E P I C A l e r t
Volume 20.23 November 27, 2013
Published by the
Electronic Privacy Information Center (EPIC)
"Defend Privacy. Support EPIC."
Table of Contents
 Supreme Court Declines EPIC's Challenge to NSA Surveillance Program
 States Reach $17M Settlement with Google Over Privacy
 Federal Court Awards EPIC $30,000 in Social Media Monitoring Case
 EPIC Urges FCC to Investigate AT&T's Sale of
Consumer Phone Records
 Government Audit Finds TSA Behavior Analysis Program 'Ineffective'
 News in Brief
 EPIC in the
 EPIC Book Review: 'Hatching Twitter'
 Upcoming Conferences and Events
TAKE ACTION: Tell Facebook: "Stop Changing
Our Privacy Settings!"
- READ about the Changes: http://epic.org/redirect/090313-facebook.html
- LEARN More about Facebook Privacy: http://epic.org/privacy/facebook/
- SUPPORT EPIC: http://www.epic.org/donate/
 Supreme Court Declines EPIC's Challenge to NSA Surveillance
The United States Supreme Court has, without comment,
declined to hear
EPIC's petition challenging the legality of the Foreign Intelligence
Surveillance Court's order authorizing the
NSA telephone record
collection program. EPIC's petition argued that the FISA court exceeded
legal authority when it ordered Verizon
to turn over, on an ongoing
basis, all domestic telephone call records to the National Security
In response to the Supreme
Court decision, EPIC stated, "The
surveillance order was clearly unlawful. There is simply no way to
establish relevance for the
collection of all telephone records on all
US telephone customers for an intelligence investigation." The Foreign
Surveillance Act makes it very difficult to challenge
these determinations, which is why EPIC filed its petition for
review directly with the Supreme Court.
The petition was distributed to the Justices October 30, along with
four "friend of the
court" briefs by former Church Committee members
and prominent scholars in information law, federal jurisdiction, and
law, all of whom urged the Supreme Court to grant EPIC's
petition. EPIC's petition argued that it is "simply not possible that
every phone record in the possession of a telecommunications firm could
be relevant to an authorized investigation." According
to EPIC, such an
interpretation would "render meaningless" the "relevance" limitation
Congress added to Section 215 of the USA
PATRIOT Act in 2006.
Many members of Congress, including the original authors of the USA
PATRIOT Act, agree that the government's
interpretation is contrary to
legislative intent. The "friend of the court" briefs in support of
EPIC's case similarly argued that
the government's position undermines
the purposes of the Foreign Intelligence Surveillance Act and threatens
Fourth Amendment rights.
The US Solicitor General's Office filed a
brief in opposition to EPIC's petition on October 11, arguing that the
lacks jurisdiction to hear the case.
Senator Patrick Leahy (D-VT) and Representative James Sensenbrenner
(R-WI) have introduced
the USA FREEDOM Act, which would end the bulk
collection program and impose new transparency and oversight rules for
the NSA and
the FISA Court. The American Civil Liberties Union and
other organizations have also challenged the program at the district
level, arguing that the NSA collection program violates the
Constitution and the FISA.
EPIC will continue to push for reform in this area.
US Supreme Court: Denial of Cert in In re EPIC (Nov. 18, 2013)
EPIC: In re EPIC Petition to US Supreme Court (Jul. 8, 2013)
Order to Verizon re: Telephone Records (Apr. 23, 2013)
EPIC: In re EPIC - NSA Telephone Records Surveillance
Rep. Jim Sensenbrenner (R-WI): Text of USA FREEDOM Act (Oct. 29, 2013)
 States Reach $17M Settlement with Google Over Privacy
Maryland Attorney General Douglas Gansler and
attorneys general in 36
states and the District of Columbia have reached a $17 million
settlement with Google over privacy violations.
The state of Maryland,
which led the investigation during Gansler's 2012-2013 tenure as
president of the National Association of
Attorneys General, will
receive more than $1 million as a civil penalty and Google will be
required to change its privacy practices.
