EPIC Alert 20.04
======================================================================= E P I C A l e r t ======================================================================= Volume 20.04 March 3, 2013 ----------------------------------------------------------------------- Published by the Electronic Privacy Information Center (EPIC) Washington, D.C. http://www.epic.org/alert/epic_alert_20.04.html "Defend Privacy. Support EPIC." http://epic.org/donate =========================================================================== Table of Contents =========================================================================== [1] Supreme Court Blocks Challenge to FISA Surveillance [2] EPIC Obtains Counterterrorism Data-Collection Docs on US Citizens [3] EPIC Challenges Secret Statute in WikiLeaks Case [4] EPIC: DHS Backscatter Training Manuals Don't Include Privacy Plans [5] FTC Approves Final Settlement with Consumer Tracking Firm [6] News in Brief [7] EPIC in the News [8] Book Review: 'When Gadgets Betray Us' [9] Upcoming Conferences and Events TAKE ACTION: Sign EPIC's Petition to Suspend CBP's Drone Program! - READ the FAA Announcement: http://epic.org/redirect/030113-FAA.html - LEARN about Drones: http://epic.org/privacy/drones/ - SUPPORT EPIC: http://www.epic.org/donate/ ======================================================================== [1] Supreme Court Blocks Challenge to FISA Surveillance ======================================================================== The US Supreme Court ruled February 26 that Clapper v. Amnesty International USA, a constitutional challenge to the Foreign Intelligence Surveillance Act (FISA), could not go forward, contending that the case's Respondents had not presented sufficient proof to establish standing to sue the federal government. In 2008, a group of attorneys and journalists alleged that the US government could be intercepting their communications with their foreign contacts in violation of the Fourth Amendment. The FISA Amendments Act allows the National Security Agency to warrantlessly intercept electronic communications with overseas persons so long as no US persons are "intentionally targeted." The Respondents, who routinely communicate with individuals who have links to Al Qaeda, said the government almost certainly was intercepting their communications without a court order. In a divided 5-4 decision, Justice Samuel Alito wrote that the group's alleged injuries were too speculative to be considered. The Court's majority said that the group could not prove, with "certainly impending" likelihood, that the government has intercepted or would intercept their communications. The Court also stated that the group's expenditures and attempts to avoid government surveillance were likewise insufficient to have their case heard. Chief Justice Roberts and Justices Scalia, Kennedy, and Thomas also signed on to the majority opinion. Justice Stephen Breyer, joined by Justices Ginsburg, Kagan, and Sotomayor, dissented, stating that the Court's "certainly impending" standard was inconsistent with prior decisions. Justice Breyer wrote that to be heard in court, a party need only show a reasonable apprehension or "reasonable probability" that they will be injured by the government's actions. Breyer wrote that these attorneys and journalists communicate with exactly the types of individuals that the government would have an interest in monitoring, and therefore making it likely that their communications are being or would be intercepted. Justice Breyer also cited EPIC's "friend of the court" brief, which described the NSA's "almost boundless capacity to intercept private communications, including those of U.S. Persons." EPIC's brief also discussed the history of the NSA's warrantless wiretapping, the NSA's expanding capabilities, and FISA's lack of transparency or oversight. US Supreme Court: Opinion in Clapper v. Amnesty Int'l (Feb. 26, 2013) http://www.supremecourt.gov/opinions/12pdf/11-1025_ihdj.pdf EPIC: "Friend of the Court Brief" in Clapper v. Amnesty http://epic.org/amicus/fisa/clapper/EPIC-Amicus-Brief.pdf EPIC: Clapper v. Amnesty Int'l USA http://epic.org/amicus/fisa/clapper/ EPIC: FISA http://epic.org/privacy/terrorism/fisa/ ======================================================================== [2] EPIC Obtains Counterterrorism Data-Collection Docs on US Citizens ======================================================================== As a result of a Freedom of Information Act lawsuit, EPIC has obtained previously secret training slides from the Office of the Director of National Intelligence detailing the agency's guidelines for collection, dissemination, and retention of information about United States citizens. EPIC had sued ODNI in August 2012 after the agency failed to respond to several EPIC FOIA requests about ODNI's plan to increase data collection on Americans. The documents recently obtained by EPIC as a result of the lawsuit