EPIC logo


=======================================================================
                           E P I C  A l e r t
=======================================================================
Volume 11.01                                           January 14, 2004
-----------------------------------------------------------------------

                            Published by the
              Electronic Privacy Information Center (EPIC)
                            Washington, D.C.

             http://www.epic.org/alert/EPIC_Alert_11.01.html

======================================================================
Table of Contents
======================================================================

[1] US-VISIT Launched; U.S. Pushes for Passenger Info
[2] Defense Department Report Blasts Total Information Awareness
[3] Judge Sides With EPIC on FOIA Quick Review, But Rules for DOJ
[4] FOIA Document Covers Palladium Privacy, Unique Identifier Issues
[5] Officials Question DC Police Handling of Political Demonstrations
[6] News in Brief
[7] EPIC Bookstore: The Naked Crowd
[8] Upcoming Conferences and Events

======================================================================
[1] US-VISIT Launched; U.S. Pushes for Passenger Info
======================================================================

The United States Visitor and Immigrant Status Indicator Technology
(US-VISIT) has been launched at 115 airports and 14 seaports in the
United States.  The program, which draws on the resources of more than
twenty existing information systems and databases, compares
fingerprints and digital photographs of foreign nationals entering the
country with biometric, biographical, and travel data to determine
whether the visitor should be allowed into the United States.
US-VISIT, which is scheduled to be implemented at all ports of entry
by the end of 2005, has invoked international resentment and caused a
judge in Brazil to order the retaliatory fingerprinting and
photographing of U.S. citizens traveling to that country.

The Department of Homeland Security (DHS) has scrambled to develop and
deploy US-VISIT on the timeline set by Congress, issuing a privacy
impact assessment (PIA) just days before US-VISIT started collecting
biometric identifiers from visitors.  Agencies are required by law to
complete a PIA before developing new information technology that will
collect or store personal information electronically, so that privacy
protections are considered from the project's beginning.  Senator Joe
Lieberman (D-CT) criticized the late issuance of US-VISIT's PIA,
noting "[a]fter hundreds of millions of dollars have been invested in
the deployment of the next phase of US-VISIT, it seems highly unlikely
that agency officials would reconsider the system's design or
configuration, on the eve of deployment."

EPIC recently filed comments in response to DHS's announcement that it
will collect biometric and biographic information in the Arrival
Departure Information System (ADIS), one of US-VISIT's component
systems.  EPIC argued that DHS should not exempt ADIS from Privacy Act
requirements merely because of its use in US-VISIT because the Privacy
Act protects only individuals who are not affected by US-VISIT.  EPIC
also urged DHS to reduce its proposed 100-year data retention period
and comply with international privacy standards governing the
collection and use of personal information.

US-VISIT's deployment comes just a month after EPIC analyzed the
program's possible uses in a "friend of the court" brief submitted in
Hiibel v. Nevada, a case in which the U.S. Supreme Court will
determine whether an individual may refuse to identify himself to
police when there is no legal basis for an arrest.  The brief
identified US-VISIT as a system that may potentially be used by law
enforcement to engage in public surveillance.  The Supreme Court will
hear oral argument in the case on March 22.

For more information on US-VISIT, see EPIC's US-VISIT Page:

     http://www.epic.org/privacy/us-visit/default.html

DHS's Privacy Impact Assessment for US-VISIT is available at:

     http://www.epic.org/privacy/us-visit/us-visit_pia.pdf

EPIC's Comments on ADIS are available at:

     http://www.epic.org/privacy/us-visit/ADIS_comments.pdf

EPIC's amicus brief in Hiibel v. Nevada is available at:

      http://www.epic.org/privacy/hiibel/hiibel_amicus.pdf

For more information about the case, see EPIC's Hiibel v. Nevada Page:

      http://www.epic.org/privacy/hiibel/default.html

======================================================================
[2] Defense Department Report Blasts Total Information Awareness
======================================================================

Citing lack of foresight and the possibility of governmental abuse of
power, the Department of Defense's Inspector General has released a
report criticizing the agency's failure to consider privacy concerns
when developing the Total Information Awareness (TIA) system.

