======================================================================= E P I C A l e r t ======================================================================= Volume 10.20 October 2, 2003 ----------------------------------------------------------------------- Published by the Electronic Privacy Information Center (EPIC) Washington, D.C. http://www.epic.org/alert/EPIC_Alert_10.20.html ====================================================================== Table of Contents ====================================================================== [1] EPIC Urges Halt to CAPPS II Air Passenger Profiling System [2] JetBlue and Acxiom are Subjects of EPIC Complaint to FTC [3] Do-Not-Call Registry Hit with Legal Challenges [4] EPIC Testifies in the House on Cross Border Fraud [5] Coalition Questions HUD Homeless Surveillance Program [6] News in Brief [7] EPIC Bookstore: The Challenge of Crime [8] Upcoming Conferences and Events ====================================================================== [1] EPIC Urges Halt to CAPPS II Air Passenger Profiling System ====================================================================== Concluding that it is "precisely the sort of system that Congress sought to prohibit when it enacted the Privacy Act of 1974," EPIC has called for a halt to the Computer Assisted Passenger Prescreening System (CAPPS II). The recommendation was made in response to a Transportation Security Administration (TSA) notice exempting the controversial passenger profiling project from key requirements of the Privacy Act of 1974. The TSA notice, published in the Federal Register on August 1, 2003, provided more details on the agency's plans to collect and use personal information than an earlier notice published in January 2003, but still failed to address fundamental privacy questions. Furthermore, in a significant expansion of the program's purpose, TSA announced that CAPPS II will not only search for suspected terrorists, but also for those wanted for violent crimes. The notice also described TSA's plans to establish a "Passenger Advocate" to provide individuals access to information in the system, along with an appeals process to address errors. However, the notice exempts CAPPS II from numerous Privacy Act provisions, including judicially enforceable rights to access and correct of personal data; the duty to make an accounting of disclosures of personal information; and limitations on the scope of information that can be maintained by the agency. EPIC's comments criticized the lack of government transparency in CAPPS II, noting that TSA has disclosed little information about the system in response to repeated Freedom of Information Act requests, and also has failed to prepare a Privacy Impact Assessment of the system, as required by federal law. The comments addressed TSA's failure to provide individuals with meaningful access to personal information and meaningful opportunities to correct inaccurate, irrelevant, untimely and incomplete information. EPIC also noted CAPPS II's exemption from the requirement that a system maintain only information that is "relevant and necessary" to perform the system's function, and asserted that TSA's broadly drawn "routine uses" of CAPPS II data would only heighten the system's privacy problems. EPIC concluded that "[a]cquisition of personal data should not proceed until TSA has revised its policies and practices to bring them into conformance with the intent of the Privacy Act." European Digital Rights (EDRi), an association of 14 European digital rights and privacy organizations from 11 countries in Europe, also filed comments with the TSA. Acting on behalf of European travelers who will also have their data disclosed to U.S. authorities and processed by the CAPPS II profiling system, EDRi argued that the notice seriously violates EU privacy laws and discriminates between U.S. and non-U.S. citizens as to the retention of their data and their right of effective redress. It also urged TSA to have strong privacy safeguards in place to protect passengers' personal information when the data is used by U.S. law enforcement and disclosed to private third parties, in full compliance with EU core data protection principles. The comment period for the notice ended just days after Congress voted to discontinue funding for CAPPS II implementation until the General Accounting Office (GAO) examines the privacy implications of the system. The GAO must submit its report no later than February 15, 2004. EPIC's Comments are available at: http://www.epic.org/privacy/airtravel/capps-comments.pdf EDRi's Comments are available at: http://www.edri.org/docs/edri_comments_capps.pdf The text of H.R. 2555, which denies funding for CAPPS II implementation until privacy concerns are addressed, is available at: http://www.epic.org/privacy/airtravel/approp-act-capps.html More information about CAPPS II and passenger profiling is available at EPIC's Passenger Profiling Page: http://www.epic.org/privacy/airtravel/profiling.html More information about the disclosure of passenger data from the EU to the US is available at EPIC's Surveillance of European Travelers Page: http://www.epic.org/privacy/intl/passenger_data.html ====================================================================== [2] JetBlue and Acxiom are Subjects of EPIC Complaint to FTC ====================================================================== On September 22, EPIC filed a complaint with the Federal