WorldLII Home | Databases | WorldLII | Search | Feedback

EPIC Alert

You are here:  WorldLII >> Databases >> EPIC Alert >> 1999 >> [1999] EPICAlert 13

Database Search | Name Search | Recent Articles | Noteup | LawCite | Help

EPIC Alert 6.13 [1999] EPICAlert 13





EPIC ALERT




Volume 6.13 September 1, 1999

Published by the Electronic Privacy Information Center (EPIC)
Washington, D.C.

http://www.epic.org

Table of Contents



[1] FCC Grants FBI Surveillance Standards Request
[2] Administration Proposes Secret Break-ins to Combat Crypto
[3] Appeals Court Strikes Down Telephone Privacy Regs
[4] Advisory Group Urges Change in Crypto Policy
[5] Appellate Brief Challenges Internet Censorship Law
[6] New Amazon.com Feature Raises Privacy Concerns
[7] EPIC Bookstore - The Tin Drum
[8] Upcoming Conferences and Events


[1] FCC Grants FBI Surveillance Standards Request


In a decision released on August 31, the Federal CommunicationsCommission (FCC) largely adopted technical standards proposed by theFederal Bureau of Investigation (FBI) that would re-design thenation's telecommunications networks to facilitate electronicsurveillance. The ruling could result in a significant increase ingovernment interception of digital communications. Included is arequirement that cellular telephone networks must provide police theability to track the physical location of cell phone users.

The FCC decision involves the Communications Assistance for LawEnforcement Act (CALEA), a controversial law enacted by Congress in1994, which requires the telecommunications industry to design itssystems in compliance with FBI technical specifications. Innegotiations over the last few years, the FBI and industryrepresentatives were unable to agree upon those standards, resultingin the current proceeding before the Commission. EPIC opposed theenactment of CALEA in 1994 and has participated as a party in the FCCproceeding, arguing that many of the FBI standards go beyond the scopeof the legislation and threaten communications privacy.

Another standard approved by the FCC would allow police investigatorsto listen in on phone conversations of all parties to a conferencecall, even if some were put on hold and were no longer talking to thetarget of the authorized surveillance. The standards would also enablepolice to determine when someone is using call-forwarding, three-waycalling or other features.

On an issue of potentially great significance to the Internet, theCommission directed that "packet-mode communications" be made availableto law enforcement no later than September 2001. Such communicationscan contain both voice and data. Noting the privacy problems raised bythis requirement, the FCC requested the telecom industry to "studyCALEA solutions for packet-mode technology" that will "better addressprivacy concerns" and report back in one year.

EPIC is reviewing the full text of the decision and may challenge theFCC action in federal court.

Additional information on CALEA, including the full text of the FCCdecision, is available at:

http://www.epic.org/privacy/wiretap/



[2] Administration Proposes Secret Break-ins to Combat Crypto


A new Clinton Administration proposal could result in an unprecedentedintrusion into the sanctity of private homes and businesses. The WhiteHouse plan would enable federal and local law enforcement agents tosecretly break into private premises and alter computer equipment tocollect e-mail messages and other electronic information.

As first disclosed on August 20, the administration is circulatingdraft legislation known as the Cyberspace Electronic Security Act(CESA), the latest White House effort to address the growing use ofencryption technology. As described in an August 4 analysis of thelegislation obtained by EPIC, the proposal would amend current law toauthorize "the alteration of hardware or software that allows plaintextto be obtained even if attempts were made to protect it throughencryption." Courts would, for the first time, be able to approvecovert police entries into homes and offices for the purposes of makingsuch alterations.

CESA outlines law enforcement's ability to obtain the plaintext versionof encrypted information. Under CESA, officials would be allowed toobtain keys that can decipher encrypted information after obtaining awarrant. While CESA provides for the issuance of warrants when keys arein the hands of "recovery agents," it also includes more alarmingprovisions when there are no such "recovery agents."

When there are no third parties that possess keys and it is deemedimportant not to alert the suspect, law enforcement officials would begiven the power to enter homes surreptitiously to install a "recoverydevice." It is unclear what such a device may entail, but it wouldmodify software or hardware and allow for the recovery of plaintexteven if the suspect attempts to encrypt any of his or her computerfiles.

