You are here:
WorldLII >>
Databases >>
EPIC Alert >>
1998 >>
[1998] EPICAlert 14
Database Search
| Name Search
| Recent Articles
| Noteup
| LawCite
| Help
EPIC Alert 5.14 [1998] EPICAlert 14
EPIC ALERT
Volume 5.14 October 13, 1998
Published by the Electronic Privacy Information Center (EPIC)
Washington, D.C.
http://www.epic.org
Table of Contents
[1] Congress Expands Surveillance Authority
[2] Child Protection Bill Includes Privacy Loophole
[3] Digital Millennium Copyright Act Sent to President
[4] GILC Convenes Policy Conference in Ottawa
[5] NGOs Issue Declaration at OECD Conference
[6] National DNA Database Goes Online
[7] New Bills and Actions in Congress
[8] Upcoming Conferences and Events
[1] Congress Expands Surveillance Authority
The House and the Senate last week approved legislation that wouldexpand wiretapping and the collection of personal information by
lawenforcement and intelligence agencies. The bill, H.R. 3694 -- theIntelligence Authorization Act for Fiscal Year 1999 -- funds
theoperations of the intelligence agencies, which reportedly received afunding increase to expand signals intelligence and analysis.
Thetotal budget figures are classified.
The bill authorizes the expansion of the use of roving wiretaps, whichallow law enforcement to wiretap multiple telephones to intercept
thecommunications of a single person who is using different phones. Underthe revisions, law enforcement agencies are no longer required
todemonstrate in court that the person is deliberately switching phonesto avoid interception, only that there is "probably cause
that theperson's actions could have the effect of thwarting interception."
Under current law, roving taps are uncommon -- there were twelve rovingtaps authorized in 1997, three in 1996, and four in 1995.
The bill also authorizes the Attorney General to ask the ForeignIntelligence Surveillance Court to issue orders placing pen registersand
trap and trace devices on telephones "to gather foreignintelligence or information concerning international terrorism." IfCongress
declares war on any country, a court order will not berequired. The number of orders will not be disclosed, except to theHouse and
Senate Intelligence Committees.
The bill also increases access to records held by businesses in thename of national security. Under the new law, the FBI will be
able toobtain information on individuals from travel records, hotelinformation, and storage facilities with an order from the ForeignIntelligence
Surveillance Court.
The bill has been sent to President Clinton for his signature; thePresident has expressed his intent to sign the bill into law shortly.
[2] Child Protection Bill Includes Privacy Loophole
Congress has enacted legislation requiring Internet service providers(ISPs) to report to law enforcement all suspected activities
involvingchild pornography. The "Child Protection and Sexual PredatorPunishment Act," which passed the House on October 12 and the
Senate onOctober 9, carves out a new exception to provisions of the ElectronicCommunications Privacy Act (ECPA) protecting the confidentiality
ofe-mail. While ECPA generally requires the government to obtain asearch warrant before obtaining the "contents" of a communication,
thenew legislation appears to waive that requirement where the presence ofchild pornography is suspected.
Under the "Child Protection Act," whenever an ISP "obtains knowledge offacts or circumstances from which a violation of [child pornographylaws]
is apparent," it must report such information to a lawenforcement agency. The law does not establish any standard of proofthat must
be met, and creates substantial disincentives forunder-reporting; ISPs could be fined up to $50,000 for the firstfailure to report
suspicious activity, and up to $100,000 for eachsubsequent failure to contact law enforcement authorities. While notrequiring ISPs
to turn over detailed information on the activities ofsubscribers, the legislation clearly permits such disclosures. Itprovides,
for example, that an ISP's report "may include additionalinformation or material developed by [the ISP], except that the FederalGovernment
may not require the production of such information ormaterial."
Subscribers will have little recourse if an overzealous ISP improperlydiscloses confidential information; the bill provides that no
ISP"shall be held liable on account of any action taken in good faith tocomply" with the reporting requirement.
[3] Digital Millennium Copyright Act Sent to President
On October 12, the House of Representatives approved legislation toupdate copyright law for digital media (H.R. 2281). The bill will
nowbe sent to the White House where President Clinton is expected to signit into law. The Senate approved the bill last week. The
legislationcreates criminal penalties for circumventing copyright protectionsystems and also forbids the manufacture, import, sale
or distributionof devices or services used for circumvention.
In response to the concerns of cryptographers and security experts,
limited exemptions for circumventing for the purposes of securitytesting or encryption research were included. However, there stillremain
concerns that the exemptions are too limited and will preventthe development and use of necessary research and security tools.
The bill also contains an exemption that allows circumvention if "thetechnological measure, or the work it protects, contains the
capabilityof collecting or disseminating personally identifying informationreflecting the online activities" of a user who seeks
to gain access tothe work protected. The circumvention is only allowed to disable theinformation collecting program. This provision
was added after EPICtestified about the threats to personal privacy presented by the bill.
