EPIC Alert 20.02
E P I C A l e r t
Volume 20.02 February 1, 2013
Published by the
Electronic Privacy Information Center (EPIC)
"Defend Privacy. Support EPIC."
Table of Contents
 TSA to Pull 'Naked' Body Scanners from All US Airports
 EPIC Hosts Event on Drones and Surveillance at National
 EPIC Argues Cell Phone Privacy Case Before New Jersey Supreme Court
 EPIC Defends Student Privacy in Federal Court
 Sen. Leahy Sets Out Judiciary Committee Agenda for New Congress
 News in Brief
 EPIC in the News
 EPIC Bookstore
Upcoming Conferences and Events
TAKE ACTION: Support Europe v. Facebook!
- LEARN about the Project: http://www.europe-v-facebook.org/EN/en.html
- DEMAND Your Facebook Data: http://epic.org/redirect/020113-fb.html
- JOIN Forces with Europe v. Facebook: https://www.crowd4privacy.org/
- SUPPORT EPIC: http://www.epic.org/donate/
 TSA to Pull 'Naked' Body Scanners from All US Airports
The Transportation Security Administration is ending the
contract with backscatter x-ray device manufacturer Rapiscan. As a
result, all backscatter machines, which produce a detailed
of air travelers, will be removed from US airports. The backscatter
x-ray scanners will be replaced by millimeter wave
scanners, a less-
intrusive but still controversial scanning technology.
The Congressional "FAA Modernization and Reform Act of
that all body scanners be equipped with privacy-enhancing software by
June 1, 2013. After granting itself a one-year
extension, the TSA
ended the contract for backscatter x-ray devices once it became obvious
that Rapiscan could not add privacy-enhancing
software in time to meet
the Congressional deadline.
Beginning in 2005, EPIC and a coalition of privacy advocates,
legal experts and lawmakers urged the TSA not to deploy the
devices. In 2010, before the backscatter devices were widely in use,
EPIC and others petitioned DHS Secretary Napolitano to suspend the
program pending a thorough review.
In 2010, EPIC sued the Department
of Homeland Security to force
disclosure of technical documents about the body scanner program. The
documents EPIC received revealed
that DHS publicly mischaracterized the
findings of the National Institute of Standards and Technology, stating
that NIST had "affirmed
the safety" of full body scanners. In fact,
NIST never tested full-body scanners for safety. The European Union
banned x-ray body
scanners from European airports in 2011, citing both
unreliability and potential health risks.
In a subsequent EPIC lawsuit against
DHS, the DC Circuit Court of
Appeals determined that air travelers have a right to opt-out of the
body-scanner screening and that
the TSA must undertake a public notice
and comment rulemaking on the scanners. The court has ordered the
agency to begin the public
comment process by March 2013.
TSA: "Rapiscan Contract Terminated" (Jan. 18, 2013)
The FAA Modernization and Reform Act of 2012
EU: Press Release on Body Scanners at EU Airports (Nov. 14, 2011)
EPIC: 2nd Petition to DHS re: Body Scanners (July 2, 2010)
EPIC et al.: 1st Petition to DHS re: Body Scanners (Apr. 21, 2010)
EPIC et al.: Letter to DHS re: Body Scanners (May 31, 2009)
EPIC: EPIC v. DHS (Suspension of Body Scanner Program)
EPIC: EPIC v. DHS (Body Scanners)
EPIC: EPIC v. DHS (Full Body Scanner Radiation Risks)
EPIC: Body Scanners
EPIC: Spotlight on Surveillance (Body Scanners)
 EPIC Hosts Event on Drones and Surveillance at National
EPIC hosted a January 17 symposium on "Drones
Surveillance," at the National Press Club in Washington, DC. The
symposium brought together experts in law, technology,
policy to discuss the expanding use of unmanned aerial vehicles,
otherwise known as drones or UAVs, within US airspace.