In a letter to Attorney General Janet Reno, Rep. Bob Barr (R-GA) said,
"This proposal demonstrates how addicted federal law enforcement hasbecome to electronic surveillance. In my opinion, this addictionthreatens both civil liberties and the effectiveness of lawenforcement." Barr predicted that CESA would be "dead on arrival" ifit is transmitted to Congress.

CESA is the latest in a long line of administration efforts to ensuregovernment access to encrypted information. While the JusticeDepartment defends CESA as striking a reasonable balance between civilliberties concerns and the needs of law enforcement, the proposal wouldgive government unprecedented authority to engage in the most invasivetechniques.



[3] Appeals Court Strikes Down Telephone Privacy Regs


In a somewhat odd opinion, a federal appeals court has ruled thatregulations developed by the FCC to implement the privacy provisions ofthe 1996 Telecommunications Act violate the First Amendment rights oftelephone companies to disclose the detailed calling records of theircustomers.

The challenge, brought by US West, focused on the opt-in provisionsthat were included in the FCC regulations. Those provisions requiretelephone companies to obtain affirmative consent from customers beforedisclosing "Customer Proprietary Network Information," which includes,
for example, monthly billing information. US West contended that thepurpose of the Act could be satisfied by means of an opt-out that wouldrequire customers to first learn about the disclosure of the personalinformation and then to object.

Judge Deanell Reese Tacha, joined by Circuit Judge David M. Ebel, foundthat the FCC's CPNI regulations restricted constitutionally protectedcommercial speech. They further held that although the government hasa substantial interest in protecting customer privacy and promotingcompetition, the FCC didn't show that its CPNI rules would "directlyand materially" advance those interests. The majority held that theCPNI rules were not sufficiently narrowly tailored to meet thoseobjectives.

Writing in dissent, Judge Mary Beck Briscoe said that "Congress made itabundantly clear it intended for telecommunications carriers to obtaincustomer 'approval' prior to using, disclosing, or permitting access toindividually identifiable CPNI." She concluded that US West's petitionfor review was "little more than a run-of-the-mill attack on an agencyorder clothed by ingenious argument in the garb of First and FifthAmendment issues" and said that the CPNI Order is an entirelyreasonable interpretation of section 222 of the 1996 TelecommunicationsAct.

Robert Ellis Smith, publisher of the Privacy Journal, noted that thethe U.S. Supreme Court has "held unequivocally that a commercial entitythat is not a news publication cannot claim to have full FirstAmendment protection for the information it includes in a creditreport." The reason is that this "ledger" information is for aspecialized business purpose, circulated within a narrowly confinedcommunity of users; it is not widely circulated public-interestmaterial for which the amendment was intended.

The text of US West v. FCC (10th Cir., Aug. 18, 1999) is availableat:

http://www.kscourts.org/ca10/cases/1999/08/98-9518.htm


[4] Advisory Group Urges Change in Crypto Policy


A White House advisory subcommittee announced on August 25 that it hasrecommended that the Clinton Administration substantially revise itsrestrictive stance on the export of encryption products. ThePresident's Export Council Subcommittee on Encryption (PECSENC) wasformed earlier this year to provide guidance in the U.S. Government'sdevelopment of encryption policy, which has been the subject of heateddebate. The government has insisted for years that liberalizingencryption export could cause serious national security problems bygiving terrorists and criminals access to the technology.

Critics of the Administration's policy had expected to find littlesupport in the subcommittee's recommendations. William Crowell, thesubcommittee's chairman, previously served as Deputy Director for theNational Security Agency. Several committee members also had ties tolaw enforcement or other government agencies. Despite these ties,
however, the subcommittee cited a need for the U.S. government to"recognize market realities" and reverse its course on encryptionpolicy. Among its recommendations:

- License-Free Zones: Recognizing that the European Union is planningto drop all cryptographic export rules between member countries, theU.S. should likewise identify a list of countries which do not pose anymajor terrorist threat, and allow encryption export (hardware andsoftware products) without a license.