Trade Commission (FTC) regarding the information-sharing practices of JetBlue Airways Corporation and Acxiom Corporation, an information systems company. EPIC's complaint alleges that both JetBlue and Acxiom shared the personal information of about 1.5 million passengers with an information mining company that contracts with the Department of Defense, which then published some of the passenger information that it acquired. Torch Concepts Inc., the company that obtained the passenger information, contracts with the Department of Defense to develop pattern recognition technology. According to news reports, the Department of Defense facilitated the release of the information. JetBlue has stated that the Transportation Security Administration (TSA) was also involved, a claim that TSA denies. Once acquired, Torch Concepts used the information to analyze passenger security risks. The disclosures were made in increments. First, JetBlue provided Torch Concepts with passengers' names, addresses and phone numbers. Then, Torch Concepts acquired the demographic information of approximately 40 percent of these passengers from Acxiom. The demographic information included Social Security number, date of birth, gender, income, occupation, number of children, status of property (owned, rented, etc.), years at residence, adults in household, and vehicle information. The complaint notes that by sharing this passenger information, both JetBlue and Acxiom breached the companies' privacy policies that specifically promised not to disclose such information without consumer consent. This breach of promise, alleges the complaint, violates Section 5(a) of the Federal Trade Commission Act, which prohibits deceptive acts or practices that affect commerce. EPIC asked the FTC to investigate the disclosures made by JetBlue and Acxiom, enjoin further disclosures without passengers' consent, require the companies to inform those persons who had their information disclosed, and assign all penalties that the FTC deems necessary. EPIC's complaint regarding JetBlue and Acxiom is available at: http://www.epic.org/privacy/airtravel/ftccomplaint.html For more information on passenger profiling: http://www.epic.org/privacy/airtravel/profiling.html ====================================================================== [3] Do-Not-Call Registry Hit with Legal Challenges ====================================================================== The Do-Not-Call Registry's status is in legal limbo after a bewildering series of court decisions last week barred the Federal Trade Commission from enforcing it. The registry, which was supposed to take effect October 1, is a joint effort by the FTC and Federal Communications Commission which allows consumers to register their phone numbers on a list which telemarketers are banned from calling. More than 50 million individuals had submitted their numbers by the time the registry was scheduled to take force. The Do-Not-Call Registry's first challenge came from the U.S. District Court of Oklahoma, which issued a decision early last week declaring that the FTC lacked the authority to enforce the registry. Congress responded by quickly passing a bill specifically giving the FTC the authority to implement the Do-Not-Call rules. President Bush signed the bill into law two days later. However, in a second case challenging the Registry, Judge Nottingham of the U.S. District Court of Colorado found that the system violated the First Amendment by discriminating against types of speech and hence barred the FTC from enforcing the registry, once again. Nottingham subsequently denied the FTC's request for an emergency stay of the decision, and further prohibited the FTC from sharing its Do-Not-Call database with the FCC. The FTC has filed an appeal of the U.S. District Court of Colorado's decision with the 10th Circuit Court of Appeals, and unless the court takes immediate action, arguments will be heard in the appeal during the week of January 12, 2004. In the meantime, the Federal Communications Commission has announced its intentions to enforce the Do-Not-Call Registry, though it is currently constrained by the fact that it is barred from obtaining the FTC's database or other information necessary for enforcement. Despite the court decisions, the Direct Marketing Association has publicly urged its members to abide by the Do-Not-Call rules, and FCC Chairman Michael K. Powell has called upon the association to assist his commission in enforcing the rules. The U.S. District Court of Oklahoma's decision is available at: http://www.okwd.uscourts.gov/files/03-cv-122order.pdf The U.S. District Court of Colorado's decision is available at: http://www.co.uscourts.gov/opinions/ewn_030184.pdf The Federal Trade Commission appeal to the 10th Circuit Court of Appeals is available at: http://www.ftc.gov/os/2003/09/mmsiftcnoa.pdf For more informaton on the Do-Not-Call Registry: http://www.epic.org/privacy/telemarketing/dnc/ ====================================================================== [4] EPIC Testifies in the House on Cross Border Fraud ====================================================================== On September 17, EPIC Executive Director Marc Rotenberg testified before the House Subcommittee on Commerce, Trade and Consumer Protection on cross border consumer fraud and the reauthorization of the Federal Trade Commission (FTC). The FTC desires a broad extension of its powers to help combat consumer