From: [log in to unmask]
[mailto:[log in to unmask]] On Behalf Of EPIC News
Sent: 16 November 2006 23:54
To: [log in to unmask]
Subject: EPIC Alert 13.23
=======================================================================
E P I C A l e r t
=======================================================================
Volume 13.23 November 16, 2006
------------------------------------------------------------------------
Published by the
Electronic Privacy Information Center (EPIC)
Washington, D.C.
http://www.epic.org/alert/EPIC_Alert_13.23.html
=======================================================================
Table of Contents
=======================================================================
[1] EPIC FOIA Documents: Commerce's Privacy Officer Is Out to Lunch [2]
President Seeks OK for Domestic Surveillance Program [3] Privacy
International Publishes Global Privacy Report [4] Electronic Voting
Technology Problems Hamper Elections [5] EPIC Files Brief Urging Supreme
Court to Review Secret Law [6] News in Brief [7] EPIC Bookstore: David
Holtzman's "Privacy Lost"
[8] Upcoming Conferences and Events
=======================================================================
[1] EPIC FOIA Documents: Commerce's Privacy Officer Is Out to Lunch
=======================================================================
Documents obtained by EPIC under the Freedom of Information Act reveal that
Deputy Under Secretary Robert C. Cresanti, Chief Privacy Officer for the
Department of Commerce, made time in 2006 for many meetings with business
groups but was unable to attend one scheduled meeting with privacy
advocates.
The documents were provided in response to a FOIA request from EPIC
regarding the various meetings scheduled by the Chief Privacy Officer for
the Department of Commerce from the time of his appointment in mid-July
through September 8. Mr. Cresanti attended more than 25 meetings with
business lobbyists and corporate representatives across the country,
including business lunches and dinners with DaimlerChrysler, Pitney Bowes
and the Council on Competitiveness, whose members include executives from
Wal-Mart and IBM. He also attended day-long business meetings in Detroit,
Michigan; Elyria, Ohio, and Chicago, Illinois.
However, the top privacy official at the Commerce Department did not attend
one pre-scheduled meeting with privacy advocates in Washington, DC. Cresanti
had accepted an invitation to speak to the Privacy Coalition, a network of
privacy experts and advocates based in Washington, DC.
Cresanti had agreed to speak with the Privacy Coalition on September 8 at
1:15 p.m., after another meeting at the National Institute of Standards and
Technology. But his appointment at NIST, scheduled to end at noon, was
completed earlier than anticipated and he went back to his office. When
Cresanti did not arrive at the privacy meeting, the coalition was informed
that he had made an impromptu decision to have lunch instead. Cresanti has
not rescheduled.
The Department of Commerce is responsible for a wide range of privacy issues
of concern to the American public. For example, the Commerce Department is
responsible for the decennial census and the data collected by the federal
government. Questions have also been raised about security of the data the
agency maintains on American citizens. In September, the Commerce Department
disclosed the loss of 1,137 laptops
-- many of which contained personal information on Americans. The agency
also disclosed that, since 2003, about 297 electronic devices containing
sensitive data had gone missing.
The Department of Commerce also establishes policy that affects privacy
rights in other countries. In September 2005, EPIC urged Commerce Secretary
Carlos M. Gutierrez to restrict the export of high-tech surveillance
equipment to China. While U.S, law limits the export of tear gas, handcuffs,
and shotguns to China, high-tech equipment that is used for communications
surveillance and censorship is exported to the country without restrictions.
EPIC's letter cited the 2005 US State Department report and the Privacy and
Human Rights report, which document the role that surveillance and
censorship technology play in political repression.
In announcing the appointment of Cresanti to the position of Chief Privacy
officer for the Department, Commerce Secretary Gutierrez said, "Information
privacy and security is of primary importance to us here at Commerce, and we
are fortunate to have Robert Cresanti's expertise to call upon," said
Secretary Gutierrez. "I am confident that Robert's background, experience,
and concern for privacy and security make him well suited to take on the
role of Chief Privacy Officer for the Department of Commerce."