According to the settlement, Google violated state consumer protection
and privacy laws by placing advertising tracking cookies
DoubleClick, a company now owned by Google, on Safari browsers despite
telling users that it would honor the default Safari
The Federal Trade Commission fined Google $22.5 million in 2012 over
similar practices that violated an earlier
settlement, itself a result
of a 2010 complaint filed by EPIC.
The settlement requires Google to:
" * Not deploy the type of code
used here to override a browser's
cookie blocking settings without the consumer's consent, unless it
is necessary to do
so in order to detect, prevent or otherwise
address fraud, security or technical issues.
* Not misrepresent or omit material
information to consumers about
how they can use any particular Google product, service or tool to
directly manage how Google
serves advertisements to their browsers.
* Improve the information it provides to consumers regarding cookies,
and how they can be managed by consumers using
Google's products or services and tools.
* Maintain systems designed to ensure
the expiration of the third-
party cookies set on Safari Web browsers while their default
settings had been circumvented."
In 2007, EPIC objected to the Google-DoubleClick merger on privacy
grounds and specifically warned that Google's use of DoubleClick
techniques would lead to impermissible tracking of Internet users.
DoubleClick had earlier been subject to a series of class action
lawsuits and EPIC previously objected to the proposed Doubleclick
Maryland AG Office: Notice of Google Settlement
(Nov. 18, 2013)
FTC: Announcement of Google Safari Settlement (Aug. 9, 2013)
NAAG: Letter to Google re: Account Consolidation (Feb. 22, 2012)
EPIC: Internet Cookies
 Federal Court Awards EPIC $30,000 in Social Media
EPIC has prevailed in a fee dispute with
the Department of Homeland
Security in an open-government case concerning the government's
monitoring of social media. EPIC filed
a FOIA request after the agency
announced plans to gather information from "online forums, blogs,
public websites, and message
boards." After the DHS refused to produce
documents, EPIC filed suit and obtained more than 500 pages describing
the agency program.
When the agency subsequently moved to dismiss the
case, a federal judge ruled that EPIC had "substantially prevailed."
noted that EPIC had complied with the "public benefit' factor
by making a "contribution to the national conversation." Articles
the documents and EPIC's FOIA work were mentioned in numerous
publications, including The Washington Post, FoxNews, Reuters,
Blaze, ComputerWorld, IEEE Spectrum, and Forbes. The court also noted
that these documents were "heavily featured" at a Congressional
and that "this is the sort of public benefit that FOIA was designed to
Earlier, DHS sought to give EPIC a token
amount in settlement for what
DHS called "a 9-page boilerplate complaint for this simple,
straightforward FOIA case." The court
had harsh words for the agency,
emphasizing that "If FOIA's statutory requirements as applied to this
case were so 'simple' and
'straightforward', DHS might have been better
served by complying with them--rather than by ignoring statutory
deadlines and meeting
their legal obligations only upon being served
with a complaint in federal court."
The case is EPIC v. DHS, No. 11-2261 (D.D.C.
Nov. 15, 2013).
EPIC: Resolution in Fee Dispute with DHS (Nov. 15, 2013)
Washington Post: Article on Social Media Monitoring (Jan. 13, 2012)
Fox News: Article on Social Media Monitoring (Dec. 24, 2011)
Reuters: Article on Social Media Monitoring (Jan. 11, 2012)
The Blaze: Article on Social Media Monitoring (Dec. 28, 2011)
ComputerWorld: Article on Social Media Monitoring (Jan. 16, 2012)
IEEE Spectrum: Article on Social Media Monitoring (May 29, 2012)
Forbes: Article on Social Media Monitoring (May 26, 2012)
US House: Hearing on Social Media Monitoring (Feb. 16, 2012)
EPIC: EPIC v. DHS Social Media Monitoring
 EPIC Urges FCC to Investigate AT&T's Sale of Consumer
In a letter to Federal Communications Commission
Chairman Tom Wheeler,
EPIC urged the FCC to determine whether AT&T violated the
Communications Act when it sold private consumer
information to the Drug Enforcement Administration and Central
Intelligence Agency. The letter follows EPIC's previous
obtain the FCC's view on whether Verizon violated the Communications
Act when it released consumer call detail information
to the National
The letter was prompted in part by two New York Times reports. One,
released in September 2013,
found that AT&T had disclosed private
information to federal and local law enforcement and intelligence
agencies. The report discusses
the Hemisphere project, under which
four billion call records per day, including "every call that passes
through an AT&T switch-not
just those made by AT&T customers," are
provided to the government. AT&T grants government officials access to
network information ("CPNI") pursuant to
administrative subpoenas, which are issued by the DEA and are not
subject to judicial
oversight. The second, released in early November
2013, found that AT&T sells CPNI to the CIA. According to the report,
C.I.A. supplies phone numbers of overseas terrorism suspects,
and AT&T searches its database and provides records of calls that
help identify foreign associates [.]" AT&T is not under a court order
or subpoena to disclose CPNI to the CIA.
