You are here:
WorldLII >>
Databases >>
EPIC Alert >>
1998 >>
[1998] EPICAlert 5
Database Search
| Name Search
| Recent Articles
| Noteup
| LawCite
| Help
EPIC Alert 5.05 [1998] EPICAlert 5
EPIC ALERT
Volume 5.05 April 23, 1998
Published by the Electronic Privacy Information Center (EPIC)
Washington, D.C.
http://www.epic.org/
*** 1998 EPIC Cryptography and Privacy Conference ***
http://www.epic.org/events/crypto98/
Table of Contents
[1] Daley Criticizes Crypto Policy, Doubts Self-Regulation
[2] Court Finds AOL Immune From Libel Suit
[3] Library Internet Filters Held to High Free Speech Test
[4] New Report Finds E-FOIA Efforts Lacking
[5] Court Rules Infrared Scanner Violates Fourth Amendment
[6] IRS Audit Finds Lax Privacy Protections
[7] New Congressional Bills and Upcoming Hearings
[8] Upcoming Conferences and Events
[1] Daley Criticizes Crypto Policy, Doubts Self-Regulation
On April 15, Secretary of Commerce William Daley delivered a majorspeech on "The Emerging Digital Economy." Daley made a number ofcomments
about privacy and encryption, and their roles in the emerginginformation economy. He described privacy as a "make or break issue"
for electronic commerce and said that the White House was pursuing apolicy of self-regulation, but that "industry has been slow to
putprotections in place." Daley asked industry to "move quickly toestablish an overarching, self-regulatory effort that includesconsumer
representation."
On the encryption issue, the Secretary was surprisingly candid. Hedescribed the effort to implement the current policy as a "failure,"
and warned that "our own paralysis has made it difficult to persuadeother nations to pursue policies similar to our own." His commentscontrasted
sharply with other officials who have claimed that there issupport for the U.S. key escrow/ key recovery initiative. Still,
Daley said that the administration remains committed to finding a"compromise" between the interests of law enforcement and business
andprivacy groups.
A group of privacy experts, advocates and scholars wrote to SecretaryDaley in late February about privacy issues. The group urged
him tolook more closely at the adequacy of self-regulation as a means toprotect privacy, and recommended that more attention be paid
to theimportant role of encryption and related techniques in on-lineprivacy.
The Department of Commerce has scheduled a conference on privacyissues that will take place on May 13-14 in Washington, DC.
Information should soon be available at the Department of Commerceweb site.
Secretary Daley's recent address is available at:
http://www.osec.doc.gov/ops/ecom.htm
The "Letter Regarding a Proposed White House Conference on Privacy"
is available at:
http://www.epic.org/privacy/internet/daley_ltr_2_26_98.html
[2] Court Finds AOL Immune From Libel Suit
A federal judge in Washington has ruled that America Online cannot besued for posting an allegedly defamatory item by gossip columnistMatt
Drudge. The ruling came in a lawsuit filed by White Houseofficial Sidney Blumenthal after Drudge reported that Blumenthal had"a spousal
abuse past that has been effectively covered up." Thesuit named as defendants both Drudge and AOL, which carried "TheDrudge Report"
under a license agreement with the columnist.
In an opinion issued on April 22, U.S. District Judge Paul L.
Friedman held that AOL enjoys broad immunity from suit under asurviving provision of the Communications Decency Act (most of whichwas
struck down by the Supreme Court last summer). That provision,
which was intended to encourage online providers to "self-police"
their systems for "offensive" content, states:
No provider or user of an interactive computer service shall be treated as the publisher or speaker of any information
provided by another information content provider.
The judge noted that, under the terms of its agreement with Drudge,
AOL retained "certain editorial rights ... including the right torequire changes in content and to remove it." While finding that
theCDA provision relieves the online service of any potential liability,
Judge Friedman noted an anomaly in the result:
Because it has the right to exercise editorial control over those with whom it contracts and whose words it disseminates,
it would seem only fair to hold AOL to the liability standards applied to a publisher or, at least, like a book store owner
or library, to the liability standards applied to a distributor. But Congress has made a different policy choice by
providing immunity even where the interactive service provider has an active, even aggressive role in making available content
prepared by others.
The suit against Drudge will proceed, and attorneys for Blumenthalhave indicated that they will appeal the dismissal of AOL as adefendant.
[3] Library Internet Filters Held to High Free Speech Test
In the first court ruling on the use of Internet filtering softwarein libraries, a federal judge on April 7 rejected a motion to dismissa
lawsuit challenging the use of filters in public libraries inLoudoun County, Virginia.
