy" makes a strong case for the proposition that "privacy, like information sharing, has a place in a free society." Allen identifies an "ambiguity in the philosophical literature defending privacy," where it is unclear whether "it is the opportunity to choose the experience of privacy that is supposed to be vitally important, or [the] actual experience of privacy." Professor Allen argues that "privacy rights should do more than simply offer the opportunity for privacy," and that the experience of privacy is severely degraded in the context of digital information. Allen concludes "Unpopular Privacy" by discussing it in the context of the Children's Online Privacy Protection Act, or COPPA. COPPA is a clear example of a privacy law that aims to protect a "beneficiary" group (children under 13) who would rather not be protected. As Allen puts it, "[p]op music and sweets are more important to children than electronic information privacy and data protection." However, she also points out COPPAs "normative weaknesses," including its lack of distinction between teenagers and "'tweenagers," and the fact that the Act only covers children's data and not other forms of cyber-danger. "Unpopular Privacy" provides a thorough and insightful discussion of key and controversial privacy issues. Anita Allen successfully addresses the tension between strong privacy protections and the core values of a liberal democracy. She argues that coercing privacy might be justified even where it is unpopular: "Privacy aligns not with raw preference," she states, "but with prudent self-interest." -- Alan Butler ================================ EPIC Publications: "Litigation Under the Federal Open Government Laws 2010," edited by Harry A. Hammitt, Marc Rotenberg, John A. Verdi, Ginger McCall, and Mark S. Zaid (EPIC 2010). Price: $75 Litigation Under the Federal Open Government Laws is the most comprehensive, authoritative discussion of the federal open access laws. This updated version includes new material regarding President Obama's 2009 memo on Open Government, Attorney General Holder's March 2009 memo on FOIA Guidance, and the new executive order on declassification. The standard reference work includes in-depth analysis of litigation under: the Freedom of Information Act, the Privacy Act, the Federal Advisory Committee Act, and the Government in the Sunshine Act. The fully updated 2010 volume is the 25th edition of the manual that lawyers, journalists and researchers have relied on for more than 25 years. ================================ "Information Privacy Law: Cases and Materials, Second Edition" Daniel J. Solove, Marc Rotenberg, and Paul Schwartz. (Aspen 2005). Price: $98. This clear, comprehensive introduction to the field of information privacy law allows instructors to enliven their teaching of fundamental concepts by addressing both enduring and emerging controversies. The Second Edition addresses numerous rapidly developing areas of privacy law, including: identity theft, government data mining and electronic surveillance law, the Foreign Intelligence Surveillance Act, intelligence sharing, RFID tags, GPS, spyware, web bugs, and more. Information Privacy Law, Second Edition, builds a cohesive foundation for an exciting course in this rapidly evolving area of law. ================================ "Privacy & Human Rights 2006: An International Survey of Privacy Laws and Developments" (EPIC 2007). Price: $75. This annual report by EPIC and Privacy International provides an overview of key privacy topics and reviews the state of privacy in over 75 countries around the world. The report outlines legal protections, new challenges, and important issues and events relating to privacy. Privacy & Human Rights 2006 is the most comprehensive report on privacy and data protection ever published. ================================ "The Public Voice WSIS Sourcebook: Perspectives on the World Summit on the Information Society" (EPIC 2004). Price: $40. This resource promotes a dialogue on the issues, the outcomes, and the process of the World Summit on the Information Society (WSIS). This reference guide provides the official UN documents, regional and issue-oriented perspectives, and recommendations and proposals for future action, as well as a useful list of resources and contacts for individuals and organizations that wish to become more involved in the WSIS process. ================================ "The Privacy Law Sourcebook 2004: United States Law, International Law, and Recent Developments," Marc Rotenberg, editor (EPIC 2005). Price: $40. The Privacy Law Sourcebook, which has been called the "Physician's Desk Reference" of the privacy world, is the leading resource for students, attorneys, researchers, and journalists interested in pursuing privacy law in the United States and around the world. It includes the full texts of major privacy laws and directives such as the Fair Credit Reporting Act, the Privacy Act, and the OECD Privacy Guidelines, as well as an up-to-date section on recent developments. New materials include the APEC Privacy