E P I C A l e r t
Volume 20.18 September 17, 2013
Published by the
Electronic Privacy Information Center (EPIC)
"Defend Privacy. Support EPIC."
Table of Contents
 Federal Court Upholds Privacy Protection
for Wi-Fi Communications
 Pressure Mounts on Facebook to Withdraw Proposed Policy Changes
 EPIC Files FOIA Suit to Determine
If Tor Is Compromised
 EPIC Considers Next Steps re: NSA Response to Surveillance Petition
 European Parliament Begins Hearings
on NSA Surveillance
 News in Brief
 EPIC in the News
 EPIC Bookstore
 Upcoming Conferences and Events
Tell Facebook: "Stop Changing Our Privacy Settings!"
- READ about the Changes: http://epic.org/redirect/090313-facebook.html
- LEARN More about Facebook Privacy: http://epic.org/privacy/facebook/
- SUPPORT EPIC: http://www.epic.org/donate/
 Federal Court Upholds Privacy Protection for Wi-Fi
The US Court of Appeals for the Ninth Circuit
has upheld a lower court
ruling against Google's collection of private Wi-Fi communications in
the company's "Street View" program.
The lawsuit, Joffe v. Google,
alleges that Google's ongoing interception of Wi-Fi payload data as
Street View trucks roamed the
US violated several laws, including the
federal Wiretap Act. The lower court rejected Google's argument that
interception of communications
sent over "open" Wi-Fi networks was
allowed under the Wiretap Act. Specifically, the court rejected
Google's theory that such communications
were "readily accessible to
the general public" simply because they were unencrypted. The Ninth
Circuit's ruling and emphasized
the importance of protecting the
privacy of electronic communications.
The Ninth Circuit decision made clear that unencrypted Wi-Fi
communications are not "readily accessible to the general public"
under the ordinary meaning of the phrase. These communications
"geographically limited and fail to travel far beyond the walls of the
home or office where the access point is located." And
devices, the "payload" data transmitted over a Wi-Fi network is only
accessible "with some difficulty." Even in locations
can connect to certain unencrypted networks, "members of the general
public do not typically mistakenly intercept,
store, and decode data
transmitted by other devices on the network."
EPIC filed a "friend of the court" brief in the case, urging
to uphold legal protections for Wi-Fi communications, and discussing
both the intent of the federal law and the operation
of a typical
home Wi-Fi network. Many of EPIC's technical arguments, including key
sources, were discussed in the court's opinion.
This landmark opinion
resolves a fundamental issue of electronic privacy law in favor of
everyday Wi-Fi users. Google has not announced
whether will appeal the
case to the US Supreme Court.
EPIC: Joffe v. Google
Ninth Circuit Court: Opinion in Joffe v. Google (Sep. 10, 2013)
EPIC: "Friend of the Court" Brief in Joffe v. Google (Mar. 30, 2012)
EPIC: Google Street View
 Pressure Mounts on Facebook to Withdraw Proposed
Facebook has announced it will delay proposed
changes allowing it to
use the names, images, and content of Facebook users for advertising
without consent. After EPIC and several
privacy groups wrote to the
Federal Trade Commission that the changes violate a 2011 Consent Order,
the Commission has opened an
investigation in the privacy changes, and
Sen. Ed Markey (D-MA) has written to the company, stating that
Facebook's changes "raise
a number of questions about whether
consent and, if the
changes go into effect, the degree to which
Facebook users will lose control over their personal information."
of the proposed changes state that the company
may "use your name, profile picture, content, and information in
commercial, sponsored, or related content (such as a
brand you like) served or enhanced by us." EPIC's letter explained that
changes violate a "cornerstone of modern privacy law": the right
of an individual to control the use of their image for commercial
purposes. Furthermore, the letter states, Facebook's changes violate
the terms of a 2011 consent order with the Federal Trade Commission,
which requires that, "prior to any sharing of a user's nonpublic user
information by [Facebook] with any third party, which materially
exceeds the restrictions imposed by a user's privacy setting(s),"
Facebook must make a "clear and prominent" disclosure and
user's "affirmative express consent."
