=======================================================================
E P I C A l e r t
=======================================================================
Volume 16.08 April 28, 2009
-----------------------------------------------------------------------
Published by the
Electronic Privacy Information Center (EPIC)
Washington, D.C.
http://www.epic.org/alert/EPIC_Alert_16.08.html
"Defend Privacy. Support EPIC."
http://epic.org/donate
=======================================================================
EPIC 15th Anniversary Dinner and the
EPIC Champion of Freedom Awards
Cosmos Club, Washington, DC
June 9, 2009
EPIC@15 Invitation: http://www.epic.org/epic15/invite.pdf
Your Reply: http://epic.org/epic15/reply.pdf
Register (or donate to EPIC@15): http://epic.org/donate
=======================================================================
Table of Contents
=======================================================================
[1] EPIC Urges Massachusetts High Court to Protect Driver Privacy
[2] EPIC Testifies Before Congress on Internet Privacy
[3] Facebook Improves Privacy Safeguards
[4] Supreme Court Hears Case on Strip-Search of Young Student
[5] Federal Agency Proposes Medical Records Breach Rule
[6] News in Brief
[7] EPIC Bookstore: Safeguards in a World of Ambient Intelligence
[8] Upcoming Conferences and Events
- Join EPIC on Facebook http://epic.org/facebook
- Privacy Policy
- About EPIC
- Donate to EPIC http://epic.org/donate
- Subscription Information
=======================================================================
[1] EPIC Urges Massachusetts High Court to Protect Driver Privacy
=======================================================================
On April 20, 2009, EPIC filed a "friend of the court" brief in the
Massachusetts Supreme Judicial Court, urging the Justices to require a
warrant before police covertly track drivers using concealed
surveillance technology. In Commonwealth v. Connolly, the Court will
determine whether Massachusetts police must obtain a search warrant
before surreptitiously installing location tracking devices on
individuals' cars. The GPS-based systems record a vehicle's location
and speed around the clock, and transmit the data to law enforcement
agents. EPIC said the proliferation of police tracking devices
"creates a large, and largely unregulated, repository containing
detailed travel profiles of American citizens." The EPIC brief warned
that "law enforcement access to such information raises the specter
of mass, pervasive surveillance without any predicate act that would
justify this activity."
EPIC said that GPS systems are becoming increasingly widespread, and
identified particular growth among vehicle-installed GPS systems. The
federal government is currently tracking drivers in six states using
GPS tracking systems designed to assess a mileage tax as an adjunct or
replacement for federal gasoline tax revenue. Several states, including
Massachusetts, have proposed similar plans. Some private firms,
including UPS, mandate GPS tracking on their vehicles. Others, such as
OnStar, offer GPS tracking services to the public. The EPIC brief
explains that, as GPS trackers become more commonplace, it is easier
for law enforcement to engage in large-scale, simultaneous surveillance
of multiple individuals. Such ease raises the troubling prospect of
mass, pervasive surveillance. EPIC's brief urges the court to require a
warrant, based on independent judicial review of the evidence, prior to
law enforcement use of GPS tracking.
The brief details the privacy risks raised by warrantless GPS tracking.
GPS technology enables law enforcement to track and store details of
individuals' movements. Such details can produce "a detailed record of
travel to doctors' offices, banks, gambling casinos, tanning salons,
places of worship, political party meetings, bars, grocery stores,
exercise gyms, places where children are dropped off for school, play,
or day care, the upper scale restaurant and the fast food restaurant,
the strip club, the opera, the baseball game, the �wrong' side of town,
the family planning clinic, and the labor rally." Such surveillance
capabilities can be useful in solving crimes. But they represent a
significant limitation on citizens' freedom from scrutiny, and
therefore require oversight and independent review.
In Commonwealth v. Connolly, the defendant, Everett Connolly, sought to
suppress evidence generated through GPS surveillance. The trial court
admitted the evidence, and Connolly was convicted on drug charges.
Connolly appealed the suppression ruling, arguing that warrantless use
of GPS tracking technology by law enforcement agents violates the
Fourth Amendment's protection against unreasonable searches and
seizures.
The U.S. Supreme Court has not ruled on the propriety of warrantless
GPS tracking by police. In a 1983 case, U.S. v. Knotts, the Court
authorized warrantless law enforcement use of a "beeper." Beepers
allow pursuing officers to approximate the location of a fleeing
suspect, but gather far less information that GPS trackers. However,
the Court cautioned in Knotts that future technologies might require
a warrant if they became so sophisticated as to enable "twenty-four
hour surveillance of any citizen of this country ... without judicial
knowledge or supervision." In a 2007 case, U.S. v. Garcia, the
Seventh Circuit Court of Appeals warned that "new technologies
[including GPS tracking] enable, as the old (because of expense) do
not, wholesale surveillance." In that case, Judge Posner wrote that
mass, pervasive GPS tracking by law enforcement raises substantial
Fourth Amendment concerns.