outline ODNI's policies for collecting data and shed light on the legal standard to retain data indefinitely. The guidelines allow for unlimited retention of information about US persons if there is a "reasonable and articulable suspicion" that the information is terrorism information. However, the agency concedes that "there is no requirement that the analyst's wisdom be rock solid or infallible" and allows retention "even if the facts individually appear innocent in nature." EPIC is still seeking documents about the agency's information-sharing agreements, privacy protections, and mechanisms to correct errors in databases. EPIC's FOIA request was sparked by the March 2012 update to the National Counterterrorism Center guidelines, which now allow the retention of data for up to five years on US citizens who have no obvious connection to terrorist activities. EPIC has filed other Freedom of Information Act requests with the Office of the Director of National Intelligence, seeking the "priority list" of databases ODNI planned to copy; data accuracy and security safeguards; agreements and disputes between the ODNI and agency heads; and interpretations of key standards used to identify "terrorism information." EPIC previously has sought documents related to the collection of information on US persons. Currently EPIC is suing the Central Intelligence Agency to release a report prepared by the CIA Inspector General that addresses possible domestic surveillance by the agency. ODNI: NCTC Training Guideline Slides Obtained by EPIC under FOIA http://epic.org/foia/odni/File-1-2.pdf EPIC: 1st FOIA Request to ODNI (Mar. 28, 2012) http://epic.org/foia/odni/FOIA%20Request%20March%2028.PDF EPIC: 2nd FOIA Request to ODNI (June 14, 2012) http://epic.org/foia/odni/FOIA%20Request%20June%2014.PDF EPIC: FOIA Lawsuit Against ODNI (Aug. 1, 2012) http://epic.org/foia/odni/1-main.pdf EPIC: EPIC v. ODNI http://epic.org/foia/odni/epic_v_odni.html EPIC: EPIC v. CIA - Domestic Surveillance http://epic.org/foia/cia/domesticsurveillance.html ========================================================================= [3] EPIC Challenges Secret Statute in WikiLeaks Case ========================================================================= EPIC has filed a Freedom of Information Act lawsuit against the US Department of Justice, seeking information on the agency's reliance on secret legal authority to conduct surveillance of individuals who have expressed interest in WikiLeaks. EPIC's FOIA request stemmed from a November 2010 incident in which WikiLeaks posted 220 confidential American diplomatic cables on the WikiLeaks.org web site. The US government attempted to restrict access to the documents, and subsequently opened an investigation into the WikiLeaks release, attempting to identify users who accessed the WikiLeaks documents. The federal investigation included inquiries into Amazon.com, the company that hosted the WikiLeaks website, as well as PayPal and other online payment processors who facilitated donations to WikiLeaks. In June 2011, EPIC submitted FOIA requests to the Criminal and National Security Divisions of the Department of Justice, and to the Federal Bureau of Investigation. EPIC requested records including: any individuals targeted for surveillance because of their support for or interest in WikiLeaks; lists of names of individuals who have demonstrated support for or interest in WikiLeaks; agency communications with Internet or social media companies about individuals who have demonstrated support for or interest in WikiLeaks; and any agency communications with financial services companies about individuals who may have donated money to WikiLeaks. To date, the FBI and both DOJ divisions have failed to provide any documents in response to EPIC's June 2011 requests. EPIC filed Administrative Appeals with the FBI and the National Security Division of the DOJ in September 2011, and with the DOJ's Criminal Division in October 2011. The DOJ has withheld from disclosure certain information responsive to the EPIC request but will not reveal the legal basis for the decision. In January 2012, EPIC filed a lawsuit against both the DOJ and the FBI based on the agencies' non-responsiveness to EPIC's request, and to compel the disclosure of the requested documents. EPIC's lawsuit maintains that secret law "poses unique concerns to democratic governance and undermines the purpose of the FOIA." EPIC: Opposition to Defendant's Motion in EPIC v. DOJ (Feb. 18, 2013) http://epic.org/foia/doj/EPIC-v-DOJ-WikiLeaks-exparteopp.pdf EPIC: Administrative Appeal in EPIC v. DHS (WikiLeaks) (Aug. 5, 2011) http://epic.org/redirect/030113-epic-admin-appeal-wikileaks.html EPIC: EPIC v. DOJ (WikiLeaks) http://epic.org/foia/epic_v_doj_fbi_WikiLeaks.html EPIC: Open Government http://epic.org/open_gov/ ======================================================================== [4] EPIC: DHS Backscatter Training Manuals Don't Include Privacy