EPIC logo

  

========================================================================
                             E P I C  A l e r t
========================================================================
Volume 15.03                                            February 8, 2008
------------------------------------------------------------------------

                              Published by the
                 Electronic Privacy Information Center (EPIC)
                              Washington, D.C.

               http://www.epic.org/alert/EPIC_Alert_15.03.html


========================================================================
Table of Contents
========================================================================
[1] EPIC Urges Court to Assess Government Secrecy Claims in FOIA Case
[2] EPIC, Privacy Groups Renew Call for Investigation of Ask Eraser
[3] Microsoft Proposes $44.6 Billion Acquisition of Yahoo, Inc.
[4] Homeland Security Agency Releases Overdue Privacy Report
[5] Security Experts Warn of Dangers From Expansion of Wiretap Powers
[6] News in Brief
[7] EPIC Bookstore: "Privacy at Risk"
[8] Upcoming Conferences and Events
    - Subscription Information
    - Privacy Policy
    - About EPIC
    - Donate to EPIC
      http://www.epic.org/donate

========================================================================
[1] EPIC Urges Court to Assess Government Secrecy Claims in FOIA Case
========================================================================

On February 6, 2008, EPIC urged a federal district court to order the
Department of Justice (DOJ) to produce legal opinions and related
documents that were prepared to justify and monitor the President's
warrantless domestic surveillance program.  The brief, signed by EPIC,
the American Civil Liberties Union, and the National Security Archive,
renews EPIC's prior request that a federal judge review the documents
and make an independent determination as to whether they must be
revealed to public under the Freedom of Information Act (FOIA).  The DOJ
has refused to turn over the documents to EPIC, and opposes judicial
review of the documents.

EPIC seeks the disclosure of opinions prepared by the DOJ Office of
Legal Counsel regarding the President's warrantless domestic
surveillance program.  The Office of Legal Counsel regularly issues
opinions on a variety of topics in response to legal questions posited
by the President and the heads of executive departments.  The Office of
Legal Counsel's authority is long-standing, and its final opinions must
be publicly disclosed in response to FOIA requests.  The DOJ has refused
to make the warrantless wiretapping opinions public, and has even
refused to inform all members of Congress of the documents' contents.
Senator Edward Kennedy recently criticized the secrecy surrounding the
Office of Legal Counsel opinions, arguing that the Administration's
selective disclosure of the documents to a tiny number of legislators
"is a pale shadow of the real disclosure that Americans deserve."

Previously in this litigation (EPIC v. DOJ, D.D.C. Case No. 06-cv-0096),
the Court ordered the DOJ to be more forthcoming about its basis for
withholding documents from public disclosure.  The Court also indicated
its willingness to review disputed documents "in camera” - that is, for
the DOJ to produce the documents, confidentially, to the Court - so that
the Court can independently assess the propriety of the DOJ's refusal to
publicly disclose the documents.

The activities giving rise to EPIC v. DOJ began in December 2005,
immediately after press reports uncovered the President's surveillance
program.  EPIC requested documents relating to legal opinions that were
prepared to justify the program. The American Civil Liberties Union and
the National Security Archive also submitted FOIA requests.  The DOJ
refused to produce several key documents, and EPIC sued, demanding that
the DOJ disclose the documents in compliance with the Freedom of
Information Act.

EPIC's Page on FOIA Work on the National Security Agency's Warrantless
Surveillance Program:

     http://epic.org/privacy/nsa/foia/default.html

EPIC's Complaint Against the Department of Justice (PDF):

     http://www.epic.org/privacy/nsa/complaint_doj.pdf

United States Department of Justice - Memoranda and Opinions:

     http://www.usdoj.gov/olc/opinions.htm

Press release, "Kennedy Calls for Oversight of Warrantless Wiretapping"
January 24, 2008:

     http://epic.org/redirect/kennedy.html

EPIC v. DOJ "Memorandum Opinion and Order" (PDF):

     http://www.epic.org/privacy/nsa/dc_order_090507.pdf

========================================================================
[2] EPIC, Privacy Groups Renew Call for Investigation of AskEraser
========================================================================

On February 7, 2008, EPIC and five other privacy organizations filed a
supplemental complaint with the Federal Trade Commission (FTC) against
Ask.com. EPIC alleges that Ask.com is engaging in unfair and deceptive
trade practices regarding its representations concerning AskEraser, a
new search product that purports to protect Internet search privacy.

