EPIC Alert 17.04
======================================================================= E P I C A l e r t ======================================================================= Volume 17.04 February 25, 2010 ----------------------------------------------------------------------- Published by the Electronic Privacy Information Center (EPIC) Washington, D.C. http://www.epic.org/alert/epic_alert_1704.html "Defend Privacy. Support EPIC." http://epic.org/donate ======================================================================= Table of Contents ======================================================================= [1] EPIC Urges Court to Reject Google Books Settlement [2] Lawsuit Alleges School Used Laptops to Spy on Students at Home [3] EPIC Submits Statement on Location Privacy [4] EPIC Urges FTC to Investigate Google Buzz [5] EPIC Submits Statement to Congress on Google, NSA, Cybersecurity [6] News in Brief [7] EPIC Bookstore: "The Peep Diaries" [8] Upcoming Conferences and Events - TAKE ACTION: Stop Airport Strip Searches - JOIN Facebook Group "Stop Airport Strip Searches" and INVITE Friends to JOIN - DISPLAY the IMAGE http://thepublicvoice.org/nakedmachine.jpg - SUPPORT EPIC http://www.epic.org/donate/ ======================================================================= [1] EPIC Urges Court to Reject Google Books Settlement ======================================================================= On February, 18, 2010, the federal district court in New York heard arguments from opponents and supporters at the Google Books Settlement Fairness Hearing. The Settlement had previously undergone amendments after a variety of parties, including EPIC, the DOJ, and Privacy Authors, had objected to it on copyright, antitrust, and privacy grounds. Even after revisions, the Google Books Settlement still failed to address antitrust, privacy, and copyright concerns, according the the US Justice Department, privacy advocates, and academic authors. On February 4, the Justice Department filed a brief and issued a statement opposing the revised settlement. The Department said the revisions still ran afoul of authors' copyrights and did not fix antitrust problems. EPIC also continued to object to the settlement because it does not contain adequate privacy protections for readers. On February 4, EPIC informed the court of its intent to appear at the Fairness Hearing on behalf of users' privacy interests. At the Fairness Hearing, EPIC President, Marc Rotenberg, urged Judge Denny Chin to reject the revised settlement now before the court in Authors Guild v. Google. Mr. Rotenberg said that the settlement would "turn upside down" well established safeguards for reader privacy, including state privacy laws, library confidentiality obligations, and the development of techniques that minimize privacy intrusions. Mr. Rotenberg warned that the settlement would eviscerate legal safeguards for library patrons, commercialize access to information, consolidate Google's control of the Internet, and put in place an elaborate system of user authentication and watermarking. "A person at any library or any university in the United States that attempted to retrieve information from Google's digital library would be uniquely tagged and tracked. There is simply no precedent for the creation of such power." Judge Chin said at the beginning of the hearing "To end the suspense, I am not going to rule today. There is just too much to digest. And however I come out, I want to write an opinion that explains my reasoning." Rotenberg's Argument (transcript excerpt) http://epic.org/privacy/googlebooks/EPIC_fairness_hearing_trans.pdf Complete hearing transcript http://www.epic.org/redirect/022510fairnesshringtrsp.html The Laboratorium (Grimmelman site on Google Book Settlement) http://laboratorium.net/ Google Books, Proposed Settlement (Revised) http://www.googlebooksettlement.com Academic Authors', Objections to Revised Settlement http://www.epic.org/redirect/021210academicauthobj.html Justice Department, Brief http://thepublicindex.org/docs/amended_settlement/usa.pdf Justice Department, Statement (February 4, 2010) http://www.justice.gov/opa/pr/2010/February/10-opa-128.html EPIC: Google Books and Privacy http://epic.org/privacy/googlebooks/default.html EPIC: Google Books Litigation http://epic.org/privacy/googlebooks/litigation.html EPIC: Google Books: Policy Without Privacy http://epic.org/privacy/googlebooks/policy.html ======================================================================= [2] Lawsuit Alleges School Used Laptops to Spy on Students at Home ======================================================================= Parents of a student attending Harriton High School filed a lawsuit against the Lower Merion School District in Pennsylvania for using school-issued laptop web cameras to spy on students. Court papers charge that the school district is in violation of the Electronic Communications Privacy Act, the Fourth Amendment, the Pennsylvania Wiretapping and Electronic Surveillance Act and Pennsylvania common law. The lawsuit arose when the high school's assistant principle, Lindy Matsko, informed one of the students that the School