EPIC Alert 20.05
E P I C A l e r t
Volume 20.05 March 15, 2013
Published by the
Electronic Privacy Information Center (EPIC)
"Defend Privacy. Support EPIC."
Table of Contents
 States Fine Google for Street View Privacy Violations
 EPIC Mounts Petition after FOIA Documents Reveal Drone
 EPIC Prevails in Two FOIA Cases, Obtains More Data on Body Scanners
 EPIC Prevails in Social Media Monitoring FOIA
 EPIC Testifies Before Maryland Legislature on Location Privacy
 News in Brief
 EPIC in the News
 Book Review: 'Trust
Me, I'm Lying'
 Upcoming Conferences and Events
TAKE ACTION: Sign EPIC's Petition to Suspend CBP's Drone Program!
- SIGN the
- READ the FAA Announcement: http://epic.org/redirect/030113-FAA.html
- LEARN about Drones: http://epic.org/redirect/031513-cpb-drones.html
- SUPPORT EPIC: http://www.epic.org/donate/
 States Fine Google for Street View Privacy Violations
Attorneys General for 38 states and the District of Columbia
reached a $7 million settlement with Google over consumer protection
and privacy claims stemming from Google's unauthorized
personal data via the company's Street View vehicles.
According to the "Assurance of Voluntary Compliance" settlement,
Google Street View mapping vehicles roamed US streets between 2008 and
2010, they also accessed unsecured wireless networks
within their range
"for use in offering 'location aware' or geolocation services." In the
process they collected unauthorized "payload
data" from the wireless
networks of residential and business Internet users, including "URLs
of requested Web pages, partial or
complete email communications, or
any other information, including any confidential or private
information being transmitted to
or from the network user." The
payload data, which remained "unparsed" and in "binary, machine-
readable form" and "was not and
will not be used in any product or
service" was not discovered until 2010, after which Google "terminated"
the data collection,
"segregated" the existing data, and "disabled the
[data collection] equipment and software" on Street View vehicles.
data itself was never destroyed.
As a result of previous settlements with the Federal Trade Commission,
Google is already required
to implement a comprehensive privacy
program. Now, in addition to the $7 million fine, Google must add
further provisions to the
company's existing privacy regime,
including implementing a privacy training and development program;
deleting all unlawfully acquired
data; submitting biennial reports to
the Attorneys General; and educating consumers about wireless network
security via a YouTube
video, blog posts, half-page newspaper ads, and
running "daily online ads promoting the how-to video for at least two
the data the campaign begins." However, the settlement only
disposes of civil claims against Google; it does not release the
from any potential criminal liability for violating state
In 2010, EPIC urged the Federal Communication Commission
investigate the Google Street View program after it became clear that
Google had intercepted the private communications of millions
wireless network users. Google already has acknowledged that it may
have intercepted URLs of requested web pages and the
content of email
messages sent over these networks. Countries in the EU and elsewhere,
including Hong Kong and South Korea, have
previously sued Google for
violation of national law.
EPIC also has pursued FOIA requests about Street View from the FCC and
Department of Justice. Federal wiretap claims over Street View are
still pending in federal court.
CT AG's Office: Announcement
of Street View Settlement (Mar. 12, 2013)
CT AG's Office: Street View Settlement Agreement (Mar. 12, 2013)
EPIC: Letter to FCC re: Google Street View (May 21, 2010)
EPIC: FCC Street View Investigation FOIA Documents (Apr. 13, 2012)
EPIC: DOJ Google Street View FOIA Documents (Apr. 27, 2012)
EPIC: Google Street View
 EPIC Mounts Petition after FOIA Documents Reveal Drone
EPIC has launched a petition to suspend US government
surveillance programs after obtaining new records under the Freedom of
Information Act indicating that the US Bureau of Customs and Border
Protection is operating drones in US airspace capable of intercepting
communications. The records also suggest that the ten
Predator B drones operated by the agency have the capacity to recognize
identify an individual as well as detect specific substances on the
ground. The agency did not provide any responsive records to
request for documentation of any limitations on drone image capture,
storage, or copying.
The approximately 700 pages
of documents CPB provided in response to
EPIC's FOIA request include performance specifications, contracts,
and statements of work.
