EPIC logo




======================================================================
                          E P I C  A l e r t
======================================================================
Volume 12.01                                         January 13, 2005
----------------------------------------------------------------------

                           Published by the
             Electronic Privacy Information Center (EPIC)
                           Washington, D.C.

            http://www.epic.org/alert/EPIC_Alert_12.01.html

======================================================================
Table of Contents
======================================================================

[1] EPIC Testifies on RFID Uses for Health Care; Proposes Framework
[2] Landmark Privacy Bill Takes Effect in California
[3] Coalition Opposes Loophole to Do-Not-Call Registry
[4] EPIC Obtains FBI Reports to Congress on Carnivore
[5] Police Ask for DNA From Cape Cod Town's Male Residents
[6] News in Brief
[7] EPIC Bookstore: No Place to Hide
[8] Upcoming Conferences and Events

======================================================================
[1] EPIC Testifies on RFID Uses for Health Care; Proposes Framework
======================================================================

In testimony on January 11 before the Department of Health and Human
Services National Committee on Vital and Health Statistics
Subcommittee on Privacy and Confidentiality, EPIC President and
Executive Director Marc Rotenberg proposed a new four-tier framework
to regulate radio frequency identification (RFID) in the health care
setting.  Rotenberg testified that the existing legislative structure
is inadequate to regulate RFID use and should be strengthened with
guidelines.  He argued that privacy is best protected when an activity
is regulated from the beginning, and least protected when left to
industry self-regulation.

Rotenberg identified four types of RFID use in health care and
proposed a separate tier of regulation for each.  The first tier
concerns the bulk distribution of products tagged with RFIDs that are
neither linked to specific individuals nor collect personally
identifiable information.  In these circumstances, there are no
privacy risks and therefore no obligation to protect privacy.  Tier 2
concerns products tagged with RFIDs that are distributed and linked to
identified patients.  In these cases, the privacy risks are
proportional to the collection of personally identifiable information
and should be regulated according to existing privacy rules, as well
as supplemented with additional rules such as those urged by EPIC's
RFID Guidelines.  The third tier concerns patients who are temporarily
tagged with RFIDs.  In these cases, privacy and security risks become
greater, and in addition to measures proposed under tier 2, identity
theft and general security must also be addressed.  The final tier
concerns patients permanently labeled with RFIDs imbedded in soft
tissue.  Rotenberg testified that this practice is coercive, profound,
and has far-reaching ethical implications.  The privacy risks here are
the greatest since the person loses control over the disclosure of his
or her actual identity.  In light of the extreme privacy risks,
Rotenberg recommended that this practice, which is currently used by
the Verichip Corporation, be banned.

Rotenberg testified on one of two RFID panels appearing before the
Subcommittee.  Daniel Solove, Associate Professor of Law at George
Washington Law School and an EPIC Advisory Board member, also
testified on the substantial privacy risks posed by RFIDs, the lack of
an adequate regulatory structure and the contribution of RFIDs to the
overarching context of data-collection and the compilation of digital
dossiers.  The other panel comprised industry representatives from
Surgichip and Verichip and a representative from the Food and Drug
Administration.  The FDA testified that it only has regulatory
jurisdiction over the medical use of RFIDs; consequently, other uses,
such as for e-commerce, are not regulated under FDA requirements or
privacy provisions of the Health Insurance Protability and
Accountability Act (HIPPA).

An archived broadcast of the hearing is availble at:

     http://www.va.gov/virtconf.htm

For more information about radio frequency identification, see EPIC's
RFID Page:

     http://www.epic.org/privacy/rfid

For more information about the Verichip, see EPIC's Verichip Page:

     http://www.epic.org/privacy/rfid/verichip.html

======================================================================
[2] Landmark Privacy Bill Takes Effect in California
======================================================================

On January 1, Senate Bill 27, the "Shine the Light" law, took effect
in California.  The landmark bill, now codified as California Civil
Code § 1798.83, provides California residents with the opportunity to
contact most businesses to request a disclosure of which third parties
the business has shared their information with during the past year.
Small businesses and federal banks are exempt from the requirement.

