Privacy International defends the right to privacy across the world, and fights surveillance and other intrusions into private life by governments and corporations. Read more »


III. Privacy issues

Federal Trade Commission and Consumer Privacy

The Federal Trade Commission (FTC) has oversight and enforcement powers for the laws protecting children's online privacy, consumer credit information, and fair trading practices.1 In recent years, the FTC has focused on enforcing existing law in the areas of telemarketing, spam, pretexting, and children's privacy.2

The FTC's actions under federal "unfair and deceptive" practices law essentially have created a "common law" of privacy in the country. Thus, when the agency brings a suit against a company for certain privacy-invasive practices, it can have industry-wide effect. However, the FTC continues to allege misrepresentations of the privacy of consumer information by online providers of goods and services. These cases, which have resulted in settlements, include suits against Gateway Learning, which rented personal information of consumers to marketers. The FTC challenged the company's retroactive changing of its privacy policy to allow sharing of this information with third parties.3

In April 2007, Internet company Google announced an agreement to acquire online advertising giant DoubleClick, Inc. for $3.1 billion.4 EPIC, the Center for Digital Democracy, and the US Public Interest Research Group filed a complaint with the Federal Trade Commission, requesting that the Commission open an investigation into the proposed acquisition, specifically with regard to the ability of Google to record, analyze, track, and profile the activities of Internet users with data that is both personally identifiable and data that is not personally identifiable.5 The complaint explains the need for the FTC to consider consumer privacy interests in the context of a merger review involving the Internet's largest search profiling company and the Internet's largest targeted advertising company. The FTC issued a request for additional information and documentary materials regarding the proposed acquisition.6

Identity theft

In 2006, the Federal Trade Commission listed identity theft as the No. 1 consumer complaint for the seventh year in a row, accounting for 36 percent of filed complaints and generating more than five times the amount of complaints of the second-place item.7 The FTC suggested that Congress: extend the Gramm-Leach-Bliley Act Safeguards Rule to companies that are not financial institutions, require customers to be notified in cases of breach of security of private data, adopt laws to restrict the use of Social Security numbers, and enact cross-border fraud legislation to prevent access of databases by offshore third parties.8

In May 2006, President Bush created the President’s Identity Theft Task Force to "craft a strategic plan aiming to make the federal government’s efforts more effective and efficient in the areas of identity theft awareness, prevention, detection, and prosecution."9 The Task Force’s April 2007 Strategic Plan focused more on how to expand law enforcement authority to combat identity theft after the crime has been committed than on creating stronger privacy and security practices to reduce the risk of identity theft being committed. The Task Force also did not address adoption of privacy enhancing technologies, data minimization, or meaningful remedies for security breaches and privacy violations.10

Unsolicited Commercial E-mails ("Spam")

Congress acted with similar motives of preempting more stringent state law in passing the Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003, known as the "CAN-SPAM" Act.11 The act, which became effective January 1, 2004, defines spam as any message whose "primary purpose" is the "commercial advertisement or promotion of a commercial product or service." Spam must include notice that the message is an advertisement or solicitation, an opt-out notice, and a valid postal address of the sender. Address harvesting and dictionary attacks are illegal under the Act, but these practices are considered aggravating offenses, and they cannot serve as the sole basis of prosecution of a spammer. Enforcement of the act is limited to the FTC, state attorneys general, and Internet service providers (ISPs). CAN-SPAM gave the FTC the authority to create a do-not-spam registry, but the agency chose not to, citing impracticability.12 Instead, the agency urged the private sector to increase sender authentication in an attempt to reduce "spoofed" spam. In a report to Congress in June 2005, the agency recommended against use of the "ADV" (advertising) label in the subject line of commercial e-mail, stating that the measure would have little effect on reducing spam.13 In 2004 and early 2005, Florida, Georgia, Indiana, Maryland, Ohio, and Utah passed laws regulating unsolicited or bulk e-mail messages; most other states now have similar statutes.14

An FTC report found that using spam filtering technologies and techniques such as "masking" helps reduce the volume of unsolicited emails that consumers receive. 15 Researchers created 150 email accounts, some with spam filters, and some without, and posted the addresses at various places on the Internet. The study showed that Internet service providers that use spam filters reduced spam by 86-95% over a five-week period. Masking, a technique by which email addresses are presented in a human-readable, but not machine-readable form (for instance, by displaying "epic-info AT epic DOT org" instead of ""), was found to be highly effective. Four masked addresses received one spam message over a five-week period, while four unmasked addresses received 6,416.