"The urgency of FTC action is underscored also by specific actions
taken by Facebook
to deprive users of the opportunity to express their
views on proposed changes and even to organize with other users," EPIC
referring to Facebook's decision to removing the voting component
of site governance and to shut down certain Facebook groups.
EPIC is a leading advocate of the rights of Facebook users and has
helped organize several of the campaigns and investigations to
user privacy. In 2007, EPIC organized objections to Facebook's "Beacon"
program, which disclosed users' personal information,
online purchases and video rentals, similarly without their knowledge
or consent. Facebook ultimately abandoned
"Beacon" after 50,000 users
signed a petition protesting the program.
privacy settings in 2009. Facebook made several categories of personal
data "publicly available information," including
users' names, profile
photos, lists of friends, fan pages and networks to which they belonged.
However, Facebook withdrew proposed
changes to the Terms of Service
after 150,000 users, in collaboration with EPIC, formed the group "FB
Users Against the New TOS."
EPIC's complaints to the FTC in 2009 and
2010 were instrumental in the agency's 2011 settlement with Facebook.
may comment on the settlement via the EPIC website at
Sen. Ed Markey (D-MA):
Press Release Facebook Letter (Sep. 11, 2013)
EPIC et al.: Letter to FTC re: Facebook Privacy Changes (Sep. 4, 2013)
Facebook: Proposed Changes to Governing Documents (Aug. 29, 2013)
EPIC et al.: Letter to Judge re: Fraley v. Facebook (Jul. 12, 2012)
US District Court, SF: Decision in Fraley v. Facebook (Aug. 17, 2012)
Federal Trade Commission: Facebook Settlement (Jul. 27, 2013)
EPIC: Federal Trade Commission
EPIC: Facebook Privacy
EPIC: Social Networking Privacy
 EPIC Files FOIA Suit to Determine If Tor Is Compromised
EPIC has filed a Freedom of Information Act lawsuit against the
Broadcasting Board of Governors, a federal agency that oversees all US
civilian international media. EPIC seeks
information about the federal
government's interest in the Tor network, a privacy-enhancing network.
EPIC has been interested
in the NSA's involvement in the development
of cryptographic standards since EPIC's inception. In 1993, EPIC (then
Professionals for Social Responsibility) initiated FOIA
litigation over the NSA's use of the "Clipper Chip," an encryption
that was developed to ensure government access to encrypted
information. The NSA developed the technical basis for the Clipper
Chip. Public opposition to the Clipper Chip eventually led to the
The Guardian, The New York Times, and Pro
Publica have recently
reported that the NSA compromised many of the encryption technologies
available for public use, raising many
of the same concerns that drove
opposition to Clipper. Through covert partnerships with Internet
providers and software developers,
the NSA has built in secret
"backdoors," or deliberate network vulnerabilities, that allow the
agency to surveil, decrypt, collect,
and even control the flow of user
data. According to top-secret NSA documents, "For the past decade,
NSA has lead an aggressive,
multi-pronged effort to break widely-used
Internet encryption technologies . . . Vast amounts of encrypted
Internet data which
have up till now been discarded are now
Wired reported that the FBI was using Tor to spread malware that could
identify Tor users. Another story in The Washington Post highlighted
the likelihood that the malware originated in the federal government
for the purpose of surveiling encrypted communications. The Post also
noted that 60 percent of Tor's funding comes from the Federal
government, prompting the paper to ask whether the network suffered
from similar backdoors and vulnerabilities.
EPIC is pursuing
the FOIA case against the Broadcasting Board of
Governors to determine whether the NSA or the FBI may have compromised
is software currently maintained by The Tor Project. Internet users
around the world use Tor to maintain anonymity and circumvent
restrictions. Tor is used by academics, political dissidents, law
enforcement, journalists, whistleblowers, NGOs, the
U.S. Navy, and
everyday individuals. Tor adheres to a policy of openness and
transparency in its own management while working to
anonymity of its users. To that end, Tor publishes its list of
sponsors, its open-source software, its financial reports,
documentation, and lists of projects. Tor provides an invaluable
tool for encrypted web use.
