-----Original Message-----
From: [log in to unmask]
[mailto:[log in to unmask]] On Behalf Of EPIC News
Sent: 16 June 2006 21:38
To: [log in to unmask]
Subject: EPIC Alert 13.12
=======================================================================
E P I C A l e r t
=======================================================================
Volume 13.12 June 16, 2006
------------------------------------------------------------------------
Published by the
Electronic Privacy Information Center (EPIC)
Washington, D.C.
http://www.epic.org/alert/EPIC_Alert_13.12.html
=======================================================================
Table of Contents
=======================================================================
[1] Appeals Court Wrongly Extends Wiretap Requirements [2] EPIC Testifies
Before Homeland Security on Video Surveillance [3] Documents Reveal More
Potential PATRIOT Act Abuses [4] Coalition Urges Strong International
Privacy Rules [5] Federal, State Governments Struggle to Investigate
Domestic Spying [6] News in Brief [7] EPIC Bookstore: Stanton and Stam: The
Visible Employee [8] Upcoming Conferences and Events
=======================================================================
[1] Appeals Court Wrongly Extends Wiretap Requirements
=======================================================================
The U.S. Court of Appeals for the D.C. Circuit has decided (pdf) that the
Federal Communications Commission can require broadband and VoIP providers
to make their services wiretap-friendly. The decision allowed the FCC to
apply the Communications Assistance for Law Enforcement Act
(CALEA) to Internet-based communications, even though the law explicitly
exempted "information services."
CALEA, passed by Congress in 1994, was created when law enforcement
officials worried that advances in the traditional telephone system,
including wireless technologies, might make wiretapping more difficult.
The solution proposed was to require telephone companies to construct their
systems to allow easy eavesdropping by law enforcement.
Recognizing that wiretapping internet connections posed distinct problems,
however, the law did not apply to "information services" like Internet
service providers.
Last year, the FCC declared that, despite this prohibition, CALEA would
apply to broadband Internet service providers and providers of voice
communications over the Internet (known as voice over Internet Protocol, or
VoIP). A broad coalition of privacy advocates, Internet providers, and
educational institutions, who would now be required to design their systems
to meet the government's surveillance needs.
The D.C. Circuit upheld the FCC's decision based upon a previously unused
portion of CALEA that authorized the FCC to apply CALEA to any "wire or
electronic communication switching service," so long as that service "is a
replacement for a substantial portion of the local telephone exchange
service and. . . it is in the public interest to do so." The court sided
with the FCC's argument that, since aspects of broadband Internet and VoIP
services replace aspects of traditional telephone service, CALEA applies to
these new technologies.
Judge Edwards, dissenting from the Circuit court's opinion, said that the
FCC's interpretation of this provision runs squarely contrary to the
information services exception. "If all information services that are
carried out 'via telecommunications' are subject to CALEA, then the
'information services' exception is an empty set," he said. During oral
argument, Edwards characterized the FCC's convoluted interpretation of the
statute as "gobbledygook."
Senator Patrick Leahy, the primary sponsor of CALEA during its creation and
passage, criticized the D.C. Circuit's interpretation of the law, saying
that "Stretching a law written for the telephone system of 1994 to cover the
Internet of 2006 is simply inconsistent with congressional intent."
D.C. Circuit Opinion (pdf):
http://www.epic.org/privacy/wiretap/ace_v_fcc.pdf
Text of CALEA:
http://www.epic.org/privacy/wiretap/calea/calea_law.html
EPIC's Wiretap Page:
http://www.epic.org/privacy/wiretap/
Senator Leahy's Statement:
http://leahy.senate.gov/press/200606/060906.html
=======================================================================
[2] EPIC Testifies Before Homeland Security on Video Surveillance
=======================================================================
In testimony before the Department of Homeland Security's Data Privacy and
Integrity Advisory Committee, EPIC Associate Director Lillie Coney
highlighted the threat that video surveillance poses to the rights of
privacy and anonymity.
The meeting, held in San Francisco, focused on the use of radio frequency
identification devices (RFID) and the adoption of public closed-circuit
television (CCTV) surveillance systems. The committee advises Homeland
Security on policy and technology issues that relate to privacy.