These records also raise questions about CPB's
compliance with federal privacy laws and the scope of domestic
current domestic drones petition (www.epic.org/drones_petition/)
was precipitated by specific documents ascertaining that Predator
drones operated by Customs and Border Protection along the border
region can watch more than two-thirds of the US population,
the agency allows federal, state, and local law entities to utilize
their drones for operations unrelated to the agency's
federal law, the agency is required to respond to public petitions.
Petitioners must sign on by March 18.
EPIC petitioned the Federal Aviation Administration to
conduct a Notice and Comment Rulemaking on the impact of civilian and
use of drones. Specifically, EPIC urged the agency to
address drones' impact on privacy and civil liberties. The FAA
with a recent announcement that it will begin public
rulemaking on such a privacy impact. The agency's chief counsel, in a
to EPIC President Marc Rotenberg, recognized that drones "raise
privacy concerns" and highlighted the agency's intention to address
these issues "through engagement and collaboration with the public."
EPIC has testified before Congress twice in 2012 about domestic
use, submitted comments to the FAA, and held a symposium on drones and
EPIC: Domestic Drone Petition
EPIC: FAA Petition on US Drones (Feb. 24, 2012)
FAA: Announcement on Drone Rulemaking (Feb. 14, 2013)
FAA: Letter to EPIC re: Drones (Feb. 14, 2013)
EPIC: Congressional Testimony on Drones (Jul. 19, 2012)
EPIC: Symposium on Drones and Domestic Surveillance (Jan. 15, 2013)
EPIC: Domestic Unmanned Aerial Vehicles (UAVs) and Drones
 EPIC Prevails in Two FOIA Cases, Obtains More Data
on Body Scanners
A federal judge has granted EPIC victories
in two Freedom of
Information Act cases involving the controversial airport backscatter
machines. Washington, DC District Court Judge Royce Lamberth held
that the Department of Homeland Security must turn over two
safety reports on backscatter machine radiation output, as well as a
set of PowerPoint slides about Automated Target Recognition software.
The agency previously claimed it was not required to release
documents to EPIC.
The Transportation Safety Administration, a component of DHS, has used
full-body scanners in airports
since 2005. In 2010, they became the
primary method for screening passengers. In response to passenger
privacy concerns, DHS began
to test automatic screening, or ATR,
software that would eliminate the need for airport security agents to
look at the naked body
scans. As a result of this testing, EPIC pursued
two FOIA requests that sought details about the body-scanner program,
documents describing the machines' functionality, the
Automated Target Recognition software, training manuals given to TSA
and contracts with the manufacturer.
EPIC received an initial set of documents from DHS in February 2013,
but many of the records
were heavily redacted. One of these redacted
documents was a substantial PowerPoint presentation "prepared by TSA's
Office of Security
Technology (OST) and presented in a briefing to the
House Appropriations Committee in connection with future funding" for
software. Because the document also had been presented to
Congress, Judge Lamberth ruled that it was not eligible for redaction
and had to be disclosed. The second document is a 2006 report authored
by a government official evaluating the radiation safety
of a body-
scanning machine called the "Dual Smart Check." Judge Lamberth ruled
that this document was not eligible for redaction
either, and ordered
EPIC has pursued several related Freedom of Information Act cases as a
challenge to the deployment of body scanners. In 2011, the DC Circuit
of Appeals ruled in the case EPIC v. DHS that
the agency must take
public comments on the decision to deploy body scanners for primary
screening. EPIC's petition to the court
stressed that the scanner
program violated the Administrative Procedures Act, the Privacy Act,
the Religious Freedom Restoration Act, the Video Voyeurism Prevention
Act, and the Fourth Amendment. Since that lawsuit, the TSA has ceased
buying the "Whole Body Imaging"
backscatter devices and is actively
replacing them with millimeter wave scanners, a less intrusive but
also controversial scanning
DC District Ct.: Decision in EPIC v. DHS (Scanners) (Mar. 7, 2013)
DC District Ct.: Decision in EPIC v. DHS (PowerPoint) (Mar. 7, 2013)
EPIC: Initial Documents from DHS re: Body Scanners (Feb. 11, 2013)
EPIC: EPIC v. DHS: Suspension of Body Scanner Program
EPIC: Whole Body Imaging Technology
 EPIC Prevails in Social Media Monitoring FOIA Suit
EPIC has obtained a court order and an opinion in a Freedom
Information Act lawsuit against the Department of Homeland Security,
requiring that the agency turn over more documents about the monitoring
social and Internet media organizations. Washington, DC District
Court Judge John Bates determined that DHS could have separated
more disclosable information from the agency's previously redacted
documents, and ordered DHS to disclose these portions of
EPIC had obtained several hundred pages of documents in 2012 that
revealed DHS monitors the Internet for
reports that "reflect adversely"
on the agency or the federal government. The documents included
contracts and statements of work
with General Dynamics for around-the-
clock media and social network monitoring and periodic reports to DHS.