EPIC: EPIC v. BBG
Wired: Kevin Poulsen, "FBI Admits It Controlled Tor Servers Behind
Mass Malware Attack" (Sep. 13, 2013)
The Washington Post: Brian Fung, "The feds pay for 60 percent of Tor's
development. Can users trust it?" (Sep. 6, 2013)
The Guardian: James Ball, Julian Borger, and Glen Greenwald,
"Revealed: how US and UK spy agencies defeat internet privacy and
security" (Sep. 5, 2013)
The New York Times: Nicole Perlroth, Jeff Larson, and Scott Shane,
"N.S.A. Able to Foil Basic Safeguards of Privacy on Web" (Sep.
The Washington Post: Brian Fung, "We've all practically given up on
internet privacy. Here's how not to" (Sep. 5, 2013)
 EPIC Considers Next Steps re: NSA Response to Surveillance
Two months after EPIC formally petitioned the
National Security Agency
to suspend the agency's domestic surveillance programs, the NSA has
responded. EPIC's petition stated
that "NSA's collection of domestic
communications contravenes the First and Fourth Amendments to the
United States Constitution, and violates several federal privacy laws,
including the Privacy Act of 1974, and the Foreign Intelligence
Surveillance Act of
1978 as amended." The petition further stated that
the NSA's domestic surveillance "substantively affects the public to a
sufficient to implicate the policy interests" that require
public comment. EPIC is now reviewing potential next steps in response
to the NSA's refusal to provide opportunity for public comment.
The NSA's response argued that "any NSA activities involving the
collection of communications that may meet the description set forth in
your letter, if any, would not constitute Agency actions
subject to notice-and-comment requirements of the Administrative
Procedure Act, such as the issuance, amendment, or repeal
of rules or
regulations." The letter from the NSA Associate Director for Policy and
Records also stated that the "NSA operates
in accordance with the
Constitution and the laws of the United States, under the direction of
the President" and that the NSA "will continue to work within the
of the law and the oversight of both the U.S. Congress and the
EPIC, joined by leading
privacy experts including James Bamford,
Whitfield Diffie, and Bruce Schneier, first petitioned the agency on
June 17. The petition
now has been signed by other distinguished
privacy scholars, law professors, and computer scientists, and by over
of the public representing all 50 states and the District
of Columbia. EPIC renewed the petition weekly for over two months until
the NSA responded.
EPIC: Petition to the NSA re: Domestic Surveillance (Jun. 17, 2013)
EPIC: Text of FISC Order to Verizon (Apr. 25, 2013)
EPIC: NSA Petition Response to EPIC (Aug. 26, 2013)
EPIC: Petition to the Supreme Court re: Verizon Order (Jul. 8, 2013)
EPIC: In re EPIC - NSA Telephone Records Surveillance
EPIC: Foreign Intelligence Surveillance Act (FISA)
EPIC: USA PATRIOT Act
EPIC: Foreign Intelligence Surveillance Court (FISC)
 European Parliament Begins Hearings on NSA Surveillance
The European Parliament held a September 5 hearing on "Electronic
Surveillance of EU Citizens," hosted by the Committee on Civil
Liberties, Justice, and Home Affairs ("LIBE Committee"). The
Committee "is in charge of most of the legislation and democratic
oversight for policies linked to the transformation of the
Union in the area of freedom, security and justice." LIBE's functions
include "legislation in the areas of transparency
and of the protection
of natural persons with regard to the processing of personal data."
Witnesses at the hearing included journalists,
the Editor in Chief of
the UK's Guardian newspaper, and current and former government
The hearing focused on surveillance
conducted by the US, but also
addressed surveillance by member EU states. The hearings are the first
in a series mandated by a
resolution of the European Parliament to
assess the impact of international surveillance programs on member
"the right to respect for private life and
communications, freedom of expression, the presumption of innocence and
the right to
an effective remedy." The hearings were also conducted to
determine the extent of the actual data collection programs and to
the appropriateness of those programs in the face of any
international terrorist threats.
EPIC Executive Director Marc Rotenberg
has been invited to speak
before the European Parliament on September 30, 2013.
