EPIC Alert 18.05
E P I C A l e r t
Volume 18.05 March 17, 2011
Published by the
Electronic Privacy Information Center (EPIC)
"Defend Privacy. Support EPIC."
Report All Screening Experiences at
EPIC Body Scanner Incident Report
Table of Contents
 EPIC Urges Federal Appeals Court to Suspend Body Scanner Program
 EPIC Public Voice Project Hosts Internet Town Hall
Committee Presses Napolitano in Oversight Hearing
 EPIC Files Brief with Supreme Court on "Reidentification" Risks
Resumes Plan to Disclose User Personal Contact Information
 News In Brief
 EPIC Book Review: "The Offensive Internet"
Conferences and Events
TAKE ACTION: Stop Airport Strip Searches!
- JOIN Facebook Group "Stop Airport Strip Searches" and INVITE
- DISPLAY the IMAGE http://thepublicvoice.org/nakedmachine.jpg
- SUPPORT EPIC http://www.epic.org/donate/
 EPIC Urges Federal Appeals Court to Suspend Body Scanner
At oral argument in EPIC's lawsuit to suspend the
airport body scanner
program, EPIC President Marc Rotenberg urged the Washington, DC appeals
court to suspend the TSA body scanner
program, noting that the devices
are "uniquely intrusive" and ineffective. The attorney for the
Department of Homeland Security responded
with the assertion that the
agency believes it has legal authority to institute mandatory strip
searches for every air traveler,
without any public comment or
EPIC's opening brief in the case states that the Department of Homeland
initiated the most sweeping, the most invasive, and the
most unaccountable suspicionless search of American travelers in
and that such a change in policy demands that the TSA conduct
a notice-and-comment rule making process. Judge David S. Tatel on the
panel agreed that the devices are "far more intrusive" than metal
detectors the agency previously deployed. EPIC has further charged
the TSA program violates the Fourth Amendment protections, the Religious
Freedom Restoration Act, and the Video Voyeurism Prevention Act.
Judge Douglas Ginsburg asked Mr. Rotenberg whether it was possible for
passengers to "opt-out"
of the body scanner procedure. Mr. Rotenberg
referred the Court to passenger complaints, which EPIC obtained through
a Freedom of
Information Act (FOIA) request, in order to demonstrate
that there was no real choice and that TSA agents were retaliating
against flyers for opting
out. At one point, Judge Ginsburg grilled the
Department of Homeland's attorneys about the prominence of signage
of their rights, demanding "how big are the signs?"
At another, Judge Tatel challenged the agency's claim that it could
location of the signs because that data was designated
"Sensitive Security Information."
Judge Karen Henderson raised a series of
questions about frequent
flyers' and crewmembers' repeated exposure to the radiation emitted by
On November 19, 2010, EPIC filed a FOIA lawsuit
against the Department of Homeland Security, seeking records concerning
emissions and exposure associated with airport full body
The Court's question touched on many of the issues that EPIC
highlighted since its initial motion for an emergency stay on July 2,
2010, particularly the Fourth Amendment concerns. Mr. Rotenberg
that the program was neither effective nor "minimally invasive," as the
courts have required. Rotenberge concluded the argument
by pointing to
the court to Nader v. Butterfield, a 1974 case in Washington D.C.
concerning the decision of the Federal Aviation
Administration to change
screening procedures from a physical search to X-ray screening. In that
case, which followed heightened
public concern about the safety of air
travel, the court nonetheless required the Agency to undertake a public
rule-making and to
assess the health impacts. Mr. Rotenberg pointed out
that the X-ray search of a passenger before the Court was a greater
than the one confronted in the 1974 case.
EPIC: EPIC v. DHS (Suspension of Body Scanners)
EPIC v. DHS Opening Brief
EPIC v. DHS Reply Brief
EPIC v. TSA (FOIA Lawsuit Concerning Radiation Emissions)
 EPIC Public Voice Project Hosts Internet Town Hall
The EPIC Public Voice Project joined with .ME, the ICANN At-Large
Advisory Committee, the Non-Commercial Users Constituency, and
American Regional At-Large Organization to host an Internet Townhall
meeting in San Francisco, which focused on emerging
issues for the
online community. The meeting was held in conjunction with ICANN40,
ICANN's 40th Annual Public Meeting.
at the meeting included Tunisian blogger Rafik Dammak,
Internet experts Whitfield Diffe and Paul Vixie, and CNET political
Declan McCullagh, as well as several ICANN officials. The
panelists spent the 90-minute meeting discussing Internet issues that
important to the public at large. Moderating the panel was New York
Times technology journalist John Markoff.