"Friend-of-the-court," Brief by EPIC in Commonwealth v. Connolly
(Apr. 20, 2009):
http://epic.org/privacy/connolly/042009amicus.pdf
Massachusetts Supreme Judicial Court Docket page for
Commonwealth v. Connolly:
http://www.ma-appellatecourts.org/display_docket.php?dno=SJC-10355
EPIC's Commonwealth v. Connolly page:
http://epic.org/privacy/connolly/
=======================================================================
[2] EPIC Testifies Before Congress on Internet Privacy
=======================================================================
On April 23, 2009, EPIC President Marc Rotenberg testified before
the House Subcommittee on Communications, Technology and the
Internet on the "Recent Developments in Communications Networks and
Consumer Privacy." Mr. Rotenberg focused on the privacy risks of
deep packet inspection and other similar methods of analyzing
consumer internet traffic for Internet advertising.
While acknowledging that advertising plays an important role in
enabling services and information on the Internet, Mr. Rotenberg
said, "we believe it is becoming clear that unregulated collection
of consumer data is posing an increasing danger to online privacy
and maybe even to the economic model itself. A small number of
companies and large advertising networks are obtaining an
extraordinarily detailed profile of the interests, activities and
personal characteristics of Internet users."
According to EPIC, the threats of identity theft and security
breaches are also increasing. Several reports have been published
over the last few months detailing several cases of security
breaches across the country, and identity theft has been identified
as the number one crime committed in the United States. If the data
collection continues unregulated, Mr. Rotenberg warned, there was
every reason to anticipate that these problems would get worse.
EPIC President Marc Rotenberg also cautioned against the economic
harm to online publishing if internet advertising continued on its
current course. "Significantly also for the economics of the online
advertising industry, the profiles that are being developed are
increasingly untethered from the editorial content of web sites or
the business-customer relations that online consumers have with
particular companies. . . . . This has profound implications for the
future of online advertising and the relationship between users, web
publishers, and advertising networks," he said.
In the United Kingdom European Commissioner Viviane Reding began
legal proceedings against the UK government for violating EU law by
allowing Phorm, which pursued a business model employing deep packet
inspection, to go forward with its controversial Internet monitoring
plan. Commissioner Reding had alleged violations of both the 1995 EU
Directive concerning data protection as well as the 2002 EU
Directive concerning electronic communications.
Mr. Rotenberg also brought to the attention of the subcommittee that
service providers and their businesses partners also had an
obligation not to intercept the content of a communication except
for the purposes of providing the service, complying with a court
order or other similar legal obligation. The companies have not
demonstrated the viability of the non-PII model as it was easy to
reconstruct actual identity from network traffic. Therefore, it was
necessary to enact legislation to place the burden on the
advertising company to prevent the reconstruction of user identity.
Further, long term consequences of encouraging network-based
advertising was likely to degrade network security and privacy.
Mr. Rotenberg concluded, "Congress needs to keep a long-term view of
the growth of the Internet. If the claim of Internet advertisers
that they must have the unrestricted ability to monetize user
traffic goes unchallenged, users will face new privacy risks, web
publishers will find that their content is less valuable, and the
technical standards that are necessary for the integrity of the
Internet will be further delayed. Once down this road, it will be
difficult to turn back."
Other witnesses at the hearing were from Free Press, the Center for
Democracy and Technology, the National Cable and Telecommunications
Association, AT&T, Loopt, and BroadbandPolitics.
House Energy and Commerce Committee
http://www.energycommerce.house.gov/
Testimony of EPIC. Marc Rotenberg, April 23, 2009:
http://epic.org/privacy/dpi/rotenberg_HouseCom_4-09.pdf
"Communications Networks and Consumer Privacy: Recent Developments"
http://tiny.cc/WGojj
EPIC's Page on Deep Packet Inspection:
http://epic.org/privacy/dpi
EPIC's Page in Identity Theft:
http://epic.org/privacy/idtheft
=======================================================================
[3] Facebook Improves Privacy Safeguards
=======================================================================
Facebook announced the audited results of its vote on site governance.
Approximately 75 percent of the users who cast their votes supported
the Statement of Rights and Responsibilities and the new Facebook
Principles. Under the new Principles, Facebook users will "own and
control their information."