One of these reports
- "Residents Voice Opposition Over Possible Plan
to Bring Guantanamo Detainees to Local Prison-Standish MI" - summarized
public's dissent on blogs and social networking cites, and
quoted specific commenters.
EPIC also obtained a list of very broad
search terms used by the agency
to monitor social media. The list was divided into subcategories,
including "Hazmat & Nuclear,"
"Health Concern + H1N1," "Domestic
Security," "Infrastructure Security," and "Southwest and Border
Violence." Among the search
terms that DHS flagged were "cloud,"
"drill, "pork," "relief," "cops," and "subway."
As a result of EPIC's findings, Congress held
a hearing on "DHS
Monitoring of Social Networking and Media: Enhancing Intelligence
Gathering and Ensuring Privacy." EPIC testified
at the hearing, asking
the House Committee on Homeland Security to halt the monitoring program.
EPIC asserted that the monitoring
was "entirely without legal basis and
threaten[ed] important free speech and expression rights," and stressed
that "law enforcement
agency monitoring of online criticism and dissent
chills legitimate criticism of the government, and implicates the First
EPIC's suggestions to Congress included requiring the immediate and
permanent end to DHS' practice of monitoring for dissent;
guidelines for greater oversight of the DHS' social network and media
monitoring program; and imposing the same oversight
similar social network and media monitoring programs at other agencies.
DC District Ct.: Order in EPIC v. DHS
(Media Monitoring) (Mar. 3, 2013)
EPIC: Complaint in EPIC v. DHS (Media Monitoring) (Dec. 20, 2011)
EPIC: Documents on DHS Social Media Monitoring Obtained via FOIA
US House: Hearing on DHS Social Media Monitoring (Feb. 16, 2012)
EPIC: EPIC v. DHS (Social Media Monitoring)
 EPIC Testifies Before Maryland Legislature on Location
EPIC Appellate Advocacy Counsel Alan Butler testified
before the Maryland House Judiciary Committee in support of Maryland HB
887, a location privacy bill that would establish
a search warrant
requirement for the collection of private location information.
In his testimony, Butler discussed the current
state of location
tracking and privacy under the state and federal constitutions. "The
collection and use of location data implicates
interests as the data necessarily reveals intimate details of user
activities, associations, and habits
within private spaces such as
homes," Butler said. "Recent disclosures by cell phone service
providers give a rough estimate of
the scale of this surveillance
activity, and the numbers are staggering - 1.3 million requests across
the country for subscriber
information in 2011 alone."
The Maryland bill would require a warrant for location tracking and an
annual report on electronic
surveillance reports, similar to federal
wiretap reports. Federal statutes require law enforcement to apply for
a search warrant
before wiretapping a phone line, provide notification
to the surveilled person after the investigation is complete, and give
reporting statistics to a judicial oversight office.
EPIC recently submitted "friend of the court" briefs in State v. Earls
In re United States, both of which center around location privacy.
In State v. Earls, the New Jersey Supreme Court will decide whether
warrant is required for police to track a suspect's cell phone
location. Butler also argued before the New Jersey Court in favor
warrant requirement. In re United States, in the 5th Circuit Court of
Appeals, concerns Fourth Amendment protections for historic
Maryland House of Representatives: HB 887
EPIC: Alan Butler Testimony Before MD House on HB 887 (Feb. 16, 2013)
EPIC: "Friend of the Court" Brief in State v. Earls (Dec. 20, 2012)
EPIC: In re Historic Cell-Site Location Information
EPIC: Locational Privacy
 News in Brief
EPIC Sues DHS for Information on 'Internet Kill Switch'
EPIC has filed a Freedom of Information Act lawsuit against the
Department of Homeland Security, following the agency's failure to
produce any documents about so-called "Emergency
(otherwise known as Standard Operating Procedure 303 or "SOP 303").
