Landau, "A Gateway for Hackers:
The Security Threat in
the New Wiretapping Law"

Presidential Candidate Bob Barr Speaks at Privacy 08 Event in Washington, DC
The Libertarian candidate for President Bob Barr spoke today at the National Press Club. The former Congressman urged the Republican and Democratic candidates to address the growing concerns in the United States about the protection of privacy. Mr. Barr is an outspoken critic of the REAL ID plan and the President's warrantless wiretapping program. The Privacy '08 Campaign is planning other forums for the candidates as the election approaches. (Sept. 5)

Conventions Begin, Privacy 08 Campaign Underway
With the Presidential Conventions beginning this week, EPIC has launched the Privacy 08 Campaign, a nonpartisan effort to promote privacy discussions during the 2008 Presidential campaign. After the political conventions are over, EPIC will host an event at the National Press Club on September 5, 2008 for one of the Presidential candidates who will speak about the privacy and civil liberties challenges facing the country. Join the Cause! Buy cool stuff! Support Privacy 08! (Aug. 25)

Appellate Court Holds that Watch List Decisions Subject to Court Review
A federal court has ruled that airline passengers who are on no-fly lists can sue to clear their names. The watch lists are filled with errors and generate many false positives, but adverse determinations are virtually impossible to challenge. Homeland Security Secretary Michael Chertoff has objected to court oversight, but refuses to disclose the details behind the lists. EPIC previously documented numerous errors and complaints regarding air travel watch lists. For more information, see EPIC's "Air Travel Privacy" page. (Aug. 21)

Warrantless Wiretapping Case Returns to Trial Court
Today, a lawsuit challenging AT&T's participation in President Bush's warrantless wiretapping program was sent back to trial court. The lawsuit arises from the government's surveillance of Americans' telephone and Internet communications in apparent violation of the Constitution and federal privacy laws. Telecom companies, including AT&T, helped the government spy on Americans. The trial court will apply recently-passed federal law to the case, which provides immunity for corporations' participation in the spy scheme under certain circumstances. In 2007, EPIC filed a "friend-of-the-court" brief in collaboration with the Stanford Constitutional Law Center, supporting judicial review of the domestic spy program. For more information, see EPIC's "Hepting v. AT&T" and "FISA" pages. (Aug. 21)

EPIC Protects Worker Privacy
In comments to the General Services Administration (GSA), EPIC argued for privacy protections for federal contractor employees. The GSA sought comments on implementing an executive order mandating that federal contractors use the E-Verify system. The GSA proposed rule would require that new hires and current employees be verified against databases known to contain millions of errors, with failures to verify leading to eventual termination. EPIC recommended fixing database errors, applying Privacy Act protections, and exempting current employees before implementing the rule. For more see EPIC's Spotlight on Surveillance: National Employment Database Could Prevent Millions of Citizens From Obtaining Jobs. (Aug. 11)

EPIC Argues for High Privacy Standard in Email Interception Case
EPIC submitted a brief in Bunnell v. MPAA, a case that could substantially impact email privacy. EPIC’s “friend of the court” brief supported the application of the federal Wiretap Act's protections to email messages in circumstances when the messages are briefly stored while they pass through mail servers. In Bunnell, a former employee hacked his ex-employer's corporate email server to secretly swipe private emails as they were transmitted. EPIC argued that the Wiretap Act applies to these sorts of circumstances by barring "interception" of electronic communications. EPIC has long advocated for application of the "interception" standard to email, and filed an amicus brief on this issue in 2004 in U.S. v. Councilman. For more information see EPIC's Bunnell v. MPAA page. (Aug. 7)

Registered Traveler Program Halted After Data Breach
The Clear registered traveler program suffered a security breach when a laptop was stolen. The laptop contains unencrypted personal information regarding approximately 33,000 travelers, including names and addresses, as well as passport and driver's license numbers. Government officials suspended new applications to the registered traveler scheme in the wake of the data theft. The Clear program permits users to bypass normal airport security lines after they enroll and undergo a background check. EPIC has warned of the privacy and security risks posed by registered traveler programs. For more information, See EPIC's Passenger Profiling page. (Aug. 5)

President Consolidates Surveillance Authority
President Bush has revised a key Executive Order that sets out the
authorities of the US intelligence agencies. Executive Order 12333 establishes the "Goals, Directions, Duties, and Responsibilities with Respect to United States Intelligence Efforts" as well as the "Conduct of Intelligence Activities." The Order was drafted by the Director of National Intelligence and grants the top Intelligence office new powers to coordinate domestic surveillance. EPIC previously warned the 9-11 Commission that new surveillance authorities require new forms of oversight. (Aug. 4).

