From: [log in to unmask]
To: [log in to unmask]
Sent: 12/01/2005 23:46
Subject: EPIC 2004 Privacy Year in Review
=======================================================================
E P I C A l e r t
=======================================================================
Year in Review January 12, 2005
-----------------------------------------------------------------------
Published by the
Electronic Privacy Information Center (EPIC)
Washington, D.C.
http://www.epic.org/alert/EPIC_Alert_yir2004.html
======================================================================
2 0 0 4 P R I V A C Y Y E A R I N R E V I E W
======================================================================
Privacy debates continued in the United States in 2004 as proposals
for passenger profiling and new identity cards provoked public protest
and legislation. Google announced a new email service that offered
lots of free storage while also peeking at the users' private
messages. ID theft continued to be a national problem. And some
states, most notably California, adopted new laws to safeguard
personal privacy.
Here are the Top Ten Privacy Stories of 2004 from the Electronic
Privacy Information Center (EPIC):
* * * * * * * * * * * * * * * * * * * * * * * *
Foreign Opposition to USA PATRIOT Act
The USA PATRIOT Act, which gave government new authority to collect
information about American citizens and visitors to the United States,
came under increasing criticism from foreign governments in 2004.
Latin American countries objected to sending census data and voter
records to U.S. law enforcement agencies. Canadian officials warned
that the Patriot Act would violate Canadian law.
* * * * * * * * * * * * * * * * * * * * * * * *
Google Datamines Private Email
Apparently, there is a shortage of advertising on the Internet. At
least that must be part of the thinking behind Google's Gmail. The
new email service links keywords in private messages with web-based
advertising. Messages to business colleagues, family members, and
loved ones now produce discount travel offers and 10% off restaurant
deals. Question to Google CEO Eric Schmidt: do we get to read your
email?
* * * * * * * * * * * * * * * * * * * * * * * *
Expansion of US-VISIT
US-VISIT, an entry-exit border control system, launched in 2004.
Europeans bristled when fingerprinted at U.S. airports. In Brazil a
judge retaliated. He okayed the fingerprinting of U.S. tourists,
citing the U.S. government's treatment of visitors. US-VISIT expanded
rapidly following the award of a $15 billion contract to Accenture, a
Bermuda-based corporation that entered the U.S. to take the money and
then exited the country to avoid the corporate taxes. How about better
border control for corporate outsourcing?
* * * * * * * * * * * * * * * * * * * * * * * *
Death of Airline Passenger Profiling . . . Maybe
At a press conference in Washington, DC earlier in the year, Secretary
of Homeland Security Tom Ridge raised his hand as if to put a wooden
stake through the heart of "CAPPS II," the much-criticized passenger
profiling system. An independent government review decided that
assigning a "terrorist threat index" was not a great idea. Congress
and civil liberties groups slammed the program. The funding was
pulled. However, by year-end, a new passenger-screening program
called Secure Flight was moving forward. Next time, use garlic.
* * * * * * * * * * * * * * * * * * * * * * * *
U.S. Medical Records Go Overseas
Offshore outsourcing dramatically increases privacy risks, said a
government report in 2004. So U.S. accountants proposed corporate
disclosure of outsourcing practices. California passed a law to
notify consumers when their personal information went abroad. But
elsewhere, countries expressed concern about privacy protections in
the United States. Canada pulled out of a contract with a U.S. company
that would have provided services for the 2006 Canadian census.
* * * * * * * * * * * * * * * * * * * * * * * *
Data Disclosures -- Mission Creep Continues
The IRS reported that it made 3.7 billion disclosures of tax return
information in 2003 for tax and non-tax law enforcement and
statistical purposes. Meanwhile, the Pentagon proposed to use tax
returns to find "out-of-touch" reservists. The General Accounting
Office and the Technology and Privacy Advisory Committee issued
reports on government data mining and sharing of public and private
sector personal information data. The Census Bureau revised its
information sharing policy when it came to light that it has provided
information to Homeland Security on persons identifying themselves as
being of Arab ancestry.
* * * * * * * * * * * * * * * * * * * * * * * *
States Pull Out of Mini-Total Information Awareness Project
Of the thirteen states originally agreeing to participate in the
Multistate Anti-Terrorism Information Exchange (MATRIX), only five
remain. The program was an effort to establish a state-level data
mining project similar to the Total Information Awareness project
killed by Congress in 2003. State governors and attorneys cited their
own states' privacy laws.