SOP 303 describes the process that DHS
would follow in order to execute
a communications shutdown in the event of a national crisis. DHS has
stated publicly that under
SOP 303 an agency component "will function
as the focal point for coordinating any actions leading up to and
following the termination
of private wireless network connections, both
within a localized area, such as a tunnel or bridge, and within an
area." In response to EPIC's initial FOIA request,
however, DHS wrote that it was "unable to locate or identify any
EPIC: FOIA Lawsuit against DHS re "SOP 303" (Feb. 27, 2013)
DHS: "2006-2007 NSTAC Issue Review" (2007)
EPIC: Initial FOIA Request to DHS re: SOP 303 (Jul. 10, 2012)
EPIC: Open Government
Court Rejects Appeal in Facebook Beacon 'Cy Pres' Case
The US Ninth Circuit Court has refused to hear an appeal in a class-
lawsuit over Facebook's Beacon program, which disclosed personal
information without user consent. "Cy pres" ("as near as possible")
a legal doctrine that allows courts to allocate funds to protect the
interests of individuals in a class action settlement.
provide cy pres awards that reflect the reason for the litigation and
are aligned with the interests of class
members. In the Facebook Beacon
case, the court originally chose to award the funds to a new foundation
created by Facebook, a
decision that was subsequently appealed. Six
judges dissented from the denial, writing, "The majority in this case
creates a significant
loophole in our case law that will confuse
litigants and judges, while endorsing cy pres settlements that in no
way benefit class
members." EPIC previously highlighted the dangers of
improper cy pres distributions in settlements with Facebook and Google.
Ninth Circuit Court: Decision in Facebook Beacon Suit (Feb. 26, 2013)
EPIC: Fraley v. Facebook
EPIC: Lane v. Facebook
EPIC: In re: Google Buzz
 EPIC in the News
"Drone Industry: Privacy 'Distractions' Could Have Major Economic
Impacts." US News & World Report, Mar. 13, 2013.
"On new technological front, Rockville seeks to balance information
with privacy." Maryland Gazette.Net, Mar. 13, 2013.
"Lawsuit charges Ed Department with violating student privacy rights."
The Washington Post, Mar. 13, 2013.
"Google Concedes That Drive-By Prying Violated Privacy." The New
York Times, Mar. 11, 2013.
"Facebook 'Likes' reveal more about you than you think." USA Today,
Mar. 11, 2013.
"Harvard's Search for E-Mail
Leak Raises Campus Ire." Bloomberg
BusinessWeek, Mar. 11, 2013.
"Judge: DHS must release scanner radiation reports." Salon, Mar. 7,
"Petition demands an end to drone surveillance." BoingBoing, Mar. 6,
Editorial: "States can stop drone abuse before it occurs." The
Washington Examiner, Mar. 5, 2013.
"Postal Service 'welcome kit' raises questions; White House now cites
Act." The Washington Times, Mar. 4, 2013.
"DHS Considers Eavesdropping Tech for Spy Drones on Border." Slate,
Mar. 1, 2013.
"Border Patrol Drones May Get Wiretapping, Human Identification
Capabilities." The Huffington Post, Mar. 1, 2013.
For More EPIC in the News:
 Book Review: 'Trust Me, I'm Lying'
"Trust Me, I'm Lying: Confessions of a Media Manipulator," Ryan Holiday
Blogs are the digital equivalent of Gilded-Age Yellow Journalism, says
Ryan Holiday, and if you read, write, advertise on, or believe
what you see on them, you are complicit in the degradation of the First
Amendment, the death of journalistic honesty, and
the corrosion of
personal privacy and free thought. Holiday should know: Officially the
marketing director of clothing company
American Apparel, the 25-year-
old self-described "media manipulator" runs a side business
specializing in lying to bloggers in
order to promote his clients.
