Special EPIC Alert: 2006 Privacy Year in Review



=======================================================================

E P I C A l e r t 
=======================================================================

Year in Review January 4, 2007 
-----------------------------------------------------------------------


Published by the 
Electronic Privacy Information Center (EPIC) 
Washington, D.C. 

http://www.epic.org/alert/EPIC_Alert_yir2006.html 

======================================================================

2 0 0 6 P R I V A C Y Y E A R I N R E V I E W 
======================================================================


Congress returns to Washington this week and privacy issues are
likely to get renewed attention with unresolved questions about the
President's domestic surveillance program, the future of Real ID, and
the growth of the data broker industry. Meanwhile courts will
consider sex bloggers and the media will try to sort through the
increasingly complicated world of surveillance technology. 

Here are the Top Ten Privacy Stories of 2006 and Ten Privacy Issues
to Watch in 2007 from the Electronic Privacy Information Center
(EPIC): 

* * * * * * * * * * * * * * * * * * * * * * * * 

Millions of Military Records Go Missing 

In 2006, a stolen laptop with the records of 27 million American
veterans and active duty military personnel gripped the nation and
produced Congressional hearings, new legislation, and new policies
for government employees who take their work home with them. Veterans
Affairs Secretary Jim Nicholson tried to explain to Congress why it
took almost two weeks before he was notified about the missing data
which included information on 1.1 million active service members,
430,000 National Guardsmen, 645,000 Reserve members and the names,
birth dates and Social Security numbers of about 26 million people,
most of them veterans. 

* * * * * * * * * * * * * * * * * * * * * * * * 

Identity Theft Keeps Top Spot 

The Federal Trade Commission once again found identity theft leading
the list of the Top 10 consumer complaints, accounting for 255,000 of
the 686,000 complaints filed with the agency. That is the sixth year
in a row that identity theft topped the list. The FTC also found an
increase in child ID theft, wire transfer payment fraud, and that
Internet-related complaints accounted for 46 percent of all fraud
complaints. 

* * * * * * * * * * * * * * * * * * * * * * * * 

NSA Domestic Spying 

Last year, news reports revealed that President Bush secretly issued
an executive order in 2002 authorizing the National Security Agency
to conduct warrantless surveillance of international telephone and
Internet communications on American soil. In May, USA Today reported
that US telephone companies turned over records on millions of
American citizens to the government without any judicial oversight.
Then in August a federal judge ruled that the government's
warrantless wiretapping program is unconstitutional. Judge Anna Diggs
Taylor said the program violates the rights to free speech and
privacy as well as separation of powers. Recent release of Pentagon
documents shows that counterterrorism resources were used to monitor
American peace groups opposed to the war in Iraq and military
recruitment. 

* * * * * * * * * * * * * * * * * * * * * * * * 

H-P Spy Scandal 

We hate to admit it, but the Hewlett-Packard spy scandal was one of
the top privacy stories of the year. Who would have imagined that the
directors of Silicon Valley's high-tech icon would send private
investigators to dig into the telephone records of board members and
journalists? Still, we wonder if government agents sifting through
the phone records of millions of American citizens without judicial
oversight would have provided a better reason to hold primetime
Congressional hearings. 

* * * * * * * * * * * * * * * * * * * * * * * * 

Choicepoint Gets Privacy Religion 

In 2005 the data broker and former recipient of a Big Brother Award
was caught selling personal information about 185,000 American
consumers to a criminal ring engaged in identity theft. In 2006, the
company was hit with a $15 million fine, the largest penalty in
Federal Trade Commission history. Then Choicepoint went on a privacy
campaign, providing consumers with rights to access certain records
and cutting back on some of its more egregious business practices. 

* * * * * * * * * * * * * * * * * * * * * * * * 

Passenger Profiling and Terrorist Scoring 

Congress suspended the Secure Flight program after significant
privacy and security risks were uncovered. 
Meanwhile, the Department of Homeland Security revealed that a "risk
assessment" program, which is essentially a terrorist risk rating,
was expanded from screening shipping cargo to scrutinizing travelers.
The Automated Targeting System mines a vast amount of data to create
a "risk assessment" on hundreds of millions of people per year, a
label that will follow them for the rest of their lives, as the data
will be retained for 40 years. According to a report by the
Government Accountability Office more than 30,000 travelers have
already been mistakenly linked to names on terror watch lists when
they crossed the border, boarded commercial airliners or were stopped
for traffic violations. 

