WorldLII Home | Databases | WorldLII | Search | Feedback

EPIC Alert

You are here:  WorldLII >> Databases >> EPIC Alert >> 1998 >> [1998] EPICAlert 3

Database Search | Name Search | Recent Articles | Noteup | LawCite | Help

EPIC Alert 5.03 [1998] EPICAlert 3






EPIC ALERT




Volume 5.03 March 9, 1998

Published by the Electronic Privacy Information Center (EPIC)
Washington, D.C.

http://www.epic.org/


Table of Contents



[1] FBI and Telephone Industry Working Toward Wiretap Agreement
[2] Advocates, Academics, Experts Send Letter on Privacy Conference
[3] New BW/Harris Poll Shows Support for Privacy Legislation
[4] Encryption Debate Resumes -- ACLU/EFF/EPIC Issue Statement
[5] FCC Requires Privacy Protections for Phone Records
[6] Virginia Internet Censorship Law Struck Down
[7] Congressional Actions, New Bills and Upcoming Hearings
[8] Upcoming Conferences and Events


[1] FBI and Telephone Industry Working Toward Wiretap Agreement


The telephone industry and the FBI may be on the verge of an agreement
that could jeopardize the privacy of all Americans. Following a meeting
with Attorney General Janet Reno and FBI Director Louis Freeh on March 6,
industry executives agreed to resume negotiations over implementation ofthe Communications Assistance to Law Enforcement Act (CALEA), acontroversial 1994 law requiring that digital telephone technology bedesigned to facilitate wiretapping. The discussions had broken down afterindustry negotiators concluded that the FBI was seeking to significantlybroaden its surveillance powers and require many more technical changesthan CALEA envisions.

The impasse has delayed implementation of CALEA, which requires newwiretap-friendly technology to be in place by October 28 of this year.
Attorney General Reno recently told Congress that the FBI and JusticeDepartment "will avail ourselves of all lawful mechanisms available" toforce implementation of CALEA. She has also conceded that thetechnological changes sought by the FBI will likely exceed the $500
million Congress authorized the government to pay telecommunications
companies to make the changes needed to let law enforcement conduct
wiretaps on digital lines.

The March 6 DOJ/FBI/industry meeting was closed to the public, a fact thatled EPIC and other groups to send the Attorney General a letter of protest.
The letter noted that, "the effort to agree on a design of the nation'stelephone system without privacy input violates the intent of Congress toensure public participation in the process." Recent FBI actions have alsobeen criticized by Rep. Bob Barr (R-GA), who told the House ofRepresentatives on March 4,

The FBI . . . has gone far beyond its consultative role in the implementation of CALEA. The FBI has insisted that the industry's technical standards include requirements for capabilities that go beyond the scope or intent of CALEA. The capabilities proposed to be included by the FBI are costly, technically difficult to deploy or technically infeasible, and raise significant legal and privacy concerns.

Barr has introduced legislation that would delay for two years the
deadline for industry compliance with CALEA.

More information on CALEA and wiretapping is available at:

http://www.epic.org/privacy/wiretap/



[2] Advocates, Academics, Experts Send Letter on Privacy Conference


A group of more than 70 leading privacy scholars, advocates, andtechnical experts have urged the Department of Commerce to ensurethat a proposed White House conference on privacy is not dominatedby special interest groups. The group said that "This conference providesan important opportunity for listening to the public and developingpolicies that respond to public concerns. It is critical to the operationof democratic government that all interested parties are given anopportunity to participate in important government proceedings."

The letter was created after the planning for the White HouseSponsored event was handed over to represenatives of the DirectMarketing Association and online companies that oppose privacy laws.
The group urged certain goals for a White House conference onprivacy. These include:

- Understanding the threats to privacy and the difficulty that consumers face trying to protect their privacy;

- Evaluating the sufficiency of self-regulation and the adequacy and effectiveness of current US privacy policies;

- Exploring the use of encryption, anonymity, and other privacy enhancing techniques to protect online privacy; and
- Recognizing the level of public support for strong privacy protection.

