========================================================================
E P I C A l e r t
========================================================================
Volume 13.14 July 13, 2006
------------------------------------------------------------------------
Published by the
Electronic Privacy Information Center (EPIC)
Washington, D.C.
http://www.epic.org/alert/EPIC_Alert_13.14.html
========================================================================
Table of Contents
========================================================================
[1] Georgia State, Federal Courts Halt Photo ID Requirement for Voters
[2] EPIC Supports Supreme Court Review of DNA Databases
[3] British ID Card Plan Stalls
[4] FBI Proposes Wiretap Law Expansion
[5] Defense Department Monitored Student Email
[6] News in Brief
[7] EPIC Bookstore: John Battelle's "The Search"
[8] Upcoming Conferences and Events
========================================================================
[1] Georgia State, Federal Courts Halt Photo ID Requirement for Voters
========================================================================
The second attempt by the Georgia General Assembly to require voters to
present photo identification as a pre-condition to cast a ballot was
struck down by both state and federal courts in Georgia. Judge Harold
Murphy of the U.S. District Court for the Northern District of Georgia
issued a preliminary injunction preventing the state from demanding that
registered voters present a government-issued photo ID at the polls.
A week earlier, Georgia's Fulton County Superior Court found the "2006
Photo ID Act" imposed an unauthorized qualification on the right to
vote, since the Georgia State Constitution only requires qualified
voters to be 18 years old, mentally competent, and state residents.
Accordingly, any of seventeen forms of proof of residence previously
specified in state law, including a signed affirmation certificate, will
remain acceptable to identify an eligible elector at the polling place.
The state claim, filed by former Democratic Governor Roy E. Barnes,
states that the new law would make it harder for minorities, the
elderly, and the poor to participate in public elections. Defendant,
Republican Governor Sonny Perdue, argued the Act was a reasonable means
to prevent voter fraud. In his opinion, state judge Melvin K.
Westmoreland rejected any political arguments raised by the parties
relying solely on constitutional grounds stating, "Where the right of
suffrage is fixed in the Constitution it cannot be restricted by the
legislature."
Secretary of State Cathy Cox had previously testified she "cannot recall
one documented case of voter fraud. . . that specifically related to the
impersonation of a registered voter at voting polls." The Secretary of
State's office also estimated that as of 2005, 675,000 Georgians
otherwise eligible to vote lack a driver's license or state issued photo
identification card. In an official statement, Governor Perdue stated,
"dead people have cast votes in Georgia and. . . there was no way to
tell how many deceased voters, felons or even illegal aliens may have
been casting ballots in Georgia elections." Governor Perdue's emergency
appeal of the decision to the Georgia Supreme Court was denied.
At the federal level, Judge Murphy had previously struck down an earlier
law requiring voters present photo identification as a qualification to
vote. The plaintiffs in this earlier case argued that the cost and
inconvenience of obtaining such an ID was too much for many poor voters
and therefore a violation of the Twenty-Fourth Amendment prohibition on
poll taxes. In response to that ruling, the Georgia enacted the 2006
Photo ID Act mandating the same list of acceptable forms of photo
identification but provided a means for voters to obtain a photo
identification card at no cost.
Georgia's 2006 Photo ID Act:
http://www.legis.state.ga.us/legis/2005_06/sum/sb84.htm
Fulton County Superior Court Decision (pdf):
http://www.epic.org/privacy/voting/fulton_order.pdf
EPIC's Congressional Testimony on Voter ID Requirements (pdf):
http://www.epic.org/privacy/voting/voter_id-statement.pdf
EPIC's Voting Resources Page:
http://www.epic.org/privacy/voting/
National Committee for Voting Integrity:
http://votingintegrity.org/
========================================================================
[2] EPIC Supports Supreme Court Review of DNA Databases
========================================================================
EPIC has filed a "friend of the court" brief asking the U.S. Supreme
Court to hear the case of a probationer who was forced to provide a DNA
sample for inclusion in a federal database. The brief points out the
more invasive nature of DNA profiling and also notes the lack of
adequate protections to ensure that tissue samples are not abused for
other purposes.
