[EPIC NEWS] EPIC Alert 15.16
EPIC News
alert at epic.org
Tue Aug 12 16:09:57 EDT 2008
========================================================================
E P I C A l e r t
========================================================================
Volume 15.16 August 8,
2008
------------------------------------------------------------------------
Published by the
Electronic Privacy Information Center (EPIC)
Washington, D.C.
http://www.epic.org/alert/EPIC_Alert_15.16.html
========================================================================
Table of Contents
========================================================================
[1] China to Spy on and Censor Olympic Visitors' Internet Activity
[2] President Consolidates Surveillance Authority
[3] FTC Approves Data Breach Settlements, Without Monetary
Penalties
[4] Registered Traveler Program Halted After Data Breach
[5] Congressional Leaders Address Corporate Behavioral Profiling
[6] News in Brief
[7] EPIC Bookstore: "Batman: The Dark Knight"
[8] Upcoming Conferences and Events
- Subscription Information
- Privacy Policy
- About EPIC
- Donate to EPIC http://www.epic.org/donate
- Support Privacy '08 http://www.privacy08.org
========================================================================
[1] China to Spy on and Censor Olympic Visitors' Internet Activity
========================================================================
On July 30, 2008, Senators Sam Brownback and Jim Bunning introduced
a Senate Resolution expressing concern regarding the "deterioration
of respect for privacy and human rights in the People's Republic of
China before the 2008 Olympic Games in Beijing." Senator Brownback
announced that he has obtained an order from China's Public
Security
Bureau that requires foreign-owned hotels to install invasive
snooping equipment that monitors Olympic visitors' Internet
activity. The hardware and software installed on hotel networks
will
collect and transmit sensitive data from hotel guests, including
foreign visitors and journalists, to the Chinese Government.
Brownback observed that this directive contradicts China's pledge
to
the International Olympic Committee that the country would
"maintain
an environment free of government censorship during the Games."
China's security practices prompted the U.S. State Department to
issue a warning for Americans intending to travel to the 2008
Beijing Olympics. The U.S. Government cautioned visitors to expect
lowered standards of privacy, as well as surveillance by the
Chinese
authorities. The travel advisory warns that hotel rooms and offices
may be subject to technical monitoring and may be accessed without
the consent or knowledge of the occupant. In response, Chinese
Foreign Ministry Spokesperson Qin Gang called the State Department
warning "irresponsible" and maintained that foreign visitors would
have privacy protections in China, as guaranteed by the law. The
Chinese Constitution and statutes do provide some privacy
protections, but enforcement has been uneven. The spying plan also
contravenes longstanding international privacy and human rights
norms, including Article 12 of the Universal Declaration of Human
Rights, which prohibits "arbitrary interference with privacy,
family, home or correspondence."
In addition, Senators Sherrod Brown and James Inhofe sent a letter
to IOC President Jacques Rogge calling on the International Olympic
Committee to reverse a reported Internet censorship deal it has
made
with China. Contrary to promises made by China's Olympic organizing
committee, the Chinese government will censor sensitive sites "not
considered Games related." In 2001, to secure the Summer Olympics,
China assured Olympic organizers that foreign journalists would
enjoy
"complete freedom to report" when they arrive in 2008. But, the
temporary regulations enacted for the duration of the Games that
allowed for reporting on "political, economic, social and cultural
matters" included the caveat that such reporting be done "in
conformity with Chinese laws and organizations." The IOC denied
entering into any censorship arrangement and continues to encourage
the Chinese officials "to provide media with the fullest access
possible to report on the Olympic Games, including access to the
Internet." Currently, web sites associated with sensitive issues
are
blocked, including those related to Amnesty International and
Tibet.
In the most recent edition of the annual Privacy and Human Rights
report, EPIC reported that China was building a massive
infrastructure
for state surveillance and noted that US firms, such as China
Information Security Technologies and L-1 Identity Solutions, were
supplying surveillance equipment in apparent violation of the
Department of Commerce guidelines, adopted after the Tiananmen
Square massacre of 1989. In September 2006, EPIC wrote to Commerce
Secretary and urged Mr. Gutierrez to address the risk that the
Chinese government would use the technology exported from the
United States to track "dissidents, journalists, and members of
'unauthorized religions.'"
