======================================================================= E P I C A l e r t ======================================================================= Volume 10.18 September 4, 2003 ----------------------------------------------------------------------- Published by the Electronic Privacy Information Center (EPIC) Washington, D.C. http://www.epic.org/alert/EPIC_Alert_10.18.html ====================================================================== Table of Contents ====================================================================== [1] EPIC Releases 2003 Privacy and Human Rights Report [2] Passenger Profiling Information Sought in New EPIC FOIA Suit [3] EPIC and Friends File Brief In Supreme Court Privacy Case [4] FTC Releases Identity Theft Statistics [5] Federal Court Invalidates Washington Phone Privacy Rules [6] Congress to Consider Critical Affiliate Sharing Privacy Issues [7] EPIC Bookstore: The Governance of Privacy [8] Upcoming Conferences and Events ====================================================================== [1] EPIC Releases 2003 Privacy and Human Rights Report ====================================================================== The Electronic Privacy Information Center (EPIC) and Privacy International will release the sixth annual Privacy and Human Rights survey this Friday, September 5. The report reviews the state of privacy in over fifty-five countries around the world. It is the most comprehensive report on privacy and data protection ever published. The report will be released at a press conference at the National Press Club in Washington, DC. Privacy and Human Rights 2003 documents several new challenges and developments in the international privacy arena in the past year. Advancements in technology, combined with a shifting international political climate, have set the stage for increased government experimentation with new systems of surveillance, affecting many fundamental human rights, including privacy. Under the banner of anti-terrorism, several nations have implemented traveler profiling tools and databases, and new systems of identification. Most prominent among these is the United States' CAPPS II system, an airline passenger profiling system that uses passengers' personal data and records in an attempt to detect potential security threats. Other surveillance methods gaining prominence include the use of biometrics and computerized national ID databases and cards. Biometrics -- the science of using physical identifiers such as fingerprints, iris/retina, or facial patterns -- has received increasing attention from governments and law enforcement agencies in the past year. Several nations are also developing new identification and authentication systems, such as smart cards and digital identification cards. Japan launched a computerized national ID system which compiles the personal data of residents into a centralized national database that can be accessed by the government. Other countries, including Austria, Belgium, Germany, Hong Kong, Russia and Spain are establishing similar systems. The WHOIS database is another system threatening privacy rights. Originally intended to allow network administrators to find and fix problems with minimal hassle to maintain the stability of the Internet, it now exposes the personally identifiable information of domain name registrants' to spammers, stalkers, criminal investigators, and copyright enforcers. But while nations have taken advantage of the unstable international environment to promote privacy-endangering policies, individuals and advocacy groups have made headway in opposing many of these efforts. In the United States, public outcry over the Pentagon's Total Information Awareness program led to a curb in its funding and the eventual resignation of the program's chief, retired admiral John Poindexter. In Taiwan, a coalition successfully fought against a next-generation national ID system. In Canada, advocacy efforts led to a modification of a government data gathering scheme on travelers entering the country. The 2003 Privacy and Human Rights press conference will be held at 1 p.m. ET on Friday, September 5, at the National Press Club in Washington D.C. There will be a live web cast which can be accessed from EPIC's website. To learn more about the report or purchase copies go to: http://www.epic.org/bookstore/phr2003/ To access the webcast go to: http://www.epic.org ====================================================================== [2] Passenger Profiling Information Sought in New EPIC FOIA Suit ====================================================================== EPIC today filed suit against the Transportation Security Administration (TSA) in federal district court seeking the immediate disclosure of information concerning the development of the government's controversial passenger profiling program. The lawsuit alleges that the TSA has failed to comply with the disclosure requirements of the Freedom of Information Act. EPIC argues that the TSA's immediate disclosure of information about the enhanced Computer Assisted Passenger Prescreening System (CAPPS II) is crucial because public comments on a TSA Privacy Act Notice are due September 30, and the public needs as much information about the system as possible to submit effective, meaningful responses. EPIC has asked the court to issue an