In a 36-page decision, U.S. District Judge Leonie M. Brinkema heldthat "the Library Board may not adopt and enforce content-basedrestrictions
on access to protected Internet speech" unless it meetsthe highest level of constitutional scrutiny. Noting that publiclibraries
are places of "freewheeling and independent inquiry," thecourt quoted extensively from Reno v. ACLU, the landmark SupremeCourt decision
on Internet free speech, and emphasized that the Court"analogized the Internet to a 'vast library including millions ofreadily available
and indexed publications,' the content of which 'isas diverse as human thought.'"
The Loudoun County decision comes as Congress is considering theInternet School Filtering Act, a bill that would require all publiclibraries
and schools that receive federal funds for Internet accessto install filtering and blocking software. The bill (S. 1619) hasbeen
approved by the Senate Commerce Committee and could reach theSenate floor as early as mid-May. Efforts are underway to revise thebill
to provide for Internet education programs and acceptable usepolicies as more effective (and constitutional) alternatives tomandatory
filtering.
Information on Internet filtering, including the text of the LoudounCounty decision, is available at the Internet Free ExpressionAlliance
website:
http://www.ifea.net
[4] New Report Finds E-FOIA Efforts Lacking
A new report released on April 20 finds that a majority of federalagencies have failed to meet the requirements of the ElectronicFreedom
of Information Act (EFOIA). EFOIA was enacted in 1996 andwent into effect in October 1997. It was designed to make access toelectronic government
records easier.
The study, produced by OMB Watch, found that of the 56 agenciesresponding to a survey, 23 percent "have no EFOIA presence," 73percent
have "varying degrees of compliance with the requirements,"
and as of January 31, 1998, "no agency had complied fully with EFOIA."
OMB Watch found that the Office of Management and Budget, which isrequired to provide guidance under the law, has not provided adequateguidance
or assistance to agencies during the implementation process.
It also faulted Congress for failing to provide adequate funding toimplement the Act.
The report recommends that OMB provide better guidance and support,
that agencies better organize their online records, and that anenforcement mechanism be created to identify and penalize agenciesthat
are not complying with the Act.
More information on EFOIA is available at:
http://www.epic.org/open_government/
[5] Court Rules Infrared Scanner Violates Fourth Amendment
The U.S. Court of Appeals for the 9th Circuit ruled on April 9 thatthe use of thermal imaging devices to examine homes in criminalinvestigations
is a violation of the Fourth Amendment. The courtruled in U.S. v. Kyllo that police must obtain a court order based onprobable cause
before a thermal imager can be used.
The court found that the information gleaned from the infrared scanneris "sufficiently intimate to give rise to a Fourth Amendmentviolation."
The court noted that
with a basic understanding of the layout of a home, a thermal imager could identify a variety of daily activities conducted
in homes across America: use of showers and bathtubs, ovens,
washers and dryers, and any other household appliance that emits heat. Even the routine and trivial activities conducted
in our homes are sufficiently "intimate" as to give rise to Fourth Amendment violation if observed by law enforcement without
a warrant. We therefore conclude that the use of a thermal imager to observe heat emitted from various objects within the
home infringes upon an expectation of privacy that society clearly deems reasonable.
The court rejected prosecution arguments that the scanner was merelyrecording "waste heat" and cited the 10th Circuit Court of Appealsin
finding that the interpretation of the heat information yieldsinformation on the activities inside the house:
[o]ur fellow circuits have, we think, misapprehended the most pernicious of the device's capabilities. The machine intrudes
upon the privacy of the home not because it records white spots on a dark background but rather because the interpretation
of that data allows the government to monitor those domestic activities that generate a significant amount of heat.
Thus, while the imager cannot reproduce images or sounds, it nonetheless strips the sanctuary of the home of one vital
dimension of its security: "the right to be let alone" from the arbitrary and discre-
tionary monitoring of our actions by government officials.
The text of the opinion is available at:
http://laws.findlaw.com/9th/9630333.html
[6] IRS Audit Finds Lax Privacy Protections
An IRS audit publicly released in early April found that IRS employeesdisclosed personal tax information over the telephone to undercoverauditors
posing as taxpayers who only provided names, addresses andSocial Security Numbers.
According to the report, which was written in September 1997,
"Auditors were able to secure tax and income information over thephone using names, addresses and SSNs obtained from sources availableto
the public." IRS workers only asked for a person's name, addressand Social Security Number 32 percent of the time. Agency workersasked
for more detailed information 27 percent of the time.
Auditors made 109 phone calls and received information from the IRS onthe taxpayers' income, withholdings, or refunds in 96 cases.
Theinformation was provided over the phone, faxed, or sent to addressesother than the address on file with the agency.
The report recommended that more information be required beforesensitive tax information is released. The IRS now says that it willrequire
more information before personal records are disclosed.
[7] New Congressional Bills and Upcoming Hearings
NEW BILLS
H.R. 3601. Identity Theft and Assumption Deterrence Act of 1998.