Plans ======================================================================== In response to an EPIC Freedom of Information Act request, the Department of Homeland Security has released documents on US Secret Service's use of backscatter machines. EPIC sought information about the types of images captured by backscatter devices, the length of time the images can be stored, and safeguards for maintaining the integrity and security of the captured images. EPIC also requested any information from DHS about body scanner radiation risks. The FOIA materials received by EPIC include the sales contract between the US government and body scanner manufacturer Rapiscan, and the Secret Service's training manuals for instructing new recruits on the operation of body scanners. The training materials make no mention of data privacy. In the "FAA Modernization and Reform Act of 2012", Congress mandated that all airport body scanners be equipped with privacy-enhancing software by June 1, 2012. The documents do not specify whether the body scanners used by the US Secret Service comply with this mandate. EPIC sued the Department of Homeland Security in 2012 to force disclosure of technical documents about the body scanner program. The documents EPIC received reveal that DHS publicly mischaracterized the National Institute of Standards and Technology's findings on backscatter machines' safety, stating that NIST had "affirmed the safety" of full body scanners. In fact, NIST never tested full-body scanners for safety. In a related lawsuit, EPIC v. DHS, the DC Circuit Court of Appeals determined in 2011 that air travelers have a right to opt-out of the body-scanner screening and that the TSA must undertake a public notice and comment rulemaking. In the most recent decision, the court ordered DHS to begin the public comment process by March 2013. Despite the court order for public comment on body scanners, in September 2012 the Department of Homeland Security awarded $245 million in contracts for body scanners without public input. EPIC: FOIA Request to Secret Service re: Body Scanners (Apr. 20, 2012) http://epic.org/foia/dhs/usss/Secret-Service-FOIA-Request.pdf US Secret Service: Contracts for Body Scanners http://epic.org/foia/dhs/usss/Secret-Service-Contracts.pdf US Secret Service: Body Scanner Training Manual http://epic.org/foia/dhs/usss/Secret-Service-Docs-1.pdf EPIC: EPIC v. DHS (Suspension of Body Scanner Program) http://epic.org/redirect/030113-epic-v-dhs-scan-suspension.html EPIC: Whole Body Imaging Technology and Body Scanners http://epic.org/privacy/airtravel/backscatter/ ======================================================================== [5] FTC Approves Final Settlement with Consumer Tracking Firm ======================================================================== The Federal Trade Commission has adopted a proposed settlement with Compete Inc., a company that develops software for tracking consumers as they shop, browse and interact with different Web sites across the Internet. As part of the Compete registration process, consumers installed tracking software that "collected the names of all Web sites visited; all links followed; advertisements displayed when Web sites were visited; and information that consumers entered into some web pages", even otherwise secure Web pages. Data collected including credit card and financial account numbers, usernames, passwords, and search terms. The Commission's initial complaint alleged that Compete failed to adopt reasonable data security practices and deceived consumers about the amount of personal information collected by the toolbar and survey panel. The FTC also charged Compete with deceptive practices for falsely claiming that the retained data had been anonymized. The settlement order requires Compete to obtain express consent from consumers before collecting data. The company is similarly required to delete or anonymize the data it has already collected and to provide users with instructions for uninstallation of the Compete toolbar. In November 2012 comments to the FTC, EPIC recommended that the agency also require Compete to implement Fair Information Practices similar to those contained in the Consumer Privacy Bill of Rights, and develop a best-practices guide to de-identification techniques. The Consumer Privacy Bill of Rights, published by the White House in February 2012, sets out a comprehensive framework of consumer privacy protections. EPIC's comments maintained that Compete's adherence to the Consumer Privacy Bill of Rights would impose requirements on the company's collection and use of personal social networking information, and grant Compete users control over their data and the right to access and amend their personal information. Additionally, Compete should have been required to develop best-practices principles for de- identification, thus providing "businesses and consumer groups something more concrete against which to