The EPIC testimony stressed that users needed the ability to removecookies, or other information collecting technologies, which also
maybe used as copyright protection measures.
EPIC's testimony can be found at:
http://epic.org/privacy/copyright/epic-wipo-testimony-698.html
[4] GILC Convenes Policy Conference in Ottawa
The Global Internet Liberty Campaign (GILC) sponsored a conference on"The Public Voice in the Development of Internet Policy" in Ottawa,
Canada on October 7. More than 140 people from a dozen differentcountries attended the day-long symposium. The conference occurredjust
prior to an OECD Ministerial conference on electronic commerce.
John Manley, the Canadian Minister of Industry and chair of the OECDconference on Electronic Commerce, opened the Public Voice conferenceand
thanked GILC for bringing together NGOs. Mr. Manley stated thatthe GILC conference presented an excellent opportunity to bring diversepublic
interest groups together in a structured forum to discuss thedevelopment of global policy for electronic commerce.
According to Mr. Manley, the GILC concerns have been heard by the OECDministers and there is a link between the two conferences and
the OECDconference should benefit from a diversity of voices regardless offrontiers. In his conclusion Mr. Manley emphasized the
importance of a"global village," and showed his desire to have a "cyber marketplace"
which is available to wealthy and poor. "We gather from many countriesto develop e-commerce in the global village. Our challenge
is muchbroader today. Access to the Internet should be available to all andat a stage where half of the world population did not
make a telephonecall, this remains a very important challenge for consumers andsuppliers."
Mr. Manley was followed by David Johnston, the former Chair of theCanadian Information Highway Advisory Council and former Provost
ofMcGill University. According to Mr. Johnston, "we need to establish anenvironment where innovation can thrive, which recognizes
that ideasand innovation are keys to wealth creation and institutional adoption,
where change is not feared and strangled." Also governments arechallenged to adopt themselves in the information age and betterunderstanding
of the new technologies are needed.
Next was a panel on Consumer Protection, chaired by Karen Coyle ofCPSR, that included Benoit De Bayer (Centre de droit de laconsummation,
Belgium), Phillip McKee (National Consumer's League,
USA), Nathalie St. Pierre, (Fédération Nationale des Associations deConsommateurs du Quebec), Louise Sylvan (Vice President
of Consumers'
International and Chief Executive of the Australian Consumers'
Association) and Bjorn Erik Thon (Consumer Council of Norway).
The second panel focused on Free Speech and Access. It was chaired byBarry Steinhardt of the Electronic Frontier Foundation and featuredYaman
Akdeniz (Cyber-Rights and Cyber-Liberties UK), Pippa Lawson(Public Interest Advocacy Center), Meryem Marzouki (Imaginons un ReseauInternet
Soldaire), Sid Shniad (BC Telecommunications Workers Union),
Rigo Wenning (Fîrderverein Informationstechnik undGesellschaft), andJames Dempsey (Center for Democracy and Technology).
The luncheon speaker was Stephen Lau, the privacy commissioner for HongKong. Mr. Lau spoke about the need to protect dignity in the
on-lineworld.
The third panel was chaired by Deborah Hurley, director of the HarvardUniversity Information Infrastructure Project, and looked at
issuesrelated to Privacy and Encryption. Speakers on this panel includedDavid Banisar (Electronic Privacy Information Center), Ulf
Bruhan(European Commission, DG XV), David Jones (Electronic Frontier Canadaand Computer Science Professor, McMaster University),
ViktorMayer-Schonberger (University of Vienna, Austria and Kennedy School ofGovernment, Harvard University), and Jim Savary (York
University).
The final panel was on Human Rights in the Twenty-First Century and waschaired by Marc Rotenberg of the Electronic Privacy Information
Center.
The speakers were Harry Hochheiser (Computer Professionals for SocialResponsibility), Jagdish Parikh (Human Rights Watch), Edwin Rekosh(Public
Interest Law Initiative in Transitional Societies), FelipeRodriguez (Electronic Frontiers Australia) and Laurie Wiseberg (HumanRights
Internet).
The GILC participants and other NGOs representatives produced astatement that was later forwarded to the OECD Ministers (see below).
Complete conference reports are available at the conference report page:
http://www.gilc.org/events/ottawa98/agenda.html
[5] NGOs Issue Declaration at OECD Conference
Consumer, labor, civil liberties, and research organizations joinedtogether last week in support of a letter addressed to Organization
forEconomic Co-operation and Development (OECD) Ministers on the future ofInternet policy. Representatives of more than twenty non-governmentalorganizations
(NGOs) from eight countries signed the statement.