Attendees at the event
were able to engage with the panelists and seek
feedback on such topics as the Internet's role in political movements
and times of
crisis, the expansion of Internet domain names, and the
weighing of security and privacy. The event was streamed online to
viewers, who were able to particpate in real time on Twitter
using the hashtag #iTownhall. Both the live event and the Twitter feed
were sources of informed debate and discussion, with points of view
expressed from people across the world, from Egypt to Europe
The Public Voice coalition was established in 1996 by the Electronic
Privacy Information Center (EPIC) to promote
public participation in
decisions concerning the future of the Internet. The Public Voice has
purused issues ranging from privacy
and freedom of expression to
consumer protection and Internet governance. Through international
conferences, reports and funding
for travel the Public Voice project
seeks to increase the presence of NGOs at meetings across the globe.
Internet Townhall 2011
The Public Voice
ICANN At-Large Advisory Committee
Non-Commercial Users Constituency
North American Regional At-Large Organization
 Judiciary Committee Presses Napolitano in Oversight
Secretary Janet Napolitano appeared before the full
to answer oversight questions about the Department of Homeland Security.
Chairman Patrick Leahy praised Napolitano
for delaying the
implementation of REAL ID, noting that it would give the States and
Congress more time to deal with the issues that
have been raised about
the program since its inception. Chairman Leahy explained that many
people were worried that REAL ID would
become a national id card.
Napolitano stated that REAL ID was an unfunded mandate that did not take
into consideration how 50 different
motor vehicle departments worked.
Chairman Leahy then turned to the TSA and airport body scanners. He said
that Americans expected
to be treated with dignity when they traveled
and that they found the x-ray scanning machines were a bridge too far
and the pat downs
were too difficult to tolerate. Americans, he said,
appreciate their privacy.
The health concerns Americans articulated about the
machines were also
an issue. Chairman Leahy stated that government should not dismiss any
American’s health concerns when
implementing a program. He related the
story of a registered nurse and cancer survivor who, after conducting
research, will not go
through the screening machines. The nurse is his
wife, to whom he’s been married for 45 years.
The remainder of the hearing
covered issues related to border control
and security, FEMA, and the impact of the House proposed budget cuts on
of Homeland Security priorities.
Chairman Leahy Press Release (March 9, 2011)
Oversight of the Department of Homeland Security (March 9, 2011)
EPIC: National ID and the REAL ID Act
EPIC: EPIC v. DHS (Suspension of Whole Body Scanners)
EPIC: Whole Body Imaging Technology
 EPIC Files Brief with Supreme Court on "Reidentification"
EPIC has filed a “friend of the court”
brief in Sorrell v. IMS Health, a
case now before the U.S. Supreme Court concerning a state privacy law
that seeks to regulate commercial
access to prescription records.
Data-mining companies have challenged the Vermont law, arguing that it
violates the First Amendment
and also that there is no privacy interest
in the transfer of "de-identified" prescriber records. Oral argument in
Sorrell will take
place on April 26, 2011.
The EPIC brief was filed on behalf of 27 technical experts and legal
scholars, as well as 9 consumer and
privacy groups. EPIC argues first
that medical privacy is important and should be protected by law and
that the privacy interest
in limiting access to "de-identified"
prescriber records is even greater than supporters of the law
understood, because the encryption
technique used to conceal patient
records is no longer adequate, and patients' actual identity can be
reconstructed. Finally, EPIC
argued that the state's practice of
requiring pharmacies to retain prescriber information implicates the
Constitutional right of
The Supreme Court is hearing this case because of a circuit split on the
issue. The Second Circuit struck
down Vermont's prescription
confidentiality law regulating data mining companies that sell or use
doctors' prescribing records containing
personal information on
patients. The Court of Appeal's decision, which relied on the First
Amendment, diverged significantly from
other decisions upholding similar
laws. When Maine's prescription privacy law was challenged, the First
Circuit upheld the law, finding
that the statute "regulates conduct, not
speech, and even if it regulates commercial speech, that regulation
standards." The First Circuit also upheld a
similar prescription confidentiality law prohibiting the sale of
in New Hampshire. The Supreme Court refused a
request to review the challenge to New Hampshire's law.
EPIC has also filed a "friend
of the court" brief in support of the
Vermont law at the circuit court level, arguing that the state has a
substantial interest in
protecting the privacy of medial records and
that the data miners' de-identification practices do not, in fact,
protect patient privacy.
