Tuesday, June 22, 2010

privacy - [EPIC NEWS] EPIC Alert 17.12: 21Jun10

From: EPIC Alert  Sent: Tuesday, June 22, 2010  Published by the  Electronic Privacy Information Center (EPIC),  Washington, D.C.

source: http://www.epic.org/alert/epic_alert_1712.html   "Defend Privacy. Support EPIC."   http://epic.org/donate
Table of Contents
[1] EPIC Recommends Consumer Privacy Protections for Smart Grid
[2] Privacy Commissioner Awards $500,000 to Advance Privacy Research
[3] Investigations of Google Street View Widen
[4] Supreme Court Finds Search of Employee's Text Messages "Reasonable"
[5] New Cybersecurity Legislation Introduced
[6] News in Brief
[7] EPIC Bookstore: "The Facebook Effect"
[8] Upcoming Conferences and Events

TAKE ACTION: Stop Airport Strip Searches!
- JOIN Facebook Group "Stop Airport Strip Searches" and INVITE Friends
[1] EPIC Recommends Consumer Privacy Protections for Smart Grid
In formal comments to the California Public Utility Commission, EPIC said that utility customers should have control over the use of their personal information generated by Smart Grid services. EPIC warned that otherwise companies will use the data for purposes not related to electricity delivery, consumption management, or payment.

The term "Smart Grid" encompasses a host of inter-related technologies intended to reduce or manage electricity consumption. Smart grid devices provide real-time or near real-time communication between electricity service providers, users, and/or third party electricity usage management service providers. The capabilities of smart grid systems could extend even to monitoring usage of individual electronic devices, such as washing machines, hot water heaters, pool pumps, entertainment centers, lighting fixtures, and heating and cooling systems.

Privacy recommendations for smart grid technology center on the collection, retention, sharing, or reuse of individuals' electricity consumption information. Without proper privacy guards in place, the information gathered and disclosed by smart grid systems could be used to track the behaviors and habits of individuals within their homes, with consequences ranging from third-party targeted solicitation to investigation for illicit behavior.

In its latest comments to the California Public Utility Commission, EPIC expressed concern over the collection, retention, use or reuse of smart grid data for purposes not related to electricity delivery or management. EPIC agreed with the Commission's proposal to adopt criteria for assessing the privacy impact of implementing smart grid technologies, but recommended that the requirement extend to third party service providers. Additionally, EPIC urged the Commission to adopt a rigorous "baseline" for privacy criteria, exceeding the security framework of the National Institute of Standards and Technology, so as to "benchmark end-to-end trustworthiness."

EPIC previously filed comments with the California Public Utility Commission regarding smart grid technologies in March and April 2010.  EPIC also led a coalition effort to submit comments to the National Institute of Standards and Technology regarding Smart Grid and privacy.

• EPIC: June CPUC Smart Grid Comments      http://www.epic.org/redirect/062110smtgridcmmt.html
• EPIC: April CPUC Smart Grid Comments      http://epic.org/privacy/smartgrid/EPIC_Reply_CPUC_4-20-10.pdf
• EPIC: March CPUC Smart Grid Comments      http://epic.org/privacy/smartgrid/EPIC_03_10_CPUC_Comments.pdf
EPIC: The Smart Grid and Privacy      http://epic.org/privacy/smartgrid/smartgrid.html
EPIC: NIST Smart Grid Comments      http://www.epic.org/redirect/062110smtgridcmmt2.html
• CPUC Smart Grid Proposal      http://docs.cpuc.ca.gov/efile/PD/118336.pdf
[2] Privacy Commissioner Awards $500,000 to Advance Privacy Research

On June 3, 2010, Canadian Privacy Commissioner Jennifer Stoddart announced the recipients of the Office of the Privacy Commissioner's 2010-2011 Contributions Program. This year's projects involve research initiatives that focus on the Office's four key privacy priority areas: national security, identity integrity and protection, information technology, and genetic privacy.

This year's Contributions Program recipients are advancing privacy research in a number of areas including targeted online advertising, data-sharing by national security programs, video surveillance in public spaces, and online health record databases. Individual grants range from $11,000-$50,000.

Created in 2004 to support non-profit research on privacy, public policy, and the protection of personal information, the Contributions Program is highly regarded and considered one of the foremost privacy research funding programs in the world. To date, the program has allocated over $2 million to more than 60 initiatives in Canada.

