WorldLII Home | Databases | WorldLII | Search | Feedback

EPIC Alert

You are here:  WorldLII >> Databases >> EPIC Alert >> 2012 >> [2012] EPICAlert 7

Database Search | Name Search | Recent Articles | Noteup | LawCite | Help

EPIC Alert 19.07 [2012] EPICAlert 7

EPIC Alert 19.07

======================================================================= E P I C A l e r t ======================================================================= Volume 19.07 April 12, 2012 ----------------------------------------------------------------------- Published by the Electronic Privacy Information Center (EPIC) Washington, D.C. "Defend Privacy. Support EPIC." ======================================================================= Table of Contents ======================================================================= [1] EPIC to Commerce Dept.: Establish Privacy Rights [2] EPIC Urges Court to Affirm Privacy Protections for Home Wi-Fi [3] EPIC Presses Appeals Court to Uphold Workplace Privacy [4] FTC Announces $30 Million Penalty Against Deceptive Robocallers [5] EPIC Announces New Advisory Board Members [6] News in Brief [7] EPIC in the News [8] Book Review: 'Privacy and Big Data' [9] Upcoming Conferences and Events TAKE ACTION: Stop Employers from Demanding Facebook Passwords! SIGN the Petition: KNOW Your Workplace Privacy Rights: SUPPORT EPIC: ======================================================================= [1] EPIC to Commerce Dept.: Establish Privacy Rights ======================================================================= EPIC has submitted comments to the National Telecommunications and Information Administration of the Department of Commerce, urging the agency to implement the principles set out in the White House Consumer Privacy Bill of Rights. EPIC's comments also argue that the Administrative Procedures Act is is an effective and transparent way to solicit public comment and produce a meaningful outcome. The Obama Administration recently put forward a comprehensive privacy framework with principles designed to establish new safeguards for consumers and new responsibilities for companies that collect and use personal information. In introducing the framework, President Obama said, "Even though we live in a world in which we share personal information more freely than in the past, we must reject the conclusion that privacy is an outmoded value. It has been at the heart of our democracy from its inception, and we need it now more than ever." The Department of Commerce has announced it will convene a multi- stakeholder process to develop enforceable codes of conduct for consumer privacy protection. According to the Department of Commerce, the codes of conduct will become enforceable by the Federal Trade Commission once adopted by industry. EPIC has expressed support for the principles outlined in the White House Consumer Privacy Bill of Rights. In order to ensure that CPBR's privacy principles are meaningfully implemented and enforced, however, EPIC has recommended that the Commerce Department undertake several actions. First, the agency should ensure transparency, inclusiveness, and judicial review by implementing the CPBR through the Administrative Procedure Act. Second, the agency should refine the current CPBR and continue to develop additional privacy principles. Finally, EPIC has recommended that the CPBR ultimately be codified through comprehensive privacy legislation. EPIC: Comments on Multi-Stakeholder Process (Apr. 2, 2012) Federal Register: Multi-Stakeholder Comment Process (Mar. 5, 2012) White House: Consumer Data Privacy Framework (Feb. 2012) EPIC: Commerce Department (Green Paper) EPIC: White House Consumer Privacy Bill of Rights EPIC: Federal Trade Commission ======================================================================= [2] EPIC Urges Court to Affirm Privacy Protections for Home Wi-Fi ======================================================================= EPIC has filed a "friend of the court" brief in the Ninth Circuit, urging the court to uphold ECPA protections for home Wi-Fi communications. In the case Joffe v. Google, the plaintiffs sued Google under the Electronic Communications Privacy Act (ECPA) for the interception and capture of private communications transferred over residential Wi-Fi networks. The interception occurred when Google's "Street View" vehicles captured Wi-Fi network information and "payload" data. Google contended that it should be exempt from liability under ECPA because users had failed to encrypt their Wi-Fi traffic and their personal communications, and were therefore "readily accessible to the general public." The court found that the fact that "a network is unencrypted does not render that network readily accessible to the general public and serve to remove the intentional interception of electronic communications from that network from liability under the ECPA." Google then appealed the court's ruling. EPIC's brief for the Ninth Circuit, which contains a detailed