measure claims of de- identification and anonymity." While the FTC declined to adopt EPIC's recommendations, the Commission acknowledged that, as EPIC had noted, the FTC's "chief technologists have discussed some anonymization techniques as an aid to industry. However, generally, the Commission does not provide specific technical guidance in areas like this, which are constantly changing. It is a company's responsibility to keep abreast of and select the technology that it believes best meets its needs and requirements while appropriately protecting consumer privacy." FTC: Settlement with Compete Inc. (Feb. 20, 2013) http://www.ftc.gov/os/caselist/1023155/130222competedo.pdf FTC: Letter to EPIC re: Compete Inc. Settlement (Feb. 20, 2013) http://www.ftc.gov/os/caselist/1023155/130222competeepicletter.pdf EPIC: Comments to FTC re: Compete Inc. (Nov. 19, 2012) http://epic.org/privacy/ftc/EPIC-FTC-Comments-Compete.pdf The White House: Consumer Privacy Bill of Rights (Feb. 2012) http://www.whitehouse.gov/sites/default/files/privacy-final.pdf EPIC: Federal Trade Commission http://epic.org/privacy/internet/ftc/ EPIC: Re-Identification http://epic.org/privacy/reidentification/ EPIC: Consumer Profiling http://epic.org/privacy/profiling/default.html ========================================================================= [6] News in Brief ========================================================================= EPIC Thanks Congress for FOIA Oversight, Calls for Focus on Transparency EPIC, along with more than 40 government transparency organizations, thanked the US House Committee on Oversight for sending a letter to the Department of Justice about the importance of the Freedom of Information Act. The open-government organizations stated in the letter to Oversight Committee Chairs Reps. Darell Issa (R-CA) and Elijah Cummings (D-MD) that "outdated FOIA regulations, excessive fee assessments, growing FOIA backlogs, and the misuse of exemptions are issues that continually frustrate FOIA requesters" and expressed hope that the Committee would share the Department of Justice's responses with the public. EPIC also joined more than two-dozen transparency groups in a letter to President Obama, asking him to renew his commitment to transparency and FOIA. The President issued a memorandum on Transparency and Open Government in 2009. Open Gov't Coalition: Letter to US House FOIA Committee (Feb. 19, 2013) http://epic.org/redirect/030113-openthegov-foia-thankyou.html House Oversight Committee: Letter to OIP re: Open Govt. (Feb. 4, 2013) http://epic.org/redirect/030113-openthegov-letter-oip.html Open Gov't Coalition: Letter to President Obama on FOIA (Feb. 19. 2013) http://epic.org/redirect/030113-openthegov-letter-obama.html The White House: Memorandum on Transparency and Open Govt. (Jan. 2009) http://epic.org/redirect/030113-whitehouse-transparency.html EPIC: Open Government http://epic.org/open_gov/ 'Sniff up to Snuff,' Says Supreme Court in Drug-Detecting Dog Case The US Supreme Court unanimously ruled February 19 in Florida v. Harris that law enforcement may use drug-detection dogs to conduct searches without a warrant, even when the dog finds drugs it is not trained to detect. The Florida Supreme Court ruled in 2011 that the search against defendant Harris was unlawful because the State failed to provide field performance records to establish the dog's reliability. The Court, in an opinion written by Justice Elena Kagan, rejected the Florida court's "inflexible checklist" of necessary evidence in favor of a more flexible, "common-sensical standard." EPIC filed a "friend of the court" brief in the case, arguing that "investigative techniques should be used based on research, testing, and data indicating reliability." EPIC cited a recent National Academy of Sciences report highlighting the lack of reliable standards for investigative techniques. Earlier in February, the US Department of Justice announced a new initiative to improve forensics reliability. EPIC: Florida v. Harris http://epic.org/amicus/harris/ US Supreme Court: Decision in Florida v. Harris (Feb. 19, 2013) http://www.supremecourt.gov/opinions/12pdf/11-817_5if6.pdf Florida Supreme Court: Decision in Florida v. Harris (Apr. 21, 2011) http://www.floridasupremecourt.org/decisions/2011/sc08-1871.pdf EPIC: "Friend of the Court" Brief in Florida v. Harris (Aug. 31, 2012) http://epic.org/amicus/harris/EPIC-Amicus-Brief.pdf National Academies: "Strengthening Forensic Science in the US" (2009) https://www.ncjrs.gov/pdffiles1/nij/grants/228091.pdf Sen. P. Leahy (D-VT): Press Release on US DoJ Forensics (Feb. 15, 2013) http://epic.org/redirect/030113-leahy-forensics.html Supreme Court to Hear Arguments On Warrantless DNA Collection The US Supreme Court will hear arguments in Maryland v. King, a case centering on whether the Fourth Amendment allows warrantless, suspicionless DNA collection from anyone arrested, but not convicted, of a "serious