--------------------------------------------------------------- EPIC DIGEST AT PRIVACY.ORG EPIC-DIGEST is an update of news, information, and action items posted on privacy.org. February 12, 2002-March 27, 2002 TOC------------------------------------------------------------ NEWS Military Subject to Privacy Act DoD: Facial Recognition Unreliable State AGs Urge FTC to Require Better GLBA Notices Anti-Telemarketers Address Sales Call Industry Abuses Supreme Court: Peer Grading Not A FERPA Violation Microsoft Media Player Tracks Listening, Viewing Habits Change in eBay Privacy Policy Draws Protest Student Obtains $5 Million In Lawsuit Against Voyeur Video Company Netscape Navigator Snoops on Web Activity Denver Police Profile Activists Support for National ID Drops Spyware details forced into the open on web ISPs responsible for blocking child porn in Pennsylvania Swipe your driver's license and get on to a marketing database Video Surveillance in the Nation's Capital Study: Business Studies of Privacy are Biased and Incomplete Telemarketing Comment Deadline is Friday ACTION Submit FTC Telemarketing Comments NEWS----------------------------------------------------------- Military Subject to Privacy Act The United State Court of Appeals has held that the military is subject to the Privacy Act of 1974. This decision comes a year after a lower court barred a Privacy Act claim against the military under the “Feres” doctrine. In that case, a soldier’s training records were leaked to an author without consent. Military Can Sue Government for Privacy Invasion, Washington Post, February 15, 2002 http://www.washingtonpost.com/wp-dyn/articles/A16635-2002Feb15.html --------------------------------------------------------------- DoD: Facial Recognition Unreliable Despite vendor claims of 99% accuracy in facial recognition technology, in Department of Defense (DoD) tests, the Agency found that the technology only recognized people 51% of the time. Scanning Tech a Blurry Picture, Wired, February 16, 2002. http://www.wired.com/news/politics/0,1283,50470,00.html EPIC Face Recognition Page. http://www.epic.org/privacy/facerecognition/ --------------------------------------------------------------- State AGs Urge FTC to Require Better GLBA Notices Forty-four state attorneys general have urged the Federal Trade Commission to require clear and concise financial privacy notices under the Gramm-Leach-Bliley Act (GLBA). The attorneys general have argued that businesses should send standardized notices that are easier to read. This action mirrors the movement of public interest and consumer groups that filed comments with federal agencies in July 2001 arguing that GLBA notices were too difficult to read, and that standard notices should be issued. 44 Attorneys General, the D.C. Corporation Counsel, and the Hawaii Office of Consumer Protection Submit Comments to the FTC Regarding Gramm-Leach Bliley Privacy Notices, National Association of Attorneys General, February 15, 2002. http://www.naag.org/issues/20020215-signon-glb.cfm State AGs Urge FTC To Require Stronger Privacy Notices, Newsbytes, February 15, 2002. http://www.newsbytes.com/news/02/174559.html Privacy Rights Now GLBA Petition, July 2001. http://www.privacyrightsnow.com/Petition_PressRelease.htm --------------------------------------------------------------- Anti-Telemarketers Address Sales Call Industry Abuses An entire industry of individuals fed-up with telemarketing have developed products and services designed to avoid telemarketing. Anti-Telemarketers Send Out A Very Busy Signal, Washington Post, February 20, 2002. http://www.washingtonpost.com/wp-dyn/articles/A35877-2002Feb19.html --------------------------------------------------------------- Supreme Court: Peer Grading Not A FERPA Violation The Supreme Court has ruled in Owasso v. Falvo that “peer grading” does not violate the Family Educational Rights and Privacy Act (FERPA). In the case, the plaintiff argued that the practice of having classmates grade papers violated FERPA. The Court declined to decide whether FERPA can be used to support a private suit against the government. Owasso Independent School District v. Falvo, No. 00-1073, Supreme Court Opinion. http://a257.g.akamaitech.net/7/257/2422/19feb20021100/www.supremecourtus .gov/opinions/01pdf/00-1073.pdf Student Grading by Peers Passes High Court Test, Washington Post, February 20, 2002. http://www.washingtonpost.com/wp-dyn/articles/A35733-2002Feb19.html --------------------------------------------------------------- Microsoft Media Player Tracks Listening, Viewing Habits Microsoft Windows Media Player (WMP) creates a log file of all the DVD movies viewed using the program. Additionally, the program “phones home” when CDs are played to capture the disc name and titles of the songs. WMP also has a universal identifier associated with the program, so that each user could be tracked based on media consumption. Microsoft has issued a new privacy policy notifying users of the data collection. Serious Privacy Problems in Windows Media Player for Windows XP, Computerbytesman, February 20, 2002. http://www.computerbytesman.com/privacy/wmp8dvd.htm Microsoft Player Logs User Info, Washington Post (AP), February 20, 2002. http://www.washingtonpost.com/wp-dyn/articles/A40480-2002Feb20.html EPIC Digital Rights Management Page. http://www.epic.org/privacy/drm --------------------------------------------------------------- Change in eBay Privacy Policy Draws Protest eBay has changed its privacy policy to warn members that it may be more willing to give out their personal information to other users or companies. Previously, eBay warned members that it would give out information about them in connection with government investigations or inquiries by companies that felt their copyrights had been violated. Under the new policy, eBay warned it could give out information "as we in our sole discretion determine necessary or appropriate to maintain a level of trust and safety in our community and to enforce our user agreement, privacy policy and any posted policies or rules applicable to services you use through our site." Jason Catlett of Junkbusters calls this an "outrageous change" in the policy and has written a letter to the FTC asking them to investigate. Watchdogs rap eBay policy changes CNET News, Feb. 27, 2002 http://news.com.com/2100-1017-845911.html Open Letter to FTC from Junkbusters http://www.junkbusters.com/ebay.html NEWS FLASH: eBay reverses itself and says it will not change privacy policy EBay Drops Controversial Plan to Amend Privacy Policy Wall Street Journal, Mar. 19, 2002 (subscription required) http://online.wsj.com/article/0,,SB1016503208463162400,00.html --------------------------------------------------------------- Student Obtains $5 Million In Lawsuit Against Voyeur Video Company A student who was coaxed into removing her clothes at a wet T-shirt contest and then filmed without consent has obtained a $5 million default judgment against the video company and a network that advertised the video. This is the first judgment against a video company that produces tapes in the “girls gone wild” genre. This type of video features young women who are exposing parts of their body while in public. Often, the video makers film individuals who are under the influence of alcohol Wild Party Girls video maker must pay SWT student, Austin American Statesman, February 28, 2002. http://www.austin360.com/aas/metro/022802/28wildgirls.html EPIC Gender and Electronic Privacy Page. http://www.epic.org/privacy/gender/ --------------------------------------------------------------- Netscape Navigator Snoops on Web Activity AOL Time Warner's Netscape unit is snooping on searches performed by users of its latest Navigator browser at Google and other search sites. According to a network traffic analysis performed by Newsbytes, Netscape is capturing Navigator 6 users' search terms, along with their Internet protocol (IP) address, the date Navigator was installed and a unique identification number. There have also not disclosed this intrusive practice in their privacy policy. Netscape Navigator Browser Snoops On Web Searches Newsbytes, March 8, 2002 http://www.newsbytes.com/news/02/175035.html --------------------------------------------------------------- Denver Police Profile Activists The ACLU has found that the Denver Police Department has assembled dossiers on local activists and their participation in protests. Cops have "spy files," groups say, Rocky Mountain News, March 12, 2002. http://www.rockymountainnews.com/drmn/local/article/0,1299, DRMN_15_1026211,0 0.html Cities Share Protestor Files, Denver Post, March 13, 2002. http://www.denverpost.com/Stories/0,1002,53%257E459002,00.html Webb: Mistakes made over spy files, Rocky Mountain News, March 14, 2002. http://www.rockymountainnews.com/drmn/local/article/0,1299, DRMN_15_1029684,00.html --------------------------------------------------------------- Support for National ID Drops Support for a national ID card, which hit an all-time high after the Sept. 11 attacks, appears to be fading, according to a nationwide poll released Tuesday. A survey by Gartner Inc. found that 41 percent of Americans opposed a national identification system, while 26 percent backed the idea. The results contrast sharply with a Pew Research Center poll conducted the week after the attack, in which 70 percent of respondents supported a national ID card that would be shown to authorities on demand. Support for ID Cards Waning Wired News, Mar. 13, 2002 http://www.wired.com/news/print/0,1294,51000,00.html Your Papers, Please: From the State Drivers License to a National Identification System EPIC Policy Report (pdf) http://www.epic.org/privacy/id_cards/yourpapersplease.pdf --------------------------------------------------------------- Spyware details forced into the open on web A closely-held software package designed to allow law enforcement agencies to secretly monitor a suspect's computer turned up on an anonymous Web site in the Netherlands Wednesday, along with user manuals, financial information, contracts and invoices apparently stolen from the company that makes the surveillance tool. The manuals released on the Web indicate that D.I.R.T. operates in much the same way as well-known hacker Trojan horses like Back Orifice and Sub Seven, with a covert server, what Codex calls a "bug," arriving at a target's computer wrapped within a seemingly innocuous program. Once the hapless target executes the program, the bug monitors the target's keystrokes and sends the results periodically to the person doing the monitoring via email. D.I.R.T. Spyware Exposed on Web Security Focus, Mar. 14, 2002 http://online.securityfocus.com/news/354 Cryptome's DIRT Guide http://cryptome.org/dirt-guide.htm --------------------------------------------------------------- ISPs responsible for blocking child porn in Pennsylvania A new Pennsylvania state law will hold Internet Service Providers responsible for blocking child porn. Penalties include fines and possible prison terms for non-compliance. The law, perhaps the first of its kind, does not require the ISP to monitor users or web sites, but rather the ISP is required to block a list of sites provided on a court order. The state attorney general is responsible for obtaining the court order and the site operator might challenge the characterization of the material in court. Pennsylvania Law Requires ISPs to Block Child Porn Associated Press March 19, 2002 http://www.law.com/cgi-bin/nwlink.cgi?ACG=ZZZ1FUF1ZYC --------------------------------------------------------------- Swipe your driver's license and get on to a marketing database A story in the New York Times describe how scannable data on driver's licenses is increasingly being used by private industry. Already, about 40 states issue driver's licenses with bar codes or magnetic stripes that carry standardized data, and most of the others plan to issue them within the next few years. The article notes that the electronic trails created by scanning driver's licenses are raising concerns among privacy advocates. Standards and scanning are a dangerous combination that essentially creates a de facto national identity card or internal passport that can be registered in many databases. Mr. Barclay, a bar owner, says "You swipe the license, and all of a sudden someone's whole life as we know it pops up in front of you, it's almost voyeuristic." He had bought the machine to keep out underage drinkers who use fake ID's. But he soon found that he could build a database of personal information, providing an intimate perspective on his clientele that can be useful in marketing. "It's not just an ID check," he said. "It's a tool." Finding Pay Dirt in Scannable Driver's Licenses New York Times, Mar. 21, 2002 http://www.nytimes.com/2002/03/21/technology/circuits/21DRIV.html --------------------------------------------------------------- Video Surveillance in the Nation's Capital The National Park Service will begin round-the-clock video surveillance at all major monuments on the Mall by October, moving aggressively in the wake of last year's terrorist attacks to tighten security around national symbols visited by millions of tourists each year. Closed-circuit television cameras will be installed for the first time to monitor