You are here:
WorldLII >>
Databases >>
EPIC Alert >>
1997 >>
[1997] EPICAlert 13
Database Search
| Name Search
| Recent Articles
| Noteup
| LawCite
| Help
EPIC Alert 4.13 [1997] EPICAlert 13
EPIC ALERT
Volume 4.13 September 26, 1997
Published by the Electronic Privacy Information Center (EPIC)
Washington, D.C.
http://www.epic.org/
Table of Contents
[1] House Committee Rejects Domestic Crypto Ban
[2] HHS Releases Medical Privacy Recommendations
[3] Employment Eligibility Pilot Programs Begin
[4] White House Commission Urges Scrutiny of Private Employees
[5] ID Cards to Cost $10 Billion
[6] Imagine: FBI Finally Releases John Lennon Files
[7] New Bills in Congress
[8] Upcoming Conferences and Events
[1] House Committee Rejects Domestic Crypto Ban
The House Commerce Committee has rejected an FBI-backed proposal toimpose the first-ever domestic controls on encryption. In a 35-16vote
on September 24, the committee defeated an amendment to the SAFEcrypto bill offered by Reps. Michael Oxley (R-OH) and Thomas Manton(D-NY)
that would have banned the domestic manufacture and sale ofencryption products that do not provide law enforcement agencies easyaccess
to encrypted information. Speaking in opposition to theamendment, many committee members cited the unprecedented assault onprivacy
and civil liberties that would result if the FBI proposal wasadopted.
While surviving the draconian Oxley-Manton amendment, the SAFE bill,
originally introduced by Rep. Bob Goodlatte (R-VA) to relax U.S.
export controls on encryption products, did not emerge from theCommerce Committee unscathed. The committee adopted an amendmentoffered
by Reps. Ed Markey (D-MA) and Rick White (R-WA) that wouldcreate a new National Electronic Technologies (NET) Center within theJustice
Department. The NET Center would engage in research and"examine encryption techniques and methods to facilitate the abilityof law
enforcement to gain efficient access to plaintext ofcommunications and electronic information." The NET Center would beauthorized
to seek the assistance of "any department or agency of theFederal Government" in support of its mission, thereby providingexplicit
statutory authority for National Security Agency involvementin domestic law enforcement activities. The Markey-White amendmentalso
doubles the penalty for the use of encryption in furtherance of afelony and provides that "No person shall be subject to civil orcriminal
liability for providing access to the plaintext of encryptedcommunications or electronic information to any law enforcementofficial
or authorized government entity, pursuant to judicialprocess."
In a letter sent to the Commerce Committee prior to the vote, EPICjoined with the American Civil Liberties Union, Eagle Forum, Americansfor
Tax Reform and other groups in urging members to oppose "anyproposal establishing a legal structure for key recovery even iftemporarily
'voluntary,' any so-called 'compromise' provision drawnfrom Oxley-Manton . . . , and any new proposal that would limit theavailability
and use of strong encryption."
The fate of the SAFE bill is now uncertain. The original Goodlattelanguage has been substantially amended by five House committees,
withcontradictory results. Rep. Gerald Solomon (R-NY), chairman of theHouse Rules Committee, has indicated that he will not send
thelegislation to the House floor unless it contains the Oxley-Mantondomestic controls. As such, SAFE may no longer be a viable
vehiclefor the reform of encryption policy that it was originally intended topromote.
PDF versions of House Commerce Committee documents on the SAFE billare available at:
http://www.house.gov/commerce/full/092497/markup.htm
[2] HHS Releases Medical Privacy Recommendations
Health and Human Services (HHS) Secretary Donna Shalala released theDepartment's recommendations for a new medical privacy bill onSeptember
11, calling for legislation that would generally protect allmedical records. In addition, HHS says medical records should not beused
by employers and others for making non-medical decisions;
patients would have the right to sue if their records were disclosedimproperly and criminal and civil penalties could be imposed.
On a number of issues, the guidelines fall short. HHS recommends thatthere be no new laws preventing law enforcement access to medicalrecords,
essentially enabling law enforcement and other governmentofficials to obtain medical records without a court order. Inaddition,
on the issue of medical research, the guidelines recommendthat personally identifiable records be used for medical researchwithout
the consent of the patient. They also ignore the issue ofwhether a single unique identifier such as a Social Security numbershould
be used to link all medical records in a nationwide network ofrecords.
Importantly, HHS recommends that any new medical privacy law shouldnot preempt already existing state or federal laws that providegreater
protection. A major bill introduced last year by Sen. RobertBennett (R-UT) would have prevented states from providing moreprotection
to their citizens. Many states have enacted laws givingstronger privacy protection to records on substance abuse, AIDS andmental
health. Some states, such as Massachusetts, are currently inthe process of enacting comprehensive privacy legislation.