European Parliament: LIBE Hearing Information
(Sep. 5, 2013)
European Parliament: LIBE Committee
European Parliament: LIBE Committee Inquiry (Sep. 5, 2013)
European Parliament: LIBE Hearing Video Stream (Sep. 5, 2013)
 News in Brief
OECD Releases Updated Privacy Guidelines
The Organization for Economic Cooperation and Development has released
the 2013 revisions
to its privacy guidelines. The revisions build from
the original guidelines, developed in 1980, and retain the core set of
Information Practices while updating the framework to address new
challenges, such as national implementation and cross-border
enforcement. The OECD explains that the revisions aim to "focus on the
practical implementation of privacy protection" and to "address
global dimension of privacy through improved interoperability." EPIC
Executive Director Marc Rotenberg, a member of the expert
has said that "the OECD Privacy Guidelines are the most influential
international framework for privacy ever established."
OECD: Privacy Framework (2013)
1980 OECD Privacy Guidelines
Marc Rotenberg: "The Impact of the OECD Privacy Guidelines" (2010)
EPIC: International Privacy Standards
EPIC Meets with President's Intelligence Review Group
EPIC President Marc Rotenberg and EPIC Advisory Board Member Steve
met September 9 with the President's Review Group on
Intelligence and Communication Technology. President Obama has tasked
panel with the responsibility to assess whether the "United States
employs its technical collection capabilities in a manner that
optimally protects our national security and advances our foreign
policy while appropriately accounting for other policy considerations,
such as the risk of unauthorized disclosure and our need to maintain
the public trust." EPIC submitted detailed recommendations
to the Board
and included copies of EPIC's Supreme Court petition, which argues that
the current domestic surveillance program
is unlawful, as well as
EPIC's 2012 Congressional testimony on the FISA Amendments Act and
EPIC's 2010 letter to the Foreign Intelligence
Surveillance Court on
reform of FISA procedures. The panel will accept comments from the
public until October 4, 2013. Comments
are to be sent to
email@example.com, which, oddly, is the domain of the current
Director of National Intelligence.
House: Statement on Review Group (Aug. 27, 2013)
EPIC: Letter to Intelligence Review Board (Aug. 29, 2013)
EPIC: Petition to US Supreme Court re: Surveillance (Jul. 8, 2013)
EPIC: Congressional Testimony on FISA Amendments Act (May 31, 2013)
EPIC: Comments to FISA Court on Amended Rules (Oct. 4, 2010)
EPIC: FISA Reform
Office of National Intelligence Releases New Docs on NSA Surveillance
The Office of the Director of National Intelligence has
documents about the NSA's surveillance programs. The documents, which
include numerous filings with the Foreign Intelligence
Court, date back to 2006 and specifically relate to the government's
collection of information under Section 215 of
the USA PATRIOT Act. In
a petition to the US Supreme Court, EPIC has argued that the FISA Court
exceeded statutory authority under
Section 215 when it authorized
Verizon's bulk collection of US telephone records. Under Section 215,
the FISA Court may order businesses
to produce records that are
"relevant" to an authorized national security investigation, but the
Verizon Order requires production
of all domestic telephone records on
an ongoing basis.
ODNI: Press Release on Declassified Documents (Sep. 10, 2013)
Cornell Legal Information Institute: Text of Patriot Act Section 215
EPIC: USA PATRIOT Act
EPIC: Petition to US Supreme Court re: Surveillance (Jul. 8, 2013)
EPIC: In re EPIC - NSA Telephone Records Surveillance
Pew Survey: Vast Majority of Americans Try to Maintain Privacy Online
A new survey by the Pew Research Center's Internet
Project has found
that 86 percent of Americans surveyed take steps to conceal their
actions or identities while online. The survey
also found that 21
percent had an email or social networking account compromised or
taken over by someone else without permission.