EPIC's FOIA Note, "Government Privacy Official: Out to Lunch When it Comes
to Privacy":
http://www.epic.org/foia_notes/note13.html
Privacy Coalition:
http://privacycoalition.org/
Department of Commerce:
http://www.commerce.gov/
Press Release Announcing Cresanti's Appointment:
http://www.technology.gov/GovReleases/DOC_060713.htm
EPIC's Letter to the Department of Commerce (pdf):
http://www.epic.org/privacy/intl/doc_china_letter.pdf
U.S. Census:
http://www.census.gov/
News Article about the Loss of Laptops at Commerce:
http://www.govexec.com/dailyfed/0906/092206p1.htm
=======================================================================
[2] President Seeks OK for Domestic Surveillance Program
=======================================================================
Following the election of a Democratic Congress last week, President Bush
said that the current Congress, still under the control of the Republicans,
should try to pass legislation that would ratify his domestic surveillance
program before adjourning later this year. That program is facing legal
challenges in courts across the United States.
The legislation that the President favors would prevent traditional federal
judges from considering whether the domestic surveillance program violates
the Constitution or federal privacy laws. It would also establish a new
immunity provision for telephone companies that would allow them to disclose
confidential information about their customers to the federal government
without legal authority. Several bills are under consideration in the
Senate, and one bill has passed the House.
Congress goes on recess this week and is expected to return to Washington on
December 5. The first session of the new Congress is scheduled to begin on
January 4, 2007.
EPIC's Resources on Domestic Surveillance:
http://epic.org/features/surveillance.html
Wikipedia, NSA Warrantless Surveillance Controversy:
http://www.epic.org/redirect/wikinsa1106.html
Marc Rotenberg, EPIC Executive Director, "Congress is legislating in the
dark: Lawmakers need more information before OKing Bush surveillance
program":
http://www.msnbc.msn.com/id/15199819/
Schedule of the U.S. Senate:
http://www.epic.org/redirect/sensched1106.html
=======================================================================
[3] Privacy International Publishes Global Privacy Report
=======================================================================
A new report from Privacy International ranked the state of privacy
protection in 37 countries around the world. The survey, based on the joint
EPIC and Privacy International "2005 Privacy and Human Rights Report," found
wide disparities in the levels of privacy protection and enforcement.
Privacy International derived each country's ranking from the average of
scores received in 13 categories of privacy protection, which ranged from
the extensiveness of countries' statutory and constitutional protections to
their practices on particular privacy issues, such as biometrics, data
sharing and surveillance. The survey also evaluated countries' leadership on
privacy issues. Germany and Canada topped the survey, while Malaysia, China,
Russia, Singapore and the United Kingdom received the lowest rankings,
placing them in the category of 'endemic surveillance societies.'
The report was simultaneously released at the UN's Internet Governance Forum
in Athens and the 28th annual International Data Protection and Privacy
Commissioners' Conference in London. The London conference included 58 data
protection and privacy authorities, as well as a number of legal scholars
and NGOs from around the world. The privacy commissioners expressed concern
about the rapid growth of surveillance.
While surveillance activities can bring benefits, uncontrolled or excessive
surveillance poses substantial privacy and security risks, the commissioners
said. More sophisticated regulatory schemes beyond privacy and data
protection safeguards are needed to address these risks.
"A Report on the Surveillance Society," was also presented at the
conference, discussed the operation and consequences of the surveillance
society as well as some of the regulatory challenges that it poses. The
incorporation of societal impacts into the assessment of surveillance
activities will enhance current privacy impact assessment models, which tend
to focus on the effect to the individual, the report said.
The privacy commissioners issued three resolutions at the conference, which
accredit eight new national and regional data protection authorities and
clarify future conference organization arrangements. The third resolution
recommended an increase in transparency, data minimization, and
consent-based storage of personal data by Internet Service Providers. It
also urged providers to abide by the internationally recognized standards
for privacy protection, such as the 1980 OECD Privacy Guidelines.
Privacy International's 2006 National Privacy Ranking:
http://www.privacyinternational.org/survey/phr2005/phr2005spread.jpg
Privacy and Human Rights 2005: An International Survey of Privacy Laws and
Developments:
http://www.epic.org/bookstore/phr2005/phr2005.html
Twenty-eighth Annual International Data Protection and Privacy
Commissioners' Conference:
http://www.privacyconference2006.co.uk/
A Report on the Surveillance Society (pdf):
http://www.privacyconference2006.co.uk/files/report_eng.pdf
=======================================================================
[4] Electronic Voting Technology Problems Hamper Elections
=======================================================================
Many instances of electronic voting machine failures marred the voting
experience for voters in the states of Arkansas, Florida, Maryland,
Pennsylvania and Virginia. The problems ranged from electronic poll-book
failures to insufficient numbers of voting machines to serve polling
locations. The most notable problem was the failure of Election Systems &
Software's iVotronic touch-screen voting system, which resulted a 13%
undervote in the race in the 13th Congressional District in Florida.