EPIC Executive Director Marc Rotenberg moderated the event, which
featured a panel of legal and policy experts, including privacy
scholars Laura Donohue and Orin Kerr, CATO fellow Julian Sanchez,
EPIC Associate Litigation Counsel Amie Stepanovich, and Gretchen
of UAV industry group AUVSI. Security technologist and author Bruce
Schneier spoke about the future of advanced drone technology,
"today's expensive and rare becomes tomorrow's commonplace."
Representative Ted Poe (R-TX) provided the event's keynote
Poe announced his plans to introduce a bill, co-sponsored by Rep. Zoe
Lofgren (D-CA), to protect citizen privacy against
increased drone use.
Previously, Poe had chaired a field hearing in Houston, TX, to explore
the privacy implications of domestic
drone use. In a prepared
statement for the field hearing, EPIC noted that "widespread use of
drone technology increases the potential
for pervasive mass
surveillance of the American public by law enforcement."
In February 2012, EPIC, joined by over 100 organizations,
members of the public, petitioned the FAA to establish privacy
safeguards for drones. The petition called on the FAA
to conduct a
notice-and-comment rulemaking to address the impact of drone use on
privacy and civil liberties in the US. EPIC also
Congress in 2012 on the risks of domestic drone use. Meanwhile, Rep.
Ed Markey (D-MA) has introduced the "Drone
Aircraft Privacy and
Transparency Act". The bill calls on the FAA to complete a report on
the privacy implications of US drones.
The bill will also require drone
operators to submit a data collection and data minimization statement
regarding drones' collection
of personally identifiable information.
EPIC: Drones and Domestic Surveillance
FAA: Letter to Congress on Privacy and Drone Use (Nov. 1, 2012)
EPIC: Testimony before Congress on Privacy and Drones (Oct. 25 2012)
EPIC: Petition to FAA (Feb. 24, 2012)
Rep. Ted Poe (R-TX): Air Travelers' Bill of Rights Act of 2012
Rep. Ed Markey (D-MA): Drone Privacy and Transparency Act of 2012
EPIC: UAVs and Drones
 EPIC Argues Cell Phone Privacy Case Before New Jersey
The New Jersey Supreme Court heard oral arguments
January 29 in State
v. Earls, a criminal case centering around Fourth Amendment privacy
rights in cell phone location information.
The Court heard arguments
from the State of New Jersey, the defense attorney, the New Jersey
ACLU, and EPIC Appellate Advocacy
Counsel Alan Butler.
State v. Earls arises from an investigation into a 2006 string of New
Jersey burglaries. Defendant Thomas
Earls argued that his Fourth
Amendment rights were violated when officers requested his location
information from his cell phone
provider without a warrant. The
initial trial court found that Earls had a reasonable expectation of
privacy in his location information,
but that the search was justified
under the "emergency aid" exception, and Earls was convicted. An
appellate court upheld his conviction,
but found that he had no
reasonable expectation of privacy in his "generalized" location
information revealed by his mobile provider.
After the US Supreme
Court's decision in US v. Jones, the Supreme Court of New Jersey
decided to revisit the case.
a "friend of the court" brief on behalf of Earls, arguing
that location information reveals intimate details similar to the GPS
data considered by the US Supreme Court in Jones. In response to an
additional court request, EPIC filed a supplemental brief outlining
current state of location-tracking technology and arguing that, under
federal and state constitutions, individuals have a reasonable
expectation of privacy in modern cell phone location records.
At the Jan. 29 oral argument, the court focused on the potential
of imposing a warrant requirement for cell phone location data. The
defense counsel argued that a warrant requirement would
with the current practice of New Jersey investigators. According to the
State's supplemental brief, roughly 90% of
the location records used by
New Jersey prosecutors in the second half of 2012 were obtained
pursuant to a warrant. The State was
unable to provide the court with
more detailed information about the use of warrants to obtain location
data before 2012. A final
decision is expected by the end of this year.