Coney's testimony emphasized that, even in public, individuals have a right
to privacy in their anonymity. An individual in public, observed by
strangers, has an expectation of privacy because she will not be recorded or
scrutinized as a matter of course. CCTV systems remove the privacy
protections that human memory provides.
EPIC said that privacy in public spaces was a vital part of our democratic
experience. Video surveillance, in combination with newer technologies like
facial recognition systems, poses a real threat to lawful First Amendment
protected activity. Documents obtained by EPIC demonstrate that CCTV systems
have been used in Washington, D.C. to record peaceful public demonstrations
and identify individual participants within the captured images.
Not only does video surveillance affect fundamental privacy rights, its
ability to deter and combat crime is often overstated. Research on the
effectiveness of the technology for these purposes has not demonstrated a
causal relationship between the technology and the goals stated for its
deployment.
EPIC recommended the development of model guidance to local, state, and
federal governments to discern the need for the technology and guide its
use. The lack of information on the cost benefit analysis and privacy
impacts assessments of CCTV technology should make these the first steps in
the decision making process.
Coney's Testimony (pdf):
http://www.epic.org/privacy/surveillance/coneytest060706.pdf
EPIC's Video Surveillance Page:
http://www.epic.org/privacy/surveillance/
=======================================================================
[3] Documents Reveal More Potential PATRIOT Act Abuses
=======================================================================
FBI documents recently obtained by EPIC under the Freedom of Information Act
reveal forty-two cases of alleged FBI intelligence misconduct deemed serious
enough to refer to the Intelligence Oversight Board. These forty-two known
cases occurred in 2000-2005.
One report indicated violations of the Foreign Intelligence Surveillance
Act, when information obtained under the Act was improperly disclosed in a
grand jury subpoena. Another report disclosed that an electronic
communication was inadvertently intercepted because of an error made by an
Internet service provider. In another incident, call detail information was
recorded inadvertently after a surveillance target changed phone numbers.
Yet another report cited wiretaps on the wrong cell phones. Records also
indicated that some surveillance operations continued past the authorized
period.
Each of these reports was referred to the Intelligence Oversight Board by
the FBI's Office of General Counsel because of an executive order that
requires intelligence agencies to report "intelligence activities that they
have reason to believe may be unlawful or contrary to Executive Order or
Presidential Directive." The IOB must then report these activities to the
President and Attorney General, though Congress is not notified of the
allegations, or how the matters are resolved.
The recently disclosed documents were the latest in a series obtained from
the FBI by EPIC following a Freedom of Information Act request for records
concerning the FBI's use of PATRIOT Act powers that were originally set to
sunset in 2005. Based on these documents, EPIC has requested the Senate
Judiciary Committee to consider legislation that would require the Attorney
General to report cases of alleged intelligence misconduct to the House and
Senate Judiciary Committees, as well as the Justice Department's response to
such incidents. The letter stated that the ever-increasing number of
wretaps, and the expnding scope of domestic surveillance requires additional
oversight.
EPIC v. Dept. of Justice Page:
http://www.epic.org/privacy/terrorism/usapatriot/foia/
EPIC's FOIA Request:
http://www.epic.org/redirect/fbi_foia_request.html
EPIC's letter to the Senate Judiciary Committee (pdf):
http://www.epic.org/privacy/surveillance/sen_iob_letter.pdf
=======================================================================
[4] Coalition Urges Strong International Privacy Rules
=======================================================================
A coalition of privacy groups urged the U.S. Department of Commerce to
strengthen privacy rules to protect personal data being transferred between
and out of the Asia Pacific Economic Cooperation Group (APEC).
The Department of Commerce sought comments on how to implement the APEC
Privacy Framework in creating cross-border privacy rules, which would govern
how information is transferred between APEC member countries.
The APEC Privacy Framework sets out a series of general privacy principles
that member economies should follow in handling individuals'
personal information. Specific data privacy rules between member economies
would have to abide by these principles.
The privacy groups emphasized the need for binding laws to protect privacy,
given the often-weak enforcement of self-regulatory industry schemes. The
groups also stated that existing privacy laws in the member countries should
be built upon, and that individuals within a country with strong privacy
laws should not lose those protections simply because their data is
transferred to a country with weaker laws. The coalition also said that
businesses within APEC countries should not transfer data to countries with
unacceptably weak data protection laws, or at least should face stricter
penalties if data transferred to these other countries is compromised.