About 18,000 votes were lost due to the failure.
On Election Day, Rice University and the National Committee for Voting
Integrity conducted a survey of voters in Jefferson County, Texas, to learn
more about the adoption of new voting systems. Jefferson County used the
optical scan and direct recording electronic (DRE, also called
touch-screen) voting system. The survey was conducted because of interest in
how voters and election administrators are being affected by changes in
voting technology after the enactment of the 2002 Help America Vote Act. The
research involved timing how long it took for voters to use either the
optical scan or touch screen voting system and collection of voter opinions
about the system that they used. The results of the surveys will take
several weeks to analyze.
With the enactment of the Act, Congress for the first time created a role
for the federal government in the administration of local elections when
federal offices are on the ballot. Many changes made by the Act will impact
all elections, not just federal ones. The Act created a new federal
government agency to provide guidance to states and instituted requirements
for access by those with disabilities.
The result has been a historic shift from lever, paper, and punch card
voting systems to optical scan and DRE systems. According to Election Data
Services, a political consulting firm specializing in election
administration, the transformation to electronic systems is nearly complete.
The numbers of registered voters in counties using optical scan voting
systems has increased from 46.7 million (29.5%) to 84 million (48.9%). The
number of registered voters in counties using DRE systems have increased
from 19.7 million (12.4%) to 65.9 million (38.4%) within two federal
election cycles. Less than 15% of registered voters are in counties that do
not use either system.
National Committee for Voting Integrity:
http://www.votingintegrity.org/default.html
EPIC's September 2006 Spotlight on Surveillance: With Some Electronic Voting
Systems, Not All Votes Count:
http://www.epic.org/privacy/surveillance/spotlight/0906/
EPIC's page on Voting and Privacy:
http://www.epic.org/privacy/voting/
=======================================================================
[5] EPIC Files Brief Urging Supreme Court to Review Secret Law
=======================================================================
EPIC joined with other organizations in urging the Supreme Court to review
Gilmore v. Gonzales. The case concerns a secret rule that allows airport
personnel to require travelers in the United States to produce
identification. EPIC wrote in its "friend of the court" brief that the
secret agency rule violates the constitutional right of due process. The
secrecy prevents meaningful review and allows for arbitrary enforcement.
John Gilmore is challenging the government's unpublished law or regulation
requiring passengers to present identification to fly on commercial
airlines. Gilmore argues that the requirement violates numerous
constitutional protections, including the rights to travel, petition and
freely assemble, be free from unreasonable search and seizure, and have
access to due process of law. Gilmore is petitioning to the Supreme Court
after the Ninth Circuit Court of Appeals ruled for the government earlier
this year.
"The secret identification directive acts as a legal obligation that
directly affects millions of travelers while providing no public notice or
allowing for the traditional checks on arbitrary or prejudicial
enforcement," EPIC wrote in its brief. "Unpublished, secret laws undermine
the very essence of self-government. Central to the American form of
government has been a longstanding commitment to public trials and to
openness in government decisionmaking."
EPIC urged the Supreme Court to grant Gilmore's petition for a writ of
certiorari so that it could review a "secret agency rule that offends the
Constitution and implicates the rights of millions of American travelers who
are presently subject to arbitrary and unaccountable governmental
authority."
Gilmore v. Gonzales site:
http://www.papersplease.org/gilmore/
EPIC's amicus brief to the Supreme Court:
http://www.epic.org/privacy/airtravel/gilmore_amicus2.pdf
EPIC's page on Passenger Profiling:
http://www.epic.org/privacy/airtravel/profiling.html
=======================================================================
[6] News in Brief
=======================================================================
EPIC Welcomes Three Members to Board of Directors
Three new members have joined EPIC's board of directors: Consumer attorney
Philip Friedman, security expert Bruce Schneier, and .ORG manager Edward
Viltz. The EPIC board of directors also elected Deborah Hurley as Chair,
Peter Neumann as Treasurer, and Jerry Kang as Secretary. Anita Allen,
Whitfield Diffie, and Marc Rotenberg continue their service to EPIC as
members of its board. Rotenberg thanked Barbara Simons for her long service
to EPIC. She recently stepped down from the board of directors after serving
as chair and treasurer.