EPIC: State v. Earls
EPIC: "Friend of the Court" Brief in State v. Earls
NJ Supreme Court: Request for Supplemental Briefing (Nov. 21, 2012)
EPIC: Supplemental Brief in State v. Earls (Dec. 20, 2012)
EPIC: Locational Privacy
EPIC: US v. Jones
 EPIC Defends Student Privacy in Federal Court
EPIC has filed a cross-motion for summary judgment with a Washington,
DC, federal court, challenging changes to the Family Educational
and Privacy Act (FERPA). EPIC's brief argues that the US Department of
Education is exceeding its legal authority by removing
to prohibit the disclosure of their personal information, and that the
agency's new regulations are unreasonable
and overstep the authority
granted by Congress.
The revised regulations, issued by the Education Department in 2011,
release of student records for non-academic purposes and
undercut parental consent provisions. The regulations reinterpret
definitions in FERPA in order to provide non-governmental
actors increased access to student personal data.
The ED's changes also
promote the public use of student IDs that
enable access to private educational records, and which can be used to
In 2011, EPIC submitted extensive comments to the agency, opposing the
changes and arguing for the need to safeguard privacy.
stated that "the ED's proposals expand a number of FERPA's exemptions,
reinterpreting the statutory terms 'authorized
'education program,' and 'directory information.' These proposals
remove affirmative legal duties for state and
facilities to protect private student data."
After the Education Department failed to make the requested changes,
EPIC filed a lawsuit, further arguing that the revised regulations were
not in accordance with the Privacy Act of 1974. The Department
final regulations in December 2011 despite the its own admission that
"numerous commenters . . . stated that they believe
lacks the statutory authority to promulgate the proposed regulations
contained in the NPRM."
EPIC is joined in
the lawsuit by members of the EPIC Board of Directors
and Advisory Board Grayson Barber, Pablo Garcia Molina, Peter Neumann,
EPIC: Cross-Motion for Summary Judgment in EPIC v. ED (Jan. 18, 2013)
Education Dept.: Final Regulations on Education Privacy (Dec. 2, 2011)
EPIC: Comments on Dept. of Ed. Proposed Rulemaking (May 23, 2011)
EPIC: EPIC v. US Department of Education
EPIC: Student Privacy
 Sen. Leahy Sets Out Judiciary Committee Agenda for
At a January 16 speech at Georgetown University,
Sen. Patrick Leahy
(D-VT), Chair of the US Senate Judiciary Committee, laid out the
Judiciary Committee's agenda for the 113th
Congress. Leahy vowed to
commit the Committee to addressing "out most fundamental rights, and
our most basic freedoms."
to Sen. Leahy, the Committee's agenda includes updates to
key legislation, including laws on email privacy and cybersecurity.
2012, Leahy introduced provisions to update the Electronic
Communications Privacy Act, the law that establishes when a warrant
is required for law enforcement to gain access to individual email,
and which he originally sponsored in 1986. To date, ECPA has
updated; proposed updates passed the Senate in 2012, but were struck
down in the House.
In his speech, Leahy explained
that the Judiciary Committee would also
address the need for oversight of US counterterrorism programs and the
privacy issues involved
with the growing use of domestic surveillance
drones. In 2012, EPIC and a coalition of experts and organizations
Federal Aviation Administration to develop regulations
aimed at protecting individuals from increased drone surveillance.
Sen. Leahy emphasized the importance of open government as an
American value, promising to "continue to fight for transparency that
keeps the government accountable to the people." Leahy has been a long-
time champion for open government, and previously introduced
"Faster FOIA" Act to increase the rate at which government agencies
respond to Freedom of Information Act requests.
Sen. Patrick Leahy: Judiciary Committee Agenda for 113th Congress
EPIC: Electronic Communications Privacy Act
EPIC: Domestic Unmanned Aerial Vehicles (UAVs) and Drones.
EPIC: Open Government
 News in Brief
EPIC Gives 2013 Privacy Champion Award to Austrian Privacy Advocate
EPIC has given the 2013 International Privacy Champion Award
Austrian law student Max Schrems, the organizer of Europe v. Facebook.