public areas in and around the Washington Monument and the Jefferson, Lincoln, Franklin D. Roosevelt, Vietnam Veterans and Korean War memorials, according to John G. Parsons, associate regional director for the Park Service's National Capital Region. The decision, disclosed in testimony Parsons submitted for delivery to a congressional panel on Friday drew sharp questioning from members of Congress. EPIC has launched a new Web site Š "Observing Surveillance" Š to document the growing presence of spy cameras in the Nation's Capital. Observing Surveillance http://observingsurveillance.org/ Video Surveillance Planned on Mall Washington Post, Mar. 22, 2002 http://www.washingtonpost.com/wp-dyn/articles/A102-2002Mar21.html For Security, Tourists to Be on Other Side of Cameras New York Times, Mar. 23, 2002 http://www.nytimes.com/2002/03/23/politics/23MALL.html --------------------------------------------------------------- Study: Business Studies of Privacy are Biased and Incomplete A new report released by Robert Gellman, a privacy and information policy consultant, analyzes the costs to individuals that result from a lack of privacy protection. Gellman also critiques recent business studies that emphasize regulatory costs of privacy legislation without addressing how self-regulatory approaches to privacy shift costs to consumers and to society. Gellman argues that "the costs incurred by both business and individuals due to incomplete or insufficient privacy protections reach tens of billions of dollars every year." Also, the updated EPIC Public Opinion and Privacy Page shows strong support among Americans for opt-in privacy protections, and a rejection of the current self-regulatory model for privacy protections in law. Privacy, Consumers, and Costs: How The Lack of Privacy Costs Consumers and Why Business Studies of Privacy Costs are Biased and Incomplete, Robert Gellman, March 2002. http://www.epic.org/reports/dmfprivacy.html EPIC Public Opinion and Privacy Page. http://www.epic.org/privacy/survey/ --------------------------------------------------------------- Telemarketing Comment Deadline is Friday Comments to the Federal Trade Commission (FTC) on the Telemarketing Sales Rule (TSR) are due Friday. EPIC urges individuals to advocate a national do-not-call list that supports Internet enrollment, an affirmative obligation on telemarketers to send caller ID information, and a prohibition on autodialers that produce "dead air" or "abandoned calls." Instructions for filing comments are on the EPIC and FTC telemarketing web pages. EPIC Telemarketing Page. http://www.epic.org/privacy/telemarketing/ FTC Telemarketing Comments Web Site. http://www.ftc.gov/bcp/conline/edcams/donotcall/index.htm ACTION--------------------------------------------------------- Submit FTC Telemarketing Comments The Federal Trade Commission is soliciting your comments on changes to the Telemarketing Sales Rule (TSR). The TSR governs how many telemarketers may make calls to your home. This is your opportunity to tell the FTC how to limit telemarketing calls and to increase your privacy! It is important that members of the public comment. You can do so until March 29, 2002. Visit the EPIC telemarketing page to learn more about telemarketing and how to comment. http://www.epic.org/privacy/telemarketing/ --------------------------------------------------------------- How to unsubscribe from EPIC-DIGEST: You can leave the EPIC-DIGEST by entering the subscription e-mail address at http://www.privacy.org/digest.php and selecting "unsubscribe." There is also an administrative page for changes to your subscription at https://mailman.epic.org/cgi-bin/control/epic_digest Or, you can send a blank e-mail message to epic_digest- request@mailman.epic.org from the subscribed address with the following text in the subject line: unsubscribe If you experience difficulty with subscription issues, send a message to digest-editor@privacy.org. --------------------------------------------------------------- Privacy.org is a joint project of the Electronic Privacy Information Center (http://www.epic.org) and Privacy International (http://www.privacyinternational.org). For more information, e-mail Chris Hoofnagle at digest-editor@privacy.org. --------------------------------------------------------------- EPIC-DIGEST Privacy Policy: http://www.privacy.org/privacy.php --------------------------------------------------------------- END EPIC-DIGEST