You are here:
WorldLII >>
Databases >>
EPIC Alert >>
1999 >>
[1999] EPICAlert 11
Database Search
| Name Search
| Recent Articles
| Noteup
| LawCite
| Help
EPIC Alert 6.11 [1999] EPICAlert 11
EPIC ALERT
Volume 6.11 July 15, 1999
Published by the Electronic Privacy Information Center (EPIC)
Washington, D.C.
http://www.epic.org
Table of Contents
[1] FTC Releases Incomplete Privacy Report
[2] EPIC Files Brief in Drivers' Privacy Case
[3] International Relations Committee Approves SAFE Crypto Bill
[4] Settlement Ends Litigation Over Anonymous Internet Messages
[5] House Extends Deadline for Wiretap Law Compliance
[6] New York Court Okays Warrantless Pen Register Surveillance
[7] 1999 Privacy Law Sourcebook Now Available
[8] Upcoming Conferences and Events
[1] FTC Releases Incomplete Privacy Report
This week the Federal Trade Commission released a new report onprivacy. "Self-Regulation and Privacy Online: FTC Report to Congress"
outlines an agenda to address online privacy issues that includes anumber of public workshops, task forces and an online survey, designedto
reassess progress in Web sites' implementation of fair informationpractices.
The FTC report was noteworthy because the Agency recommended thatCongress not take steps at this point to regulate privacy on theInternet.
According to the report, "the Commission believes thatlegislation to address online privacy is not appropriate at this time.
We also believe that industry faces some substantial challenges.
Specifically, the present challenge is to educate those companieswhich still do not understand the importance of consumer privacy
andto create incentives for further progress toward effective, widespreadimplementation."
The Commission put great weight on a recent study which found thattwo-thirds of web sites posted a notice concerning privacy. It
didn'tseem to interest the Commission that these notices typically tellpeople that personal information is collected without restriction,
andprovide no limitation on use, no rights of access, no redress forharm, nor any of the other basic elements of Fair InformationPractices.
Privacy advocates and consumer organizations were uniformlydisappointed by the FTC report. Jason Catlett, president ofJunkbusters,
said "Consumers must be given the power to enforce theirprivacy rights against those who would violate them." However, groupsdid
express support for a concurring opinion by Commissioner SheilaAnthony who wrote that "the time may be right for federal legislationto
establish at least baseline minimum standards."
The FTC, unlike privacy agencies around the world, also has no formalmechanisms for reporting on the receipt and disposition of privacyconcerns
submitted by consumers. Thus, the FTC "Report to Congress"
contained no actual data about how the agency is responding to privacyconcerns.
The following relevant materials are available online:
FTC Report "Self-Regulation and Privacy Online"
http://www.ftc.gov/os/1999/9907/index.htm#13
FTC Press Release on "Self-Regulation and Privacy Online"
http://www.ftc.gov/opa/1999/9907/report1999.htm
Opinion of Commissioner Sheila Anthony http://www.ftc.gov/os/1999/9907/pt071399anthony.htm
Statement of Privacy and Consumer Organizations http://www.junkbusters.com/ht/en/nr23.htm
EPIC Report "Surfer Beware: Personal Privacy and the Internet"
http://www.epic.org/reports/surfer-beware.html
[2] EPIC Files Brief in Drivers' Privacy Case
The Electronic Privacy Information Center today filed an amicuscuriae, or "friend of the court," brief in the U.S. Supreme Court,
arguing that the 1994 Driver's Privacy Protection Act (DPPA) is aconstitutional exercise of Congressional authority. The dataprotected
against disclosure by the DPPA includes "information thatidentifies an individual, including an individual's photograph, socialsecurity
number, driver identification number, name, address (but notthe 5-digit zip code), telephone number, and medical or disabilityinformation,
but does not include information on vehicular accidents,
driving violations, and driver's status."
EPIC urged the high court to reverse Condon v. Reno, a lower courtopinion which held that the DPPA violated the Tenth Amendment.
EPIC'sbrief focused on the vital privacy interests that DPPA addresses,
rather than on the federalism concerns raised by the statute. EPICargued that the state interest in collecting personal information
forinternal use does not justify public availability of such data. EPICalso noted that unregulated public access to motor vehicle
recordsburdens the right to travel: "Without adequate protection of personalinformation maintained by state DMVs, citizens must essentially
choosebetween privacy and the right to travel."