EPIC called Schrems "an innovative and effective spokesperson
right to privacy." EPIC cited Schrems' work in obtaining Facebook's
collection of his personal information, which has inspired
40,000 users worldwide to make similar access requests, thus helping to
ensure greater transparency of Internet companies.
international award recipients include Canadian Privacy Commissioner
Jennifer Stoddart, European Parliamentarian Sophie
Australian jurist Michael Kirby, and Constitutional Law Scholar Stefano
Rodota. The award is given by EPIC annually
in recognition of
International Privacy Day, January 28.
Europe v. Facebook
EPIC: International Privacy Day
EPIC: International Privacy Standards
Report Highlights Legal Questions Implicated by Domestic Drone Use
A new report from the Congressional Research Service -"Integration
of Drones into Domestic Airspace: Selected Legal Issues" - states that
"perhaps the most contentious issue concerning the introduction
drones into U.S. airspace is the threat that this technology will be
used to spy on American citizens." Last year, EPIC warned
"there are substantial legal and constitutional issues involved in the
deployment of aerial drones by federal agencies."
EPIC, joined by over
100 organizations, experts, and members of the public, has petitioned
the Federal Aviation Administration
to begin a rulemaking to establish
Congressional Research Service: Report on Drones (Jan. 30, 2013)
EPIC: Congressional Testimony on Drones in US (Jul. 12, 2012)
EPIC: Petition to FAA on Drones (Mar. 8, 2012)
EPIC: Unmanned Aerial Vehicles (UAVs) and Drones
New Study Finds Limits in Deidentification of DNA Samples
A recent paper published in Science Magazine reveals that deidentified
DNA sequences collected for research purposes can be used to identify
subjects under certain circumstances. According to the article,
information posted by the 1,000 Genomes Project - age, state of
residence, and full DNA sequence - used in combination with
available genealogy data was sufficient to narrow the search to a few
likely individuals. A Science Policy Forum article
in the same issue
concludes that this genetic triangulation "reveals the need to re-
examine the current paradigms for managing
the potential identifiability
of genomic and other 'omic'-type data." The President's Commission for
the Study of Bioethical Issues
recently reviewed the ethical and
privacy implications of the use and collection of genetic data. In
February, the Supreme Court
is set to hear Maryland v. King, a case
involving the warrantless collection and use of genetic information.
Science: Paper on
Genome Reidentification (Jan. 18, 2013)
Science: "The Complexities of Genomic Identifiability" (Jan 18, 2013)
1,000 Genomes Project
President's Commission for the Study of Bioethical Issues
EPIC: Maryland v. King
EPIC: Genetic Privacy
TSA Resurrects Use of Commercial Data for Passenger Screening
The TSA is reconsidering the use of commercial data to screen
passengers, a controversial practice that was previously blocked by
the federal government. In 2006 Congress suspended funding
Flight, a program that relied on the use of commercial data, after
EPIC, the General Accounting Office, and others identified
privacy vulnerabilities, including the fact that "Individuals will have
no judicially enforceable right to access
information about them
contained in the system, nor to request correction of information that
is inaccurate, irrelevant, untimely
or incomplete." TSA's current
effort also comes as the Federal Trade Commission is studying the
practices of the data broker industry.
NextGov: Article on TSA Screening (Jan. 16, 2013)
EPIC: Comments to DHS on Secure Flight (2004)
GAO: Testimony before Congress on Secure Flight (2006)
FTC: Press Release on Data Broker Investigation (Dec. 18, 2012)
EPIC: Secure Flight
EPIC: Passenger Profiling
Survey Names Top 10 Most Trusted Companies for Privacy
Privacy research center The Ponemon Institute has released the 2012
of the "Most Trusted Companies for Privacy," an annual report
listing the companies that consumers trust the most with respect to
handling of their personal data. Out of 217 organizations rated,
American Express ranked as the most trusted; others included
eBay, and IBM. In general, consumers rated companies in the healthcare
and banking industries higher than social media
companies and charities.
The report also found that "the importance of privacy has steadily
trended upward over seven years." The
rankings were generated from a
final sample of 6,704 respondents.
Ponemon: "2012 Most Trusted Companies for Privacy" (Jan. 28,
EPIC: Public Opinion on Privacy
 EPIC in the News
"NJ Supreme Court weighs privacy rights of cell phone users."