emergency order requiring disclosure. The subject of the lawsuit is EPIC's request for "Capital Asset Plan and Business Case" (Exhibit 300) materials on CAPPS II that the TSA has prepared for the Office of Management and Budget (OMB), and any privacy impact assessments the TSA has conducted on CAPPS II. The OMB requires agencies seeking funding for projects to submit an Exhibit 300, which requires, among other things, an evaluation of privacy and security risks that a project might pose. Furthermore, the E-Government Act of 2002 requires agencies to prepare a privacy impact assessment before developing or procuring information technology that collects, maintains or disseminates identifiable information. While the TSA has repeatedly assured the public that CAPPS II will respect the privacy rights of air passengers, it has not disclosed any internal documents assessing the potential privacy or civil liberties impact of the program. In March, EPIC requested from the TSA any privacy assessments of CAPPS II, as well as information from the DOD concerning Pentagon involvement in the screening system. Neither agency processed the requests within the time frame set out by the Freedom of Information Act, despite their agreement to "expedite" the process. In response, EPIC filed an earlier lawsuit in June against the TSA and DOD, which is still pending. The TSA CAPPS II Notice is available at: http://www.epic.org/redirect/capps_notice.html More information about CAPPS II is available at EPIC's Air Travel Privacy Page: http://www.epic.org/privacy/airtravel ====================================================================== [3] EPIC and Friends File Brief in Supreme Court Privacy Case ====================================================================== Along with twelve privacy organizations and nineteen scholars and technical experts, EPIC has filed an amicus brief in Doe v. Chao, a case in which the Supreme Court will consider what proof an individual must show to recover the minimal $1000 damages the Privacy Act provides when the government unlawfully discloses that individual's Social Security Number (SSN). The "friend of the court" brief argues that those who suffer adverse effects as a result of wrongful SSN disclosure should be awarded damages, and should not have to prove actual, tangible harm to recover. In this case, the Department of Labor was sued by coal miners who filed claims with the government for black lung benefits. To process the claims, the Department of Labor used applicants' SSNs to identify their applications. As identification numbers, the SSNs were disclosed to other applicants, applicants' employers and lawyers, and were made publicly available in administrative law decisions and computerized legal research databases. Considering the miners' suit, a federal district court determined that emotional distress is a sufficient harm to trigger recovery under the Privacy Act, and that because Doe in particular had demonstrated enough emotional distress to justify recovery, he was entitled to the $1000 damages. The Fourth Circuit Court of Appeals disagreed, finding that Doe was not entitled to the award under the Privacy Act because he did not show that any tangible consequences flowed from the emotional distress he experienced due to the wrongful disclosure of his SSN. The amicus brief first discusses the grave dangers to privacy and security posed by SSN distribution, specifically discussing how the SSN is frequently used to identify an individual's records in databases containing financial, medical, educational, and credit information. Such widespread use of the SSN exposes individuals to such hazards as identity theft. The brief thus argues that disclosure of the SSN must be carefully proscribed to minimize these risks, and to award damages for wrongful disclosure on the basis of adverse effects alone -- rather than upon a showing of actual harm as a result of disclosure -- helps to serve that end. The brief then points out that Congress has provided "liquidated damages" by statute -- the amount of which is determined in advance so that a dollar amount doesn't have to be specifically proven -- in other privacy laws to enforce rights that are difficult to place a money value on. A recurring dilemma in privacy law is the difficulty of proving that a person has actually been injured by an invasion of privacy. For that reason, many privacy laws automatically award an individual damages if he/she can show that the prohibited violation has been committed, eliminating any need to prove that she has experienced tangible harm. Finally, the brief refers to the legislative history of the Privacy Act to show that the law's authors intended that liquidated damages would be provided, and that individuals should not have to prove that they suffered actual harm. The Privacy Act's legislative history also reflects longstanding Congressional recognition of the risks to privacy posed by unnecessary SSN disclosure. The Doe v. Chao amicus brief is available at: http://www.epic.org/privacy/chao/Doe_amicus.pdf The Fourth Circuit opinion in Doe v. Chao is available at: http://laws.lp.findlaw.com/getcase/4th/case/002247P&exact=1 The Privacy Act of 1974 is available at: http://www4.law.cornell.edu/uscode/5/552.html For more information about the case, see EPIC's Doe v. Chao Page: http://www.epic.org/privacy/chao/default.html ====================================================================== [4] FTC Releases Identity Survey Report ====================================================================== On September 3, the Federal Trade Commission released a report on identity theft in the United States based on a survey of more than 4,000 U.S. adults. According to the FTC, last year identity theft cost victims $5 billion in out-of-pocket expenses, as well as 300 million hours of their time trying to fix damage caused by the crime. The FTC survey shows that in all 27.3 million Americans were affected by identity theft over the past five years, including 9.9 million people in the last year alone. Although many groups have issued studies showing the immense harm caused by identity theft, the FTC has "never been clear as to the scale of the problem," and agency officials were apparently surprised by the findings. The FTC found that 49 percent of all the 4057 respondents did not have any idea whatsoever how their identity came to be purloined, while 22 percent cited theft and another 12 percent claimed the information was stolen in the course of a transaction. Businesses incurred $48 billion in loss as a result of identity theft; but most of this is borne not by credit card issuers, but rather by merchants who accept the transaction. The agency's official response to these findings was reactive and not likely to prevent identity theft in the future. With the exception of requiring merchants to truncate card numbers on receipts, all proposed legislative measures are concerned with the aftermath of the crime, such as the creation of a uniform identity theft affidavit for victims. Most of the recommendations urged consumers to be more careful, and entirely ignored the identity theft problems caused by credit issuers, information sharing, and dishonest employees with access to personal data. In fact, the FTC's recommendations flowing from the survey may exacerbate identity theft problems, as the agency is recommending that Congress preempt state credit laws, which will have the secondary effect of eliminating some state authority to pass identity theft legislation. The Federal Trade Commission Identity Theft Survey Report is available at: http://www.ftc.gov/os/2003/09/synovatereport.pdf (pdf) View the FTC press release regarding the report at: http://www.ftc.gov/opa/2003/09/idtheft.htm View Privacy Rights Clearinghouse ID Theft Materials at: http://www.privacyrights.org/identity.htm ====================================================================== [5] Federal Court Invalidates Washington Phone Privacy Rules ====================================================================== Last week, a U.S. District Court in Seattle ruled that the State of Washington's attempt to restrict the sharing of Consumer Proprietary Network Information (CPNI) does not meet constitutional muster. The court's August 26 order grants Verizon's request for summary judgment against the Washington Utilities and Transportation Commission (WUTC), which adopted the regulations last year to safeguard detailed information about the consumer calling data from disclosure without consumer permission. The regulations, which took effect January 1, require consumers' expressed consent to the sharing of their calling habits and features of their calling plan for marketing purposes. Verizon argued that requiring consumers' consent before the company shares this information with marketers is an infringement of the First Amendment's grant of free speech and goes far beyond what the Federal Communications Commission requires. In its opinion, the court expressed concern over restricting what Verizon can and can not say about the information the company has gathered about its consumers. The court found the WUTC's regulations inadequate because they do not cover wireless services, are not concise, and may not overtly convey to consumers that they need to consent before affiliate companies can market to them. The court opinion requires WUTC to find a way that is less burdensome on the speech rights of companies, and proposes that the Commission reconsider the less-stringent opt-out policy in combination with a public education campaign. The court was influenced by the Federal Communication Commission's (FCC) less stringent regulations. The FCC only requires telecommunications firms to have an opt-out policy -- a policy that places the burden on consumers to affirmatively request that a company not share information about their calls. WUTC's regulations, on the other hand, create an opt-in policy, shifting the burden from the consumer to the company to seek permission before sharing consumer information. WUTC rejected the opt-out approach in its rulemaking process in response to public comment it received on the regulations. EPIC submitted comments in favor of opt-in during the public comment period. Although the court acknowledged that there is a significant state interest in protecting consumer privacy, it held that WUTC's regulations adopted to limit the unauthorized use of CPNI "do not advance that interest in the direct and material way and are not narrowly tailored," as required by the First Amendment regarding information sharing. A WUTC spokeswoman says that the Commission may appeal to the Ninth Circuit U.S. Court of Appeals. The Washington