explained that AT&T's actions violated Section 222 of the
Telecommunications Act of 1996, which mandates that telecommunications
carriers, such as AT&T, protect CPNI. EPIC also informed the Commission
that the National Association of Regulatory Utility Commissioners
issued a draft resolution underscoring the crucial role of the FCC in
protecting consumer information.
Earlier in 2013, EPIC
asked the FCC to resolve whether Verizon violated
the Communications Act when it released consumer call detail
information to the
NSA. "The role of carriers like Verizon is
particularly important because the structure of the Foreign
Act does not allow for meaningful public
oversight or accountability," EPIC argued. Thus, "millions of consumers
had no way of
knowing that their personal information had been
illegally provided to the NSA by Verizon" - yet at the same time,
are completely dependent on Verizon for the protection
of their personal phone records."
EPIC: Letter to FCC re: AT&T (Nov. 15,
NARUC: Resolution (Nov. 8, 2013)
The New York Times: Hemisphere (Sep. 1, 2013)
The New York Times: CIA (Nov. 7, 2013)
EPIC: Letter to FCC re: NSA Surveillance (Jun. 11, 2013)
FISA: Verizon Order (Apr. 23, 2013)
EPIC: Foreign Intelligence Surveillance Act
EPIC: Clapper v. Amnesty Int'l
EPIC: USA PATRIOT Act
 Government Audit Finds TSA Behavior Analysis Program
The Government Accountability Office has
issued a report to Congress
finding that the Transportation Security Administration's behavioral
analysis program, known as "Screening
of Passengers by Observation
Techniques" (SPOT), is ineffective. The GAO determined that there is no
scientifically valid evidence
for behavior indicators, and that TSA
screeners cannot reliably interpret passenger behavior. The GAO report
also notes that the
there have been significant concerns over racial
and ethnic profiling.
Approximately 3,000 TSA officers are currently assigned
to the SPOT
program, which has cost approximately $900 million since 2007. The GAO
recommended the Congress reduce further funding
of the program.
In testimony before the 9/11 Commission in 2003, EPIC warned, "It is
easy to construct a device that can determine
whether a person is
carrying a gun before he boards an airplane. It is much more difficult
to construct a device that can probe
his thoughts and determine his
intent to commit a crime." Since that time, EPIC has objected to the
DHS's practice of assigning
threat profiles based on race, ethnicity,
and gender. EPIC has also called upon the TSA to undertake a
comprehensive audit of the
civil rights impact of airport screening
policies on racial and religious minorities.
Another TSA program, the Visible Intermodal
Prevention and Response
(VIPR) program also has had its effectiveness called into question for
similar reasons. The VIPR program
involves warrantless searches at
various locations, including festivals, sporting events, and bus
stations. Like the SPOT program,
the VIPR program lacks performance
metrics despite a $100 million dollar budget.
In 2007, EPIC submitted comments to the Department
of Homeland Security
opposing the implementation of Secure Flight, a passenger profiling
program that would maintain watch lists
of names of individuals
suspected of posing a risk to air travel. EPIC warned against the high
error rates of watch lists and the
lack of redress for travelers on
GAO: Report on TSA Behavioral Profiling (Nov. 2013)
EPIC: Testimony Before 9/11 Commission (Dec. 8, 2003)
EPIC: Comments to DHS re: Automated Targeting System (June 21, 2012)
EPIC: Letter to DHS re: TSA Racial Profiling Audit (Dec. 1, 2011)
US House: Report on TSA (Sept. 2012)
EPIC: Comments to DHS re: Secure Flight (Sept. 24, 2007)
 News in Brief
EPIC Files FOIA Request with FTC re: Facebook Investigation
EPIC has filed a Freedom of Information Act request with the Federal
Trade Commission for documents concerning the FTC's recent
"investigation" of Facebook's policy changes.