Senate Resolution Regarding Olympic Spying, S. Res. 633:
http://thomas.loc.gov/cgi-bin/query/z?c110:S.Res.633:
Letter to IOC President Jacques Rogge:
http://epic.org/redirect/080808_ioc.html
U.S. State Department Travel Advisory for Olympics 2008:
http://epic.org/redirect/080808_olym_travel.html
EPIC Letter to Secretary Gutierrez (Sept. 20, 2006)
http://www.epic.org/privacy/intl/doc_china_letter.pdf
EPIC's Privacy and Human Rights report:
http://epic.org/phr06/
EPIC page on Olympic Privacy:
http://epic.org/privacy/olympic/
========================================================================
[2] President Consolidates Surveillance Authority
========================================================================
On July 30, 2008, President Bush revised a key Executive Order that
defines the authorities of the US intelligence agencies. First
written in 1981, Executive Order 12333 establishes the "Goals,
Directions, Duties, and Responsibilities with Respect to United
States Intelligence Efforts" as well as the "Conduct of
Intelligence
Activities." The Director of National Intelligence (DNI) drafted
the
revised Order that grants the top intelligence office new powers to
coordinate domestic surveillance. According to Director Mike
McConnell, these amendments respond to key findings of the 9/11 and
WMD Commissions while "maintain[ing] or strengthen[ing] the
protections for privacy rights and civil liberties."
The newly amended Order establishes the Director of National
Intelligence as the head of the Intelligence Community who bears
ultimate responsibility for the production and dissemination of
intelligence. Also, the Director "may enter into intelligence
related agreements with foreign governments and international
organizations." The DNI exercises budgetary authority over the
National Intelligence Program to create groups and acquire
resources
that facilitate the task of "lead[ing] a unified, coordinated, and
effective intelligence effort." This Order contains several
definitional changes, including the introduction of the terms
"civil
liberties" and "privacy," and replacement of the vaguely
descriptive
"special activities" with the better understood "covert action."
Critics claim that the amended Executive Order 12333 unnecessarily
expands Executive power. The American Civil Liberties Union has
expressed fears that the new focus on domestic threats allows the
DNI to task any agency to spy on American citizens at home. The
Electronic Frontier Foundation asserts that the proposed amendments
are unnecessary because sufficient mechanisms are already in place
to conduct surveillance. Currently, the National Security Agency
may obtain the Attorney General's authorization for such
surveillance only if the AG has probable cause to believe a U.S.
person overseas is an agent of a foreign power, a spy, a terrorist,
or someone who aids or abets them.
Some legislators condemn the Bush administration's penchant for
secrecy and prior violations of existing Executive Orders. Senators
Russ Feingold and Sheldon Whitehouse plan to introduce a bill that
requires the President to place a notice in the Federal Register
upon modification or revocation of a published Order. Senator
Feingold cites the administration's claim that the warrantless
wiretapping program constituted a tacit amendment, not a violation,
of Executive Order 12333.
EPIC previously warned the 9/11 Commission that new surveillance
authorities require new forms of oversight. Freedom of Information
Act litigation pursued by EPIC found that the Intelligence
Oversight
Board has routinely failed to investigate unlawful investigations
since passage of the Patriot Act and urged Congress to establish a
statutory basis for oversight of intelligence abuses within the
United States.
2008 Amendments to Executive Order 12333:
http://www.whitehouse.gov/news/releases/2008/07/20080731-2.html
Executive Order 12333:
http://www.whitehouse.gov/infocus/nationalsecurity/
amended12333.pdf
Senate Bill, S. 3405 (introduction pending):
http://www.fas.org/sgp/congress/2008/secretlaw.html
EPIC Testimony Before the 9-11 Commission:
http://epic.org/privacy/terrorism/911commtest.pdf
EPIC FOIA Notes #12: More Reports of Unlawful Intelligence
Investigations
http://epic.org/foia_notes/note12.html
EPIC Letter to Senators Specter and Chairman (June 16, 2006)
http://epic.org/privacy/surveillance/sen_iob_letter.pdf
========================================================================
[3] FTC Approves Data Breach Settlements, Without Monetary
Penalties
========================================================================
The Federal Trade Commission (FTC) has finalized two separate
settlements, one with discount retailer TJX, and another with data
brokers Reed Elsevier and Seisint. The settlements arise from the
companies' failures to provide reasonable and appropriate security
for sensitive consumer information, resulting in the exposure of
the
sensitive personal information of over 500,000 consumers and
millions of dollars in financial fraud. The final settlements
announced this week impose security and audit responsibilities on
the companies, but none of the financial penalties that EPIC had
requested.
In April, EPIC filed comments with the FTC urging federal
regulators
to include civil penalties in the settlements. EPIC acknowledged
the
security and audit provisions may result in marginal improvements
to
the security and privacy practices of TJX (whose retail stores
include Marshall's and TJMaxx) and to Reed Elsevier and Seisint,
the
databrokers responsible for the LexisNexis database service.
However, EPIC argued that information security programs and audits
were insufficient to safeguard the sensitive consumer data held by
TJX and LexisNexis. EPIC argued that substantial civil penalties
were warranted, not only as a punitive measure against TJX and
LexisNexis, but also to provide strong practical incentives to
these
and companies who collect and store sensitive consumer data.
