EPIC Alert 17.09
======================================================================= E P I C A l e r t ======================================================================= Volume 17.09 May 10, 2010 ----------------------------------------------------------------------- Published by the Electronic Privacy Information Center (EPIC) Washington, D.C. http://www.epic.org/alert/epic_alert_1709.html "Defend Privacy. Support EPIC." http://epic.org/donate EPIC Awards Dinner with Reece Hirsch and Kashmir Hill honoring Pamela Jones Harbour and the Rose Foundation June 2, 2010 Washington, DC http://www.epic.org/june2/ ======================================================================= Table of Contents ======================================================================= [1] EPIC Urges Congress to Protect Children's Privacy Online [2] Supreme Court Hears Arguments on Petitioner Privacy [3] Privacy Groups Warn FTC of Facebook's Unfair and Deceptive Acts [4] In Amicus Brief, EPIC Urges Federal Court to Stop Wiretap Abuse [5] Government Wiretaps Up 26% in 2009 [6] News in Brief [7] EPIC Bookstore: "The Insider" [8] Upcoming Conferences and Events TAKE ACTION: Stop Airport Strip Searches! - JOIN Facebook Group "Stop Airport Strip Searches" and INVITE Friends - DISPLAY the IMAGE http://thepublicvoice.org/nakedmachine.jpg - SUPPORT EPIC http://www.epic.org/donate/ ======================================================================= [1] EPIC Urges Congress to Protect Children's Privacy Online ======================================================================= EPIC President Marc Rotenberg testified before the Senate Commerce Committee last week urging Congress to extend the Children's Online Privacy Protection Act (COPPA) to teenagers and social network services. He said that, "COPPA did not anticipate the immersive online experience that a social network service would provide or the extensive data collection of both the trivial and the intimate information that children would share with friends." Emphasizing the emergence of social network services since the adoption of COPPA, Mr. Rotenberg pointed out "the increasingly opaque way that companies transfer user information to third parties," as a concern for children's privacy. Mr. Rotenberg also highlighted the Federal Trade Commission's failure to enforce children's privacy rights despite clear-cut violations of the federal law. For example, EPIC filed a complaint with the FTC against Echometrix, a company selling "parental control" software that secretly monitored children's online activity for marketing purposes. The FTC ignored EPIC's complaint, but the Department of Defense shut down sales of the product. At the hearing, EPIC recommended updates that would expand COPPA protections to teens and clarify the law's application to mobile and social network services. EPIC has done extensive work in children's online privacy. Mr. Rotenberg testified before the House Judiciary Committee in support of the bill that eventually became COPPA. EPIC worked with the Center for Media Education, which had published a groundbreaking study in 1996 on children's privacy, to develop COPPA and help ensure enactment. EPIC has also filed complaints with the FTC detailing unfair and deceptive trade practices that put children's privacy at risk. Rotenberg Testimony Before the Senate Commerce Committee http://epic.org/privacy/kids/EPIC_COPPA_Testimony_042910.pdf EPIC: Press Release http://epic.org/press/EPIC_COPPA_04_29_10_Release.pdf EPIC: Children's Online Privacy Protection Act (COPPA) http://epic.org/privacy/kids/default.html EPIC: Echometrix http://epic.org/privacy/echometrix/default.html ======================================================================= [2] Supreme Court Hears Arguments on Petitioner Privacy ======================================================================= The U.S. Supreme Court held oral arguments in the case of Doe v. Reed on April 28. The Court will determine whether the state of Washington may force disclosure of the names of citizens who have signed petitions for ballot initiatives. The case is on appeal from the Ninth Circuit, where the court ruled in favor of the employee. EPIC filed a "friend of the court" brief in the United States Supreme Court, urging the Justices to protect the privacy of those who sign petitions. Twenty-five technology experts and legal scholars joined EPIC in filing the brief to bring attention to a number of issues. EPIC's brief first argues that revealing the names would subject signatories to the risk of retribution, citing numerous instances throughout history, both in the United States and abroad, of harassment and retribution against those who sign petitions. These examples include government retribution against petition signatories in such places as China and Venezuela, as well as retribution against those who signed so-called "Communist-inspired" civil rights petitions in the United States in the 1950s. The brief also argues that signing petitions constitutes anonymous speech. It demonstrates the various ways in which anonymity is retained through legal means even if it can not be perfectly preserved through technical means. It also highlights the ways that Washington state law indicates intent to preserve this anonymity. Finally, EPIC's brief argues that signing petitions is similar to casting a vote and should be protected accordingly. The brief argues "that in some areas, a fundamental right to privacy is a necessary safeguard against the consequences of the disclosure