technical discussion of Wi-Fi technology, explains that residential Wi-Fi networks differ significantly from the traditional radio broadcasts subject to the ECPA exemption because Wi-Fi networks have a limited range and enable point-to-point rather than broadcast communications. EPIC also argues that consumers should not bear the burden of securing their networks against sophisticated eavesdroppers; the brief further states that the purpose of the ECPA is to protect such communications from interception with legal sanctions that would be unnecessary if security measures were sufficient. EPIC: "Friend of the Court Brief" in Joffe v. Google (Mar. 30, 2012) US District Court: Order in In re Google Street View (June 29, 2011) EPIC: Ben Joffe v. Google Inc. EPIC: Investigation of Google Street View Program EPIC: Electronic Communications Privacy Act (ECPA) ======================================================================== [3] EPIC Presses Appeals Court to Uphold Workplace Privacy ======================================================================== EPIC filed a "friend of the court" brief April 6 in the Fourth Circuit Court of Appeals, urging the court to uphold employee privacy interests in personal emails. In the case United States v. Hamilton, the US government sought to introduce personal emails sent between a husband and wife as evidence in a criminal trial. Typically marital communications are presumed to be private, confidential, and privileged under federal and state law. However, in this case federal law enforcement officials contended that the US government could admit such private communications because they were sent from defendant Phillip Hamilton's Newport News, VA, Public Schools e-mail account, where he was a part-time teacher. At the time Hamilton's emails were sent, the Newport News school district had no policy governing the use of school computers and email accounts. The prosecution contended that a policy instituted a year later was sufficient to eliminate the husband's reasonable expectation that the communications with his wife were private and confidential. The district court agreed. EPIC's brief argues that employees in the modern workplace operate from their homes, offices, and various remote locations using a variety of devices; that employees routinely send private, personal communications using work-related devices; and that an employee's expectation of privacy and confidentiality in a personal message cannot be retroactively waived by a workplace use policy implemented a year later, as the lower court suggested. "This Court Should Hold That the Mere Presence of a Workplace Use Policy is Not Sufficient to Defeat the Reasonable Expectation That Employees Have in the Privacy of Their Personal Communications," the brief maintains. EPIC: "Friend of the Court" Brief in US v. Hamilton (Apr. 6, 2012) US Fourth District Court: Opinion in US v. Hamilton (Apr. 11, 2011) EPIC: US v. Hamilton EPIC: Workplace Privacy ======================================================================= [4] FTC Announces $30 Million Penalty Against Deceptive Robocallers ======================================================================= The Federal Trade Commission announced April 2 that a federal judge in New York state ordered the owners of a deceptive robocall scheme known as the "Cash Grant Institute" to pay a $30 million civil penalty and surrender more than $1.1 million in illegally acquired assets. The Cash Grant Institute (CGI) had promised "cash grants" to 8 million individuals. Many of the individuals who had been called had already registered their phone numbers with the National Do-Not-Call Registry. However, CGI merely referred interested individuals to grant-related web sites that charged a fee for providing general information about obtaining grants from private sources. The same individuals behind CGI also operated some of these websites. The Commission determined that CGI's robocalls violated the Federal Trade Commission Act and the Telemarketing Sales Rule. The $30 million fine against CGI is the largest ever imposed for a violation of the Do-Not-Call Registry. In addition to CGI's fine and forced shutdown, the court order bars "the defendants from selling or otherwise benefitting from customers' personal information, and require[s] them to properly dispose of customers' personal information within 30 days." The Do-Not-Call Implementation Act of 2003 established the National Do-Not-Call Registry. The Registry, which is managed and enforced by the Federal Trade Commission, allows consumers to prevent telemarketers from soliciting over a registered phone number. The Do-Not-Call Registry has a few limited exceptions, including for political and non-profit organizations. US District Court, Western NY: Decision in FTC v. CGI (Mar. 23, 2012) FTC: Press Release on Robocall Decision (Apr. 2, 2012) EPIC: Do Not Call Registry EPIC: Telephone Consumer Protection Act National Do-Not-Call Registry FTC: Q&A: The National