Initiated in 2002, TIA (later called Terrorism Information Awareness)
was designed to integrate information systems in order to search and
analyze vast quantities of data for indications of terrorist activity.
TIA was also intended for eventual use by domestic law enforcement.
The total budget for TIA and its 15 component programs was over half a
billion dollars.  Congress and the public repeatedly expressed concern
about TIA, particularly with respect to privacy.  The report notes
that in February 2003 Congress stopped funding for TIA until the
Pentagon "could prove that the program does not violate privacy
rights."  Funding for all but three of TIA's components was ultimately
eliminated in September 2003.

Noting that TIA was being transitioned into the operational
environment as it was being developed, the report criticizes the
agency for, among other things: failing to conduct a privacy impact
assessment (PIA); initially providing limited oversight over TIA
development; and failing to ensure that the agency's policy, privacy
and legal experts were involved.  The report concludes that the
agency's failure to formally assess privacy implications for U.S.
citizens means the Pentagon "risks spending funds to develop systems
that may be neither deployable nor used to their fullest potential
without costly revisions and retrofits."  The report recommends that a
PIA be conducted "before TIA type technology research continues" and
that a privacy official be appointed to scrutinize the development of
TIA-type technologies from a privacy perspective.

Although TIA has mostly been scrapped, this report is significant
because it suggests that a PIA should be completed for all TIA-type
technology even if no firm requirement mandates it.  In addition, the
report speaks not just to TIA but also to the development of future
TIA-type technologies.  For that reason, it may help ensure that
appropriate experts are involved in future projects and that privacy,
policy, legal and protective measures are addressed during future
TIA-type development.

The DOD Inspector General's Report is available at:

     http://www.dodig.osd.mil/audit/reports/FY04/04-033.pdf

For more information, see EPIC's Total Information Awareness page:

     http://www.epic.org/privacy/profiling/tia/

======================================================================
[3] Judge Sides With EPIC on FOIA Quick Review, But Rules for DOJ
======================================================================

A federal district court has ruled that EPIC properly filed suit
against the Department of Justice (DOJ) without first asking the
agency to reconsider its decision not to "expedite" review of a
Freedom of Information Act (FOIA) request.  However, the court
declined to order DOJ to expedite the release documents about the
efforts of federal prosecutors to oppose legislative revisions to the
controversial USA PATRIOT Act.

In August, DOJ issued a memorandum urging all U.S. Attorneys "to call
personally or meet with . . . congressional representatives" to talk
over "the potentially deleterious effects" of denying funding for
delayed notification warrants.  EPIC requested information about the
memorandum from DOJ.  EPIC also asked that its request be processed
quickly, noting that the memorandum received substantial media
coverage and raised serious questions about the propriety of the
prosecutors' lobbying efforts.  DOJ refused to expedite processing,
and EPIC filed suit in October.

EPIC argued that it was entitled to sue DOJ after the agency refused
to expedite processing, and that EPIC did not have to file an
administrative appeal of DOJ's decision before going to court.  EPIC
also asserted that DOJ should be ordered to turn over the documents
immediately because there was an urgency to inform the public about
them, and because members of Congress and the media had questioned the
appropriateness of the government's lobbying efforts in favor of the
USA PATRIOT Act.

DOJ countered with the claim that the court had no authority to
consider EPIC's complaint, because EPIC had not asked the Department
to reconsider its decision before filing suit.  The agency also argued
that media coverage of the memorandum was insubstantial and that the
memorandum raised no questions about the government's integrity.

Judge James Robertson agreed that EPIC could file suit when its
request for expedited processing was denied, and did not first have to
ask the agency to reconsider.  However, he determined that there was
no urgency to inform the public about the requested documents, nor
enough media interest shown in the subject matter to warrant expedited
precessing.

The court's ruling is available at:

     http://www.epic.org/open_gov/foia/otter-decision.pdf

EPIC's memorandum in support of its motion for a preliminary
injunction is available at:

     http://www.epic.org/open_gov/foia/otter-pi.pdf

For background information, see EPIC's USA PATRIOT Act page:

     http://www.epic.org/privacy/terrorism/usapatriot/

======================================================================
[4] FOIA Document Covers Palladium Privacy, Unique Identifier Issues
======================================================================

EPIC has obtained a document concerning Microsoft Palladium from the
National Institute of Standards and Technology (NIST) under the
Freedom of Information Act.  The document, a 32-page presentation that
bears a 2002 copyright mark, was apparently given by Michael Aday, a
senior program manager at Microsoft.  Palladium, which is currently
named the "Next Generation Secure Computing Base," is one variant of
"Trusted Computing," a set of operating system technologies being
developed primarily by Microsoft, AMD, Intel, IBM, and HP.  The
technology has profound implications for privacy and for altering the
balance of power among computer users, media companies, and software
programmers.