The groups also advocated creating a monitoring committee that would oversee
APEC members' compliance with the privacy framework and the individual
cross-border rules, issuing warnings to businesses and other organizations
that violate those rules, and recommending enforcement actions against
violators to the appropriate government officials.
The privacy groups jointly commenting on the plan included Consumer
Federation of America, EPIC, the National Consumers League, Privacy Rights
Clearinghouse, Privacy Times, U.S. Public Interest Research Group, and the
World Privacy Forum.
Coalition Comments on APEC Cross-Border Privacy Rules (pdf):
http://www.epic.org/privacy/intl/apec_cmts.pdf
Comment Notice:
http://www.epic.org/redirect/apec_notice.html
APEC Privacy Framework (pdf):
http://www.epic.org/redirect/apec_framework.html
Organization for Economic Cooperation and Development Privacy Guidelines:
http://www.epic.org/redirect/oecd_guidelines.html
EPIC's Privacy Law Sourcebook 2004 (containing the text of the APEC Privacy
Framework):
http://www.epic.org/bookstore/pls/2004/
=======================================================================
[5] Federal, State Governments Struggle to Investigate Domestic Spying
=======================================================================
On June 6, the Senate Judiciary Committee decided not to subpoena telephone
company executives in its investigation of the National Security Agency's
domestic surveillance program. Committee Chairman Arlen Specter backed away
from earlier calls to bring the companies in to testify in exchange for
support of a bill that Specter has proposed to allow a review of the program
by the special court created by the Foreign Intelligence Surveillance Act
(FISA).
Following this exchange, however, Specter took the unusual step of writing
an open letter to Vice President Cheney, rebuking the Vice President for
privately encouraging other senators to oppose hearings with the telephone
companies. In the letter, Specter stated that "[t]here is no doubt that the
NSA program violates the Foreign Intelligence Surveillance Act..." Specter
also indicated that he may proceed with subpoenas if he cannot reach an
agreement with the White House on the issue.
The surveillance program, first reported on by USA Today in May, apparently
relied upon telephone companies to secretly hand over millions of customers'
detailed call records to the NSA, in an effort to analyze the data for
supposed terrorist calling patterns. According to the USA Today report, no
warrants were issued or requested by the government in collecting any of
this information.
The Senate is not the only government body to call for an investigation into
the program. Federal Communications Commissioner Michael Copps has also
publicly called for investigations of the phone companies allegedly
involved, noting that their actions would have violated provisions of the
Communications Act that require them to keep customer records confidential.
EPIC has joined the call for FCC investigation, though FCC Chairman Kevin
Martin has so far declined, citing the likelihood that the program's
classified nature would preclude an investigation.
The executive branch has also taken drastic steps to oppose the efforts of
state governments to investigate the potential violations, suing the state
of New Jersey to prevent the state attorney general from investigating phone
companies allegedly involved in the program.
Companies required by the state to respond to the subpoenas were also warned
by federal authorities that responding to the subpoenas would be a violation
of federal law.
Letter of Senator Specter to Vice President Cheney (pdf):
http://www.epic.org/privacy/surveillance/specter-ltr_6-06.pdf
Statement of FCC Commissioner Michael Copps (pdf):
http://hraunfoss.fcc.gov/edocs_public/attachmatch/DOC-265373A1.pdf
EPIC's letter to FCC Chairman Martin (pdf):
http://www.epic.org/privacy/wiretap/epic-fcc-nsa.pdf
EPIC Resources on Domestic Surveillance
http://www.epic.org/features/surveillance.html
=======================================================================
[6] News in Brief
=======================================================================
Veterans Affairs Data Theft Widens, Includes Active Personnel
The personal information of about 1.1 million active-duty military
personnel, 430,000 members of the National Guard and 645,000 members of the
Reserves, was stolen in the recent theft of computer data from the
Department of Veterans Affairs, the agency announced last week. The agency
previously said that all 26.5 million people affected by the data theft were
veterans and their spouses. The data include Social Security numbers and
disability ratings. The FBI has set up a 24-hour tip line at 1-800-CALL-FBI
for information on the burglary. Congress continues to hold hearings on the
theft of sensitive personal information on veterans and active duty military
personnel.
