EPIC Alert 19.01
E P I C A l e r t
Volume 19.01 January 18, 2012
Published by the
Electronic Privacy Information Center (EPIC)
"Defend Privacy. Support EPIC."
Table of Contents
 EPIC: FOIA Docs Reveal DHS Monitoring of Online Political Dissent
 EPIC Submits Comments, Letter to FTC re: Facebook
Presses FTC to Investigate Google Search Changes
 EPIC Urges Appeals Court to Shed Light on Google - NSA Agreement
Dept. Rejects S. Carolina's New Voter Photo-ID Law
 News in Brief
 Book Review: 'I Know Who You Are and I Saw What You Did'
 Upcoming Conferences and Events
TAKE ACTION: Support International Privacy Day, January 28!
- VISIT the International Privacy
Day Facebook Page:
- SIGN the Madrid Declaration: http://epic.org/redirect/011812-MD.html
- SUPPORT EPIC: http://www.epic.org/donate/
 EPIC: FOIA Docs Reveal DHS Monitoring of Online Political
As the result of EPIC v. DHS, a Freedom of Information Act lawsuit,
EPIC has obtained nearly 300 pages of documents detailing a Department
of Homeland Security social media surveillance
program. The documents
include contracts and statements of work with General Dynamics for
24/7/365 media and social network monitoring
and periodic reports to
DHS. As part of this contract, General Dynamics was tasked with
monitoring media and social networking
sites and providing immediate,
daily, and weekly summaries to Homeland Security.
The FOIA documents reveal that Homeland Security
is tracking criticism
and dissent, stating that the contractor should monitor and summarize
media stories that "reflect adversely"
on DHS or the US government.
DHS also says that the agency is attempting to "capture public reaction
to major government proposals."
The agency instructs the contractor to
generate "reports on DHS, Components, and other Federal Agencies:
positive and negative
reports on FEMA, CIA, CBP, ICE, etc. as well as
organizations outside the DHS."
One tracking report held up by the DHS as a example
of what a report
should include - "Residents Voice Opposition Over Possible Plan to
Bring Guantanamo Detainees to Local Prison-Standish,
MI" - summarizes
dissent on blogs and social networking cites, quoting commenters on
popular social networking sites and news media
EPIC sent a Freedom of Information Act request for these documents in
April 2011 and filed suit against the agency in December.
EPIC: Freedom of Information Act Request to DHS (April 12, 2011)
EPIC: FOIA Documents Received from DHS (Jan. 12, 2012)
NY Times: 'Federal Security Program Monitored Public Opinion'
(Jan. 13, 2012)
ComputerWorld: 'DHS Media Monitoring Could Chill Public Dissent, EPIC
Warns' (Jan. 16, 2012)
EPIC: EPIC v. DHS (Media Monitoring)
 EPIC Submits Comments, Letter to FTC re: Facebook
EPIC submitted comments to the Federal Trade Commission December 27
over the agency's proposed settlement with Facebook. The settlement
follows from complaints filed by EPIC and other consumer and privacy
organizations in 2009 and 2010 over Facebook's decision to
users' privacy settings in such a way that made users' personal
information more widely available to the public and
business partners. EPIC's comments state that the settlement is
"insufficient to address the concerns originally
identified by EPIC and
the consumer coalition, as well as those findings established by the
The initial FTC settlement
contains an eight-count complaint against
Facebook, and includes allegations that the company violated the
Federal Trade Commission
Act's prohibition on "unfair and deceptive"
trade practices by misleading users about the extent to which they
could control access
to their personal information, and the extent to
which applications and advertisers had access to that same information.
the proposed consent order prohibits Facebook from
misrepresenting the privacy or security of users' personal information,
requires the company to (1) Obtain users' affirmative, express
consent before sharing their information in a way that exceeds their
privacy settings; (2) Establish a comprehensive privacy program;
(3) Ensure that personal information cannot be accessed by Facebook
after a user deletes his or her account; and (4) Submit to
independent privacy audits for 20 years.
