======================================================================= E P I C A l e r t ======================================================================= Volume 10.09 May 7, 2003 ----------------------------------------------------------------------- Published by the Electronic Privacy Information Center (EPIC) Washington, D.C. http://www.epic.org/alert/EPIC_Alert_10.09.html ======================================================================= Table of Contents ======================================================================= [1] European Groups Discuss Implications of Passenger Profiling [2] FISA Surveillance Reached All-Time High in 2002 [3] UNESCO Celebrates Freedom of the Press Worldwide [4] Congress Holds Oversight Hearing On Data Mining Systems [5] Rights Experts Release Report Criticizing EU Response to 9/11 [6] News in Brief [7] EPIC Bookstore: Surveillance & Society [8] Upcoming Conferences and Events ======================================================================= [1] European Groups Discuss Implications of Passenger Profiling ======================================================================= European Digital Rights (EDRi), a coalition of privacy and civil liberties organizations in Europe, has started a campaign opposing the transfer of European air passenger data to the United States. EDRi is asking European air travelers to file complaints with their airline companies in order to discern what personal information of theirs is being disclosed to the US government, and to write letters to their national data protection authorities urging them to investigate the situation. EDRi argues that the release of this information is a breach of EU privacy laws. On May 6, a United States government delegation appeared at a hearing before the European Parliament in an attempt to demonstrate the necessity of the Computer Assisted Passenger Pre-screening System (CAPPS-II). Numerous questions were asked of the witnesses, such as: * Why does the US government need all of the information available in the Passenger Name Record (PNR), which can include data such as meal preference, credit card number, and hotel and car rental information? * Why do you plan to retain some passenger data for up to 50 years? * How is there no profiling or data mining involved when CAPPS-II seems to be such an extensive system? * Will Europeans have similar rights to US citizens regarding access to and correction of their records? * Will judicial remedies be afforded in the case of abuses, even though US legislation (such as the Privacy Act) does not protect Europeans? and * How does the scope of these data requests relate to the ultimate goal of securing air travel safety? Many Members of Parliament found that the Homeland Security repre- sentatives' answers to these and other questions were insufficient. Government representatives also referred to "already commercially available information" as the only source of data to be used in the database. However, documents obtained by EPIC under the Freedom of Information Act have led to discussions about whether such commercial information on foreigners may have been, at times, illegally collected by private companies acting as government contractors, as may be the case with ChoicePoint's recent activity in Central and South America (see EPIC Alert 10.08). Meanwhile, the US Bureau of Customs and Border Protection (CBP) and the European Commission recently discussed a possible solution to restrict threats to European passenger privacy. The solution would call for airlines to create a back-up copy of all passenger data, filtering out information that CBP did not specifically request, or sensitive data for which transfer is strictly limited under EU laws. The data would then be transferred to CBP, instead of allowing them full and direct access to the databases. However, this would impose high costs for the airlines that US Customs does not want to bear. EDRi Campaign Web Site: http://www.edri.org/cgi-bin/index?funktion=campaigns EPIC's EU/US Passenger Data Disclosure Page: http://www.epic.org/privacy/intl/passenger_data.html ======================================================================= [2] FISA Surveillance Reached All-Time High in 2002 ======================================================================= The number of Foreign Intelligence Surveillance Act (FISA) orders reached an all-time high in 2002, with 1228 applications presented to, and approved by, the secret FISA Court. The calendar year of 1980 was the first full year that FISA was in effect, during which 319 FISA applications were presented. Since FISA went into effect, the Court has approved all government applications. During 2002, 1358 total Title III (ordinary law enforcement) appli- cations were approved and one was denied. Title III activity