Criminalizes identify theft. Introduced by Shadegg (R-AZ) on March 30.
Referred to the Committee on the Judiciary, and in addition to theCommittee on Transportation and Infrastructure.
H.R. 3605. Patients' Bill of Rights Act of 1998. Requires insurersto protect records and provide access to patients. Introduced
byDingell (D-MI) on March 30. Referred to the Committee on Commerce,
and in addition to the Committees on Ways and Means, and Education andthe Workforce.
S. 1921. Health Care PIN Act. Comprehensive "medical privacy" bill.
Requires patients to give up medical privacy before receiving healthcare. Introduced by Jeffords (R-VT) on April 2. Referred to
theCommittee on Labor and Human Resources
[8] Upcoming Conferences and Events
Encryption Intrigue on the International Stage. Washington, DC. April30, 1998. Sponsored by the Cato Institute. Contact:
http://www.cato.org/events/calendar.html
1998 IEEE Symposium on Security. IEEE Computer Society, Oakland, CA,
May 3-6. Sponsored by IEEE and IACR. Contact:
http://www.research.att.com/~reiter/oakland98.html
As Technology Moves Forward, Do Worker Rights Move Backwards? --
Privacy in The Workplace. Chicago, Illinois. May 6 and 13, 1998.
Sponsored by: The Crossroads Center for Faith and Work &The Institutefor Business & Professional Ethics, DePaul University.
http://www.depaul.edu/ethics
ACM Policy98. May 10-12, 1998. Washington, DC. Sponsored by ACM andUSACM. http://www.acm.org/usacm/events/policy98/
Department of Commerce Conference on Privacy. March 13-14.
Washington, DC. Contact: Becky Burr <bburrntia.doc.gov>
The Threats to Democracy Conference. May 15-18. Washington D.C.
Sponsored by People For the American Way. Contact: balcomgrpaol.com
1998 EPIC Cryptography and Privacy Conference. June 8, 1998.
Washington, DC. Sponsored by EPIC, Harvard University and LondonSchool of Economics. Contact: http://www.epic.org/events/crypto98/
INET'98, July 21-24, 1998, Geneva, Switzerland. Sponsored by InternetSociety. Contact: http://www.isoc.org/inet98/
Advances in Social Informatics and Information Systems, Baltimore, MD,
Aug. 14-16, 1998. Sponsored by the Association for InformationSystems Contact: http://info.cwru.edu/rlamb/ais98cfp.htm
CPSR Annual Conference - Internet Governance. Boston, Mass, Oct.
10-11. Sponsored by CPSR. contact: cpsrcpsr.org
1999 RSA Data Security Conference. San Jose, California, January18-21, 1999. Sponsored by RSA. Contact: http://www.rsa.com/conf99/
(Send calendar submissions to alertepic.org)
Subscription Information
The EPIC Alert is a free biweekly publication of the ElectronicPrivacy Information Center. To subscribe or unsubscribe, send emailto
epic-newsepic.org with the subject: "subscribe" (no quotes) or"unsubscribe". A Web-based form is available at:
http://www.epic.org/alert/subscribe.html
Back issues are available at:
http://www.epic.org/alert/
About EPIC
The Electronic Privacy Information Center is a public interestresearch center in Washington, DC. It was established in 1994 tofocus
public attention on emerging privacy issues such as the ClipperChip, the Digital Telephony proposal, national ID cards, medicalrecord
privacy, and the collection and sale of personal information.
EPIC is sponsored by the Fund for Constitutional Government, anon-profit organization established in 1974 to protect civil libertiesand
constitutional rights. EPIC publishes the EPIC Alert, pursuesFreedom of Information Act litigation, and conducts policy research.
For more information, e-mail infoepic.org, http://www.epic.org orwrite EPIC, 666 Pennsylvania Ave., SE, Suite 301, Washington, DC20003.
+1 202 544 9240 (tel), +1 202 547 5482 (fax).
If you'd like to support the work of the Electronic PrivacyInformation Center, contributions are welcome and fullytax-deductible.
Checks should be made out to "The Fund forConstitutional Government" and sent to EPIC, 666 Pennsylvania Ave.,
SE, Suite 301, Washington DC 20003. Individuals with First Virtualaccounts can donate at http://www.epic.org/epic/support.html
Your contributions will help support Freedom of Information Act andFirst Amendment litigation, strong and effective advocacy for theright of privacy and efforts to oppose government regulation
ofencryption and funding of the National Wiretap Plan.
Thank you for your support.
END EPIC Alert 5.05
WorldLII:
Copyright Policy
|
Disclaimers
|
Privacy Policy
|
Feedback
URL: http://www.worldlii.org/int/journals/EPICAlert/1998/5.html