EPIC's comments reiterate
suggestions provided during the "Fix Facebook
Privacy Fail" campaign, which was conducted to increase public
participation in and
thus strengthen the proposed settlement. EPIC
urged the Commission to require Facebook to (1) Restore user privacy
their 2009 settings, before the initiation of the "unfair
and deceptive practices" addressed in the complaint; (2) Allow users
access to all of the data that Facebook keeps about them; (3) Cease
creating facial recognition profiles without users' affirmative
consent; (4) Make Facebook's privacy audits publicly available to the
greatest extent possible; and (5) Cease secret post-logout
users across Web sites.
In both the comments and in a separate letter to the Commission, EPIC
drew particular attention
to Facebook's Timeline feature. EPIC's letter
requests that the Commission determine whether the recent changes
Facebook has made
to user profiles via Timeline are consistent with the
terms of the proposed settlement. EPIC's letter states, "With Timeline,
has once again taken control over the user's data from the
user and has now made information that was essentially archived and
inaccessible widely available without the consent of the user."
EPIC: Comments on Facebook-FTC Settlement (Dec. 23, 2011)
EPIC: Letter to FTC re: Timeline (Dec. 27, 2011)
FTC: Complaint Against Facebook (Nov. 29, 2011)
FTC: Proposed Settlement with Facebook (November 29, 2011)
ZDNet: 'EPIC: Facebook Timeline changes users' privacy settings'
(Jan. 10, 2012)
EPIC: FTC Facebook Settlement
EPIC: Facebook Privacy
EPIC: Social Networking Privacy
 EPIC Presses FTC to Investigate Google Search Changes
EPIC has sent a letter to the Federal Trade Commission,
the agency investigate competition and privacy issues surrounding
Google's recent changes to Google Search. Google
announced January 10
that Google Search results would now include users' personal data
gathered from Google+, including photos,
posts, and business pages of
users and their contacts. EPIC's letter states, "Google's business
practices raise concerns related
to both competition and the
implementation of the Commission's consent order," referring to the FTC
settlement with Google that
establishes new privacy safeguards for
users of all Google products and services and subjects the company to
regular privacy audits.
EPIC argues that "[i]ncorporating results from Google+ into ordinary
search results allows Google to promote its own social network
leveraging its dominance in the search engine market." Antitrust
experts, such as Benjamin Edelman of the Harvard University
School, have also stated that "Google has repeatedly crossed the line,
and antitrust enforcement action is required to
put a stop to these
practices." Edelman notes that "the top-most result [of a Google
search] enjoys 34%+ of all clicks - so when
Google takes that position
for itself, there's far less for everyone else." Furthermore, EPIC
notes, "Although data from a user's
Google+ contacts is not displayed
publicly, Google's changes make the personal data of users more
to Google Search come at a time when Congress and
the Federal Trade Commission have indicated they plan to scrutinize the
competitive activities more closely. In September 2011 the
Senate held a hearing on Google's use of its search market dominance
suppress competition. The FTC is also investigating Google for possible
EPIC has actively engaged the
FTC on matters involving Google. EPIC's
2010 complaint over Google's Buzz social networking service provided
the basis for the
Commission's investigation and the subsequent
settlement that dismantled Buzz and required Google to submit to 20
years of government
privacy oversight. Also in September 2011, EPIC
asked the FTC to investigate Google's use of search engine criteria to
treatment to the company's own YouTube videos on
EPIC: Letter to FTC re: Google Search (Jan. 12, 2012)
Google: Announcement: "Google Search Plus Your World" (Jan. 10, 2012)
LA Times: 'Google launches ad campaign to ease privacy concerns'
(Jan 17, 2012)
National Journal: 'EPIC Urges FTC Probe Of Google Personalized Search'
(Jan. 12, 2012)
FTC: Google Buzz settlement (Mar. 30, 2011)
EPIC: in re: Google Buzz
Senate Judiciary Committee: "The Power of Google" (Sept. 21, 2011)
EPIC: Federal Trade Commission
 EPIC Urges Appeals Court to Shed Light on Google - NSA
EPIC has filed the opening brief in EPIC v. NSA.
The brief challenges
the National Security Agency's response to EPIC's Freedom of
Information Act over the Agency's relationship with Google. Contrary to
the Freedom of Information Act, the NSA did not perform a search for
responsive documents, claiming instead that it could "neither confirm
or deny" the existence
of any responsive documents.
On January 12, 2010, Google announced that it had suffered a "highly
sophisticated and coordinated"
cyberattack originating from China.
