EPIC Alert 20.01
E P I C A l e r t
Volume 20.01 January 16, 2013
Published by the
Electronic Privacy Information Center (EPIC)
"Defend Privacy. Support EPIC."
Table of Contents
 EPIC Succeeds in Fight Against Protective Order in FOIA Case
 EPIC Sues CIA for Details of NYPD Spying
Obtains Documents on NSA's 'Perfect Citizen' Program
 FTC Closes Investigation into Google Search Bias
 Supreme Court Hears
Arguments on Driver Records Privacy Protection
 News in Brief
 EPIC Bookstore
 Upcoming Conferences and Events
Attend EPIC's Drone Symposium in Washington, DC, Jan. 15!
- ATTEND the Symposium: http://epic.org/events/drones/
_ LEARN about Drones: http://epic.org/privacy/drones/
- SUPPORT EPIC: http://www.epic.org/donate/
 EPIC Succeeds in Fight Against Protective Order in
A federal judge has vacated provisions in a prior
court order that
would have limited the ability of FOIA requesters to disseminate
information to the public. The Washington, DC,
federal district court
agreed with EPIC's argument during a January 8 Motion for
Reconsideration that protective orders are inappropriate
in Freedom of
Information Act (FOIA) cases. A protective order, or "gag order,"
prevents a party from publicly disclosing information it obtains
Judge Gladys Kessler further stated, "There is no
question the Government did not take seriously its obligation" under
In 2012, EPIC filed a FOIA lawsuit against the Department of Homeland
Security after the agency failed to respond to
EPIC's request for
documents about the agency's plan to monitor Internet traffic. When DHS
was nonresponsive, EPIC sued DHS for compliance
obligations under the FOIA.
During January 8 oral argument, counsel for the US Justice Department
EPIC should agree to a protective order preventing it
from disclosing documents obtained in the case. Despite statutory
and controlling precedent to the contrary, the government
argued the court had "inherent authority" to issue such an order.
has asserted that such authority is in fact "contrary to" FOIA
law. According to, EPIC, "A protective order in a Freedom of
Information Act matter would be contrary to law and would make it more
difficult for the public to obtain information about the government's
thus undermining the central purpose of FOIA.
Judge Kessler also chastised DHS for repeated delays in processing
EPIC's FOIA request,
and noted that although DHS has reviewed over
4,000 documents so far, the agency has not yet disclosed a single page
to EPIC. She
has instructed DHS to disclose all appropriate documents
to EPIC no later than April 15, 2013.
DC District Court: Order in EPIC
v. DHS (Jan. 8, 2013)
EPIC: EPIC v. DHS (Defense Contractor Monitoring)
EPIC: Motion for Reconsideration in EPIC v. DHS (Nov. 7, 2012)
US DoJ: Opposition to Motion for Reconsideration (Nov. 30, 2012)
EPIC: Reply to DoJ's Opposition (Dec. 7, 2012)
 EPIC Sues CIA for Details of NYPD Spying
EPIC has filed a Freedom of Information Act lawsuit against the CIA for
details of that agency's involvement in a New York Police Department
surveillance program targeting Muslims
and persons of Arab descent. The
surveillance conducted by the New York Police Department has included
photographing members of the
Muslim community as they entered mosques,
infiltrating Muslim student groups, and monitoring Muslim stores and
businesses. The extensive
surveillance was focused on specific
neighborhoods made up of certain ethnic groups and not on any
accusations or suspicion of crime.
In August 2011, the New York Police Commissioner acknowledged that the
CIA participated in the surveillance. Following an investigation
CIA Inspector General, however, the CIA announced that there is "no
evidence that any part of the agency's support to the
In early 2012, EPIC sought the public release of the report prepared by
the CIA Inspector General.