reached an all-time high in 2001, with 1491 total applications approved and zero denied. Since 1968, a total of 29,250 Title III applications have been presented (comprising 9,928 federal applications and 19,322 state applications) and 32 denied. (Note that not all jurisdictions have reported their wiretap usage.) Congress passed FISA in 1978, establishing a separate legal regime for "foreign intelligence" surveillance. Title III, the "Wiretap Statute," outlines the strict guidelines regulating ordinary law enforcement surveillance, while FISA regulates the government's collection of "foreign intelligence" information in furtherance of U.S. counter- intelligence and anti-terrorism efforts. FISA was initially limited to electronic eavesdropping and wire- tapping. In 1994, it was amended to permit covert physical entries in connection with "security" investigations, and in 1998, it was amended to permit pen/trap orders. FISA, under provisions not reflected in the recently reported figures, can also be used to obtain a broad range of business records. Foreign Intelligence Surveillance Act Orders, 1979-2002: http://www.epic.org/privacy/wiretap/stats/fisa_stats.html Title III Wiretap Orders, 1968-2002: http://www.epic.org/privacy/wiretap/stats/wiretap_stats.html EPIC's FISA Page: http://www.epic.org/privacy/terrorism/fisa/ ======================================================================= [3] UNESCO Celebrates Freedom of the Press Worldwide ======================================================================= Every year, the United Nations Educational, Scientific and Cultural Organization (UNESCO) coordinates the observation of World Press Freedom Day on May 3. World Press Freedom Day is a day to celebrate the fundamental principles of press freedom, to evaluate the state of freedom of the press around the world, to defend the media from attacks on their independence, and to pay tribute to journalists who have lost their lives in the exercise of their profession. The UNESCO/Guillermo Cano World Press Freedom Prize is awarded each year to honor the work of an individual, organization, or institution defending or promoting freedom of expression anywhere in the world, especially if this puts the person’s life at risk. Israeli journalist Amira Hass, who has spent the last decade living in and reporting on the Palestinian Territories for the Israeli daily newspaper Ha’aretz, was this year's winner. UNESCO also held a two-day conference titled "Early New Millennium Challenges" in Kingston, Jamaica. EPIC Policy Analyst Mihir Kshirsagar, who coordinates the Public Voice coalition, spoke at the conference about the development of participative democracy and the civil society on a panel called "Freedom of Expression in Knowledge Societies: Opportunities." Kshirsagar's speech focused on the important role that new communication technologies can play in enabling free expression. He said, "These technologies of freedom operate by decentralizing sources of information; the aim is to promote pluralism of expression rather than the dissemination of preferred ideas." New communication technologies, which emphasize peer-to-peer production and distribution of ideas, must be afforded the same protections by governments that were granted to the press and broadcast mediums. UNESCO is uniquely situated to help ensure that the benefits of these new communication technologies are fully realized. UNESCO World Press Freedom Day 2003: http://portal.unesco.org/ci/ev.php?URL_ID=1204&URL_DO=DO_TOPIC Transcript of speech on new communication technologies, by EPIC Policy Analyst Mihir Kshirsagar: http://www.thepublicvoice.org/press_freedom_speech.html ======================================================================= [4] Congress Holds Oversight Hearing On Data Mining Systems ======================================================================= On May 6, the House Subcommittee on Technology and Information Policy held an oversight hearing on the data mining systems being used or considered by three federal agencies. The Subcommittee heard testi- mony from Steve McCraw, Assistant Director, Office of Intelligence, Federal Bureau of Investigation (FBI); Admiral James L. Loy, Director, Transportation Security Administration (TSA); and Dr. Anthony Tether, Director, Defense Advanced Research Projects Agency (DARPA). Mr. McCraw began his testimony by asserting that the FBI’s own data systems contain information that is legally and lawfully collected, and that new data mining systems, like the agency's SCOPE project, will allow analysts to search the agency's existing databases for links, associations, and relationships among individuals. McCraw conceded that the FBI's systems rely in part on data compiled by public sector companies that are not always accurate. He testified that follow-up