Trade Commission Approves Data Breach Settlements, But Fails to Impose Monetary Penalties
The Federal Trade Commission has finalized settlements with TJX, Reed Elsevier, and Seisint. The settlements arose from data breaches, which exposed the sensitive personal information of over 500,000 consumers and resulted in millions of dollars in financial fraud. Earlier this year, EPIC filed comments with the FTC urging the Commission to include civil penalties in the settlements. EPIC wrote that civil penalties are necessary to provide incentives for companies to safeguard personal data. EPIC also noted that the FTC imposed $10 million in civil penalties in the Choicepoint case. The final agreements impose security and audit responsibilities, but no financial penalties. For more on data breaches and ID theft, see EPIC's Identity Theft: Its Causes and Solutions page. (Aug. 4)

Congressional Privacy Leaders Call for Internet Companies to Come Clean On Behavioral Profiling
Senior members of Congress have requested details of Internet companies' efforts to spy on their customers. The 33 targeted Internet companies, including AT&T, Time Warner, Microsoft, and Google, may be tracking the activities of Internet users. Congressman Edward J. Markey warned that "new technologies, such as ‘deep packet inspection' technologies, have the ability to track every single website that a consumer visits while surfing the Web." Charter Communications and Embarq previously came under fire for monitoring Internet users and suspended their activities. Members of Congress have now turned their attention to the leading telcos and Internet firms. For more information, see EPIC's page on Deep Packet Inspection and Privacy. (Aug. 4).

China to Spy on Olympic Visitors' Internet Activity
A Chinese intelligence agency has ordered foreign-owned hotels to install invasive snooping equipment that monitors Olympic visitors' Internet activity. Senator Sam Brownback announced that he has obtained an order from the Chinese Public Security Bureau that directs hotels to intercept and record the Internet activities of all guests, including “journalists, athletes’ families, and other visitors.” Senator Brownback observed that this directive contradicts China's pledge to the International Olympic Committee that the country would “maintain an environment free of government censorship during the Games.” The spying plan also contravenes longstanding international privacy and human rights norms, including Article 12 of the Universal Declaration of Human Rights, which prohibits “arbitrary interference with privacy, family, home or correspondence.” For more information, see EPIC’s Privacy and Human Rights report and EPIC’s page on Olympic Privacy. (July 30)

Health IT Bill Moves Forward in House with Some Privacy Safeguards
The House Commerce Committee today approved H.R. 6357, the Protecting Records, Optimizing Treatment, and Easing Communication through Healthcare Technology Act of 2008. The PRO(TECH)T Act will promote the adoption of health information technology that is intended to improve the delivery of healthcare services. The bill includes some security and privacy safeguards, such as data breach notification, though Patient Privacy Rights believes that stronger protections are necessary. EPIC made several suggestions to strengthen the privacy provisions. For more information see EPIC Medical Privacy. (July 23)

European Court of Human Rights Rules that Medical Data Breach Violates Fundamental Privacy Rights
The Finnish government will be required to pay a fine because it failed to protect the privacy of patient data against unauthorized access, according to a ruling from the European Court of Human Rights. The European Court held that Article 8 of the European Convention on Human Rights, which protects private life, includes an affirmative obligation to ensure the security of personal data. The Court also held that it was unreasonable to expect the petitioner to prove that the record had been misused. For more information on international privacy, see EPIC's Privacy and Human Rights report. (July 22)

Previous Top News Archive

Spotlight on Surveillance

Proposed ‘Enhanced’ Licenses Are Costly to Security and Privacy

Hot Topics

August 2008
Automated Targeting System
Deep Packet Inspection
Domestic Surveillance
Facebook
FISA
Fusion Centers
Google/DoubleClick
Iraqi Biometric Identification System
Medical Record Privacy
National ID
National Security Letters
Open Government
Olympic Privacy
Passport Privacy
Phone Records
Search Engine Privacy
Social Networking Privacy
Voter Registration Databases

EPIC Docket Highlights

August 2008
EPIC v. FTC
EPIC v. VSP (Fusion Centers)
EPIC FTC Complaint (Google)
Gonzales v. ACLU
EPIC v. DHS (passenger data)
EPIC v. DOJ (NSA surveillance)
EPIC v. DOJ (IOB reports)
EPIC v. DOD (TIA/fee waiver)
Illegal Sale of Phone Records

EPIC amicus briefs:
Bunnell v. MPAA (Wiretap)
Crawford v. Marion County (Voter ID)
Doe v. Chao (Privacy Act)
BATF v. Chicago (FOIA)
Watchtower Bible v. Stratton (Anonymity)
Reno v. Condon (DPPA)
Smith v. Doe (Megans Law)
Gilmore v. Ashcroft (Secrecy)
ACLU v. DOD (Secrecy)
Gonzales v. Doe (Wiretap)
Hepting v. AT&T (Wiretap)
Herring v. US (Errors in databases)
Hiibel v. Nevada (Anonymity)
IMS Health v. Ayotte
(Medical privacy)
Kehoe v. Fidelity Bank (Consumer privacy)
Kohler v. Englade (DNA)
NCTA v. FCC (Phone records privacy)
New Jersey v. Reid
(ISP subscriber privacy)
Peterson v. NTIA (WHOIS data)
US v. Councilman (Wiretap)

Complete EPIC Docket