of personal information. In few areas can this be more compelling than the expression of support for causes that may be controversial, unpopular, or simply abhorrent." Several other briefs were filed by interested parties. In the oral argument, the justices focused on the question of whether signing a petition was more like a vote or more like a legislative act, and compared the issue to that of disclosing campaign contributions. The Court is likely to rule on the case before the end of the term in June. EPIC Amicus Brief http://epic.org/privacy/reed/EPIC_amicus_Reed.pdf EPIC Doe v. Reed http://epic.org/privacy/reed/ Supreme Court Docket for Doe v. Reed http://www.supremecourtus.gov/docket/09-559.htm ======================================================================= [3] Privacy Groups Warn FTC of Facebook's Unfair and Deceptive Acts ======================================================================= EPIC, along with a host of privacy and consumer protection organizations, filed a complaint with the Federal Trade Commission against Facebook this week. The complaint is concerned with Facebook's most recent privacy changes, which "disclose personal information to the public that was previously restricted," and "disclose personal information to third parties that was previously not available." The complaint states that these privacy changes, including Facebook's social plugins and "Instant Personalization" feature, "violate user expectations, diminish user privacy, and contradict Facebook's own representations." The complaint also cites widespread opposition from Facebook users, Senators, bloggers, and news organizations. EPIC also wrote a letter to the Senate and House Committees with jurisdiction over the FTC, bringing attention to the complaint and the FTC's failure to enforce clear-cut consumer protection violations. "The complaint speaks for itself," EPIC said in its letter to the senators, "Facebook continues to manipulate the privacy settings of users and its own privacy policy so that it can take personal information provided by users for a limited purpose and make it widely available for commercial purposes. Senators Charles Schumer, Michael Bennet, Mark Begich, and Al Franken, have also opposed the recent privacy changes made by Facebook. The senators sent a letter to Facebook CEO Mark Zuckerberg to express concern about "recent changes to the Facebook privacy policy and the use of personal data by third-party websites." Senator Schumer has also asked the FTC to establish guidelines for social networking sites. He states, "Previously, users had the ability to determine what information they chose to share and what information they wanted to keep private." EPIC and nine other privacy and consumer organizations filed a previous complaint with the FTC in December 2009, urging the FTC to open an investigation regarding changes to Facebook's privacy settings. In January 2010, EPIC and several other groups filed a supplement to the original complaint, providing additional evidence of Facebook's unfair and deceptive trade practices relating to Facebook CEO's public statements, the most recent version of the Facebook for iPhone application, Facebook Connect, and "web-suicide" applications. The FTC sent a letter regarding the 2009 complaint wherein the Bureau of Consumer Protection Director stated that the complaint "raises issues of particular interest" for the FTC. However, to date, the FTC has announced no action in any of the pending complaints concerning Facebook. Facebook Complaint (May 2010) http://epic.org/privacy/facebook/EPIC_FTC_FB_Complaint.pdf Letter to Senate and House Committees http://epic.org/privacy/facebook/EPIC_FB_FTC_Complaint_Letter.pdf Senators' Letter to Mark Zuckerberg http://www.epic.org/redirect/051010senatorsletter.html Senator Schumer's Request to FTC http://schumer.senate.gov/record.cfm?id=324175& EPIC: Facebook Supplement Complaint (Jan. 2010) http://epic.org/privacy/inrefacebook/EPIC-FacebookComplaint.pdf EPIC: Facebook Complaint (Dec. 2009) http://epic.org/privacy/inrefacebook/EPIC-FacebookComplaint.pdf EPIC: In re Facebook http://epic.org/privacy/inrefacebook/ ======================================================================= [4] In Amicus Brief, EPIC Urges Federal Court to Stop Wiretap Abuse ======================================================================= EPIC filed a "friend of the court" brief, urging a federal appeals court to protect the privacy of innocent individuals who were inadvertently recorded on federal wiretaps. In SEC v. Rajaratnam, a trial court judge ordered disclosure of all wiretaps conducted in a criminal investigation, even though a court has yet to rule on the recordings' legality or relevance. Ordinarily, wiretap recordings introduced in a criminal must go through a number of processes. These processes include minimization, in which the calls are restricted such that only those containing incriminating statements remain; and suppression hearings, in which the defendant may argue that the wiretaps were illegally obtained and must be excluded. Additionally, wiretap evidence, like all evidence, must be excluded if it bears no relevance to the case. In this case, even though none of those processes have been followed in the criminal case, a trial judge ordered the defendants to turn over more than 18,000 wiretaps of their personal and business conversations to the SEC in a related civil suit. EPIC's brief, filed with the federal appeals court that agreed to hear the matter, noted that "hundreds