Do Not Call Registry EPIC: Federal Trade Commission ======================================================================= [5] EPIC Announces New Advisory Board Members ======================================================================= EPIC has announced the individuals joining the EPIC Advisory Board in 2012. They are: Colin Bennett, Ryan Calo, Laura Donohue, Cynthia Dwork, Orin Kerr, and Frank A. Pasquale. The EPIC Advisory Board is a distinguished group of experts that aincludes leading innovators, scholars, and advocates. EPIC Board Chair Deborah Hurley said, "We are very pleased to welcome our new members to the EPIC Advisory Board. This is an extraordinary group of individuals who will bring much to our work." Professor Colin Bennet teaches Political Science at the University of Victoria, British Columbia. A leading expert in surveillance technologies and privacy, Bennet has published six books, including "The Governance of Privacy: Policy Instruments in Global Perspective" (2006), "The Privacy Advocates: Resisting the Spread of Surveillance" (2008), and "Security Games: Surveillance and Control at Mega-Events" (2011). Ryan Calo is the Director of Privacy and Robotics at Stanford Law School's Center for Internet and Society. His work has been featured in The New York Times, The San Jose Mercury News, The Wall Street Journal, and other publications. He co-chairs the American Bar Association Committee on Robotics and Artificial Intelligence. Associate Professor Laura Donohue teaches at Georgetown University Law Center. She has held fellowships at Stanford Law School's Center for Constitutional Law, Stanford University's Center for International Security and Cooperation, and Harvard University's John F. Kennedy School of Government. Her areas of expertise include state secrets; surveillance, data collection and analysis; extended detention and interrogation; and the history of quarantine law. Dr. Cynthia Dwork is a Distinguished Scientist at Microsoft Research and a leading expert in distributed computing, cryptography, and email spam prevention. Her research interests also include private data analysis, complexity theory, web search, voting theory, interconnection networks, algorithm design and analysis In 2008, she was elected as a Fellow of the American Academy of Arts and Sciences (AAAS) and as a member of the National Academy of Engineering. Professor Orin Kerr teaches at The George Washington University Law School and is one of the nation's leading scholars in criminal law and criminal procedure. He is frequently cited in opinions by district and appellate courts. Among his many publications, he is coauthor of the leading casebook and the leading treatise in criminal procedure. Before attending law school, he earned undergraduate and graduate degrees in mechanical engineering. Professor Frank A. Pasquale teaches law at Seton Hall University. He has served as the Chair of the Section on Privacy and Defamation of the Association of American Law Schools, and is an Affiliate Fellow at Yale Law School's Information Society Project. His scholarship focuses on the power wielded by large intermediaries, including insurers, Internet service providers, financial institutions, and search engines. EPIC has also announced three new members of the Board of Directors: Attorney and privacy advocate Grayson Barber, former FTC Commissioner Pamela Jones Harbour, and technology entrepreneur Ray Ozzie. The incoming Board members will replace Whitfield Diffie, Mary Minow, and Paul Smith, who will be stepping down from the Board after the completion of their terms. EPIC: Advisory Board EPIC: Board of Directors ======================================================================= [6] News in Brief ======================================================================= EPIC Obtains New Details on PATRIOT Act As the result of a Freedom of Information Act request, EPIC has obtained more than 650 pages of documents related to the USA PATRIOT Act. EPIC had requested information related to the FBI's abuse of PATRIOT Act authorities as well as documents regarding the Act's renewal. The documents disclosed by the FBI include training presentations, answers to questions from Senators Patrick Leahy (D-VT) and Arlen Specter (D-PA), and a list of reporting requirements. In an answer to Senator Leahy, the FBI stated that while it would discontinue the use of exigent letters, which the Inspector General had previously noted as a frequent source of abuse, the agency planned to continue using the emergency disclosures provision of the Electronic Communications Privacy Act. EPIC: USA PATRIOT Act EPIC: US DOJ and FISA Documents (Acquired under FOIA) EPIC: FBI Training Presentations re: USA PATRIOT Act Renewal (FOIA) EPIC: US DOJ Letter to Sen. Leahy (Jan. 25, 2008) (FOIA) EPIC: US DOJ Letter to Sen. Specter (Nov. 30, 2006) (FOIA) Divided Supreme Court Upholds Strip Search for Minor Offense Arrests The US Supreme Court has held in a 5-4 decision that