"Trust Me, I'm Lying" is a speedy, excruciating read through the half-
truths and dissumulations perpetually
propagating up and down the media
food chain: planted anonymous comments that appear on blogs like Gawker
and wind up in the print
editions of The New York Times; bloggers'
provocative corruption of print headlines and press releases to feed
the online public's
insatiable appetite for controversy, emotionalism,
and snark. In the process, data analysts and third-party data brokers
your online viewing habits to feed you targeted advertising -
which is exactly what the blogs and their sponsors want.
about the click-through, says Holiday. Top blogs -
particularly those specializing in celebrity, tech, or political
rumors - don't
really care about the validity of their subject matter,
the truth of their headlines, or the relevance of teaser photographs.
you, the reader, click or share, the blog and thus the advertisers
win. According to Holiday, even the biggest companies bait one
"Facebook hired a high-profile PR agency to execute an anonymous
whisper campaign against [Google] through manufactured
privacy. Bloggers of all stripes had been pitched, with the idea of
building enough buzz for the grand finale: editorials
in the Washington
Post, Politico, USA Today, and The Huffington Post . . . Google was
stunned senseless by the plot."
Nor do the
blog sites of otherwise upstanding print or TV news
organizations maintain the journalistic standards of their analog
Holiday maintains that the 24/7 news cycle has corrupted
journalism, press ethics, reader mentality, and even the advertising
Bloggers are desperate to be "on" a news story first, and
will fact-check later. Advocates call this process "iterative
Holiday calls it "stupid and dangerous" even as he
In fact, "Trust Me, I'm Lying" itself has a titillating narrative
structure reminiscent of blog posts. Holiday first reveals modern
marketers' secrets of winning search engine favorability, more
advertising revenue, and general "buzz" - all of which rely on
distortion, sentimentality, and over-simplification of issues that
normally couldn't be distilled into a 140-character tweet. Then he
explains how detrimental these practices are to society as a
But Holiday's already set up his readers by laying out the lucrative,
power-tripping joys of twisting the truth for dollars
it's hard to believe his recent conversion to old-style media ethics.
Is there a path out of the feverish, amoral
mess we've blogged
ourselves into? "I was hoping to be able to go out on a hopeful note,"
Holiday says, "but I'm not able to do
that" - unless we as a society
are willing to pull back from our digital world, be critical thinkers,
and not to believe everything
we read in the passion of the moment.
- EC Rosenberg
"Litigation Under the
Federal Open Government Laws 2010," edited by
Harry A. Hammitt, Marc Rotenberg, John A. Verdi, Ginger McCall, and Mark
S. Zaid (EPIC
2010). Price: $75
Litigation Under the Federal Open Government Laws is the most
comprehensive, authoritative discussion of the federal open access
This updated version includes new material regarding President Obama's
2009 memo on Open Government, Attorney General Holder's
March 2009 memo
on FOIA Guidance, and the new executive order on declassification. The
standard reference work includes in-depth
analysis of litigation under:
the Freedom of Information Act, the Privacy Act, the Federal Advisory
Committee Act, and the Government in the Sunshine Act. The fully updated
2010 volume is the
25th edition of the manual that lawyers, journalists
and researchers have relied on for more than 25 years.
"Information Privacy Law: Cases and Materials, Second Edition" Daniel
J. Solove, Marc Rotenberg, and Paul Schwartz. (Aspen 2005).
This clear, comprehensive introduction to the field of information
privacy law allows instructors to enliven their teaching of fundamental
concepts by addressing both enduring and emerging controversies. The
Second Edition addresses numerous rapidly developing areas of
law, including: identity theft, government data mining and electronic
surveillance law, the Foreign Intelligence Surveillance
intelligence sharing, RFID tags, GPS, spyware, web bugs, and more.
Information Privacy Law, Second Edition, builds a cohesive
for an exciting course in this rapidly evolving area of law.
"Privacy & Human Rights
2006: An International Survey of Privacy Laws
and Developments" (EPIC 2007). Price: $75.
This annual report by EPIC and Privacy International provides an
overview of key privacy topics and reviews the state of privacy
75 countries around the world. The report outlines legal protections,
new challenges, and important issues and events relating
Privacy & Human Rights 2006 is the most comprehensive report on privacy
and data protection ever published.
"The Public Voice WSIS Sourcebook: Perspectives on the World Summit on
the Information Society" (EPIC 2004). Price: $40.