Utilities and Transportation Commission Web Site with a link to the U.S. District Court opinion is available at: http://www.wutc.wa.gov/privacy Verizon's Privacy Policy for telephone company consumers is available at: http://www22.verizon.com/About/Privacy/customer/ More information about Consumer Proprietary Network Information and links to EPIC's submitted comments are available at EPIC's CPNI Page: http://www.epic.org/privacy/cpni/ ====================================================================== [6] Congress to Consider Critical Affiliate Sharing Privacy Issues ====================================================================== This Fall, Congress is likely to amend the federal Fair Credit Reporting Act (FCRA) and in doing so, may override or "preempt" state laws on affiliate sharing of personal information. Affiliate sharing is the practice of transferring personal information amongst companies with the same corporate ownership. Information transferred can include name and contact information, Social Security Number, purchase information, account numbers and balances, and even the information individuals write on checks. Affiliate sharing is invasive because individuals have no access to the data and cannot obtain an accounting of disclosures; it is used to generate unwanted marketing and telemarketing; and because it puts personal information at risk of being misused. Affiliate sharing presents a large and growing risk to individuals' privacy. It is likely to be the most important financial services privacy issue in the next decade, especially as companies increase profiling, cross-selling, and telemarketing activities using affiliate-shared information. Companies, such as Citibank, that have 1,900 affiliates, or Bank of America, with over 1,000 entities in its corporate family, can transmit personal information for these purposes to an unlimited degree under federal law. If Congress continues this standard, it will permanently prevent states from passing laws to establish reasonable restrictions on affiliate sharing and on some areas of identity theft. Furthermore, a federal standard is highly anti-democratic, and comes at a time when California legislators have just enacted a new law for affiliate sharing regulation that enjoys significant public support. The House is expected to consider preemption when voting on H.R. 2622, the Fair and Accurate Credit Transactions Act of 2003. That law would permanently preempt state privacy and identity theft law, and water down other consumer protections in the Fair Credit Reporting Act. Senators Barbara Boxer (D-CA) and Diane Feinstein (D-CA) have both called upon the Senate Banking and House Financial Services Committees to preserve state privacy laws. The prospect for greater financial services privacy is brighter in the Senate, where Senate Banking Chairman Richard Shelby (R-AL) and Ranking Member Paul Sarbanes (D-MD) both support greater privacy and identity theft protection. Individuals wishing to preserve financial privacy and the ability of states to pass identity theft laws should contact their Senators. Both US PIRG and Consumers Union have online forms for contacting Congress to support privacy rights. EPIC Privacy and Preemption Page: http://www.epic.org/privacy/preemption/ US PIRG Action Item on Preemption: http://uspirg.org/uspirg.asp?id=6&id3=USPIRG&id4=ES& Consumers Union Action Item on Preemption: http://www.epic.org/redirect/actionpreemption.html H.R.2622, Fair and Accurate Credit Transactions Act of 2003: http://thomas.loc.gov/cgi-bin/query/z?c108:H.R.2622: Section by Section Analysis of H.R. 2622: http://www.privacyrights.org/ar/HR2622Analysis.htm ====================================================================== [7] EPIC Bookstore: The Governance of Privacy ====================================================================== Colin Bennett and Charles Raab: The Governance of Privacy - Policy Instruments in Global Perspective (Aldershot, Ashgate 2003) http://www.epic.org/redirect/governancebook.html Colin Bennett and Charles Raab are political scientists who have collaborated in their work on privacy protection policy over the past ten years, and this book is the summary of their research and conclusions to date. Texts on privacy tend to have a tome-like quality to them, particularly when dealing with the arcane details of regulation or methodology of practice. This one, however, is an interesting read for the privacy practitioner while serving as a valuable analysis of the history for scholars. The authors summarize, analyze, and evaluate the vast welter of activity that has taken place over the past thirty years in our efforts to deal with the impact of technology and globalization on the preservation of privacy. At 230 pages this is a relatively concise history in three parts: Policy Goals, Policy Instruments, and Policy Impacts. They analyse the reasons that states and economies have moved to protect privacy, from a social and economic policy perspective. They look at four instruments: transnational policy instruments, legal instruments and regulatory agencies, self-regulatory instruments, and technological instruments. Then they attempt to assess the impacts and outcomes. In their concluding chapter, entitled "International Privacy Protection: A race to the Top, the Bottom, or Somewhere Else" they draw conclusions