WorldLII Home | Databases | WorldLII | Search | Feedback

EPIC Alert

You are here:  WorldLII >> Databases >> EPIC Alert >> 2011 >> [2011] EPICAlert 5

Database Search | Name Search | Recent Articles | Noteup | LawCite | Help

EPIC Alert 18.05 [2011] EPICAlert 5

EPIC Alert 18.05

======================================================================= E P I C A l e r t ======================================================================= Volume 18.05 March 17, 2011 ----------------------------------------------------------------------- Published by the Electronic Privacy Information Center (EPIC) Washington, D.C. "Defend Privacy. Support EPIC." Report All Screening Experiences at EPIC Body Scanner Incident Report ======================================================================= Table of Contents ======================================================================= [1] EPIC Urges Federal Appeals Court to Suspend Body Scanner Program [2] EPIC Public Voice Project Hosts Internet Town Hall [3] Judiciary Committee Presses Napolitano in Oversight Hearing [4] EPIC Files Brief with Supreme Court on "Reidentification" Risks [5] Facebook Resumes Plan to Disclose User Personal Contact Information [6] News In Brief [7] EPIC Book Review: "The Offensive Internet" [8] Upcoming Conferences and Events TAKE ACTION: Stop Airport Strip Searches! - JOIN Facebook Group "Stop Airport Strip Searches" and INVITE Friends - DISPLAY the IMAGE - SUPPORT EPIC ======================================================================= [1] EPIC Urges Federal Appeals Court to Suspend Body Scanner Program ======================================================================= At oral argument in EPIC's lawsuit to suspend the airport body scanner program, EPIC President Marc Rotenberg urged the Washington, DC appeals court to suspend the TSA body scanner program, noting that the devices are "uniquely intrusive" and ineffective. The attorney for the Department of Homeland Security responded with the assertion that the agency believes it has legal authority to institute mandatory strip searches for every air traveler, without any public comment or rulemaking. EPIC's opening brief in the case states that the Department of Homeland Security "has initiated the most sweeping, the most invasive, and the most unaccountable suspicionless search of American travelers in history," and that such a change in policy demands that the TSA conduct a notice-and-comment rule making process. Judge David S. Tatel on the panel agreed that the devices are "far more intrusive" than metal detectors the agency previously deployed. EPIC has further charged that the TSA program violates the Fourth Amendment protections, the Religious Freedom Restoration Act, and the Video Voyeurism Prevention Act. Judge Douglas Ginsburg asked Mr. Rotenberg whether it was possible for passengers to "opt-out" of the body scanner procedure. Mr. Rotenberg referred the Court to passenger complaints, which EPIC obtained through a Freedom of Information Act (FOIA) request, in order to demonstrate that there was no real choice and that TSA agents were retaliating against flyers for opting out. At one point, Judge Ginsburg grilled the Department of Homeland's attorneys about the prominence of signage informing passengers of their rights, demanding "how big are the signs?" At another, Judge Tatel challenged the agency's claim that it could conceal the location of the signs because that data was designated "Sensitive Security Information." Judge Karen Henderson raised a series of questions about frequent flyers' and crewmembers' repeated exposure to the radiation emitted by “X-Ray bodyscanners.” On November 19, 2010, EPIC filed a FOIA lawsuit against the Department of Homeland Security, seeking records concerning radiation emissions and exposure associated with airport full body scanners. The Court's question touched on many of the issues that EPIC has highlighted since its initial motion for an emergency stay on July 2, 2010, particularly the Fourth Amendment concerns. Mr. Rotenberg said that the program was neither effective nor "minimally invasive," as the courts have required. Rotenberge concluded the argument by pointing to the court to Nader v. Butterfield, a 1974 case in Washington D.C. concerning the decision of the Federal Aviation Administration to change screening procedures from a physical search to X-ray screening. In that case, which followed heightened public concern about the safety of air travel, the court nonetheless required the Agency to undertake a public rule-making and to assess the health impacts. Mr. Rotenberg pointed out that the X-ray search of a passenger before the Court was a greater intrusion than the one confronted in the 1974 case. EPIC: EPIC v. DHS (Suspension of Body Scanners) EPIC v. DHS Opening Brief EPIC v. DHS Reply Brief EPIC v. TSA (FOIA Lawsuit Concerning Radiation Emissions) ======================================================================= [2] EPIC Public Voice Project Hosts Internet Town Hall ======================================================================= The EPIC Public Voice Project joined with .ME, the ICANN At-Large Advisory Committee, the Non-Commercial Users Constituency, and the North American Regional At-Large Organization to host an Internet Townhall meeting in San Francisco, which focused on emerging issues for the online community. The meeting was held in conjunction with ICANN40, ICANN's 40th Annual Public Meeting. Panelists at the meeting included Tunisian blogger Rafik Dammak, Internet experts Whitfield Diffe and Paul Vixie, and CNET political correspondant Declan McCullagh, as well as several ICANN officials. The panelists spent the 90-minute meeting discussing Internet