The letter made four recommendations for the organization of theconference:

1) The conference should be organized by full-time employees of theU.S. government and decisions about participation, progam, andconference activities must be made by the agency responsible for theevent; 2) The organizing of this event should be as open andinclusive as possible, including use of the Internet to solicitcomments; 3) The evaluation of the adequacy of self-regulation toprotect privacy should be a primary goal of this conference. Manybelieve that the policy has not succeeded and that stronger steps,
including legislation, should be considered; 4) Cryptography shouldbe a central issue at a White House conference on Internet Privacy.

The group said that "a fundamental change in the organization of thisevent must be made to address the issues we have outlined."

The text of the letter is available at:

http://www.epic.org/privacy/internet/daley_ltr_2_26_98.html


[3] New BW/Harris Poll Shows Support for Privacy Legislation


A new poll conducted by the Lou Harris organization for Businessweekshows far-reaching public support for privacy legislation. The pollfound that 53% of respondents wanted government to "pass laws nowfor how personal information can be collected and used on theInternet." 23% said that "government should recommend privacystandards for the Internet but not pass laws at this time." Only19% said "government should let groups develop voluntary privacystandards but not take any action now unless real problems arise."

The poll showed little difference in support for Internetprivacy legislation between Internet users and non-users. 50%
of PC users favord privacy legislation for the Internet.

The poll also suggested that privacy policies alone woulddo little to address public concerns about privacy. Of those whomight register at a web site, 44% said a policy would makelittle difference and 44% said it would make no differenceat all.

The findings of the Harris/Businessweek poll are consistentwith other polls about privacy legislation.

Businessweek/Harris Poll
http://www.businessweek.com/premium/11/b3569104.htm
EPIC Privacy Surveys Archive
http://www.epic.org/privacy/survey/



[4] Encryption Debate Resumes -- ACLU/EFF/EPIC Issue Statement


The debate over U.S. encryption policy is likely to heat up with thecreation of a new industry-led coalition and consideration of competingproposals pending before Congress. On March 4, Americans for ComputerPrivacy (ACP) was unveiled at a press conference on Capitol Hill. Thecoalition, supported by the high-tech industry and major tradeassociations, plans a $10 million media campaign to educate the public onthe threats to privacy posed by the Administration's crypto policy and theFBI's push for domestic controls on encryption. EPIC, along with theAmerican Civil Liberties Union and the Electronic Frontier Foundation,
released a statement welcoming the creation of ACP and supporting thecoalition's goal of fostering an informed public debate on encryptionpolicy (see text of statement below).

While the ACP is supporting the Safety and Freedom Through Encryption(SAFE) Act sponsored by Rep. Bob Goodlatte (R-VA), Senators John McCain(R-AZ) and Robert Kerrey (D-NE) are promoting a revised version of theirSecure Public Networks Act. The McCain-Kerrey bill seeks to establishvarious incentives for the widespread adoption of key-recovery encryptiontechniques that would enable governmental access to encrypted information.
It would also retain existing export controls on encryption. The SAFEbill, on the other hand, would relax export controls and is generallyviewed as a pro-encryption measure. It does, however, contain a provisioncriminalizing the use of encryption in furtherance of a crime. Thatprovision has been criticized by EPIC and other civil liberties groups.

In the midst of this activity, Vice President Gore on March 4 transmitted aletter on encryption policy to Senate Minority Leader Tom Daschle (D-SD).
While apparently intended to clarify the Administration's position, theGore letter sent mixed signals. The Vice President wrote that, "TheAdministration believes the best approach is to pursue a good faithdialogue over the coming months between industry and law enforcement, whichcan produce cooperative solutions, rather than seeking to legislatedomestic controls." But reiterating its support for key-escrow andkey-recovery, he said, "the Administration remains committed to findingways to preserve the ability of the Nation's law enforcement community toaccess, under strictly defined legal procedures, the plain text ofcriminally related communications and stored information."