Medical privacy

Protections for medical records were finally introduced in the United States in 2001. On December 20, 2000, the final rules governing the privacy of health records for the Health Insurance Portability and Accountability Act (HIPAA) of 1996 were unveiled; these rules took effect in April 2001. The protection offered by the rules is limited by a large number of exemptions. In addition, a variety of sectoral legislation on the state level may give additional protections to citizens of individual states.16

In April 2003, the first federal regulation protecting individually identifiable health information became effective for enforcement. The Standards for Privacy of Individually Identifiable Health Information, commonly known as the HIPAA Privacy Rule, provide basic protections for individually identifiable health information and give individuals rights with respect to the information about them. The Privacy Rule is permissive in nature because it allows several types of disclosures but requires disclosures only to the individual or his personal representative and to the Secretary of Health and Human Services for the purpose of enforcement. The Privacy Rule allows state laws to remain in place where state law provisions provide greater protection.17 State laws deal with health information in areas such as access to medical records, regulation of licenses for medical professionals and organizations, regulations for entitlement programs, mental health records, records related to conditions such as HIV/AIDS, and reproductive rights.18 The federal Privacy Rule contains civil penalties for noncompliance and will be enforced by the Office for Civil Rights within the Department of Health and Human Services. The rule also contains criminal penalties for malicious misappropriation and misuse of health information, which are enforced by the DOJ.19

Consumer Information Security Breaches

Several security breaches continued to occur in private industry. In 2006, the largest data breach in US history was revealed when TJX Companies Inc. acknowledged that at least 45.7 million credit and debit cards were stolen by hackers who managed to penetrate its network. Another 455,000 customers who returned merchandise without receipts were robbed of their driver's license numbers and other personal information. The breaches occurred as far back as 2002.20 Also in 2006, the U.S. Department of Veterans Affairs reported that the names, Social Security numbers and dates of birth of 26.5 million U.S. veterans were on a computer that was stolen from a Virginia employee's home. The personal data of about 2.2 million active-duty National Guard and Reserve troops were also likely stored on the stolen computer.21

Congress has responded to these breaches with proposed legislation, but no protective laws have thus far been passed. However, thirty-five state legislatures have passed laws requiring notification of consumers after disclosure of financial and other personal data.22 The first, and most stringent of these is the California statute, effective since July 2003, that requires entities that store computerized information to notify California residents of a security breach of unencrypted personal data.23 Several states are also considering legislation allowing credit card holders to "freeze" their accounts to forbid the transfer of their credit card data without their consent; credit card companies would charge a fee for this opt-out service.24

The 9/11 Commission

Over initial objections from the White House, Congress established the National Commission on Terrorist Attacks Upon the United States (more commonly known as the 9/11 Commission).25 The commission was asked to investigate "facts and circumstances relating to the terrorist attacks of September 11, 2001," including those relating to intelligence agencies, law enforcement agencies, diplomacy, immigration issues and border control, the flow of assets to terrorist organizations, commercial aviation, the role of congressional oversight and resource allocation, and other areas determined relevant by the commission.26

The 9/11 Commission, a panel of five Democrats and five Republicans, held 12 public hearings between March 2003 and June 2004 before closing on August 21, 2004. Among the key recommendations of the commission that may affect privacy were the following:

  • Improved use of "no-fly" and "automatic selectee" lists should not be delayed while the argument about a successor to CAPPS continues. This screening function should be performed by the Transportation Security Administration (TSA) and should utilize the larger set of watchlists maintained by the federal government. Air carriers should be required to supply the information needed to test and implement this new system.27
  • Secure identification should begin in the United States. The federal government should set standards for the issuance of birth certificates and sources of identification, such as driver's licenses. Fraud in identification documents is no longer just a problem of theft. At many entry points to vulnerable facilities, including gates for boarding aircraft, sources of identification are the last opportunity to ensure that people are who they say they are and to check whether they are terrorists.28
  • Americans should not be exempt from carrying biometric passports or otherwise enabling their identities to be securely verified when they enter the United States, nor should Canadians or Mexicans. Currently, US persons are exempt from carrying passports when returning from Canada, Mexico, and the Caribbean.29