Specifically, EPIC requested documents
related to the CIA Inspector General's investigation of the agency's
collaboration with the
NYPD, including any legal analysis and final
reports. EPIC also sought any communication between the CIA Inspector
and the NYPD about the CIA/NYPD collaboration. Because
the CIA failed to comply with statutory deadlines established by the
of Information of Act, EPIC has filed suit for release of the
EPIC has previously opposed surveillance systems that rely
ethnicity, and religion, including the Automated Targeting System and
Suspicious Activities Reporting. In 2011, EPIC obtained
request and then published documents on the FBI's "Watch List." The
documents revealed that the FBI's standard for inclusion
on the list is
"particularized derogatory information," which has never been
recognized by a court of law, and that individuals may
remain on the
FBI watch list even if charges are dropped or a case is dismissed. The
New York Times subsequently broke the story
and posted the documents
obtained by EPIC.
EPIC: FOIA Lawsuit against CIA re: Domestic Surveillance
EPIC: EPIC v. CIA - Surveillance of Muslims
EPIC: Appeal re: FOIA Request to CIA (May 23, 2012)
EPIC: FOIA - FBI Watchlist
EPIC: Automated Targeting Systems
EPIC: Suspicious Activity Reporting
EPIC: Domestic Surveillance
 EPIC Obtains Documents on NSA's 'Perfect Citizen'
In response to a Freedom of Information Act request, the National
Security Agency has turned over documents to EPIC about the agency's
controversial "Perfect Citizen" program.
"Perfect Citizen" monitors
private, nongovernmental networks within the US. According to reports
from The Wall Street Journal, Perfect
Citizen uses sensors deployed on
computer networks to detect unusual activity and warn of an impending
cyber attack. The NSA claims
that Perfect Citizen is merely a research
and development program. The documents obtained by EPIC suggest the
program is operational
and confirmed, and that Raytheon was contracted
to develop and deploy certain components.
The redacted documents obtained by EPIC
state that "[t]he prevention of
a loss due to a cyber or physical attack [on Sensitive Control Systems,
like large-scale utilities],
or recovery of operational capability
after such an event, is crucial to the continuity of the [Department
of Defense], the [Intelligence
Community], and the operation of SIGNIT
systems." The full scope of the program is not apparent because of key
redactions and the
withholding of 98 pages in their entirety, out of a
total of nearly 300.
EPIC has previously pursued cybersecurity-related documents
NSA. Most recently, EPIC submitted a FOIA request to the NSA for the
text of Presidential Policy Directive 20, a cybersecurity
believed to expand NSA's cybersecurity authority. Directive 20 provides
guidelines for what constitutes "defensive" and
within the context of cyberwar and cyberterrorism.
EPIC is currently involved in FOIA litigation over National
Presidential Directive 54, an earlier cybersecurity directive that gave
the NSA authority to conduct surveillance within
the United States.
WSJ: "U.S. Plans Cyber Shield for Utilities, Companies" (July 10, 2010)
EPIC: NSA "Perfect Citizen" FOIA Documents
EPIC: Presidential Policy Directive 20 FOIA Request (Nov. 14, 2012)
EPIC: EPIC v. NSA Complaint (Feb. 4, 2010)
 FTC Closes Investigation into Google Search Bias
The Federal Trade Commission announced January 3 that it had concluded
an investigation into Google's alleged anticompetitive practices,
which the FTC believed had the potential to stifle competition in the
markets for smartphones, tablets, gaming consoles, and online
advertising. The Commission's settlement with Google provides
competitors with access to patents necessary to make smartphones,
laptops, and other devices. Google also voluntarily agreed to stop
borrowing others' content for use in Google's own services. Under
separate commitment, Google agreed to remove restrictions on the use of
the company's online search advertising platform, AdWords.
of the FTC investigation indicate that Google's practice of restricting
AdWords could make it "difficult for advertisers
to coordinate online
advertising campaigns across multiple platforms."