S.B. 27 is important because it is one of the first legislative
attempts to address "list brokerage," the compilation and sale of
individuals' personal information.  List brokerage is used to fuel
privacy invasive marketing campaigns, including spamming,
telemarketing, and junk mail.  List brokers collect personal
information from many sources, including business transactions,
warranty cards, and sweepstakes entries.  In many cases, businesses do
not inform individuals of their information sales activities, and
major companies, both online and off, sell their customer lists to
list brokers.  S.B. 27 will help individuals learn more about how
their information is sold to others and give then an opportunity to
limit the sale.

The new law requires businesses to notify customers of their rights
under the statute by using a designated contact point (mailing
address, e-mail address, toll-free number or toll-free fax number) to
request a business's disclosure regarding how it shares personal
information with other businesses for direct marketing purposes.  Upon
receiving such a request, companies must reveal to an individual which
third parties they have shared personal information for marketing
purposes within the last twelve months.  Importantly, the law only
allows consumers to make such requests when companies have not
provided them with notice of privacy policies containing opt-out
options.  This means that companies that have created a privacy policy
and opt-out right compliant with S.B. 27 are not required to give a
detailed accounting of information sharing.

If a business fails to respond to a disclosure request, the customer
may be entitled, in addition to the legal remedies provided under
current law, to recover a civil penalty of up to $500 per violation,
and up to $3,000 per willful, intentional or reckless violation), as
well as attorneys' fees and costs.

S.B. 27:

     http://www.epic.org/redirect/SB27.html

For more information about the law, see EPIC's S.B. 27 Page:

     http://www.epic.org/privacy/profiling/sb27.html

======================================================================
[3] Coalition Opposes Loophole to Do-Not-Call Registry
======================================================================

In comments to the Federal Trade Commission, a coalition of privacy
and consumer groups sharply criticized a proposed loophole to the
federal Do-Not-Call Registry.  The proposed loophole would allow
telemarketers to deliver prerecorded voice messages to their existing
customers, even if the customers' numbers are enrolled in the
Do-Not-Call Registry.  This usually takes the form of artificial or
prerecorded messages being played when an individual answers the
phone.  It would also allow companies to leave such messages on
answering machines.  The message would have to give the consumer an
opportunity to opt out of the calls, either by pressing a button or by
calling a toll-free number.

The coalition argued that the loophole's interaction with the
definition of businesses' "current customers" is problematic.  Under
current Do-Not-Call regulations, a business relationship exists
whenever an individual makes an inquiry about or buys any product or
service.  Inquiries create a relationship for three months; purchases
for eighteen.  During that period, the company can make telemarketing
calls even if the individual is enrolled in the Do-Not-Call Registry,
and the individual must opt out of each business relationship
individually.

The coalition comments noted that the loophole could open the door to
volumes of prerecorded spam because businesses are now more aggressive
in obtaining identification information from consumers, and because
telemarketing will become cheaper with the adoption of Internet
telephony.  Furthermore, even where an individual creates a business
relationship with a company, it is often not within the individuals'
expectation to receive telemarketing.

Finally, the coalition argued that the opt-out methods of providing a
toll-free number were insufficient; that individuals should be able to
stop further calls by simply pressing a button on their telephone
keypad.  The groups expressed concern that the Commission proposed to
weaken the Do-Not-Call Registry.  Enrollment in the Registry now
exceeds 80 million numbers, representing a resounding rejection of
telemarketing.  The coalition argued that in light of this level of
enrollment, the priorities of the Commission should be focused on
heightening protections against invasions of privacy.  For instance,
the success of the Do-Not-Call Registry could be expanded into a tool
to that would allow individuals to opt out of prescreened offers of
credit and non-affiliate financial information sharing, or to shield
against junk mail.  The Registry could become a platform that would
allow people to opt out under many different privacy laws at the same
time.

Coalition comments to the Federal Trade Commission on the proposed
loophole:

     http://www.epic.org/privacy/telemarketing/ebrcomments.html

For more information about telemarketing and the Do-Not-Call Registry,
see EPIC's Telemarketing Page:

     http://www.epic.org/privacy/telemarketing

======================================================================
[4] EPIC Obtains FBI Reports to Congress on Carnivore
======================================================================

Through the Freedom of Information Act, EPIC has obtained FBI reports
to Congress stating that the law enforcement agency did not use its
DCS 1000 Internet monitoring system -- formerly known as Carnivore --
during fiscal years 2002 and 2003.  The reports were prepared in
accordance with the 21st Century Department of Justice Appropriations
Act, which requires the FBI to report annually to Congress on its use
of DCS 1000 or later versions of the program.