crime." Petitioner State of Maryland will argue that states should be permitted to use DNA to investigate cold cases even when the arrestee is not a suspect. Respondent King will argue that the Fourth Amendment requires a probable cause warrant for routine law enforcement investigations. EPIC, joined by 27 technical experts and legal scholars, filed a "friend of the court" brief in the case that describes how DNA collection and use "has grown dramatically and unpredictably over time." EPIC has asked the US Supreme Court to affirm the decision of the Maryland Supreme Court, which held that a warrant is required for the collection of a DNA sample. US Supreme Court: Maryland v. King http://epic.org/redirect/030113-scotus-md-king.html ABA: Petition of State of MD in Maryland v. King (Dec. 26, 2012) http://epic.org/redirect/030113-petition-state-md-king.html ABA: Petition of Respondent King in Maryland v. King (Jan. 2013) http://epic.org/redirect/030113-petition-respondent-md-king.html EPIC: "Friend of the Court" Brief in Maryland v. King (Feb. 1, 2013) http://epic.org/amicus/dna-act/maryland/EPIC-Amicus-Brief.pdf EPIC: Maryland v. King http://epic.org/amicus/dna-act/maryland/default.html EPIC: Genetic Privacy http://epic.org/privacy/genetic/ New Legislation Aimed At Protecting Privacy From Domestic Drones US Representatives Ted Poe (R-TX) and Zoe Lofgren (D-CA) have introduced the "Preserving American Privacy Act of 2013," a bill designed to provide individual privacy protections against drone surveillance. The bill requires all US drone operators to submit a public data collection statement that includes a description of the drone's purpose and intended operations. The bill also requires a warrant in order for drone surveillance information to be received as evidence, and includes a ban on equipping drones with firearms. EPIC twice has asked Congress to protect individual privacy against increased use of domestic drones. In 2012, EPIC, joined by over 100 organizations, experts, and members of the public, petitioned the FAA to establish privacy safeguards. Rep. Ted Poe: Press Release on Drone Privacy Bill (Feb. 13, 2013) http://epic.org/redirect/030113-poe-drone-press-release.html "Preserving American Privacy Act of 2013" http://epic.org/redirect/030113-preserving-american-privacy-act.html EPIC: Testimony Before US Congress on Drones (Jul. 12, 2012) http://epic.org/privacy/testimony/EPIC-Drone-Testimony-7-12.pdf EPIC: Testimony Before US Congress on Drones (Oct. 25, 2012) http://epic.org/privacy/drones/EPIC-Drones-Testimony-102512.pdf EPIC et al.: Petition to FAA on Domestic Drone Use (Mar. 8, 2012) http://epic.org/privacy/drones/FAA-553e-Petition-03-08-12.pdf EPIC: Unmanned Aerial Vehicles (UAVs) and Drones http://epic.org/privacy/drones/ DHS Working Group to Consider Privacy Impact of Drones The Department of Homeland Security has released a previously internal memo regarding the establishment of a working group to "Safeguard Privacy, Civil Rights, and Civil Liberties in the Department's Use and Support of Unmanned Aerial Systems [drones]." The memo states, "[t]he overarching goal of the working group is to determine what policies and procedures are needed to ensure that protections for privacy, civil rights, and civil liberties are designed into DHS and DHS-funded [drone] programs." DHS has developed a program to explore the expansive use of small drones for law enforcement. US Customs and Border Protection currently operates 10 Predator B drones within the US. In testimony before Congress in July 2012, EPIC said that federal agencies operating drones should adopt privacy regulations. DHS: Letter re: Release of Internal Memo (Sept. 14, 2012) http://epic.org/redirect/030113-DHS-release-internal-memo.html DHS: Report on RAPS Drone Project (Nov. 16, 2012) http://epic.org/redirect/030113-DHS-RAPS-report.html US CBP: Documents on Predator Drones (Aug. 17, 2012) http://epic.org/redirect/030113-CPB-predator-docs.html EPIC: Testimony Before US Congress on Drone Use (Jul. 12, 2012) http://epic.org/privacy/testimony/EPIC-Drone-Testimony-7-12.pdf EPIC: Domestic Unmanned Aerial Vehicles (UAVs) and Drones http://epic.org/privacy/drones/ EU Prepares Action Against Google French data protection regulator CNIL, acting on behalf of the European Union, has announced it will take action against Google after Google failed to reply to CNIL's questions about the company's handling of user information. EU authorities are setting up a working group, led by CNIL, to coordinate their response. The group is expected to take action before summer 2013. In October 2012, officials representing 24 European countries sent a letter to Google, requiring it to comply with European data protection laws and give users greater control over their personal information. The letter asked Google to clarify how it combines customer data from its various services, and establishes precise data retention policies. Google did not respond. CNIL's