District believed he was engaged in improper behavior in his home. Ms. Matsko then cited evidence of a photograph from the students' laptop webcam as evidence of his wrongdoing. Lower Merion School District acknowledges that it did install web camera spyware on laptops issued to students and provided no notice to parents or students regarding the district’s ability to remotely access, capture images of the surroundings, and screenshot information on users. The technology also allowed global positioning data, IP address capture, domain name service logging, as well as recording of date, and times information. The school district states that it only used this capability 42 times during the 2009-2010 academic school year to located reported "stolen" laptops. Laptops were only allowed to contain software installed by the school district, which purchased the Apple Laptops. The Lower Merion School District student handbook states that the laptops was to be used for "educational purposes." The list of "Laptop Capabilities at home" enabled a wide range of Macintosh social networking and user engaging applications such as ichat, iTunes, iweb, ichat, iphoto. The school district nor the school is reported to have used Apple parental controls to limit the time of day the computer would be available nor the use of Apple social networking features. The "Getting Started Guide" states that the same laptop would be issued to the same students throughout their time at the school. Complaint http://privacy.org/PA_Webcam-case.pdf EPIC: Children's Privacy http://epic.org/privacy/kids/ Lower Merion School District: Statement 2/19/2010 http://www.epic.org/redirect/022510schoolsmt.html Lower Merion School District: Student Guide http://epic.org/privacy/kids/harriton-student_guide.pdf Lower Merion School District: Getting Started Guide http://epic.org/privacy/kids/getting_started.pdf Lower Merion School District, Laptop Capabilities (Screenshot) http://epic.org/privacy/kids/laptop_home_capabilities.jpg ======================================================================= [3] EPIC Submits Statement on Location Privacy ======================================================================= EPIC submitted statements for a February 24 joint hearing on "The Collection and Use of Location Information for Commercial Purposes." The hearing was held by House Subcommittee on Communications, Technology, and the Internet and the Subcommittee on Commerce, Trade, and Consumer Protection. EPIC argued that as mobile devices have become ubiquitous in modern society and their use becomes common among younger children, it is important that clear standards are formulated in order to protect the privacy of users. EPIC cited the growing uses of location data for advertising and tracking purposes, typically without any legal protections, and noted widespread support among US and European consumer organizations for clear protections. EPIC recommended that Congress establish strong rules, similar to those in the European Union Eprivacy Directive, that would give users meaningful control over their locational data. Specifically, EPIC recommended that the government create regulations to require that location information not be collected or shared with out affirmative user consent, that users be informed about the type and purpose of the data being collected, that location data not be stored beyond delivery of location-based services unless it is being kept for billing purposes or being anonymized. EPIC had previously recommended that the FCC establish guidelines for the protection of users' locational privacy. In its previous comments, EPIC recognized that locational tracking technologies "enable the creation of detailed daily itineraries for millions of consumers, [and] have the potential to fundamentally alter the nature and use of wireless communications systems." EPIC encouraged the FCC to enact rules that would give consumers "meaningful control over the collection and use of location data." EPIC: Statement for the Record http://epic.org/events/Locational_Data_Stmt.pdf Hearing Notice http://www.epic.org/redirect/022510hrgnotice.html Eprivacy Directive http://www.epic.org/redirect/022510eprivdirective.html EPIC: Previous Comments to FCC http://www.epic.org/privacy/wireless/epic_comments.pdf EPIC: Consumer Proprietary Network Information http://www.epic.org/privacy/cpni ======================================================================= [4] EPIC Urges FTC to Investigate Google Buzz ======================================================================= EPIC has filed a complaint with the Federal Trade Commission (FTC), urging the FTC to open an investigation into Google Buzz. Google tried to transform its popular email service, Gmail, into an untested social networking service. As a consequence, Google transformed users' most frequent address book contacts into publicly viewable social networking contacts. The change to Google's email service was widely opposed by users, and prompted Google to undergo two rounds of modifications to the Buzz service. Despite these changes, Google Buzz is still an opt-out service. EPIC filed its complaint on February 16, 