The NGOs urged the establishment of a permanent Public InterestAdvisory Committee (PIAC), similar in type and function to business
andlabor groups that currently advise the OECD. The group said that theCommittee should include representatives of public interest
groups inthe fields of human rights and democracy, privacy and data protection,
consumer protection, and access. The group said that the promotion ofelectronic commerce "must be considered within the broader framework
ofprotection of human rights, the promotion and strengthening ofdemocratic institutions, and the provision of affordable access toadvanced
communication services."
The group made the following recommendations to the OECD:
- Authentication and certification: All OECD member countries shouldimplement and enforce the 1992 OECD Guidelines for the Security
ofInformation Systems, particularly the Principles on Democracy, Ethics,
and Proportionality. The OECD should also consider issues ofauthentication and certification within the context of consumerprotection
and privacy protection. Policies and practices thatdisregard consumer and privacy concerns will ultimately underminepublic trust.
- Cryptography: The OECD should promote implementation of theCryptography Guidelines of 1997 and urge the removal of all controls
onthe use and export of encryption and other privacy enhancingtechniques. Trust requires the widespread availability of thestrongest
means to protect privacy and security.
- Protection of privacy: The OECD should urge member states toimplement fully and develop means to enforce the Privacy Guidelines
of1980. The OECD Guidelines provide an essential framework to establishconsumer trust in online transactions. Self-regulation has
failed toprovide adequate assurance. The group further recommended efforts topromote anonymity and minimize the collection of personal
informationso as to promote consumer confidence.
- Consumer protection: The OECD should support the establishment ofminimum standards for consumer protection, including the simplificationof
contracts, means for cancellation, effective complaint mechanisms,
limits on consumer liability, non-enforceability of unreasonablecontract provisions, recourse at least to the laws and courts of theirhome
country, and cooperation among governments in support of legalredress. Such minimal standards should provide a functional equivalenceto
current safeguards, offering at least the same levels of protectionthat would be afforded in the off-line world.
- Intellectual property: The framework for intellectual propertyprotection should be based upon mechanisms that are least intrusive
topersonal privacy, and least restrictive for the development of newtechnologies.
- Internet governance: Governments should foster Internet governancestructures that reflect democratic values and are transparent
andpublicly accountable to users. Standards processes should be open andshould foster competition.
- Taxation: At the Ottawa ministerial Conference, Charles Rossotti,
Commissioner of the United States Internal Revenue Service, spoke ofthe creation of a Tax Advisory Group, in which government andbusinesses
will participate. Similarly, the public interest groupsshould be invited to participate in this advisory group.
- Employment: Impacts on employment must be evaluated and taken fullyinto account in all discussions and negotiations.
Finally, the group recommended continued support for the OECD Committeefor Consumer Policy.
The following versions of the NGO letter are available:
http://www.gilc.org/speech/oecd/ngo-oecd-letter-1098.html (English)
http://www.gilc.org/speech/oecd/ong-lettre-ocde-1098.html (French)
http://www.ottawaoecdconference.com/english/announcements/e_tuac.pdf(PDF)
[6] National DNA Database Goes Online
An FBI database of the DNA of up to a million convicted criminals>from all fifty states will be activated on October 13, according
topublished reports. States will provide data to the National DNAIdentification System and share the DNA information. Investigatorswill
be able to upload DNA crime scene samples to the nationwidesystem and locate matches.
The federal DNA Identification Act of 1994 limits the database to DNA>from convicted criminals. Access will be restricted to lawenforcement
agencies and court orders will be required to use theinformation in judicial proceedings. For security reasons, thephysical location
of the database will not be disclosed.
DNA collection has been controversial, as it singles out individualsbased upon past criminal activity. The practice varies from state
tostate; every state collects DNA of sex offenders, while they differon whether they collect the DNA of other criminals, includingmurderers,
robbers and those who commit crimes against children.
White-collar criminals are universally excluded from collection.
In recent years, millions of dollars have been set aside in thefederal budget for "DNA Identification State Grants." The grantswere
made contingent on the state databases being networked withfederal computer systems.
In an August ruling that invalidated the Massachusetts "DNA Seizureand Dissemination Act," the State Superior Court held that theinvoluntary
seizure of DNA samples from prisoners, parolees, andprobationers without probable cause violates both the FourthAmendment of the
U.S. Constitution and Article 14 of theMassachusetts Constitution.
[7] New Bills and Actions in Congress
* NOTE: Several important measures, including the "CDA II" Internetcensorship legislation, remain pending in Congress. FinalCongressional
action will be reported in the next issue of the Alert.
H.R. 4651. Federal Criminal Law Improvements Act of 1998. Allowswiretapping for money laundering offenses, disclosure of illegallyobtained
wiretap information. Introduced by McCullum (R-FL) onSeptember 28. Referred to the Committee on the Judiciary.