The ACLU, EFF and EPIC issued a statement on the formation of theAmericans for Computer Privacy. The groups said that they welcomethe formation of the ACP. They said that there are two principalgoals that "must be incorporated into our national encryption policy"

- Repeal of existing U.S. controls on the export of encryption products and technology for everyone, not simply mass-market producers of encryption software; and
- Preserving the right of all Americans to use any encryption product or technique they wish, both domestically and abroad.

The groups further said that they oppose:

- Any government attempts to regulate the domestic use of encryption;

- Legal provisions that would criminalize the use of encryption,
such as those in all of the pending legislative proposals;

- Requirements for "key-escrow" or "key-recovery" techniques that would enable government access to private communications or data; and
- Linkages between the issuance of a digital signature or other electronic authentication certificate and the escrowing or registration of an encryption key.

Americans for Computer Privacy's website is at:

http://www.computerprivacy.org
The text of the Gore-Daschle letter is available at:

http://www.epic.org/crypto/legislation/gore_ltr_3_98.html
The text of the joint ACLU/EFF/EPIC statement:

http://www.epic.org/crypto/legislation/joint_statement_3_98.html



[5] FCC Rules on Telephone Record Privacy


The Federal Communications Commission ruled on February 19 thattelephone companies must obtain prior permission from their customersbefore they can use or disclose personal information collected as aresult of providing services. This was a rebuke of companies,
such as AT&T, which had argued for the automatic release of theinformation without permission, even though the law requires priorconsent.

In the 1996 Telecommunications Act, Congress included a provisiongoverning telecommunications carriers' use and disclosure of customerproprietary network information (CPNI) and other customer informationobtained by carriers in their provision of telecommunicationsservices. The law created three categories of customer informationto which different privacy protections and carrier obligations apply
-- individually identifiable CPNI; aggregate customer information; andsubscriber list information.

Carriers are permitted to use CPNI without customer approval tomarket offerings related to the customer's existing servicerelationship with the carrier. Where information is not sensitive, orwhere the customer so directs, the statute permits the free flow ordissemination of information beyond the existing customer-carrierrelationship.

The FCC ruled that:

(a) Carriers can use CPNI, without customer approval, to marketofferings that are related to, but limited by, the customer'sexisting service relationship with their carrier; and
(b) Before carriers may use CPNI to market services outside thecustomer's existing service relationship, carriers must obtainexpress customer approval. Such express approval may be written,
oral, or electronic. In order to ensure that customers are informedof their statutory rights before granting approval, carriers mustprovide a one-time notification of customers' CPNI rights prior toany solicitation for approval.

The FCC also asked for further comment on several issues: thecustomer's right to restrict carrier use of CPNI for all marketingpurposes; the appropriate protections for carrier information andadditional enforcement mechanisms the agency may apply; and the foreignstorage of, and access to, domestic CPNI.

The text of the new rules is available at:

http://www.fcc.gov/Bureaus/Common_Carrier/Orders/1998/fcc98027.txt


[6] Virginia Internet Censorship Law Struck Down


In the latest judicial rejection of Internet censorship laws, a federaljudge has struck down a Virginia statute that sought to bar state employeesfrom viewing "sexually explicit" communications online. In a 30-pagedecision issued on February 26, U.S. District Judge Leonie M. Brinkemagranted summary judgment to the plaintiffs and held that Virginia's"Restrictions on State Employee Access to Information Infrastructure"
unconstitutionally curbed the free speech rights of state universityprofessors and others.

"Most troubling of all," Judge Brinkema wrote, was that the law seemed"intended to discourage discourse on sexual topics" simply because thestate objects to such speech. "The Supreme Court has made it clear thatthe government may not use its authority over public employees for such apurpose." The judge agreed with free speech advocates who argue that nonew content regulation is needed for the Internet. She noted existingobscenity laws and said, "it is clear that the Act presents no improvementover existing federal law and state laws and policies concerning computeruse and the Internet."