issues that are important to the public at large. Moderating the panel was New York Times technology journalist John Markoff. Attendees at the event were able to engage with the panelists and seek feedback on such topics as the Internet's role in political movements and times of crisis, the expansion of Internet domain names, and the weighing of security and privacy. The event was streamed online to remote viewers, who were able to particpate in real time on Twitter using the hashtag #iTownhall. Both the live event and the Twitter feed were sources of informed debate and discussion, with points of view expressed from people across the world, from Egypt to Europe and the Americas. The Public Voice coalition was established in 1996 by the Electronic Privacy Information Center (EPIC) to promote public participation in decisions concerning the future of the Internet. The Public Voice has purused issues ranging from privacy and freedom of expression to consumer protection and Internet governance. Through international conferences, reports and funding for travel the Public Voice project seeks to increase the presence of NGOs at meetings across the globe. Internet Townhall 2011 #iTownhall The Public Voice .ME ICANN At-Large Advisory Committee Non-Commercial Users Constituency North American Regional At-Large Organization ======================================================================= [3] Judiciary Committee Presses Napolitano in Oversight Hearing ======================================================================= Secretary Janet Napolitano appeared before the full Judiciary Committee to answer oversight questions about the Department of Homeland Security. Chairman Patrick Leahy praised Napolitano for delaying the implementation of REAL ID, noting that it would give the States and Congress more time to deal with the issues that have been raised about the program since its inception. Chairman Leahy explained that many people were worried that REAL ID would become a national id card. Napolitano stated that REAL ID was an unfunded mandate that did not take into consideration how 50 different motor vehicle departments worked. Chairman Leahy then turned to the TSA and airport body scanners. He said that Americans expected to be treated with dignity when they traveled and that they found the x-ray scanning machines were a bridge too far and the pat downs were too difficult to tolerate. Americans, he said, appreciate their privacy. The health concerns Americans articulated about the machines were also an issue. Chairman Leahy stated that government should not dismiss any American’s health concerns when implementing a program. He related the story of a registered nurse and cancer survivor who, after conducting research, will not go through the screening machines. The nurse is his wife, to whom he’s been married for 45 years. The remainder of the hearing covered issues related to border control and security, FEMA, and the impact of the House proposed budget cuts on the effectiveness of Homeland Security priorities. Chairman Leahy Press Release (March 9, 2011) Oversight of the Department of Homeland Security (March 9, 2011) EPIC: National ID and the REAL ID Act EPIC: EPIC v. DHS (Suspension of Whole Body Scanners) EPIC: Whole Body Imaging Technology ======================================================================= [4] EPIC Files Brief with Supreme Court on "Reidentification" Risks ======================================================================= EPIC has filed a “friend of the court” brief in Sorrell v. IMS Health, a case now before the U.S. Supreme Court concerning a state privacy law that seeks to regulate commercial access to prescription records. Data-mining companies have challenged the Vermont law, arguing that it violates the First Amendment and also that there is no privacy interest in the transfer of "de-identified" prescriber records. Oral argument in Sorrell will take place on April 26, 2011. The EPIC brief was filed on behalf of 27 technical experts and legal scholars, as well as 9 consumer and privacy groups. EPIC argues first that medical privacy is important and should be protected by law and that the privacy interest in limiting access to "de-identified" prescriber records is even greater than supporters of the law understood, because the encryption technique used to conceal patient records is no longer adequate, and patients' actual identity can be reconstructed. Finally, EPIC argued that the state's practice of requiring pharmacies to retain prescriber information implicates the Constitutional right of informational privacy. The Supreme Court is hearing this case because of a circuit split on the issue. The Second Circuit struck down Vermont's prescription confidentiality law regulating data mining companies that sell or use doctors' prescribing records containing personal information on patients. The Court of Appeal's decision, which relied on the First Amendment, diverged significantly from other decisions upholding similar laws. When Maine's prescription privacy law was challenged, the First Circuit upheld the law, finding that the statute "regulates conduct, not speech, and even if it regulates commercial speech, that regulation satisfies constitutional standards." The First Circuit also upheld a similar prescription confidentiality law prohibiting the sale of prescription information in New Hampshire. The Supreme Court refused a request to review the challenge to New Hampshire's law. EPIC has also filed a "friend of the court" brief in support of the Vermont law at the circuit court level, arguing that the state has a substantial interest in protecting the privacy of medial records and that the data miners' de-identification practices