The text of the HHS recommendations and more information on medicalprivacy is available at:
http://www.epic.org/privacy/medical/
[3] Employment Eligibility Pilot Programs Begin
The Immigration and Naturalization Service (INS) and the SocialSecurity Administration (SSA) have announced three pilot programs forverifying
eligibility of employees to work within the United States.
The pilot programs were ordered by the Congress as part of theImmigration Reform and Immigrant Responsibility Act of 1996 in acompromise
attempt to avoid creation of a national identificationsystem.
The three programs are the Basic Pilot; the Citizen Attestation Pilot;
and the Machine-Readable Document Pilot. The Basic Pilot requiresthat employers verify the employment eligibility of all new employeesthrough
automated verification checks of SSA and INS databases using atelephone. The Citizen Attestation Pilot only checks the status ofnew
employees who attest they are not U.S. citizens, but is limited tostates where drivers' licenses are acceptable to the INS -- presumablythose
having the SSN on the face of the license. In the MachineReadable Pilot, the procedures are similar to the Basic Pilot exceptin
states with machine readable licenses (currently, only Iowa iseligible).
Each government department is required to assign a pilot program to atleast one agency within the department. In addition, companies
thathave been found to violate the Immigration Act can be compelled tojoin in the program. The pilot programs will last for four
yearsunless Congress re-authorizes them.
[4] White House Commission Urges Scrutiny of Private Employees
A special Presidential commission will recommend that certain privatesector employees be subjected to in-depth background checks andpolygraph
examinations. Speaking before The Bankers Roundtable onSeptember 11, Robert T. Marsh, Chairman of the President's Commissionon Critical
Infrastructure Protection, previewed the "corerecommendations" that will be transmitted to the White House.
Addressing "privacy issues in the employer-employee relationship,"
Marsh said:
Throughout its year-long effort, the Commission has struggled to address the competing interests of security and privacy
and the trade-offs between these two interests. . . . We are going to recommend that the Administration and Congress study
ways to make some of the tools that the federal government uses to perform background checks and issue security clearances
more readily available to employers within the critical infrastructures, at least in filling certain sensitive positions
within those infrastructures. These efforts may afford you, for example, a greater ability to inquire into and make use of
criminal history information, employment histories, and credit history information. Amendments should also be made to federal
polygraph law to include within the scope of current exemptions those who are in the business of providing information
security services.
The "critical infrastructures," as defined by Executive Order 13010,
include "telecommunications, electrical power systems, gas and oilstorage and transportation, banking and finance, transportation,
watersupply systems, emergency services (including medical, police, fire,
and rescue), and continuity of government."
The full text of the Marsh address is available at:
http://www.pccip.gov/marsh_banker.html
[5] ID Cards to Cost $10 Billion
The Social Security Administration announced on September 22 that itwould cost up to $10 billion to re-issue Social Security cards
astamper-proof identifiers.
Congress required the SSA to assess the cost as part of the 1996immigration and welfare bills. The SSA report reviews the history
ofthe SSN from its creation in 1935 through the current day. The reportdeclines to make any policy recommendations, but recognizes
some ofthe privacy issues raised by the use of the SSN as a nationalidentifier. An appendix to the report includes pending legislationthat
would limit the SSN's use.
The report examines the different technologies for ID cards from basicplain plastic cards to smart cards, including those that would
includea picture or biometric identifier. It notes that SSA cannotaccurately assess how many actual SSNs are in use -- the agency
isonly able to estimate a range between 269 and 327 million. At least10 million are estimated to be duplicate numbers.
More information on national identification cards is available at:
http://www.epic.org/privacy/id_cards/
[6] Imagine: FBI Finally Releases John Lennon Files
After resisting disclosure for more than 15 years, the Federal Bureauof Investigation has released almost all of its secret files
on JohnLennon. The documents underscore the sometimes questionable rationalefor FBI surveillance operations and the importance of
public oversightof those activities.
Since being sued under the Freedom of Information Act in 1983, theBureau had steadfastly withheld the Lennon files on "national security"
grounds. Now released, the records document FBI surveillance of theformer Beatle's political activities, under the close supervision
ofthe Nixon White House. Significantly, none of the disclosed filesdescribe Lennon as involved in any illegal act. In December
1995, U.S.
District Judge Robert Takasugi directed the FBI to disclose whether ithad "used unlawful activities in connection with the Lennoninvestigation."
Rather than respond to the questions, the FBInegotiated a settlement to release the documents.
Ironically, the Lennon files were released as a senior FBI officialtold an international privacy conference that "extreme" privacyconcerns
have "handcuffed" law enforcement's ability to investigatecriminal activity. FBI Counsel Alan McDonald told the InternationalConference
on Privacy in Montreal that, "Based on a theory of potentialgovernment abuse, important tools commonly used are to be restricted
orembargoed."
More information on the FBI investigation of John Lennon is availableat:
http://www.bagism.com/library/fbi-rock-criticism.html
[7] New Bills in Congress
HR 2215, Genetic Nondiscrimination in the Workplace Act. Introduced byKennedy (D-MA) on July 22. Amends Fair Labor Standards Act
to restrictemployers in obtaining, disclosing, and using of genetic information.