The supplemental complaint states that despite recent changes to the
product, AskEraser continues to threaten consumer privacy.  AskEraser's
chief privacy threats result from AskEraser's cookie-based
implementation, Ask.com's policy of secretly disabling AskEraser without
any notice to consumers, and the transmittal of personal information to
third parties while AskEraser is "on."

The supplemental complaint was filed after Ask.com modified its product:
the persistent identifier associated with the AskEraser enabling cookie
was replaced with a non-identifying marker. This modification, which
followed EPIC's letter to Ask.com complaining of AskEraser's flaws,
addresses one, but not all, of the consumer privacy threats identified
in EPIC's original complaint.

Since EPIC filed the original complaint on January 18, 2008, the privacy
problems associated with AskEraser have attracted media attention.
Search engine technology expert Danny Sullivan pointed out that the flow
of information to third parties such as Google is "a serious concern, a
serious flaw in what searchers may think they're getting - but don't get
- in terms of privacy protection." The supplemental complaint notes that
this deficiency continues to threaten AskEraser users.

In the original complaint, pending an adequate resolution of the issues
identified in the complaint, EPIC and the other privacy groups called on
the FTC to promote the development of genuine Privacy Enhancing
Techniques that would protect the privacy interests of American
consumers. Specifically, the complaint urged the FTC to use its
authority to review AskEraser's privacy flaws and order Ask.com to
remove AskEraser from the marketplace.

EPIC's Supplemental Complaint to the FTC (PDF):

     http://epic.org/privacy/ask/askeraser_ftc_complaint_supplemental.pdf

EPIC's Complaint to the FTC (PDF):

     http://epic.org/privacy/ask/epic_askeraser_011908.pdf

EPIC's letter to Ask.com (PDF):

     http://epic.org/privacy/ask/EPIC_%20AskEraser.pdf

EPIC's Page on the AskEraser FTC complaint:

     http://epic.org/privacy/ask/

Ask.com's AskEraser FAQ Page:

     http://sp.ask.com/en/docs/about/askeraser.shtml

========================================================================
[3] Microsoft Proposes $44.6 Billion Acquisition of Yahoo, Inc.
========================================================================

On February 1, 2008, Microsoft made public its $44.6 billion bid to
acquire Yahoo.  The announcement immediately drew the attention of the
U.S. Congress.  Yahoo is considering the offer, and any merger would
require approval by U.S. and international regulators.

Several hours after Microsoft announced its bid, the U.S. House of
Representatives Judiciary Committee made plans for a February 8, 2008
hearing regarding the "State of Competition on the Internet."  The
hearing will include discussion of the proposed Microsoft-Yahoo merger.
Congressmen John Conyers, Jr. and Lamar Smith, senior members of the
Judiciary Committee, said, "Microsoft's bid to acquire Yahoo is
certainly one of the largest technology mergers we've seen and presents
important issues regarding the competitive landscape of the Internet.
[We] intend to give the proposal a careful examination …"  The U.S.
Department of Justice also plans to analyze the deal.  Department
spokeswoman Gina Talamona stated, "[t]he antitrust division would be
interested in looking at the competitive effects of the transaction."

In the past, Microsoft acknowledged that similar mergers raised serious
consumer privacy concerns.  Last September, Microsoft's general counsel,
Brad Smith, criticized the privacy implications of Google's $3.1 billion
acquisition of online ad firm Doubleclick.  Smith told the U.S. Senate,
"with this merger, Google seeks to record nearly everything [consumers]
see and do on the Internet and use that information to target ads," and
"[t]hese privacy issues in fact have antitrust consequences."  Privacy
advocates have raised similar concerns regarding the proposed
Microsoft-Yahoo deal. Jeff Chester, the executive director of the Center
for Digital Democracy, said "Microsoft has been trying to make Google
seem like a threat to privacy, when in fact it's both of them … [w]e may
now have two companies that will rival the National Security Agency in
their ability to compile detailed profiles of users wherever they go
online."