do not, in fact, protect patient privacy. EPIC's brief for the lower appellate court was cited in the opinion of Judge Deborah Ann Livingston. As Judge Livingston explained, "neither appellants nor the majority advances any serious argument that the state does not have a legitimate and substantial interest in medical privacy . . . " EPIC also filed a "friend of the court" brief in the New Hampshire case. IMS Health v. Sorrell: EPIC "friend of the court" brief (Sup. Court) Supreme Court Blog: Sorrell v. IMS Health IMS Health Inc. v. Sorell: EPIC "friend of the court" brief (2d Cir.) IMS Health Inc. v. Sorell: 2d Cir. Opinion EPIC: IMS Health v. Sorrell EPIC: IMS Health v. Ayotte ======================================================================= [5] Facebook Resumes Plan to Disclose User Personal Contact Information ======================================================================= Facebook has indicated in a letter that it will go forward with a proposal to provide users' addresses and mobile phone numbers to third-party application developers, including anyone who writes games or applications that use the Facebook platform. The developers would be able to ask users for their contact information, and the user would have to give permission by clicking the "allow" button before they accessed the application. Facebook's comments came in response to a February 2011 letter from Rep. Markey (D-MA) and Rep. Barton (R-TX) to Mark Zuckerberg questioning Facebook's plan. In that letter, the Representatives wrote that the pop-up window permissions in place were not sufficient "given the sensitivity of personal addresses and mobile phone numbers compared to other information users provide Facebook." EPIC Executive Director Marc Rotenberg explained, "Facebook is trying to blur the line between public and private information. And the request for permission does not make clear to the user why the information is needed or how it will be used." Despite temporarily suspending the plan following intense objection from EPIC and consumers, Facebook is now intending to go forward, although it is considering ways to "enhance user controls." Reps. Markey and Barton are not satisfied with Facebook's response, and are particularly concerned about the effect that Facebook's new policy might have on minors. "I don't believe that applications on Facebook should get this information from teens, and I encourage Facebook to wall off access to teen's contact information if they enable this new feature," Markey said. Senators Al Franken (D-Minn), Chuck Schumer (D-NY), Sheldon Whitehouse (D-RI), and Richard Blumenthal (D-Conn) also urged Facebook not to allow third-party applications and websites to access users' addresses and mobile phone numbers. The Senators warned that release of this sensitive information could make users "easy targets for fraud, theft, and abuse." Congressmen Markey and Barton have previously written to Facebook, responding to news that the social media giant's business partners transmitted personal user data to advertising and Internet tracking companies, in direct violation of Facebook's policies. EPIC, joined by many consumer and privacy organizations, has two complaints pending at the Federal Trade Commission charging that Facebook's earlier changes to users' privacy settings constitute unfair and deceptive trade practices. The Commission has failed to act on either of these complaints. Senator Blumenthal Press Release (March 9, 2011) Facebook: letter to Reps. Markey and Barton (February 23, 2011) Reps. Markey and Barton: Letter to Facebook (February 2, 2011) Reps. Markey and Barton: Letter to Facebook (October 18. 2010) Facebook: Addresses and Mobile Phone Numbers (January 18, 2011) Facebook: Addresses and Mobile Phone Numbers (January 14, 2011) EPIC: Facebook EPIC: In re Facebook II ======================================================================= [6] News In Brief ======================================================================= Health and Human Services Fines $4.3 Million for Privacy Violations The Department of Health and Human Services has determined that Cignet Health, a medical center facility with four locations in Maryland and Washington D.C., violated the privacy rule of the Health Insurance Portability and Accountability Act of 1996. Cignet Health failed to provide medical records to 41 patients who requested them for more than a year. Under HIPPA, a health center has sixty days to comply with the request to view medical records. The agency fined Cignet $1.3 million for denying patients access to their medical records and an additional $3 million for failing to cooperate with the investigation. EPIC has participated in the discussion of medical privacy records extensively, filing “friend of the court” briefs in various cases related to data mining companies. Health and Human Services: Announcement HHS: Summary of HIPAA Privacy Rule HHS: HITECH Act Enforcement Interim Final Rule EPIC: Medical Record Privacy EPIC: IMS Health v. Sorrell EPIC: IMS Health v. Ayotte REAL ID Makes Short-Lived Appearance on House Agenda Despite a strong letter from Rep. Lamar Smith (R-TX), Rep. Peter King (R-NY), and Rep. James Sensenbrenner (R-WI), the Department of Homeland Security has once again extended the deadline for the states to comply with the REAL ID Act of 2005, until January 13, 2013. Twenty-four states have rejected the Act since its issuance, which previously had a deadline at May 11, 2011. The Representatives declared that not implementing REAL ID "threatens the security of the United States." The letter follows the arrest of Khalid Ali-M Adawsari on charges of attempting to use a weapon of mass destruction. EPIC previously released a