After receiving opposing briefs, the Court will schedule oral argumentin the case, probably for late 1999 or early 2000.
The text of the EPIC brief, in PDF format, is available at:
http://www.epic.org/privacy/drivers/epic_dppa_brief.pdf
[3] International Relations Committee Approves SAFE Crypto Bill
Despite attempts by the Clinton administration and its congressionalallies in both parties to gut the encryption export liberalizationfeatures
of Rep. Bob Goodlatte's (R-VA) Security and Freedom throughEncryption (SAFE) Act, the House International Relations Committee(HIRC)
voted on July 13 to approve the bill, with some minoramendments, in a 33-to-5 vote. During a four-hour legislative"mark-up" session,
several "killer" amendments to SAFE were introducedby Democratic and Republican legislators seeking to maintain theadministration's
ability to block or significantly delay exports ofencryption for a variety of reasons. The committee's actions followeda morning
classified briefing by Deputy Defense John Hamr#233#, in whichhe tried to persuade the committee to defeat SAFE in its present formor
approve it with the administration's amendments. At the same timeHamr#233# was lobbying against SAFE before the International RelationsCommittee,
Attorney General Janet Reno and FBI Director Louis Freehwere testifying before the House Armed Services Committee, arguingthat SAFE
would severely impact national security and public safety.
Rep. Sam Gejdenson (D-CT), the ranking Democratic member of theInternational Relations Committee, derided Hamr#233#'s closed secretsession,
saying "most of the information could and should have beendiscussed in public." Rep. Howard Berman (D-CA) rejected Gejdenson'sbrush-off
of the Department of Defense by suggesting that all membersof Congress should be briefed on the dangers of encryption exportrelief
by the National Security Agency (NSA). He suggested that theNSA could not "brutalize -- whatever -- do a mass assault" on 128-bitencryption.
Rep. Dana Rohrabacher (R-CA) said, "my NSA briefing wasthe same old 'gobbledy-gook' I heard from them when I was a member ofthe
Reagan administration."
Rep. Berman succeeded in amending SAFE to require a 30-day technicalreview period by the Secretary of Commerce for encryption exports.
But his amendment to allow the Administration to continue to restrictencryption exports under provisions of the Wassenaar Arrangementfailed.
Reps. Gejdenson and Manzullo criticized Wassenaar asineffective since countries like India and Israel are not bound by it.
The SAFE Act has now been approved, largely intact, by the Judiciaryand International Relations Committees -- the two panels with
primaryjurisdiction over the legislation. The House Rules Committee willsoon decide whether to send those committees' versions of
the bill tothe House floor rather than weakened versions approved by othercommittees.
Additional information on encryption policy is available at:
http://www.epic.org/crypto/
[4] Settlement Ends Litigation Over Anonymous Internet Messages
A California lawsuit that had the potential to provide the firstjudicial guidance on the rights of anonymous Internet posters has
beensettled. The case, which was filed by modem manufacturer Xircom, Inc.
against a "John Doe" defendant who had posted information critical ofthe company on a Yahoo! message board, was the first known case
inwhich an anonymous poster sought to quash a subpoena seeking hisidentity. Xircom alleged that the anonymous poster was a current
orformer employee who had violated a confidentiality agreement. Thesettlement of the lawsuit came before the court could address
theprivacy and First Amendment issues raised by "John Doe."
Under the terms of the settlement agreement, the identity of theposter was revealed by his counsel to selected senior executives ofXircom
under strict confidentiality requirements. "John Doe"
confirmed that he is not now, nor was he at the time of his Yahoo!
postings, a Xircom employee. He stated his belief that his postingswere expressions of his opinion, and said he did not intend that
anyreader should understand his posts to be anything more than hisopinion.
The Xircom settlement comes in the midst of a flurry of "John Doe"
litigation around the country. A closely-watched case involvingonline anonymity ended abruptly in May after the plaintiff corporationlearned
the identities of 21 "John Doe" defendants. Raytheon Co.
dismissed its lawsuit against a group of people it claimed werespreading company secrets on an Internet message board after thedefense
contractor succeeded in obtaining the individuals' names.