In 2007, privacy groups, including EPIC, had asked regulators to impose
privacy-protecting conditions on the Google-Doubleclick merger.  EPIC
noted that an unconditional approval of the merger would pave the way
for Google to become an "information monopolist."  EPIC Executive
Director Marc Rotenberg told the European Parliament that the EU must
establish privacy safeguards to protect consumers.

In response to the proposed Microsoft-Yahoo merger, EPIC called on
regulators to take into account the privacy consequences for Internet
users, in addition to concerns about competition and innovation.

U.S. House of Representatives, Committee on the Judiciary, Press
Release, February 1, 2008:

     http://judiciary.house.gov/newscenter.aspx?A=917

EPIC's Submission to the European Parliament (PDF):

     http://www.epic.org/privacy/ftc/google/EPIC_LIBE_Submission.pdf

Remarks of Brad Smith, senior vice president, general counsel and
corporate secretary, Microsoft Corporation, Sept. 27, 2007:

     http://epic.org/redirect/microsoft.html

========================================================================
[4] Homeland Security Agency Releases Overdue Privacy Report
========================================================================

The Department of Homeland Security has just published the 2007 Annual
Privacy Report, several months after it was due; following the pattern
of tardiness that the agency has maintained since its creation. The
first report (April 2003 to June 2004) was published in February 2005.
The second report (July 2004 to July 2006) was published in December
2006. EPIC has urged the timely publication of the Annual Reports so
that the Congress and the public can meaningfully evaluate the impact of
the Department's programs on privacy.

The Homeland Security Act of 2002, § 222, gave the Secretary of Homeland
Security the responsibility to "appoint a senior official in the
Department to assume primary responsibility for privacy policy." The
responsibilities of the Chief Privacy Officer include: (1) assuring that
the use of technologies sustain, and do not erode, privacy protections
relating to the use, collection, and disclosure of personal information;
(2) assuring that personal information contained in Privacy Act systems
of records is handled in full compliance with fair information practices
as set out in the Privacy Act of 1974; (3) evaluating legislative and
regulatory proposals involving collection, use, and disclosure of
personal information by the Federal Government; (4) conducting a privacy
impact assessment of proposed rules of the Department or that of the
Department on the privacy of personal information, including the type of
personal information collected and the number of people affected; and
(5) preparing a report to Congress on an annual basis on activities of
the Department that affect privacy, including complaints of privacy
violations, implementation of the Privacy Act of 1974, internal
controls, and other matters.

In its report, the Privacy Office emphasized its increased publication
of Privacy Impact Assessments and Systems of Records Notices for
Homeland Security programs. The Privacy Office also said the
"designation of privacy officers within each operational component" of
the agency is a "high priority."

The report discusses general efforts the Privacy Office has made since
July 2006 to "embed" privacy considerations into the evaluation
processes in the Department of Homeland Security, however there is no
information on whether these efforts have succeeded in reducing threats
to the privacy of Americans. Travel programs were of particular focus:
passenger prescreening program Secure Flight, border security program
US-VISIT, and the Automated Targeting System (which assigns secret,
terrorist "risk assessments" to tens of millions of U.S. citizens and
foreign visitors every year). EPIC has detailed the various privacy and
security risks involved in the technologies and processes of these
programs. EPIC also recently detailed comments urging the agency to
either suspend the Automated Targeting System or to fully apply all
Privacy Act safeguards to any individual subject to the system.