H.R. 4667. Electronic Privacy Bill of Rights Act of 1998. Limitscollection of personal information of children under 13. Gives FTCenforcement
power. Orders FTC and FCC to hold proceedings onelectronic privacy. Introduced by Markey (D-MA) on October 1.
Referred to the Committee on Commerce. Text included in H.R. 3783 andapproved by the House.
S.2529. The Patients' Bill of Rights Act of 1998. Sets limited ruleson patient records privacy. Introduced by Daschle (D-SD) on September29.
Placed on Senate Calendar October 2.
S.2536. International Crime and Anti-Terrorism Amendments of 1998.
Allows for wiretaps in computer crime cases. Introduced by Hatch(R-UT). Placed on the Calendar On October 1.
[8] Upcoming Conferences and Events
Privacy Pandemonium: What the EU's Privacy Directive Means for theUnited States. October 16. Washington, DC. Sponsored by the CatoInstutute.
Contact: jenyepcato.org.
1998 UK Big Brother Awards. October 26. London School of Economics,
London, UK. Sponsored by Privacy International. Contact:
http://www.privacy.org/pi/bigbrother/
Symposium on Infowar and Civil Liberties. October 26. National PressClub, Washington, D.C. Sponsored by EPIC and FCG. Contact:
infoepic.org.
Encryption Controls Workshop. Bedford, MA, October 29. Sponsored byU.S. Department of Commerce. Contact: (202) 482-6031.
PDC 98 - the Participatory Design Conference, "BroadeningParticipation" November 12-14. Seattle, WA. Sponsored by ComputerProfessionals
for Social Responsibility in cooperation with ACM andCSCW 98. Contact: http://www.cpsr.org/conferences/pdc98
Data Privacy in the Global Age. November 13. Milwaukee, WI. Sponsoredby ACLU of Wisconsin Data Privacy Project. Contact: Carole
Doeppers<acluwicmdaol.com>.
Computer Ethics. Philosophical Enquiry 98 (CEPE'98). December 14-15.
London, UK. Sponsored by ACMSIGCAS and London School of Economics.
http://is.lse.ac.uk/lucas/cepe98.htm
1999 RSA Data Security Conference. January 18-21, 1999. San Jose, CA.
Sponsored by RSA. Contact: http://www.rsa.com/conf99/
FC '99 Third Annual Conference on Financial Cryptography. February22-25, 1999 Anguilla, B.W.I. Contact: http://fc99.ai.
Computers, Freedom and Privacy (CFP) '99. April 6-8, 1999. Washington,
DC. Sponsored by ACM. Contact: infocfp99.org.
1999 EPIC Cryptography and Privacy Conference. June 7, 1999.
Washington, DC. Sponsored by EPIC. Contact: infoepic.org.
Subscription Information
The EPIC Alert is a free biweekly publication of the ElectronicPrivacy Information Center. To subscribe or unsubscribe, send emailto
epic-newsepic.org with the subject: "subscribe" (no quotes) or"unsubscribe". A Web-based form is available at:
http://www.epic.org/alert/subscribe.html
Back issues are available at:
http://www.epic.org/alert/
About EPIC
The Electronic Privacy Information Center is a public interestresearch center in Washington, DC. It was established in 1994 tofocus
public attention on emerging privacy issues such as the ClipperChip, the Digital Telephony proposal, national ID cards, medicalrecord
privacy, and the collection and sale of personal information.
EPIC is sponsored by the Fund for Constitutional Government, anon-profit organization established in 1974 to protect civil libertiesand
constitutional rights. EPIC publishes the EPIC Alert, pursuesFreedom of Information Act litigation, and conducts policy research.
For more information, e-mail infoepic.org, http://www.epic.org orwrite EPIC, 666 Pennsylvania Ave., SE, Suite 301, Washington, DC20003.
+1 202 544 9240 (tel), +1 202 547 5482 (fax).
If you'd like to support the work of the Electronic PrivacyInformation Center, contributions are welcome and fully tax-
deductible. Checks should be made out to "The Fund forConstitutional Government" and sent to EPIC, 666 Pennsylvania Ave.,
SE, Suite 301, Washington DC 20003. Individuals with First Virtualaccounts can donate at http://www.epic.org/epic/support.html
Your contributions will help support Freedom of Information Act andFirst Amendment litigation, strong and effective advocacy for theright of privacy and efforts to oppose government regulation
ofencryption and funding of the digital wiretap law.
Thank you for your support.
END EPIC Alert 5.14
WorldLII:
Copyright Policy
|
Disclaimers
|
Privacy Policy
|
Feedback
URL: http://www.worldlii.org/int/journals/EPICAlert/1998/14.html