Civil liberties organizations expressed caution about the recommendations of the 9/11 Commission. For example, EPIC wrote, "Significant errors have been found in both the no-fly watchlists and the automatic selectee system. This is a particularly serious problem for US persons who travel within the United States. There should be an independent evaluation of how best to operate these screening systems and still safeguard basic rights."30 Regarding the development of a system of biometric identification, EPIC further said:

Some steps should be taken to reduce the risk of fraud and identity theft. Identification documents should be made more secure. However, the integration of secure identity cards with interconnected databases raises substantial privacy risks that will require new legislation and new forms of oversight. Privacy enhancing techniques that minimize the collection and use of personally identifiable information should also be considered. . . . There are significant privacy and civil liberties concerns regarding the use of such devices that must be resolved before the widespread deployment of biometric passports for US citizens. In particular, a system properly designed to ensure the security of the borders should not provide the basis for routine identification within the United States.31

The Commission also recommended certain safeguards to protect privacy and promote government oversight, including:

  • As the President determines the guidelines for information sharing among government agencies and by those agencies with the private sector, he should safeguard the privacy of individuals about whom information is shared.32
  • At this time of increased and consolidated government authority, there should be a board within the executive branch to oversee adherence to the Commission-recommended guidelines and the commitment the government makes to defend civil liberties.33

Civil liberties organizations, and even one member of the Commission, urged the establishment of an independent oversight board to safeguard civil liberties.34

In 2006, on the recommendation of the 2004 report of the National Commission on Terrorist Attacks Upon the United States (the 9/11 Commission), the Privacy and Civil Liberties Oversight Board was established. The Board consists of five members appointed by and serving at the pleasure of the President. The Board is specifically charged with responsibility for reviewing the terrorism information sharing practices of executive branch departments and agencies to determine whether guidelines designed to appropriately protect privacy and civil liberties are being followed; however, the Board's 2007 report provides few details on program operations or what internal controls are in place to protect civil liberties in any of the government programs evaluated, and does not even refer to the Privacy Act.35

In August 2007, Congress passed an Act implementing more recommendations of the 9/11 Commission. In particular, the Act strengthens the Board by requiring Senate confirmation for its members; however, the Board was not granted full independence, and remains in the Executive Office.36

Visual surveillance

Recent years have seen a new trend towards the increased use of video surveillance cameras linked with facial recognition software in public places.37 Face recognition technology is still not reliable and remains unregulated by US laws. Studies sponsored by the Defense Department have shown the system is right only 54 percent of the time and can be significantly compromised by changes in lighting, weight, hair, sunglasses, subject cooperation, and other factors.38 Tests on the face recognition systems in operation at Palm Beach Airport in Florida and at Boston Logan Airport have also shown the technology to be ineffective and error-ridden.39 State-of-the-art facial recognition technology appears unable to recognize subjects with a high rate of accuracy.40

New York City is planning the "Lower Manhattan Security Initiative," based on London's "ring of steel." The NYC plan would greatly enhance the surveillance of downtown streets by installing another 3,000 cameras and license plate scanners to track the thousands of drivers who enter the Manhattan area daily, creating an operations center, and possibly using face recognition technology.41 The city estimates the new surveillance system would cost $90 million, $10 million of which would come from Homeland Security grants and $15 million from NYC. The city also is seeking to charge drivers a fee for entering Lower Manhattan; the fees would go toward the surveillance project.

Tests conducted in 2006 by the US National Institute of Standards and Technology showed an improvement in the technology, though the images used were "controlled" still or 3-D photos, not photographs taken on the street. Uncooperative subjects and changes in the environment, such as positioning or lighting, would continue to befuddle the technology. In fact, smiling Germans and Britons have thwarted their countries' biometric passport systems. Guidelines had to be issued, requiring subjects ensure neutral facial expressions and look directly into cameras.