EPIC also noted that the FTC imposed $10 million in civil penalties
in a similar settlement regarding privacy breaches by Choicepoint.
After EPIC filed a complaint in 2004 alleging that the databroker's
business practices put consumers' privacy at risk, the Commission
determined that ChoicePoint's failure to employ reasonable security
policies compromised the sensitive personal data of more than
163,000 consumers. Like the TJX and LexisNexis Consent Orders, the
ChoicePoint settlement required the company to implement a
comprehensive information security program and obtain independent
audits of its information security programs for twenty years.
Unlike
the Consent Orders, the ChoicePoint settlement also required the
company to pay $10 million in civil penalties and $5 million in
consumer redress. "The similarities are striking between the
ChoicePoint data breach on the one hand, and the TJX and LexisNexis
breaches on the other," EPIC wrote to the FTC in April. "The
difference between the financial penalty imposed in the ChoicePoint
settlement and the TJX and LexisNexis Consent Orders is equally
remarkable. Given the greater severity of the TJX and LexisNexis
data breaches, each Consent Order should include civil penalties of
at least $10 million - the civil penalty levied in the ChoicePoint
settlement."
The settlements arose from data breaches that exposed the sensitive
personal information of over 500,000 consumers and resulted in
millions of dollars in financial fraud. According to the FTC
complaint against TJX, the retailer, which operates over 2,500
stores worldwide, failed to use reasonable and appropriate security
measures to prevent unauthorized access to personal information on
its computer networks. As a result, an intruder was able to access
tens of millions of credit and debit payment cards, as well as the
personal information of approximately 455,000 consumers. Banks
claimed that tens of millions of dollars in fraudulent charges were
made on the cards and millions of cards were cancelled and
reissued.
In its action against data brokers Reed Elsevier (REI) and Seisint,
the FTC alleged that the companies allowed customers to use
easy-to-guess passwords to access Seisint's "Accurint" databases.
The databases contained sensitive consumer information, including
drivers license numbers and Social Security numbers. Identity
thieves exploited these security failures, and obtained sensitive
information about at least 316,000 consumers from Accurint
databases. The identity thieves used the information to activate
credit cards and open new accounts, and made fraudulent purchases
on
the cards and new accounts.
EPIC's comments on the FTC consent orders with TJC, Reed Elseivier
and Seisint:
http://epic.org/privacy/idtheft/042808_ftc.pdf
FTC announces settlement with TJC, Reed Elsevier and Seisint for
failing to provide adequate security for consumers' data (March 27,
2008):
http://www.ftc.gov/opa/2008/03/datasec.shtm
FTC approves final Consent Order (August 1, 2008):
http://ftc.gov/opa/2008/08/tjxreed.shtm
For more on data breaches and ID theft, see EPIC's Identity Theft:
Its Causes and Solutions page:
http://epic.org/privacy/idtheft/
========================================================================
[4] Registered Traveler Program Halted After Data Breach
========================================================================
The Transportation Security Administration (TSA) announced that it
is suspending new applications to the Clear Registered Traveler
Program after vulnerabilities were discovered in the storage of
applicants' sensitive personal information. The security flaws came
to light after an unencrypted laptop computer was stolen from San
Francisco International Airport on July 26. The computer was owned
by Verify Identity Pass (VIP), the company which operates the
registered traveler scheme. It contained unencrypted personal
information regarding approximately 33,000 travelers, including
names, addresses, and passport and driver's license numbers.
In the wake of the data theft, government officials suspended new
applications to the Clear program, and also asked that the
subcontractor for the program immediately notify the individuals
impacted. In addition, San Francisco and all other airports using
Clear have been instructed to ensure that VIP suspends enrollment,
ceases use of any unencrypted computers, and secures the devices
until encryption can be installed. TSA requires registered traveler
service providers and sponsoring entities to encrypt all files
containing participants' sensitive personal information.
Noncompliance can result in actions including suspension of a
program and possible civil penalties.
The Clear program permits users to bypass normal airport security
lines after they enroll and undergo a background check. Applicants
are required to fill out basic background information, then the
company verifies an applicant's identity by requiring two forms of
government-issued identification. Clear captures an applicant's
photograph, fingerprint images and iris images. Clear is the
largest
registered traveler program participant with over 165,000 fliers
for
sixteen different programs at Albany, Cincinnati, Denver,
Washington
D.C. Dulles, Washington D.C. Reagan National, Indianapolis, Little
Rock, New York LaGuardia, New York JFK, Newark, Oakland, Orlando,
Salt Lake City, San Jose, San Francisco and Westchester Airports.
EPIC has warned of the privacy and security risks posed by
registered traveler programs. EPIC has expressed concerns because
the programs' members do not have the protections of the federal
Privacy Act, as only government agencies are subject to the law.