about where they see the pressures of globalization and the "risk society" taking the issue now. You will have to read the book to get the answers, but suffice to say that if anyone needs ammunition to use in those aggravating arguments with folks who think privacy has been solved or dispensed with and is going away, they will find it here, nicely laid out and analysed. There is the odd time when you might feel like you are climbing a mountain during the middle chapters of this analysis, but the rewards are great when you get to the top and can appreciate the view. A very useful text for courses on privacy, regardless of the discipline. --Stephanie Perrin ================================ EPIC Publications: "The Privacy Law Sourcebook 2002: United States Law, International Law, and Recent Developments," Marc Rotenberg, editor (EPIC 2002). Price: $40. http://www.epic.org/bookstore/pls2002/ The "Physicians Desk Reference of the privacy world." An invaluable resource for students, attorneys, researchers and journalists who need an up-to-date collection of U.S. and International privacy law, as well as a comprehensive listing of privacy resources. ================================ "FOIA 2002: Litigation Under the Federal Open Government Laws," Harry Hammitt, David Sobel and Mark Zaid, editors (EPIC 2002). Price: $40. http://www.epic.org/bookstore/foia2002/ This is the standard reference work covering all aspects of the Freedom of Information Act, the Privacy Act, the Government in the Sunshine Act, and the Federal Advisory Committee Act. The 21st edition fully updates the manual that lawyers, journalists and researchers have relied on for more than 25 years. For those who litigate open government cases (or need to learn how to litigate them), this is an essential reference manual. ================================ "Privacy & Human Rights 2003: An International Survey of Privacy Laws and Developments" (EPIC 2002). Price: $35. http://www.epic.org/bookstore/phr2003/ This survey, by EPIC and Privacy International, reviews the state of privacy in over fifty-five countries around the world. The survey examines a wide range of privacy issues including data protection, passenger profiling, genetic databases, video surveillance, ID systems and freedom of information laws. ================================ "Filters and Freedom 2.0: Free Speech Perspectives on Internet Content Controls" (EPIC 2001). Price: $20. http://www.epic.org/bookstore/filters2.0/ A collection of essays, studies, and critiques of Internet content filtering. These papers are instrumental in explaining why filtering threatens free expression. ================================ "The Consumer Law Sourcebook 2000: Electronic Commerce and the Global Economy," Sarah Andrews, editor (EPIC 2000). Price: $40. http://www.epic.org/cls/ The Consumer Law Sourcebook provides a basic set of materials for consumers, policy makers, practitioners and researchers who are interested in the emerging field of electronic commerce. The focus is on framework legislation that articulates basic rights for consumers and the basic responsibilities for businesses in the online economy. ================================ "Cryptography and Liberty 2000: An International Survey of Encryption Policy," Wayne Madsen and David Banisar, authors (EPIC 2000). Price: $20. http://www.epic.org/bookstore/crypto00&/ EPIC's third survey of encryption policies around the world. The results indicate that the efforts to reduce export controls on strong encryption products have largely succeeded, although several governments are gaining new powers to combat the perceived threats of encryption to law enforcement. ================================ EPIC publications and other books on privacy, open government, free expression, crypto and governance can be ordered at: EPIC Bookstore http://www.epic.org/bookstore/ "EPIC Bookshelf" at Powell's Books http://www.powells.com/features/epic/epic.html ====================================================================== [8] Upcoming Conferences and Events ====================================================================== Voting Machines: A Threat To Democracy? The Ethical Society. September 7, 2003. Philadelphia, Pennsylvania. For more information: http://www.phillyethics.net Surveillance and Privacy 2003: Terrorists and Watchdogs. Baker & McKenzie Cyberspace Law and Policy Centre and University of New South Wales Law Faculty. September 8-9, 2003. Sydney, Australia. For more information: http://www.bakercyberlawcentre.org/2003/Privacy_Conf/ 25th International Conference of Data Protection and Privacy Commissioners. September 10-12, 2003. Sydney, Australia. For more information: http://www.privacyconference2003.org/ WWW2003: 5th Annual Conference on World Wide Web Applications. Department of Information Studies, Rand Afrikaans University, and the Department of Information Systems and Technology, University of Durban-Westville. September 10-12, 2003. Durban, South Africa. For more information: http://www.udw.ac.za/www2003/ Public Forum: It's 2003! Do you know where your civil liberties are? Arlington, Virginia Chapter of Amnesty International. September 14. Arlington, Virginia. For more information: email richard@broberglaw.com. Annual Symposium and Training Conference: Openness and Security: Rights and Responsibilities. American Society of Access