National Identity Card

On May 11, 2005, President Bush signed into law the Emergency Supplemental Appropriations Act for Defense, the Global War on Terror, and Tsunami Relief, which included the controversial REAL ID Act of 2005.42 The Real ID Act's provisions originated in a House bill and were slipped into the USD 82 billion appropriations bill with neither hearings nor committee approval, an act many believe was a deliberate maneuver to avoid Congressional debate. The REAL ID Act is a response to the 9/11 Commission's recommendations to prevent would-be terrorists from obtaining documentation. The law requires all states to comply, by May 2008, with federal standards when issuing driver's licenses. States failing to comply with the national standards would be ineligible to participate in such federally funded programs as veteran's benefits and Social Security – nor would holders of noncompliant driver's licenses be allowed to board airplanes.43

The new driver's licenses issued under the REAL ID Act will contain encoded, machine-readable data, to be determined by the Secretary of the Department of Transportation and the Secretary of the DHS. Applicants for driver's licenses will be required to provide proof of citizenship or immigration status prior to issue of a license; such proof will consist of either a passport or four documents containing a Social Security number, address, and other information. State motor vehicle department employees must then verify the information against federal databases and store the applicant's documentation and digital photograph in the database. Thus, the REAL ID Act creates a de facto national identity card at an estimated cost of up to USD 700 million over the next five years.44 In addition to its high monetary cost, the act raises concerns because state motor vehicle department are already a favored target of identity thieves. The law follows several failed proposals to create a national ID card in the wake of the September 11, 2001 terrorist attacks;45 however, nothing in the act's provisions would have prevented the September 11, 2001 terrorists from obtaining a driver's license.

Although the REAL ID Act was passed in May 2005,46 and the Department of Homeland Security plans to implement the national ID system by 2008,47 states and public organizations have rebelled against the scheme.48 Sixteen states have passed legislation rejecting REAL ID and there also are bills in both US legislative houses that would repeal the Act creating the national identification system.49

Travel surveillance

The Computer Assisted Passenger Prescreening System II (CAPPS II) aimed to conduct background risk assessments on all air travelers before they fly on commercial airliners. The profiling system will rely on experimental data-mining technology to sift through data from various commercial and government databases, assigning different "risk scores" to passengers. Based on these scores, passengers will either be denied boarding, subjected to a more intrusive physical search, or passed through normal screening. Civil libertarians have noted that CAPPS II may be scaled to other settings in the future, such as train stations, bus stations, or even the entrances of public buildings.50

CAPPS II was abandoned in late 2004, shortly after Delta Airlines refused to provide the government with the passenger data requested. TSA quickly replaced CAPPS II with the passenger-prescreening scheme "Secure Flight," giving the new program a slightly different mandate. Secure Flight is designed to compare passenger names against the "selectee" and "no fly" lists of the Terrorist Screening Database compiled by the Terrorist Screening Center.51 Upon creation of Secure Flight, TSA promised to adopt measures for protection of personal data and for redress by passengers who were improperly flagged once the pilot program was completed. In March 2005, the Government Accountability Office (GAO) issued a report questioning the accuracy of Secure Flight passenger data, the efficacy of the program's privacy protections, and the adequacy of measures for redress by passengers.52 In June 2005, DHS admitted that under Secure Flight, TSA had stored detailed passenger information53 in violation of its own order stating that the agency would not do so.54 In July 2005, GAO released another report on Secure Flight, stating that TSA "did not fully disclose to the public its use of personal information in its fall 2004 privacy notices."55 Whereas the Secure Flight pilot program is supposed to be limited to data on persons who flew on commercial airlines in June 2004, TSA secretly used about 200,000 variations of the names of 43,000 actual passengers, resulting in the collection of information on an estimated 250,000 people who may or may not have flown that month.56 An April 2006 report by the Department of Homeland Security's Privacy Office on the impact of the watch lists explained that "individuals who are mistakenly put on watch lists or who are misidentified as being on these lists can potentially face consequences ranging from inconvenience and delay to loss of liberty."57

In February 2006, there were 325,000 names on the watch lists, according to the National Counterterrorism Center, and the director of TSA's redress office has revealed that more than 30,000 people who are not terrorists have asked the agency to remove their names from the lists since September 11, 2001.58 In January 2007, the head of TSA said that the watch lists were being reviewed, and he expected to cut the list of names in half.59 However, he has not disclosed details, such as what the criteria would be for removing a name or when the review would be complete. These reports show that the watch lists are rife with mistakes and "false positives."