EPIC's Board and Staff:
http://www.epic.org/epic/staff_and_board.html
EPIC Debuts Page on Violence Against Women Act
EPIC's has prepared a Web page reviewing the provisions of the Violence
Against Women Act that affect privacy. Since 1994, the Act has been the
premier way to set federal sexual assault and domestic violence policy.
The Act affects privacy in its regulation of federal rules of evidence;
confidentiality requirements in grant conditions; collection of data from
homeless shelter; definitions of cyberstalking; and provisions authorizing
DNA collection into federal databases. The page is a part of EPIC's recently
launched Privacy and Domestic Violence Project.
EPIC's Privacy and Domestic Violence Project:
http://www.epic.org/privacy/dv/
EPIC's page on the Violence Against Women Act and Privacy:
http://www.epic.org/privacy/dv/vawa.html
Dynamic Privacy Coalition Launched at Internet Governance Forum
In early November, more than 1,200 government, private, academic and civil
society representatives discussed issues of Web governance at the Internet
Governance Forum's first meeting. Attendees agreed to launch "dynamic
coalitions," multi-stakeholder groups that work together on a common issue
through the use of online collaboration tools and meetings.
Almost 50 groups, including EPIC, France's Foreign Ministry, Privacy
International and the World Bank, jointed to create the Dynamic Coalition on
Privacy. The group aims to further develop and clarify the public policy
aspects of privacy in Internet governance. The group will focus on the
issues of digital identities, the link between privacy and development, and
the importance of privacy and anonymity for freedom of expression. The
French government has offered to host a Dynamic Coalition on Privacy meeting
in Paris in early 2007.
European Digital Rights: "IGF Outcome: Dynamic Coalition on Privacy":
http://www.edri.org/edrigram/number4.21/coalition_privacy
European Experts Reject Use of RFID in ID Documents
European experts on identity management have released a declaration warning
against the use of radio frequency identification (RFID) technology in
identification documents. "By failing to implement an appropriate security
architecture, European governments have effectively forced citizens to adopt
new international Machine Readable Travel Documents which dramatically
decrease their security and privacy and increases risk of identity theft,"
according to the declaration. This comes soon after the release of a draft
report by the Department of Homeland Security Data Privacy and Integrity
Advisory Committee also recommending against the use of RFID in
identification documents. "RFID appears to offer little benefit when
compared to the consequences it brings for privacy and data integrity," the
committee said.
"Budapest Declaration" is available in several languages:
http://www.fidis.net/press-events/press-releases/
Department of Homeland Security Data Privacy and Integrity Advisory
Committee: The Use of RFID for Human Identification (pdf):
http://www.epic.org/redirect/dpiac1106.html
Almost 450 IRS Laptops Either Stolen or Lost Since 2003
The Internal Revenue Service is the latest federal agency to admit it has
lost or had stolen many laptop computers. Documents obtained by WTOP through
the Freedom of Information Act, show that from 2002 till now, the agency had
478 laptops either lost or stolen. The personal data of taxpayers, including
Social Security numbers, were in 112 computers. The IRS has announced that,
beginning in January, it "will be installing an automatic encryption system
that will encrypt all information on the hard drives." Other federal
agencies have reported such security breaches. The largest was revealed in
May, when the Department of Veterans Affairs announced that a hard drive and
laptop containing sensitive data on 26.5 million veterans, active duty
military personnel, and family members had been stolen from an employee's
home.
Internal Revenue Service:
http://www.irs.gov/
EPIC's page on the Veterans Affairs Data Theft:
http://www.epic.org/privacy/vatheft/
=======================================================================
[7] EPIC Bookstore: David Holtzman's "Privacy Lost"
=======================================================================
"Privacy Lost: How Technology Is Endangering Your Privacy" by David H.