Referred to the Committee on Education and the Workforce.
HR 2216, Genetic Protection in Insurance Coverage Act. Introduced byKennedy (D-MA) on July 22. Limits the disclosure and use of
geneticinformation by life and disability insurers. Prohibits insurers fromrequiring genetic tests, denying coverage, setting rates
based ongenetics, using or maintain genetic info. Referred to the Committee onCommerce.
HR 2275, Genetic Employment Protection Act of 1997. Introduced byLowery (D-NY) on July 25. Prohibits employers, unions fromdiscriminating
on basis of genetic information. Referred to theCommittee on Education and the Workforce.
H.R.2368, Data Privacy Act of 1997. Introduced by Tauzin (R-LA) onJuly 31. Recommends that businesses create voluntary guidelines
toprotect privacy, and stop spamming. Referred to the Committee onCommerce.
HR 2369, Wireless Privacy Enhancement Act of 1997. Introduced byTauzin (R-LA) on July 31. Expands ban and penalties on sale ofscanners
that can intercept cellular and digital communications andinterception of communications. Referred to the Committee on Commerce.
HR 2372, Internet Protection Act of 1997. Introduced by White (R-WA)
on July 31. Limits FCC and state ability to regulate Internet.
Referred to the Committee on Commerce.
HR 2404, Stop the Theft of Our Social Security Numbers Act. Introducedby Filner (D-CA) on September 4. Prohibits IRS mailings that
includeSSN unless it is inside sealed envelope. Referred to the Committee onWays and Means.
HR 2507, ATM Public Safety and Crime Control Act. Introduced by Nadler(R-NY). Requires banks to install better surveillance cameras
in ATMs.
Referred to the Committee on Banking and Financial Services.
S. 1146, Digital Copyright Clarification and Technology Education Actof 1997. Introduced by Ashcroft (R-MO). Sets up new rules forcopyright
in digital networks. Referred to the Committee on theJudiciary.
[8] Upcoming Conferences and Events
Net Worth, Net Work: Technology and Values for the Digital Age. October4-5. University of Cal, Berkeley. Sponsored by CPSR. Contact:
http://www.cpsr.org/dox/home.html
20th National Information Systems Security Conference. October 7-10.
Baltimore, MD. Sponsored by NIST and NSA. Contact:
http://csrc.nist.gov/nissc/
EPIC International Privacy Conference. October 20,1997. GeorgetownUniversity Law Center, Washington, DC. Sponsored by EPIC. Contact:
shaunaepic.org.
Managing the Privacy Revolution '97. October 21-23, 1997. Washington,
DC. Sponsored by Privacy and American Business. Contact:
http://shell.idt.net/~pab/conf97.html
RSA'98 -- The 1998 RSA Data Security Conference. January 12-16, 1998.
San Francisco, CA. Contact kurtrsa.com or http://www.rsa.com/conf98/
(Send calendar submissions to alertepic.org)
The EPIC Alert is a free biweekly publication of the Electronic PrivacyInformation Center. To subscribe, send email to epic-newsepic.org
wihthe subject: "subscribe" (no quotes) or use the subscription form at:
http://www.epic.org/alert/subscribe.html
Back issues are available at:
http://www.epic.org/alert/
The Electronic Privacy Information Center is a public interestresearch center in Washington, DC. It was established in 1994 tofocus
public attention on emerging privacy issues such as the ClipperChip, the Digital Telephony proposal, national ID cards, medicalrecord
privacy, and the collection and sale of personal information.
EPIC is sponsored by the Fund for Constitutional Government, anon-profit organization established in 1974 to protect civil libertiesand
constitutional rights. EPIC publishes the EPIC Alert, pursuesFreedom of Information Act litigation, and conducts policy research.
For more information, e-mail infoepic.org, http://www.epic.org orwrite EPIC, 666 Pennsylvania Ave., SE, Suite 301, Washington, DC20003.
+1 202 544 9240 (tel), +1 202 547 5482 (fax).
If you'd like to support the work of the Electronic PrivacyInformation Center, contributions are welcome and fullytax-deductible.
Checks should be made out to "The Fund forConstitutional Government" and sent to EPIC, 666 Pennsylvania Ave.,
SE, Suite 301, Washington DC 20003. Individuals with First Virtualaccounts can donate at http://www.epic.org/epic/support.html
Your contributions will help support Freedom of Information Act andFirst Amendment litigation, strong and effective advocacy for theright of privacy and efforts to oppose government regulation
ofencryption and funding of the National Wiretap Plan.
Thank you for your support.
END EPIC Alert 4.13
WorldLII:
Copyright Policy
|
Disclaimers
|
Privacy Policy
|
Feedback
URL: http://www.worldlii.org/int/journals/EPICAlert/1997/13.html