In February, Facebook changed is terms of Terms of Service and asserted
broad, permanent, and retroactive rights to users' personal information
- even after they deleted their accounts. The new terms attracted
severe criticism with close to 150,000 people joining a group
protesting its adoption. EPIC drafted a complaint which was supported
by more than a dozen consumer and privacy organizations stating unfair
and deceptive trade practices. However, hours before EPIC filed the
complaint with the Federal Trade Commission regarding the changes to
Facebook's Terms of Service, the social network service announced that
it will restore the original policy.
Subsequently, the social networking giant proposed a set of guidelines
and a statement of rights and responsibilities governing its
relationship with users and called for user comment on the principles,
which included "Ownership and Control of Information" and "Transparent
Process." Facebook further committed to "open[ing] up Facebook so that
users [could] participate meaningfully in [] policies and [the]
future." Comments were made over a 30-day period by individuals and
experts from various fields highlighting several concerns and proposed
changes.
Thereafter, in April, the governing documents were updated to reflect
feedback from users and experts. Users were asked to participate in a
vote to adopt these proposed rules or maintain the previous terms.
Facebook established a fan page for the purpose of keeping users
informed about site governance. EPIC supported the adoption of the news
term of service. With the new terms being adopted, Facebook granted its
users ownership and control of their information, and also agreed that
it would publicly make available information about its purpose, plans,
policies, and operations in the future. Facebook also took steps to
improve account deletion, to limit sublicenses, and to reduce data
exchanges with application developers. Facebook would have a town hall
process of notice and comment and a system of voting to encourage input
and discourse on amendments to these Principles or to the Rights and
Responsibilities.
Facebook Site Governance:
http://www.facebook.com/fbsitegovernance
Results of the Inaugural Facebook Site Governance Vote:
http://blog.facebook.com/blog.php?post=79146552130
Facebook Town Hall: Proposed Facebook Principles:
http://www.facebook.com/group.php?gid=54964476066
Facebook Town Hall: Proposed Statement of Rights & Responsibilities:
http://www.facebook.com/group.php?gid=67758697570
Facebook Terms of Service:
http://www.facebook.com/terms.php
People Against the New Terms of Service:
http://www.facebook.com/group.php?gid=77069107432
EPIC's Page on Social Networking Privacy:
http://epic.org/privacy/socialnet/default.html
=======================================================================
[4] Supreme Court Hears Case on Strip-Search of Young Student
=======================================================================
The Supreme Court heard a case involving a strip-search of a thirteen-
year-old girl by school officials looking for possession of an
ibuprofen tablet in violation of school policy. The search was
conducted based on allegation by another student, who had been caught
with the drug. The case involves whether the school violated Redding's
Fourth Amendment right to be free from unreasonable searches and, if
so, whether qualified immunity protects the school authorities from
liability.
Previously, a federal appellate court held that the search of the
student was unreasonable and that a school official could be liable
for violating the girl's Fourth Amendment rights. The petitioners
appealed to the Supreme Court and argued that the search was reasonable
based upon the allegations and the dangers of prescription drug abuse.
Additionally, the petitioners argued that the school officials must
have qualified immunity in exercising their discretion so that they are
free to exercise their judgment regarding drug abuse in schools and,
further, without such authority, the school authorities would not have
the ability to respond in the face of threats to student safety in
school.
Respondent April Redding argued that a strip search was unreasonable
since the school did not have any cause to believe that the student
had pills hidden in her undergarments, and that the school officials
should be held responsible. She contended that holding such a search
reasonable would enable school officials to conduct highly invasive
searches based on only minimal, vague suspicion.
The Supreme Court has previously addressed schools' authority to
conduct drug searches and tests to prevent proliferation of drug
abuse. In one case, the Supreme Court held that the Fourth Amendment's
prohibition on unreasonable searches and seizures applied to searches
conducted by public school officials by virtue of the special nature of
their authority over schoolchildren. However, the Court clarified that
school officials did not have to obtain a warrant before searching a
student who is under their authority if the officials have reasonable
grounds for suspecting that the search will turn up evidence that the
student has violated the law or the rules of the school. The court had
held that searches of students' belongings are permissible if the
measures adopted are reasonably related to the objectives of the search
and not excessively intrusive in light of the student's age and sex and
the nature of the infraction. However, the strip-searches of students
have not been addressed by the Court.