NorthJersey.com, Jan. 29, 2013.
"Clicking 'like' on Facebook can lead to having personal info
collected." ABC Action News Tampa, Jan. 29, 2013.
"Drive-by Scanning: Officials Expand Use and Dose of Radiation for
Security Screening." ProPublica, Jan 29, 2013.
"Obama campaign gives database of millions of supporters to new
advocacy group." MSN, Jan. 28, 2013.
"Cord blood bank agrees to improve data security after lapse."
Reuters, Jan. 28, 2013.
"Air travel gets a lot more modest." BBC, Jan. 25, 2013.
"If you've ever wanted to evade overhead surveillance drones -- and, of
course, look stylish while." The Washington Times, Jan.
"A Farewell to 'Nudity' at Airport Checkpoints." The New York Times,
Jan. 21, 2013.
"TSA removing 'virtual strip search' body scanners." CNN, Jan. 19, 2013.
"Controversial full-body scanners to be removed from airports." Los
Angeles Times, Jan. 18, 2013.
"TSA pulls the plug on 'naked' X-ray scanners after maker fails to
guarantee privacy." The Verge, Jan. 18, 2013.
"Naked-Image Scanners to Be Removed From U.S. Airports." Bloomberg
News, Jan. 18, 2013.
"Facebook search may take time to catch on." The Oakland Tribune, Jan.
"Obscurity: A Better Way to Think About Your Data Than 'Privacy'."
The Atlantic, Jan. 17, 2013.
"Facebook introduces new search tool." Los Angeles Times, Jan. 16,
"US plans to increase drone missions in the country." (Video)
Press TV, Jan. 16, 2013.
"Laws urged to curb snooping by drones." The Washington Times, Jan.
"Swartz death immortalizes hacking law woes." USA Today, Jan. 15, 2012.
For More EPIC in the News:
 EPIC Bookstore
"Litigation Under the Federal Open Government Laws 2010," edited by
Harry A. Hammitt, Marc Rotenberg, John A. Verdi, Ginger McCall,
S. Zaid (EPIC 2010). Price: $75
Litigation Under the Federal Open Government Laws is the most
comprehensive, authoritative discussion of the federal open access
This updated version includes new material regarding President Obama's
2009 memo on Open Government, Attorney General Holder's
March 2009 memo
on FOIA Guidance, and the new executive order on declassification. The
standard reference work includes in-depth
analysis of litigation under:
the Freedom of Information Act, the Privacy Act, the Federal Advisory
Committee Act, and the Government in the Sunshine Act. The fully updated
2010 volume is the
25th edition of the manual that lawyers, journalists
and researchers have relied on for more than 25 years.
"Information Privacy Law: Cases and Materials, Second Edition" Daniel
J. Solove, Marc Rotenberg, and Paul Schwartz. (Aspen 2005).
This clear, comprehensive introduction to the field of information
privacy law allows instructors to enliven their teaching of fundamental
concepts by addressing both enduring and emerging controversies. The
Second Edition addresses numerous rapidly developing areas of
law, including: identity theft, government data mining and electronic
surveillance law, the Foreign Intelligence Surveillance
intelligence sharing, RFID tags, GPS, spyware, web bugs, and more.
Information Privacy Law, Second Edition, builds a cohesive
for an exciting course in this rapidly evolving area of law.
"Privacy & Human Rights
2006: An International Survey of Privacy Laws
and Developments" (EPIC 2007). Price: $75.
This annual report by EPIC and Privacy International provides an
overview of key privacy topics and reviews the state of privacy
75 countries around the world. The report outlines legal protections,
new challenges, and important issues and events relating
Privacy & Human Rights 2006 is the most comprehensive report on privacy
and data protection ever published.
"The Public Voice WSIS Sourcebook: Perspectives on the World Summit on
the Information Society" (EPIC 2004). Price: $40.