report, testified to Congress, and submitted comments stating that REAL ID included few protections for individual privacy and security in its massive national identification database. EPIC: National ID and the REAL ID Act EPIC: Biometric Identifiers Privacy Coalition’s Campaign Against REAL ID Press Release: Further REAL ID Extension Threatens National Security Inspector General Finds DHS Contract Management Process Noncompetitive The Inspector General of the Department of Homeland Security released a report finding that the agency's contract files did not provide adequate evidence of justification and approval, market research, and acquisition planning for the $1.3 billion dollars in noncompetitive contracts the agency entered into in fiscal year 2010. The noncompetitive process raises doubts that the agency secured the "best possible value" for the goods and services and that the contracts were awarded to "eligible and qualified vendors." The IG recommended that the agency’s Chief Procurement Officer pursue corrective action plans. EPIC previously criticized the agency’s contracting practices regarding whole body scanners. DHS: Office of the Inspector General Department of Homeland Security FY 2010 Budget Inspector General Report ======================================================================= [7] EPIC Book Review: "The Offensive Internet" ======================================================================= "The Offensive Internet: Speech, Privacy, and Reputation," Edited by Saul Levmore and Martha C. Nussbaum To err is human, the old joke goes, but to really screw things up you need a computer. The same is true for offending our friends and neighbors -- to really ruin a reputation, use social networking. In a series of provocative essays, “The Offensive Internet," edited by Saul Levmore and Martha Nussbaum, some of America's premier privacy advocates explore the law of reputation in the 21st century. It takes guts to challenge longstanding arguments that have become entrenched in the curriculum of American law schools. But there are reasons behind every legal rule, and a number of constitutional scholars have become willing to ask whether it might be time to question the venerable constructs of First Amendment jurisprudence as they apply to the Internet. Less gutsy is the tendency toward techno-idolatry, also represented in this fine volume. The challengers suggest that the marketplace of ideas may sometimes fail, that the harm inflicted by anonymous mobs is worse than defamation on paper, that we may need a cyberspace civil rights law. Those who would welcome our new computer overlords seem to respond that the law in its majesty is no match for the technorati . Perhaps technology has cut the Gordian knot, severing the old tension between individual privacy on the one hand, which must surrender, and the imperatives of "free information" on the other, which must now dominate. Legal analysis depends heavily on analogy and metaphor. If the owner of a printing press rents his equipment to a pamphleteer, should he be liable for the defamatory words of the pamphleteer? This has been the analogy behind immunity provided by Section 230 of the Communications Decency Act. But some authors point out that the publisher - a middleman who served as an identifiable, responsible party -- can vanish online. Newspapers now eschew anonymity, but Internet publishing permits anonymous cyber-mobs to injure vulnerable populations. Maybe tension is a good thing: a violin string must have it in order to produce music, and a vibrant democracy must secure individual rights as well as majority rule. Together, the essays in this book suggest that to demand individual privacy as well as freedom of information is not too much to ask. -- Grayson Barber ================================ EPIC Publications: "Litigation Under the Federal Open Government Laws 2010," edited by Harry A. Hammitt, Marc Rotenberg, John A. Verdi, Ginger McCall, and Mark S. Zaid (EPIC 2010). Price: $75 Litigation Under the Federal Open Government Laws is the most comprehensive, authoritative discussion of the federal open access laws. This updated version includes new material regarding President Obama's 2009 memo on Open Government, Attorney General Holder's March 2009 memo on FOIA Guidance, and the new executive order on declassification. The standard reference work includes in-depth analysis of litigation under: the Freedom of Information Act, the Privacy Act, the Federal Advisory Committee Act, and the Government in the Sunshine Act. The fully updated 2010 volume is the 25th edition of the manual that lawyers, journalists and researchers have relied on for more than 25 years. ================================ "Information Privacy Law: Cases and Materials, Second Edition" Daniel J. Solove, Marc Rotenberg, and Paul Schwartz. (Aspen 2005). Price: $98. This clear, comprehensive introduction to the field of information privacy law allows instructors to enliven their teaching of fundamental concepts by addressing both enduring and emerging controversies. The Second Edition addresses numerous rapidly developing areas of privacy law, including: identity theft, government data mining and electronic surveillance law, the Foreign Intelligence Surveillance Act, intelligence sharing, RFID tags, GPS, spyware, web bugs, and more. Information Privacy Law, Second Edition, builds a cohesive foundation for an exciting course in this rapidly evolving area of law. ================================ "Privacy & Human Rights 2006: An International Survey of Privacy Laws and Developments" (EPIC 2007). Price: $75. This annual report by EPIC and Privacy International provides an overview of key privacy topics and reviews the state of privacy