Also, the programs can suffer from mission creep - a risk that
information volunteered will be used for reasons not related to
their original aviation security purposes. EPIC has also warned
about the problem of "false positives" within the system and the
absence of effective redress procedures that would leave many
travelers improperly designated as "high-risk."
EPIC's page on passenger profiling:
http://epic.org/privacy/airtravel/profiling.html
EPIC's Spotlight on Surveillance Regarding Registered Traveler
Programs:
http://epic.org/privacy/surveillance/spotlight/1005/
TSA's press release on the suspension of the Clear program:
http://www.tsa.dhs.gov/press/releases/2008/0804.shtm
Clear:
http://www.flyclear.com/about/clear_howclearworks.html
========================================================================
[5] Congressional Leaders Address Corporate Behavioral Profiling
========================================================================
Senior members of Congress have requested details of Internet
companies' efforts to spy on their customers. In a letter sent to
33 companies, including AT&T, Time Warner, Microsoft, and Google,
the Congressmen ask whether the companies have experimented with
certain behavioral advertising techniques which impinge on consumer
privacy and may fall afoul of federal law.
The inquiries come after Congress criticized two companies that
publicly announced their own plans to spy on their users. In May,
some subscribers of Charter Communications' broadband Internet
service received notices stating that Charter would soon begin to
perform Deep Packet Inspection (DPI) of their Internet traffic.
Charter had partnered with a company called NebuAd to use DPI
techniques to develop profiles of customers' online behavior, and
then target advertising at individual users. Charter dropped the
program a month later, after Reps. Edward J. Markey (D-MA) and Joe
Barton (R-TX) challenged its legality under the federal Wiretap Act
and the Cable Television Privacy Act.
In July, another internet service provider, Embarq, dropped its own
partnership with NebuAd after Congressmen raised similar
criticisms.
Digital rights groups have documented how NebuAd's hardware uses
security exploits to spy on users, violating fundamental
expectations of Internet privacy and security. This week,
Congressman Edward J. warned that "new technologies, such as 'deep
packet inspection' technologies, have the ability to track every
single website that a consumer visits while surfing the Web" and
stated that these techniques "raise clear privacy issues."
Members of Congress are now taking a preemptive step to determine
whether other leading telcos and Internet firms are experimenting
with similar invasive techniques. In the letter, leaders from both
parties question the "growing trend of companies tailoring Internet
advertising based upon consumers' Internet search, surfing, or
other
use." They ask whether the companies correlate that data across
other services or applications, and, if not, "what steps you take
to
make sure such correlation does not happen." They also seek
assurances that the companies offer such targeted advertising as an
"opt-in" service, and if not, asks how customers were notified of
their opportunities to opt-out. The letter also expresses concern
that these practices may violate the privacy protections contained
in the Communications Act of 1934, the Cable Act of 1984, and the
Electronic Communications Privacy Act. It also raises the prospect
of new legislation "to ensure that the same protections apply
regardless of the particular technologies or companies involved."
Letter from members of Congress to 33 telecom companies:
http://markey.house.gov/docs/telecomm/letter_dpi_33_companies.pdf
Letter from senior members of Congress to Charter Communications:
http://www.epic.org/privacy/dpi/051608charter_ltr.pdf
EPIC's page on Deep Packet Inspection and Privacy:
http://epic.org/privacy/dpi/
========================================================================
[6] News in Brief
========================================================================
Washington State Supreme Court rules in favor of privacy rights
Last week the Washington State Supreme Court ruled in favor of the
privacy rights of teachers accused of sexual misconduct. The
lawsuit
was brought by 15 teachers asking the judiciary to prevent their
districts from releasing their identities in response to a
public-records request by The Seattle Times. The court, in 6-3
vote,
sided with the accused teachers, finding that the names of teachers
must be disclosed only in cases where sexual misconduct has been
found or some form of discipline has taken place. In
unsubstantiated
cases, the details of any investigation may be disclosed - but with
the teacher's name redacted, or blacked out. Justice Mary
Fairhurst,
for the majority, wrote: "The mere fact of the allegation of sexual
misconduct toward a minor may hold the teacher up to hatred and
ridicule in the community, without any evidence that such
misconduct
ever occurred." Justice Barbara Madsen dissented, writing that as a
consequence of the court's ruling, "predatory teachers may go
undetected and unpunished. But the most unfortunate consequence,
and
one that is completely unacceptable, is that if predatory teachers
are undetected, children will continue to suffer at their hands."