The attackers planted malicious code in Google's corporate networks,
resulting in the theft
of Google's intellectual property, and at least
the attempted access of the Gmail accounts of Chinese human rights
On February 4, 2010, The Washington Post reported that Google had
contacted the National Security Agency about Google's security
practices in the aftermath of the attack. According to the Washington
Post, the conversations focused on how Google could "[build]
defense of [its] networks." The Wall Street Journal also reported that
within 24 hours of Google's announcement of the
attack, the NSA general
counsel had drafted a "cooperative research and development agreement"
that authorized the Agency to "examine
some of the data related to the
intrusion into Google's systems."
The day after the attack, Google changed a key traffic setting,
all subsequent traffic to and from its electronic mail servers to be
encrypted by default. EPIC had highlighted the need
for encryption in
Google's cloud services in a March 2009 letter to the Federal Trade
Commission. Later in 2009, a group of 38 researchers
and academics in
the fields of computer science, information security, and privacy law
published an open letter to Google stating
encryption was necessary.
Google ignored both of these warnings.
The NSA's response to EPIC's brief is due on February 2, 2012.
argument will be held at the DC Circuit Court on March 20, 2012.
EPIC v. NSA: Google / NSA Relationship
EPIC: Opening Brief in EPIC v. NSA (Jan 3, 2012)
CloudPrivacy: Open Letter to Google CEO Eric Schmidt (June 1, 2009)
EPIC: In re: Google, Inc. and Cloud Computing Services (Mar. 17, 2009)
EPIC: Google/NSA Relationship
Google: A New Approach to China (Jan. 12, 2010)
New York Times: Article on Google/NSA (Feb. 4, 2010)
Washington Post: Article on Google/NSA (Feb. 4, 2010)
Wall Street Journal: Article on Google/NSA (Feb. 4, 2010)
 Justice Dept. Rejects S. Carolina's New Voter Photo-ID
In a December 23 letter to South Carolina state officials,
Department of Justice's Civil Rights division rejected the state's new
government-issued photo ID requirement for voters, claiming
law violates the Voting Rights Act of 1965. The Voting Rights Act
provides legal protection for minority voters who live
in states and
localities with a history of targeting minority groups for voter
suppression; to prevent reoccurrances, the Justice
approve any proposed changes to election or polling-place practices.
The agency's letter states that Section 5
of the Voting Rights Act
requires that "the proposed changes have neither the purpose
nor the effect of denying or abridging the
right to vote on account of
race, color, or membership in a language minority group." Any state or
locality whose request has been
denied has the right to challenge the
ruling in federal court.
Before the passage of the 2011 law, South Carolina had permitted
several forms of voter identification, including a no-cost, no-photo
voter registration certificate, valid South Carolina driver's
or other state-issued photo ID card. The 2011 law mandates that ". . .
When a person presents himself to vote, he shall
produce a valid and
current: South Carolina driver's license; or other form of
identification containing a photograph issued by
the Department of
Motor Vehicles; or passport; or military identification containing a
photograph issued by the federal government;
or South Carolina voter
registration card containing a photograph of the voter. . ."
As of January 2011, only two states, Georgia
and Indiana, had enacted
restrictive voter photo-ID laws. During 2011, however, Kansas,
Wisconsin, Tennessee, Texas, and Mississippi
passed and/or enacted
similar laws. Mississippi's initiative will need legislative approval
before going into effect.
EPIC submitted a "friend of the court" brief in Crawford v.
Marion County, a case arising from the Indiana voter photo ID
EPIC argued that voter privacy and election integrity are
threatened by the adoption of laws that require voters to hold one of
narrow set of government-issued photo identification documents.
US DoJ: Letter to SC Assistant Attorney General (Dec. 23, 2011)
EPIC: Voter Photo ID and Privacy
State of South Carolina: New Voter ID Law of 2011
EPIC: Crawford v. Marion County
 News in Brief
DHS Memo Reveals Plan to Impose 'Secure Communities' on All States
According to a recently available draft memo originally issued
October 2010, the Department of Homeland Security intends to require
that all US states comply with the Agency's "Secure Communities"
program by 2013. "Secure Communities" is a DHS program operated by the
Immigration and Customs Enforcement Agency, and to date has
legislative mandate. Rather, Secure Communities relies on the
Immigration and Nationality Act for definitions and authorities
train law enforcement in the performance of immigration functions.