Professionals. September 16-17, 2003. Washington D.C. For more information: http://www.acesspro.org. Making Intelligence Accountable, September 19-20, 2003. Oslo, Norway. The Geneva Centre for the Democratic Control of Armed Forces. For more information: http://www.dcaf.ch/news/Intel%20Acct_Oslo%200903/ws_mainpage.html The State of Accountable Government in a Surveillance Society. Office of the Information and Privacy Commissioner for British Columbia. September 25-26, 2003. Victoria, British Columbia. For more information: http://www.oipc.bc.ca/anniversary/ Privacy2003. Technology Policy Group. September 30-October 2, 2003. Columbus, Ohio. For more information: http://www.privacy2000.org/2003/index.html UbiComp 2003 Privacy Workshop. October 12, 2003. Seattle, WA. For more information: http://guir.berkeley.edu/pubs/ubicomp2003/privacyworkshop/ Getting the Technology You Deserve: Community Participation in Regional Cable Franchise Policy. Computer Professionals for Social Responsibility. October 25, 2003. Seattle, Washington. For more information: http://www.cpsr.org/conferences/annmtg03/ ICANN Meeting. Internet Corporation for Assigned Names and Numbers. October 27-31, 2003. Carthage, Tunisia. For more information: http://www.icann.org/carthage/ RFID Privacy Workshop. Massachusetts Institute of Technology. November 15, 2003. Boston, Massachusetts. For more information: http://www.rfidprivacy.org Localizing the Internet: Ethical Issues in Intercultural Perspective. International Center for Information Ethics. October 4-6, 2004. Karlsruhe, Germany. For more information: http://icie.zkm.de/congress2004 UbiComp 2003 Privacy Workshop. October 12, 2003. Seattle, WA. For more information: http://guir.berkeley.edu/pubs/ubicomp2003/privacyworkshop/ Getting the Technology You Deserve: Community Participation in Regional Cable Franchise Policy. Computer Professionals for Social Responsibility. October 25, 2003. Seattle, Washington. For more information: http://www.cpsr.org/conferences/annmtg03/ Media Freedoms and the Arab World. The Arab Archives Institute. December 6-8, 2003. Amman, Jordan. For more information: email aainstitute@yahoo.com or see http://www.ijnet.org/FE_Article/newsarticle.asp?UILang=1&CId=115794& CIdLang=1. WHOLES - A Multiple View of Individual Privacy in a Networked World. Swedish Institute of Computer Science. January 30-31, 2004. Stockholm, Sweden. For more information: http://www.sics.se/privacy/wholes2004. ====================================================================== Subscription Information ====================================================================== Subscribe/unsubscribe via Web interface: http://mailman.epic.org/cgi-bin/mailman/listinfo/epic_news Subscribe/unsubscribe via e-mail: To: epic_news-request@mailman.epic.org Subject: "subscribe" or "unsubscribe" (no quotes) Automated help with subscribing/unsubscribing: To: epic_news-request@mailman.epic.org Subject: "help" (no quotes) Problems or questions? e-mail < info@epic.org> Back issues are available at: http://www.epic.org/alert/ The EPIC Alert displays best in a fixed-width font, such as Courier. ====================================================================== Privacy Policy ====================================================================== The EPIC Alert mailing list is used only to mail the EPIC Alert and to send notices about EPIC activities. We do not sell, rent or share our mailing list. We also intend to challenge any subpoena or other legal process seeking access to our mailing list. We do not enhance (link to other databases) our mailing list or require your actual name. In the event you wish to subscribe or unsubscribe your e-mail address from this list, please follow the above instructions under "subscription information". Please contact info@epic.org if you would like to change your subscription e-mail address, if you are experiencing subscription/unsubscription problems, or if you have any other questions. ====================================================================== About EPIC ====================================================================== The Electronic Privacy Information Center is a public interest research center in Washington, DC. It was established in 1994 to focus public attention on emerging privacy issues such as the Clipper Chip, the Digital Telephony proposal, national ID cards, medical record privacy, and the collection and sale of personal information. EPIC publishes the EPIC Alert, pursues Freedom of Information Act litigation, and conducts policy research. For more information, e-mail info@epic.org, http://www.epic.org or write EPIC, 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009. +1 202 483 1140 (tel), +1 202 483 1248 (fax). If you'd like to support the work of the Electronic Privacy Information Center, contributions are welcome and fully tax-deductible. Checks should be made out to "EPIC" and sent to 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009. Or you can contribute online at: http://www.epic.org/donate/ Your contributions will help support Freedom of Information Act and First Amendment litigation, strong and effective advocacy for the right of privacy and efforts to oppose government regulation of encryption and expanding wiretapping powers. Thank you for your support. ---------------------- END EPIC Alert 10.18 ---------------------- .