2010, arguing that the changes to Buzz are not sufficient to protect the privacy of Gmail users. EPIC's complaint cites clear harms to service subscribers, and alleges that the change in business practices "violated user expectations, diminished user privacy, contradicted Google's privacy policy, and may have violated federal wiretap laws." EPIC asserts that email providers have a responsibility to safeguard the personal information that users provide and Google has failed to fulfill this responsibility. The complaint urges the FTC to require Google to make the Buzz service fully opt-in, to stop using Gmail users' private address book contacts to compile social networking lists, and to give Google users meaningful control over their personal data. EPIC also noted that the FTC has failed to take action in response to EPIC's previous complaint, involving Google and Cloud Computing services. EPIC: FTC Complaint: In re Google Buzz http://epic.org/privacy/ftc/googlebuzz/GoogleBuzz_Complaint.pdf Google: About Google Buzz http://www.google.com/buzz EPIC: Google and Cloud Computing Services http://epic.org/privacy/cloudcomputing/google/ EPIC: In re Google Buzz http://epic.org/privacy/ftc/googlebuzz ======================================================================= [5] EPIC Submits Statement to Congress on Google, NSA, Cybersecurity ======================================================================= EPIC submitted a statement for the record for a House Foreign Affairs Committee hearing on Google and U.S. Cyberspace Policy. The hearing was titled "The Google Predicament: Transforming U.S. Cyberspace Policy to Advance Democracy, Security, and Trade" and was scheduled for February 10, 2010. EPIC's statement recommended investigation into the newly-announced partnership between Google and the National Security Agency. It also urged the committee to call for the public release of National Security Presidential Directive 54, the secret document that grants the NSA broad surveillance authority in cyberspace. The EPIC statement urged the Congressional Committee to support US ratification of the Council of Europe Convention on Privacy, also known as Convention 108. Twenty-nine experts in privacy and technology recently sent a letter to Secretary of State Clinton regarding this issue and encouraging United States ratification of the treaty. Finally, the EPIC statement for the record directed the Committee's attention to the actions by the European Parliament civil liberties committee, which had, shortly before the hearing, declined to make permanent an agreement with the United States regarding access to electronic bank transfer information. In the days after EPIC's statement was submitted, the European Parliament voted to end the agreement, citing violations of European privacy laws. EPIC: Statement for the Record http://www.epic.org/redirect/022510cybersec.html House Foreign Affairs Committee Hearing http://www.epic.org/redirect/022510foraffcommhrg.html Council of Europe Privacy Convention http://conventions.coe.int/Treaty/EN/Treaties/Html/108.htm Experts' Letter to Secretary Clinton http://epic.org/2010/01/experts-urge-secretary-clinton.html ======================================================================= [6] News in Brief ======================================================================= EPIC and Ralph Nader Urge President Obama to Suspend Body Scanners EPIC's Marc Rotenberg and consumer advocate Ralph Nader have sent a letter to President Obama, urging the suspension of funding for the body scanner program pending an assessment by an independe board of review. The recommendation follows a joint workshop sponsored by EPIC and Center for Study of Response Law. The event included two panels, the first of which focused on the problems with body scanners, and the second of which dealt with the political opportunities that exist to combat the widespread utilization of the scanners. The event included talks by experts on radiation, airport security, religious and constitutional ramifications of whole body imaging, and the international response to whole body imaging machines. EPIC Staff Counsel, Ginger McCall, discussed documents that EPIC recently received that reveal that the machines can store and transmit images. Katitiza Rodriguez, director of EPIC's International Privacy Project, discussed the EU's decision to postpone the use of these machines until a full privacy and health risk assessment can be completed. EPIC, Ralph Nader, Letter (Feb. 25, 2010) http://www.epic.org/redirect/022510epicnaderltr.html Center for Study of Responsive Law http://www.csrl.org/ Ralph Nader http://www.nader.org/ EPIC: Whole Body Imaging http://epic.org/privacy/airtravel/backscatter/ EPIC: Air Travel Privacy http://epic.org/privacy/airtravel/ Pew Research Center Releases New Report on Future of the Internet The Pew Research Center has released its fourth annual "The Future of the Internet" report. The report, part of the Center's Internet and American Life Project, surveyed the views of technology experts, stakeholders, and critics regarding their expectations about the changes and the future of the internet. When asked to share his