investigations are often necessary to confirm the information. Rep. William Clay (D-MO) challenged McCraw on the FBI's recent decision to lift the data accuracy requirements for the agency's largest criminal justice database, the NCIC (see EPIC Alert 10.07). In response, McCraw emphasized the strict guidelines governing the use of NCIC. He also agreed to review the matter further. Admiral Loy also sought to reassure the Subcommittee about the accuracy of the TSA's proposed CAPPS-II system that will identify passengers for additional screening before boarding a plane. He testified that the TSA would establish a Passenger Advocate to investigate passengers' concerns about being identified for pre- screening, but he conceded that the investigation could take some time and that it would not always be possible to inform passengers of the reasons for the additional screening. Admiral Loy asserted that unlike the classic definition of "data-mining," CAPPS-II would result in a "traveler-activated" search. The traveler's provided name, address, telephone number, and date of birth would be used first to authenticate the traveler's identity through public sector databases, and then would be run through government data systems and assessed a risk threat score. Admiral Loy did not specify the risk assessment techniques, but announced that a new Federal Register notice would be promulgated soon based on comments the agency received from its first notice on the program. Similarly, Dr. Tether used the hearing as an opportunity to address public concerns about DARPA's Total Information Awareness program (TIA). He contrasted TIA with traditional data mining techniques that comb through large amounts of information to detect previously unnoticed correlations. He testified that DARPA is not pursuing such techniques and instead is developing a different approach to research. He said that the approach begins with the development of a hypo- thetical attack scenario, and then leads to the use of data mining to discover whether patterns of information correlated with that scenario actually exist. He stressed that this process would decrease the threat of erroneously flagging innocent activities and persons as suspicious, and emphasized that audit techniques would ensure that data is not used for unauthorized purposes. When representatives inquired whether TIA would use consumers' transaction information held by private companies, Dr. Tether sought to distance the agency from such potential uses, stating that a researcher hired by DARPA may be contemplating such practices, but the agency had not yet made any such formal plans. Documents obtained by EPIC through an Freedom of Information Act request, however, reveal that one of TIA’s goals is to develop "innovative technologies to architect, populate and exploit" reposi- tories "for combating terrorism." Repositories were defined as "a new kind of extremely large, omni-media, virtually-centralized, and semantically rich information repository that is not constrained by the limited commercial database products available today." The Subcommittee plans to reconvene in two weeks to examine the privacy and civil liberties questions raised by the programs. EPIC's letter submitted for a hearing on Data Mining, Current Applications and Future Possibilities: http://www.epic.org/privacy/profiling/datamining3.25.03.html EPIC's Joint Letter and Online Petition Requiring Accurate Information in the NCIC: http://www.epic.org/actions/ncic/ EPIC's Passenger Profiling Page: http://www.epic.org/privacy/airtravel/profiling.html EPIC's Total Information Awareness Page: http://www.epic.org/privacy/profiling/tia/ ======================================================================= [5] Rights Experts Release Report Criticizing EU Response to 9/11 ======================================================================= In their first annual report, the European Union Network of Inde- pendent Experts in Fundamental Rights has raised many negative points regarding anti-terrorism legislation adopted by EU member states in response to the events of September 11, 2001. The report offers six main criticisms of EU and member state anti- terrorism legislation: * Problems regarding the "imprecise" definition in the EU Framework Decision on combating terrorism of 13 June 2002; * Concern over the European Arrest Warrant (EU Framework Decision of 13 June 2002); * Failure to ensure data protection in regard to cooperation with third states, particularly the United States; * EU Recommendation on the development of "terrorist profiles" of November 2002; * General failure to protect human rights in the adoption of "emergency legislation"; and * The EU "terrorist lists" and freezing of assets of suspected terrorists. The group was set up by the European Commission in