More limited attempts to create national identification systems include "enhanced visa" documents and "trusted traveler" programs. In July 2004, TSA initiated a database for its "Registered Traveler" program.60 TSA has since announced that Registered Traveler's database records are exempt from certain provisions of the Privacy Act.61 Enrollees in a three-month test period submitted biometric samples (fingerprint and iris scan) and underwent a background check. The value of the program is questionable for travelers, as enrollees were required to submit to normal screening; the card only reduced the likelihood that the travelers would be subject to secondary screening with a metal-detecting wand. The Registered Traveler pilot program was extended to September 2005, and included Boston, Los Angeles, Houston, Minneapolis-St. Paul, and Washington-Reagan airports; enrollment reached the agency's limit of 10,000 volunteers and has closed.62

Surveillance of foreigners and immigration controls

In 2002, the government initiated several privacy-invasive programs as a result of the September 11, 2001 attacks. Among these is the United States Visitor and Immigrant Status Indicator Technology program (US-VISIT),63 which requires visitors to the country to submit a biometric identifier to the government. When a visitor subject to US-VISIT applies for a visa to travel to the United States, he is fingerprinted and photographed at an overseas US consular office.64 This biometric information is then checked against more than 20 interfacing government databases to determine the likelihood that the visitor is a criminal or terrorist.65 When the visitor arrives at a US port of entry, he is again fingerprinted and photographed to verify that he is same person who was issued the visa.66 The program will eventually be expanded to fingerprint visitors when they exit the US, as well.67 In September 2004, US-VISIT was extended to apply to visitors to the United States traveling via air and seaports through the Visa Waiver Program.68

US-VISIT grew out of the National Security Entry-Exit Registration System (NSEERS), a national registry established by the Department of Justice in 2002. NSEERS requires non-immigrant aliens from 25 countries and others who "met a combination of intelligence-based criteria that identified them as a potential security risk."69 Although the agency suspended most of the NSEERS requirements in 2003, foreign nationals of Iran, Iraq, Libya, Syria, and Sudan still must register at ports of entry; decisions to compel other foreign nationals to register may be made on the basis of questioning. US-VISIT, once fully implemented, will account for virtually all foreign nationals visiting the United States.70 In June 2004, DHS awarded the Smart Border Alliance, led by the consulting firm Accenture, a USD 10 billion contract to design and oversee implementation of radio frequency identification (RFID) technology at border checkpoints under US-VISIT.71 By January 5, 2004, the DHS had deployed US-VISIT at 115 airports and 14 major seaports.72 US-VISIT is expected to be operational at each of the nation's more than 400 air, land and seaports by the end of 2005.73

A purported goal of US-VISIT is to protect the privacy of visitors to the United States. However, the Government Accountability Office reported in February 2005, that in conducting the legislatively mandated privacy impact assessment for US-VISIT, DHS had failed to address fully the privacy issues in system documentation. The DHS evaluation also failed to comply fully with recommendations of the Office of Management and Budget (OMB) and the National Institute of Standards and Technology (NIST).74 Biometric data collected by US-VISIT currently includes digital fingerscans and photographs, the two parameters recommended by NIST. However, the choice of biometric technologies is at the discretion of the United States Secretary of State and the Secretary of Homeland Security.75

Additionally, immigration authorities, in conjunction with several other federal agencies, are implementing the Student and Exchange Visitor Information System (SEVIS).76 This program, which is maintained by US Immigration and Customs Enforcement Office of DHS, is an Internet-based system that allows schools to transmit student information to the government for purposes of tracking and monitoring non-immigrant and exchange students. Accessible information includes a student's personally identifiable information, admission at port of entry, academic information, such as changes in program of study, and disciplinary information. Schools are required to transmit such information to the Bureau of Citizenship and Immigration Services (BCIS, formerly the Immigration and Naturalization Service) for the duration of a student's stay in the United States. In accordance with the PATRIOT Act, SEVIS was fully implemented by January 1, 2003. A recent Government Accountability Office report showed that problems remain in redressing data errors in student and exchange visitor records and that these errors can take months or even years to correct. Such errors make retention of such students in academic programs difficult.77 Of the estimated 15,000 requests for data fixes initiated since the inception of the program through spring 2005, about 6,600 remained unresolved.78 In February 2005, the DHS issued a privacy impact statement on SEVIS, wherein the agency reported that data files on students and exchange visitors are archived and retained for the statutory maximum period of 75 years.79