In the United States, the Rose Foundation funds similar projects through its Consumer Privacy Rights Fund. The Consumer Privacy Rights Fund awards grants ranging from $25,000-$150,000 to support privacy-related research, education, advocacy and policy development.  EPIC recently acknowledged the work of the Rose Foundation at the 2010 EPIC Champion of Freedom Awards Dinner as the leading supporter of consumer privacy in the United States.

• Press Release by the Canadian Privacy Commissioner's Office on the  2010-11 Contributions Program       http://www.priv.gc.ca/media/nr-c/2010/nr-c_100603_cp_e.cfm
• 2010-2011 Contributions Program Recipients    http://www.priv.gc.ca/resource/cp/2010-2011/cp_bg_e.cfm
• The Rose Foundation: Consumer Privacy Rights Fund    http://www.rosefdn.org/article.php?id=260
• EPIC: 2010 EPIC Champion of Freedom Awards Dinner    http://epic.org/june2/

{3] Investigations of Google Street View Widen

Investigations into Google's use of its Street View vehicles, which have been operating in thirty countries between 2007 and 2010, have intensified. These vehicles are equipped with multi-directional digital cameras and are driven through cities capturing pedestrian-eye photographs which are then matched to corresponding locations in Google Maps. Now, Google has admitted that the cars also collected WiFi data.

On June 9, 2010, Google contradicted its earlier statements regarding the collection and storage of "payload" data in a letter to the House Energy and Commerce. Google's letter was in response to a letter from House members Henry Waxman (D-CA), Joe Barton (R-TX), and Edward Markey (D-MA) to CEO Eric Schmidt demanding answers about Google's Street View data collection.

Google's latest admission raises questions about whether Google violated federal and state wiretap laws and privacy laws. Rep. Barton said that the matter "warrants a hearing, at minimum" and that Google's conduct is "ironic in view of the fact that Google is lobbying the government to regulate Internet service providers, but not Google."  Rep. Markey declared, "We will continue to actively and aggressively  monitor developments in this area."

Congress is not alone in its interest in Street View. The Federal Communications Commission (FCC) has indicated that it is considering launching its own investigation. Joel Gurin, the Chief of the FCC's Consumer and Governmental Affairs Bureau, warned consumers that Google's "behavior" raises important privacy concerns, stating that the collection of Wi-Fi data, "whether intentional or not . . . clearly infringes on consumer privacy." He also said that the FCC Public Safety and Homeland Security Bureau is "now addressing cyber security as a high priority." EPIC recently wrote to the FCC urging the agency to open such an investigation because "[t]he Commission plays a critical role in safeguarding the integrity of communications networks and the  privacy of American consumers."

Several U.S. states have also opened investigations into Google Street View. The attorneys general of Connecticut, Illinois, Massachusetts, Michigan, and Missouri have all issued formal statements announcing such investigations, and Maryland and New York are also reported to be pursuing investigations. Connecticut Attorney General Richard Blumenthal has described Google's "driveby data sweeps" of WiFi networks as "deeply disturbing, a potentially impermissible, pernicious invasion of privacy."

Global scrutiny of Google Street View has been intensifying as well.  The UK-based privacy watchdog Privacy International (PI) claims that an audit of Google's Street View data collection shows that Google separated out and systematically stored network content obtained from private Wi-Fi devices. According to PI, the audit proves that Google's collection and storage of the data was intentional, despite Google's insistence  that it "mistakenly" collected and stored the data. France's National Commission on Computing and Liberty (CNIL), meanwhile, has released preliminary results of its Google Street View investigation. According to the CNIL, Google "saved passwords for access to mailboxes" and obtained content of electronic messages. The CNIL is pursuing the investigation to determine whether Google engaged in "unfair and unlawful collection of data" as well as "invasion of privacy and individual liberties." In addition to the UK and France, at least 16 other countries are conducting their own investigations.

• Google Blog Post Admitting Collection of WiFi Payload Data  http://www.epic.org/redirect/062110googlepayloaddata.html
FCC statement warning consumers about Google and privacy risks http://reboot.fcc.gov/blog?authorId=68593
Letter from Representatives Waxman, Barton, and Markey to Google CEO Eric Schmidt demanding answers about Street View  http://www.epic.org/redirect/062110repletter.html
EPIC: Letter to FCC Regarding Google  http://epic.org/2010/05/epic-urges-federal-communicati-1.html
Privacy International: Statement Regarding Google Streetview and  Wifi Data Collection   http://www.epic.org/redirect/062110privacyintl.html
Preliminary Results of French CNIL investigation (English)  http://www.epic.org/redirect/062110frenchinvestigation.html
[4] Supreme Court Finds Search of Employee's Text Messages "Reasonable"
On June 17, the U.S. Supreme Court held that an employer's warrantless review of an employee's text messages did not constitute an unreasonable search under the Fourth Amendment. Justice Kennedy's opinion for the Court found the search to be an "investigation of work-related misconduct." Because the search was "reasonably related to the objectives of the search and not excessively intrusive," it did not violate the Fourth Amendment.