Seattle Times Article:
http://epic.org/redirect/080808_seattle.html
Decision:
http://epic.org/redirect/080808_washington.html
EPIC Files Brief in Email Privacy Case
On August 1, 2008, EPIC submitted a brief in Bunnell v. MPAA, a
privacy case pending in the Ninth Circuit Court of Appeals. EPIC's
"friend of the court" brief supported enforcement of federal
protections for email privacy. In Bunnell, a former TorrentSpy
employee hacked the peer-to-peer search engine's corporate email
server to copy private emails that were of interest to the MPAA, a
motion picture industry group. The federal Wiretap Act bars
unauthorized interception of electronic communications, and
Bunnell,
a TorrentSpy employee and victim of the email snooping, sued. Last
year, a California federal trial court reasoned that emails
secretly
swiped en route to their final destination were not "intercepted"
under the federal Wiretap Act because they were in milliseconds-
long
"storage" on an email server. EPIC argued that the federal law's
language and legislative history reflect Congress' intent to
prohibit exactly the sort of unauthorized email interceptions
implicated by Bunnell. The Electronic Frontier Foundation and
Stanford Law School's Center for Internet and Society also filed
briefs in support of Bunnell and other TorrentSpy employees. EPIC
previously advocated for email privacy protections in a similar
case, U.S. v. Councilman. In Councilman, the First Circuit Court of
Appeals agreed with EPIC, and ruled that the interception of e-mail
in brief, temporary storage violates federal law.
EPIC's Brief:
http://epic.org/privacy/bunnell/bunnell_amicus_final.pdf
EPIC page on Bunnell v. MPAA:
http://epic.org/privacy/bunnell/
EPIC page on United States v. Councilman:
http://epic.org/privacy/councilman/
The Wiretap Act:
http://www4.law.cornell.edu/uscode/18/ch119.html
Google Launches Street View Surveillance Project in Australia
On August 4, 2008, Google Street View added Australia to its roster
of countries subjected to 360-degree photographic surveillance.
Google Street View enables users to view and navigate 360-degree
street level imagery originally taken from cameras mounted on
vehicles. In the past, Google Street View has posted compromising
images that remain publicly available until someone files an online
complaint. Privacy advocates worry that Google's images invade an
individual's right to privacy. The Australian Privacy Foundation's
expressed concerns regarding: the posting of individuals' images on
the Internet without their consent; the unwanted identification of
individuals' presence in a specific location; and the use of
inappropriate or illegal photo collection techniques.
Google Street View Australia:
http://maps.google.com.au/help/maps/streetview/
Australian Privacy Foundation's Policy on Google Street View:
http://www.privacy.org.au/Papers/StreetView-0804.html
Policy Framework for Analyzing Location Privacy Issues:
http://epic.org/privacy/location/jwhitelocationprivacy.pdf
Massachusetts considers bill that includes breach notification
Massachusetts is considering a bill that would create a
notification
requirement for medical records breaches. The legislation -
H4974/S2863, An Act to Promote Cost Containment, Transparency and
Efficiency in the Delivery of Quality Health Care - has passed the
senate and is awaiting the approval of the house. It includes
privacy and data security protections within a statewide electronic
medical records system, including notice of unauthorized
disclosures
of health information, providing patients an audit trail of who has
accessed their records, and requiring that participation in an
electronic medical record system be based on patient permission.
H4974 has been applauded by the Aids Action Committee of
Massachusetts for its strong protection of patient privacy, which
is
of particular concern to people with HIV/AIDS.
S2863:
http://www.mass.gov/legis/bills/senate/185/st02/st02526.htm
Amendments Proposed by the House:
http://www.mass.gov/legis/bills/house/185/ht04pdf/ht04974.pdf
EPIC article on medical records privacy:
http://epic.org/privacy/medical/
AIDS Action Committee of Massachusetts Press Release:
http://www.aac.org/site/News2?page=NewsArticle&id=19335
Soviet Dissident, Author, and Nobel Peace Prize Winner Laid To Rest
Alexander Solzhenitsyn, the Russian dissident and Nobel Peace Prize
winner who exposed the horrors of the Soviet Gulag, died this week.
Solzhenitsyn, who spent eleven years in the Gulag system soon after
World War II, is best known for his massive study of the labor
camps, "The Gulag Archipelago," as well as novels like "A Day In
the
Life Of Ivan Denisovich," a simple but detailed description of one
day in a camp prisoner's life. Solzhenitsyn wrote powerfully about
state surveillance. Justice Douglas cited Solzhenitsyn in a famous
dissent in a Supreme Court case concerning the chilling effects of
police surveillance of political protest. There is also a famous
passage in The Cancer Ward that was later cited in the 1973
HEW Report, "Records, Computers and the Rights of Citizens," and
David Burnham's "The Rise of the Computer State."
"As every man goes through life he fills in a number of forms
for the record, each containing a number of questions . . .