Supreme Court Docket:
http://origin.www.supremecourtus.gov/docket/08-479.htm
Brief for the petitioners:
http://epic.org/redirect/042809_SCOTUS_Redding_Pet.html
Brief for the respondents:
http://epic.org/redirect/042809_SCOTUS_Redding_Resp.html
Oral Arguments (transcript):
http://epic.org/redirect/042809_Redding_OralArguments.html
Ninth Circuit Decision:
http://epic.org/redirect/042809_Redding_CA9enbanc.html
Board of Education of Independent School District #92 Pottawatomie City
v. Earls
http://supct.law.cornell.edu/supct/html/01-332.ZS.html
New Jersey v. T.L.O:
http://epic.org/redirect/042809_NJvTLO.html
EPIC's Page on Student Privacy:
http://epic.org/privacy/student/
=======================================================================
[5] Federal Agency Proposes Medical Records Breach Rule
=======================================================================
The Federal Trade Commission has issued a notice of proposed rulemaking
and request for public comments regarding rules requiring vendors of
personal health records and related entities to notify individuals when
the security of their individually identifiable health information is
breached. The deadline for public comments is June 1, 2009.
The Recovery Act mandated the Department of Health and Human Services
to study, in consultation with the FTC, potential privacy, security,
and breach notification requirements to be submitted to the Congress
within a year. As an interim measure, the FTC is to enforce temporary
requirements which includes vendors of personal health records, PHR
related entities, third party service providers and online applications
that interact with such personal health records to notify customers in
the event of a breach. The proposed rule clarifies that it does not
apply to HIPAA-covered entities or to any entity's activities as a
business associate of a HIPAA-covered entity.
The Commission is seeking comments on the scope of the proposed rule
with respect to (1) the nature of entities to which the proposed rule
will apply; (2) the products and services offered; (3) the extent to
which the affected entities may be covered under HIPAA rules;
(4) whether some vendors of personal health records may have a dual
role as a business associate under HIPAA; and (5) circumstances when
such dual roles may lead to multiple breach notices.
The proposed rule adds Part 318 to 16 CFR and defines various terms
anew or borrows from other statutes including the Recovery Act. The
definitions include "breach of security;" "business associate;" "HIPAA-
-covered entity;" "personal health record;" "PHR identifiable health
information;" "PHR related entity;" "Third party service provider;"
"unsecured;" and "vendor of personal health records."
The notification requirements call for individual notification as well
as notification to the FTC to be made "without unreasonable delay" and
within 60 calendar days and 5 business days, respectively, after the
discovery of the breach. A section of the proposed rule addresses
methods of notice to individuals, the Commission, and the media.
Another section of the rule requires the content of the notice to
include a description of how the breach occurred; a description of the
types of information involved in the breach; steps to be taken by the
individual to protect from potential harm; and a description of action
being taken by the entity involved in the breach. The rule borrows
other sections heavily from the Recovery Act.
FTC Proposed Rule:
http://www.ftc.gov/os/2009/04/R911002healthbreach.pdf
Federal Register:
http://edocket.access.gpo.gov/2009/pdf/E9-8882.pdf
FTC Public Comment Submission (Deadline June 1, 2009):
http://www.ftc.gov/os/publiccomments.shtm
The American Recovery and Reinvestment Act of 2009:
http://epic.org/redirect/022309_Stimulus_Act.html
Subtitle D - Privacy:
http://epic.org/privacy/pdf/StimulusPassedBill-SubD.pdf
EPIC's Page on Medical Privacy:
http://epic.org/privacy/medical
EPIC's Page on Identity Theft:
http://epic.org/privacy/idtheft
=======================================================================
[6] News in Brief
=======================================================================
Body Scanner Legislation Introduced in Congress
Congressman Jason Chaffetz (R-UT) introduced legislation before
Congress seeking a ban on Whole-Body Imaging devices from being used by
the Transportation Security Administration in various airports across
America. The legislation seeks to bar the highly expensive scanners
from being used as the sole or primary method of screening a passenger
unless another method of screening, such as metal detection,
demonstrated cause for preventing such passenger from boarding an
aircraft. The proposed statute also gives passengers who are to be
scanned, the right to information on the operation of such technology,
the image generated by the machine, privacy policies relating to such
technology, and the right to request a pat-down search prior to the use
of WBI scanners. The bill also prohibits the use of images generated by
the scanners from being stored, transferred, shared or copied in any
form after the boarding determination is made. Describing the existing
method as unnecessary to securing an airplane, Congressman Chaffetz
stated that the new law was to "balance the dual virtues of safety and
privacy."