The case, Urofsky v. Allen, was litigated by the ACLU on behalf of sixprofessors from Virginia colleges and universities. The decision was themost recent success in a series of ACLU cases challenging legalrestrictions on online speech. Previous court rulings struck down thefederal Communications Decency Act and Internet restrictions enacted in NewYork and Georgia. Currently, at least 25 states have passed or areconsidering Internet censorship laws. Since the beginning of this year,
five state legislatures have introduced restrictive Internet laws.

The text of the decision in Urofsky v. Allen is available at:

http://www.epic.org/free_speech/censorship/urofsky_v_allen.html


[7] New Congressional Bills and Upcoming Hearings


ACTIONS

H.R. 1428 -- Voter Eligibility Verification Act. Establishes a systemthrough which the Commissioner of Social Security and the AttorneyGeneral respond to inquiries made by election officials concerningthe citizenship of voting registration applicants and to amend theSocial Security Act to permit States to require individualsregistering to vote in elections to provide the individual's SocialSecurity number. Rejected by 210-200 vote on suspension calendar voteon February 12, 1998.

H.R. 2369 -- The Wireless Privacy Enhancement Act. Increases penaltiesfor intereception and disclosore of cell phone calls. Penalizespossession of modified scanner equipment. Approved by House414-1 on March 5, 1998.


UPCOMING HEARINGS

* Senate *

March 10, 1998. Appropriations, Commerce, Justice, State, and theJudiciary Subcommittee. To hold hearings to examine proposals toprevent child exploitation on the Internet. SD-192. 10:00 am.

March 17, 1998. Judiciary, Administrative Oversight and the CourtsSubcommittee. To hold hearings to examine privacy issues in thedigital age, focusing on encryption and mandatory access. SD-226.
10:00 am.

March 17, 1998. Judiciary, Technology, Terrorism, and GovernmentInformation Subcommittee. To hold hearings to review policydirectives for protecting America's critical infrastructures.
SD-226. 2:30 pm.

March 31, 1998. Appropriations, Commerce, Justice, State, and theJudiciary Subcommittee. To hold hearings on proposed budget estimatesfor fiscal year 1999 for the Department of Justice'scounterterrorism programs. SD-192. 10:00 am.


NEW BILLS

H.R. 3174. Requires electronic preservation and filing of reportsfiled with the Federal Election Commission by certain persons; torequire such reports to be made available through the Internet; andfor other purposes. Introduced by Rep. White (R-WA) on February 5,
1998. Referred to the Committee on House Oversight.

H.R. 3189. Parental Freedom of Information Act. Prohibits schoolsfrom giving students medical, psychological, or psychiatricexamination, testing, treatment, or immunization (except in the caseof a medical emergency); or to reveal any information about thestudent's personal or family life. Introduced by Rep. Thiart (R-KS).

H.R. 3209. On-Line Copyright Infringement Liability Limitation Act.
Limits liability of ISPs for copyright infringement for on-linematerial. Introduced by Rep. Coble on February 12, 1998.
Referred to the Committee on the Judiciary.

H.R. 3261. Privacy Protection Act of 1997. Introduced by Rep. Paul(R-TX). Limits use of SSN as identifier by government agencies.
Referred to the Committee on Ways and Means, and in addition to theCommittee on Government Reform and Oversight.

H.R. 3299. Family Genetic Privacy and Protection Act. Sets limits ondisclosure and use of genetic information in connection with grouphealth plans and health insurance coverage, prohibits employmentdiscrimination on the basis of genetic information and genetictesting. Introduced by Rep. Smith (R-WA). Referred to the Committee onCommerce, and in addition to the Committees on Education and theWorkforce, and Veterans' Affairs.

H.R. 3303. Department of Justice Appropriation Authorization Act,
Fiscal Years 1999, 2000, and 2001. Expands years of eligable fundingfor CALEA to 2000 from 1998. Funds For the Federal Bureau ofInvestigation: $3,014,654,000 for fiscal year 1999; $3,164,679,000for fiscal year 2000; and $3,322,913,000 for fiscal year 2001.