concerned changes to Facebook's Data Use Policy that permit the use of
the names, images, and content of Facebook
users for commercial
endorsement without user consent. Following announcement of the
proposed change, EPIC and several several
privacy groups wrote to the
FTC objecting to the changes as a violation of a 2011 consent order
with Federal Trade Commission.
Senator Ed Markey (D-MA) also expressed
concern about the policy changes. The Commission opened an
investigation, which was then
quietly closed allowing Facebook to go
forward with the changes.
EPIC: FOIA Request on FTC Facebook Investigation (Nov. 18,
EPIC et al.: Letter to FTC re: Facebook Policy Changes (Sep. 4, 2013)
Sen. Markey (D- MA): Press Release on Facebook Letter (Sep. 11, 2013)
United Nations Considers Privacy Resolution
In response to growing concern over the scope of electronic
surveillance, the UN
General Assembly is considering a resolution
affirming that privacy is a fundamental right. Civil society groups
have long urged
international organizations to update and strengthen
global frameworks for privacy protection. The UN resolution now under
is a response to reports that the US conducted
surveillance of many foreign leaders, including Brazilian President
and German Chancellor Angela Merkel. Brazil and Germany
are leading the effort at the United Nations on the privacy resolution.
The European Parliament also is pursuing an investigation of the "Mass
Surveillance of EU Citizens." The US Congress itself is
legislation, such as the USA FREEDOM Act, to reign in surveillance
UN: Draft Privacy Resolution (Nov.
The Public Voice: 2013 Conference in Warsaw, Poland (Sep. 2013)
EU: LIBE Committee Events
Sen. Leahy (D-VT): Press Release on USA FREEDOM Act (Oct. 29, 2013)
The Public Voice: The Madrid Declaration (Nov. 3, 2009)
 EPIC in the News
"The Government's Secret Plan to Shut Off Cellphones and the Internet,
Explained." Mother Jones, Nov. 26, 2013.
"Embracing big brother: How facial recognition could help fight crime."
CNN, Nov. 25, 2013.
"Washington's overall take on data brokers muddled." Politico, Nov. 25,
"The Government Might Finally Have to Explain Its 'Internet Kill
Switch Policy," by EPIC Consumer Protection Counsel David Jacobs.
Slate, Nov. 25, 2013.
"LG Promises to Shut Down TV Spy Ops." E-Commerce Times, Nov. 21, 2013.
"Judge Orders Homeland Security to Release Details for Shutting Down
Wireless Networks." NextGov, Nov. 20, 2013.
"Congress and Courts Weigh Restraints on N.S.A. Spying." The New York
Times, Nov. 19, 2013.
"Google to Pay $17 Million to Settle Privacy Case." The New York Times,
Nov. 18, 2013.
"Supreme Court won't hear challenge to NSA's phone-records collection."
The Washington Post, Nov. 18, 2013.
"NSA surveillance programs face challenges in court." USA Today, Nov.
"Feinstein promotes bill to strengthen NSA's hand on warrantless
searches." The Guardian, Nov. 15, 2013.
For More EPIC in the News: http://epic.org/news/epic_in_news.html
 EPIC Book Review: 'Hatching Twitter'
"Hatching Twitter: A True Story of Money, Power, Friendship, and
Betrayal," Nick Bilton
Pop quiz: How do you write the story of a Silicon Valley startup after
the cinematic success of "The Social Network"?
journalist Nick Bilton tackles this cultural challenge
in his new book, "Hatching Twitter: A True Story of Money, Power,
and Betrayal." From the title alone, Bilton may have
already lost; his audience has heard this story before. Even his
Note, which opens the book, delivers a deconstructionist
caveat about the fallibility of memory and the significance of
when reconstructing a reliable record. Bilton writes,
"It became apparent in the interviews for the book that people's
of past events have changed over time." He relates that, in an
attempt to compensate for these divergent memories, "In every instance
possible I have tried to triangulate timing and location of events
using documents I obtained, and, of course, social media." He
that, to make these calculations, he pored over hundreds of hours of
interviews, more than a thousand documents, and tens
of thousands of
tweets, photos and videos. He also notes, "Any instance of a
character's inner monologue or emotional state is
based on interviews
with that individual and not assumed."