While Microsoft has attempted to pitch Palladium as a tool for
protecting individuals' privacy, as the presentation makes clear, the
technology could establish an infrastructure of unique user
identification and tracking.  A slide on "Policy Issues" reads in
part: "Since the Pd (Palladium) RSA key pair is unique to the
platform, what steps should we take to defend against traffic analysis
of user behavior?"  The next reads: "The Issue: Palladium uses at
least two sets of unique hardware keys . . . Essentially equivalent to
unique machine identifiers."

Trusted Computing does present some opportunity for greater computer
privacy and security.  For instance, the technology could improve
encryption key storage, it would provide for a more secure boot
process, and reduce the risk that keyloggers or other devices could
intercept passwords or communications.  However, the potential for
control of computer users cannot be underestimated.  Generally, it
will reduce user control over the computer, resulting in software
programmers being able to force upgrades, control which applications
are approved to handle media, or even erase pirated content or
applications. Depending on its implementation, the technology could
eliminate online anonymity.  It also could serve as the starting point
for ubiquitous Digital Rights Management technologies.

As Professor Ross Anderson has noted, Trusted Computing "will be more
trustworthy from the point of view of software vendors and the content
industry, but will be less trustworthy from the point of view of their
owners.  In effect, the TCG specification will transfer the ultimate
control of your PC from you to whoever wrote the software it happens
to be running."

NIST Palladium Presentation:

     http://www.epic.org/privacy/consumer/microsoft/nistpalladium.pdf

EPIC Palladium / Next Generation Secure Computing Base Page:

     http://epic.org/privacy/consumer/microsoft/palladium.html

Ross Anderson's Trusted Computing FAQ:

     http://www.cl.cam.ac.uk/~rja14/tcpa-faq.html

======================================================================
[5] Officials Question DC Police Handling of Political Demonstrations
======================================================================

On December 17 and 18, 2003, the City Council of the District of
Columbia held hearings to examine the policies and practices of the
Metropolitan Police Department regarding demonstrations within the
District.  The hearings were largely focused on police actions at
anti-globalization and anti-war demonstrations in April 2000 and
September 2002.  The Council questioned the police over numerous
accusations filed against the department including unprovoked assault,
wrongful arrest, infiltration of protestor planning meetings and
incitement of protestors to violence.  Police Chief Charles H. Ramsey
admitted that his department wasn't perfect and that it had made
mistakes in its handling of demonstrations.  However, Ramsey largely
defended his department's actions, including sending undercover police
officers to attend protestor planning meetings without any guidelines
in place regarding such activities.

EPIC sent a letter to Council Chairperson Kathy Patterson, supporting
the Council's investigation and urging the Council to also consider
the surveillance of protester activity and the maintenance of
electronic databases on protestors.  EPIC testified before the Council
in the summer of 2002 on the risks that surveillance poses to
constitutionally protected activity.  The current letter to the DC
Council cites a number of examples of police surveillance at political
protests in Washington and elsewhere.  Police are increasingly
gathering information and creating criminal intelligence files without
any reasonable suspicion of criminal activity.  This conduct will only
serve to inhibit protesters from exercising their constitutional
rights.  Until strict safeguards are implemented for surveillance and
data collection at demonstrations, the freedom of expression of
protestors, tourists, and D.C. residents will remain at risk.

The Council is expected to issue a report of its investigation in
early 2004.

The prepared statement of Charles H. Ramsey, Chief of Police, December
18, 2003 is available at:

     http://mpdc.dc.gov/news/stmts/2003/12/121803.shtm

For more information about free expression rights, see EPIC's
Protester Privacy Page:

     http://www.epic.org/privacy/protest/

EPIC's Observing Surveillance Page:

     http://www.observingsurveillance.org/

======================================================================
[6] News in Brief
======================================================================

COURT REFUSES TO HEAR CHALLENGE TO UNPRECEDENTED SECRECY

The U.S. Supreme Court refused to hear a challenge to the government's
refusal to release the names of more than 700 people who were detained
after the September 11 terrorist attacks, most of whom have been since
deported.  The case, Center for National Security, et al. v. DOJ, was
brought by several plaintiffs, including EPIC, when the government
refused to release the identities in response to a Freedom of
Information Act request submitted by a broad coalition of civil
liberties and human rights groups.