* * * * * * * * * * * * * * * * * * * * * * * * 

Digital Strip Searches 

Sky Harbor International Airport located in Phoenix is slated to be
the first US airport to field test a new "backscatter X-ray" system.
The screening machines, which were supposed to be operational by
mid-December, have already been plagued with technical difficulties
that have delayed the testing period until sometime in 2007. The
backscatter machines produce photo-quality images of metal, plastic
and organic materials underneath clothes by using low-radiation
X-rays, which reveal not only prohibited items but also medical
details such as prosthetic devices and old injuries. The fact that
the machines are designed to record and store images has largely
escaped notice by the mainstream media. 

* * * * * * * * * * * * * * * * * * * * * * * * 

Europeans Battle US Over Privacy 

Tension over data sharing between Europe and the US was highlighted
in disputes over the transfer of European financial records and
European travel records to the US government. European privacy
officials concluded that SWIFT violated data protection laws when it
secretly transferred records of millions of private financial
transactions to American intelligence agencies. The European Court of
Justice struck down the passenger name record deal that allowed the
transfer of personal information on European travelers to the US
government. 

* * * * * * * * * * * * * * * * * * * * * * * * 

Congress Passes Phone Pretexting Bill 

Last summer, Hewlett-Packard's use of pretextng to investigate
directors and journalists sparked renewed 
Congressional interest in the technique to obtain personal
information by fraudulent means. So Congress passed the Law
Enforcement and Phone Privacy Protection Act, which creates federal
criminal penalties for pretexters who access telephone records 
- including voice-over-IP calling records. However, the bill only
applies to phone records, and it provides an exemption for law
enforcement, which means that law enforcement officials can bypass
the judicial subpoena process and use false and fraudulent
representations to gain access to the telephone records. 

* * * * * * * * * * * * * * * * * * * * * * * * 

National ID Cards 

Last year's passage of the Real ID Act has resulted in much criticism
from individual states, who will now bear the cost of meeting the
federal governmentís standard for issuing state driver's
licenses and identification cards. States have also noticed that the
records retention and information sharing requirements of Real ID
could trump the Drivers Privacy Protection Act. With less than 18
months to go before the deadline for state compliance, the Department
of Homeland Security has still not released the Real ID Act
Regulations. 

Potential problems with requiring identification documents were
highlighted by an incident at UCLA last fall. An Iranian student who
was quietly studying in the campus library was detained by the police
and shot several times with a police taser when he failed to provide
an identity document. An independent investigation of the incident is
ongoing. 

* * * * * * * * * * * * * * * * * * * * * * * * 

======================================================================

ISSUES TO WATCH IN 2007 
======================================================================


Privacy Oversight and the New Congress 

After several years of complaining about one-party rule, the
Democrats will get their chance to hold the gavel when the 110th
Congress convenes in January. The hearings on the privacy rights of
Americans, the misspent funds on surveillance technology, and the
flagrant abuse of law could be interesting to watch, particularly in
committees where administrations officials have stonewalled members
of Congress. Can anyone spell S-U-B-P-O-E-N-A? 

* * * * * * * * * * * * * * * * * * * * * * * * 

REAL ID Not So Real? 

Almost two years ago, the White House and a powerful Congressman
pushed through legislation to turn the state drivers license into a
quasi-National ID Card. But the Department of Homeland Security has
been slow to embrace the law, Rep. Sensenbrenner is no longer
Chairman, and already legislation has been introduced to repeal Real
ID. Add in an estimated cost of over 11 billion dollars and 2007 may
be the end of the short-lived US experiment with a national identity
system. 

* * * * * * * * * * * * * * * * * * * * * * * * 

Renewed Interest in Medical Records Privacy 

The 109th Congress ended without passing controversial Health IT
legislation that would have exposed Americans' most sensitive medical
records on an electronic network. According to congressional aides
and lobbyists, lawmakers will go back to the drawing board in the new
year and craft new legislation rather than reintroduce the same bills
that ground to a halt in negotiations between the houses. 

The private sector will be developing its own electronic medical
systems, such as the Applied Materials, BP America, Inc., Intel
Corporation, Pitney Bowes, Inc. and Wal-Mart -funded Dossia system,
announced in late 2006. How long before medical record identity theft
and security breaches? 

* * * * * * * * * * * * * * * * * * * * * * * * 

EU-US Privacy Showdown 

The US will face more battles in 2007 with the Europeans about the
use of European data. A temporary agreement on the collection
passenger data has been hammered in the European Parliament. And the
terrorist scoring for European tourists has even frequent flyers
canceling upgrades. 