Against that backdrop, the story begins with a chapter titled "#START."
The chapters in Hatching Twitter are all hashtagged, and where a
subchapter tells part of the story from one person's perspective,
subchapter is tagged with an @. The narrative bounces back and forth
between the founders' perspectives, moving forward chronologically
Ev Williams' successful sale of Blogger in 2003 through his ousting
from Twitter in 2010. If there were a protagonist in this
would be Williams. His role in Twitter's development the thread tying
together the book's various perspectives. But every
person's story is
told with the same immaculate detail, including reconstructed
conversations, thoughts, feelings, and impulses.
surrender his narrative voice, however - he fills in the gaps left by
divergent memories with editorial remarks
about the significance of
the moment. In these moments, his background as a New York Times
columnist and reporter are most evident.
The factors that shape this book - the success of the Facebook story
as entertainment, the postmodern reflection on memory in the
statement, the kitsch of beginning each chapter with a Twitter tag, and
the columnist's narrative voice - could easily
have ruined this book's
chances at success. Those elements could have pulled the book in too
many directions for a cohesive story
But "Hatching Twitter" is fantastic. It's truly a success. Progressing
through the narrative, all the divergent factors
coalesce to answer
that initial question of how the story of Twitter could compete in a
Facebook world. The answer is that the
book reads like a Twitter feed.
The story is as different from the Facebook story as Twitter is
different from Facebook (both are
Internet social media platforms, but
that's about it). The book's similarity to Twitter also explains the
author's preface about
reconstructed memories. Twitter is a constant
stream of recorded memory; dialogue, thoughts, feelings, and impulses.
complexity of a person's life can be read in the tweets of an
ardent user. And Bilton's gripping prose relates that complexity so
effortlessly that it's easy to forget that these aren't fictional
characters. That's why Bilton needs to step into the narrative
occasionally - to remind the reader that this is a real story. Not just
inspired by a real story, but a near-exact replica.
Twitter"'s success is Bilton's success in recognizing the
mountain of obstacles facing the narrator of the Twitter story.
of letting those obstacles drag the story apart, Bilton
harnesses them into a rich, detailed, faithful account - which is also
-- Julia Horwitz
Under the Federal Open Government Laws 2010," edited by
Harry A. Hammitt, Marc Rotenberg, John A. Verdi, Ginger McCall, and Mark
S. Zaid (EPIC 2010). Price: $75.
Litigation Under the Federal Open Government Laws is the most
comprehensive, authoritative discussion of the federal open access
This updated version includes new material regarding President Obama's
2009 memo on Open Government, Attorney General Holder's
March 2009 memo
on FOIA Guidance, and the new executive order on declassification. The
standard reference work includes in-depth
analysis of litigation under:
the Freedom of Information Act, the Privacy Act, the Federal Advisory
Committee Act, and the Government in the Sunshine Act. The fully updated
2010 volume is the
25th edition of the manual that lawyers, journalists
and researchers have relied on for more than 25 years.
"Information Privacy Law: Cases and Materials, Second Edition" Daniel J.
Solove, Marc Rotenberg, and Paul Schwartz. (Aspen 2005).
This clear, comprehensive introduction to the field of information
privacy law allows instructors to enliven their teaching of fundamental
concepts by addressing both enduring and emerging controversies. The
Second Edition addresses numerous rapidly developing areas of
law, including: identity theft, government data mining and electronic
surveillance law, the Foreign Intelligence Surveillance
intelligence sharing, RFID tags, GPS, spyware, web bugs, and more.
Information Privacy Law, Second Edition, builds a cohesive
for an exciting course in this rapidly evolving area of law.
"Privacy & Human Rights
2006: An International Survey of Privacy Laws
and Developments" (EPIC 2007). Price: $75.