This resource promotes a dialogue on the issues, the outcomes, and the
process of the World Summit on the Information Society (WSIS).
reference guide provides the official UN documents, regional and
issue-oriented perspectives, and recommendations and proposals
future action, as well as a useful list of resources and contacts for
individuals and organizations that wish to become more
involved in the
"The Privacy Law Sourcebook 2004: United States Law, International
and Recent Developments," Marc Rotenberg, editor (EPIC 2005). Price:
The Privacy Law Sourcebook, which has been called the "Physician's Desk
Reference" of the privacy world, is the leading resource
attorneys, researchers, and journalists interested in pursuing privacy
law in the United States and around the world.
It includes the full
texts of major privacy laws and directives such as the Fair Credit
Reporting Act, the Privacy Act, and the OECD
Privacy Guidelines, as
well as an up-to-date section on recent developments. New materials
include the APEC Privacy Framework, the
Video Voyeurism Prevention Act,
and the CAN-SPAM Act.
"Filters and Freedom 2.0: Free Speech Perspectives
on Internet Content
Controls" (EPIC 2001). Price: $20.
A collection of essays, studies, and critiques of Internet content
filtering. These papers are instrumental in explaining why filtering
threatens free expression.
EPIC publications and other books on privacy, open government, free
expression, and constitutional values can be ordered at:
EPIC also publishes EPIC FOIA Notes, which provides brief summaries of
interesting documents obtained
from government agencies under the
Freedom of Information Act.
Subscribe to EPIC FOIA Notes at:
 Upcoming Conferences and Events
"The New Frontier: Policy & Politics in the Age of the Internet." 22
February, Washington, DC. For More Information:
"IDP13 in OKC." 23 February 2013, Oklahoma City, OK. For More
"Drones.edu: Hands on the Future in the Classroom." SXSW, 6 March
2013, Austin, TX. For More Information: http://sxswedu.com/.
"Online Privacy: Consenting to your Future." 21-22 March 2013,
Portomaso, Malta. For More Information:
EPIC Champion of Freedom Awards Dinner. 3 June 2013, Washington, DC.
For More Information: http://epic.org/june3.
22nd Annual Computers, Freedom, & Privacy Conference. 25-26 June 2013,
Washington, DC. For More Information: Contact Chris Calabrese
Join EPIC on Facebook and Twitter
Join the Electronic Privacy Information Center on Facebook and Twitter:
Join us on Twitter for #privchat, Tuesdays, 11:00am ET.
Start a discussion on privacy. Let us know your thoughts.
Stay up to date with EPIC's events.
The EPIC Alert mailing list is used only to mail the EPIC Alert and to
send notices about EPIC activities. We do not sell, rent
or share our
mailing list. We also intend to challenge any subpoena or other legal
process seeking access to our mailing list. We
do not enhance (link to
other databases) our mailing list or require your actual name.
In the event you wish to subscribe or unsubscribe
your e-mail address
from this list, please follow the above instructions under "subscription
The Electronic Privacy Information Center is
a public interest research
center in Washington, DC. It was established in 1994 to focus public
attention on emerging privacy issues
such as the Clipper Chip, the
Digital Telephony proposal, national ID cards, medical record privacy,
and the collection and sale
of personal information. EPIC publishes the
EPIC Alert, pursues Freedom of Information Act litigation, and conducts
policy research. For more information, see http://www.epic.org or write
EPIC, 1718 Connecticut Ave. NW, Suite 200, Washington, DC 20009. +1 202
483 1140 (tel), +1 202 483 1248 (fax).
Donate to EPIC
If you'd like to support the work of the
Electronic Privacy Information
Center, contributions are welcome and fully tax-deductible. Checks
should be made out to "EPIC" and
sent to 1718 Connecticut Ave. NW,
Suite 200, Washington, DC 20009. Or you can contribute online at:
Your contributions will help support Freedom of Information Act and
First Amendment litigation, strong and effective advocacy for the right
of privacy and efforts to oppose government and private-sector
infringement on constitutional values.
Thank you for your support.
Subscribe/unsubscribe via web interface:
Back issues are available at:
The EPIC Alert displays best in a fixed-width font, such as Courier.
------------------------- END EPIC Alert 20.02-----------------------