Congressman Chaffetz Seeks to Ban Whole-Body Imaging at Airports:
http://epic.org/redirect/042809_Chaffetz_WBI.html
Congressman Jason Chaffetz:
http://www.chaffetz.house.gov/about/index.shtml
Aircraft Passenger Whole-Body Imaging Limitations Act, H.R. 2027:
http://epic.org/redirect/042809_Chaffetz_WBI_LimiAct.html
TSA - Whole Body Imaging:
http://www.tsa.gov/approach/tech/body_imaging.shtm
Transportation Security Administration:
http://www.tsa.gov
EPIC's Page on Whole-Body Imaging:
http://epic.org/privacy/airtravel/backscatter/
FTC Report Released on Mobile Commerce Marketplace
The Federal Trade Commission staff issued a report based upon a public
town hall meeting held last year to explore consumer protection issues
arising in the mobile commerce marketplace. The report, "Beyond Voice:
Mapping the Mobile Marketplace," highlights the problems associated
with mobile services cost disclosures leading to consumer complaints.
Another problem is the impact on consumers of unwanted mobile text
messages. The federal agency and its law enforcement partners would
monitor the situation and take law enforcement action as needed.
Wireless carriers currently block vast amounts of mobile text spam
every month. The report also acknowledged the increasing use of
smartphones to access the mobile Web in presenting unique privacy
challenges, especially regarding children. The federal agency agreed to
expedite the regulatory review of the Children's Online Privacy
Protection Rule to determine whether the rule should be modified to
address changes in the mobile marketplace.
Beyond Voice: Mapping the Mobile Marketplace:
http://www.ftc.gov/opa/2009/04/mobilerpt.shtm
EPIC's Page on The Children's Online Privacy Protection Act:
http://epic.org/privacy/kids/
White House Names First Chief Technology Officer
President Barack Obama appointed Virginia's Secretary of Technology,
Aneesh Paul Chopra, as the Chief Technology Officer. Chopra's duty will
include promotion of technological innovation to help the country meet
its goals from job creation, to reducing health care costs, to
protecting the homeland. Together with Chief Information Officer, Vivek
Kundra, the objective is to help give all Americans a government that
is effective, efficient, and transparent. Chopra, led Virginia's
strategy to effectively leverage technology in government reform, promote
innovation agenda, and to foster technology-related economic development.
Previously, he had worked as Managing Director with the Advisory Board
Company, leading the firm's Financial Leadership Council and the Working
Council for Health Plan Executives.
The White House, Office of the Press Secretary, April 18, 2009:
http://epic.org/redirect/042809_ChopraIsCTO.html
Health Department Issues Guidance on Medical Records Security
The Department of Health and Human Services has released a guidance
on protecting health information by rendering them unusable,
unreadable, or indecipherable to individuals not having authorization.
The guidance on protecting information is based upon the use of
encryption as described in NIST Special Publications 800-111, Guide
to Storage Encryption Technologies for End User Devices; and the
guidance to rendering them unreadable is based on the use of techniques
described in NIST Special Publications 800-88, Guidelines for Media
Sanitization. The HHS is seeking public comments about the rulemaking
till May 21, 2009.
Federal Register:
http://edocket.access.gpo.gov/2009/pdf/E9-9512.pdf
NIST Special Publications 800-111, Guide to Storage Encryption
Technologies for End User Devices:
http://csrc.nist.gov/publications/nistpubs/800-111/SP800-111.pdf
NIST Special Publications 800-88, Guidelines for Media Sanitization:
http://epic.org/redirect/042809_NIST_SP800-88.html
Senate to Investigate NSA "Overcollection"
Senator Dianne Feinstein has announced that the Senate Intelligence
Committee will hold a hearing on the National Security Agency's
interception of phone calls and private e-mail messages of Americans.
Recently, the New York Times reported that the NSA's activities went
beyond the legal limits established by the Congress last year. EPIC
has a related lawsuit asking a federal court to force the release of
memos on the legal authority for domestic surveillance of American
citizens.
Senator Dianne Feinstein:
http://feinstein.senate.gov/public/
Statement of Senator Feinstein on NSA Wiretapping Report,
April 16, 2009:
http://epic.org/redirect/042809_FeinsteinOnNSAWiretap.html
Senate Intelligence Committee:
http://intelligence.senate.gov/
National Security Agency:
http://www.nsa.gov/
Officials Say U.S. Wiretaps Exceeded Law, New York Times,
April 16, 2009:
http://www.nytimes.com/2009/04/16/us/16nsa.html
FISA Amendments Act of 2008:
http://epic.org/redirect/042809_FISA2008Amend.html
US Senate Voting on FISA Amendments:
http://epic.org/redirect/042809_SenateFISAVote.html
EPIC's Page on Freedom of Information Act Work on the National
Security Agency's Warrantless Surveillance Program:
http://epic.org/privacy/nsa/foia/default.html
FCC Seeks Comments on Broadband Privacy Safeguards
The Federal Communications Commission announced that it would develop a
plan to expand broadband access which would attempt to "ensure that
every American has access to broadband capability," and would be
submitted to Congress in February 2010. The Commission is seeking
comments from the public concerning on how to best safeguard consumers'
privacy in the face of technologies such as deep packet inspection and
behavioral advertising. Chairman Michael J. Copps identified priorities
for the broadband expansion, including "avoiding invasions of people's
privacy." EPIC previously advocated for the FCC to require strong
privacy safeguards for telephone customers' personal information, and
protect wireless subscribers from telemarketing.