detainees may be required to undergo a strip search before being admitted to the general prison population. In Florence v. Board of Chosen Freeholders, petitioner Albert Florence was wrongfully arrested and detained based on a fine that he had already paid. Florence was held for six days in a local detention center, and then transferred to a county correctional facility before charges against him were dismissed. At both facilities, Florence was subject to a visual strip search by an officer even though there was no reason to suspect that he carried any contraband or dangerous items. Justice Anthony Kennedy delivered the majority opinion. Chief Justice John Roberts and Justic Samuel Alito both filed concurring opinions highlighting the potential exceptions to the Court's general rule allowing suspicionless strip searches. Justice Stephen Breyer, joined by three other justices, filed a dissenting opinion, arguing that the strip searches were an "affront to human dignity and to individual privacy." EPIC has challenged the government's use of intrusive body searches in various contexts, including the TSA's use of airport body scanners. EPIC has also challenged arrests based on error-prone government databases. US Supreme Court: Decision in Florence v. NJ Freeholders (Apr. 4, 2012) EPIC: Herring v. United States EPIC v. DHS (Suspension of Body Scanner Program) Survey Finds Widespread Consumer Concerns about Online Privacy In response to a request from the National Telecommunications and Information Administration, Consumers Union, publisher of Consumer Reports, recently conducted a national survey on the privacy concerns of American consumers. The survey found that most consumers had serious concerns about their online privacy and about the collection and use of their personal data. 71 percent of respondents said they were very concerned about companies disclosing their information without their permission; 65 percent of smartphone owners were very concerned that apps could access their contacts, photos, and location data without their permission; and 53 percent were concerned that data about their online activities and purchases could be used to deny employment or loans. Consumers Union: Consumer Comments to NTIA on Privacy (Apr. 2, 2012) EPIC: Public Opinion on Privacy EPIC: Data Retention EPIC: iPhone Privacy EPIC: Locational Privacy EPIC: Personal Data and Privacy Protection PRC Promotes Personal Data "Spring Cleaning" Privacy Tips Identity thieves often target sensitive digital devices loaded with personal data. The Privacy Rights Clearinghouse recommends the following tips before sending unwanted digital devices or documents to the trash, garage sale, storage, or Goodwill: 1. Don't toss documents - Shred or incinerate them. 2. Consider a shredding facility. 3. Keep sensitive documents under lock and key. 4. Physically destroy old flash drives. 5. Wipe old computer hard drives. 6. Wipe data from cell phones. 7. Erase the hard drive on unwanted digital copiers. 8. Physically destroy CDs and DVDs by breaking them into pieces. 9. Know the law when disposing of business documents. Privacy Rights Clearinghouse: Data Spring Cleaning Tips PRC: Checklist of Responsible Information-Handling Practices PRC: Personal Data Retention and Destruction Plan Nat. Conf. of State Legislatures: State Data Breach Notification Laws EPIC: Identity Theft ======================================================================= [7] EPIC in the News ======================================================================= "A Primer on Domestic Drones: Legal, Policy, and Privacy Implications," Forbes, April 10, 2012. "Facebook-Instagram deal raises new privacy worries." CNET News, April 9, 2012. "Execs Discuss Recent Changes to Google's Privacy Policy"," C-SPAN, April 9, 2012. "FTC making a mockery of Brandeis's words." The Washington Post, April 3, 2012. "Manhattan Woman Wants Tighter LinkedIn Security." NBC 4 New York, April 3, 2012. "Supreme Court Limits Damage Payments To Whistle-Blowers." NPR, March 28, 2012. "Gun-shy TSA gets critic booted from Congressional panel." ArsTechnica, March 28, 2012. For More EPIC in the News: ======================================================================= [8] Book Review: 'Privacy and Big Data' ======================================================================= "Privacy and Big Data: The Players, Regulators, and Stakeholders," Terence Craig and Mary E. Ludloff The term "Big Data" sounds fresh right now, but given the media's byte-sized memory for tech trends, expect it to have a short shelf life. In the meantime, enjoy "Privacy and Big Data: The Players, Regulators, and Stakeholders," O'Reilly's quick, thoughtful recap of the current status of big data and its relationship to consumer privacy. This book's content may be redundant to seasoned privacy experts, but it nevertheless provides a clear and deliberative framework for discussing data privacy without the current big-data hype. Authors Terence Craig and Mary