* * * * * * * * * * * * * * * * * * * * * * * * 

"No-swipe" credit cards 

Watch for further development on "contactless" credit cards as
Congress wakes up to the dangers of RFID 
technology. Credit cards that contain RFID microchips have earned the
nickname "spychips" because the information they contain can be read
without an individual's knowledge or consent. In December, a member
of the Senate Banking Committee denounced RFID "no-swipe" credit
cards, stating that contracts for the cards should have warning boxes
disclosing "the known weaknesses of the technology", such as the risk
of identity theft. 

* * * * * * * * * * * * * * * * * * * * * * * * 

Cell Phone Tracking and Spim 

Those tiny cellphone screens are about to get a little busier.
Verizon ended 2006 with the news it will place banner ads on cell
phone displays. Meanwhile, the police are hoping to avoid those
burdensome warrant requirements with new search procedures that will
enable location tracking of cellphone users. Even devices in the off
position send a signal. Time for the tin foil. 

* * * * * * * * * * * * * * * * * * * * * * * * 

Privacy in Second Life 

The virtual world is seeming less virtual. Real estate speculators,
law school professors, tech journalists and event planners are all
moving online, dressing their avatars in hip new outfits. But what
happens when Second Life and Real Life collide? 

* * * * * * * * * * * * * * * * * * * * * * * * 

Databanks of Children 

Even before they get a cellphone or an IM account, kids will find
their private lives in new government databases, tracking everything
from drug dosages to grades in math. Simple privacy idea: make sure
that kids know what schools know about them. Second idea: hold
schools liable for the misuse of information that is collected. 

* * * * * * * * * * * * * * * * * * * * * * * * 

Sex Blogging 

When Washingtonienne Jessica Cutler put her sexcapades online, she
launched a new era in privacy law. Are bloggers responsible for the
private facts of others they put online? Is it political speech? Is
it a diary? Or is it just very uncool? One federal court will get to
answer these questions this year. 

* * * * * * * * * * * * * * * * * * * * * * * * 

Smarter Cameras, More Surveillance 

Two technology trends may converge in 2007 as the ability to process
digital images is gradually incorporated in cameras designed for
surveillance. This means that cameras in public spaces might be able
to scan crowds and match images against databases of facial images,
such as the state DMV records. Other applications could include
backscatter x-ray devices that look under clothes for weapons and
explosive devices. The systems are unlikely to be very reliable, but
they will raise new privacy issues. 

======================================================================

Privacy Policy 
======================================================================


The EPIC Alert mailing list is used only to mail the EPIC Alert and
to send notices about EPIC activities. We do not sell, rent or share
our mailing list. We also intend to challenge any subpoena or other
legal process seeking access to our mailing list. We do not enhance
(link to other databases) our mailing list or require your actual
name. 

In the event you wish to subscribe or unsubscribe your e-mail address
from this list, please follow the above instructions under
"subscription information." 

======================================================================

About EPIC 
======================================================================


The Electronic Privacy Information Center is a public interest
research center in Washington, DC. It was established in 1994 to
focus public attention on emerging privacy issues such as the Clipper
Chip, the Digital Telephony proposal, national ID cards, medical
record privacy, and the collection and sale of personal information. 
EPIC publishes the EPIC Alert, pursues Freedom of Information Act
litigation, and conducts policy research. For more information, visit
http://www.epic.org or write EPIC, 1718 Connecticut Ave., NW, Suite
200, Washington, DC 20009. +1 202 483 1140 (tel), +1 202 483 1248
(fax). 

If you'd like to support the work of the Electronic Privacy
Information Center, contributions are welcome and fully
tax-deductible. Checks should be made out to "EPIC" and sent to 1718
Connecticut Ave., NW, Suite 200, Washington, DC 20009. Or you can
contribute online at: 

http://www.epic.org/donate 

Your contributions will help support Freedom of Information Act and
First Amendment litigation, strong and effective advocacy for the
right of privacy and efforts to oppose government regulation of
encryption and expanding wiretapping powers. 

Thank you for your support. 

------------------ End EPIC 2006 Year in Review ------------------ 





================== HURIDOCS-Tech listserv ===================== 
Send mail intended for the list to <        >. 
Archives of the list can be found at: 
http://www.hrea.org/lists/huridocs-tech/markup/maillist.php


[Reply to this message] [Start a new topic] [Date Index] [Thread Index] [Author Index] [Subject Index] [List Home Page] [HREA Home Page]