Respondent Jeff Quon was a sergeant and SWAT team member for petitioner City of Ontario's police department. In 2001, the City issued pagers to Quon and other SWAT team members. The pagers had monthly character limits, and the City was charged overages for exceeding these limits. Quon regularly exceeded the character limits, but reimbursed the City for the overages rather than be audited. Regardless, after a few months the City did audit the messages Quon sent while on duty. The audit turned up private messages, some of which were sexually explicit. Quon was disciplined, and subsequently brought suit, alleging the audit violated his Fourth Amendment right against unreasonable searches and seizures.

In March, EPIC submitted a "friend of the court" brief urging the court to find such reviews of electronic communications unconstitutional. The EPIC brief argued that broad searches of personal communications do not respect basic principles of information security. These reviews also reveal sensitive information, ultimately putting individuals at risk. EPIC encouraged the Court to adopt the Comprehensive Drug Testing framework, which states five guidelines for performing searches on electronic records.

Comprehensive Drug Testing v. United States:  http://www.epic.org/redirect/062110cdtvus.html

[5] New Cybersecurity Legislation Introduced

On June 10, 2010, Senators Lieberman, Collins, and Carper of the Senate Homeland Security & Governmental Affairs Committee introduced the Protecting Cyberspace as a National Asset Act of 2010.  The Committee held a hearing on the legislation on June 15, 2010.

The bill outlines several main proposals surrounding Cybersecurity. The bill would establish a White House Cyberspace Policy and a National Center for Cybersecurity and Communications. Also, the bill would allow the President to declare a "national cyber emergency" and implement emergency measures. However, this would not allow the President to set aside the requirements of the Wiretap Act, the Electronic Communications Privacy Act, or the Foreign Intelligence Surveillance Act.

Currently, EPIC is working to make public the National Security Agency's authority for Cybersecurity. On February 4, 2010, EPIC filed a lawsuit against the Agency and the National Security Council seeking a key document governing national Cybersecurity policy.  EPIC has asserted that the Agency and Council violated the Freedom of Information Act by failing to make public the directive and related records in response to EPIC's FOIA request.

EPIC also issued a statement on February 10, 2010 to a House Foreign Affairs Committee recommending release of the secret document, which grants the Agency broad surveillance authority in cyberspace.

Finally, EPIC President Marc Rotenberg and security expert Bruce Schneier debated former NSA Director Bruce McConnell and Harvard Law Professor Jonathan Zittrain at the Newseum on June 8, 2010. The proposition: The Threat of Cyberwar has been Grossly Exaggerated. Rotenberg/Schneier argued the Pro position; McConnell/Zittrain the Con position. The event was sponsored by Intelligence Squared US.

Senate Homeland Security & Governmental Affairs Committee, Protecting  Cyberspace as a National Asset Act of 2010      http://www.epic.org/redirect/062110cyberseclegislation.html

EPIC: Cybersecurity   http://epic.org/privacy/cybersecurity/
EPIC: Statement for the Record to a House Foreign Affairs Committee   http://www.epic.org/redirect/062110epicstmt.html
Intelligence Squared US, Cyberwar Debate   http://www.epic.org/redirect/062110epicdebate.html
[6] News In Brief
Federal Judge Limits Suspicionless Laptop Searches at Borders

A federal judge has ruled against the Department of Homeland Security's Customs and Border Protection claim that agents could not only search the electronic devices of cross-border travelers without a warrant or even reasonable suspicion, they could also seize the devices indefinitely for more invasive searches. In United States v. Hanson, U.S. District Judge Jeffrey White ruled that "[g]iven the passage of time between the January and February searches and the fact that the February search was not conduct[ed] at the border, or its functional equivalent, the court concludes that the February search . . . must be justified by reasonable suspicion." Last October, EPIC and 20 other organizations sent a letter to the House Committee on Homeland Security objecting to this practice and other privacy violations.