The Privacy Office discussed the meetings of the agency's Data Privacy
and Integrity Advisory Committee, including the committee's comments on
the draft regulations for the proposed REAL ID national identification
system. The report says the committee issued recommendations addressing
"such topics as security safeguards, privacy safeguards, storing
personally identifiable information in the machine readable zone of the
card, access to the States' driver's license databases, and background
checks for employees involved in the manufacturing and production of
REAL ID licenses." However, the report does not disclose that the
committee refused to endorse the agency's plan.

Congress will be able to use the new report to evaluate the Privacy
Office's performance.

DHS Chief Privacy Officer Report Covering July 2004 to July 2006 (PDF):

     http://www.dhs.gov/xlibrary/assets/privacy/privacy_rpt_annual_2007.pdf

Homeland Security Act of 2002 (PDF):

     http://www.dhs.gov/interweb/assetlibrary/privacy_hsa2002_222.pdf

EPIC's page on Privacy Report Held Hostage:

     http://www.epic.org/privacy/oversight/

DHS Data Privacy and Integrity Advisory Committee, Comments Refusing to
Endorse the Draft REAL ID Regulations, May 1, 2007 (PDF):

     http://epic.org/privacy/id-cards/dpiac_comm_050707.pdf

EPIC's page on National ID Cards and the REAL ID Act:

     http://epic.org/privacy/id-cards/

EPIC's page on the Automated Targeting System:

     http://epic.org/privacy/travel/ats/

========================================================================
[5] Security Experts Warn of Dangers From Expansion of Wiretap Powers
========================================================================

In a recent report in the IEEE Privacy and Security journal, several
computer experts warn of the security risks of expanding warrantless
wiretap powers. The report, "Risking Communications Security: Potential
Hazards of the Protect America Act," comes as Congress is debating
extending the warrantless wiretap power provided by the Protect America
Act (PAA) last summer. The PAA removes some surveillance from the
limited FISA court review, allows the government to create more
surveillance programs with limited review, and immunizes
telecommunications companies who participate in these programs from
lawsuits. The report recommends that minimization, robust control and
oversight be built into surveillance systems from the start. A system
without these features will be fraught with risks that are
"fundamentally unacceptable," the report concludes.

The report identifies the three most serious security risks:
unauthorized outsider access, the misuse by a trusted insider, and
misuse by the US government. The surveillance architecture created to
exercise PAA powers could be breached and used by outsiders to spy on
American communications. The threat has been seen before in other
countries, and could come to fruition in the US due to poor security. A
Greek wiretapping system was exploited by an unknown party to listen in
on government conversations. FBI documents of the DCS 3000 telephone
wiretap system revealed several problems in the system's implementation.
This risk turns a surveillance system on its head, making it a point of
attack rather than a bulwark for defense.

Another risk is the misuse by a trusted insider.  Someone with access to
the system could use it for improper purposes. Robert Hanssen abused his
access to FBI systems to steal information and to track investigations
of him. Recently a treasury agent was indicted for using the Treasury
Enforcement Communications System in order to stalk his former
girlfriend.

The third major risk is misuse by the US government. Watergate era
investigations revealed wiretaps of Congressional staff, supreme court
justices. These abuses also targeted non-violent activists such as
Martin Luther King and members of the American Friends Service Committee
and the National Association for the Advancement of Colored People.

Report: Risking Communications Security: Potential Hazards of the
Protect America Act (PDF):

     http://www.computer.org/portal/cms_docs_security/security/2008/n1/24-33.pdf

Privacy On the Line: The Politics of Wiretapping and Encryption, Updated
and Expanded Edition by Whitfield Diffie and Susan Landau:

     http://www.powells.com/biblio/9780262042406?&PID=24075

EPIC's Page on FISA:

     http://epic.org/privacy/terrorism/fisa/

========================================================================
[6] News in Brief
========================================================================

European High Court Protects Internet Privacy

In response to a request from the Spanish national court, the European
Court of Justice ruled today that European community law does not
require European countries to disclose user information in civil cases
involving copyright. The high court for the European Union also ruled
that European Parliament directives on personal data do not entail an
obligation of disclosure of the data for the purposes of ensuring
effective protection of copyright in the context of civil proceedings.
When interpreting and applying the directives, EU Member States should
rely on an interpretation "which allows a fair balance to be struck
between the various fundamental rights protected by the Community legal
order," the court said. The case is Promusicae, C-275/06.