of thousands of individuals are recorded on wiretaps every year," and "80% of those personal communications are wholly unrelated to criminal activity." EPIC urged the court to take note of the dramatic privacy harms that would take place if this practice became widespread. Permitting this would allow civil litigants to compromise the otherwise very strict restrictions on the release of law enforcement wiretap recordings. EPIC Brief in SEC v. Rajaratnam http://epic.org/amicus/EPIC_brief_Rajaratnam.pdf EPIC Wiretapping http://epic.org/privacy/wiretap/ Securities and Exchange Commission http://www.sec.gov/ ======================================================================= [5] Government Wiretaps Up 26% in 2009 ======================================================================= The 2009 Wiretap Report has been released by the Administrative Office of the United States Courts, and it reveals a significant increase in federal and state court-authorized wiretaps in the last year. According to the report, federal and state courts issued 2,376 orders for the interception of wire, oral or electronic communications in 2009, up from 1,891 in 2008, an increase of more than 25%. With the exception of 2008, the total number of authorized wiretaps has grown in each of the past seven calendar years, and the number of orders authorized each year has followed a general rising trend since 1982. For the fourth year in a row, the report indicates that no applications for electronic intercept orders under Title III of the Omnibus Crime Control and Safe Streets Act of 1968 were denied by any court. In fact, over the last two decades, only 5 such applications have been denied, while more than 28,000 have been approved. The overwhelming majority of the wiretaps were authorized for narcotics investigations, and more than 95% of them were for mobile devices. The statistics do not include interceptions regulated by the Foreign Intelligence Surveillance Act or interceptions approved by the President outside the exclusive authority of the federal wiretap law and the FISA. Notably, despite widely available public encryption tools, the report states that encryption was encountered in only a single state wiretap, and that the encryption " did not prevent officials from obtaining the plain text of the communications." 2009 Wiretap Report http://www.uscourts.gov/wiretap09/contents.html EPIC: Wiretapping http://www.epic.org/privacy/wiretap EPIC: Title III Order Statistics http://epic.org/privacy/wiretap/stats/wiretap_stats.html EPIC: Title III Order Charts http://epic.org/privacy/wiretap/stats/wiretapping_graphs.html ======================================================================= [6] News In Brief ======================================================================= White House Issues Rules for Security Reporting A new White House memo sets out the Federal Information Security Management Act of 2002 standards for federal agencies. All agencies must comply with the Act's standards and report security practices for information under agency control. The standard also extends obligations to agency contractors. By November 15, 2010, all agencies must be capable of monitoring all information traffic on their networks; and make reports to CyberScope, a platform launched last year to provide a single government-wide security management tool for reports. The Memorandum included requirements to respond to breaches of personal information. Agency Inspectors General will provide oversight of agency compliance with this Act. White House Memo http://epic.org/privacy/cybersecurity/WH_memo_4-21.pdf CyberScope Launch http://www.govinfosecurity.com/articles.php?art_id=1894 EPIC Cybersecurity http://epic.org/privacy/cybersecurity/ Advertising Privacy Bill Released Representatives Rick Boucher (D, Va) and Cliff Stearns (R, Fl), the Chairman and Ranking Member respectively of the House Subcommittee on Communications, Technology, and the Internet, have released a draft bill on internet consumer privacy. The bill seeks to provide "meaningful privacy protections for Internet users" by mandating disclosure of privacy practices, regulating the collection and use of information, and requiring affirmative, opt-in consent for sharing of information with unaffiliated third parties. The bill grants authority to the Federal Trade Commission and state consumer protection agencies to implement and enforce its requirements. Rep. Boucher Press Release http://boucher.house.gov/index.php?option=com_content&id=1957 Draft Privacy Bill http://boucher.house.gov/images/stories/Privacy_Draft_5-10.pdf Executive Summary http://www.epic.org/redirect/051010execsummary.html Congress Passes Bill Banning Caller ID Spoofing On April 15, the House of Representatives passed the Truth in Caller ID Act of 2010, which bans the transmission of misleading or inaccurate caller ID information, "with the intent to defraud, cause harm, or wrongfully obtain anything of value." This change will affect "any real time voice communications service, regardless of the technology or network utilized." EPIC recommended this intent requirement in testimony before the House in 2006 and 2007, and before the Senate in 2007 so that privacy techniques would be protected. This bill has passed the Senate and will likely be enacted into law. Truth in Caller ID Act of 2010 http://www.epic.org/redirect/051010acttext.html EPIC 2007 Senate Testimony http://epic.org/privacy/iei/s704test.pdf EPIC 2007 House Testimony http://epic.org/privacy/iei/hr251test.pdf EPIC 2006 