fraud originating from both inside and outside U.S. borders. The proposed House bill, the International Consumer Protection Act, establishes a legal framework for the FTC to conclude international agreements and develop closer co-operation with law enforcement agencies and consumer protection agencies worldwide. EPIC testified in support of closer cooperation with foreign law enforcement agencies in fraud investigations, but offered a number of recommended revisions to ensure that democratic values, including privacy, government accountability and transparency, were duly incorporated. The FTC proposal allows for broad disclosure of information concerning individuals and entities within the United States. It includes provisions that would allow the FTC and foreign agencies to gain access to financial and electronic information for an extensive period of time before having to notify the target of the investigation. The proposal also includes two exemptions from open record obligations under the Freedom of Information Act. In testimony before the House subcommittee, EPIC urged better privacy safeguards and more openness about government activities. EPIC also recommended the establishment of new reporting requirements to allow public oversight of the FTC's work. Rotenberg told the Subcommittee, "These principles of good government will assist consumer protection agencies around the world combat cyber fraud, and will help strengthen democratic institutions." The House subcommittee made substantial improvements to the bill at a markup on September 24. The revised International Consumer Protection Act reduces the period during which the FTC will be authorized to access financial and electronic information without notification from one year to sixty days. The subcommittee also removed one of the two proposed exemptions to the Freedom of Information Act. The bill includes a new section that sets out significant reporting requirements for the Commission. A provision that permitted the FTC to cooperate with a foreign law enforcement agency regardless of whether there was a violation of U.S. law has been removed. The Senate version of the bill included a proposal that gave the FTC and foreign law enforcement agencies access to the FBI's National Crime Information Center (NCIC), the nation's most extensive computerized criminal history database. EPIC argued against this provision at a hearing in June, after the FBI had announced that it would no longer adhere to the Privacy Act requirement of maintaining accurate information in the NCIC. This provision was dropped in the version of the Senate bill (S. 1234) reported by the Senate Commerce Committee. With these modifications and additions, the International Consumer Protection Act, H.R. 3143, was referred to the House Committee on Energy and Commerce where it was reported out on October 1. In the Senate, the Republican sponsored bill (S. 1234) currently awaits floor consideration, but has recently gained the co-sponsorship of Democratic Senator Hollings. EPIC's Testimony on Cross Border Fraud is available at: http://www.epic.org/privacy/whois/testimony.html A webcast of the September 17, 2003 hearing is available at: http://www.epic.org/redirect/energycommhearing.html The Senate Report of the Federal Trade Commission Reauthorization Act of 2003 is available at: http://thomas.loc.gov/cgi-bin/cpquery/R?cp108:FLD010:@1(sr127): ====================================================================== [5] Coalition Questions HUD Homeless Surveillance Program ====================================================================== Eight civil liberties groups joined EPIC in opposing the Department of Housing and Urban Development's implementation of Homeless Information Management Systems (HMIS). HMIS are programs intended to track recipients of benefits in order to assess the number of persons receiving care, and to improve efficiency of services to the poor. While well intentioned, proposed mandatory guidelines for HMIS issued by the Department are highly privacy-invasive. The proposed guidelines create information collection requirements that could be aggregated into a national homeless tracking system. Homeless shelters and other care providers would have to collect full legal names, dates of birth, Social Security Numbers, ethnicity and race, gender, veteran status, and the person's residence prior to program entry. In some cases, even more sensitive information would be collected, including disabilities, health status, pregnancy status, HIV status, behavioral health status, education, employment, and whether they have experienced domestic violence. The groups argued that law enforcement, Secret Service, and national security access to the data was too broad. Police would be able to obtain access to this sensitive data without a warrant, and the Secret Service and agents of national security agencies could simply request access to the database without a requirement of any judicial oversight. Additionally, the aggregation of personal information raises risks that the homeless or disadvantaged could be located and subjected to politically-motivated purges or forced removal. The groups urged the agency to rewrite its HMIS guidelines in favor of a system where the homeless are enumerated through representative sampling or a "point in time" snapshot. Such alternative approaches are less expensive and require no collection of personally identifiable information. The