EPIC's brief for the lower appellate court was
cited in the opinion of Judge Deborah Ann Livingston. As Judge
"neither appellants nor the majority advances any
serious argument that the state does not have a legitimate and
in medical privacy . . . " EPIC also filed a
"friend of the court" brief in the New Hampshire case.
IMS Health v. Sorrell: EPIC
"friend of the court" brief (Sup. Court)
Supreme Court Blog: Sorrell v. IMS Health
IMS Health Inc. v. Sorell: EPIC "friend of the court" brief (2d Cir.)
IMS Health Inc. v. Sorell: 2d Cir. Opinion
EPIC: IMS Health v. Sorrell
EPIC: IMS Health v. Ayotte
 Facebook Resumes Plan to Disclose User Personal Contact
Facebook has indicated in a letter that it will
go forward with a
proposal to provide users' addresses and mobile phone numbers to
third-party application developers, including
anyone who writes games or
applications that use the Facebook platform. The developers would be
able to ask users for their contact
information, and the user would have
to give permission by clicking the "allow" button before they accessed
comments came in response to a February 2011 letter from Rep.
Markey (D-MA) and Rep. Barton (R-TX) to Mark Zuckerberg questioning
Facebook's plan. In that letter, the Representatives wrote that the
pop-up window permissions in place were not sufficient "given
sensitivity of personal addresses and mobile phone numbers compared to
other information users provide Facebook." EPIC Executive
Rotenberg explained, "Facebook is trying to blur the line between public
and private information. And the request for
permission does not make
clear to the user why the information is needed or how it will be used."
Despite temporarily suspending
the plan following intense objection from
EPIC and consumers, Facebook is now intending to go forward, although it
ways to "enhance user controls." Reps. Markey and Barton
are not satisfied with Facebook's response, and are particularly
about the effect that Facebook's new policy might have on
minors. "I don't believe that applications on Facebook should get this
information from teens, and I encourage Facebook to wall off access to
teen's contact information if they enable this new feature,"
said. Senators Al Franken (D-Minn), Chuck Schumer (D-NY), Sheldon
Whitehouse (D-RI), and Richard Blumenthal (D-Conn) also
not to allow third-party applications and websites to access users'
addresses and mobile phone numbers. The Senators
warned that release of
this sensitive information could make users "easy targets for fraud,
theft, and abuse."
and Barton have previously written to Facebook,
responding to news that the social media giant's business partners
user data to advertising and Internet tracking
companies, in direct violation of Facebook's policies. EPIC, joined by
and privacy organizations, has two complaints pending at
the Federal Trade Commission charging that Facebook's earlier changes to
users' privacy settings constitute unfair and deceptive trade practices.
The Commission has failed to act on either of these complaints.
Senator Blumenthal Press Release (March 9, 2011)
Facebook: letter to Reps. Markey and Barton (February 23, 2011)
Reps. Markey and Barton: Letter to Facebook (February 2, 2011)
Reps. Markey and Barton: Letter to Facebook (October 18. 2010)
Facebook: Addresses and Mobile Phone Numbers (January 18, 2011)
Facebook: Addresses and Mobile Phone Numbers (January 14, 2011)
EPIC: In re Facebook II
 News In Brief
Health and Human Services Fines $4.3 Million for Privacy Violations
The Department of Health and Human Services has determined
Health, a medical center facility with four locations in Maryland and
Washington D.C., violated the privacy rule of the
Portability and Accountability Act of 1996. Cignet Health failed to
provide medical records to 41 patients who requested
them for more than
a year. Under HIPPA, a health center has sixty days to comply with the
request to view medical records. The agency
fined Cignet $1.3 million
for denying patients access to their medical records and an additional
$3 million for failing to cooperate
with the investigation. EPIC has
participated in the discussion of medical privacy records extensively,
filing “friend of the
court” briefs in various cases related to data
Health and Human Services: Announcement
HHS: Summary of HIPAA Privacy Rule
HHS: HITECH Act Enforcement Interim Final Rule
EPIC: Medical Record Privacy
EPIC: IMS Health v. Sorrell
EPIC: IMS Health v. Ayotte
REAL ID Makes Short-Lived Appearance on House Agenda
Despite a strong letter from Rep. Lamar Smith (R-TX), Rep. Peter King
and Rep. James Sensenbrenner (R-WI), the Department of Homeland
Security has once again extended the deadline for the states to comply
with the REAL ID Act of 2005, until January 13, 2013. Twenty-four states
have rejected the Act since its issuance, which previously
deadline at May 11, 2011. The Representatives declared that not
implementing REAL ID "threatens the security of the United
letter follows the arrest of Khalid Ali-M Adawsari on charges of
attempting to use a weapon of mass destruction. EPIC
a report, testified to Congress, and submitted comments stating that
REAL ID included few protections for individual
privacy and security in
its massive national identification database.