There are thus hundreds of little threads radiating from every
man, millions of threads in all. If these threads were suddenly
to become visible, the whole sky would look like a spider's web,
and if they materialized like rubber bands, buses and trams and
even people would lose the ability to move and the wind would be
unable to carry torn-up newspapers or autumn leaves along the
streets of the city."
Washington Post: Solzhenitsyn Buried in Moscow
http://epic.org/redirect/080808_wapo.html
Laird v. Tatum, 408 U.S. 1 (US 1972)
http://supreme.justia.com/us/408/1/case.html
Records, Computers, and the Rights of Citizens (HEW 1973)
http://www.epic.org/privacy/hew1973report/c3.htm
Freedom Not Fear: international campaign against surveillance mania
On October 11, 2008 the Electronic Privacy Information Center
(EPIC)
together with many people and organizations from around the world
will take to the streets in a peaceful and creative action. Under
the motto "Freedom Not Fear 2008", large demonstrations will
include
DJs, parties, art festivals, workshops of privacy enhancing
technologies, and protest marches against data retention practices.
"Freedom Not Fear 2008" will take place in more than 30 capital
cities including Washington DC. This worldwide campaign seeks to
raise awareness for the need of greater freedom and democracy all
over the World requesting: Cutback on surveillance; Evaluation of
existing surveillance powers; Moratorium for new surveillance
powers; Guaranteeing privacy, freedom of expression and information
on the Internet. To join the campaign in the United States, please
send a message to EPIC at thepublicvoice[at]datos-
personales[dot]org
Freedom Not Fear International Action Overview:
http://www.freedom-not-fear.eu/
The Freedom Not Fear Wiki:
http://wiki.vorratsdatenspeicherung.de/Freedom_Not_Fear_2008
Get involved: Local organizers and media contacts:
http://epic.org/redirect/080808_involved.html
The Public Voice, Freedom not Fear Campaign:
http://www.thepublicvoice.org/events/freedom-not-fear-08
========================================================================
[7] EPIC Bookstore: "Batman: The Dark Knight"
========================================================================
"Batman: The Dark Knight"
As a summer full of nefarious privacy invasions draws to a close,
EPIC thought it could afford a brief vacation. "Why so serious?" we
asked, as we hung up our identity-protecting mask and joined the
anonymous masses looking for escapism. But The Dark Knight only
reminded us that the anti-privacy villains never take a vacation.
When they're hard to identify, it's just because they're hiding in
costume.
In this comic-book world, as in the real world, the anti-privacy
villains pose the biggest threat when they dress up as heroes. The
ambivalence that Gothamites feel toward Batman's high-tech
terror-fighting techniques is a central theme of the movie. The
bat-cave features all the worst ideas invented by modern
law-enforcement-surveillance cameras (bought from L-1?) that map
facial features, imaging technology that knows no boundaries,
fusion-center-like dossiers on every Gothamite, and the wiretapping
of millions of cell phones. "Spying on 30 million people isn't part
of my job description," retorts Batman's accomplice Lucius, when
Batman tries to turn him into a Poindexter with sole control over
these tools. "You've turned every cell phone in Gotham into a
microphone." Art imitates life so well, it must have been spying on
it.
Batman prefers to keep his identity private, and EPIC defends the
right of all superheroes to do so. And Gotham's press, police and
general population take the same position-as long as it makes them
safer. But when the Joker blackmails the city in exchange for
Batman's real name, Gotham's principled commitment to privacy goes
up in chaos. Thankfully, real-life privacy hero Senator Patrick
Leahy, who never hides his views in a costume, enters briefly to
take a courageous pro-privacy stand, telling the Joker to his face,
"We're not intimidated by thugs."
If only we were still living in a comic book in the '50s, where
doing good meant fighting crime, and we knew exactly who the
criminals were! But after 9/11, that comic-book world-view sorely
needed an update, and Dark Knight provides it. The movie leaves us
confused as to the identity of the real bad guy: whether the real
threat to Gotham is the terrorist-mob, still making headlines but
long on the wane, or Batman, who leads a high-tech but invasive
attack on that mob. We also wonder whether the Joker can cow the
public with enough high-profile threats that they will willingly
betray their most cherished values. "When the chips are down,
these
civilized people, they'll eat each other," laughs the Joker in a
line that has been widely quoted. What deserves greater mention is
that when the Joker puts them to the test, they do not.
-- Andrew Gradman
================================
EPIC Publications:
"Information Privacy Law: Cases and Materials, Second Edition"
Daniel J.
Solove, Marc Rotenberg, and Paul Schwartz. (Aspen 2005). Price:
$98.
http://www.epic.org/redirect/aspen_ipl_casebook.html
This clear, comprehensive introduction to the field of information
privacy law allows instructors to enliven their teaching of
fundamental
concepts by addressing both enduring and emerging controversies.