On the issue of search bias, however, the FTC decided to
investigation without taking action. The Commission focused the bias
evaluation on two major search bias questions: First,
introduction of "Universal Search" - a product that prominently
displays targeted Google properties in response
to specific categories
of searches, such as "Shopping" and "Local" - allowed Google to reduce
or eliminate a nascent competitive
threat; and second, whether Google
altered search algorithms to demote certain vertical websites (i.e.,
websites that narrow search
results to a particular category or field,
like shopping or video) to similarly. The FTC reported that while it
had found some evidence
that Google's new search algorithm harmed
competitors, these changes "could be plausibly justified as innovations
that improved Google's
product and the experience of its users."
In 2011, EPIC urged the FTC to begin an investigation into whether
Google has used its
Search dominance to influence the marketplace of
online video content. EPIC pointed specifically to Google's acquisition
and subsequent change in YouTube search rankings. EPIC's
letter to the FTC stated that Google substituted its own subjective,
ranking in place of objective search criteria, such as
"Hits" or "Rankings," to preference Google's own video material over
material. EPIC's letter included detailed examples using
the search term "Privacy."
EPIC also opposed Google's 2008 merger with
DoubleClick. After testimony in 2007 before the US Senate Antitrust
Committee on Google's growing dominance of
essential Internet services,
EPIC filed a complaint to the FTC, alleging that DoubleClick was
unlawfully tracking the online activities
of Internet users and
combining user tracking records with detailed personal profiles
contained in a national marketing database.
While the FTC ultimately
approved the Google/DoubleClick merger, the agency also required
DoubleClick to agree to a list of commitments,
including a commitment
to abide by the National Advertising Initiative's Privacy Principles.
FTC: Press Release on Google Investigation
(Jan. 3, 2013)
FTC: Statement re: Google Investigation (Jan. 3, 2013)
EPIC: Letter to FTC re Google Search Bias (Sept. 8, 2011)
EPIC: Testimony before US Senate re: Google/Doubleclick (Sep. 27, 2007)
EPIC: Complaint to FTC re: Google/Doubleclick (Apr. 20, 2007)
EPIC: Federal Trade Commission
EPIC: Google/Doubleclick Relationship
 Supreme Court Hears Arguments on Driver Records Privacy
The US Supreme Court heard arguments January
9 in Maracich v. Spears,
a case involving the Drivers' Privacy Protection Act (DPPA). The Act
regulates the disclosure and use of
personal information held by state
Departments of Motor Vehicles.
In Maracich, a group of attorneys obtained South Carolina DMV
in order to solicit car buyers as clients for a class action lawsuit.
Some of the solicited individuals sued the attorneys,
the attorneys had unlawfully obtained and used personal information in
violation of the DPPA. At issue in the case
was whether an attorney's
solicitation of clients is a permissible use under the statute's
"litigation provision," which allows attorneys
to obtain and use DMV
records "in connection with" litigation.
The Court deliberated how to reconcile the South Carolina statute's
prohibition on nonconsensual solicitation with the litigation
provision. Justices seemed hesitant to allow unfettered attorney
due to the sensitivity of DMV records; Justice Stephen
Breyer said that because these records contain Social Security Numbers,
is a risk of "identity theft run wild." Both Breyer and Chief
Justice John Roberts asked the parties, "Where is the line" between
permissible and impermissible uses of private information. Justices
Antonin Scalia and Sonia Sotomayor expressed a need to "harmonize"
solicitation and litigation provisions of the statute, while Justice
Ruth Bader Ginsburg expressed concern for the ability of
investigate potential class action lawsuits.
Attorneys for the Petitioners, Maracich et al. argued that the Court
draw a line between investigatory conduct and solicitation:
When a lawyer uses DMV records to investigate in anticipation of a
that is a permissible use, whereas when a lawyer uses those
records to solicit a new client, that is an impermissible use.
for the Respondents, Spears et al., argued that the Court
should draw the line by examining whether the lawyers are seeking to
a specific transaction, occurrence, or defect. If they are,
then those lawyers should be able to both investigate and solicit
using DMV records.