The existence of Carnivore first came to light in 2000.  Reports
indicated that the system could be installed at the facilities of an
internet service provider and monitor all traffic moving through the
ISP.  The FBI argued that Carnivore merely "filtered" data traffic and
ensured that investigators collected only those "packets" they were
lawfully authorized to obtain.  However, because the details of the
system remain unknown, the public has long been left to trust the
FBI's characterization of the system and -- more significantly -- the
FBI's compliance with legal requirements.

The first report obtained by EPIC states that the FBI used
commercially available software -- rather than its own DCS 1000 system
-- to conduct court-ordered electronic surveillance five times in
fiscal year 2002.  According to the FY2003 report, the FBI used
commercially available software to conduct court-ordered surveillance
eight times.  The FBI reported that it did not use DCS 1000 to conduct
surveillance during either fiscal year.

The reports suggest that the FBI's need for Carnivore-like Internet
surveillance tools is decreasing, likely because ISPs are providing
Internet traffic information directly to the government.

FBI reports to Congress on use of DCS 1000:

     http://www.epic.org/privacy/carnivore/2002_report.pdf

     http://www.epic.org/privacy/carnivore/2003_report.pdf

For more information about Carnivore, see EPIC's Carnivore FOIA
Litigation Page:

     http://www.epic.org/privacy/carnivore

To see more documents about Carnivore, see EPIC's Carnivore FOIA
Documents Page:

     http://www.epic.org/privacy/carnivore/foia_documents.html

======================================================================
[5] Police Ask for DNA From Cape Cod Town's Male Residents
======================================================================

Police are randomly approaching men in Truro, Massacusetts to ask for
DNA samples in an effort to solve a three-year-old murder. Truro's 800
male residents are being asked for saliva swabs at such community
meeting places as groceries and the local post office.

Law enforcement believe the samples may help their investigation
because evidence found at the scene of the crime indicates an
unidentified man had sex with the muder victim shortly before she was
killed.  Though unsure the man had anything to do with the crime,
police hope he might yield clues to the killer's identity.

Police maintain that Truro's male residents are under no legal
obligation to provide the police with a sample of their DNA.  However,
Cape and Islands District Attorney Michael O'Keefe says that law
enforcement will be forced to look at those who refuse to submit to a
saliva swab.

Law enforcement officials have said they plan to destroy the genetic
profiles of the men whose DNA does not match the evidence taken from
the crime scene.  It is unclear, however, whether the samples the
profiles are derived from will be destroyed when individuals are
eliminated as suspects.

Last year, EPIC filed two amicus briefs in cases examining whether
compelled production of DNA violates the Fourth Amendment.  EPIC's
briefs poined out that DNA can reveal a vast amount of information
about a person, including health, gender, and familial details.
Furthermore, because members of the same family have similar DNA
patterns, an individual's DNA profile may indirectly implicate a
relative.  Moreover, EPIC pointed out, there is no uniform storage
policy for DNA samples collected for law enforcement purposes; rather,
each state has a different policy.  Not only could samples end up in
the hands of researchers, but international cooperation among law
enforcement agencies has opened up the national law enforcement DNA
database to other governments.

EPIC's amicus brief in United States v. Kincade:

     http://www.epic.org/privacy/genetic/kincade_amicus.pdf

EPIC's amicus brief in Maryland v. Raines:

     http://www.epic.org/privacy/genetic/raines_amicus.pdf

For more information about privacy of DNA, see EPIC's Genetic Privacy
Page:

     http://www.epic.org/privacy/genetic

======================================================================
[6] News in Brief
======================================================================

EPIC CHALLENGES CHOICEPOINT TO PUBLIC HEARINGS ON CONSUMER PRIVACY

In December, EPIC wrote a complaint to the Federal Trade Commission
requesting an investigation into the field of commercial data brokers,
companies such as Choicepoint that sell personal information to law
enforcement and other entities (see EPIC Alert 11.24).  Later in
December, Choicepoint responded, criticizing EPIC for not having
meetings with the company and calling for a dialogue.  EPIC accepted
that invitation, and has challenged Choicepoint to a public discussion
of the scope of commercial data brokers' activities on the record at
the Federal Trade Commission and Congress.  EPIC Executive Director
Marc Rotenberg wrote to Choicepoint Chief Operating Officer Douglas
Curling: "You and your chairman have proposed a national debate on the
responsible use of personal information.  We support this.  But it is
not a debate that should take place at industry trade shows or closed
door meetings with PR specialists and Washington lobbyists.  We would
welcome a public hearing in Congress with balanced representation
between those in the information broker industry and those in the
consumer protection field, including state attorneys general, to
discuss the scope and application of the Fair Credit Reporting Act to
the dossiers on American consumers now being sold by companies such as
yours."