The program facilitates local and state law enforcement participation
via the sharing of biometric information obtained from individuals who
come into contact with police. In June 2011, California
urged Governor Jerry Brown to suspend the state's participation in
Secure Communities, citing a "crisis of confidence"
in the program.
California lawmakers identified numerous risks raised by the program
and noted "victims of domestic violence had
been [wrongfully] placed
into deportation proceedings as the result of Secure Communities when
they simply called the police for
help." Previously, Illinois, New York
and Massachusetts had also ended their participation in the program.
DHS: Draft Memo on
Mandatory "Secure Communities" (Oct. 2010)
US Dept. Immigration and Customs Enforcement: Secure Communities
EPIC: Secure Communities
State of IL: Letter to DHS on Secure Communities (May 4, 2011)
State of NY: Letter to DHS on Secure Communities (June 1, 2011)
State of MA: Letter to DHS on Secure Communities (June 3, 2011)
Federal Court Revives Suit Over NSA Dragnet Surveillance
The US Ninth Circuit Court of Appeals recently revived Jewel v. NSA,
lawsuit challenging the National Security Agency's use of the nation's
largest telecommunication providers to conduct suspicionless
surveillance of Americans. The three-judge panel reversed a lower court
decision that the challengers claimed lacked constitutional
the case will now return to the court for a decision on its merits. In
a related case, Hepting v. AT&T, the same three-judge
a suit against the telecommunications provider, and upheld the
"retroactive immunity" provision granted by Congress
in 2008. In 2007,
EPIC, in cooperation with the Stanford Constitutional Law Center,
filed a "friend of the court" brief in support
of the plaintiffs,
whose cases at the time were combined under Hepting v. AT&T. EPIC's
brief argued that constitutional privacy
violations are sufficient to
establish standing, and that the state secrets doctrine should not bar
US Ninth Circuit
Court: Opinion in Jewel v. NSA (Dec. 29, 2011)
US Ninth Circuit Court: Opinion in Hepting v. AT&T (Dec. 29, 2011)
EPIC: Hepting v. AT&T
EPIC: Friend of the Court Brief in Hepting v. AT&T (May 2007)
EPIC: NSA Warrantless Surveillance
Privacy Group Launches Online Consumer Complaint Center
The Privacy Rights Clearinghouse has launched an interactive online
complaint center designed "to serve as a clearinghouse for consumer
privacy complaints." The online complaint center was inspired
2009 KnowPrivacy study conducted by graduate students at the UC-
Berkeley School of Information. The study discovered that
consumers are concerned about the collection of their personal
information, many do not know how or where to voice their
complaints. PRC states that the goals of the online complaint center
are to "empower consumers" and "educate the public
Privacy Rights Clearinghouse: File a Complaint
Privacy Rights Clearinghouse
PRC: Complaint Center Announcement (Jan. 3, 2012)
J. Gomez, T. Pinnick, and A. Soltani: "KnowPrivacy" (June 1, 2009)
 Book Review: 'I Know Who You Are and I Saw What
"I Know Who You Are and Saw What You Did: Social
Networks and the Death
of Privacy," Lori Andrews
By now you've probably heard the adage that Facebook, with a population
of more than 750 million users, is the third largest nation
Lori Andrews, author of "I Know Who You Are and I Saw What you Did,"
views "Facebook Nation" as the worst possible conglomeration
oligarchy and surveillance state. According to Andrews, Facebook, the
neighboring social-network satellite nations of Twitter,
Myspace, and Google+, and mysterious non-state kingmakers like data
aggregation firms and behavioral marketers, are increasingly
us of our choices, identity, and humanity, both on- and offline.
Perhaps you could equate Facebook with another nation
China. Facebook, like China, has with a young, burgeoning population
perpetually demanding more goods; an infrastructure
grows and changes without input from its citizens; a political system
controlled by a secretive elite with uniform
views and a vast
commercial-industrial base, and an uninterested judiciary. Facebook's
economic policies, like China's, appear
to be based on the premise that
if you allow your citizens the ability to acquire "nice stuff," they'll
forget that they're being
endangered, exploited, spied on and silenced.