EPIC filed a "friend of the court" brief in support of the Petitioners,
urging the Court to reverse the judgment
of the Fourth Circuit Court,
which held that Spears et al. were not in violation of the DPPA.
EPIC's brief details the staggering
amount of personal information
contained in driver records, particularly as a consequence of the
Department of Homeland Security's
REAL ID regulations. EPIC argued
that "changes in technology have increased the risk of the underlying
harm Congress sought to address.
Therefore, the Court should narrowly
construe" exceptions allowing the disclosure of personal information.
US Supreme Court: Oral
Argument in Maracich v. Spears (Jan. 9, 2013)
ABA: Brief of Petitioners (Maracich) (Nov. 9, 2012)
ABA: Brief of Respondents (Spears) (Dec. 10, 2012)
ABA: Reply Brief of Petitioners (Maracich) (Jan. 2, 2013)
EPIC: “Friend of the Court” Brief (Support of Maricich) (Nov. 16, 2012)
Fourth Circuit Court: Decision in Maracich v. Spears (Sept. 25, 2012)
EPIC: Maracich v. Spears
EPIC: The Drivers Privacy Protection Act
 News in Brief
European Parliament Moves Forward on Privacy Update
The European Parliament has indicated strong support for a proposal put
by the European Commission to update European Union privacy law.
In reports on both the New Data Directive and New Data Regulation,
EU Parliament recommends greater power for data protection agencies and
new rights for data subjects. The comprehensive update
of the 1995 EU
Data Protection Directive simplifies compliance procedures and also
creates new incentives for anonymized and pseudonymized
data to help
protect privacy. In October 2012 EPIC Executive Director Marc Rotenberg
testified before the European Parliament in
support of the proposed
reform. More than 20 US consumer organizations have expressed support
for the European privacy initiative.
EU Commission: Proposal on Personal Data Processing (Jan. 25, 2012)
EU Parliament: Draft of New Data Directive (Dec. 17, 2012)
EU Parliament: Draft of New Data Regulation (Dec. 20, 2012)
EU: 1995 EU Data Protection Directive
EPIC: Testimony before EU Parliament on Data Reform (Oct. 10, 2012)
EPIC: EU Data Protection Directive
Senate to Debate Privacy Amendments for Surveillance Law
The US Senate is scheduled to debate several proposals that would
new safeguards for the FISA Amendments Act, a controversial
law that allows surveillance of the phone and email communications of
US persons without a warrant. In May 2012, EPIC testified before the
US House Judiciary Committee, and recommended increased transparency
and new public reporting of the Government's surveillance activities;
currently, the annual FISA letter to Congress provides little
information about US government conduct. "Congress should not
reauthorize the FISA Amendments Act until adequate oversight
are in place," EPIC Executive Director Marc Rotenberg said
at the May hearing.
US Senate: Floor Schedule
EPIC: Testimony before US Senate on FISA (May 31, 2012)
US Dept. of Justice: FISA Letter for 2012 (Apr. 30, 2012)
EPIC: Foreign Intelligence Surveillance Act
EPIC: Clapper v. Amnesty International
California Attorney General Releases Mobile App Privacy Guidelines
California Attorney General Kamala Harris has issued a
on the Go," which designates best practices for mobile application
privacy. The report recommends that app developers
such as privacy-by-design and notice, but stops short of setting forth
a comprehensive set of Fair Information
Practices. The report follows
the passage of the California Online Privacy Protection Act of 2012,
which requires all service providers
doing business in California, such
consumers. The White House's privacy
multistakeholder process is
similarly attempting to develop a voluntary code of conduct for mobile
app transparency. In 2011, EPIC
submitted comments to the FTC on an
agency overhaul of the Children’s Online Privacy Protection Act, which
was updated in 2012
to reflect children’s use of mobile apps.