Northern District of California: Order of Court  http://epic.org/privacy/USvHanson.pdf
DHS: Privacy Impact Assessment for the Border Searches of Electronic  http://www.dhs.gov/xlibrary/assets/privacy/privacy_pia_cbp_laptop.pdf
EPIC: 2008 Letter to House Committee on Homeland Security   http://www.eff.org/press/archives/2008/05/01/border-search-open-letter
EPIC: 2009 Letter to House Committee on Homeland Security   http://epic.org/security/DHS_CPO_Priv_Coal_Letter.pdf

Report from European Commission Raises New Questions on Body Scanners

A report prepared for the European Parliament and the European Council on the controversial proposal to deploy body scanners at European airports warns of "a serious risk of fragmenting fundamental rights of EU citizens, impeding their rights of free movement, and escalating their health concerns related to new security technologies." The report recommends common European standards to ensure the protection of fundamental rights and to address health concerns. The report also recommends security scanners that are less intrusive and pose fewer health risks than those currently deployed in US airports. Earlier this year, EPIC and Ralph Nader urged President Obama to suspend the airport body scanner program until "a comprehensive evaluation of the devices' effectiveness, health impacts, and privacy safeguards is completed by an independent board of review."

Report from the Commission to the Europeans Parliament and the Council   http://www.epic.org/redirect/062110eucommunication.html
EPIC and Ralph Nader: Letter to President Obama  http://www.epic.org/redirect/062110epicnaderletter.html
EPIC: Whole Body Imaging  http://epic.org/privacy/airtravel/backscatter/
EPIC: Public Opinion on Privacy  http://epic.org/privacy/facebook/

New Study Shows Perceived Privacy Invasions May Deter Consumers

A new study on advertising strategies reports that invasive advertising may actually backfire. Increasing ad visibility and targeting ads are two common advertising strategies which, employed independently, tend to improve viewers' response. However, the study shows that the strategies fail when combined. Avi Goldfarb of the University of Toronto and Catherine Tucker of MIT's Sloane School of Business note that the failure is more pronounced in categories of products considered more private, and for consumers who appear to guard private information more closely. They conclude, "[t]his suggests that the [result] is driven by consumers' perceptions of privacy." The study will be published in a forthcoming issue of Marketing Science.

Online Display Advertising: Targeting and Obtrusiveness  http://www.epic.org/redirect/062110onlineadstudy.html
EPIC: Google/DoubleClick Merger (behavioral advertising)  http://epic.org/privacy/ftc/google/

EPIC's Coney Leads Panel at Computers, Freedom, Privacy Conference

On June 18 2010, EPIC Associate Director Lillie Coney led a panel discussion on "Cybersecurity Policy and the Role of .Orgs" at the annual conference on Computers, Freedom, and Privacy. The panel featured top government decision makers and leading experts in cyber security. The discussion built on a letter to White House Cyber Security Director Howard Schmidt, organized by EPIC and endorsed by 30 organizations, which states that US cybersecurity policy "must incorporate protections of our basic freedoms and constitutional rights." Ms. Coney will co-chair the 2011 CFP Conference, which will be held in Washington DC.

Computers Freedom and Privacy Conference  http://www.cfp2010.org/wiki/index.php/Main_Page
EPIC: Cybersecurity Privacy Practical Implications   http://epic.org/privacy/cybersecurity/

Consumer Advocacy Group Launches Survey about Online Privacy
Consumer Action, a national non-profit education and advocacy organization committed to financial literacy and consumer protection, has  released an online survey to determine Internet users' attitudes about their privacy online. The questions in the survey involve topics ranging from tracking of Internet use by companies, behavioral advertising, web site privacy policies, retention and sharing of users' personal data, privacy on social networking sites, and the adequacy of federal and state privacy laws. The poll will be open through Wednesday, June 30 at midnight. The survey can be found at:

Privacy International Launches Sheds Light on Controversial Technologies

International watchdog Privacy International announced the launch of a new website for bringing transparency to "technical mysteries" behind controversial systems. Cracking the Black Box identifies key questions regarding mysterious technologies and asks experts, whistleblowers, and other concerned parties to "help crack the box" by anonymously contributing ideas and input. The organization responsible for the technology in question is then invited to provide an official response.  The first two issues addressed on the PI site are the Google Wi-Fi controversy and the EU proposal to retain search data.

Privacy International   http://www.privacyinternational.org/
Cracking the Black Box  https://boxcrack.net/
EPIC: Google Street View  http://epic.org/privacy/streetview/

EPIC, Privacy Groups Recommend Further Changes for Facebook

EPIC has joined a letter, organized by the ACLU of Northern California, calling for Facebook to fix ongoing privacy problems with the social network service. The letter, signed by several privacy organizations, recommends that Facebook make "Instant Personalization" opt-in, limit data retention, give users greater control over their information, and allow users to export their content from Facebook. EPIC has a complaint currently pending at the Federal Trade Commission, charging that Facebook has engaged in unfair and deceptive trade practices.