groups also urged the agency to limit law enforcement, Secret Service, and national security access to personal information. Finally, the groups recommended a series of changes that would establish a framework of technical and procedural protections for individuals' data. Group Comments on Homeless Management Information Systems: http://www.epic.org/privacy/poverty/hmiscomments.html ====================================================================== [6] News in Brief ====================================================================== SENATE BILL WOULD EXPAND PATRIOT ACT SUNSETS A bipartisan group of Senators has introduced a new bill (The PATRIOT Oversight Restoration Act of 2003) that would expand the sunset provision of the USA PATRIOT Act to increase the number of the Act's surveillance powers that will expire at the end of 2005. The bill would extend the sunset provision to more than a dozen specific PATRIOT Act sections that are not now covered. Sen Patrick Leahy (D-VT) said that introduction of the bill reflects the difficulty Congress has had in obtaining information on implementation of the anti-terrorism law. "Despite the Administration's unprecedented public relations campaign to promote the PATRIOT Act . . . the Administration has yet to show that it is using its PATRIOT powers wisely."Ê On a similar note, Sen. Larry Craig (R-ID) said, "In light of the serious concerns that have been raised, I think it is appropriate for us to add some triggers to the law that will force Congress to review and affirmatively renew these authorities." Introduction of the Patriot Oversight Restoration Act: http://www.fas.org/irp/congress/2003_cr/s1695.html Sen. Leahy's press release on the bill: http://leahy.senate.gov/press/200310/100103g.html ID THEFT REPORT DOCUMENTS VICTIMS' FRUSTRATION, EXPENSE The Identity Theft Resource Center (ITRC) published a report detailing the effects of identity theft on victims. The report was based on a survey of 173 victims. The report found that victims spend an average 600 hours clearing their names. Thirty-four percent reported that they could not clear all the negative items from their credit reports. Seventy-three percent reported that personal information was used to open new credit reports, further showing that credit grantors' practices are inadequate. And, almost 75 percent of victims learned about the theft in a "negative" way, meaning that they were alerted to the presence of fraud by debt collectors or by being denied credit. Read the Identity Theft: The Aftermath report at: http://www.idtheftcenter.org/idaftermath.pdf OMB ISSUES PRIVACY GUIDELINES FOR FEDERAL AGENCIES On October 2nd, the Office of Management and Budget (OMB) issued guidelines to federal agencies on the implementation of privacy provisions of the E-Government Act of 2002. The guidelines govern how the agencies handle and protect individuals' personally identifiable information. Agencies will now be required to conduct privacy impact assessments of their electronic information systems and post their privacy policies on their web pages, among other stipulations. The OMB guidelines are in line with many of the privacy guidelines established by the Organization for Economic Cooperation and Development (OECD), such as purpose specification, use limitation, security and openness. However, they fail to address several important privacy issues, such as principles of collection limitation, individual participation, data quality, or accountability. In addition, they fail to limit the agencies to the collection of information that is specifically related to the stated purpose, nor do they provide a means of individual access and verification of the data. Nevertheless, they are a substantial step forward in the implementation of privacy provisions in the United States. View the OMB's guidelines at: http://www.whitehouse.gov/omb/memoranda/m03-22.html PRIVACY INTERNATIONAL RELEASES FREEDOM OF INFORMATION SURVEY Privacy International recently released a global survey entitled "Freedom of Information and Access to Government Records Around the World." Compiled by David Banisar, director of the Freedom of Information Project at Privacy International, the survey reports that more than 50 countries around the world now have Freedom of Information laws, more than half of which were passed in the last decade. It includes a detailed discussion of the laws in each of these nations. While the survey finds that access to government records and information is increasing throughout the world, it also notes that "the enactment of an FOI laws is only the beginning," and that many countries need to improve implementation of the laws. Read Privacy International's Freedom of Information Survey at: http://www.freedominfo.org/survey.htm ===================================================================== [7] EPIC Bookstore: The Challenge of Crime ====================================================================== Henry Ruth & Kevin R. Reitz, The Challenge of Crime: Rethinking Our Response, Harvard University Press (2003). http://www.powells.com/cgi-bin/biblio?inkey=2-067400891x-1 Ruth and Reitz's "The Challenge of Crime" is a refreshing analysis of crime and attempts to control it. It gives one hope that the criminal justice community can transcend fad and demagoguery in favor of a more systematic approach to crime. Suspicious of both liberal and conservative conceptions of crime control, the authors attempt