House Testimony http://epic.org/privacy/iei/hr5126test.pdf EPIC: Caller ID http://epic.org/privacy/caller_id/ American Library Association Launches Choose Privacy Week The American Library Association's Office of Intellectual Freedom has announced its first ever Choose Privacy Week, taking place May 2 - 8, which invites library users into the conversation about privacy rights in a digital age. The campaign gives libraries resources to educate and engage users, and gives citizens the resources to think critically and make informed choices about their privacy. In 2006, the American Library Association Council decided to commence a national conversation about privacy as an American value, and in 2008, the Open Society Institute provided a 3-year, $350,000 seed grant for this initiative. Association's initiative is in line with EPIC's work in raising awareness of online privacy protection. Choose Privacy Week Information and Resources http://www.privacyrevolution.org/ EPIC: Social Networking Privacy http://epic.org/privacy/socialnet/ EPIC: Children's Online Privacy http://epic.org/privacy/kids/default.html ======================================================================= [7] EPIC Bookstore: "The Insider" ======================================================================= "The Insider" by Reece Hirsch Reece Hirsh's first book is an ambitious legal thriller that mixes the Sopranos with John Grisham-style law firm intrigue. Hirsh even manages several well-placed Godfather references and more than one shout-out to EPIC. "The Insider" follows a very interesting and eventful week in the life of one San Francisco firm lawyer. Will Connelly is a typical law firm associate, gunning for partner and working on a large deal involving the acquisition of an encryption software company. But after one of his colleagues dies under very suspicious circumstances, Will is plunged into the middle of a Russian mafia money-making scheme with far reaching implications that include a dangerous terrorist plot against San Francisco's public transit system. Hirsh deftly develops an action packed storyline in which Will must evade the Federal Government and the mafia (with a little help from former EPIC employee, Claire Rowland). Along the way, Will discovers a secret government program to install a backdoor decryption device in the devices of unsuspecting Americans. Will and Claire race against time to evade the mafia goons tracking them, to clear their names, and to thwart the plans of a terrorist cell. This is a fast-paced thriller, with gripping action sequences, interesting characters, and a fascinating and original government conspiracy backdrop. Fans can meet Hirsch at EPIC's June 2, 2010 Awards Dinner. For more information: http://www.epic.org/june2/ --Ginger McCall ================================ EPIC Publications: "Litigation Under the Federal Open Government Laws 2008," edited by Harry A. Hammitt, Marc Rotenberg, John A. Verdi, and Mark S. Zaid (EPIC 2008). Price: $60. http://epic.org/bookstore/foia2008/ Litigation Under the Federal Open Government Laws is the most comprehensive, authoritative discussion of the federal open access laws. This updated version includes new material regarding the substantial FOIA amendments enacted on December 31, 2007. Many of the recent amendments are effective as of December 31, 2008. The standard reference work includes in-depth analysis of litigation under Freedom of Information Act, Privacy Act, Federal Advisory Committee Act, Government in the Sunshine Act. The fully updated 2008 volume is the 24th edition of the manual that lawyers, journalists and researchers have relied on for more than 25 years. ================================ "Information Privacy Law: Cases and Materials, Second Edition" Daniel J. Solove, Marc Rotenberg, and Paul Schwartz. (Aspen 2005). Price: $98. http://www.epic.org/redirect/aspen_ipl_casebook.html This clear, comprehensive introduction to the field of information privacy law allows instructors to enliven their teaching of fundamental concepts by addressing both enduring and emerging controversies. The Second Edition addresses numerous rapidly developing areas of privacy law, including: identity theft, government data mining and electronic surveillance law, the Foreign Intelligence Surveillance Act, intelligence sharing, RFID tags, GPS, spyware, web bugs, and more. Information Privacy Law, Second Edition, builds a cohesive foundation for an exciting course in this rapidly evolving area of law. ================================ "Privacy & Human Rights 2006: An International Survey of Privacy Laws and Developments" (EPIC 2007). Price: $75. http://www.epic.org/phr06/ This annual report by EPIC and Privacy International provides an overview of key privacy topics and reviews the state of privacy in over 75 countries around the world. The report outlines legal protections, new challenges, and important issues and events relating to privacy. Privacy & Human Rights 2006 is the most comprehensive report on privacy and data protection ever published. ================================ "The Public Voice WSIS Sourcebook: Perspectives on the World Summit on the Information Society" (EPIC 2004). Price: $40. http://www.epic.org/bookstore/pvsourcebook This resource promotes a dialogue on the issues, the outcomes, and the process of the World Summit on the Information Society (WSIS). This reference guide provides the official UN documents, regional and issue-oriented perspectives, and recommendations and proposals for future action, as well