* * * * * * * * * * * * * * * * * * * * * * * *
ID Theft a Growing Problem; Laws Stiffen Penalties
ID theft was the number one consumer complaint received by the Federal
Trade Commission in 2004. In response, Congress enacted laws to
provide stronger penalties for ID theft and "phishing," the use of
fake email addresses to lure sensitive personal information such as
credit card numbers from people.
* * * * * * * * * * * * * * * * * * * * * * * *
Prevent More Stringent ID Requirements for Voters
The Help America Vote Act placed greater identification requirements
on voters registering for the first time. This meant an excessive
burden was placed on those who wished to vote, but did not drive or
have a need for a state-issued identification card. However, charges
of voter fraud during the 2004 election season persisted, which may
spur Congress and state legislatures to make greater identification
demands on current and newly registered voters as well as anyone
attempting to vote.
* * * * * * * * * * * * * * * * * * * * * * * *
California Continues Privacy Reforms
While lawmakers in Washington dined with lobbyists, legislators in
Sacramento were enacting some of the best new privacy laws in the
United States. Among the new safeguards from the country's leading
privacy state -- laws that limit electronic surveillance in rental
cars, controls on the Social Security Number, a crackdown on spam and
spyware, and new protections for wireless phone numbers.
======================================================================
ISSUES TO WATCH IN 2005
======================================================================
The USA PATRIOT Act is up for renewal, state drivers licenses may
become national identity cards, big companies will go after privacy
laws, and new tags in your food may be telling your refrigerator when
you need to buy more OJ. George Orwell may have been off by a few
years, but privacy and technology are prepared to do battle again as a
new year unfolds.
* * * * * * * * * * * * * * * * * * * * * * * *
National ID
The queen of England has proposed that her subjects need a biometric
identifier, but the rest of the world is not so certain. The United
States took a half step toward national ID with federal mandates for
the states' drivers licenses, but stopped short of a full-blown
domestic passport. Expect a debate focused on the links between an
upgraded state drivers licenses and federal agency databases.
* * * * * * * * * * * * * * * * * * * * * * * *
USA PATRIOT Act Renewal
The USA PATRIOT Act passed not long after the Senate was evacuated
because of anthrax. Now it's 2005 and Congress will need to decide
whether the Constitutional rollback will be permanent. At issue are
the electronic surveillance provisions that minimized the role of the
courts and gave the Attorney General broad new powers. Note to
Congress: real patriots defend the Constitution. And question to the
FBI: who was responsible for the anthrax?
* * * * * * * * * * * * * * * * * * * * * * * *
Telemarketers Attack Privacy Rules
The telemarketers are gearing up in 2005 to go after the most popular
privacy rules in the Unites States. The federal Do Not Call list now
includes more than 80 million subscribers who have just said no to
telemarketing calls at dinnertime. But the direct marketers have a
new strategy to open up loopholes in the rules and resume the calls.
Also, watch the opt-in privacy safeguards for the wireless phone
directories collapse unless Congress passes legislation. "Can you
hear me now?" "Yes, and please take me off your list."
* * * * * * * * * * * * * * * * * * * * * * * *
Google Tracks Reading?
The Net's number one search engine (and number one advertiser) is now
planning to convert many of the nation's libraries into digital
format. A tremendous boon for the public domain, but the cost may be
the loss of reader privacy. Remember to delete those Google cookies.
* * * * * * * * * * * * * * * * * * * * * * * *
Is it a Phone? Is it the Internet? It's VOIP!
Internet-based telephone service -- "VOIP" as the geeks and the policy
wonks say -- was expected to reach one million users by the end of
2004. But is VOIP a telecommunications service or an information
service? There are high stakes for privacy protection. Will the Do
Not Call Registry apply to it? Will providers be required to help law
enforcement access it? And will we be able to prevent "spit" -- the
new term for unsolicited commercial messages delivered to VOIP users?
Stay tuned!
* * * * * * * * * * * * * * * * * * * * * * * *
Smart Barcodes, RFID, and Products that Spy
Now that the next-generation standard for RFIDs has been agreed to and
adopted, we'll see an expansion of RFID products developed for the
market and more organizations beginning to switch to RFID tracking
systems for their own convenience. It will be necessary to develop
guidelines outlining the duties of RFID-using organizations and
setting out the rights of individuals who are exposed to RFID-enabled
products. Must wonder if such guidelines are needed to address RFIDs
in biometric passports approved by the International Civil Aviation
Organization . . .