Judgment of the European High Court (January 29, 2008):

     http://epic.org/redirect/european_high_court.html

EPIC and Privacy International, "Privacy and Human Rights Report
(2006)":

     http://epic.org/phr06/


Virginia to Erect Wall of Secrecy Around Fusion Center Activities

On February 1, 2008, the Virginia House Committee on the Militia,
Police, and Public Safety reported on House Bill 1007, which would erect
a wall of secrecy around the activities of the state's Fusion
Intelligence Center located in Richmond Virginia. The bill, entitled
"Fusion Intelligence Centers Confidentiality Immunity," was sponsored by
Delegate Dwight Clinton Jones and would rewrite Virginia's open records
law as well as the state's Government Data Collection and Dissemination
Practices Act. Both laws already address issues of data collection and
sharing that relate to terrorism and criminal activity.

If the bill becomes law, it would create civil and criminal penalties
for information disclosures by employees, and bar subpoena of center
staff in civil cases. Information Fusion Centers are new tools deployed
by local and state government law enforcement agencies through the
awarding of over $380 million in federal grants by the Department of
Homeland Security.  There is no federal government oversight of the more
than 40 local and state centers located in the nation.

EPIC's Page on Information Fusion Centers:

     http://epic.org/privacy/fusion/

Virginial Bill 1007:

     http://leg1.state.va.us/cgi-bin/legp504.exe?081+ful+HB1007


Europe Celebrates Data Protection Day

The Council of Europe designated January 28 as Data Protection Day, a
day to "to inform and educate the public at large as to their day-to-day
rights." In the U.S., newspapers reporters that U.S. Homeland Security
Secretary Michael Chertoff is seeking $6 billion to expand secret
surveillance of Internet communications. This surveillance would include
installing government sensors on private, company networks. EPIC and
Privacy International recently published International Privacy Rankings
for 2007, based on the "Privacy and Human Rights Report," which surveys
privacy developments around the globe.

Council of Europe, "Data Protection Day":

     http://epic.org/redirect/council_of_europe.html

EPIC and Privacy International, "Privacy and Human Rights Report
(2006)":

     http://epic.org/phr06/


Canadian Privacy Commissioners Warn Against 'Enhanced' Licenses

On February 5, 2008, Canada's information and privacy commissioners and
ombudsmen issued a joint resolution "outlining the steps that will need
to be taken to ensure the privacy and security of any Canadian's
personal information accessed" as part of the U.S. Department of
Homeland Security's so-called enhanced driver's license programs.
Homeland Security plans to transform several states' driver's licenses
into federal identification cards, containing more data, such as
citizenship designations, and different technology than the current
licenses. The Canadian officials called for "meaningful and independent
oversight," including "regular reporting of oversight activities and
corrective measures to the Government of Canada and to the Privacy
Commissioner of Canada." The officials also raised questions about the
use of long-range RFID technology in the licenses, demanding strong
security and privacy safeguards for the technology. The U.S. Government
Accountability Office has recommended against RFID chips in ID cards,
stating that this could allow for the "tracking and profiling" of
individuals.

Office of the Privacy Commissioner of Canada, "Enhanced driver's
licences concern Canada's privacy guardians," (February 5, 2008):

     http://www.privcom.gc.ca/media/nr-c/2008/nr-c_080205_e.asp

EPIC, Spotlight on Surveillance, "Enhanced" Licenses Drive Backwards on
Security, Privacy:

     http://epic.org/privacy/surveillance/spotlight/0907/


UK to Force Youths to Buy National ID Card to Apply for Student Loans

Leaked Home Office documents reveal that UK students aged 16 or older
will be expected to obtain a card that could cost up to 100 pounds in
order to open a bank account or get a student loan. The UK government
initially planned to start issuing ID cards to people applying for a
passport in 2010, but the implementation of the plan will be delayed
until 2012. Instead, from 2010 onwards ID cards will be issued to
students who are applying for a loan and people in "positions of trust"
including teachers and social workers. There are concerns that the UK
government is planning to take fingerprints and other biometric details
of about two million people entering higher education each year.