FCC Launches Development of National Broadband Plan:
http://hraunfoss.fcc.gov/edocs_public/attachmatch/DOC-289900A1.pdf
EPIC's Page on NCTA v. FCC:
http://epic.org/privacy/nctafcc/
EPIC's Comments to FCC against Cellphone Marketing:
http://epic.org/privacy/telemarketing/fcc_aca_05-11-06.html
EPIC's Page on Deep Packet Inspection:
http://epic.org/privacy/dpi
E-Verify Postponed by Federal Government
The Federal Government is suspending the implementation of an Executive
Order that mandates federal contractors to use E-Verify. The order
requires the use of E-Verify for all federal contractors if services
exceeding $3,000 is provided. The governments is seeking to review the
entire rule prior to its application to federal contractors and
subcontractors. EPIC has noted that E-Verify could deny many eligible
individuals - including U.S. citizens and legal immigrants - the
opportunity to work, and is ineffective as a solution to U.S.
immigration problems. Last year, EPIC had filed a Freedom of
Information request with the DHS seeking documents concerning promotion
of E-Verify.
Postponement Notice:
http://edocket.access.gpo.gov/2009/pdf/E9-8849.pdf
DHS E-Verify program:
http://www.dhs.gov/e-verify
EPIC, "Spotlight on Surveillance: E-Verify System - DHS Changes Name,
But Problems Remain for U.S. Workers.":
http://epic.org/privacy/surveillance/spotlight/0707/default.html
"Employment Verification - Challenges Exist in Implementing a Mandatory
Electronic Employment Verification System," United States Government
Accountability Office," June 10, 2008:
http://www.gao.gov/new.items/d08895t.pdf
=======================================================================
[7] EPIC Bookstore: Safeguards in a World of Ambient Intelligence
=======================================================================
"Safeguards in a World of Ambient Intelligence"
by David Wright, Serge Gutwirth, Michael Friedewald, Elena
Vildjiounaite, and Yves Punie. (Editors and Authors)
http://www.amazon.com/gp/product/1402066619?tag=e03a6-20
The most entertaining part of the book "Safeguards in a World of
Ambient Intelligence" is hidden in one of its forewords. "How do I like
this book?" Gary T. Marx asks, "Let me count the ways. If this were a
musical comedy, the first song would be 'SWAMI, How I love ya, How I
love ya'..." While this rare display of playful humor may leave readers
puzzled in the beginning, towards the end they may join Marx on stage
to sing along, as if this were a musical comedy. But SWAMI is not a
musical comedy. Instead, the book is a refreshing contribution to the
literature on ambient intelligence (AmI), which is, according to the
editors, a "...phrase coined to describe a world in which
'intelligence' is embedded in virtually everything around us."
The editors frame the book as a warning. Not in an attempt to scare,
but rather to inform and advise everyone in society about the potential
harms caused by AmI. Many discussions surrounding AmI emphasize the
benefits such as greater user friendliness, efficiency, user
empowerment and support for human interactions. SWAMI provides a
glimpse into the other side of the story. The book's warning is
successfully accomplished in part through its powerful usage of dark
scenarios. In a classic display of show rather than tell, the editors
incorporate four dark scenarios to demonstrate how the manifestation
of AmI in contemporary society can have undesired consequences. As the
editors note, "We call them dark scenarios, because they show things
that could go wrong in an AmI world, because they present visions of
the future that we do not want to become reality. The scenarios expose
threats and vulnerabilities as a way to inform policy-makers and
planners about issues they need to take into account in developing new
policies or updating existing legislation."
The dark scenario of the AmI family may bring across the most powerful
message to its readers because it eloquently depicts how AmI can
influence every day life in a negative way leading to feelings of loss
of control. In the AmI family example this occurs largely as a result
of identity theft and inadequate profiling, but other issues remain
such as data laundering and illegal interception.
The editors use the scenarios as an effective transition into a more
general description of vulnerabilities and threats. "Many of the
threats to our privacy today..." the editors acknowledge "...will still
be encountered in our AmI future. The same will be true if the threats
to our identity and security as well as to our general willingness to
trust other people, technologies and services." If anything the
threats, including function creep, identity theft, surveillance and
profiling, can be magnified through the incorporation of AmI, which
could lead to graver consequences.