One month prior to his release from probation, Lamar Johnson was ordered
to provide the government with a blood sample, so that his DNA might be
entered into a national database. Johnson refused, stating that the
sample collection, being more invasive than fingerprinting, was a
violation of his Fourth Amendment rights against unreasonable searches
and seizures. He then filed for an injunction against the collection in
federal district court. His case was dismissed by the federal district
court in Washington, D.C., and he appealed to the D.C. Circuit, which
upheld the district court's opinion, comparing the blood sample to a
fingerprinting.
EPIC supported Johnson's request for the Supreme Court to hear his case,
noting in its "friend of the court" brief that collecting a tissue
sample for DNA profiling was far more invasive than collecting a
fingerprint. While a fingerprint does not reveal any characteristics
about an individual, a DNA profile can reveal an individual's likely
race and sex. Close relatives also share similar profiles, so collecting
one person's DNA may easily implicate her immediate family. The brief
also states that there are insufficient safeguards on the use of the
original tissue sample, from which a vast amount of personal
information, including personal traits and medical information, can be
gleaned. There are no uniform guidelines determining how long this
information-rich sample can be held, nor whether the sample will be
destroyed if a conviction is overturned or a sentence served.
The collection and use of DNA continues to expand, with laws now
allowing police to collect DNA samples not only from convicted
criminals, but from individuals who are arrested or merely detained by
the government. Law enforcement has begun to use DNA collected from
family members to implicate suspects, and the wealth of information
contained within federal DNA databases allows for unanticipated uses and
abuses in the absence of adequate safeguards.
EPIC's Johnson v. Quander Page:
http://www.epic.org/privacy/johnson
EPIC Brief in Johnson v. Quander (pdf):
http://www.epic.org/privacy/johnson/johnson_cert_amicus.pdf
Johnson's Petition for Certiorari (pdf):
http://www.epic.org/privacy/johnson/cert_petition.pdf
EPIC's Genetic Privacy Page:
http://www.epic.org/privacy/genetic/
========================================================================
[3] British ID Card Plan Stalls
========================================================================
Plans for a mandatory national ID card in the United Kingdom have
stalled after internal emails revealing severe problems with the plan
were leaked from the UK's Home Office. The plan, originally scheduled to
roll out in 2008, is now subject to further review and likely
rescheduling, according to the government. Opponents of the plan,
however, are pointing to the delay as evidence that the plan is
unworkable.
Despite public assertions from Home Office officials and Prime Minister
Blair that the ID cards would combat terrorism, crime, illegal
immigration and fraud, the internal emails, leaked to the Sunday Times,
reveal that officials privately doubted that the plans were feasible or
effective. One email states that the plans "lack clear benefits from
which to demonstrate a return on investment." Another reveals that, due
to fears that the plan cannot be implemented, a "face-saving,"
scaled-back plan could be introduced, where personal information and
biometric data is stored in a national database, but not printed on
cards.
The original plan called for a mandatory ID card that would bear the
holder's name, address, photograph, and other biometric data, such as
iris scans and fingerprints. Government officials have placed the cost
of the scheme at around 6 billion pounds, whereas a study last year by
the London School of Economics estimated the cost at closer to 19.2
billion pounds. The report also noted that the card scheme faced massive
technical issues, created potential security risks, and faced widespread
opposition from UK citizens. Furthermore, the study found that creation
of the national database would likely run afoul of a number of national
laws and international agreements.
A recent report on counter-terrorism by the Home Office also failed to
mention the ID cards as part of Britain's national security strategy,
raising additional doubts as to the viability of the card plan.
Leaked Emails from the Home Office:
http://www.timesonline.co.uk/article/0,,2087-2261631,00.html
London School of Economics 2005 Study of the ID Card Plan:
http://www.epic.org/redirect/lseid605.html
London School of Economics 2006 Study (pdf):
http://is2.lse.ac.uk/IDcard/identityreport.pdf
EPIC's National ID Card Page:
http://www.epic.org/privacy/id_cards/
Privacy International on National ID Cards:
http://www.epic.org/redirect/pi_id_cards.html
========================================================================
[4] FBI Proposes Wiretap Law Expansion
========================================================================
The FBI has proposed that Congress pass a law that would expand a 1994
telephone wiretapping law to apply to Internet and voice over Internet
protocol (VoIP) services. Among other things, the as-yet uncirculated
proposal would require manufacturers of routing equipment to design
systems so that the government can easily wiretap Internet
communications.