EPIC's Page on National ID Cards and the REAL ID Act:

     http://epic.org/privacy/id-cards/

========================================================================
[7] EPIC Bookstore: "Privacy at Risk"
========================================================================

Privacy at Risk: The New Government Surveillance and the Fourth
Amendment by Christopher Slobogin (University of Chicago Press)

     http://www.powells.com/partner/24075/biblio/9780226762838

Professor Christopher Slobogin, a leading expert on the Fourth Amendment
and new technology, puts forward a new approach to privacy protection in
“Privacy at Risk.” Drawing on the Supreme Court’s Terry v. Ohio decision
from the 1960s, Slobogin proposes that courts adopt a proportional
approach to Fourth Amendment cases. Such an approach would permit less
intrusive searches with a lower legal standard – in Terry the Court
allowed the police without probable case to “stop and frisk” a suspect –
while maintaining a higher standard for more invasive searches. Slobogin
also proposes that where searches occur without individualized suspicion
– data mining, for example – there should be some alignment between the
likelihood of success and the extent of the search. A search through a
lot of data should require that a lot of suspicious people will be
found.

Courts in the United States, generally accustomed to the yes/no settings
of probable cause (the “probable-cause-forever” precept, in the words of
Slobogin), have steered clear of proportionality and created a patchwork
of exceptions and overlapping doctrines. The consequence is a range of
outcomes that include exigency, plain view, “special needs,” and
“totality of the circumstances,” which one appellate judge recently
described in dissent as a “multi-factor, gestalt high-wire act.”

The US had had a little more experience adjusting the dial of Fourth
Amendment protection in the realm of statutory protection. There
Congress has, in the wiretap realm for example, cranked up the setting
for the content of a communication but left privacy in the low position
for transactional data, such as phone numbers dialed. Of course the
setting is not always aligned with the sensitivity of the underlying
information. Cable subscriber records, in the pre-Patriot Act days,
received more protection than medical records.

Proportionality is a more familiar concept in the law flowing from the
European Convention on Human Rights where Article 8 explicitly asks
judges to determine whether the interference with private life is
“necessary in a democratic society.” If recent decisions from the
European Court on such topics as personal identity, wiretapping,
workplace surveillance, and internet privacy are any indicator, Article
8 and proportionality analysis are more likely to protect privacy.

The attraction of this theory is that it also avoids the downward spiral
that is the experience of the reasonable expectation of privacy test.
Under that doctrine, at least as interpreted by courts since the 1967
Katz decision (though perhaps not the intent of the 1928 Olmstead
Brandeis dissent on which Katz is based) the introduction of new
technology almost necessarily diminishes the expectation of privacy
unless a judge or a legislator understands the dilemma and realizes that
societies and not the technologies societies create should determine
their expectations of privacy.

Slobogin also makes the bold and necessary argument that the Fourth
Amendment should protect the privacy interests of individuals in public
spaces, particularly as government cameras systems peer down on innocent
citizens below without limitation. Slobogin describes this as an
interest in “public anonymity” and points to an early opinion by Justice
Rehnquist that recognized the essential problem if police could
routinely record public activity without any basis for suspicion.
Professor Slobogin, who has studied regulation of camera surveillance
for many years, sets out a useful framework for accountability, based on
the Fourth Amendment, that should be required reading for any state
agency that wants funding from the Department of Homeland Security for a
camera surveillance system.

Professor Slobogin also notes what might be called the “public relations
problem” of the exclusionary rule: the remedy for violations of the
Fourth Amendment typically only arise when a criminal suspect is seeking
to keep the ill-gotten evidence from the jury. It is reasonable that the
police should not use evidence improperly obtained, but the doctrinal
consequence is a long line of cases about criminals getting off on a
“technicality.” Maybe a little case law that compensated people
suspected of no crime for the government’s unjustified intrusions would
give the Fourth Amendment some of the fine Constitutional gloss enjoyed
by the First Amendment. In fact, there are several such cases now
pending.