S. 1631. Parental Freedom of Information Act. Prohibits schools fromgiving students medical, psychological, or psychiatric examination,
testing, treatment, or immunization (except in the case of a medicalemergency); or to reveal any information about the student's personalor family life. Introduced by Senator Hutchinson (R-TX) on February11, 1998. Referred to the Committee on Labor and Human Resources.




[8] Upcoming Conferences and Events


ETHICOMP98. March 25-27,1998. Erasmus University, The Netherlands.
Sponsored by the Centre for Computing and Social ReponsibilityContact: http://www.ccsr.cms.dmu.ac.uk/conf/ccsrorgconf.html
Medical Privacy in the Information Age: Access, Ethics andAccountability Friday, March 27, 1998. Baltimore, MD. Sponsored byThe Women's Law Center of Maryland. Contact: conf98wlcmd.org
1998 IEEE Symposium on IEEE Computer Society, Oakland, CA, May 3-6.
Sponsored by IEEE and IACR. Contact:
http://www.research.att.com/~reiter/oakland98.html
ACM Policy98. May 10-12, 1998. Washington, DC. Sponsored by ACM andUSACM. http://www.acm.org/usacm/events/policy98/

1998 EPIC Cryptography and Privacy Conference. June 8, 1998.
Washington, DC. Sponsored by EPIC, Harvard University and LondonSchool of Economics. Contact: infoepic.org
INET'98, July 21-24, 1998, Geneva, Switzerland. Sponsored by InternetSociety. http://www.isoc.org/inet98/

Advances in Social Informatics and Information Systems, Baltimore,
MD, Aug. 14-16, 1998. Sponsored by the Association for InformationSystems Contact: http://info.cwru.edu/rlamb/ais98cfp.htm
CPSR Annual Conference - Internet Governance. Boston, Mass, Oct.
10-11. Sponsored by CPSR. contact: cpsrcpsr.org
(Send calendar submissions to alertepic.org)


Subscription Information


The EPIC Alert is a free biweekly publication of the ElectronicPrivacy Information Center. To subscribe or unsubscribe, send emailto epic-newsepic.org with the subject: "subscribe" (no quotes) or"unsubscribe". A Web-based form is available at:

http://www.epic.org/alert/subscribe.html
Back issues are available at:

http://www.epic.org/alert/


About EPIC


The Electronic Privacy Information Center is a public interestresearch center in Washington, DC. It was established in 1994 tofocus public attention on emerging privacy issues such as the ClipperChip, the Digital Telephony proposal, national ID cards, medicalrecord privacy, and the collection and sale of personal information.
EPIC is sponsored by the Fund for Constitutional Government, anon-profit organization established in 1974 to protect civil libertiesand constitutional rights. EPIC publishes the EPIC Alert, pursuesFreedom of Information Act litigation, and conducts policy research.
For more information, e-mail infoepic.org, http://www.epic.org orwrite EPIC, 666 Pennsylvania Ave., SE, Suite 301, Washington, DC20003. +1 202 544 9240 (tel), +1 202 547 5482 (fax).

If you'd like to support the work of the Electronic PrivacyInformation Center, contributions are welcome and fullytax-deductible. Checks should be made out to "The Fund forConstitutional Government" and sent to EPIC, 666 Pennsylvania Ave.,
SE, Suite 301, Washington DC 20003. Individuals with First Virtualaccounts can donate at http://www.epic.org/epic/support.html
Your contributions will help support Freedom of Information Act andFirst Amendment litigation, strong and effective advocacy for theright of privacy and efforts to oppose government regulation ofencryption and funding of the National Wiretap Plan.

Thank you for your support.

END EPIC Alert 5.03











WorldLII: Copyright Policy | Disclaimers | Privacy Policy | Feedback
URL: http://www.worldlii.org/int/journals/EPICAlert/1998/3.html