to drive the crime debate "toward rational, information-driven initiatives" and away from "sheer guesswork, political rhetoric, and pervasive emotionalism." Among other things, the authors note that some of the more popular crime control programs either are ineffective, including the DARE anti-drug and militaristic "boot camp" programs, or in the case of "scared straight" programs, counterproductive. The authors suggest a crime response project that continually asks whether crime interdiction programs are effective, whether they relieve fear of crime, whether they promote justice, whether they foster respect for law, and whether the response avoids extending criminal law further that necessary to address the harms of crime. The more compelling sections of the book discuss incarceration rates in the U.S., which have been rising precipitously in the past twenty years. Other chapters address the problems posed by drugs and alcohol, juvenile crime, and interesting approaches to gun control regulation that attempt to focus on criminal use of firearms rather than general firearms control. Ruth and Reitz's book is particularly relevant today, as leading law enforcement officials continue to call for ever-increasing punishments, as Attorney General John Ashcroft did in September 2003. This age old issue even attracted comment by Alexis De Tocqueville: "In the Middle Ages, when it was very difficult to reach offenders, the judges inflicted frightful punishes on the few who were arrested ... It has since been discovered that, when justice is more certain and more mild, it is more efficacious." Ruth and Reitz's work is a call for more empiricism and "discovery," as De Tocqueville put it in criminal justice, rather than simple "tough on crime" demagoguery. --Chris Jay Hoofnagle ================================ EPIC Publications: "The Privacy Law Sourcebook 2002: United States Law, International Law, and Recent Developments," Marc Rotenberg, editor (EPIC 2002). Price: $40. http://www.epic.org/bookstore/pls2002/ The "Physicians Desk Reference of the privacy world." An invaluable resource for students, attorneys, researchers and journalists who need an up-to-date collection of U.S. and International privacy law, as well as a comprehensive listing of privacy resources. ================================ "FOIA 2002: Litigation Under the Federal Open Government Laws," Harry Hammitt, David Sobel and Mark Zaid, editors (EPIC 2002). Price: $40. http://www.epic.org/bookstore/foia2002/ This is the standard reference work covering all aspects of the Freedom of Information Act, the Privacy Act, the Government in the Sunshine Act, and the Federal Advisory Committee Act. The 21st edition fully updates the manual that lawyers, journalists and researchers have relied on for more than 25 years. For those who litigate open government cases (or need to learn how to litigate them), this is an essential reference manual. ================================ "Privacy & Human Rights 2003: An International Survey of Privacy Laws and Developments" (EPIC 2002). Price: $35. http://www.epic.org/bookstore/phr2003/ This survey, by EPIC and Privacy International, reviews the state of privacy in over fifty-five countries around the world. The survey examines a wide range of privacy issues including data protection, passenger profiling, genetic databases, video surveillance, ID systems and freedom of information laws. ================================ "Filters and Freedom 2.0: Free Speech Perspectives on Internet Content Controls" (EPIC 2001). Price: $20. http://www.epic.org/bookstore/filters2.0/ A collection of essays, studies, and critiques of Internet content filtering. These papers are instrumental in explaining why filtering threatens free expression. ================================ "The Consumer Law Sourcebook 2000: Electronic Commerce and the Global Economy," Sarah Andrews, editor (EPIC 2000). Price: $40. http://www.epic.org/cls/ The Consumer Law Sourcebook provides a basic set of materials for consumers, policy makers, practitioners and researchers who are interested in the emerging field of electronic commerce. The focus is on framework legislation that articulates basic rights for consumers and the basic responsibilities for businesses in the online economy. ================================ "Cryptography and Liberty 2000: An International Survey of Encryption Policy," Wayne Madsen and David Banisar, authors (EPIC 2000). Price: $20. http://www.epic.org/bookstore/crypto00&/ EPIC's third survey of encryption policies around the world. The results indicate that the efforts to reduce export controls on strong encryption products have largely succeeded, although several governments are gaining new powers to combat the perceived threats of encryption to law enforcement. ================================ EPIC publications and other books on privacy, open government, free expression, crypto and governance can be ordered at: EPIC Bookstore http://www.epic.org/bookstore/ "EPIC Bookshelf" at Powell's Books http://www.powells.com/features/epic/epic.html ====================================================================== [8] Upcoming Conferences and Events ====================================================================== Localizing the Internet: Ethical Issues in Intercultural Perspective. International Center for Information Ethics. October 4-6, 2004. Karlsruhe, Germany. For more information: http://icie.zkm.de/congress2004 Biometrics: Implications & Applications for Citizenship and Immigration. Citizenship and Immigration Canada. October 7, 2003. Ottawa, Canada. For more information: http://cic-forum.ca/english/. UbiComp 2003 Privacy Workshop. October 12, 2003. Seattle, WA. For more information: http://guir.berkeley.edu/pubs/ubicomp2003/privacyworkshop/ Grassroots America Defends the Bill of Rights - National Conference. Grassroots America (co-sponsored by EPIC). October 18-19, 2003. Silver Spring, MD. For more information: http://www.grassroots-america.org/. Security Laws and Privacy Seminar. Riley Information Service Inc. October 20, 2003. Ottawa, Canada. For more information: http://www.rileyis.com/seminars/index.html 8th Symposium on Privacy and Security - Identity and Anonymity in an Increasingly Interconnected World. Swiss Federal Institute of Technology. October 21-22, 2003. Zurich, Switzerland. For more information: www.privacy-security.ch Getting the Technology You Deserve: Community Participation in Regional Cable Franchise Policy. Computer Professionals for Social Responsibility. October 25, 2003. Seattle, Washington. For more information: http://www.cpsr.org/conferences/annmtg03/ ICANN Meeting. Internet Corporation for Assigned Names and Numbers. October 27-31, 2003. Carthage, Tunisia. For more information: http://www.icann.org/carthage/ IAPP Privacy and Data Security Academy and Expo. October 29-31, 2003. Chicago, IL. For more information: http://www.privacyassociation.org Business for Social Responsibility Annual Conference - Building and Sustaining Solutions. November 11-14. Los Angeles, CA. For more information: http://www.bsr.org RFID Privacy Workshop. Massachusetts Institute of Technology. November 15, 2003. Boston, Massachusetts. For more information: http://www.rfidprivacy.org American Society of Access Professionals Workshop. November 18-19, 2003. St. Louis, Missouri. For more information: http://www.acesspro.org Media Freedoms and the Arab World. The Arab Archives Institute. December 6-8, 2003. Amman, Jordan. For more information: email aainstitute@yahoo.com or see http://www.ijnet.org/FE_Article/newsarticle.asp?UILang=1&CId=115794& CIdLang=1. WHOLES - A Multiple View of Individual Privacy in a Networked World. Swedish Institute of Computer Science. January 30-31, 2004. Stockholm, Sweden. For more information: http://www.sics.se/privacy/wholes2004. Securing Privacy in the Internet Age. Stanford Law School. March 13-14, 2004. Palo Alto, CA. For more information: http://cyberlaw.stanford.edu/privacysymposium/. ====================================================================== Subscription Information ====================================================================== Subscribe/unsubscribe via Web interface: http://mailman.epic.org/cgi-bin/mailman/listinfo/epic_news Subscribe/unsubscribe via e-mail: To: epic_news-request@mailman.epic.org Subject: "subscribe" or "unsubscribe" (no quotes) Automated help with subscribing/unsubscribing: To: epic_news-request@mailman.epic.org Subject: "help" (no quotes) Problems or questions? e-mail < info@epic.org> Back issues are available at: http://www.epic.org/alert/ The EPIC Alert displays best in a fixed-width font, such as Courier. ====================================================================== Privacy Policy ====================================================================== The EPIC Alert mailing list is used only to mail the EPIC Alert and to send notices about EPIC activities. We do not sell, rent or share our mailing list. We also intend to challenge any subpoena or other legal process seeking access to our mailing list. We do not enhance (link to other databases) our mailing list or require your actual name. In the event you wish to subscribe or unsubscribe your e-mail address from this list, please follow the above instructions under "subscription information". Please contact info@epic.org if you would like to change your subscription e-mail address, if you are experiencing subscription/unsubscription problems, or if you have any other questions. ====================================================================== About EPIC ====================================================================== The Electronic Privacy Information Center is a public interest research center in Washington, DC. It was established in 1994 to focus public attention on emerging privacy issues such as the Clipper Chip, the Digital Telephony proposal, national ID cards, medical record privacy, and the collection and sale of personal information. EPIC publishes the EPIC Alert, pursues Freedom of Information Act litigation, and conducts policy research. For more information, e-mail info@epic.org, http://www.epic.org or write EPIC, 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009. +1 202 483 1140 (tel), +1 202 483 1248 (fax). If you'd like to support the work of the Electronic Privacy Information Center, contributions are welcome and fully tax-deductible. Checks should be made out to "EPIC" and sent to 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009. Or you can contribute online at: http://www.epic.org/donate/ Your contributions will help support Freedom of Information Act and First Amendment litigation, strong and effective advocacy for the right of privacy and efforts to oppose government regulation of encryption and expanding wiretapping powers. Thank you for your support. ---------------------- END EPIC Alert 10.19 ---------------------- .