The book, however, goes beyond the mere exposure of the principal
threats and vulnerabilities present in society and identifies several
safeguards and recommendations. The editors classify a wide variety of
technological, socio-economic, and legal and regulatory safeguards.
They use these safeguards to formulate subsequent recommendations,
primarily geared toward the European Commission. The editors
demonstrate a charming sense of realism when they write, "Perhaps we
have identified too many safeguards or made too many recommendations,
at least, in the sense that so many may seem daunting." And
intelligently resolve this problem through identifying the top six
recommendations for the European Commission. The editors call for,
among other things, a formalized risk assessment/risk management
process and an awareness campaign to educate society in general, and
the public specifically about the arrival of AmI and its associated
benefits along with its risks.
Overall, returning to Marx's comparison with the musical comedy,
SWAMI is difficult not to love. The tone of the book is realistic
without being overly pessimistic. The editors manage to prevent the
alienation of readers who may disagree with their 'warning'� "Some
people..." the editors write "...undoubtedly, and perhaps even
justifiably, might argue that the development of ambient intelligence
per se does not require a formalized risk assessment/risk management
process. But ambient intelligence, as wonderful as it may seem,
despite its many benefits, will not be risk free; it poses serious
risks, not only to our privacy (and, as a consequence, to our
democratic values), but also to our security (social safety)." And
there are few, if any, who can negate this claim after reading SWAMI.
-- Nicole van der Meulen
================================
EPIC Publications:
"Litigation Under the Federal Open Government Laws 2008," edited by
Harry A. Hammitt, Marc Rotenberg, John A. Verdi, and Mark S. Zaid
(EPIC 2008). Price: $60.
http://epic.org/bookstore/foia2008/
Litigation Under the Federal Open Government Laws is the most
comprehensive, authoritative discussion of the federal open access
laws. This updated version includes new material regarding the
substantial FOIA amendments enacted on December 31, 2007. Many of the
recent amendments are effective as of December 31, 2008. The standard
reference work includes in-depth analysis of litigation under Freedom
of Information Act, Privacy Act, Federal Advisory Committee Act,
Government in the Sunshine Act. The fully updated 2008 volume is the
24th edition of the manual that lawyers, journalists and researchers
have relied on for more than 25 years.
================================
"Information Privacy Law: Cases and Materials, Second Edition" Daniel
J. Solove, Marc Rotenberg, and Paul Schwartz. (Aspen 2005). Price: $98.
http://www.epic.org/redirect/aspen_ipl_casebook.html
This clear, comprehensive introduction to the field of information
privacy law allows instructors to enliven their teaching of fundamental
concepts by addressing both enduring and emerging controversies. The
Second Edition addresses numerous rapidly developing areas of privacy
law, including: identity theft, government data mining and electronic
surveillance law, the Foreign Intelligence Surveillance Act,
intelligence sharing, RFID tags, GPS, spyware, web bugs, and more.
Information Privacy Law, Second Edition, builds a cohesive foundation
for an exciting course in this rapidly evolving area of law.
================================
"Privacy & Human Rights 2006: An International Survey of Privacy Laws
and Developments" (EPIC 2007). Price: $75.
http://www.epic.org/phr06/
This annual report by EPIC and Privacy International provides an
overview of key privacy topics and reviews the state of privacy in over
75 countries around the world. The report outlines legal protections,
new challenges, and important issues and events relating to privacy.
Privacy & Human Rights 2006 is the most comprehensive report on privacy
and data protection ever published.
================================
"The Public Voice WSIS Sourcebook: Perspectives on the World Summit on
the Information Society" (EPIC 2004). Price: $40.
http://www.epic.org/bookstore/pvsourcebook
This resource promotes a dialogue on the issues, the outcomes, and the
process of the World Summit on the Information Society (WSIS). This
reference guide provides the official UN documents, regional and
issue-oriented perspectives, and recommendations and proposals for
future action, as well as a useful list of resources and contacts for
individuals and organizations that wish to become more involved in the
WSIS process.
================================
"The Privacy Law Sourcebook 2004: United States Law, International Law,
and Recent Developments," Marc Rotenberg, editor (EPIC 2005). Price:
$40.
http://www.epic.org/bookstore/pls2004/
The Privacy Law Sourcebook, which has been called the "Physician's Desk
Reference" of the privacy world, is the leading resource for students,
attorneys, researchers, and journalists interested in pursuing privacy
law in the United States and around the world. It includes the full
texts of major privacy laws and directives such as the Fair Credit
Reporting Act, the Privacy Act, and the OECD Privacy Guidelines, as
well as an up-to-date section on recent developments. New materials
include the APEC Privacy Framework, the Video Voyeurism Prevention Act,
and the CAN-SPAM Act.