Ludloff are a strange pair to focus so even-handedly on the privacy ramifications of the petabytes of data available to corporations and governments: They're the principals of PatternBuilders, a company that helps other companies make sense of their data stores. Despite the seeming conflict of interest, their views on data privacy issues ("Privacy vs. Safety and Security," "Commodity vs. Right," "Unprecedented Access Further Erodes Privacy Expectations") may mollify even the twitchiest privacy activist. "Privacy and Big Data" seems to have been produced in a hurry: URLs can go on for lines, typos are frequent, and long headers are squished into one line without regard for tracking. Often the chapter bibliographies rival the chapter text in length. Do your best to ignore the errors and focus instead on the text, which is written in the typical spare and pleasant O'Reilly house style. Craig and Ludloff discuss the difficulties of putting together the book, but their openness is an indication of their overall honesty in assessing the digital privacy landscape as it relates to big data. In one section of the book called "While the Players Are Playing, Consumer Privacy Continues to Erode," they admit, "We don't have any easy answers for you"; later, they state that privacy is becoming part of the "bar fight trifecta," which already includes "'Religion, Politics, and Another Man's Spouse.'" Craig and Ludloff close the book with their hopes for the future of data privacy and the means they currently use to protect their own data. Craig fears for human safety in civil war or under dictatorships if too much data is available; at the same time he refuses to "give up Google Maps, Facebook, mobile phones, Groupon, and electronic tax returns." Ludloff believes in regulation in the long term and "security through obscurity" in the short term, including eschewing Facebook and online photos. Craig and Ludloff are sincere, rueful guides through the big-data morass; even if you've heard it all before, you might want to hear it again from this unlikely pair of pro-privacy, big-data entrepreneurs. -- EC Rosenberg ================================ EPIC Publications: "Litigation Under the Federal Open Government Laws 2010," edited by Harry A. Hammitt, Marc Rotenberg, John A. Verdi, Ginger McCall, and Mark S. Zaid (EPIC 2010). Price: $75 Litigation Under the Federal Open Government Laws is the most comprehensive, authoritative discussion of the federal open access laws. This updated version includes new material regarding President Obama's 2009 memo on Open Government, Attorney General Holder's March 2009 memo on FOIA Guidance, and the new executive order on declassification. The standard reference work includes in-depth analysis of litigation under: the Freedom of Information Act, the Privacy Act, the Federal Advisory Committee Act, and the Government in the Sunshine Act. The fully updated 2010 volume is the 25th edition of the manual that lawyers, journalists and researchers have relied on for more than 25 years. ================================ "Information Privacy Law: Cases and Materials, Second Edition" Daniel J. Solove, Marc Rotenberg, and Paul Schwartz. (Aspen 2005). Price: $98. This clear, comprehensive introduction to the field of information privacy law allows instructors to enliven their teaching of fundamental concepts by addressing both enduring and emerging controversies. The Second Edition addresses numerous rapidly developing areas of privacy law, including: identity theft, government data mining and electronic surveillance law, the Foreign Intelligence Surveillance Act, intelligence sharing, RFID tags, GPS, spyware, web bugs, and more. Information Privacy Law, Second Edition, builds a cohesive foundation for an exciting course in this rapidly evolving area of law. ================================ "Privacy & Human Rights 2006: An International Survey of Privacy Laws and Developments" (EPIC 2007). Price: $75. This annual report by EPIC and Privacy International provides an overview of key privacy topics and reviews the state of privacy in over 75 countries around the world. The report outlines legal protections, new challenges, and important issues and events relating to privacy. Privacy & Human Rights 2006 is the most comprehensive report on privacy and data protection ever published. ================================ "The Public Voice WSIS Sourcebook: Perspectives on the World Summit on the Information Society" (EPIC 2004). Price: $40. This resource promotes a dialogue on the issues, the outcomes, and the process of the World Summit on the Information Society (WSIS). This reference guide provides the official UN documents, regional and issue-oriented perspectives, and recommendations and proposals for future action, as well as a useful list of resources and contacts for individuals and organizations that wish to become more involved in the WSIS process. ================================ "The Privacy Law Sourcebook 2004: United States