The Supreme Court docket for Center for National Security v. DOJ is
available at:

     http://www.supremecourtus.gov/docket/03-472.htm


CHECKPOINT STOPS OKAY IN CRIMINAL INVESTIGATIONS

This week, in a 6-3 ruling, the U.S. Supreme Court held that police
roadblocks are permissible when their purpose is to seek information
regarding criminal activity.  A man had challenged the police's
ability to set up roadblocks when he was arrested for intoxication
while stopped at a roadblock created to gather tips about a recent
hit-and-run.  The case, Illinois v. Lidster, is the latest development
in the legal status of roadblocks.  In 2000, the Court held that
roadblocks for drug searches violated motorists' Fourth Amendment
right of privacy.

The Supreme Court docket for Illinois v. Lidster is available at:

     http://www.supremecourtus.gov/docket/02-1060.htm


IRS TO FLAG FREE FILE TAXPAYERS

The Internal Revenue Service (IRS) announced that it will use
electronic flags to identify taxpayers filing through Free File, an
IRS effort with private companies to provide free electronic tax
filing to taxpayers. According to IRS Director of Electronic Tax
Administration Terry Lutes, the identification of Free File taxpayers
is essential to measuring the effectiveness of the Free File program
and marketing, in its second year.  The Free File program is part of
an IRS effort to increase electronic filing among taxpayers.  However,
the tax software providers in the Free File program have strongly
criticized the flagging of Free File taxpayers.  Intuit, publisher of
TurboTax, has stated that its software will not identify Free File
users. TaxBrain, another Free File provider, has announced plans to
withdraw from the Free File program.  H & R Block, while remaining
within the Free File program, has concerns about the identification,
according to H & R Block Vice President Mark Ciaramitaro.

IRS Free File Page:

     http://www.irs.gov/efile/article/0,,id=118986,00.html

For more information about the IRS, see the EPIC IRS Page:

     http://www.epic.org/privacy/databases/irs/

EPIC's Letter to the Department of Treasury warning of misuse of
personal filing information by Free File companies is available at:

     http://www.pirg.org/consumer/ral03march.pdf


FAIRFAX COUNTY, VA GOP REPORT CRITICIZES E-VOTING SYSTEMS

A report released last week by the Fairfax County, Virginia Republican
Party strongly criticized the use of touch screen "e-voting" system in
last November's local elections.  The report declared that the new
voting machines were  "a failure" and that local officials lacked
proper recovery policies, citing technical and procedural problems
described in numerous accounts from both precinct workers and voters. 
The report further called for state regulations to guide local
election boards.  The November 2003 election was the first where
Fairfax County used new touch screen voting machines made by Advanced
Voting Solutions.  Nearly 1000 of these touch screen machines were
purchased last year by Fairfax County for $3.5 million.

National Committee for Voting Integrity:

     http://www.votingintegrity.org

Verified Voting Coalition

     http://www.verifiedvoting.com

For more information about electronic voting, see EPIC's Voting Page:

     http://www.epic.org/privacy/voting/


SEN. LIEBERMAN ANNOUNCES PRIVACY PLAN

Democratic presidential hopeful Joe Lieberman has vowed to introduce
new protections for personal privacy and to break the "Bush Wall of
Secrecy" in the federal government.  Comparing President Bush to the
Nixon administration, Lieberman blamed Bush for "failing to safeguard
information that ought to stay private while keeping secret
information that ought to be public."  Lieberman's plan includes the
establishment of a high-level Electronic Privacy Task Force and
protections regarding identity theft, financial information, social
security numbers, medical information and information about children.
With respect to government information, Lieberman's plan includes a
reversal of Attorney General Ashcroft's memorandum restricting the
release of information by agencies under the Freedom of Information
Act.