================================
"Filters and Freedom 2.0: Free Speech Perspectives on Internet Content
Controls" (EPIC 2001). Price: $20.
http://www.epic.org/bookstore/filters2.0
A collection of essays, studies, and critiques of Internet content
filtering. These papers are instrumental in explaining why filtering
threatens free expression.
================================
EPIC publications and other books on privacy, open government, free
expression, crypto and governance can be ordered at:
EPIC Bookstore
http://www.epic.org/bookstore
"EPIC Bookshelf" at Powell's Books
http://www.powells.com/bookshelf/epicorg.html
================================
EPIC also publishes EPIC FOIA Notes, which provides brief summaries of
interesting documents obtained from government agencies under the
Freedom of Information Act.
Subscribe to EPIC FOIA Notes at:
https:/mailman.epic.org/mailman/listinfo/foia_notes
=======================================================================
[8] Upcoming Conferences and Events
=======================================================================
"THE FUTURE OF PRIVACY: What's Next?" - a one day seminar.
April 28, 2009, Cartier Suites Hotel, 180 Cooper Street,
Ottawa, Canada. For more information,
http://www.rileyis.com/seminars/
2009 FTC Workshop: Best Practices for Business: Protecting
Personal Information and Fighting Fraud with the Red Flags Rule:
Pope Auditorium, Lincoln Center Campus, Fordham School of Law's
Center for Law and Information Policy, 113 West 60th Street,
New York, NY 10023. For more information,
http://www.ftc.gov/bcp/workshops/infosecurity/index.shtml
"2nd Annual Research Symposium for the Identity, Privacy and
Security Initiative," , May 6, 2009, University of Toronto.
For more information, http://www.ipsi.utoronto.ca/site4.aspx
IEEE Symposium on Security and Privacy, May 17-20, 2009,
The Claremont Resort, Oakland, California. For more information,
http://oakland09.cs.virginia.edu/
Web 2.0 Security & Privacy 2009, Thursday, May 21,
The Claremont Resort, Oakland, California. For more information,
http://w2spconf.com/2009/
Computers, Freedom, and Privacy, 19th Annual Conference, Washington,
D.C., June 1-4, 2009. For more information,
http://www.cfp2009.org/wiki/index.php/Main_Page
"The Transformation of Privacy Policy," Institutions, Markets
Technology Institute for Advanced Studies (IMT)Lucca, Italy, July 2-4,
2009.
=======================================================================
Join EPIC on Facebook
=======================================================================
Join the Electronic Privacy Information Center on Facebook
http://epic.org/facebook
Start a discussion on privacy. Let us know your thoughts.
Stay up to date with EPIC's events.
Support EPIC.
=======================================================================
Privacy Policy
=======================================================================
The EPIC Alert mailing list is used only to mail the EPIC Alert and to
send notices about EPIC activities. We do not sell, rent or share our
mailing list. We also intend to challenge any subpoena or other legal
process seeking access to our mailing list. We do not enhance (link to
other databases) our mailing list or require your actual name.
In the event you wish to subscribe or unsubscribe your e-mail address
from this list, please follow the above instructions under "subscription
information."
=======================================================================
About EPIC
=======================================================================
The Electronic Privacy Information Center is a public interest research
center in Washington, DC. It was established in 1994 to focus public
attention on emerging privacy issues such as the Clipper Chip, the
Digital Telephony proposal, national ID cards, medical record privacy,
and the collection and sale of personal information. EPIC publishes the
EPIC Alert, pursues Freedom of Information Act litigation, and conducts
policy research. For more information, see http://www.epic.org or write
EPIC, 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009. +1 202
483 1140 (tel), +1 202 483 1248 (fax).
=======================================================================
Donate to EPIC
=======================================================================
If you'd like to support the work of the Electronic Privacy Information
Center, contributions are welcome and fully tax-deductible. Checks
should be made out to "EPIC" and sent to 1718 Connecticut Ave., NW,
Suite 200, Washington, DC 20009. Or you can contribute online at:
http://www.epic.org/donate
Your contributions will help support Freedom of Information Act and
First Amendment litigation, strong and effective advocacy for the right
of privacy and efforts to oppose government regulation of encryption and
expanding wiretapping powers.
Thank you for your support.
=======================================================================
Subscription Information
=======================================================================
Subscribe/unsubscribe via web interface:
http://mailman.epic.org/mailman/listinfo/epic_news
Back issues are available at:
http://www.epic.org/alert
The EPIC Alert displays best in a fixed-width font, such as Courier.
------------------------- END EPIC Alert 16.08 ------------------------
.