But China has a constitution, which it at least nominally follows.
all Facebook users must agree to before they join the service. Only a
of users probably read the entire document, and
that's most likely just fine with Facebook's national leaders.
Policy technically allows users to opt out of
certain Web site features. But Facebook - along with many other Web
sites and ISPs
- simultaneously sells your data to shadowy "data
aggregators" that have no privacy policies and provide users with no
way to opt
What's happening to your aggregated data, your "shadow self", out
there? According to Andrews, mostly it's being used to
make money for
companies. Meanwhile, it can also be misused, misconstrued, falsified,
or otherwise used against you. You are being
harvested for your digital
parts without your knowledge or consent, and everyone, from employers
to credit bureaus to jealous spouses
to the Department of Homeland
Security, can have access to it, for a price.
So what are we to do, other than remove ourselves from
entirely - a feat that by now is both nearly impossible and
undesirable? Are we victims of our own desire for more
and more "free"
content, meekly succumbing to the effects of corporate greed and
governmental overreach? No, says Andrews. If we
are Internet citizens,
then we should remake social networks into the citizen-run democracies
they were originally intended to
be by creating a "Social Network
"Our Social Network Constitution would ensure that all individuals have
the opportunity to connect and freely associate without discrimination,"
"It will give individuals control over their
information, place, feelings, and image. It will ensure that the
judicial system is
able to fairly and appropriately administer justice.
And, built into our Constitution, will be a mechanism protecting those
rights." Not only will the Social Network Constitution liberate us
online, Andrews contends, but the positive effects will percolate into
our physical lives, just as all aspects of the
online and physical
worlds are becoming more and more interconnected.
Sounds great, doesn't it? But after 180+ pages of horrifying
readers with nonstop examples of present-day abuses of online privacy,
and their consequences, Andrews' last chapter, "Slouching
Constitution," comes across as tepid and a little unrealistic. Andrews'
arguments don't prove that any coalition of Netizens or privacy
can untangle Internet users from the corporate flytraps she
depicts as being nearly omnipresent and omnipotent.
nation has governing principles about what rights its
citizens have over property, privacy, life and liberty," she says. "The
of Facebook Nation deserve no less." Perhaps we do. But this
book may not be a sufficiently clear and galvanizing path to social-
-- EC Rosenberg
"Litigation Under the Federal Open Government
Laws 2010," edited by
Harry A. Hammitt, Marc Rotenberg, John A. Verdi, Ginger McCall, and Mark
S. Zaid (EPIC 2010). Price: $75
Litigation Under the Federal Open Government Laws is the most
comprehensive, authoritative discussion of the federal open access
This updated version includes new material regarding President Obama's
2009 memo on Open Government, Attorney General Holder's
March 2009 memo
on FOIA Guidance, and the new executive order on declassification. The
standard reference work includes in-depth
analysis of litigation under:
the Freedom of Information Act, the Privacy Act, the Federal Advisory
Committee Act, and the Government in the Sunshine Act. The fully updated
2010 volume is the
25th edition of the manual that lawyers, journalists
and researchers have relied on for more than 25 years.
"Information Privacy Law: Cases and Materials, Second Edition" Daniel
J. Solove, Marc Rotenberg, and Paul Schwartz. (Aspen 2005).
This clear, comprehensive introduction to the field of information
privacy law allows instructors to enliven their teaching of fundamental
concepts by addressing both enduring and emerging controversies. The
Second Edition addresses numerous rapidly developing areas of
law, including: identity theft, government data mining and electronic
surveillance law, the Foreign Intelligence Surveillance
intelligence sharing, RFID tags, GPS, spyware, web bugs, and more.
Information Privacy Law, Second Edition, builds a cohesive
for an exciting course in this rapidly evolving area of law.
"Privacy & Human Rights
2006: An International Survey of Privacy Laws
and Developments" (EPIC 2007). Price: $75.
This annual report by EPIC and Privacy International provides an
overview of key privacy topics and reviews the state of privacy
75 countries around the world. The report outlines legal protections,
new challenges, and important issues and events relating
Privacy & Human Rights 2006 is the most comprehensive report on privacy
and data protection ever published.
"The Public Voice WSIS Sourcebook: Perspectives on the World Summit on
the Information Society" (EPIC 2004). Price: $40.