September 2002, following a recommendation from the European Parliament. The main report is available at: http://www.statewatch.org/news/2003/apr/CFR-CDF.2002.report.en.pdf Thematic report on freedom and security and responses to terrorist threats: http://www.statewatch.org/news/2003/apr/CFR-CDF.ThemComment1.pdf ======================================================================= [6] News in Brief ======================================================================= Supreme Court To Hear Crime Scene Photos Case The Supreme Court announced this week that it will decide whether the public's right to access government records extends to the release of crime scene photographs that may implicate privacy interests of the deceased's family. The justices voted to consider whether the government must release post-mortem pictures of former White House deputy counsel Vincent Foster under the Freedom of Information Act. Last year, the Court of Appeals for the Ninth Circuit ordered the release of four of ten photographs requested by a California attorney. The attorney has since appealed for the release of the remaining six photos. Conversely, the government has urged the Supreme Court to reverse the lower court ruling so that all ten photographs may be withheld. The case will be heard in fall 2003. Solicitor General's Petition for Certiorari: http://www.usdoj.gov/osg/briefs/2002/2pet/7pet/2002-0954.pet.aa.pdf Attorney Favish's Petition for Certiorari: http://www.allanfavish.com/pet_for_cert.pdf Deceptive Fundraisers Not Protected by First Amendment On Monday, the Supreme Court ruled unanimously that the First Amendment does not protect telemarketers who deceive potential contributors about what percentage of their donation will actually go to charity. States can now press fraud charges against parties who engage in this deceptive practice. In the decision, Justice Ruth Bader Ginsburg wrote, "[W]hen nondisclosure is accompanied by inten- tionally misleading statements designed to deceive the listener, the First Amendment leaves room for a fraud claim." Illinois ex rel. Madigan v. Telemarketing Associates, Inc.: http://www.supremecourtus.gov/opinions/02pdf/01-1806.pdf Radio Frequency Identification Chips: Equipped with Kill Switch According to the Auto ID Center (a group that is helping to develop the specification for RFID), a "kill switch" will be incorporated into RFID tags as early as summer 2003. If retail outfits begin using the chips to track inventory, consumers are to be asked upon purchase if they would like to disable the RFID feature. Industry representatives believe that a consumer might choose to keep the tag activated, as there are plans to program some tags to contain useful information such as wash cycle for a particular garment or cooking time and temp- erature for a food item. However, once a tag is disabled, it will be unable to be reactivated. More information about Radio Frequency Identification: http://www.nocards.org/#RFID ======================================================================= [7] EPIC Bookstore: Surveillance & Society ======================================================================= Surveillance & Society: The fully peer-reviewed transdisciplinary online surveillance studies journal. Managing Editor: David Wood. ISSN: 1477-7487. http://www.surveillance-and-society.org/ Surveillance & Society is a new electronic journal, available free online, that began publication in 2002. The journal is a part of a new international initiative to call wider attention to surveillance studies within academia and beyond. The purpose of this journal is to encourage understanding of approaches to surveillance in different academic disciplines, publish innovative and transdisciplinary work on surveillance, promote understanding of surveillance in wider society, and encourage debate and dissent. New issues are posted on the Surveillance & Society Web site as they become available. In the future, the Web site is also slated to house a Surveillance Studies Resource Base, including an interactive "Encyclopedia of Surveillance," and a Discussion Forum, which will be based on submitted opinion pieces of up to 2000 words. Interested parties can submit articles for possible inclusion in Surveillance & Society. All submissions will be fully peer-reviewed to the most rigorous quality standards, and unconventional submissions such as photographic and video work are encouraged. See the Web site for details. ================================ EPIC Publications: "The Privacy Law Sourcebook 2002: United States Law, International Law, and Recent Developments," Marc Rotenberg, editor (EPIC 2002). Price: $40. http://www.epic.org/bookstore/pls2002/ The "Physicians Desk Reference of the privacy world." An invaluable resource for students, attorneys, researchers and