view "about the future of anonymous activity online," EPIC Executive Director Marc Rotenberg explained, "The privacy and civil liberties battles over the next decade will increasingly focus on the growing demands for identity credentials. New systems for authentication will bring new problems as more identity information will create new opportunities for criminals." Pew Research Center http://pewresearch.org/ Pew Research Center: "The Future of the Internet" Report http://www.epic.org/redirect/022510futintstud.html Internet and American Life Project http://www.pewinternet.org/ European Parliament Rejects Data Disclosure Deal EPIC and Privacy International praised a vote in the European Parliament that rejected the transfer of finacial records to the United States under an interim agreement. Members of the parliament stated the proposed agreement lacked adequate privacy safeguards, and was a disproportionate response to U.S. concerns about terrorism that also lacked reciprocity. Simon Davies, Director General of Privacy International in London, said that the vote offered hope that political insitutions could respond effectively to new privacy challenges. "It has taken several years to gather the political will to stop this massive violation of privacy in Europe. But today is a very good day, a milestone in the long history of privacy campaigning." In 2006 Privacy International launched a campaign in 33 European countries, urging close scrutiny of the original SWIFT banking deal shortly after it came to light that United States officials routinely accessed financial records of European citizens without appropriate legal authority. Several national Parliaments, as well as the US Congress, will soon be facing similar votes on security measures involving international data transfers, and proposals for systems of biometric identification and airport body scanners. Both organisations vowed to scrutinise any further proposed deals between the US and Europe. EuroParliament: SWIFT VOTE : European Parliament votes down agreement with the US http://www.epic.org/redirect/021210swiftvotedown.html EPIC: Spotlight on Surveillance on the SWIFT program http://www.epic.org/privacy/surveillance/spotlight/0606/ European Parliament, Is Transatlantic Data Protected? (March 26, 2007) http://www.epic.org/redirect/EP-0307.html Article 29 Working Group: opinion on the processing of personal data by the Society for Worldwide Interbank Financial Telecommunication (SWIFT) http://www.epic.org/redirect/021210art29wkggrp.html Privacy International Launches Campaign to Suspend Unlawful Activities of Finance Giant http://www.epic.org/redirect/021210privintl.html Federal Appeals Court Hears Arguments in Location Privacy Case The Third Circuit Court of Appeals considered this week whether the government must obtain a warrant prior to obtaining location data from an electronic communications service provider. The case centers on access to cell phone records that were used to help crack a bank robbery investigation. In a related case, the Massachusetts Supreme Court recently held that a warrant would be required for the use of a GPS tracking device. EPIC filed an amicus brief in that case. District Court Opinion: In re The Application of the United States of America for an Order Directing a Provider of Electronic Communication Service to Disclose Records to the Government http://www.epic.org/redirect/022510opinion.html Massachusetts Supreme Court Opinion in Commonwealth v. Connolly http://www.socialaw.com/slip.htm?cid=19402&sid=120 EPIC: Amicus Brief in Commonwealth v. Connolly http://epic.org/privacy/connolly/042009amicus.pdf EPIC: Commonwealth v. Connoll http://epic.org/privacy/connolly/ ======================================================================= [7] EPIC Bookstore: "The Peep Diaries" by Hal Niedzviecki ======================================================================= Overshare (verb): to divulge excessive personal information, as in a blog or broadcast interview, prompting reactions ranging from alarmed discomfort to approval. -Word of the year 2008, Webster's New World Dictionary In Hal Niedzviecki's The Peep Diaries, Niedzviecki explores this concept of "oversharing" information. He describes the increasing popularity of divulging sometimes mundane, sometimes grotesque images and stories to an audience of strangers. In today's "peeping tom" society, Americans use blogs, Facebook, Twitter, and You Tube as outlets to share information about themselves, while indulging in reality television to stare into the lives of others. For four chapters, Niedzviecki describes "peep culture," and argues that this oversharing on the internet leads to a disconnect between people, and a breakdown of the notion of community. This idea is further illustrated in his final chapter, where Niedzviecki invites his 700 Facebook friends to a bar, and only one decides to show. Niedzviecki's arguments fall short, however, in Chapters 5 and 6, with his discussions of domestic surveillance and privacy. In Chapter 5, Niedzviecki reflects on "spying" on his wife's daily travels via a camera installed in her car. He fails to discuss government surveillance in