This annual report by EPIC and Privacy International provides an
overview of key privacy topics and reviews the state of privacy
75 countries around the world. The report outlines legal protections,
new challenges, and important issues and events relating
Privacy & Human Rights 2006 is the most comprehensive report on privacy
and data protection ever published.
"The Public Voice WSIS Sourcebook: Perspectives on the World Summit on
the Information Society" (EPIC 2004). Price: $40.
This resource promotes a dialogue on the issues, the outcomes, and the
process of the World Summit on the Information Society (WSIS).
reference guide provides the official UN documents, regional and
issue-oriented perspectives, and recommendations and proposals
future action, as well as a useful list of resources and contacts for
individuals and organizations that wish to become more
involved in the
"The Privacy Law Sourcebook 2004: United States Law, International
and Recent Developments," Marc Rotenberg, editor (EPIC 2005). Price:
The Privacy Law Sourcebook, which has been called the "Physician's Desk
Reference" of the privacy world, is the leading resource
attorneys, researchers, and journalists interested in pursuing privacy
law in the United States and around the world.
It includes the full
texts of major privacy laws and directives such as the Fair Credit
Reporting Act, the Privacy Act, and the OECD
Privacy Guidelines, as well
as an up-to-date section on recent developments. New materials include
the APEC Privacy Framework, the
Video Voyeurism Prevention Act, and the
"Filters and Freedom 2.0: Free Speech Perspectives
on Internet Content
Controls" (EPIC 2001). Price: $20.
A collection of essays, studies, and critiques of Internet content
filtering. These papers are instrumental in explaining why filtering
threatens free expression.
EPIC publications and other books on privacy, open government, free
expression, and constitutional values can be ordered at:
EPIC Bookstore: http://www.epic.org/bookstore
EPIC also publishes EPIC FOIA Notes, which provides brief summaries of
interesting documents obtained
from government agencies under the
Freedom of Information Act.
Subscribe to EPIC FOIA Notes at:
 Upcoming Conferences and Events
"Privacy in the Networked World," featuring EPIC Appellate Advocacy
Counsel Alan Butler. Waikoloa, Hawaii, January 26, 2014. For
Join EPIC on Facebook and Twitter
Join the Electronic Privacy Information Center on Facebook and Twitter:
Join us on Twitter for #privchat, Tuesdays, 11:00am ET.
Start a discussion on privacy. Let us know your thoughts. Stay up to
date with EPIC's events. Support EPIC.
The EPIC Alert mailing list is used only to mail the EPIC Alert and to
send notices about EPIC activities. We do not sell, rent
or share our
mailing list. We also intend to challenge any subpoena or other legal
process seeking access to our mailing list. We
do not enhance (link to
other databases) our mailing list or require your actual name.
In the event you wish to subscribe or unsubscribe
your e-mail address
from this list, please follow the above instructions under "subscription
The Electronic Privacy Information Center is
a public interest research
center in Washington, DC. It was established in 1994 to focus public
attention on emerging privacy issues
such as the Clipper Chip, the
Digital Telephony proposal, national ID cards, medical record privacy,
and the collection and sale
of personal information. EPIC publishes the
EPIC Alert, pursues Freedom of Information Act litigation, and conducts
policy research. For more information, see http://www.epic.org or write
EPIC, 1718 Connecticut Ave. NW, Suite 200, Washington, DC 20009. +1 202
483 1140 (tel), +1 202 483 1248 (fax).
Donate to EPIC
If you'd like to support the work of the
Electronic Privacy Information
Center, contributions are welcome and fully tax-deductible. Checks
should be made out to "EPIC" and
sent to 1718 Connecticut Ave. NW, Suite
200, Washington, DC 20009. Or you can contribute online at:
Your contributions will help support Freedom of Information Act and
First Amendment litigation, strong and effective advocacy for the right
of privacy and efforts to oppose government and private-sector
infringement on constitutional values.
Thank you for your support.
Subscribe/unsubscribe via web interface:
Back issues are available at: http://www.epic.org/alert
The EPIC Alert displays best in a fixed-width font, such as Courier.
------------------------- END EPIC Alert 20.23------------------------