Framework, the Video Voyeurism Prevention Act, and the CAN-SPAM Act. ================================ "Filters and Freedom 2.0: Free Speech Perspectives on Internet Content Controls" (EPIC 2001). Price: $20. A collection of essays, studies, and critiques of Internet content filtering. These papers are instrumental in explaining why filtering threatens free expression. ================================ EPIC publications and other books on privacy, open government, free expression, crypto and governance can be ordered at: EPIC Bookstore ================================ EPIC also publishes EPIC FOIA Notes, which provides brief summaries of interesting documents obtained from government agencies under the Freedom of Information Act. Subscribe to EPIC FOIA Notes at: ======================================================================= [8] Upcoming Conferences and Events ======================================================================= EPIC Public Voice Conference. Mexico City, Mexico, 31 October 2011. For More Information: 33rd International Conference of Data Protection and Privacy Commissioners (ICDPPC 2011). Mexico City, Mexico, 2-3 November 2011. For more information: 8th Conference on Privacy and Public Access to Court Records. Sponsored by the College of William and Mary School of Law. Williamsburg, VA, 3-4 November 2011. For More Information: Workshop on Cryptography for Emerging Technologies and Applications. NIST Campus, Gaithersburg, MD, 7-8 November 2011. For More Information: 2nd Annual GridWise(R) Global Forum, Co-Hosted by the GridWise(R) Alliance and the US Dept. of Energy. Washington, DC, 8-10 November 2011. For More Information: Securing Our Rights in the Information-Sharing Era. San Francisco, CA, 1-2 December 2011. For More Information: More Surveillance, More Security? The Landscape of Surveillance in Europe and Challenges to Data Protection and Privacy. Brussels, 4 January 2012. For More Information: Computers, Privacy, & Data Protection 2012: European Data Protection: Coming of Age. Brussels, Belgium, 25-27 January 2012, Call for Papers Abstracts Deadline 1 June 2011. For More Information: ======================================================================= Join EPIC on Facebook and Twitter ======================================================================= Join the Electronic Privacy Information Center on Facebook and Twitter: Join us on Twitter for #privchat, Tuesdays, 11:00am ET. Start a discussion on privacy. Let us know your thoughts. Stay up to date with EPIC's events. Support EPIC. ======================================================================= Privacy Policy ======================================================================= The EPIC Alert mailing list is used only to mail the EPIC Alert and to send notices about EPIC activities. We do not sell, rent or share our mailing list. We also intend to challenge any subpoena or other legal process seeking access to our mailing list. We do not enhance (link to other databases) our mailing list or require your actual name. In the event you wish to subscribe or unsubscribe your e-mail address from this list, please follow the above instructions under "subscription information." ======================================================================= About EPIC ======================================================================= The Electronic Privacy Information Center is a public interest research center in Washington, DC. It was established in 1994 to focus public attention on emerging privacy issues such as the Clipper Chip, the Digital Telephony proposal, national ID cards, medical record privacy, and the collection and sale of personal information. EPIC publishes the EPIC Alert, pursues Freedom of Information Act litigation, and conducts policy research. For more information, see or write EPIC, 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009. +1 202 483 1140 (tel), +1 202 483 1248 (fax). ======================================================================= Donate to EPIC ======================================================================= If you'd like to support the work of the Electronic Privacy Information Center, contributions are welcome and fully tax-deductible. Checks should be made out to "EPIC" and sent to 1718 Connecticut Ave. NW, Suite 200, Washington, DC 20009. Or you can contribute online at: Your contributions will help support Freedom of Information Act and First Amendment litigation, strong and effective advocacy for the right of privacy and efforts to oppose government regulation of encryption and expanding wiretapping powers. Thank you for your support. ======================================================================= Subscription Information ======================================================================= Subscribe/unsubscribe via web interface: Back issues are available at: The EPIC Alert displays best in a fixed-width font, such as Courier. ------------------------- END EPIC Alert 18.21 ------------------------

WorldLII: Copyright Policy | Disclaimers | Privacy Policy | Feedback