The Communications Assistance for Law Enforcement Act (CALEA) was passed
in 1994, after law enforcement officials worried that new technologies,
like mobile phones, were making it difficult to wiretap telephone
conversations. The law therefore required that telephone companies build
their systems to allow easy eavesdropping by the government. Recognizing
that wiretapping Internet connections posed distinct problems, however,
the law did not apply to "information services" like Internet service
providers.
The proposed law does more than apply the wiretap requirements to
Internet services, however. The bill also would require service
providers to process or filter customer communications to identify and
isolate the types of communications law enforcement requested, and early
reports indicate that it would eliminate the current requirement that
the Justice Department report the number of wiretaps it grants each
year.
The proposed law follows a recent decision by the D.C. Circuit Court of
Appeals that allowed the FCC to expand the reach of CALEA to the
Internet without changing the law. Businesses, schools, and public
interest groups, including EPIC, had challenged the FCC decision, which
was upheld by a 2-1 panel. Changing CALEA through legislative action
could prevent appeal or reconsideration of the Circuit Court's decision.
Communications experts from the Information Technology Association of
America have criticized applying CALEA to Internet services, noting that
the decentralized structure of the Internet makes it difficult to apply
CALEA without simultaneously wiretapping innocent individuals,
introducing major security risks, or restructuring the network's nature.
Text of CALEA:
http://www.epic.org/privacy/wiretap/calea/calea_law.html
D.C. Circuit Decision in ACE v. FCC (pdf):
http://www.epic.org/privacy/wiretap/ace_v_fcc.pdf
Justice Department's Annual Wiretap Reports:
http://www.uscourts.gov/library/wiretap.html
ITAA Report on Applying CALEA to the Internet (pdf):
http://www.itaa.org/news/docs/CALEAVOIPreport.pdf
========================================================================
[5] Defense Department Monitored Student Email
========================================================================
The Department of Defense confirmed allegations that it had monitored
the email of students who were preparing to protest against military
policies, according to the Chronicle of Higher Education. Targets of the
surveillance were engaged in organizing protests against the war in Iraq
and the military's "don't ask don't tell" policy that prevents openly
gay individuals from serving in the military. The Defense Department
began the surveillance after being notified of protests through its
TALON network, a system intended to inform the Department of potential
terrorist threats.
Instead, reports from the TALON system, released under a Freedom of
Information Act request submitted by the Servicemembers Legal Defense
Network, revealed the Defense Department investigating student protests
against on-campus military recruitment. The released documents indicated
surveillance of student speech at the State University of New York at
Albany, Southern Connecticut State University, the University of
California at Berkeley, and William Paterson University of New Jersey.
Other programs within the Defense Department also focus on collecting
student information. In May 2005, the Department announced that it was
going to create a massive database for recruiting. The Pentagon's "Joint
Advertising and Market Research" system proposed to combine student
information, Social Security numbers, and information from state motor
vehicle repositories into a unified database housed at a private direct
marketing firm. Approximately 25 million individuals' information would
be in the database, and individuals would not be allowed to opt out of
inclusion. In June 2005, EPIC and 8 privacy and consumer groups objected
to the creation of the database, arguing that it violated the Privacy
Act and was unnecessarily invasive.
In reaction to the database announcement, over 100 groups sent a letter
to Secretary of Defense Rumsfeld protesting the database. To date,
Secretary Rumsfeld has not acknowledged receipt of the letter.
FOIA Documents Revealing Student Monitoring (pdf):
http://www.sldn.org/binary-data/SLDN_ARTICLES/pdf_file/3028.pdf
EPIC Memo on DOD Database (pdf):
http://www.epic.org/privacy/student/epic_dod_71505.pdf
Coalition Letter to the DOD Criticizing JAMRS:
http://www.privacycoalition.org/nododdatabase/letter.html
========================================================================
[6] News in Brief
========================================================================
Congress Investigates Financial Surveillance Program
The Bush administration failed to adequately inform Congress of the
recently revealed secret banking surveillance program by briefing only a
handful of members, according to the chairwoman of the Subcommittee on
Oversight and Investigations of the House Committee on Financial
Services. At a hearing about the program Tuesday, N.Y. Rep. Sue Kelly
said she has asked for a Government Accountability Office investigation
of the program. The government is using broad, secret subpoenas to
review confidential financial transactions from a banking consortium
that routes data in more than 200 countries.