The text of the Fourth Amendment has remained unchanged since the days
that the drafters of the Constitution tossed the Custom House officers
with their writs of Assistance from their homes. Notably, they based
this new freedom from unreasonable intrusion on the right of the people
“to be secure” in their homes and their persons. Professor Slobogin has
written an important book that should help courts preserve this
essential security, which is the basis of Constitutional liberty.

- Marc Rotenberg

================================


EPIC Publications:

"Information Privacy Law: Cases and Materials, Second Edition" Daniel J.
Solove, Marc Rotenberg, and Paul Schwartz. (Aspen 2005). Price: $98.
http://www.epic.org/redirect/aspen_ipl_casebook.html

This clear, comprehensive introduction to the field of information
privacy law allows instructors to enliven their teaching of fundamental
concepts by addressing both enduring and emerging controversies. The
Second Edition addresses numerous rapidly developing areas of privacy
law, including: identity theft, government data mining and electronic
surveillance law, the Foreign Intelligence Surveillance Act,
intelligence sharing, RFID tags, GPS, spyware, web bugs, and more.
Information Privacy Law, Second Edition, builds a cohesive foundation
for an exciting course in this rapidly evolving area of law.

================================

"Privacy & Human Rights 2006: An International Survey of Privacy Laws
and Developments" (EPIC 2007). Price: $75.
http://www.epic.org/phr06/

This annual report by EPIC and Privacy International provides an
overview of key privacy topics and reviews the state of privacy in over
75 countries around the world. The report outlines legal protections,
new challenges, and important issues and events relating to privacy.
Privacy & Human Rights 2006 is the most comprehensive report on privacy
and data protection ever published.

================================

"FOIA 2006: Litigation Under the Federal Open Government Laws," Harry
A. Hammitt, Marc Rotenberg, Melissa Ngo, and Mark S. Zaid, editors
(EPIC 2007). Price: $50. http://www.epic.org/bookstore/foia2006

This is the standard reference work covering all aspects of the Freedom
of Information Act, the Privacy Act, the Government in the Sunshine Act,
and the Federal Advisory Committee Act.  The 23nd edition fully updates
the manual that lawyers, journalists and researchers have relied on for
more than 25 years.  For those who litigate open government cases (or
need to learn how to litigate them), this is an essential reference
manual.

================================

"The Public Voice WSIS Sourcebook: Perspectives on the World Summit on
the Information Society" (EPIC 2004). Price: $40.
http://www.epic.org/bookstore/pvsourcebook

This resource promotes a dialogue on the issues, the outcomes, and the
process of the World Summit on the Information Society (WSIS).  This
reference guide provides the official UN documents, regional and
issue-oriented perspectives, and recommendations and proposals for
future action, as well as a useful list of resources and contacts for
individuals and organizations that wish to become more involved in the
WSIS process.

================================

"The Privacy Law Sourcebook 2004: United States Law, International Law,
and Recent Developments," Marc Rotenberg, editor (EPIC 2005). Price:
$40.
http://www.epic.org/bookstore/pls2004/

The Privacy Law Sourcebook, which has been called the "Physician's Desk
Reference" of the privacy world, is the leading resource for students,
attorneys, researchers, and journalists interested in pursuing privacy
law in the United States and around the world. It includes the full
texts of major privacy laws and directives such as the Fair Credit
Reporting Act, the Privacy Act, and the OECD Privacy Guidelines, as well
as an up-to-date section on recent developments. New materials include
the APEC Privacy Framework, the Video Voyeurism Prevention Act, and the
CAN-SPAM Act.