Holtzman (Jossey-Bass 2006).
http://www.powells.com/partner/24075/biblio/0787985112
"While other books in the field focus on specific aspects of privacy or how
to avoid invasions, David H. Holtzman-a master technologist, internet
pioneer, security analyst, and former military codebreaker-presents a
comprehensive insider's exposi of the world of invasive technology, who's
using it, and how our privacy is at risk.
Holtzman starts out by categorizing privacy violations into "The 7 Sins
Against Privacy" and then goes on to explain in compelling and easy to
understand language exactly how privacy is being eroded in every aspect of
our lives.
"Holtzman vividly reveals actual invasions and the dangers associated with
the loss of privacy, and he takes a realistic look at the trade offs between
privacy and such vital issues as security, rights, and economic
development."
================================
EPIC Publications:
"Information Privacy Law: Cases and Materials, Second Edition" Daniel J.
Solove, Marc Rotenberg, and Paul Schwartz. (Aspen 2005). Price: $98.
http://www.epic.org/redirect/aspen_ipl_casebook.html
This clear, comprehensive introduction to the field of information privacy
law allows instructors to enliven their teaching of fundamental concepts by
addressing both enduring and emerging controversies. The Second Edition
addresses numerous rapidly developing areas of privacy law, including:
identity theft, government data mining and electronic surveillance law, the
Foreign Intelligence Surveillance Act, intelligence sharing, RFID tags, GPS,
spyware, web bugs, and more.
Information Privacy Law, Second Edition, builds a cohesive foundation for an
exciting course in this rapidly evolving area of law.
================================
"Privacy & Human Rights 2005: An International Survey of Privacy Laws and
Developments" (EPIC 2006). Price: $60.
http://www.epic.org/bookstore/phr2005/phr2005.html
This annual report by EPIC and Privacy International provides an overview of
key privacy topics and reviews the state of privacy in over 70 countries
around the world. The report outlines legal protections, new challenges, and
important issues and events relating to privacy.
Privacy & Human Rights 2005 is the most comprehensive report on privacy and
data protection ever published.
================================
"FOIA 2004: Litigation Under the Federal Open Government Laws," Harry
Hammitt, David Sobel and Tiffany Stedman, editors (EPIC 2004). Price:
$40.
http://www.epic.org/bookstore/foia2004
This is the standard reference work covering all aspects of the Freedom of
Information Act, the Privacy Act, the Government in the Sunshine Act, and
the Federal Advisory Committee Act. The 22nd edition fully updates the
manual that lawyers, journalists and researchers have relied on for more
than 25 years. For those who litigate open government cases (or need to
learn how to litigate them), this is an essential reference manual.
================================
"The Public Voice WSIS Sourcebook: Perspectives on the World Summit on the
Information Society" (EPIC 2004). Price: $40.
http://www.epic.org/bookstore/pvsourcebook
This resource promotes a dialogue on the issues, the outcomes, and the
process of the World Summit on the Information Society (WSIS). This
reference guide provides the official UN documents, regional and
issue-oriented perspectives, and recommendations and proposals for future
action, as well as a useful list of resources and contacts for individuals
and organizations that wish to become more involved in the WSIS process.
================================
"The Privacy Law Sourcebook 2004: United States Law, International Law, and
Recent Developments," Marc Rotenberg, editor (EPIC 2005). Price:
$40.
http://www.epic.org/bookstore/pls2004/
The Privacy Law Sourcebook, which has been called the "Physician's Desk
Reference" of the privacy world, is the leading resource for students,
attorneys, researchers, and journalists interested in pursuing privacy law
in the United States and around the world. It includes the full texts of
major privacy laws and directives such as the Fair Credit Reporting Act, the
Privacy Act, and the OECD Privacy Guidelines, as well as an up-to-date
section on recent developments. New materials include the APEC Privacy
Framework, the Video Voyeurism Prevention Act, and the CAN-SPAM Act.
================================
"Filters and Freedom 2.0: Free Speech Perspectives on Internet Content
Controls" (EPIC 2001). Price: $20.
http://www.epic.org/bookstore/filters2.0
A collection of essays, studies, and critiques of Internet content
filtering. These papers are instrumental in explaining why filtering
threatens free expression.