This resource promotes a dialogue on the issues, the outcomes, and the
process of the World Summit on the Information Society (WSIS).
reference guide provides the official UN documents, regional and
issue-oriented perspectives, and recommendations and proposals
future action, as well as a useful list of resources and contacts for
individuals and organizations that wish to become more
involved in the
"The Privacy Law Sourcebook 2004: United States Law, International
and Recent Developments," Marc Rotenberg, editor (EPIC 2005). Price:
The Privacy Law Sourcebook, which has been called the "Physician's Desk
Reference" of the privacy world, is the leading resource
attorneys, researchers, and journalists interested in pursuing privacy
law in the United States and around the world.
It includes the full
texts of major privacy laws and directives such as the Fair Credit
Reporting Act, the Privacy Act, and the OECD
Privacy Guidelines, as
well as an up-to-date section on recent developments. New materials
include the APEC Privacy Framework, the
Video Voyeurism Prevention Act,
and the CAN-SPAM Act.
"Filters and Freedom 2.0: Free Speech Perspectives
on Internet Content
Controls" (EPIC 2001). Price: $20.
A collection of essays, studies, and critiques of Internet content
filtering. These papers are instrumental in explaining why filtering
threatens free expression.
EPIC publications and other books on privacy, open government, free
expression, and constitutional values can be ordered at:
EPIC also publishes EPIC FOIA Notes, which provides brief summaries of
interesting documents obtained
from government agencies under the
Freedom of Information Act.
Subscribe to EPIC FOIA Notes at:
 Upcoming Conferences and Events
"The Government and Your Personal Information - Balancing Privacy,
National Security and the Public Interest." 20 March 2013, Washington,
DC. For More Information: https://netforum.avectra.com/eWeb/
"Online Privacy: Consenting to your Future." 21-22 March 2013,
Portomaso, Malta. For More Information:
Florida State University ACLU Lecture on Privacy and Government
Surveillance. 1 April
2013, Tallahassee, FL. For More
EPIC Champion of Freedom Awards Dinner. 3 June 2013, Washington, DC.
For More Information: http://epic.org/june3.
2013 Health Privacy Summit, 5-6 June 2013, Washington, DC. For More
22nd Annual Computers, Freedom, & Privacy Conference. 25-26
Washington, DC. For More Information: Contact Chris Calabrese at
Join EPIC on Facebook and Twitter
Join the Electronic Privacy
Information Center on Facebook and Twitter:
Join us on Twitter for #privchat, Tuesdays, 11:00am ET.
Start a discussion on privacy. Let us know your thoughts.
Stay up to date with EPIC's events.
The EPIC Alert mailing list is used only to mail the EPIC Alert and to
send notices about EPIC activities. We do not sell, rent
or share our
mailing list. We also intend to challenge any subpoena or other legal
process seeking access to our mailing list. We
do not enhance (link to
other databases) our mailing list or require your actual name.
In the event you wish to subscribe or unsubscribe
your e-mail address
from this list, please follow the above instructions under "subscription
The Electronic Privacy Information Center is
a public interest research
center in Washington, DC. It was established in 1994 to focus public
attention on emerging privacy issues
such as the Clipper Chip, the
Digital Telephony proposal, national ID cards, medical record privacy,
and the collection and sale
of personal information. EPIC publishes the
EPIC Alert, pursues Freedom of Information Act litigation, and conducts
policy research. For more information, see http://www.epic.org or write
EPIC, 1718 Connecticut Ave. NW, Suite 200, Washington, DC 20009. +1 202
483 1140 (tel), +1 202 483 1248 (fax).
Donate to EPIC
If you'd like to support the work of the
Electronic Privacy Information
Center, contributions are welcome and fully tax-deductible. Checks
should be made out to "EPIC" and
sent to 1718 Connecticut Ave. NW,
Suite 200, Washington, DC 20009. Or you can contribute online at:
Your contributions will help support Freedom of Information Act and
First Amendment litigation, strong and effective advocacy for the right
of privacy and efforts to oppose government and private-sector
infringement on constitutional values.
Thank you for your support.
Subscribe/unsubscribe via web interface:
Back issues are available at:
The EPIC Alert displays best in a fixed-width font, such as Courier.
------------------------- END EPIC Alert 20.05------------------------