EPIC: National ID and the REAL ID Act
EPIC: Biometric Identifiers
Privacy Coalition’s Campaign Against REAL ID
Press Release: Further REAL ID Extension Threatens National Security
Inspector General Finds DHS Contract Management Process Noncompetitive
The Inspector General of the Department of Homeland Security
report finding that the agency's contract files did not provide adequate
evidence of justification and approval, market
research, and acquisition
planning for the $1.3 billion dollars in noncompetitive contracts the
agency entered into in fiscal year
2010. The noncompetitive process
raises doubts that the agency secured the "best possible value" for the
goods and services and that
the contracts were awarded to "eligible and
qualified vendors." The IG recommended that the agency’s Chief
pursue corrective action plans. EPIC previously
criticized the agency’s contracting practices regarding whole body
DHS: Office of the Inspector General
Department of Homeland Security FY 2010 Budget
Inspector General Report
 EPIC Book Review: "The Offensive Internet"
"The Offensive Internet: Speech, Privacy, and Reputation," Edited by
Saul Levmore and Martha C. Nussbaum
To err is human, the old joke goes, but to really screw things up you
need a computer. The same is true for offending our friends
neighbors -- to really ruin a reputation, use social networking.
In a series of provocative essays, “The Offensive Internet,"
Saul Levmore and Martha Nussbaum, some of America's premier privacy
advocates explore the law of reputation in the 21st
It takes guts to challenge longstanding arguments that have become
entrenched in the curriculum of American law schools.
But there are
reasons behind every legal rule, and a number of constitutional scholars
have become willing to ask whether it might
be time to question the
venerable constructs of First Amendment jurisprudence as they apply to
Less gutsy is the tendency
toward techno-idolatry, also represented in
this fine volume. The challengers suggest that the marketplace of ideas
fail, that the harm inflicted by anonymous mobs is worse
than defamation on paper, that we may need a cyberspace civil rights
Those who would welcome our new computer overlords seem to respond
that the law in its majesty is no match for the technorati . Perhaps
technology has cut the Gordian knot, severing the old tension between
individual privacy on the one hand, which must surrender, and
imperatives of "free information" on the other, which must now dominate.
Legal analysis depends heavily on analogy and metaphor.
If the owner of
a printing press rents his equipment to a pamphleteer, should he be
liable for the defamatory words of the pamphleteer?
This has been the
analogy behind immunity provided by Section 230 of the Communications
Decency Act. But some authors point out that
the publisher - a middleman
who served as an identifiable, responsible party -- can vanish online.
Newspapers now eschew anonymity,
but Internet publishing permits
anonymous cyber-mobs to injure vulnerable populations.
Maybe tension is a good thing: a violin string
must have it in order to
produce music, and a vibrant democracy must secure individual rights as
well as majority rule. Together,
the essays in this book suggest that to
demand individual privacy as well as freedom of information is not too
much to ask.
"Litigation Under the Federal Open Government Laws 2010," edited by
Harry A. Hammitt, Marc Rotenberg, John A. Verdi, Ginger McCall, and Mark
S. Zaid (EPIC 2010). Price: $75
Litigation Under the Federal Open Government Laws is the most
comprehensive, authoritative discussion of the federal open access
This updated version includes new material regarding President Obama's
2009 memo on Open Government, Attorney General Holder's
March 2009 memo
on FOIA Guidance, and the new executive order on declassification. The
standard reference work includes in-depth
analysis of litigation under:
the Freedom of Information Act, the Privacy Act, the Federal Advisory
Committee Act, and the Government in the Sunshine Act. The fully updated
2010 volume is the
25th edition of the manual that lawyers, journalists
and researchers have relied on for more than 25 years.
"Information Privacy Law: Cases and Materials, Second Edition" Daniel
J. Solove, Marc Rotenberg, and Paul Schwartz. (Aspen 2005).
This clear, comprehensive introduction to the field of information
privacy law allows instructors to enliven their teaching of fundamental
concepts by addressing both enduring and emerging controversies. The
Second Edition addresses numerous rapidly developing areas of
law, including: identity theft, government data mining and electronic
surveillance law, the Foreign Intelligence Surveillance
intelligence sharing, RFID tags, GPS, spyware, web bugs, and more.