The majority of survey
respondents told Pew that "current laws are not good enough in
protecting people's privacy online." Other
Pew surveys have found that
most teens were taking steps to protect their privacy, that a majority
of parents were concerned about
their children's online privacy, and
that users were becoming more active in managing their social media
Survey on Online Privacy (Sep. 5, 2013)
Pew Internet: "Where Teens Seek Privacy Advice" (Aug. 15, 2013)
Pew Internet: "Teens, Social Media, and Privacy" (May 21, 2013)
Pew Internet: "Parents, Teens, and Online Privacy" (Nov. 20,2012)
Pew Internet: "Privacy management on social media sites" (Feb. 24, 2012)
EPIC: Public Opinion on Privacy
 EPIC in the News
"Facebook Privacy Change Is Subject of F.T.C. Inquiry." The New York
Times, Sept. 11, 2013.
"Court Says Privacy Case Can Proceed vs. Google." The New York Times,
Sept. 10, 2013.
"Google Loses Appeal in Street View Snooping Case." ABC News/AP, Sept.
"NSA Surveillance And The Legacy Of 9/11." WAMU's "The Kojo Nnamde
Show," Sept. 11, 2013.
"Explaining the latest NSA revelations - Q&A with internet privacy
experts." The Guardian, Sept. 6, 2013.
"NSA has made strides in thwarting encryption used to protect
Internet communication." The Washington Post, Sept. 5, 2013.
The Wall Street Journal, Sept. 4, 2013.
"Facebook under fire from privacy watchdogs over 'Sponsored Stories'
ads." Los Angeles Times, Sept. 4, 2013.
"Privacy Groups Ask F.T.C. to Block Facebook Policy Changes." The New
York Times, Sept. 4, 2013.
Letter to the Editor: "Better Privacy Laws: Priority for America and
Germany," by EPIC President Marc Rotenberg. The New York
Sept. 3, 2013.
For More EPIC in the News: http://epic.org/news/epic_in_news.html
 EPIC Bookstore
"Litigation Under the Federal Open Government Laws 2010," edited by
Harry A. Hammitt, Marc Rotenberg, John A. Verdi, Ginger McCall,
S. Zaid (EPIC 2010). Price: $75.
Litigation Under the Federal Open Government Laws is the most
comprehensive, authoritative discussion of the federal open access
This updated version includes new material regarding President Obama's
2009 memo on Open Government, Attorney General Holder's
March 2009 memo
on FOIA Guidance, and the new executive order on declassification. The
standard reference work includes in-depth
analysis of litigation under:
the Freedom of Information Act, the Privacy Act, the Federal Advisory
Committee Act, and the Government in the Sunshine Act. The fully updated
2010 volume is the
25th edition of the manual that lawyers, journalists
and researchers have relied on for more than 25 years.
"Information Privacy Law: Cases and Materials, Second Edition" Daniel J.
Solove, Marc Rotenberg, and Paul Schwartz. (Aspen 2005).
This clear, comprehensive introduction to the field of information
privacy law allows instructors to enliven their teaching of fundamental
concepts by addressing both enduring and emerging controversies. The
Second Edition addresses numerous rapidly developing areas of
law, including: identity theft, government data mining and electronic
surveillance law, the Foreign Intelligence Surveillance
intelligence sharing, RFID tags, GPS, spyware, web bugs, and more.
Information Privacy Law, Second Edition, builds a cohesive
for an exciting course in this rapidly evolving area of law.
"Privacy & Human Rights
2006: An International Survey of Privacy Laws
and Developments" (EPIC 2007). Price: $75.
This annual report by EPIC and Privacy International provides an
overview of key privacy topics and reviews the state of privacy
75 countries around the world. The report outlines legal protections,
new challenges, and important issues and events relating
Privacy & Human Rights 2006 is the most comprehensive report on privacy
and data protection ever published.
"The Public Voice WSIS Sourcebook: Perspectives on the World Summit on
the Information Society" (EPIC 2004). Price: $40.
This resource promotes a dialogue on the issues, the outcomes, and the
process of the World Summit on the Information Society (WSIS).
reference guide provides the official UN documents, regional and
issue-oriented perspectives, and recommendations and proposals
future action, as well as a useful list of resources and contacts for
individuals and organizations that wish to become more
involved in the
"The Privacy Law Sourcebook 2004: United States Law, International
and Recent Developments," Marc Rotenberg, editor (EPIC 2005). Price:
The Privacy Law Sourcebook, which has been called the "Physician's Desk
Reference" of the privacy world, is the leading resource
attorneys, researchers, and journalists interested in pursuing privacy
law in the United States and around the world.