In November 2006, the Department of Homeland Security announced the Automated Targeting System, which "performs screening of both inbound and outbound cargo, travelers, and conveyances."80 The Automated Targeting System, part of the Department of Homeland Security’s Customs and Border Protection, was originally established to assess cargo that may pose a threat to the United States. Now the Department proposes to use the system to establish a secret terrorism risk profile for millions of people, most of whom will be U.S. citizens. Simultaneously, it is seeking to remove Privacy Act safeguards for the database that provides neither adequate access nor the ability to amend or correct inaccurate, irrelevant, untimely and incomplete records.81

Data mining

Total Information Awareness (TIA) was one of many post-September 11, 2001 responses to terrorism. TIA is a now-defunct program of the Defense Advanced Research Projects Agency (DARPA); TIA intended to scan ultra-large databases of personal information to detect the "information signature" of terrorists. The program was headed by Admiral John Poindexter and was renamed "Terrorism Information Awareness" to pacify critics.82 Congress acted to limit the project in February 2003 by requiring DARPA to submit a detailed report on TIA and later in the year cut funding for Admiral Poindexter's entire Information Awareness Office.

States have pursued information sharing and data mining arrangements. Most notable amongst these systems was the now-defunct MATRIX, or Multi-state Anti-Terrorism Information Exchange.83 This prototype database system run by the State of Florida and Seisint, a private company later acquired by LexisNexis, until exhaustion of federal funding on April 15, 2005. Built by a consortium of state law enforcement agencies headed by Florida, MATRIX combined public and private records from multiple databases with data analysis tools and provided a wealth of personal information in near-real time to law enforcement agents in 13 participating states. Most of the states that had been involved gradually withdrew their participation because of privacy concerns. In April 2005, however, Florida officials called for initiation of a more powerful successor to MATRIX that would include more types of data, such as financial and insurance records.84

The latest data sharing initiative creates "fusion centers," data sharing entities that acquire information from many sources, including private sector firms and anonymous tipsters.85 The Department of Homeland Security is seeking to create a national network of local and state fusion centers. There are 43 current and planned fusion centers in the U.S., and some states have more than one. The federal agency has provided more than $380 million to state and local governments in support of these centers.86 The fusion center program gives DHS enormous domestic surveillance powers.

A recent Congressional Research Service (CRS) report examined the Department of Homeland Security's utilization of data mining techniques to identify potential terrorist activities. The report found that while data mining can be effective, it also has limited capabilities for two reasons.87 First, data mining cannot identify causal relationships, merely connections between variables. Second, although data mining reveals patterns, it does not show the significance of the pattern. The GAO report suggests that Congress may wish to consider data mining implementation and oversight issues in the future, because of the potential for mission creep, data inaccuracies, and privacy abuses.

Radio Frequency Identification (RFID)

RFID legislation has been proposed, but not yet passed, in at least 11 state legislatures during the past year.88 Much of this legislation includes provisions for clear labeling of consumer products bearing RFID tags, a requirement originally proposed for federal legislation drafted by the Consumers Against Supermarket Privacy Invasion and Numbering (CASPIAN), the "RFID Right to Know Act of 2003."89

In May 2005, the Government Accountability Office (GAO) identified 13 federal agencies that were using or planning to use RFID tags, mainly for physical access control and asset-tracking purposes.90 GAO reported a general failure to address privacy issues raised by the use of RFID technology.91

The Department of State had planned to introduce the machine-readable "e-Passport," containing an RFID chip in the back cover, for US passport holders by the end of 2005. Privacy advocates and citizens raised concerns92 that personal information—including the passport holder's name, photograph, birth date, and passport number—would be readable from several feet rather than several inches as the State Department had maintained. After test findings revealed that the embedded information could indeed be vulnerable to identity theft, the agency announced in the spring of 2005 that implementation of the electronic passports would be delayed pending resolution of the security issues.93

The US Department of Homeland Security is moving forward with the Western Hemisphere Travel Initiative94 and the REAL ID system despite the fact that Homeland Security Secretary Michael Chertoff admitted in Congressional testimony in February 2007 that the agency is abandoning the use RFID-enabled documents in the US-VISIT border system because pilot testing failed.95 By October 2006, the 27 countries in the US Visa Waiver Program (which allows their citizens to enter the US without having to apply for a visa) were required to use electronic passports.96 About 15 million people per year travel to the US through the Visa Waiver Program. The State Department began issuing RFID-enabled passports in August 2006, arguing that the technology can be secured.97 However, a number of researchers have been able to break the security of so-called "strengthened passports."98