in over 75 countries around the world. The report outlines legal protections, new challenges, and important issues and events relating to privacy. Privacy & Human Rights 2006 is the most comprehensive report on privacy and data protection ever published. ================================ "The Public Voice WSIS Sourcebook: Perspectives on the World Summit on the Information Society" (EPIC 2004). Price: $40. This resource promotes a dialogue on the issues, the outcomes, and the process of the World Summit on the Information Society (WSIS). This reference guide provides the official UN documents, regional and issue-oriented perspectives, and recommendations and proposals for future action, as well as a useful list of resources and contacts for individuals and organizations that wish to become more involved in the WSIS process. ================================ "The Privacy Law Sourcebook 2004: United States Law, International Law, and Recent Developments," Marc Rotenberg, editor (EPIC 2005). Price: $40. The Privacy Law Sourcebook, which has been called the "Physician's Desk Reference" of the privacy world, is the leading resource for students, attorneys, researchers, and journalists interested in pursuing privacy law in the United States and around the world. It includes the full texts of major privacy laws and directives such as the Fair Credit Reporting Act, the Privacy Act, and the OECD Privacy Guidelines, as well as an up-to-date section on recent developments. New materials include the APEC Privacy Framework, the Video Voyeurism Prevention Act, and the CAN-SPAM Act. ================================ "Filters and Freedom 2.0: Free Speech Perspectives on Internet Content Controls" (EPIC 2001). Price: $20. A collection of essays, studies, and critiques of Internet content filtering. These papers are instrumental in explaining why filtering threatens free expression. ================================ EPIC publications and other books on privacy, open government, free expression, crypto and governance can be ordered at: EPIC Bookstore ================================ EPIC also publishes EPIC FOIA Notes, which provides brief summaries of interesting documents obtained from government agencies under the Freedom of Information Act. Subscribe to EPIC FOIA Notes at: ======================================================================= [8] Upcoming Conferences and Events ======================================================================= "The Review of the EU Data Protection Framework: Latest State of Play." European Parliament, Room JAN4Q2, Brussels, Belgium, 16 March 2011. For More Information: "The Tenth Workshop on Economics of Information Security." The George Mason University, 14-15 June 2011. For More Information: "Computers, Freedom, and Privacy 2011." Georgetown Law Center, Washington D.C., 14-16 June 2011. For More Information: ======================================================================= Join EPIC on Facebook ======================================================================= Join the Electronic Privacy Information Center on Facebook Start a discussion on privacy. Let us know your thoughts. Stay up to date with EPIC's events. Support EPIC. ======================================================================= Privacy Policy ======================================================================= The EPIC Alert mailing list is used only to mail the EPIC Alert and to send notices about EPIC activities. We do not sell, rent or share our mailing list. We also intend to challenge any subpoena or other legal process seeking access to our mailing list. We do not enhance (link to other databases) our mailing list or require your actual name. In the event you wish to subscribe or unsubscribe your e-mail address from this list, please follow the above instructions under "subscription information." ======================================================================= About EPIC ======================================================================= The Electronic Privacy Information Center is a public interest research center in Washington, DC. It was established in 1994 to focus public attention on emerging privacy issues such as the Clipper Chip, the Digital Telephony proposal, national ID cards, medical record privacy, and the collection and sale of personal information. EPIC publishes the EPIC Alert, pursues Freedom of Information Act litigation, and conducts policy research. For more information, see or write EPIC, 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009. +1 202 483 1140 (tel), +1 202 483 1248 (fax). ======================================================================= Donate to EPIC ======================================================================= If you'd like to support the work of the Electronic Privacy Information Center, contributions are welcome and fully tax-deductible. Checks should be made out to "EPIC" and sent to 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009. Or you can contribute online at: Your contributions will help support Freedom of Information Act and First Amendment litigation, strong and effective advocacy for the right of privacy and efforts to oppose government regulation of encryption and expanding wiretapping powers. Thank you for your support. ======================================================================= Subscription Information ======================================================================= Subscribe/unsubscribe via web interface: Back issues are available at: The EPIC Alert displays best in a fixed-width font, such as Courier. ------------------------- END EPIC Alert 18.05 ------------------------

WorldLII: Copyright Policy | Disclaimers | Privacy Policy | Feedback