* * * * * * * * * * * * * * * * * * * * * * * *
Internet Privacy
Expect a continuing state of flux when it comes to Internet
communications and your privacy. With spyware legislation, the
ongoing battles against spam, and the development of "spit," questions
about VOIP regulation and the application of law, not to mention the
upcoming decision in United States v. Councilman expected in spring
2005, the boundaries keep shifting.
* * * * * * * * * * * * * * * * * * * * * * * *
Outsourcing: Frying Pan or Fire?
Outsourcing continues to be an issue on both the domestic and
international front. Americans continue to be concerned about privacy
and security of offshore/outsourced data processing, tax return
preparation and call centers. Meanwhile, Canada and other countries
are reviewing their own outsourcing to the U.S. after concerns were
raised about the capacity of U.S. authorities to access such records.
It is ironic to recollect that one of the motivating factors of data
protection schemes was concern about facilitating international
relationships -- will the USA PATRIOT Act and its consequences put an
end to such profitable relations?
* * * * * * * * * * * * * * * * * * * * * * * *
Centralized Voter Registration Databases
The Help America Vote Act requires that all states develop and
implement centralized voter registration databases by 2006. The lack
of technical expertise on the part of state election administrators
may leave the centralization of voter registration lists to private
contractors or very insecure systems with poor administration. Either
case will make it difficult to ensure that personally identifiable
information of registered voters will be protected from misuse or
abuse. Expect Congress to take a closer look at the privacy standards
for voter registration records.
* * * * * * * * * * * * * * * * * * * * * * * *
WHOIS Directory
WHOIS, the online database of the millions of people who registered
web sites, still lacks basic privacy safeguards. After years of
review, the Internet Corporation for Assigned Names and Numbers
(ICANN), the folks who demand the data, should make 2005 the year it
finally establishes safeguards. Note to ICANN: self-regulation does
not mean no regulation.
======================================================================
Privacy Policy
======================================================================
The EPIC Alert mailing list is used only to mail the EPIC Alert and to
send notices about EPIC activities. We do not sell, rent or share our
mailing list. We also intend to challenge any subpoena or other legal
process seeking access to our mailing list. We do not enhance (link
to other databases) our mailing list or require your actual name.
In the event you wish to subscribe or unsubscribe your e-mail address
from this list, please follow the above instructions under
"subscription information."
======================================================================
About EPIC
======================================================================
The Electronic Privacy Information Center is a public interest
research center in Washington, DC. It was established in 1994 to
focus public attention on emerging privacy issues such as the Clipper
Chip, the Digital Telephony proposal, national ID cards, medical
record privacy, and the collection and sale of personal information.
EPIC publishes the EPIC Alert, pursues Freedom of Information Act
litigation, and conducts policy research. For more information, visit
http://www.epic.org or write EPIC, 1718 Connecticut Ave., NW, Suite
200, Washington, DC 20009. +1 202 483 1140 (tel), +1 202 483 1248
(fax).
If you'd like to support the work of the Electronic Privacy
Information Center, contributions are welcome and fully
tax-deductible. Checks should be made out to "EPIC" and sent to 1718
Connecticut Ave., NW, Suite 200, Washington, DC 20009. Or you can
contribute online at:
http://www.epic.org/donate
Your contributions will help support Freedom of Information Act and
First Amendment litigation, strong and effective advocacy for the
right of privacy and efforts to oppose government regulation of
encryption and expanding wiretapping powers.
Thank you for your support.
------------------ End EPIC 2004 Year in Review ------------------
.
--
This message has been scanned for viruses and dangerous
content by the NorMAN MailScanner Service and is believed
to be clean.
The NorMAN MailScanner Service is operated by Information
Systems and Services, University of Newcastle upon Tyne.
====
This e-mail is intended solely for the addressee. It may contain private and
confidential information. If you are not the intended addressee, please take
no action based on it nor show a copy to anyone. Please reply to this e-mail
to highlight the error. You should also be aware that all electronic mail
from, to, or within Northumbria University may be the subject of a request
under the Freedom of Information Act 2000 and related legislation, and
therefore may be required to be disclosed to third parties.
This e-mail and attachments have been scanned for viruses prior to leaving
Northumbria University. Northumbria University will not be liable for any
losses as a result of any viruses being passed on.
************************************************************************************
Distributed through Cyber-Society-Live [CSL]: CSL is a moderated discussion
list made up of people who are interested in the interdisciplinary academic
study of Cyber Society in all its manifestations.To join the list please visit:
http://www.jiscmail.ac.uk/lists/cyber-society-live.html
*************************************************************************************
|