State of CA AG’s Office: “Privacy on the Go” (Jan. 2013)
State of CA: California Online Privacy Protection Act of 2012
NTIA: Privacy Multistakeholder Meeting (Jan 4, 2012)
EPIC: Mobile and Location Privacy
EPIC: Comments to FTC on COPPA Update (Dec. 23, 2011)
FTC: Press Release on Final COPPA Update (Dec. 19, 2012)
EPIC: Children's Online Privacy Protection Act (COPPA)
 EPIC in the News
"Leahy to lay out Judiciary agenda." The Hill, Jan. 14, 2013.
"Banks seek NSA help amid attacks on their computer systems." The
Washington Post, Jan. 11, 2013.
"FBI Documents Shine Light on Clandestine Cellphone Tracking Tool."
Slate, Jan. 10, 2013.
"Documents Detail NSA's 'Perfect Citizen' Cybersecurity Work."
InformationWeek, Jan. 9, 2013.
"Texas schools RFID tracking suit sparks concerns about student
privacy." Free Speech Radio News, Jan. 9, 2013.
"DOJ Loses Push for 'Claw Back' Provision in Fight over Cybersecurity
Documents." Legal Times, Jan. 8, 2013.
"Epic data access proposals 'counter-productive', says MRA."
Research Live, Jan. 3, 2013.
"Unmanned military planes fly over Hampton Roads." The Virginian-Pilot,
Jan. 3, 2013.
"2013: New laws on gay marriage, social media." (VIDEO) MSNBC,
Jan. 2, 2013.
"Tech Giants Brace for More Scrutiny From Regulators." The New York
Times, Jan. 2, 2013.
"CIA Sued To Release NYPD Spying Report." The Huffington Post,
Dec. 31, 2012.
"Feds Requiring 'Black Boxes' in All Motor Vehicles." Wired, Dec. 26,
"Revealed: NSA targeting domestic computer systems in secret test."
CNet, Dec. 23, 2012.
For More EPIC in the News:
 EPIC Bookstore
"Litigation Under the Federal Open Government Laws 2010," edited by
Harry A. Hammitt, Marc Rotenberg, John A. Verdi, Ginger McCall,
S. Zaid (EPIC 2010). Price: $75
Litigation Under the Federal Open Government Laws is the most
comprehensive, authoritative discussion of the federal open access
This updated version includes new material regarding President Obama's
2009 memo on Open Government, Attorney General Holder's
March 2009 memo
on FOIA Guidance, and the new executive order on declassification. The
standard reference work includes in-depth
analysis of litigation under:
the Freedom of Information Act, the Privacy Act, the Federal Advisory
Committee Act, and the Government in the Sunshine Act. The fully updated
2010 volume is the
25th edition of the manual that lawyers, journalists
and researchers have relied on for more than 25 years.
"Information Privacy Law: Cases and Materials, Second Edition" Daniel
J. Solove, Marc Rotenberg, and Paul Schwartz. (Aspen 2005).
This clear, comprehensive introduction to the field of information
privacy law allows instructors to enliven their teaching of fundamental
concepts by addressing both enduring and emerging controversies. The
Second Edition addresses numerous rapidly developing areas of
law, including: identity theft, government data mining and electronic
surveillance law, the Foreign Intelligence Surveillance
intelligence sharing, RFID tags, GPS, spyware, web bugs, and more.
Information Privacy Law, Second Edition, builds a cohesive
for an exciting course in this rapidly evolving area of law.
"Privacy & Human Rights
2006: An International Survey of Privacy Laws
and Developments" (EPIC 2007). Price: $75.
This annual report by EPIC and Privacy International provides an
overview of key privacy topics and reviews the state of privacy
75 countries around the world. The report outlines legal protections,
new challenges, and important issues and events relating
Privacy & Human Rights 2006 is the most comprehensive report on privacy
and data protection ever published.
"The Public Voice WSIS Sourcebook: Perspectives on the World Summit on
the Information Society" (EPIC 2004). Price: $40.