The
Second Edition addresses numerous rapidly developing areas of
privacy
law, including: identity theft, government data mining and
electronic
surveillance law, the Foreign Intelligence Surveillance Act,
intelligence sharing, RFID tags, GPS, spyware, web bugs, and more.
Information Privacy Law, Second Edition, builds a cohesive
foundation
for an exciting course in this rapidly evolving area of law.
================================
"Privacy & Human Rights 2006: An International Survey of Privacy
Laws
and Developments" (EPIC 2007). Price: $75.
http://www.epic.org/phr06/
This annual report by EPIC and Privacy International provides an
overview of key privacy topics and reviews the state of privacy
in over
75 countries around the world. The report outlines legal
protections,
new challenges, and important issues and events relating to
privacy.
Privacy & Human Rights 2006 is the most comprehensive report on
privacy
and data protection ever published.
================================
"FOIA 2006: Litigation Under the Federal Open Government Laws,"
Harry A.
Hammitt, Marc Rotenberg, Melissa Ngo, and Mark S. Zaid, editors
(EPIC
2007). Price: $50.
http://www.epic.org/bookstore/foia2006
This is the standard reference work covering all aspects of the
Freedom
of Information Act, the Privacy Act, the Government in the
Sunshine Act,
and the Federal Advisory Committee Act. The 23nd edition fully
updates
the manual that lawyers, journalists and researchers have relied
on for
more than 25 years. For those who litigate open government cases
(or
need to learn how to litigate them), this is an essential reference
manual.
================================
"The Public Voice WSIS Sourcebook: Perspectives on the World
Summit on
the Information Society" (EPIC 2004). Price: $40.
http://www.epic.org/bookstore/pvsourcebook
This resource promotes a dialogue on the issues, the outcomes,
and the
process of the World Summit on the Information Society (WSIS).
This
reference guide provides the official UN documents, regional and
issue-oriented perspectives, and recommendations and proposals for
future action, as well as a useful list of resources and contacts
for
individuals and organizations that wish to become more involved
in the
WSIS process.
================================
"The Privacy Law Sourcebook 2004: United States Law,
International Law,
and Recent Developments," Marc Rotenberg, editor (EPIC 2005).
Price:
$40.
http://www.epic.org/bookstore/pls2004/
The Privacy Law Sourcebook, which has been called the
"Physician's Desk
Reference" of the privacy world, is the leading resource for
students,
attorneys, researchers, and journalists interested in pursuing
privacy
law in the United States and around the world. It includes the full
texts of major privacy laws and directives such as the Fair Credit
Reporting Act, the Privacy Act, and the OECD Privacy Guidelines,
as well
as an up-to-date section on recent developments. New materials
include
the APEC Privacy Framework, the Video Voyeurism Prevention Act,
and the
CAN-SPAM Act.
================================
"Filters and Freedom 2.0: Free Speech Perspectives on Internet
Content
Controls" (EPIC 2001). Price: $20.
http://www.epic.org/bookstore/filters2.0
A collection of essays, studies, and critiques of Internet content
filtering. These papers are instrumental in explaining why
filtering
threatens free expression.
================================
EPIC publications and other books on privacy, open government, free
expression, crypto and governance can be ordered at:
EPIC Bookstore
http://www.epic.org/bookstore
"EPIC Bookshelf" at Powell's Books
http://www.powells.com/bookshelf/epicorg.html
================================
EPIC also publishes EPIC FOIA Notes, which provides brief
summaries of
interesting documents obtained from government agencies under the
Freedom of Information Act.
Subscribe to EPIC FOIA Notes at:
https:/mailman.epic.org/mailman/listinfo/foia_notes
========================================================================
[8] Upcoming Conferences and Events
========================================================================
Data Privacy in APEC: privacy in global transactions. August 11-12.
Lima, Peru http://www.osiptel.gob.pe/apec2008/dataprivacy2/
index.htm
APEC Privacy Sub Enhancing Group Meeting. August 13-16. Lima-Peru
http://www.osiptel.gob.pe/apec2008/dataprivacy2/index.htm
The Privacy Symposium - Summer 2008: An Executive Education Program
on Privacy and Data Security Policy and Practice, August 18-21,
2008, Harvard University, Cambridge, MA. For more information:
http://www.privacysummersymposium.com/
Latin America & The Caribbean Regional Preparatory Meeting for IGF.