Law, International Law, and Recent Developments," Marc Rotenberg, editor (EPIC 2005). Price: $40. The Privacy Law Sourcebook, which has been called the "Physician's Desk Reference" of the privacy world, is the leading resource for students, attorneys, researchers, and journalists interested in pursuing privacy law in the United States and around the world. It includes the full texts of major privacy laws and directives such as the Fair Credit Reporting Act, the Privacy Act, and the OECD Privacy Guidelines, as well as an up-to-date section on recent developments. New materials include the APEC Privacy Framework, the Video Voyeurism Prevention Act, and the CAN-SPAM Act. ================================ "Filters and Freedom 2.0: Free Speech Perspectives on Internet Content Controls" (EPIC 2001). Price: $20. A collection of essays, studies, and critiques of Internet content filtering. These papers are instrumental in explaining why filtering threatens free expression. ================================ EPIC publications and other books on privacy, open government, free expression, and constitutional values can be ordered at: EPIC Bookstore ================================ EPIC also publishes EPIC FOIA Notes, which provides brief summaries of interesting documents obtained from government agencies under the Freedom of Information Act. Subscribe to EPIC FOIA Notes at: ======================================================================= [9] Upcoming Conferences and Events ======================================================================= Symposium on 'Internet Privacy: A Culture of Privacy and Trust on the Internet.' 26 March 2012, Berlin. For More Information: American Library Association Webinar, "Choose Privacy Week: Government surveillance in a digital age," 19 April 2012. For more information: NYU/Princeton Conference: 'Mobile and Location Privacy: A Technology and Policy Dialog.' 13 April 2012, New York, NY. For More Information: We Robot 2012: 'Setting the Agenda.' 21-22 April 2012, Miami, FL. For More Information: ======================================================================= Join EPIC on Facebook and Twitter ======================================================================= Join the Electronic Privacy Information Center on Facebook and Twitter: Join us on Twitter for #privchat, Tuesdays, 11:00am ET. Start a discussion on privacy. Let us know your thoughts. Stay up to date with EPIC's events. Support EPIC. ======================================================================= Privacy Policy ======================================================================= The EPIC Alert mailing list is used only to mail the EPIC Alert and to send notices about EPIC activities. We do not sell, rent or share our mailing list. We also intend to challenge any subpoena or other legal process seeking access to our mailing list. We do not enhance (link to other databases) our mailing list or require your actual name. In the event you wish to subscribe or unsubscribe your e-mail address from this list, please follow the above instructions under "subscription information." ======================================================================= About EPIC ======================================================================= The Electronic Privacy Information Center is a public interest research center in Washington, DC. It was established in 1994 to focus public attention on emerging privacy issues such as the Clipper Chip, the Digital Telephony proposal, national ID cards, medical record privacy, and the collection and sale of personal information. EPIC publishes the EPIC Alert, pursues Freedom of Information Act litigation, and conducts policy research. For more information, see or write EPIC, 1718 Connecticut Ave. NW, Suite 200, Washington, DC 20009. +1 202 483 1140 (tel), +1 202 483 1248 (fax). ======================================================================= Donate to EPIC ======================================================================= If you'd like to support the work of the Electronic Privacy Information Center, contributions are welcome and fully tax-deductible. Checks should be made out to "EPIC" and sent to 1718 Connecticut Ave. NW, Suite 200, Washington, DC 20009. Or you can contribute online at: Your contributions will help support Freedom of Information Act and First Amendment litigation, strong and effective advocacy for the right of privacy and efforts to oppose government regulation of encryption and expanding wiretapping powers. Thank you for your support. ======================================================================= Subscription Information ======================================================================= Subscribe/unsubscribe via web interface: Back issues are available at: The EPIC Alert displays best in a fixed-width font, such as Courier. ------------------------- END EPIC Alert 19.07 ------------------------

WorldLII: Copyright Policy | Disclaimers | Privacy Policy | Feedback