journalists who need an up-to-date collection of U.S. and International privacy law, as well as a comprehensive listing of privacy resources. ================================ "FOIA 2002: Litigation Under the Federal Open Government Laws," Harry Hammitt, David Sobel and Mark Zaid, editors (EPIC 2002). Price: $40. http://www.epic.org/bookstore/foia2002/ This is the standard reference work covering all aspects of the Freedom of Information Act, the Privacy Act, the Government in the Sunshine Act, and the Federal Advisory Committee Act. The 21st edition fully updates the manual that lawyers, journalists and researchers have relied on for more than 25 years. For those who litigate open government cases (or need to learn how to litigate them), this is an essential reference manual. ================================ "Privacy & Human Rights 2002: An International Survey of Privacy Laws and Developments" (EPIC 2002). Price: $25. http://www.epic.org/bookstore/phr2002/ This survey, by EPIC and Privacy International, reviews the state of privacy in over fifty countries around the world. The survey examines a wide range of privacy issues including data protection, telephone tapping, genetic databases, video surveillance, location tracking, ID systems and freedom of information laws. ================================ "Filters and Freedom 2.0: Free Speech Perspectives on Internet Content Controls" (EPIC 2001). Price: $20. http://www.epic.org/bookstore/filters2.0/ A collection of essays, studies, and critiques of Internet content filtering. These papers are instrumental in explaining why filtering threatens free expression. ================================ "The Consumer Law Sourcebook 2000: Electronic Commerce and the Global Economy," Sarah Andrews, editor (EPIC 2000). Price: $40. http://www.epic.org/cls/ The Consumer Law Sourcebook provides a basic set of materials for consumers, policy makers, practitioners and researchers who are interested in the emerging field of electronic commerce. The focus is on framework legislation that articulates basic rights for consumers and the basic responsibilities for businesses in the online economy. ================================ "Cryptography and Liberty 2000: An International Survey of Encryption Policy," Wayne Madsen and David Banisar, authors (EPIC 2000). Price: $20. http://www.epic.org/crypto&/ EPIC's third survey of encryption policies around the world. The results indicate that the efforts to reduce export controls on strong encryption products have largely succeeded, although several governments are gaining new powers to combat the perceived threats of encryption to law enforcement. ================================ EPIC publications and other books on privacy, open government, free expression, crypto and governance can be ordered at: EPIC Bookstore http://www.epic.org/bookstore/ "EPIC Bookshelf" at Powell's Books http://www.powells.com/features/epic/epic.html ======================================================================= [8] Upcoming Conferences and Events ======================================================================= ** Uniting Privacy and the First Amendment in the 21st Century ** May 9-10, 2003 Oakland, CA EPIC, the First Amendment Project, and the California Office of Privacy Protection are sponsoring this activist symposium designed to explore the interplay between privacy and First Amendment rights, with the goal of developing strategies for optimizing both. For more information: http://www.epic.org/events/unitingsymposium/ ======================================================================= Finding Our Digital Voice: Governing in the Information Age. Crossing Boundaries National Conference. Centre for Collaborative Government. May 7-9, 2003. Ottawa, Canada. For more information: http://www.crossingboundaries.ca/conference/ Collecting and Producing Electronic Evidence in Cybercrime Cases. University of Namur. May 8-9, 2003. Namur, Belgium. For more information: http://www.ctose.org/info/events/workshop-8-9-may-2003.html Little Sister 2003: Community Resistance, Security, Law and Technology. May 9-11, 2003. Vancouver, British Columbia, Canada. For more information: http://www.littlesister2003.org/ 2003 IEEE Symposium on Security and Privacy. IEEE Computer Society Technical Committee on Security and Privacy, in cooperation with the International Association for Cryptologic Research (IACR). May 11-14, 2003. Oakland, CA. For more information: http://www.ieee-security.org/TC/SP-Index.html Technologies for Protecting Personal Information. Federal Trade Commission. Workshop 1: The Consumer Experience. May 14, 2003. Workshop 2: The Business Experience. June 4, 2003. Washington, DC. For more information: http://www.ftc.gov/techworkshop/ ITS-2003: Third International Conference on "Information Technologies and