Hearing Information on "The Terror Finance Tracking Program:
http://www.epic.org/redirect/finance_tracking.html
US-VISIT RFID Needs Better Security, Report Says
The Department of Homeland Security's Inspector General stated that the
US-VISIT border security program fails to protect data collected through
the use of radio frequency identification (RFID) tags. US-VISIT has been
testing RFID-enabled I-94 visa forms and has distributed more than
150,000 of them. The Inspector General's report found "security
vulnerabilities that could be exploited to gain unauthorized or
undetected access to sensitive data" associated with people who carried
the RFID-enabled forms.
DHS Inspector General Report (redacted) (pdf):
http://www.epic.org/redirect/usvisit_ig_report.html
EPIC's US-VISIT page:
http://www.epic.org/privacy/us-visit/
AT&T Fined $550,000 for Privacy Failures
In a settlement reached with the Federal Communications Commission, AT&T
agreed to pay $550,000 for failures to adequately safeguard consumer
privacy. According to the settlement, AT&T may have improperly used
customer data for marketing purposes. AT&T also agreed to improve
procedures for opt-out notification. This investigation was prompted by
an EPIC petition submitted to the FCC in August 2005. FCC Commissioner
Adelstein praised the settlement, noting that "enforcement is essential
to promote compliance with our consumer privacy rules." Adelstein also
encouraged the FCC to move forward on a pending rulemaking more fully
addressing EPIC's petition to better protect consumers' phone records.
Text of the Settlement (pdf):
http://hraunfoss.fcc.gov/edocs_public/attachmatch/FCC-06-100A1.pdf
Adelstein's Statement on the Settlement (pdf):
http://hraunfoss.fcc.gov/edocs_public/attachmatch/FCC-06-100A2.pdf
EPIC's Phone Records Page:
http://www.epic.org/privacy/cpni
Illinois Outlaws Pretexting, Adopts New Privacy Safeguards
Illinois Governor Rod R. Blagojevich signed legislation last week
outlawing "pretexting:" pretending to be an account holder so as to
obtain access to someone else's personal information. In the past year,
Illinois has passed several laws to protect consumer privacy, including
measures that address identity theft, limit the use of the Social
Security Number, require notification of security breeches, and allow
state residents to put a security freeze on their credit report if they
believe their personal information has been compromised.
Text of the Illinois Law (pdf):
http://www.ilga.gov/legislation/94/SB/PDF/09400SB2554lv.pdf
EPIC's Pretexting and Phone Records Page:
http://www.epic.org/privacy/iei
National Conference of State Legislatures Privacy Page:
http://www.ncsl.org/programs/lis/cip/priv/privacy.htm
Spotlight: Multiple Security Failures at Veterans Affairs
In the wake of May's massive data theft, the Department of Veterans
Affairs falls under the Spotlight on Surveillance. The immense data loss
could easily happen again because of weak security at the agency,
Spotlight reports. Veterans Affairs was warned about security weaknesses
for many years, but failed to act, according to government officials.
Documents reveal that the agency had given permission for the analyst,
from whom the equipment was stolen, to work from home with the sensitive
personal data. Agency officials previously said the analyst violated
agency procedure by taking the data home.
Spotlight on Surveillance: Veterans Affairs Data Breach
http://epic.org/privacy/surveillance/spotlight/0506/default.html
========================================================================
[7] EPIC Bookstore: John Battelle's "The Search"
========================================================================
The Search: How Google and Its Rivals Rewrote the Rules of Business and
Transformed Our Culture. John Battelle. Portfolio, 2005.
http://www.powells.com/partner/24075/biblio/62-1591840880-0
"What does the world want? According to John Battelle, a company that
answers that question — in all its shades of meaning — can unlock the
most intractable riddles of business and arguably of human culture
itself. And for the past few years, that's exactly what Google has been
doing.
Jumping into the game long after Yahoo, Alta Vista, Excite, Lycos, and
other pioneers, Google offered a radical new approach to search,
redefined the idea of viral marketing, survived the dot-com crash, and
pulled off the largest and most talked-about initial public offering in
the history of Silicon Valley.