This resource promotes a dialogue on the issues, the outcomes, and the
process of the World Summit on the Information Society (WSIS).
reference guide provides the official UN documents, regional and
issue-oriented perspectives, and recommendations and proposals
future action, as well as a useful list of resources and contacts for
individuals and organizations that wish to become more
involved in the
"The Privacy Law Sourcebook 2004: United States Law, International
and Recent Developments," Marc Rotenberg, editor (EPIC 2005). Price:
The Privacy Law Sourcebook, which has been called the "Physician's Desk
Reference" of the privacy world, is the leading resource
attorneys, researchers, and journalists interested in pursuing privacy
law in the United States and around the world.
It includes the full
texts of major privacy laws and directives such as the Fair Credit
Reporting Act, the Privacy Act, and the OECD
Privacy Guidelines, as
well as an up-to-date section on recent developments. New materials
include the APEC Privacy Framework, the
Video Voyeurism Prevention Act,
and the CAN-SPAM Act.
"Filters and Freedom 2.0: Free Speech Perspectives
on Internet Content
Controls" (EPIC 2001). Price: $20.
A collection of essays, studies, and critiques of Internet content
filtering. These papers are instrumental in explaining why filtering
threatens free expression.
EPIC publications and other books on privacy, open government, free
expression, and constitutional values can be ordered at:
EPIC also publishes EPIC FOIA Notes, which provides brief summaries of
interesting documents obtained
from government agencies under the
Freedom of Information Act.
Subscribe to EPIC FOIA Notes at:
 Upcoming Conferences and Events
"Drones and Domestic Surveillance." 15 January 2013, Washington, DC.
For More Information: http://epic.org/events/drones/.
"Computers, Privacy and Data Protection: Reloading Data Protection."
23-25 January 2013, Brussels. For More information:
22nd Annual Computers, Freedom, & Privacy Conference. 5-6 March 2013,
Washington, DC. For More Information: Contact Chris Calabrese
"Online Privacy: Consenting to your Future." 21-22 March 2013,
Portomaso, Malta. For More Information:
Join EPIC on Facebook and Twitter
Join the Electronic Privacy Information Center on Facebook and Twitter:
Join us on Twitter for #privchat, Tuesdays, 11:00am ET.
Start a discussion on privacy. Let us know your thoughts.
Stay up to date with EPIC's events.
The EPIC Alert mailing list is used only to mail the EPIC Alert and to
send notices about EPIC activities. We do not sell, rent
or share our
mailing list. We also intend to challenge any subpoena or other legal
process seeking access to our mailing list. We
do not enhance (link to
other databases) our mailing list or require your actual name.
In the event you wish to subscribe or unsubscribe
your e-mail address
from this list, please follow the above instructions under "subscription
The Electronic Privacy Information Center is
a public interest research
center in Washington, DC. It was established in 1994 to focus public
attention on emerging privacy issues
such as the Clipper Chip, the
Digital Telephony proposal, national ID cards, medical record privacy,
and the collection and sale
of personal information. EPIC publishes the
EPIC Alert, pursues Freedom of Information Act litigation, and conducts
policy research. For more information, see http://www.epic.org or write
EPIC, 1718 Connecticut Ave. NW, Suite 200, Washington, DC 20009. +1 202
483 1140 (tel), +1 202 483 1248 (fax).
Donate to EPIC
If you'd like to support the work of the
Electronic Privacy Information
Center, contributions are welcome and fully tax-deductible. Checks
should be made out to "EPIC" and
sent to 1718 Connecticut Ave. NW,
Suite 200, Washington, DC 20009. Or you can contribute online at:
Your contributions will help support Freedom of Information Act and
First Amendment litigation, strong and effective advocacy for the right
of privacy and efforts to oppose government and private-sector
infringement on constitutional values.
Thank you for your support.
Subscribe/unsubscribe via web interface:
Back issues are available at:
The EPIC Alert displays best in a fixed-width font, such as Courier.
------------------------- END EPIC Alert 19.24------------------------