Latest Information on the Theft from Veterans Affairs:
http://firstgov.gov/veteransinfo.shtml
ID Theft Prevention Tips for Veterans from Privacy Rights Clearinghouse:
http://www.privacyrights.org/ar/VABreach.htm
EPIC Files Reply Comments on Phone Record Security
EPIC has filed reply comments on the Federal Communications Commission's
proposal to require phone companies to increase security for consumers'
phone records. In its comments, EPIC urges the FCC to adopt rules that
prevent poor security practices, such as using easily obtained biographical
information as passwords for users to access account information. EPIC also
responded to comments from telephone companies claiming that audit trails
were too expensive, noting that many telephone companies already use audit
trails in fraud prevention.
Finally, EPIC objected to a "safe harbor" proposal that would allow
companies to avoid responsibility for consumer privacy.
EPIC Reply Comments (pdf):
http://www.epic.org/privacy/iei/rm_reply_cmts.pdf
EPIC's Illegal Sale of Phone Records Page:
http://www.epic.org/privacy/iei
One-Third of US and UK Firms Read Employees' E-mail
More than one-third (38%) of large companies in the US and UK read their
employees' e-mail, and another 24% of US firms and 33% of UK firms plan to
implement such surveillance, according to a new study from a company that
offers corporate e-mail protection. However, about 20% of US and UK firms
surveyed do not have a written policy about e-mail use and monitoring.
Proofpoint Inc. and Forrester Research surveyed 406 US and UK companies with
more than 1,000 employees.
Proofpoint and Forrester Research Survey (pdf):
http://www.epic.org/privacy/workplace/proof_email2006.pdf
EPIC's Workplace Privacy page:
http://www.epic.org/privacy/workplace/
Philadelphia Cab Drivers Protest GPS Tracking
Dozens of cab drivers protested in front of Philadelphia's City Hall after
the Philadelphia Parking Authority's plan to mandate that all of the city's
taxi drivers install Global Positioning Satellite (GPS) systems in their
cabs. Drivers went on strike to reject the systems, which are high-tech
devices that would allow the Parking Authority to track all city cabs and
passengers. After installation, the cab owners would have to pay an $18 per
month maintenance fee for the systems.
Privacy and Human Rights 2004 on satellite surveillance:
http://www.epic.org/redirect/phr2004_sat.html
Passenger Data Transfer on G-8 Agenda
The controversial plan that allowed European airlines to transfer passenger
data to the U.S. government will be raised at this week's G-8 summit. The
agreement, struck down on narrow procedural grounds by the European Court of
Justice recently, is likely to be renegotiated in a different format in
accordance with the court's ruling. The new framework for the program,
however, is likely to expand, not limit, the data airlines must provide the
U.S., according to Homeland Security Secretary Michael Chertoff.
Ruling by the European Court of Justice:
http://www.epic.org/redirect/ec_court_passenger.html
=======================================================================
[7] EPIC Bookstore: Stanton and Stam: The Visible Employee
=======================================================================
Jeffrey M. Stanton and Kathryn R. Stam. The Visible Employee: Using
Workplace Monitoring and Surveillance to Protect Information Assets--Without
Compromising Employee Privacy or Trust. Information Today, 2006.
http://www.powells.com/partner/24075/biblio/0910965749
"For business owners, managers, and IT staff interested in learning how to
effectively and ethically monitor and influence workplace behavior, this
guide is a roadmap to ensuring security without risking employee privacy or
trust. The misuse of information systems by wired workers-either through
error or by intent-is discussed in detail, as are possible results such as
leaked or corrupted data, crippled networks, lost productivity, legal
problems, or public embarrassment. This analysis of an extensive four-year
research project conducted by the authors covers not only a range of
security solutions for at-risk organizations but also the perceptions and
attitudes of employees toward workplace surveillance."
================================
EPIC Publications:
"Information Privacy Law: Cases and Materials, Second Edition" Daniel J.
Solove, Marc Rotenberg, and Paul Schwartz. (Aspen 2005). Price: $98.
http://www.epic.org/redirect/aspen_ipl_casebook.html
This clear, comprehensive introduction to the field of information privacy
law allows instructors to enliven their teaching of fundamental concepts by
addressing both enduring and emerging controversies. The Second Edition
addresses numerous rapidly developing areas of privacy law, including:
identity theft, government data mining,and electronic surveillance law, the
Foreign Intelligence Surveillance Act, intelligence sharing, RFID tags, GPS,
sypware, web bugs, and more.