action followed an investigation triggered by Google's change in privacy policies in March 2012, which allowed the company to combine user data across 60 Internet services. Also in 2012, EPIC sued the Federal Trade Commission to enforce the terms of a prior settlement with Google. Google has previously been sanctioned and fined by the FTC for violating user privacy. As a result, Google is subject to regular privacy audits and is not allowed to make deceptive changes to privacy practices. CNIL: Press Release on Google Privacy Policy Action (Feb. 18, 2013) http://epic.org/redirect/030113-CNIL-google-data.html CNIL: Letter to Google re: Privacy Policies (Oct. 16, 2012) http://epic.org/redirect/030113-CNIL-google-letter.html NAAG: Letter to Google re: Privacy Policies (Feb. 22, 2012) http://epic.org/redirect/030113-NAAG-letter-google.html Congressional Privacy Caucus: Letter to FTC re: Google (Feb. 17, 2012) http://epic.org/redirect/030113-priv-caucus-letter-google.html EPIC: In re Google Buzz http://epic.org/privacy/ftc/googlebuzz/ EPIC: Enforcement of Google Consent Order http://epic.org/privacy/ftc/google/consent-order.html EPIC: EU Data Protection Directive http://epic.org/privacy/intl/eu_data_protection_directive.html ======================================================================= [7] EPIC in the News ======================================================================= "The FAA Wants to Hear from You About Privacy and Domestic Drones." Lawfare, Mar. 1, 2013. http://epic.org/redirect/030113-lawfare-drones-epic.html "Predator Drones Keep an Eye on the Border, Documents Show." The New York Times, Feb. 28, 2013. http://epic.org/redirect/030113-nytimes-drones-epic.html "FTC, Compete Finalize Privacy Settlement." MediaPost, Feb. 25, 2013. http://epic.org/redirect/030112-mediapost-ftc-compete-epic.html "Homeland Security: Let's be clear about aerial drone privacy." CNET, Feb. 22, 2013. http://epic.org/redirect/030112-cnet-drones-epic.html "If You're Collecting Our Data, You Ought to Protect It." The New York Times, Feb. 16, 2013. http://epic.org/redirect/030112-nytimes-data-epic.html "National Counterterrorism Center's 'Terrorist Information' Rules Outlined In Document." The Huffington Post, Feb. 15, 2013. http://epic.org/redirect/030112-huffpost-nctc-epic.html "FBI Files Unlock History Behind Clandestine Cellphone Tracking Tool." Slate, Feb. 15, 2013. http://epic.org/redirect/030112-slate-stingray-epic.html "FAA Promises Privacy Standards for Domestic Drones." Information Week, Feb. 15, 2013. http://epic.org/redirect/030113-infoweek-drones-epic.html "Google raises new privacy concerns with app store policy." Chicago Tribune, Feb. 14, 2013. http://epic.org/redirect/030112-chitrib-appstore-epic.html For More EPIC in the News: http://epic.org/news/epic_in_news.html ======================================================================== [8] Book Review: 'When Gadgets Betray Us' ======================================================================== "When Gadgets Betray Us: The Dark Side of Our Infatuation with New Technology," Robert Vamosi http://epic.org/redirect/030113-when-gadgets-betray-us-vamosi.html Robert Vamosi says your electronic devices are security incidents waiting to happen. And if the devices themselves won't fail you, hackers are waiting to grab your loose data and run. But security researcher and tech journalist Vamosi's latest book, "When Gadgets Betray Us: The Dark Side of Our Infatuation with New Technology," isn't an anti-technology screed; rather, it's a reasoned, compelling, and even entertaining look at how consumer demand for faster, more convenient and more feature-rich equipment is creating increasingly dangerous insecure gadgets. "How we use our gadgets is only half of the problem," Vamosi says. "The other half is the hardware itself. We fail to recognize that these same gadgets can fail. Or that they can be made to lie. Or track our every move." According to Vamosi, "gadget betrayal" generally falls into a few categories: security flaws exploitable by those with malicious intent; security flaws inherent in software design and user interface; and data "leakage" in a device's interaction with the Internet. Sometimes the flaws are apparently accidental - as when security researchers discovered in 2011 that iPhones were creating locational "breadcrumb trails" of their owners. But that same data was used purposely to create locational iOS apps like "Find My Friends," which can be easily exploited by stalkers and data brokers. "When Gadgets Betray Us" provides readers with an extensive vocabulary of hacking techniques (buffer overflows, SQL injections, keystroke logging, man-in-the-middle attacks) and an equally extensive list of objects that can be hacked, leave "breadcrumb trails," or both (cars, digital cameras, transponders, medical devices, smartphones). Vamosi stresses repeatedly, however, that he doesn't intend to frighten his audience, but