Security." June 23-27, 2003. Partenit, Crimea, Ukraine. For more information: http://www.itb.conferen.ru/eng/info_e.html Press Freedom on the Internet. The World Press Freedom Committee. June 26-28, 2003. New York, NY. For more information: <mgreene@wpfc.org> Building the Information Commonwealth: Information Technologies and Prospects for Development of Civil Society Institutions in the Countries of the Commonwealth of Independent States. Interparliamentary Assembly of the Member States of the Commonwealth of Independent States (IPA). June 30-July 2, 2003. St. Petersburg, Russia. For more information: http://www.communities.org.ru/conference/ O'Reilly Open Source Convention. July 7-11, 2003. Portland, OR. For more information: http://conferences.oreilly.com/oscon/ 1st Global Conference: Visions of Humanity in Cyberculture, Cyberpunk and Science Fiction. August 11-13, 2003. Prague, Czech Republic. For more information: http://www.inter-disciplinary.net/vhccsf03cfp.htm Integrating Privacy Into Your Overall Business Strategy: Complying with Privacy Legislation for Competitive Advantage. International Quality and Productivity Centre (IQPC Canada). July 9-10, 2003. Toronto, Canada. For more information: http://www.iqpc-canada.com/NA-1987-01 Chaos Communication Camp 2003: The International Hacker Open Air Gathering. Chaos Computer Club. August 7-10, 2003. Paulshof, Altlandsberg, Germany. For more information: http://www.ccc.de/camp/ Privacy2003. Technology Policy Group. September 30-October 2, 2003. Columbus, OH. For more information: http://www.privacy2000.org/privacy2003/ WWW2003: 5th Annual Conference on World Wide Web Applications. Department of Information Studies, Rand Afrikaans University, and the Department of Information Systems and Technology, University of Durban-Westville. September 10-12, 2003. Durban, South Africa. For more information: http://www.udw.ac.za/www2003/ ======================================================================= Subscription Information ======================================================================= Subscribe/unsubscribe via Web interface: http://mailman.epic.org/cgi-bin/mailman/listinfo/epic_news Subscribe/unsubscribe via e-mail: To: epic_news-request@mailman.epic.org Subject: "subscribe" or "unsubscribe" (no quotes) Automated help with subscribing/unsubscribing: To: epic_news-request@mailman.epic.org Subject: "help" (no quotes) Problems or questions? e-mail <info@epic.org> Back issues are available at: http://www.epic.org/alert/ The EPIC Alert displays best in a fixed-width font, such as Courier. ======================================================================= Privacy Policy ======================================================================= The EPIC Alert mailing list is used only to mail the EPIC Alert and to send notices about EPIC activities. We do not sell, rent or share our mailing list. We also intend to challenge any subpoena or other legal process seeking access to our mailing list. We do not enhance (link to other databases) our mailing list or require your actual name. In the event you wish to subscribe or unsubscribe your e-mail address from this list, please follow the above instructions under "subscription information". Please contact info@epic.org if you would like to change your subscription e-mail address, if you are experiencing subscription/unsubscription problems, or if you have any other questions. ======================================================================= About EPIC ======================================================================= The Electronic Privacy Information Center is a public interest research center in Washington, DC. It was established in 1994 to focus public attention on emerging privacy issues such as the Clipper Chip, the Digital Telephony proposal, national ID cards, medical record privacy, and the collection and sale of personal information. EPIC publishes the EPIC Alert, pursues Freedom of Information Act litigation, and conducts policy research. For more information, e-mail info@epic.org, http://www.epic.org or write EPIC, 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009. +1 202 483 1140 (tel), +1 202 483 1248 (fax). If you'd like to support the work of the Electronic Privacy Information Center, contributions are welcome and fully tax-deductible. Checks should be made out to "EPIC" and sent to 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009. Or you can contribute online at: http://www.epic.org/donate/ Your contributions will help support Freedom of Information Act and First Amendment litigation, strong and effective advocacy for the right of privacy and efforts to oppose government regulation of encryption and expanding wiretapping powers. Thank you for your support. ---------------------- END EPIC Alert 10.09 ---------------------- .