It includes the full
texts of major privacy laws and directives such as the Fair Credit
Reporting Act, the Privacy Act, and the OECD
Privacy Guidelines, as well
as an up-to-date section on recent developments. New materials include
the APEC Privacy Framework, the
Video Voyeurism Prevention Act, and the
"Filters and Freedom 2.0: Free Speech Perspectives
on Internet Content
Controls" (EPIC 2001). Price: $20.
A collection of essays, studies, and critiques of Internet content
filtering. These papers are instrumental in explaining why filtering
threatens free expression.
EPIC publications and other books on privacy, open government, free
expression, and constitutional values can be ordered at:
EPIC Bookstore: http://www.epic.org/bookstore
EPIC also publishes EPIC FOIA Notes, which provides brief summaries of
interesting documents obtained
from government agencies under the
Freedom of Information Act.
Subscribe to EPIC FOIA Notes at:
 Upcoming Conferences and Events
EPIC: "The EPIC Challenge to the NSA Domestic Surveillance Program."
Washington, DC, 19 September 2013. For More Information:
The Public Voice Conference: "Our Data, Our Lives." Warsaw, Poland,
23 September 2013. For More Information:
The Cato Institute: "NSA Surveillance: What We Know; What to do
About It." Washington, DC, 9 October 2013. For More Information:
Drone and Aerial Robotics Conference. Speaker: EPIC Domestic
Surveillance Counsel Amie Stepanovich. NYU Law Engelberg Center
Innovation Law and Policy, New York, NY, 11-13 October 2013. For More
Surveillance Conference, Sponsored by the Chicago Committee to Defend
the Bill of Rights. Speaker: EPIC Domestic Surveillance
Stepanovich. Northwestern University School of Law, Evanston, IL,
19 October 2013. For More Information:
American Civil Liberties Union of Rhode Island 2013 Annual Dinner
Celebration. Keynote Speaker: EPIC Domestic Surveillance Counsel
Stepanovich. Providence, RI, 8 November 8, 2013. For More Information:
Join EPIC on Facebook and Twitter
Join the Electronic Privacy Information Center on Facebook and Twitter:
Join us on Twitter for #privchat, Tuesdays, 11:00am ET.
Start a discussion on privacy. Let us know your thoughts. Stay up to
date with EPIC's events. Support EPIC.
The EPIC Alert mailing list is used only to mail the EPIC Alert and to
send notices about EPIC activities. We do not sell, rent
or share our
mailing list. We also intend to challenge any subpoena or other legal
process seeking access to our mailing list. We
do not enhance (link to
other databases) our mailing list or require your actual name.
In the event you wish to subscribe or unsubscribe
your e-mail address
from this list, please follow the above instructions under "subscription
The Electronic Privacy Information Center is
a public interest research
center in Washington, DC. It was established in 1994 to focus public
attention on emerging privacy issues
such as the Clipper Chip, the
Digital Telephony proposal, national ID cards, medical record privacy,
and the collection and sale
of personal information. EPIC publishes the
EPIC Alert, pursues Freedom of Information Act litigation, and conducts
policy research. For more information, see http://www.epic.org or write
EPIC, 1718 Connecticut Ave. NW, Suite 200, Washington, DC 20009. +1 202
483 1140 (tel), +1 202 483 1248 (fax).
Donate to EPIC
If you'd like to support the work of the
Electronic Privacy Information
Center, contributions are welcome and fully tax-deductible. Checks
should be made out to "EPIC" and
sent to 1718 Connecticut Ave. NW, Suite
200, Washington, DC 20009. Or you can contribute online at:
Your contributions will help support Freedom of Information Act and
First Amendment litigation, strong and effective advocacy for the right
of privacy and efforts to oppose government and private-sector
infringement on constitutional values.
Thank you for your support.
Subscribe/unsubscribe via web interface:
Back issues are available at: http://www.epic.org/alert
The EPIC Alert displays best in a fixed-width font, such as Courier.
------------------------- END EPIC Alert 20.18------------------------