as a useful list of resources and contacts for individuals and organizations that wish to become more involved in the WSIS process. ================================ "The Privacy Law Sourcebook 2004: United States Law, International Law, and Recent Developments," Marc Rotenberg, editor (EPIC 2005). Price: $40. http://www.epic.org/bookstore/pls2004/ The Privacy Law Sourcebook, which has been called the "Physician's Desk Reference" of the privacy world, is the leading resource for students, attorneys, researchers, and journalists interested in pursuing privacy law in the United States and around the world. It includes the full texts of major privacy laws and directives such as the Fair Credit Reporting Act, the Privacy Act, and the OECD Privacy Guidelines, as well as an up-to-date section on recent developments. New materials include the APEC Privacy Framework, the Video Voyeurism Prevention Act, and the CAN-SPAM Act. ================================ "Filters and Freedom 2.0: Free Speech Perspectives on Internet Content Controls" (EPIC 2001). Price: $20. http://www.epic.org/bookstore/filters2.0 A collection of essays, studies, and critiques of Internet content filtering. These papers are instrumental in explaining why filtering threatens free expression. ================================ EPIC publications and other books on privacy, open government, free expression, crypto and governance can be ordered at: EPIC Bookstore http://www.epic.org/bookstore ================================ EPIC also publishes EPIC FOIA Notes, which provides brief summaries of interesting documents obtained from government agencies under the Freedom of Information Act. Subscribe to EPIC FOIA Notes at: https:/mailman.epic.org/mailman/listinfo/foia_notes ======================================================================= [8] Upcoming Conferences and Events ======================================================================= "Developing a Trusted Cyber-Infrastructure" Toronto, ON, May 12, 2010 For more information: http://www.ipsi.utoronto.ca/ EPIC Awards Dinner June 2, 2010 Washington, DC For more information: http://www.epic.org/june2/ "Computers, Freedom, and Privacy" San Jose, June 15-18, 2010. For more information: http://cfp.acm.org/wordpress/?p=6 "32nd Int'l Conference of Data Protection and Privacy Commissioners" Jerusalem, October 2010. For more information: http://www.justice.gov.il/MOJEng/RashutTech/News/conference2010.htm ======================================================================= Join EPIC on Facebook ======================================================================= Join the Electronic Privacy Information Center on Facebook http//facebook.com/epicprivacy http://epic.org/facebook Start a discussion on privacy. Let us know your thoughts. Stay up to date with EPIC's events. Support EPIC. ======================================================================= Privacy Policy ======================================================================= The EPIC Alert mailing list is used only to mail the EPIC Alert and to send notices about EPIC activities. We do not sell, rent or share our mailing list. We also intend to challenge any subpoena or other legal process seeking access to our mailing list. We do not enhance (link to other databases) our mailing list or require your actual name. In the event you wish to subscribe or unsubscribe your e-mail address from this list, please follow the above instructions under "subscription information." ======================================================================= About EPIC ======================================================================= The Electronic Privacy Information Center is a public interest research center in Washington, DC. It was established in 1994 to focus public attention on emerging privacy issues such as the Clipper Chip, the Digital Telephony proposal, national ID cards, medical record privacy, and the collection and sale of personal information. EPIC publishes the EPIC Alert, pursues Freedom of Information Act litigation, and conducts policy research. For more information, see http://www.epic.org or write EPIC, 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009. +1 202 483 1140 (tel), +1 202 483 1248 (fax). ======================================================================= Donate to EPIC ======================================================================= If you'd like to support the work of the Electronic Privacy Information Center, contributions are welcome and fully tax-deductible. Checks should be made out to "EPIC" and sent to 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009. Or you can contribute online at: http://www.epic.org/donate Your contributions will help support Freedom of Information Act and First Amendment litigation, strong and effective advocacy for the right of privacy and efforts to oppose government regulation of encryption and expanding wiretapping powers. Thank you for your support. ======================================================================= Subscription Information ======================================================================= Subscribe/unsubscribe via web interface: http://mailman.epic.org/mailman/listinfo/epic_news Back issues are available at: http://www.epic.org/alert The EPIC Alert displays best in a fixed-width font, such as Courier. ------------------------- END EPIC Alert 17.01 ------------------------ .
Share this page:
Subscribe to the EPIC Alert
The EPIC Alert is a biweekly newsletter highlighting emerging privacy issues.