Open Letter to Facebook   http://www.epic.org/redirect/062110fbletter.html
ACLU of Northern California  http://www.aclunc.org/
EPIC's FTC Complaint Against Facebook  http://epic.org/privacy/facebook/in_re_facebook_ii.html
EPIC: Facebook Privacy  http://epic.org/privacy/facebook/

Senate Committee Holds Hearing on Cybersecurity Bill

The Senate Homeland Security Committee held a first hearing on the recently introduced cybersecurity bill, the Protecting Cyberspace as a National Asset Act of 2010. The hearing featured testimony from Philip Reitinger at the Department of Homeland Security, as well as several industry representatives. Many of the committee's questions focused on whether authority over civilian cybersecurity should be concentrated in the Department of Homeland Security or in the Department of Defense, a question on which EPIC has repeatedly sought information.

Protecting Cyberspace as a National Asset Act of 2010  http://thomas.loc.gov/cgi-bin/query/z?c111:S.3480:
Upcoming Conferences and Events
ICANN International Meeting, Brussels, Belgium, June 20-25, 2010. For more information: http://brussels38.icann.org
Eleventh Annual Institute on Privacy and Data Security, New York, NY, June 21-22, 2010. For more information: www.pli.edu/product/seminar_detail.asp?id=60004
First International Workship on Data Security and Privacy in Wireless Networks, Montreal, Quebec, June 21-23, 2010. For more information: http://home.gwu.edu/~nzhang10/DSPAN2010/
7th Annual E-Commerce Best Practices Conference, Stanford, CA, June 25, 2010. For more information: http://blogs.law.stanford.edu/stanforddebp/
Consumer Choices Technology Hearing, Washington, DC, June 29, 2010. For more information: www.epic.org/redirect/062110healthtechevent.html
Seventh Annual Collaboration, Electronic Messaging, Anti-Abuse, and  Spam Conference, Redmond, WA, July 13-14, 2010. For more information: http://ceas.cc/2010/main.shtml
Developing a Social Media Policy That Limits Risk: Practical Advice for Companies in Regulated Industries, Webinar, July 15, 2010. For more information: http://www.legaledge.bna.com/Pagemanager.aspx?pageId=9972
Eleventh Annual Institute on Privacy and Data Security Law Chicago, IL, July 19-20, 2010. For more information: www.plu.edu/product/seminar_detail.asp?id=60005
Privacy and Identity Management for Life, (PrimeLife/IFIP Summer School 2010) Helsingborg, Sweden, August 2-6, 2010. For more information: http://www.cs.kau.se/IFIP-summerschool/
Privacy and Security in the Future Internet, 3rd Network and Information Security (NIS'10) Summer School, Crete, Greece, September 13-17 2010. For more information: http://www.nis-summer-school.eu
Internet Governance Forum 2010, Vilnius, Lithuania, 14-16 September 2010. For more information: http://igf2010.lt/
"32nd Int'l Conference of Data Protection and Privacy Commissioners", Jerusalem, October 2010. For more information: http://www.justice.gov.il/MOJEng/RashutTech/News/conference2010.htm 

Join the Electronic Privacy Information Center on Facebook http://facebook.com/epicprivacy/   http://epic.org/facebook

About EPIC:  The Electronic Privacy Information Center is a public interest research center in Washington, DC. It was established in 1994 to focus public attention on emerging privacy issues such as the Clipper Chip, the Digital Telephony proposal, national ID cards, medical record privacy, and the collection and sale of personal information. EPIC publishes the EPIC Alert, pursues Freedom of Information Act litigation, and conducts policy research. For more information, see http://www.epic.org or write EPIC, 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009. +1 202 483 1140 (tel), +1 202 483 1248 (fax).
Donate to EPIC: If you'd like to support the work of the Electronic Privacy Information Center, contributions are welcome and fully tax-deductible. Checks should be made out to "EPIC" and sent to 1718 Connecticut Ave., NW, Suite  200, Washington, DC 20009. Or you can contribute online at:  http://www.epic.org/donate

Your contributions will help support Freedom of Information Act and First Amendment litigation, strong and effective advocacy for the right of privacy and efforts to oppose government regulation of encryption and expanding wiretapping powers. Thank you for your support. Back issues are available at: http://www.epic.org/alert
at

No comments:

Post a Comment

Please, avoid posting advertisements. Content comments are welcomed, including anonymous. Posts with profanity will not be published.