any real depth, apart from a brief history of CCTV cameras, but rather focuses on using cameras to survey neighbors, nannies, and loved ones. According to Niedzviecki, "We're not afraid of the surveillance state. We're afraid of the gaps in our culture of surveillance We embrace surveillance because we're terrified of disappearing 'without a trace.'" In Chapter 6, Niedzviecki makes clear he is of the mindset of Dave Sifry (Technorati CEO who claimed "privacy is dead") and Scott McNealy (Sun Microsystems CEO who famously said, "You already have zero privacy-get over it"). According to Niedzviecki, privacy "isn't much of a priority for us... many of us don't value our privacy nearly as much as the possibility of meaningful connection, convenience, and rewards like attention and even remuneration." While people are increasingly using social networking sites and sharing information online, Niedzviecki fails to consider that users do maintain an expectation of privacy while using these sites. Users do care about their privacy, and this is made clear by examples such as Facebook Beacon, Facebook's February 2009 change in Terms of Service, and Google Buzz - all of which were met with widespread user opposition causing the companies to make changes to increase privacy protections. While Niedzviecki's reflections throughout the book were interesting, his analyses seemed superficial and incomplete. The last few sentences of Chapter 6 summed up the book well. Niedzviecki writes, "What's the moral of this story? There isn't a clear one." --Kim Nguyen ================================ EPIC Publications: "Litigation Under the Federal Open Government Laws 2008," edited by Harry A. Hammitt, Marc Rotenberg, John A. Verdi, and Mark S. Zaid (EPIC 2008). Price: $60. http://epic.org/bookstore/foia2008/ Litigation Under the Federal Open Government Laws is the most comprehensive, authoritative discussion of the federal open access laws. This updated version includes new material regarding the substantial FOIA amendments enacted on December 31, 2007. Many of the recent amendments are effective as of December 31, 2008. The standard reference work includes in-depth analysis of litigation under Freedom of Information Act, Privacy Act, Federal Advisory Committee Act, Government in the Sunshine Act. The fully updated 2008 volume is the 24th edition of the manual that lawyers, journalists and researchers have relied on for more than 25 years. ================================ "Information Privacy Law: Cases and Materials, Second Edition" Daniel J. Solove, Marc Rotenberg, and Paul Schwartz. (Aspen 2005). Price: $98. http://www.epic.org/redirect/aspen_ipl_casebook.html This clear, comprehensive introduction to the field of information privacy law allows instructors to enliven their teaching of fundamental concepts by addressing both enduring and emerging controversies. The Second Edition addresses numerous rapidly developing areas of privacy law, including: identity theft, government data mining and electronic surveillance law, the Foreign Intelligence Surveillance Act, intelligence sharing, RFID tags, GPS, spyware, web bugs, and more. Information Privacy Law, Second Edition, builds a cohesive foundation for an exciting course in this rapidly evolving area of law. ================================ "Privacy & Human Rights 2006: An International Survey of Privacy Laws and Developments" (EPIC 2007). Price: $75. http://www.epic.org/phr06/ This annual report by EPIC and Privacy International provides an overview of key privacy topics and reviews the state of privacy in over 75 countries around the world. The report outlines legal protections, new challenges, and important issues and events relating to privacy. Privacy & Human Rights 2006 is the most comprehensive report on privacy and data protection ever published. ================================ "The Public Voice WSIS Sourcebook: Perspectives on the World Summit on the Information Society" (EPIC 2004). Price: $40. http://www.epic.org/bookstore/pvsourcebook This resource promotes a dialogue on the issues, the outcomes, and the process of the World Summit on the Information Society (WSIS). This reference guide provides the official UN documents, regional and issue-oriented perspectives, and recommendations and proposals for future action, as well as a useful list of resources and contacts for individuals and organizations that wish to become more involved in the WSIS process. ================================ "The Privacy Law Sourcebook 2004: United States Law, International Law, and Recent Developments," Marc Rotenberg, editor (EPIC 2005). Price: $40. http://www.epic.org/bookstore/pls2004/ The Privacy Law Sourcebook, which has been called the "Physician's Desk Reference" of the privacy world, is the leading resource for students, attorneys, researchers, and journalists interested in pursuing privacy law in the United States and around the world. It includes the full texts of major privacy laws and directives such as the Fair Credit Reporting Act, the Privacy Act, and the OECD Privacy Guidelines, as well as an up-to-date section on recent developments. New materials include the APEC Privacy Framework, the