Sen. Lieberman's Plan To Protect Personal Privacy And Break The Bush
Wall Of Secrecy is available at:

     http://www.joe2004.com/site/News2?page=NewsArticle&id=6672

======================================================================
[7] EPIC Bookstore: The Naked Crowd
======================================================================

The Naked Crowd: Reclaiming Security and Freedom in an Anxious Age,
by Jeffrey Rosen (Random House 2004)

     http://www.powells.com/cgi-bin/biblio?inkey=62-0375508007-0

In the weeks and months following 9-11, the public accepted many new
incursions into personal privacy.  Airline passengers removed their
shoes and stood arms outspread as uniformed officials peered through
their carry-on baggage.  The Department of Homeland Security proposed
to color code all passengers based on the likelihood that they might
commit a terrorist act.  Banks asked new customers to provide detailed
information that would be promptly transferred to federal
investigators.  This year, visitors entering the United States from
other countries are fingerprinted and photographed.  And the
biometrics now being obtained from non-U.S. citizens will soon be
required of U.S. citizens.

Whether any of these measures has actually made the country safer is
not an easy question to answer.  The government's desire for
information about the public seems matched only by its own excessive
claims of secrecy.  But what does seem clear is the willingness of the
public, at least in some circumstances, to allow intrusions that
before 9-11 would be quickly called "Orwellian" or, more precisely,
the telltale symbols of a hi-tech police state.

Jeff Rosen's new book "The Naked Crowd" is a timely and thoughtful
response to the challenge that the American public faces today in
preserving freedom.  Although it recalls Vance Packard's popular "The
Naked Society" of the '60s, Rosen is more Tocqueville than Packard. He
is less concerned with blowing the whistle on Big Government and Big
Business and more interested in trying to understand how Americans,
with their unique strengths and weaknesses, should best respond.

The question is whether a society enamored of reality TV and willing
to post intimate personal details on a web log for thousands to view
is prepared to assert a right of privacy and to do so in a way that
reflects broad respect for the value of individuality and not simply
coarse self-interest.  The answer is possibly.

Rosen looks to the Congress more than the courts as the main line of
defense as new proposals for surveillance are set forward.  He
describes several of the significant victories of the last few years,
including the collapse of John Poindexter's Total Information
Awareness program and the defeat of a National ID card proposal.
Though Congress did pass the badly misnamed USA PATRIOT Act, by
comparison to a deferential and timid judiciary, it has been more
willing to draw lines in the post-9-11 world.

Rosen also proposes that new technologies be developed to enhance
security while simultaneously safeguarding privacy.  He cites the
advantages of a "blob machine" that could reveal hidden weapons on an
airline passenger as compared to the "naked machine" that would reveal
the nude images of all airline passengers.  A blob machine would
accomplish the security goal without the privacy infringements.

Still, skeptics may well ask whether a public willing to express a
preference for the blob machine over the naked machine will also be
willing to do the hard work of ensuring that the blob machine does not
mutate.  Already many of the surveillance systems upgraded since 9-11,
such as the US VISIT program, established to track entry and exit at
the border, are breaking out of their privacy chains.  If US-VISIT is
eventually merged with passenger profiling and other government
databases, which seems to be the desire of all the stovepipe bashers
in Washington, then these limited systems of surveillance will quickly
congeal.  In other words, a bunch of blob machines networked together
will create a virtual naked machine.

Even Rosen's courageous, pragmatic, post-911 American may not
understand what has happened until it is too late.

In the end, Jeffrey  Rosen and Vance Packard are not so far apart.
Packard opened his classic with the warning from Judge Learned Hand
that freedom lies in the hearts of the people.  Rosen, as well,
believes a well informed public, willing to defend its freedoms, and
able to assess risk and to take steps to be safe rather than simply
feel safe is the best hope for preserving freedom after 9-11.

- Marc Rotenberg

                      ================================

EPIC Publications:

"The Privacy Law Sourcebook 2002: United States Law, International
Law, and Recent Developments," Marc Rotenberg, editor (EPIC 2002).
Price: $40. http://www.epic.org/bookstore/pls2002/

The "Physicians Desk Reference of the privacy world."  An invaluable
resource for students, attorneys, researchers and journalists who need
an up-to-date collection of U.S. and International privacy law, as
well as a comprehensive listing of privacy resources.

                      ================================

"FOIA 2002: Litigation Under the Federal Open Government Laws," Harry
Hammitt, David Sobel and Mark Zaid, editors (EPIC 2002). Price: $40.
http://www.epic.org/bookstore/foia2002/

This is the standard reference work covering all aspects of the
Freedom of Information Act, the Privacy Act, the Government in the
Sunshine Act, and the Federal Advisory Committee Act.  The 21st
edition fully updates the manual that lawyers, journalists and
researchers have relied on for more than 25 years.  For those who
litigate open government cases (or need to learn how to litigate
them), this is an essential reference manual.