EPIC complaint to the Federal Trade Commission:

     http://www.epic.org/privacy/choicepoint/fcraltr12.16.04.html

Choicepoint's response:

     http://www.choicepoint.com/news/2000election.html

EPIC's reply and challenge to Choicepoint:

     http://www.epic.org/privacy/choicepoint/reply1.5.04.html


US-VISIT EXPANDS TO 50 BUSIEST LAND PORTS OF ENTRY

The United States Visitor and Immigrant Status Indicator Technology
(US-VISIT) program marked its first anniversary in early January and
extended its entry/exit biometric capturing system to 50 of the
busiest land ports of entry.  The system requires two digital index
finger scans as well as a digital photograph of the visitor, which are
intended to verify identity and are compared to a vast network of
government databases.  US-VISIT is now operational at 115 airports and
15 seaports and has "processed" approximately 16.9 million foreign
visitors.  The system will be fully in place at all land ports by the
end of 2005.  Currently US-VISIT targets visitors entering the U.S.
However, a number of pilot programs are testing the extension of the
program to capture biometric exit data.

For more information about US-VISIT, visit EPIC's US-VISIT Page:

     http://www.epic.org/privacy/us-visit


TWO STUDIES SHOW TELEMARKETERS ONLY GIVE 1/3 TO CHARITIES

Reports issued in December by the New York and Massachusetts Attorney
Generals' offices state that in 2003 (the most recent year for which
data is available), an average of only about 1/3 of funds raised for
charities in solicitation campaigns are actually received by the
charities.  In Massachusetts, charities received 29 cents of every
dollar raised in solicitation campaigns (including telemarketing,
mailings and door-to-door solicitations), an increase of about 3 cents
from the previous year.  In New York, meanwhile, charities retained
33.67 cents of every dollar raised by telemarketing, also a slight
increase from the previous year.  The New York report notes that there
are some circumstances that cause elevated fundraising costs for
charities, such as attempting to contact new donors, testing new
fundraising methods, or bundling educational and fundraising goals
together.  While the Supreme Court ruled in 1988 in Riley v. National
Federation of the Blind that states cannot prescribe the percentage of
total funds that charities use for fundraising, a 2003 decision,
Illinois v. Telemarketing Associations, found that telemarketers
cannot make deliberately false or fraudulent statements during
solicitations.  The Massachusetts report warns that by giving 100
percent of revenue to charities who then pay solicitors fees and
expenses, telemarketers can legally state that all proceeds go to the
charity.

Pennies for Charity 2004 (New York Attorney General's Report):

     http://www.oag.state.ny.us/charities/pennies04/penintro.html

Massachusetts Attorney General's Report on Telemarketing for Charity:

     http://www.ago.state.ma.us/filelibrary/telrep2004.pdf

For more information about telphone solicitations, see EPIC's
Telemarketing Page:

     http://www.epic.org/privacy/telemarketing


MICHIGAN ID THEFT LAW SIGNED BY GOVERNOR GRANHOLM

On December 28, Michigan governor Jennifer Granholm signed into law
the Identity Theft Protection Act, a far-reaching series of bills
toughening the state's identity theft laws.  Several of the laws limit
public exposure of identity information by limiting companies' rights
to require customers' Social Security numbers in the course of
business; prohibiting the public display of social security numbers,
as on health insurance cards and college IDs; prohibiting the
recording and transmitting of identifying information from ATM, debit
and credit cards; and banning businesses from printing more than the
last four digits of credit card numbers on receipts. Other laws are
meant to ease prosecution by strengthening the legal definition of
identity theft; redefining the term in the state criminal code;
establishing sentencing guidelines; extending the statute of
limitations for these crimes; and diminishing jurisdictional barriers
that formerly made it difficult to prosecute identity thieves in their
home cities or counties.  Still other laws strengthen the rights of
victims by guaranteeing the right to have a police report taken and
ensuring victims' access to the report; and protecting victims from
being denied credit or utility service.