The dismissal suggested that it may have been the Raytheon's soleobjective to identify the anonymous individuals, without any intentionof
litigating the merits of its claims (see EPIC Alert 6.08).
[5] House Extends Deadline for Wiretap Law Compliance
The House of Representatives approved legislation on July 13 that willmake it easier for telecommunications companies to comply with
theCommunications Assistance to Law Enforcement Act (CALEA). Thecontroversial 1994 "digital telephony" law requires the companies
todesign their systems to more easily facilitate electronic sur-
veillance. The new legislation (H.R. 916) would allow companies torecoup more of the expenses that they incur to make their networkscompliant
with law enforcement requirements. CALEA authorizes $500million in federal funds to reimburse telecommunications firms makethe required
changes.
The bill approved by the House would change the compliance date forcompanies to be in compliance with the CALEA requirements to June
30,
2000. It would also set June 30, 2000, as the date after which thecompanies cannot submit expenses to the government for requiredinfrastructure
changes. The original cut-off date was Jan. 1, 1995.
Senate Judiciary Committee Chairman Orrin Hatch (R-UT) has introducedsimilar language in the Senate.
The Federal Bureau of Investigation, the telecommunications industryand privacy advocates (including EPIC) are involved in a pendingproceeding
before the Federal Communications Commission which willfinalize the technical requirements for CALEA compliance. The FCC islikely
to announce its decision soon.
Additional information on CALEA is available at:
http://www.epic.org/privacy/wiretap/#DT
[6] New York Court Okays Warrantless Pen Register Surveillance
A unanimous opinion issued by the New York Court of Appeals on July 6marks a significant shift in the wiretapping jurisprudence of
NewYork's highest court. Following the decision in People v. Martello,
police may install pen registers -- devices that monitor numbersdialed from a telephone line -- without obtaining a warrant based
onprobable cause. A "reasonable suspicion" is now sufficient for penregister surveillance to be initiated.
Most pen registers include a regular wiretapping feature to supplementthe number recording feature. It was the potential for abuse
of these"dual-feature" pen registers that prompted the New York court's 1993decision in People v. Bialostok, requiring police to
obtainwiretapping warrants for their use. The Bialostok decision noted that"it is the warrant requirement, interposing the magistrate'soversight,
that provides to citizens appropriate protection againstunlawful intrusion."
In its latest ruling, the Court of Appeals drastically limitedBialostok, holding that it did not apply to investigations conductedunder
Article 705 of the state Criminal Procedure Law, a 1988amendment that allows police to obtain a court order authorizing penregister
surveillance upon a showing of reasonable suspicion. TheCourt also held that Bialostok does not apply retroactively toinvestigations
completed prior to 1993. Consequently, the Courtrefused to suppress pen register evidence against Martello gathered bypolice from
1990 to 1992.
Additional information on electronic surveillance is available at:
http://www.epic.org/privacy/wiretap/
[7] 1999 Privacy Law Sourcebook Now Available
The Privacy Law Sourcebook 1999: United States Law, InternationalLaw, and Recent Developments. Marc Rotenberg, Editor (EPIC 1999).
The Privacy Law Sourcebook is the first one-volume resource forstudents, attorneys, researchers and journalists who need acomprehensive
collection of both U.S. and International privacy law,
as well as a fully up-to-date section on recent developments.
Includes the full texts of most major privacy laws and directivesincluding the FCRA, the Privacy Act, FOIA, Family Educational RightsAct,
Right to Financial Privacy Act, Privacy Protection Act, CableCommunications Policy Act, ECPA, Video Privacy Protection Act, OECDPrivacy
Guidelines, OECD Cryptography Guidelines, European UnionDirectives for both Data Protection and Telecommunications, and more.
The Privacy Law Sourcebook is updated and expanded for 1999 to includethe Children's Online Privacy Protection Act, materials on the
"SafeHarbor" proposal, and new legislation introduced to comply with the EUData Directive. Also included is an extensive new section
on privacyresources with useful web sites and contact information for privacyagencies, organizations, and publications. 572 pages,
paper, $50.00,
ISBN 1-893044-04-1.
"The 'Physicians Desk Reference' of the privacy world."
- Evan Hendricks, Privacy Times
"This is a handy compilation of privacy law instruments and a 'must'
for anyone seeking guidance about the location and content of the keystatutes, treaties, and recent developments."