                      ================================

"Privacy & Human Rights 2003: An International Survey of Privacy Laws
and Developments" (EPIC 2002). Price: $35.
http://www.epic.org/bookstore/phr2003/

This survey, by EPIC and Privacy International, reviews the state of
privacy in over fifty-five countries around the world.  The survey
examines a wide range of privacy issues including data protection,
passenger profiling, genetic databases, video surveillance, ID systems
and freedom of information laws.

                      ================================

"Filters and Freedom 2.0: Free Speech Perspectives on Internet Content
Controls" (EPIC 2001). Price: $20.
http://www.epic.org/bookstore/filters2.0/

A collection of essays, studies, and critiques of Internet content
filtering.  These papers are instrumental in explaining why filtering
threatens free expression.

                      ================================

"The Consumer Law Sourcebook 2000: Electronic Commerce and the Global
Economy," Sarah Andrews, editor (EPIC 2000). Price: $40.
http://www.epic.org/cls/

The Consumer Law Sourcebook provides a basic set of materials for
consumers, policy makers, practitioners and researchers who are
interested in the emerging field of electronic commerce.  The focus is
on framework legislation that articulates basic rights for consumers
and the basic responsibilities for businesses in the online economy.

                      ================================

"Cryptography and Liberty 2000: An International Survey of Encryption
Policy," Wayne Madsen and David Banisar, authors (EPIC 2000). Price:
$20.  http://www.epic.org/bookstore/crypto00&/

EPIC's third survey of encryption policies around the world.  The
results indicate that the efforts to reduce export controls on strong
encryption products have largely succeeded, although several
governments are gaining new powers to combat the perceived threats of
encryption to law enforcement.

                      ================================

EPIC publications and other books on privacy, open government, free
expression, crypto and governance can be ordered at:

        EPIC Bookstore
        http://www.epic.org/bookstore/

       "EPIC Bookshelf" at Powell's Books
        http://www.powells.com/features/epic/epic.html

======================================================================
[8] Upcoming Conferences and Events
======================================================================

WHOLES - A Multiple View of Individual Privacy in a Networked World.
Swedish Institute of Computer Science. January 30-31, 2004.
Stockholm, Sweden.  For more information:
http://www.sics.se/privacy/wholes2004.

Fear: Its Political Uses And Abuses, featuring Vice President Al Gore
as Keynote Speaker.  Social Research Journal.  February 5-7, 2003. New
York, New York.  For more information: http://www.socres.org/fear.

The New Fair Credit Reporting Act.  Privacy & American Business.
February 9-10, 2004.  Washington, DC.  Email info@pandab.org.

O'Reilly Emerging Technology Conference.  February 9-12, 2004.  San
Diego, CA.  For more information:
http://conferences.oreilly.com/etech.

Antiterrorism and the Security Agenda: Impacts on Rights, Freedoms,
and Democracy.  International Civil Liberties Monitoring Group.
February 17, 2004.  Ottawa, Ontario, Canada.  Email
publicforum@iclmg.ca.

IAPP 4th Annual Privacy & Security Summit & Expo.  February 18-20,
2004.  Washington, DC.  For more information:
http://www.privacyassociation.org/html/conferences.html.

RSA Conference 2004 - The Art of Information Security.  February
23-27, 2004.  San Francisco, CA.  For more information:
http://www.rsaconference.com.

Third Conference on Privacy and Public Access to Court Records.
Courtroom 21 Project.  February 27-28, 2004.  Williamsburg, VA.  For
more information: http://www.courtroom21.net.

Securing Privacy in the Internet Age.  Stanford Law School.  March
13-14, 2004.  Palo Alto, CA.  For more information:
http://cyberlaw.stanford.edu/privacysymposium/.

CFP2004: 14th Annual Conference on Computers, Freedom, and Privacy.
Association for Computing Machinery (ACM).  April 20-23, 2004.
Berkeley, CA.  For more information: http://www.cfp2004.org/.