The texts of the Michigan ID theft bills are available at:

     http://www.epic.org/redirect/mi_id_laws.html

Press release from the State of Michigan web site:

     http://www.epic.org/redirect/mi_pr.html

For more information on ID theft, see EPIC's Social Security Number
(SSN) Page:

      http://www.epic.org/privacy/ssn


EBAY ABANDONS PASSPORT, CITES SECURITY CONCERNS

EBay has announced that beginning in late January it will no longer
support Microsoft Passport.  This means that e Bay members will no
longer be able to sign in to eBay using the Microsoft Passport Sign
In, and that eBay will no longer use .NET alerts to send notifications
to members.  This move is the latest among Internet companies that are
dropping the single sign-in identification scheme. Monster.com dropped
Passport in October 2004.

Press release, eBay to Retire Microsoft Passport Sign In and .NET
Alerts:

     http://www2.ebay.com/aw/marketing.shtml - 2004-12-29114827

For more information about Passport, see EPIC's Sign Out of Passport
Page:

     http://www.epic.org/privacy/consumer/Microsoft


EUROPEAN BIOMETRIC VISA SCHEME TECHNICALLY UNWORKABLE

The European Union's plans to introduce biometric identifiers in visa
and residence permits have been revised due to technology issues.
While proposed regulations originally envisaged putting a "contactless
chip" into visas attached to passports, a November 2004 report
concluded that this will not be technically feasible due to
"collision" problems between the chipped visa and other chipped visas
and passports.  Specifically, the RFID signals would collide, making
contactless readers ineffective.  In late December the incoming
Luxembourg presidency of the European Union circulated a "Note" that
proposed two alternatives. The first involves matching biometrics
against the Visa Information System (VIS) database rather than against
a local document.  The second would involve local matching, requiring
the traveler to carry a nonchipped visa inside his or her passport, as
well as a separate chipped card.

In related news, the European Commission recently tabled a proposal for
regulation of VIS.  The proposed regulation would provide the mandate
to set up and maintain VIS, including articulating its purpose,
setting out the responsibilities and functionalities of the VIS and
establishing the conditions and procedures for the exchange of visa
data between member states.

Note from incoming Luxembourg presidency to Visa Working Group:

     http://www.statewatch.org/news/2005/jan/bio-visas-16257.pdf

Technical report to the European Council saying proposed scheme not
feasible:

     http://www.statewatch.org/news/2004/dec/bio-visas.pdf

Proposal for a Regulation of the European Parliament and of the
Council concerning the Visa Information System and the exchange of
data between Member States on short stay-visas:

     http://www.epic.org/redirect/visa_proposal.hmtl

======================================================================
[7] EPIC Bookstore: No Place to Hide
======================================================================

Robert O'Harrow, No Place to Hide (Free Press 2005).

     http://www.powells.com/cgi-bin/biblio?inkey=62-0743254805-0
 
Journalist Robert O'Harrow's first book, No Place to Hide, is a
Washington insider's exposé of how the fast-developing data
collection, analysis, and identification technologies first developed
for the marketing industry are increasingly used for law enforcement
purposes since 9/11.  O'Harrow's book recounts the development of the
USA PATRIOT Act in astonishing detail, complete with vignettes about
the Act's authors sleeping in their offices while drafting the
legislation, and the refusal of government attorneys to engage civil
liberties advocates to discuss the legislation, even off the record.

O'Harrow obtained unprecedented access for this book, and as a result,
No Place to Hide is an illuminating read for those interested in civil
liberties issues.  He shows that John Poindexter is still involved in
Total-Information-Awareness-like activities.  His interviews with key
people at Acxiom reveal the company has tricky methods of collecting data
that people think are private, such as unlisted phone numbers.  But
what is perhaps most interesting is how O'Harrow shows the people
involved in creating new government powers and data collection tools
are concerned about how their actions affect privacy.