But The Search offers much more than the inside story of Google's
triumph. It's also a big-picture book about the past, present, and
future of search technology and the enormous impact it's starting to
have on marketing, media, pop culture, dating, job hunting,
international law, civil liberties, and just about every other sphere of
human interest.
More than any of its rivals, Google has become the gateway to instant
knowledge. Hundreds of millions of people use it to satisfy their wants,
needs, fears, and obsessions, creating an enormous artifact that
Battelle calls the Database of Intentions. Somewhere in Google's
archives, for instance, you can find the agonized research of a gay man
with AIDS, the silent plotting of a would-be bomb maker, and the anxiety
of a woman checking out her blind date. Combined with the databases of
thousands of other search-driven businesses, large and small, it all
adds up to a gold mine of information that powerful organizations
(including the government) will want to get their hands on."
================================
EPIC Publications:
"Information Privacy Law: Cases and Materials, Second Edition" Daniel J.
Solove, Marc Rotenberg, and Paul Schwartz. (Aspen 2005). Price: $98.
http://www.epic.org/redirect/aspen_ipl_casebook.html
This clear, comprehensive introduction to the field of information
privacy law allows instructors to enliven their teaching of fundamental
concepts by addressing both enduring and emerging controversies. The
Second Edition addresses numerous rapidly developing areas of privacy
law, including: identity theft, government data mining,and electronic
surveillance law, the Foreign Intelligence Surveillance Act,
intelligence sharing, RFID tags, GPS, sypware, web bugs, and more.
Information Privacy Law, Second Edition, builds a cohesive foundation
for an exciting course in this rapidly evolving area of law.
================================
"Privacy & Human Rights 2004: An International Survey of Privacy Laws
and Developments" (EPIC 2004). Price: $50.
http://www.epic.org/bookstore/phr2004
This annual report by EPIC and Privacy International provides an
overview of key privacy topics and reviews the state of privacy in over
60 countries around the world. The report outlines legal protections,
new challenges, and important issues and events relating to privacy.
Privacy & Human Rights 2004 is the most comprehensive report on privacy
and data protection ever published.
================================
"FOIA 2004: Litigation Under the Federal Open Government Laws," Harry
Hammitt, David Sobel and Tiffany Stedman, editors (EPIC 2004). Price:
$40.
http://www.epic.org/bookstore/foia2004
This is the standard reference work covering all aspects of the Freedom
of Information Act, the Privacy Act, the Government in the Sunshine Act,
and the Federal Advisory Committee Act. The 22nd edition fully updates
the manual that lawyers, journalists and researchers have relied on for
more than 25 years. For those who litigate open government cases (or
need to learn how to litigate them), this is an essential reference
manual.
================================
"The Public Voice WSIS Sourcebook: Perspectives on the World Summit on
the Information Society" (EPIC 2004). Price: $40.
http://www.epic.org/bookstore/pvsourcebook
This resource promotes a dialogue on the issues, the outcomes, and the
process of the World Summit on the Information Society (WSIS). This
reference guide provides the official UN documents, regional and
issue-oriented perspectives, and recommendations and proposals for
future action, as well as a useful list of resources and contacts for
individuals and organizations that wish to become more involved in the
WSIS process.
================================
"The Privacy Law Sourcebook 2004: United States Law, International Law,
and Recent Developments," Marc Rotenberg, editor (EPIC 2005). Price:
$40.
http://www.epic.org/bookstore/pls2004/
The Privacy Law Sourcebook, which has been called the "Physician's Desk
Reference" of the privacy world, is the leading resource for students,
attorneys, researchers, and journalists interested in pursuing privacy
law in the United States and around the world. It includes the full
texts of major privacy laws and directives such as the Fair Credit
Reporting Act, the Privacy Act, and the OECD Privacy Guidelines, as well
as an up-to-date section on recent developments. New materials include
the APEC Privacy Framework, the Video Voyeurism Prevention Act, and the
CAN-SPAM Act.
================================
"Filters and Freedom 2.0: Free Speech Perspectives on Internet Content
Controls" (EPIC 2001). Price: $20.
http://www.epic.org/bookstore/filters2.0
A collection of essays, studies, and critiques of Internet content
filtering. These papers are instrumental in explaining why filtering
threatens free expression.