2004 IEEE Symposium on Security and Privacy.  IIEEE Computer Society
Technical Committee on Security and Privacy, in cooperation with the
International Association for Cryptologic Research (IACR).  May 9-12,
2004. Oakland, CA.  For more information:
http://www.cs.berkeley.edu/~daw/oakland04-cfp.html.

International Conference on Data Privacy and Security in a Global
Society.  Wessex Institute.  May 11-13, 2004.  Skiathos, Greece.  For
more information:
http://www.wessex.ac.uk/conferences/2004/datasecurity04/index.html.

The Third Annual Workshop on Economics and Information Security.
University of Minnesota Digital Technology Center.  May 13-14, 2004.
Minneapolis, MN.  For more information:
http://www.dtc.umn.edu/weis2004/.

Workshop on Privacy Enhancing Technologies.  University of Toronto.
May 26-28, 2004. Toronto, Canada.  For more information:
http://petworkshop.org/2004/.

Access & Privacy Conference 2004: Sorting It Out.  Government Studies,
Faculty of Extension.  June 10-11, 2004.  University of Alberta.
Edmonton, Alberta, Canada.  For more information:
http://www.govsource.net/programs/iapp/conference/main.nclk.

O'Reilly Open Source Convention.  July 26-30, 2004.  Portland, OR. For
more information: http://conferences.oreilly.com/oscon.

First Conference on Email and Anti-Spam.  American Association for
Artificial Intelligence and IEEE Technical Committee on Security and
Privacy.  July 30-31, 2004.  Mountain View, CA.  For more information:
http://www.ceas.cc/.

Crypto 2004: The Twenty-Fourth Annual IACR Crypto Conference.
International Association for Cryptologic Research, IEEE Computer
Society Technical Committee on Security and Privacy, and the Computer
Science Department of the University of California, Santa Barbara.
Santa Barbara, CA. August 15-19, 2004.  For more information:
http://www.iacr.org/conferences/crypto2004/.

======================================================================
Subscription Information
======================================================================

Subscribe/unsubscribe via Web interface:

       http://mailman.epic.org/cgi-bin/mailman/listinfo/epic_news

Subscribe/unsubscribe via e-mail:

       To: epic_news-request@mailman.epic.org
       Subject: "subscribe" or "unsubscribe" (no quotes)

Automated help with subscribing/unsubscribing:

       To: epic_news-request@mailman.epic.org
       Subject: "help" (no quotes)

Problems or questions? e-mail < info@epic.org >

Back issues are available at: http://www.epic.org/alert/

The EPIC Alert displays best in a fixed-width font, such as Courier.

======================================================================
Privacy Policy
======================================================================

The EPIC Alert mailing list is used only to mail the EPIC Alert and to
send notices about EPIC activities.  We do not sell, rent or share our
mailing list.  We also intend to challenge any subpoena or other legal
process seeking access to our mailing list.  We do not enhance (link
to other databases) our mailing list or require your actual name.

In the event you wish to subscribe or unsubscribe your e-mail address
from this list, please follow the above instructions under
"subscription information".  Please contact info@epic.org if you would
like to change your subscription e-mail address, if you are
experiencing subscription/unsubscription problems, or if you have any
other questions.

======================================================================
About EPIC
======================================================================

The Electronic Privacy Information Center is a public interest
research center in Washington, DC.  It was established in 1994 to
focus public attention on emerging privacy issues such as the Clipper
Chip, the Digital Telephony proposal, national ID cards, medical
record privacy, and the collection and sale of personal information.
EPIC publishes the EPIC Alert, pursues Freedom of Information Act
litigation, and conducts policy research.  For more information,
e-mail info@epic.org, http://www.epic.org or write EPIC, 1718
Connecticut Ave., NW, Suite 200, Washington, DC 20009. +1 202 483 1140
(tel), +1 202 483 1248 (fax).

If you'd like to support the work of the Electronic Privacy
Information Center, contributions are welcome and fully
tax-deductible.  Checks should be made out to "EPIC" and sent to 1718
Connecticut Ave., NW, Suite 200, Washington, DC 20009. Or you can
contribute online at:

       http://www.epic.org/donate/

Your contributions will help support Freedom of Information Act and
First Amendment litigation, strong and effective advocacy for the
right of privacy and efforts to oppose government regulation of
encryption and expanding wiretapping powers.

Thank you for your support.

---------------------- END EPIC Alert 11.01 ----------------------

.