Information Privacy Law, Second Edition, builds a cohesive foundation for an
exciting course in this rapidly evolving area of law.
================================
"Privacy & Human Rights 2004: An International Survey of Privacy Laws and
Developments" (EPIC 2004). Price: $50.
http://www.epic.org/bookstore/phr2004
This annual report by EPIC and Privacy International provides an overview of
key privacy topics and reviews the state of privacy in over 60 countries
around the world. The report outlines legal protections, new challenges, and
important issues and events relating to privacy.
Privacy & Human Rights 2004 is the most comprehensive report on privacy and
data protection ever published.
================================
"FOIA 2004: Litigation Under the Federal Open Government Laws," Harry
Hammitt, David Sobel and Tiffany Stedman, editors (EPIC 2004). Price:
$40.
http://www.epic.org/bookstore/foia2004
This is the standard reference work covering all aspects of the Freedom of
Information Act, the Privacy Act, the Government in the Sunshine Act, and
the Federal Advisory Committee Act. The 22nd edition fully updates the
manual that lawyers, journalists and researchers have relied on for more
than 25 years. For those who litigate open government cases (or need to
learn how to litigate them), this is an essential reference manual.
================================
"The Public Voice WSIS Sourcebook: Perspectives on the World Summit on the
Information Society" (EPIC 2004). Price: $40.
http://www.epic.org/bookstore/pvsourcebook
This resource promotes a dialogue on the issues, the outcomes, and the
process of the World Summit on the Information Society (WSIS). This
reference guide provides the official UN documents, regional and
issue-oriented perspectives, and recommendations and proposals for future
action, as well as a useful list of resources and contacts for individuals
and organizations that wish to become more involved in the WSIS process.
================================
"The Privacy Law Sourcebook 2004: United States Law, International Law, and
Recent Developments," Marc Rotenberg, editor (EPIC 2005). Price:
$40.
http://www.epic.org/bookstore/pls2004/
The Privacy Law Sourcebook, which has been called the "Physician's Desk
Reference" of the privacy world, is the leading resource for students,
attorneys, researchers, and journalists interested in pursuing privacy law
in the United States and around the world. It includes the full texts of
major privacy laws and directives such as the Fair Credit Reporting Act, the
Privacy Act, and the OECD Privacy Guidelines, as well as an up-to-date
section on recent developments. New materials include the APEC Privacy
Framework, the Video Voyeurism Prevention Act, and the CAN-SPAM Act.
================================
"Filters and Freedom 2.0: Free Speech Perspectives on Internet Content
Controls" (EPIC 2001). Price: $20.
http://www.epic.org/bookstore/filters2.0
A collection of essays, studies, and critiques of Internet content
filtering. These papers are instrumental in explaining why filtering
threatens free expression.
================================
EPIC publications and other books on privacy, open government, free
expression, crypto and governance can be ordered at:
EPIC Bookstore http://www.epic.org/bookstore
"EPIC Bookshelf" at Powell's Books
http://www.powells.com/features/epic/epic.html
================================
EPIC also publishes EPIC FOIA Notes, which provides brief summaries of
interesting documents obtained from government agencies under the Freedom of
Information Act.
Subscribe to EPIC FOIA Notes at:
https://mailman.epic.org/cgi-bin/control/foia_notes
=======================================================================
[8] Upcoming Conferences and Events
=======================================================================
7th Annual Institute on Privacy Law: Evolving Laws and Practices in a
Security-Driven World. Practising Law Institute. June 19-20, New York, New
York. July 17-18, Chicago, Illinois. Live webcast available. For more
information: www.pli.edu
identitymashup: Who Controls and Protects the Digital Me? Berkman Center for
Internet & Society, Harvard Law School. June 19-21, 2006. Cambridge,
Massachusetts. For more information:
http://www.identitymash-up.org/
Call for papers for Identity and Identification in a Networked World.
Submissions due by July 5. New York University. Symposium on September
29-30, 2006. New York, New York. For more information:
http://www.easst.net/node/976
Infosecurity New York. Reed Exhibitions. September 12-14, 2006. New York,
New York. For more information:
http://www.infosecurityevent.com
34th Research Conference on Communication, Information, and Internet Policy.