Information Privacy Law, Second Edition, builds a cohesive
for an exciting course in this rapidly evolving area of law.
"Privacy & Human Rights
2006: An International Survey of Privacy Laws
and Developments" (EPIC 2007). Price: $75.
This annual report by EPIC and Privacy International provides an
overview of key privacy topics and reviews the state of privacy
75 countries around the world. The report outlines legal protections,
new challenges, and important issues and events relating
Privacy & Human Rights 2006 is the most comprehensive report on privacy
and data protection ever published.
"The Public Voice WSIS Sourcebook: Perspectives on the World Summit on
the Information Society" (EPIC 2004). Price: $40.
This resource promotes a dialogue on the issues, the outcomes, and the
process of the World Summit on the Information Society (WSIS).
reference guide provides the official UN documents, regional and
issue-oriented perspectives, and recommendations and proposals
future action, as well as a useful list of resources and contacts for
individuals and organizations that wish to become more
involved in the
"The Privacy Law Sourcebook 2004: United States Law, International
and Recent Developments," Marc Rotenberg, editor (EPIC 2005). Price:
The Privacy Law Sourcebook, which has been called the "Physician's Desk
Reference" of the privacy world, is the leading resource
attorneys, researchers, and journalists interested in pursuing privacy
law in the United States and around the world.
It includes the full
texts of major privacy laws and directives such as the Fair Credit
Reporting Act, the Privacy Act, and the OECD
Privacy Guidelines, as
well as an up-to-date section on recent developments. New materials
include the APEC Privacy Framework, the
Video Voyeurism Prevention Act,
and the CAN-SPAM Act.
"Filters and Freedom 2.0: Free Speech Perspectives
on Internet Content
Controls" (EPIC 2001). Price: $20.
A collection of essays, studies, and critiques of Internet content
filtering. These papers are instrumental in explaining why filtering
threatens free expression.
EPIC publications and other books on privacy, open government, free
expression, crypto and governance can be ordered at:
EPIC also publishes EPIC FOIA Notes, which provides brief summaries of
interesting documents obtained
from government agencies under the
Freedom of Information Act.
Subscribe to EPIC FOIA Notes at:
 Upcoming Conferences and Events
"The Review of the EU Data Protection Framework: Latest State of Play."
European Parliament, Room JAN4Q2, Brussels, Belgium, 16
March 2011. For
More Information: email@example.com.
"The Tenth Workshop on Economics of Information Security." The George
Mason University, 14-15 June 2011. For More Information:
"Computers, Freedom, and Privacy 2011." Georgetown Law Center,
Washington D.C., 14-16 June 2011. For More Information:
Join EPIC on Facebook
Join the Electronic Privacy Information Center on Facebook
Start a discussion on privacy. Let us know your thoughts.
Stay up to date with EPIC's events.
The EPIC Alert mailing list is used only
to mail the EPIC Alert and to
send notices about EPIC activities. We do not sell, rent or share our
mailing list. We also intend
to challenge any subpoena or other legal
process seeking access to our mailing list. We do not enhance (link to
our mailing list or require your actual name.
In the event you wish to subscribe or unsubscribe your e-mail address
from this list,
please follow the above instructions under "subscription
The Electronic Privacy Information Center is
a public interest research
center in Washington, DC. It was established in 1994 to focus public
attention on emerging privacy issues
such as the Clipper Chip, the
Digital Telephony proposal, national ID cards, medical record privacy,
and the collection and sale
of personal information. EPIC publishes the
EPIC Alert, pursues Freedom of Information Act litigation, and conducts
policy research. For more information, see http://www.epic.org or write
EPIC, 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009. +1 202
483 1140 (tel), +1 202 483 1248 (fax).
Donate to EPIC
If you'd like to support the work of the
Electronic Privacy Information
Center, contributions are welcome and fully tax-deductible. Checks
should be made out to "EPIC" and
sent to 1718 Connecticut Ave., NW,
Suite 200, Washington, DC 20009. Or you can contribute online at:
Your contributions will help support Freedom of Information Act and
First Amendment litigation, strong and effective advocacy for the right
of privacy and efforts to oppose government regulation
of encryption and
expanding wiretapping powers.
Thank you for your support.
Subscribe/unsubscribe via web interface:
Back issues are available at:
The EPIC Alert displays best in a fixed-width font, such as Courier.
------------------------- END EPIC Alert 18.05 ------------------------