- American Society of International Law
"I recommend the book to anyone who has to deal with privacy issuesand needs a handy and complete resource. It is just wonderful
tohave everything together in one place."
- Bob Gellman, Information and Privacy Consultant
The Privacy Law Sourcebook is available from Amazon.com at:
http://www.amazon.com/exec/obidos/ISBN=1893044041/electronicprivacA
Check for other titles at the EPIC Bookstore:
http://www.epic.org/bookstore/
[8] Upcoming Conferences and Events
Jurisdiction: Building Confidence in a Borderless Medium. QueenElizabeth Hotel, Montreal, Canada, July 26-27, 1999. Sponsored by theInternet
Law and Policy Forum. Contact: Marilyn Malenfant+1.514.744.0408 or malenfantilpf.org.
ABA Annual Conference, Section of International Law and Practice.
"Privacy Issues in Electronic Commerce." August 9, 1999. Atlanta,
Georgia. Contact http://www.abanet.org/annual/99/home.html
The 21st International Conference on Privacy and Personal DataProtection. Hong Kong, September 13-14, 1999. A distinguished groupof
over 50 speakers/panelists from overseas and Hong Kong will explorethe theme of "Privacy of Personal Data, Information Technology
&
Global Business in the Next Millennium."" Sponsored by the Office ofthe Privacy Commissioner for Personal Data in Hong Kong. Contact:
iccasiaonline.net
"A Privacy Agenda for the 21st Century." September 15, 1999. Hong KongConvention and Exhibition Centre, Hong Kong PRC. Contact:
rotenbergepic.org.
"Certified Wide Area Road Use Monitoring." September 21-23, 1999.
Albuquerque, New Mexico. Sponsored by the New Mexico State Highwayand Transportation Department Research Bureau in cooperation with
theUniversity of New Mexico Alliance for Transportation ResearchInstitute An intensive 2 1/2 day educational and developmentalsymposium
on a single rapidly evolving concept in IntelligentTransportation Systems (ITS). For more information:
http://www.unm.edu/~nmtrans/CWARUM-1.html
Information Security Solutions Europe 1999. October 4-6, 1999. MaritimproArte Hotel, Berlin, Germany. contact http://www.eema.org/isse/
RSA 2000. The ninth annual RSA Data Security Conference and Expo. SanJose McEnery Convention Center. San Jose, CA. January 16-20,
2000,
Contact: http://www.rsa.com/rsa2000/
Subscription Information
The EPIC Alert is a free biweekly publication of the Electronic PrivacyInformation Center. A Web-based form is available for subscribing
orunsubscribing at:
http://www.epic.org/alert/subscribe.html
To subscribe or unsubscribe using email, send email toepic-newsepic.org with the subject: "subscribe" (no quotes) or"unsubscribe".
Back issues are available at:
http://www.epic.org/alert/
About EPIC
The Electronic Privacy Information Center is a public interest researchcenter in Washington, DC. It was established in 1994 to focus
publicattention on emerging privacy issues such as the Clipper Chip, theDigital Telephony proposal, national ID cards, medical record
privacy,
and the collection and sale of personal information. EPIC is sponsoredby the Fund for Constitutional Government, a non-profit organizationestablished
in 1974 to protect civil liberties and constitutionalrights. EPIC publishes the EPIC Alert, pursues Freedom of InformationAct litigation,
and conducts policy research. For more information,
e-mail infoepic.org, http://www.epic.org or write EPIC, 666Pennsylvania Ave., SE, Suite 301, Washington, DC 20003. +1 202 544 9240(tel),
+1 202 547 5482 (fax).
If you'd like to support the work of the Electronic Privacy InformationCenter, contributions are welcome and fully tax-deductible.
Checksshould be made out to "The Fund for Constitutional Government" and sentto EPIC, 666 Pennsylvania Ave., SE, Suite 301, Washington,
DC 20003.
Your contributions will help support Freedom of Information Act andFirst Amendment litigation, strong and effective advocacy for the rightof privacy and efforts to oppose government regulation
of encryption andexpanding wiretapping powers.
Thank you for your support.
END EPIC Alert 6.11
.
WorldLII:
Copyright Policy
|
Disclaimers
|
Privacy Policy
|
Feedback
URL: http://www.worldlii.org/int/journals/EPICAlert/1999/11.html