Telecommunications Policy Research Conference. September 29-October 1, 2006.
Arlington, Virginia. For more information:
http://www.tprc.org/TPRC06/2006.htm
6th Annual Future of Music Policy Summit. Future of Music Coalition.
October 5-7, 2006. Montreal, Canada. For more information:
http://www.futureofmusic.org/events/summit06/
The IAPP Privacy Academy 2006. International Association of Privacy
Professionals. October 18-20, 2006. Toronto, Ontario, Canada. For more
information:
www.privacyassociation.org
International Conference on Privacy, Security, and Trust (PST 2006).
University of Ontario Institute of Technology. October 20-November 1, 2006.
Markham, Ontario, Canada. For more information:
http://www.businessandit.uoit.ca/pst2006/
BSR 2006 Annual Conference. Business for Social Responsibility. November
7-10, 2006. New York, New York. For more information:
http://www.bsr.org/BSRConferences/index.cfm
CFP2007: Computers, Freedom, and Privacy Conference. Association for
Computing Machinery. May 2007. Montreal, Canada. For more information:
http://www.cfp2007.org.
======================================================================
Subscription Information
======================================================================
Subscribe/unsubscribe via web interface:
https://mailman.epic.org/cgi-bin/mailman/listinfo/epic_news
Back issues are available at:
http://www.epic.org/alert
The EPIC Alert displays best in a fixed-width font, such as Courier.
=======================================================================
Privacy Policy
=======================================================================
The EPIC Alert mailing list is used only to mail the EPIC Alert and to send
notices about EPIC activities. We do not sell, rent or share our mailing
list. We also intend to challenge any subpoena or other legal process
seeking access to our mailing list. We do not enhance (link to other
databases) our mailing list or require your actual name.
In the event you wish to subscribe or unsubscribe your e-mail address from
this list, please follow the above instructions under "subscription
information."
=======================================================================
About EPIC
=======================================================================
The Electronic Privacy Information Center is a public interest research
center in Washington, DC. It was established in 1994 to focus public
attention on emerging privacy issues such as the Clipper Chip, the Digital
Telephony proposal, national ID cards, medical record privacy, and the
collection and sale of personal information. EPIC publishes the EPIC Alert,
pursues Freedom of Information Act litigation, and conducts policy research.
For more information, see http://www.epic.org or write EPIC, 1718
Connecticut Ave., NW, Suite 200, Washington, DC 20009. +1 202
483 1140 (tel), +1 202 483 1248 (fax).
If you'd like to support the work of the Electronic Privacy Information
Center, contributions are welcome and fully tax-deductible. Checks should
be made out to "EPIC" and sent to 1718 Connecticut Ave., NW, Suite 200,
Washington, DC 20009. Or you can contribute online at:
http://www.epic.org/donate
Your contributions will help support Freedom of Information Act and First
Amendment litigation, strong and effective advocacy for the right of privacy
and efforts to oppose government regulation of encryption and expanding
wiretapping powers.
Thank you for your support.
------------------------- END EPIC Alert 13.12 -------------------------
.
--
This message has been scanned for viruses and dangerous content by the
NorMAN MailScanner Service and is believed to be clean.
The NorMAN MailScanner Service is operated by Information Systems and
Services, Newcastle University.
====
This e-mail is intended solely for the addressee. It may contain private and
confidential information. If you are not the intended addressee, please take
no action based on it nor show a copy to anyone. Please reply to this e-mail
to highlight the error. You should also be aware that all electronic mail
from, to, or within Northumbria University may be the subject of a request
under the Freedom of Information Act 2000 and related legislation, and
therefore may be required to be disclosed to third parties.
This e-mail and attachments have been scanned for viruses prior to leaving
Northumbria University. Northumbria University will not be liable for any
losses as a result of any viruses being passed on.
************************************************************************************
Distributed through Cyber-Society-Live [CSL]: CSL is a moderated discussion
list made up of people who are interested in the interdisciplinary academic
study of Cyber Society in all its manifestations.To join the list please visit:
http://www.jiscmail.ac.uk/lists/cyber-society-live.html
*************************************************************************************
|