- Chris Hoofnagle

                       ================================

"The Public Voice WSIS Sourcebook: Perspectives on the World Summit on
the Information Society" (EPIC 2004). Price: $40.
http://www.epic.org/bookstore/pvsourcebook

This resource promotes a dialogue on the issues, the outcomes, and the
process of the World Summit on the Information Society (WSIS).  This
reference guide provides the official UN documents, regional and
issue-oriented perspectives, as well as recommendations and proposals
for future action, as well as a useful list of resources and contacts
for individuals and organizations that wish to become more involved in
the WSIS process.

                       ================================

"The Privacy Law Sourcebook 2003: United States Law, International
Law, and Recent Developments," Marc Rotenberg, editor (EPIC 2003).
Price: $40. http://www.epic.org/bookstore/pls2003

The "Physicians Desk Reference of the privacy world."  An invaluable
resource for students, attorneys, researchers and journalists who need
an up-to-date collection of U.S. and International privacy law, as
well as a comprehensive listing of privacy resources.

                       ================================

"Filters and Freedom 2.0: Free Speech Perspectives on Internet Content
Controls" (EPIC 2001). Price: $20.
http://www.epic.org/bookstore/filters2.0

A collection of essays, studies, and critiques of Internet content
filtering.  These papers are instrumental in explaining why filtering
threatens free expression.

                       ================================

"The Consumer Law Sourcebook 2000: Electronic Commerce and the Global
Economy," Sarah Andrews, editor (EPIC 2000). Price: $40.
http://www.epic.org/cls

The Consumer Law Sourcebook provides a basic set of materials for
consumers, policy makers, practitioners and researchers who are
interested in the emerging field of electronic commerce.  The focus is
on framework legislation that articulates basic rights for consumers
and the basic responsibilities for businesses in the online economy.

                       ================================

"Cryptography and Liberty 2000: An International Survey of Encryption
Policy," Wayne Madsen and David Banisar, authors (EPIC 2000). Price:
$20.  http://www.epic.org/bookstore/crypto00&

EPIC's third survey of encryption policies around the world.  The
results indicate that the efforts to reduce export controls on strong
encryption products have largely succeeded, although several
governments are gaining new powers to combat the perceived threats of
encryption to law enforcement.

                       ================================

EPIC publications and other books on privacy, open government, free
expression, crypto and governance can be ordered at:

       EPIC Bookstore
       http://www.epic.org/bookstore

       "EPIC Bookshelf" at Powell's Books
       http://www.powells.com/features/epic/epic.html

======================================================================
[8] Upcoming Conferences and Events
======================================================================

3rd Annual Digital Rights Management Conference 2005.  Ministry of
Science and Research of the State Northrhine Westfalia, Germany.
January 13-24, 2005.  Berlin, Germany.  For more information:
http://www.digital-rights-management.org/start.php.

Book Reading and Signing with Robert O'Harrow.  January 15, 2005.
Politics & Prose, Washington, DC.  For more information:
http://www.politics-prose.com/calendar.htm#j15b.

Book Party and Reception with Robert O'Harrow.  Co-hosted by the
Stewart R. Mott Charitable Trust.  January 24, 2005.  The Mott House,
122 Maryland Avenue NE, Washington, DC.

12th Annual Network and Distributed System Security Symposium. The
Internet Society.  February 3-4, 2005.  San Diego, CA.  For more
information: http://www.isoc.org/isoc/conferences/ndss/05/index.shtml.

14th Annual RSA Conference.  RSA Security.  February 14-18, 2005.  San
Francisco, CA.  For more information:
http://2005.rsaconference.com/us/general/default.aspx.

The World Summit on the Information Society PrepCom 2.  February
17-25, 2005.  Geneva, Switzerland.  For more information:
http://www.itu.int/wsis/preparatory2/hammamet/index.html.

3rd International Conference of Information Commissioners.  Federal
Institute of Access to Information.  February 20-23, 2005.  Cancun,
Mexico.  For more information:
http://www.icic-cancun.org.mx/index.php?lang=eng.

The Concealed I: Anonymity, Identity, and the Prospect of Privacy.  On
the Identity Trail and the Law and Technology Program at the
University of Ottawa.  March 4-5, 2005.  Ottawa, Canada.  For more
information: http://www.anonequity.org/concealedI.

The Health Information Technology Summit West. eHealth Initiative.
March 6-8, 2005.  San Francisco.  For more information:
http://www.hitsummit.com.

IAPP National Privacy Summit 2005.  International Association of
Privacy Professionals.  March 9-11, 2005.  Washington, DC.  For more
information:  http://privacyassociation.org.