merely provide it with enough data to make informed decisions about how, where, and when they use their electronic devices. Vamosi seems to have a fascination with the ethically ambiguous security hackers who frequent conventions like BlackHat and DefCon and publicize security flaws of devices ranging from electronic hotel keys to medical implants to automobile "black boxes." Vamosi's response?: Don't give up your gadgets - just be careful. Security, he says, is constructed in layers: If the hardware gets hacked, let your software protect it. If your device leaks data, harden it with encryption. Don't make it easy for anyone - criminals, online advertisers, jilted lovers - to take down your gadget, your bank account, or your privacy. Just like we lock our houses when we go out rather than staying fearfully at home, we need to learn how to lock our electronic "homes" - and demand better virtual locks from manufacturers. "'That's all security is,'" Vamosi says. "'Barriers to slow someone down.'" - EC Rosenberg ================================ EPIC Publications: "Litigation Under the Federal Open Government Laws 2010," edited by Harry A. Hammitt, Marc Rotenberg, John A. Verdi, Ginger McCall, and Mark S. Zaid (EPIC 2010). Price: $75 http://epic.org/bookstore/foia2010/ Litigation Under the Federal Open Government Laws is the most comprehensive, authoritative discussion of the federal open access laws. This updated version includes new material regarding President Obama's 2009 memo on Open Government, Attorney General Holder's March 2009 memo on FOIA Guidance, and the new executive order on declassification. The standard reference work includes in-depth analysis of litigation under: the Freedom of Information Act, the Privacy Act, the Federal Advisory Committee Act, and the Government in the Sunshine Act. The fully updated 2010 volume is the 25th edition of the manual that lawyers, journalists and researchers have relied on for more than 25 years. ================================ "Information Privacy Law: Cases and Materials, Second Edition" Daniel J. Solove, Marc Rotenberg, and Paul Schwartz. (Aspen 2005). Price: $98. http://www.epic.org/redirect/aspen_ipl_casebook.html This clear, comprehensive introduction to the field of information privacy law allows instructors to enliven their teaching of fundamental concepts by addressing both enduring and emerging controversies. The Second Edition addresses numerous rapidly developing areas of privacy law, including: identity theft, government data mining and electronic surveillance law, the Foreign Intelligence Surveillance Act, intelligence sharing, RFID tags, GPS, spyware, web bugs, and more. Information Privacy Law, Second Edition, builds a cohesive foundation for an exciting course in this rapidly evolving area of law. ================================ "Privacy & Human Rights 2006: An International Survey of Privacy Laws and Developments" (EPIC 2007). Price: $75. http://www.epic.org/phr06/ This annual report by EPIC and Privacy International provides an overview of key privacy topics and reviews the state of privacy in over 75 countries around the world. The report outlines legal protections, new challenges, and important issues and events relating to privacy. Privacy & Human Rights 2006 is the most comprehensive report on privacy and data protection ever published. ================================ "The Public Voice WSIS Sourcebook: Perspectives on the World Summit on the Information Society" (EPIC 2004). Price: $40. http://www.epic.org/bookstore/pvsourcebook This resource promotes a dialogue on the issues, the outcomes, and the process of the World Summit on the Information Society (WSIS). This reference guide provides the official UN documents, regional and issue-oriented perspectives, and recommendations and proposals for future action, as well as a useful list of resources and contacts for individuals and organizations that wish to become more involved in the WSIS process. ================================ "The Privacy Law Sourcebook 2004: United States Law, International Law, and Recent Developments," Marc Rotenberg, editor (EPIC 2005). Price: $40. http://www.epic.org/bookstore/pls2004/ The Privacy Law Sourcebook, which has been called the "Physician's Desk Reference" of the privacy world, is the leading resource for students, attorneys, researchers, and journalists interested in pursuing privacy law in the United States and around the world. It includes the full texts of major privacy laws and directives such as the Fair Credit Reporting Act, the Privacy Act, and the OECD Privacy Guidelines, as well as an up-to-date section on recent developments. New materials include the APEC Privacy Framework, the Video Voyeurism Prevention Act, and the CAN-SPAM Act. ================================ "Filters and Freedom 2.0: Free Speech Perspectives on Internet Content Controls" (EPIC 2001). Price: $20. http://www.epic.org/bookstore/filters2.0 A collection