Privacy advocates also have cautioned that without regulation, RFID use could have significant, negative impact on individual privacy.99 At a Federal Trade Commission (FTC) workshop held in June 2004, FTC considered that RFID regulation was premature.100 The Federal Communications Commission (FCC) already regulates the use of electromagnetic spectrum in RFID applications. FCC places limits on the power and spectrum allocation of RFID readers, which in turn will limit the read range of a particular tag.101 In 2004, FCC reduced RF (radio frequency) power restrictions on DHS to improve the effectiveness of scanning shipping containers when they reach US ports.102 On October 23, 2004, the Department of Defense (DOD) announced a policy requiring all suppliers to begin using RFID on the "lowest possible piece" of shipments to DOD by January 2005. The announcement cited improvement of data quality, items management, asset visibility, and maintenance of material as reasons for the new policy.103 In February 2004, the US Food and Drug Administration (FDA) released a report suggesting that RFID could be instrumental in the fight against counterfeit drugs and help improve patient safety. The report claims it should be feasible to use RFID to track all drugs at the unit level by 2007.104 In October 2002, the ruled that the VeriChip, an RFID chip designed to be implanted in the human body, is not a regulated medical device "for security, financial, and personal identification/safety applications," although specific health applications would be.105 In October 2004, FDA allowed the use of the chip to provide easy access to individual medical records.106 Airlines are beginning to develop pilot programs to test the use of RFID for luggage tags to enhance security and protect against lost or misdirected bags.107

In 2006, several US states began to legislate the use of RFID in human implants. Wisconsin and North Dakota passed legislation forbidding the compelled implantation of RFID chips in humans,108 and Colorado, Ohio, Oklahoma and Florida are also debating such legislation.

In April 2007, the National Institute of Standards and Technology (NIST) issued its "Guidelines for Securing Radio Frequency Identification (RFID) Systems." NIST detailed how to address, in the context of an RFID system, the basic principles of the Organization for Economic Co-operation and Development's Guidelines on the Protection of Privacy and Transborder Flows of Personal Data.109

Voting privacy

The Twenty-Sixth Amendment to the United States Constitution grants the right to vote to citizens aged 18 years or older. Application of direct recording electronic (DRE)110 paperless voting technology in US public elections addresses some issues of voter privacy while potentially creating others. The greatest privacy benefits of DRE voting machines accrue to those who are visually disabled or have literacy challenges, or to language minorities. Critics of paperless DRE voting technology acknowledge the apparent usability benefits to some voters, but point to a critical vulnerability in their design.111 There are also charges that if the restricted space around DRE voting machines were too small this would threaten voter privacy.112 DRE voting technology has triggered strong debate between technologists,113 election administrators,114 voting rights activists, media, and NGOs.

Internet voting in the US is still in its infancy115 with only two states, Arizona116 and Michigan,117 who have attempted some level of public elections using this method. In 2004, the US military sought to undertake for the first time an all Internet voting process for military personal and civilians living abroad.118

Voter registration lists are now the responsibility of state governments.119 The Help America Vote Act (HAVA)120 requires that voter registrants submit proof of identity by providing a state-issued identity document or the last four digits of their Social Security number. HAVA also created the US Election Assistance Commission (EAC), which manages the federal government’s role in voter registration.121 HAVA requires that states create a single statewide-centralized voter registration database that will be used as the official list of qualified voters who may vote in Federal elections. EAC is preparing voluntary guidelines for states to help them in the development of these voter registration systems. Registration forms may include requests for name, current and previous address, home and work telephone numbers, birthplace, social security number,122 birth date, race, gender, and party affiliation.123 This registration information is made available to the people who manage political campaigns who can use the information to solicit voters for support.124

The Internet is making it much easier to engage in "free speech" in the form of monetary contributions to political causes and candidates.125 However, Congress can regulate the volume of this speech.126 Contribution of USD 200 or more will expose contributor's personally identifiable information to others.127 However, the cumbersome presentation of this personally identifiable information on the Federal Election Commission (FEC) Web page has been greatly enhanced128 with data mining technology.129 The Federal Election Commission Act of 1971, as amended in 1974, limits political contributions to candidates for federal elective office by individuals or groups.130