August 20, Montevideo, Uruguay.
http://lacnic.net/en/eventos/mvd2008/igf.html
Privacy Awareness Week. August 24, 2008. Australia, New Zealand,
Hong Kong, Korea and Canada. For more information:
http://www.privacyawarenessweek.org/paw
The Third International Conference on Legal, Security and Privacy
Issues in IT. September 3-5, Prague, Czech Republic
http://www.lspi.net/
Youth Privacy Online: Take Control, Make It Your Choice! September
4, 2008, Eaton Centre Marriott, Toronto. For more information:
http://www.ipc.on.ca
Access to Information: Twenty-five Years on. September 8, Minto
Suites Hotel, Ottowa. For more information:
http://www.rileyis.com/seminars/
The third annual Access to Knowledge Conference (A2K3). September
8-10, Geneva, Switzerland http://isp.law.yale.edu/
High Level Expert Conference: Towards a European Policy on RFID.
September 9, Brussels, Belgium
http://www.rfid-in-action.eu/conference
Workshop on Applications of Private and Anonymous Communications.
September 22, 2008. Istanbul, Turkey. For more information:
http://www.alpaca-workshop.org/
World Summit on the Knowledge Society. September 24-28, Athens,
Greece http://www.open-knowledge-society.org/summit.htm
Europe-wide action day "Freedom not fear." October 11, 2008.
Multiple sites. For more information:
http://wiki.vorratsdatenspeicherung.de/Freedom_Not_Fear_2008
International Symposium on Data Protecion in Social Networks.
October 13, 2008, Strasbourg. For more information:
http://epic.org/intsymposium_sns.html
30th International Data Protection and Privacy Conference:
Protecting Privacy in a Borderless World. October 15-17, 2008,
Strasbourg. For more information:
http://www.privacyconference2008.org
European Dialogue on Internet Governance (EuroDIG). October 20-21,
Strasbourg, France http://www.eurodig.org/
Privacy in Social Network Sites Conference October 23-24, 2008.
Delft University of Technology, Faculty of TPM, The Netherlands.
For
more information: http://www.ethicsandtechnology.eu
Third Internet Governance Forum. December 3-6, 2008. Hyderabad,
India. For more information: http://www.intgovforum.org
Tilting perspectives on regulating technologies, Tilburg Institute
for Law and Technology, and Society, Tilburg University. December
10-11, Tilburg, Netherlands
http://www.tilburguniversity.nl/tilt/conference
======================================================================
Subscription Information
======================================================================
Subscribe/unsubscribe via web interface:
https://mailman.epic.org/mailman/listinfo/epic_news
Back issues are available at:
http://www.epic.org/alert
The EPIC Alert displays best in a fixed-width font, such as
Courier.
========================================================================
Privacy Policy
========================================================================
The EPIC Alert mailing list is used only to mail the EPIC Alert
and to
send notices about EPIC activities. We do not sell, rent or
share our
mailing list. We also intend to challenge any subpoena or other
legal
process seeking access to our mailing list. We do not enhance
(link to
other databases) our mailing list or require your actual name.
In the event you wish to subscribe or unsubscribe your e-mail
address
from this list, please follow the above instructions under
"subscription
information."
========================================================================
About EPIC
========================================================================
The Electronic Privacy Information Center is a public interest
research
center in Washington, DC. It was established in 1994 to focus
public
attention on emerging privacy issues such as the Clipper Chip, the
Digital Telephony proposal, national ID cards, medical record
privacy,
and the collection and sale of personal information. EPIC
publishes the
EPIC Alert, pursues Freedom of Information Act litigation, and
conducts
policy research. For more information, see http://www.epic.org
or write
EPIC, 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009.
+1 202
483 1140 (tel), +1 202 483 1248 (fax).
========================================================================
Donate to EPIC
========================================================================
If you'd like to support the work of the Electronic Privacy
Information
Center, contributions are welcome and fully tax-deductible. Checks
should be made out to "EPIC" and sent to 1718 Connecticut Ave., NW,
Suite 200, Washington, DC 20009. Or you can contribute online at:
http://www.epic.org/donate
Your contributions will help support Freedom of Information Act and
First Amendment litigation, strong and effective advocacy for the
right
of privacy and efforts to oppose government regulation of
encryption and
expanding wiretapping powers.
Thank you for your support.
=======================================================================
Support Privacy '08
=======================================================================
If you would like more information on Privacy '08, go online and
search
for "Privacy 08". You'll find a Privacy08 Cause at Facebook,
Privacy08
at Twitter, a Privacy08 Channel on YouTube to come soon, and much
more.
You can also order caps and t-shirts at CafePress Privacy08.
Start a discussion. Hold a meeting. Be creative. Spread the word.
You
can donate online at epic.org. Support the campaign.
Facebook Cause:
http://www.epic.org/redirect/fbprivacy08.html
Twitter:
http://twitter.com/privacy08
CafePress:
http://www.cafepress.com/epicorg
------------------------- END EPIC Alert 15.16
-------------------------
.
More information about the EPIC_news
mailing list