Video Voyeurism Prevention Act, and the CAN-SPAM Act. ================================ "Filters and Freedom 2.0: Free Speech Perspectives on Internet Content Controls" (EPIC 2001). Price: $20. http://www.epic.org/bookstore/filters2.0 A collection of essays, studies, and critiques of Internet content filtering. These papers are instrumental in explaining why filtering threatens free expression. ================================ EPIC publications and other books on privacy, open government, free expression, crypto and governance can be ordered at: EPIC Bookstore http://www.epic.org/bookstore ================================ EPIC also publishes EPIC FOIA Notes, which provides brief summaries of interesting documents obtained from government agencies under the Freedom of Information Act. Subscribe to EPIC FOIA Notes at: https:/mailman.epic.org/mailman/listinfo/foia_notes ======================================================================= [8] Upcoming Conferences and Events ======================================================================= Limiting Knowledge in a Democracy, The New School, New York City, February 24-26, 2010. For more information: http://www.socres.org/limitingknowledge Fourth Law and Information Society Symposium: Hate Versus Democracy on the Internet, Fordham University, New York City, February 26, 2010. For more information: http://www.epic.org/redirect/021210infolawsymp.html RSA 2010, San Francisco, March 1-5, 2010. For more information: http://www.rsaconference.com/2010/usa/ Association for Practical and Professional Ethics, Cincinnati, March 5, 2010. For more information: http://www.indiana.edu/~appe/annualmeeting.html Privacy 2010, Stanford, March 23 - 25, 2010. For more information: http://codex.stanford.edu/privacy2010 Computers, Freedom, and Privacy, San Jose, June 15-18, 2010. For more information: http://cfp.acm.org/wordpress/?p=6 32nd International Conference of Data Protection and Privacy Commissioners, Jerusalem, October 2010. For more information: http://www.justice.gov.il/MOJEng/RashutTech/News/conference2010.htm ======================================================================= Join EPIC on Facebook ======================================================================= Join the Electronic Privacy Information Center on Facebook http//facebook.com/epicprivacy http://epic.org/facebook Start a discussion on privacy. Let us know your thoughts. Stay up to date with EPIC's events. Support EPIC. ======================================================================= Privacy Policy ======================================================================= The EPIC Alert mailing list is used only to mail the EPIC Alert and to send notices about EPIC activities. We do not sell, rent or share our mailing list. We also intend to challenge any subpoena or other legal process seeking access to our mailing list. We do not enhance (link to other databases) our mailing list or require your actual name. In the event you wish to subscribe or unsubscribe your e-mail address from this list, please follow the above instructions under "subscription information." ======================================================================= About EPIC ======================================================================= The Electronic Privacy Information Center is a public interest research center in Washington, DC. It was established in 1994 to focus public attention on emerging privacy issues such as the Clipper Chip, the Digital Telephony proposal, national ID cards, medical record privacy, and the collection and sale of personal information. EPIC publishes the EPIC Alert, pursues Freedom of Information Act litigation, and conducts policy research. For more information, see http://www.epic.org or write EPIC, 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009. +1 202 483 1140 (tel), +1 202 483 1248 (fax). ======================================================================= Donate to EPIC ======================================================================= If you'd like to support the work of the Electronic Privacy Information Center, contributions are welcome and fully tax-deductible. Checks should be made out to "EPIC" and sent to 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009. Or you can contribute online at: http://www.epic.org/donate Your contributions will help support Freedom of Information Act and First Amendment litigation, strong and effective advocacy for the right of privacy and efforts to oppose government regulation of encryption and expanding wiretapping powers. Thank you for your support. ======================================================================= Subscription Information ======================================================================= Subscribe/unsubscribe via web interface: http://mailman.epic.org/mailman/listinfo/epic_news Back issues are available at: http://www.epic.org/alert The EPIC Alert displays best in a fixed-width font, such as Courier. ------------------------- END EPIC Alert 17.04------------------------ .
Share this page:
Subscribe to the EPIC Alert
The EPIC Alert is a biweekly newsletter highlighting emerging privacy issues.