================================

"Filters and Freedom 2.0: Free Speech Perspectives on Internet Content
Controls" (EPIC 2001). Price: $20.
http://www.epic.org/bookstore/filters2.0

A collection of essays, studies, and critiques of Internet content
filtering.  These papers are instrumental in explaining why filtering
threatens free expression.

================================

EPIC publications and other books on privacy, open government, free
expression, crypto and governance can be ordered at:

EPIC Bookstore http://www.epic.org/bookstore

"EPIC Bookshelf" at Powell's Books
http://www.powells.com/bookshelf/epicorg.html

================================

EPIC also publishes EPIC FOIA Notes, which provides brief summaries of
interesting documents obtained from government agencies under the
Freedom of Information Act.

Subscribe to EPIC FOIA Notes at:
https://mailman.epic.org/cgi-bin/control/foia_notes


========================================================================
[8] Upcoming Conferences and Events
========================================================================

Mobility, Data Mining And Privacy: Preserving Anonymity in
Geographically Referenced Data. February 14, 2008. Rome, Italy. For more
information: http://wiki.kdubiq.org/mobileDMprivacyWorkshop

ALI-ABA, Privacy Law: Developments, Planning, and Litigation. March
13-14, 2008. Washington, D.C. For more information: 
http://www.ali-aba.org/CN090

First Annual Freedom of Information Day Celebration. March 17, 2008.
American University Washington College of Law, DC. For more information:
http://www.wcl.american.edu/secle/founders/2008/031708.cfm

Openthegovernment.org, "Government Secrecy: Censoring Your Right to
Know." March 19, 2008. National Press Club, DC. For more information:
http://www.openthegovernment.org/article/subarchive/109

CFP 2008: Technology Policy 08. New Haven, Connecticut. May 19-23,
2008. For more information: http://www.cfp2008.org

Future of the Internet Economy - OECD Ministerial Meeting. June 17-18,
2008. Seoul, Korea. For more information:
http://www.oecd.org/document/19/0,2340,en_2649_37441_38051667
_1_1_1_37441,00.html

Conference on Ethics, Technology and Identity. The Hague. June 18-20,
2008. For more information http://www.ethicsandtechnology.eu/ETI

======================================================================
Subscription Information
======================================================================

Subscribe/unsubscribe via web interface:

https://mailman.epic.org/cgi-bin/mailman/listinfo/epic_news

Back issues are available at:

http://www.epic.org/alert

The EPIC Alert displays best in a fixed-width font, such as Courier.

========================================================================
Privacy Policy
========================================================================

The EPIC Alert mailing list is used only to mail the EPIC Alert and to
send notices about EPIC activities.  We do not sell, rent or share our
mailing list.  We also intend to challenge any subpoena or other legal
process seeking access to our mailing list.  We do not enhance (link to
other databases) our mailing list or require your actual name.

In the event you wish to subscribe or unsubscribe your e-mail address
from this list, please follow the above instructions under "subscription
information."

========================================================================
About EPIC
========================================================================

The Electronic Privacy Information Center is a public interest research
center in Washington, DC.  It was established in 1994 to focus public
attention on emerging privacy issues such as the Clipper Chip, the
Digital Telephony proposal, national ID cards, medical record privacy,
and the collection and sale of personal information. EPIC publishes the
EPIC Alert, pursues Freedom of Information Act litigation, and conducts
policy research.  For more information, see http://www.epic.org or write
EPIC, 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009. +1 202
483 1140 (tel), +1 202 483 1248 (fax).

========================================================================
Donate to EPIC
========================================================================

If you'd like to support the work of the Electronic Privacy Information
Center, contributions are welcome and fully tax-deductible.  Checks
should be made out to "EPIC" and sent to 1718 Connecticut Ave., NW,
Suite 200, Washington, DC 20009.  Or you can contribute online at:
http://www.epic.org/donate

Your contributions will help support Freedom of Information Act and
First Amendment litigation, strong and effective advocacy for the right
of privacy and efforts to oppose government regulation of encryption and
expanding wiretapping powers.

Thank you for your support.

------------------------- END EPIC Alert 15.03 -------------------------

.