of essays, studies, and critiques of Internet content filtering. These papers are instrumental in explaining why filtering threatens free expression. ================================ EPIC publications and other books on privacy, open government, free expression, and constitutional values can be ordered at: EPIC Bookstore http://www.epic.org/bookstore ================================ EPIC also publishes EPIC FOIA Notes, which provides brief summaries of interesting documents obtained from government agencies under the Freedom of Information Act. Subscribe to EPIC FOIA Notes at: http://mailman.epic.org/mailman/listinfo/foia_notes ======================================================================= [9] Upcoming Conferences and Events ======================================================================= "Location Tracking and Biometrics Conference." 3 March 2013, Yale University, New Haven, CT. For More Information: http://yaleisp.org/event/location-tracking-and-biometrics-conference. "Drones.edu: Hands on the Future in the Classroom." SXSW, 6 March 2013, Austin, TX. For More Information: http://sxswedu.com/. 2013 D.C. Open Government Summit. 13 March 2013, Washington, DC. For More Information: http://www.dcogc.org/node/1621. "Online Privacy: Consenting to your Future." 21-22 March 2013, Portomaso, Malta. For More Information: http://www.onlineprivacyconference.eu. EPIC Champion of Freedom Awards Dinner. 3 June 2013, Washington, DC. For More Information: http://epic.org/june3. 2013 Health Privacy Summit, 5-6 June 2013, Washington, DC. For More Information: http://www.healthprivacysummit.org/events/2013-health- privacy-summit/event-summary-1bfa9be80d364092aeed1a8803377fa8.aspx. 22nd Annual Computers, Freedom, & Privacy Conference. 25-26 June 2013, Washington, DC. For More Information: Contact Chris Calabrese at ccalabrese@dcaclu.org. ======================================================================= Join EPIC on Facebook and Twitter ======================================================================= Join the Electronic Privacy Information Center on Facebook and Twitter: http://facebook.com/epicprivacy http://epic.org/facebook http://twitter.com/epicprivacy Join us on Twitter for #privchat, Tuesdays, 11:00am ET. Start a discussion on privacy. Let us know your thoughts. Stay up to date with EPIC's events. Support EPIC. ======================================================================= Privacy Policy ======================================================================= The EPIC Alert mailing list is used only to mail the EPIC Alert and to send notices about EPIC activities. We do not sell, rent or share our mailing list. We also intend to challenge any subpoena or other legal process seeking access to our mailing list. We do not enhance (link to other databases) our mailing list or require your actual name. In the event you wish to subscribe or unsubscribe your e-mail address from this list, please follow the above instructions under "subscription information." ======================================================================= About EPIC ======================================================================= The Electronic Privacy Information Center is a public interest research center in Washington, DC. It was established in 1994 to focus public attention on emerging privacy issues such as the Clipper Chip, the Digital Telephony proposal, national ID cards, medical record privacy, and the collection and sale of personal information. EPIC publishes the EPIC Alert, pursues Freedom of Information Act litigation, and conducts policy research. For more information, see http://www.epic.org or write EPIC, 1718 Connecticut Ave. NW, Suite 200, Washington, DC 20009. +1 202 483 1140 (tel), +1 202 483 1248 (fax). ======================================================================= Donate to EPIC ======================================================================= If you'd like to support the work of the Electronic Privacy Information Center, contributions are welcome and fully tax-deductible. Checks should be made out to "EPIC" and sent to 1718 Connecticut Ave. NW, Suite 200, Washington, DC 20009. Or you can contribute online at: http://www.epic.org/donate Your contributions will help support Freedom of Information Act and First Amendment litigation, strong and effective advocacy for the right of privacy and efforts to oppose government and private-sector infringement on constitutional values. Thank you for your support. ======================================================================= Subscription Information ======================================================================= Subscribe/unsubscribe via web interface: http://mailman.epic.org/mailman/listinfo/epic_news Back issues are available at: http://www.epic.org/alert The EPIC Alert displays best in a fixed-width font, such as Courier. ------------------------- END EPIC Alert 20.04------------------------