O'Reilly Emerging Technology Conference.  March 14-17, 2005.  San
Diego, CA.  For more Information:
http://conferences.oreillynet.com/etech.

7th International General Online Research Conference.  German
Society for Online Research.  March 22-23, 2005.  Zurich, Switzerland.
For more information: http://www.gor.de.

The 2005 Nonprofit Technology Conference.  Nonprofit Technology
Enterprise Network.  March 23-25, 2005.  Chicago, IL.  For more
information: http://www.nten.org/ntc.

Internet Corporation For Assigned Names and Numbers (ICANN) Meeting.
April 4-8, 2005.  Mar del Plata, Argentina.  For more information:
http://www.icann.org.

5th Annual Future of Music Policy Summit.  Future of Music
Coalition.  April 10-11, 2005.  Washington DC.  For more information:
http://www.futureofmusic.org/events/summit05/index.cfm.

CFP2005: Fifteenth Annual Conference on Computers, Freedom and
Privacy.  April 12-15, 2005.  Seattle, WA.  For more information:
http://www.cfp2005.org.

2005 IEEE Symposium on Security and Privacy.  IEEE Computer Society
Technical Committee on Security and Privacy in cooperation with The
International Association for Cryptologic Research.  May 8-11, 2005.
Berkeley, CA.  For more information:
http://www.ieee-security.org/TC/SP2005/oakland05-cfp.html.

SEC2005: Security and Privacy in the Age of Ubiquitous Computing.
Technical Committee on Security & Protection in Information Processing
Systems with the support of Information Processing Society of Japan.
May 30-June 1, 2005.  Chiba, Japan.  For more information:
http://www.sec2005.org.

Internet Corporation For Assigned Names and Numbers (ICANN) Meeting.
July 11-15, 2005.  Luxembourg City, Luxenbourg.  For more information:
http://www.icann.org.

3rd International Human.Society@Internet Conference.  July 27-29,
2005.  Tokyo, Japan.  For more information: http://hsi.itrc.net.

The World Summit on the Information Society.  Government of Tunisia.
November 16-18, 2005.  Tunis, Tunisia.  For more information:
http://www.itu.int/wsis.

Internet Corporation For Assigned Names and Numbers (ICANN) Meeting.
November 30-December 4, 2005.  Vancouver, Canada.  For more
information: http://www.icann.org.

======================================================================
Subscription Information
======================================================================

Subscribe/unsubscribe via web interface:

       https://mailman.epic.org/cgi-bin/mailman/listinfo/epic_news

Back issues are available at:

       http://www.epic.org/alert

The EPIC Alert displays best in a fixed-width font, such as Courier.

======================================================================
Privacy Policy
======================================================================

The EPIC Alert mailing list is used only to mail the EPIC Alert and to
send notices about EPIC activities.  We do not sell, rent or share our
mailing list.  We also intend to challenge any subpoena or other legal
process seeking access to our mailing list.  We do not enhance (link
to other databases) our mailing list or require your actual name.

In the event you wish to subscribe or unsubscribe your e-mail address
from this list, please follow the above instructions under
"subscription information."

======================================================================
About EPIC
======================================================================

The Electronic Privacy Information Center is a public interest
research center in Washington, DC.  It was established in 1994 to
focus public attention on emerging privacy issues such as the Clipper
Chip, the Digital Telephony proposal, national ID cards, medical
record privacy, and the collection and sale of personal information.
EPIC publishes the EPIC Alert, pursues Freedom of Information Act
litigation, and conducts policy research.  For more information, see
http://www.epic.org or write EPIC, 1718 Connecticut Ave., NW, Suite
200, Washington, DC 20009. +1 202 483 1140 (tel), +1 202 483 1248
(fax).

If you'd like to support the work of the Electronic Privacy
Information Center, contributions are welcome and fully
tax-deductible.  Checks should be made out to "EPIC" and sent to 1718
Connecticut Ave., NW, Suite 200, Washington, DC 20009.  Or you can
contribute online at:

       http://www.epic.org/donate

Your contributions will help support Freedom of Information Act and
First Amendment litigation, strong and effective advocacy for the
right of privacy and efforts to oppose government regulation of
encryption and expanding wiretapping powers.

Thank you for your support.

---------------------- END EPIC Alert 12.01 ----------------------

.