This resource promotes a dialogue on the issues, the outcomes, and the
process of the World Summit on the Information Society (WSIS).
reference guide provides the official UN documents, regional and
issue-oriented perspectives, and recommendations and proposals
future action, as well as a useful list of resources and contacts for
individuals and organizations that wish to become more
involved in the
"The Privacy Law Sourcebook 2004: United States Law, International
and Recent Developments," Marc Rotenberg, editor (EPIC 2005). Price:
The Privacy Law Sourcebook, which has been called the "Physician's Desk
Reference" of the privacy world, is the leading resource
attorneys, researchers, and journalists interested in pursuing privacy
law in the United States and around the world.
It includes the full
texts of major privacy laws and directives such as the Fair Credit
Reporting Act, the Privacy Act, and the OECD
Privacy Guidelines, as
well as an up-to-date section on recent developments. New materials
include the APEC Privacy Framework, the
Video Voyeurism Prevention Act,
and the CAN-SPAM Act.
"Filters and Freedom 2.0: Free Speech Perspectives
on Internet Content
Controls" (EPIC 2001). Price: $20.
A collection of essays, studies, and critiques of Internet content
filtering. These papers are instrumental in explaining why filtering
threatens free expression.
EPIC publications and other books on privacy, open government, free
expression, and constitutional values can be ordered at:
EPIC also publishes EPIC FOIA Notes, which provides brief summaries of
interesting documents obtained
from government agencies under the
Freedom of Information Act.
Subscribe to EPIC FOIA Notes at:
 Upcoming Conferences and Events
Computers, Privacy, & Data Protection 2012: European Data Protection:
Coming of Age, Brussels, Belgium, 25-27 January 2012. For
Computers, Privacy, & Data Protection 2012: EPIC International
Champion of Freedom Awards, Brussels, Belgium, 26 January 2012.
More Information: http://www.cpdpconferences.org/thursday26january.
Internet Data Privacy Colloquium, 2012: Dialogue on Diversity,
Washington, DC, 26 January 2012. For More Information: http://www.
Council of Europe Privacy Convention, Brussels, Belgium, 27 January
2012. For More Information: http://epic.org/2012/01/the-council-
Platts Smart Grid Data Privacy Symposium. Las Vegas, NV, 16-17 February
2012. For More Information: http://www.platts.com/ConferenceDetail/
Join EPIC on Facebook and Twitter
Join the Electronic Privacy Information Center on Facebook and Twitter:
Join us on Twitter for #privchat, Tuesdays, 11:00am ET.
Start a discussion on privacy. Let us know your thoughts.
Stay up to date
with EPIC's events.
The EPIC Alert mailing list is used only to mail the EPIC Alert and to
send notices about EPIC activities. We do not sell, rent
or share our
mailing list. We also intend to challenge any subpoena or other legal
process seeking access to our mailing list. We
do not enhance (link to
other databases) our mailing list or require your actual name.
In the event you wish to subscribe or unsubscribe
your e-mail address
from this list, please follow the above instructions under "subscription
The Electronic Privacy Information Center is
a public interest research
center in Washington, DC. It was established in 1994 to focus public
attention on emerging privacy issues
such as the Clipper Chip, the
Digital Telephony proposal, national ID cards, medical record privacy,
and the collection and sale
of personal information. EPIC publishes the
EPIC Alert, pursues Freedom of Information Act litigation, and conducts
policy research. For more information, see http://www.epic.org or write
EPIC, 1718 Connecticut Ave., NW,
Suite 200, Washington, DC 20009. +1 202
483 1140 (tel), +1 202 483 1248 (fax).
Donate to EPIC
If you'd like to support the work of the
Electronic Privacy Information
Center, contributions are welcome and fully tax-deductible. Checks
should be made out to "EPIC" and
sent to 1718 Connecticut Ave. NW,
Suite 200, Washington, DC 20009. Or you can contribute online at:
Your contributions will help support Freedom of Information Act and
First Amendment litigation, strong and effective advocacy for the right
of privacy and efforts to oppose government regulation
of encryption and
expanding wiretapping powers.
Thank you for your support.
Subscribe/unsubscribe via web interface:
Back issues are available at:
The EPIC Alert displays best in a fixed-width font, such as Courier.
------------------------- END EPIC Alert 19.01 ------------------------