================================
EPIC publications and other books on privacy, open government, free
expression, crypto and governance can be ordered at:
EPIC Bookstore http://www.epic.org/bookstore
"EPIC Bookshelf" at Powell's Books
http://www.powells.com/features/epic/epic.html
================================
EPIC also publishes EPIC FOIA Notes, which provides brief summaries of
interesting documents obtained from government agencies under the Freedom of
Information Act.
Subscribe to EPIC FOIA Notes at:
https://mailman.epic.org/cgi-bin/control/foia_notes
=======================================================================
[8] Upcoming Conferences and Events
=======================================================================
FACEBOOK, What It Is, How It Works, Why It Matters to You, Audio Conference.
International Association of Privacy Professionals. December 7, 2006. For
more information:
https://www.privacyassociation.org/index.php?option=com_content&task=
view&id=8&Itemid=70
Assessing Current Privacy Issues. Riley Information Services, Inc.
February 21, 2007. Ottawa, Ontario, Canada. For more information:
http://www.rileyis.com/seminars/
5th Conference on Privacy and Public Access to Court Records. Center for
Legal and Court Technology and Administrative Office of the United States
Courts. March 22-23, 2007. Williamsburg, Virginia. For more
information:
http://www.courtaccess.org/
CFP2007: Computers, Freedom, and Privacy Conference. Association for
Computing Machinery. May 2007. Montreal, Canada. For more information:
http://www.cfp2007.org
======================================================================
Subscription Information
======================================================================
Subscribe/unsubscribe via web interface:
https://mailman.epic.org/cgi-bin/mailman/listinfo/epic_news
Back issues are available at:
http://www.epic.org/alert
The EPIC Alert displays best in a fixed-width font, such as Courier.
=======================================================================
Privacy Policy
=======================================================================
The EPIC Alert mailing list is used only to mail the EPIC Alert and to send
notices about EPIC activities. We do not sell, rent or share our mailing
list. We also intend to challenge any subpoena or other legal process
seeking access to our mailing list. We do not enhance (link to other
databases) our mailing list or require your actual name.
In the event you wish to subscribe or unsubscribe your e-mail address from
this list, please follow the above instructions under "subscription
information."
=======================================================================
About EPIC
=======================================================================
The Electronic Privacy Information Center is a public interest research
center in Washington, DC. It was established in 1994 to focus public
attention on emerging privacy issues such as the Clipper Chip, the Digital
Telephony proposal, national ID cards, medical record privacy, and the
collection and sale of personal information. EPIC publishes the EPIC Alert,
pursues Freedom of Information Act litigation, and conducts policy research.
For more information, see http://www.epic.org or write EPIC, 1718
Connecticut Ave., NW, Suite 200, Washington, DC 20009. +1 202
483 1140 (tel), +1 202 483 1248 (fax).
If you'd like to support the work of the Electronic Privacy Information
Center, contributions are welcome and fully tax-deductible. Checks should
be made out to "EPIC" and sent to 1718 Connecticut Ave., NW, Suite 200,
Washington, DC 20009. Or you can contribute online at:
http://www.epic.org/donate
Your contributions will help support Freedom of Information Act and First
Amendment litigation, strong and effective advocacy for the right of privacy
and efforts to oppose government regulation of encryption and expanding
wiretapping powers.
Thank you for your support.
------------------------- END EPIC Alert 13.23 -------------------------
.
--
This message has been scanned for viruses and dangerous content by the
NorMAN MailScanner Service and is believed to be clean.
The NorMAN MailScanner Service is operated by Information Systems and
Services, Newcastle University.
====
This e-mail is intended solely for the addressee. It may contain private and
confidential information. If you are not the intended addressee, please take
no action based on it nor show a copy to anyone. Please reply to this e-mail
to highlight the error. You should also be aware that all electronic mail
from, to, or within Northumbria University may be the subject of a request
under the Freedom of Information Act 2000 and related legislation, and
therefore may be required to be disclosed to third parties.
This e-mail and attachments have been scanned for viruses prior to leaving
Northumbria University. Northumbria University will not be liable for any
losses as a result of any viruses being passed on.
************************************************************************************
Distributed through Cyber-Society-Live [CSL]: CSL is a moderated discussion
list made up of people who are interested in the interdisciplinary academic
study of Cyber Society in all its manifestations.To join the list please visit:
http://www.jiscmail.ac.uk/lists/cyber-society-live.html
*************************************************************************************
|