================================
EPIC publications and other books on privacy, open government, free
expression, crypto and governance can be ordered at:
EPIC Bookstore http://www.epic.org/bookstore
"EPIC Bookshelf" at Powell's Books
http://www.powells.com/features/epic/epic.html
================================
EPIC also publishes EPIC FOIA Notes, which provides brief summaries of
interesting documents obtained from government agencies under the
Freedom of Information Act.
Subscribe to EPIC FOIA Notes at:
https://mailman.epic.org/cgi-bin/control/foia_notes
========================================================================
[8] Upcoming Conferences and Events
========================================================================
7th Annual Institute on Privacy Law: Evolving Laws and Practices in a
Security-Driven World. Practising Law Institute. June 19-20, New York,
New York. July 17-18, Chicago, Illinois. Live webcast available. For
more information:
www.pli.edu
identitymashup: Who Controls and Protects the Digital Me? Berkman Center
for Internet & Society, Harvard Law School. June 19-21, 2006. Cambridge,
Massachusetts. For more information:
http://www.identitymash-up.org/
Call for papers for Identity and Identification in a Networked World.
Submissions due by July 5. New York University. Symposium on September
29-30, 2006. New York, New York. For more information:
http://www.easst.net/node/976
Infosecurity New York. Reed Exhibitions. September 12-14, 2006. New
York, New York. For more information:
http://www.infosecurityevent.com
34th Research Conference on Communication, Information, and Internet
Policy. Telecommunications Policy Research Conference. September
29-October 1, 2006. Arlington, Virginia. For more information:
http://www.tprc.org/TPRC06/2006.htm
6th Annual Future of Music Policy Summit. Future of Music Coalition.
October 5-7, 2006. Montreal, Canada. For more information:
http://www.futureofmusic.org/events/summit06/
The IAPP Privacy Academy 2006. International Association of Privacy
Professionals. October 18-20, 2006. Toronto, Ontario, Canada. For more
information:
www.privacyassociation.org
International Conference on Privacy, Security, and Trust (PST 2006).
University of Ontario Institute of Technology. October 20-November 1,
2006. Markham, Ontario, Canada. For more information:
http://www.businessandit.uoit.ca/pst2006/
BSR 2006 Annual Conference. Business for Social Responsibility. November
7-10, 2006. New York, New York. For more information:
http://www.bsr.org/BSRConferences/index.cfm
CFP2007: Computers, Freedom, and Privacy Conference. Association for
Computing Machinery. May 2007. Montreal, Canada. For more information:
http://www.cfp2007.org
======================================================================
Subscription Information
======================================================================
Subscribe/unsubscribe via web interface:
https://mailman.epic.org/cgi-bin/mailman/listinfo/epic_news
Back issues are available at:
http://www.epic.org/alert
The EPIC Alert displays best in a fixed-width font, such as Courier.
========================================================================
Privacy Policy
========================================================================
The EPIC Alert mailing list is used only to mail the EPIC Alert and to
send notices about EPIC activities. We do not sell, rent or share our
mailing list. We also intend to challenge any subpoena or other legal
process seeking access to our mailing list. We do not enhance (link to
other databases) our mailing list or require your actual name.
In the event you wish to subscribe or unsubscribe your e-mail address
from this list, please follow the above instructions under "subscription
information."
========================================================================
About EPIC
========================================================================
The Electronic Privacy Information Center is a public interest research
center in Washington, DC. It was established in 1994 to focus public
attention on emerging privacy issues such as the Clipper Chip, the
Digital Telephony proposal, national ID cards, medical record privacy,
and the collection and sale of personal information. EPIC publishes the
EPIC Alert, pursues Freedom of Information Act litigation, and conducts
policy research. For more information, see http://www.epic.org or write
EPIC, 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009. +1 202
483 1140 (tel), +1 202 483 1248 (fax).
If you'd like to support the work of the Electronic Privacy Information
Center, contributions are welcome and fully tax-deductible. Checks
should be made out to "EPIC" and sent to 1718 Connecticut Ave., NW,
Suite 200, Washington, DC 20009. Or you can contribute online at:
http://www.epic.org/donate
Your contributions will help support Freedom of Information Act and
First Amendment litigation, strong and effective advocacy for the right
of privacy and efforts to oppose government regulation of encryption and
expanding wiretapping powers.
Thank you for your support.
------------------------- END EPIC Alert 13.14 -------------------------
.