- On-Line Merchants: On-line merchants based in other countries shouldbe added to the list of businesses permitted to have encryptionproducts exported to them from the United States. Banks and a limitednumber of other financial institutions currently enjoy this licenseexception.

- Mass-market hardware and software: Mass-market products which utilizeup to 128-bit key length triple DES should enjoy a license exception.
"The U.S. government should recognize the difficulty of controllingmass-market products once they are allowed to be exported to evenlimited sectors".

The subcommittee also suggests eliminating cumbersome reportingrequirements for manufacturers of encryption products, as well asremoval of source code, cryptographic Application ProgrammingInterfaces and devices such as encrypting routers from the list ofrestricted technologies.

PECSENC Chair William Crowell has said that the Administration willmake further changes to its encryption export policy based on therecommendations sometime in September.



[5] Appellate Brief Challenges Internet Censorship Law


A coalition of cyber-rights groups and Web publishers filed anappellate brief on August 27 supporting a lower court decisionenjoining enforcement of the Child Online Protection Act (COPA). Thecase against COPA -- brought by EPIC, the ACLU and other organizations
-- is now pending before the U.S. Court of Appeals for the ThirdCircuit. The Justice Department initiated the appeals court proceedingin April.

The government's appeal challenges the finding of Judge Lowell A. Reed,
Jr. that the new Internet censorship law would restrict free speech inthe "marketplace of ideas." Judge Reed's February 1 ruling enjoinsenforcement of COPA, the statutory successor to the CommunicationsDecency Act (CDA), which the Supreme Court struck down in June 1997.
The legal challenge to COPA was filed on behalf of 17 organizationspublishing information on the World Wide Web. In granting apreliminary injunction against COPA, the lower court held that theplaintiffs are likely to succeed on their claim that the law "imposesa burden on speech that is protected for adults." The ruling came aftera six-day hearing which featured testimony from website operators whoprovide free information about fine art, news, gay and lesbian issuesand sexual health for women and the disabled, and who all fear thatCOPA would force them to shut down their websites.

In his 49-page opinion, Judge Reed listed 68 separate "findings offact" to support his decision. The judge considered evidence that COPAimposed technological and economic burdens on speakers, but concludedthat ultimately the relevant inquiry is the "burden imposed on theprotected speech, not the pressure placed on the pocketbooks or bottomlines of the plaintiffs."

The full text of the Judge Reed's decision, and complete information onthe legal challenge, is available at:

http://www.epic.org/free_speech/copa/



[6] New Amazon.com Feature Raises Privacy Concerns


On August 20, Amazon.com initiated a new feature on its website --
"purchase circles" -- that lists best sellers organized by geographicarea, companies, or universities. The firm compiled the lists usingaggregate data that it had collected and subsequently displayed withoutthe permission or knowledge of its customers. While Amazon.comintended "purchase circles" to be a fun and innovative feature, manyAmazon customers were surprised and upset to see that their buyinghabits were being collected.

Even though none of the displayed information was individuallyidentifiable, the public reaction to "purchase circles" demonstratesthat consumers are concerned when information is used without theirconsent. Furthermore, the incident highlights the absence of any legalprotections that individuals may have in preventing information frombeing collected or disclosed.

Despite privacy criticisms, Amazon.com initially defended "purchasecircles" and deflected the complaints as an unavoidable result ofimplementing an inventive feature. However, by August 27, Amazon'sdirector of product development responded to the public concern andannounced that "privacy is of utmost importance to our customers and tous." Amazon.com now allows customers to opt-out from having theirbuying information included in future "purchase circles."



[7] EPIC Bookstore - The Tin Drum


The featured item in the EPIC Bookstore this week is the video of thewidely acclaimed Gunter Grass novel "The Tin Drum." The movie depictsthe rise and fall of the Third Reich and won the 1979 Oscar for bestforeign film. It also contains scenes of a sexual nature involvingchildren.

In 1997, police in Oklahoma City, acting without a search warrant orcourt order, seized the video from local video stores. On October 20,
1998, a federal judge in Oklahoma City ruled that the film does notviolate the state's child pornography laws.

Last week an Oklahoma man won a $2,500 judgment when a jury found thatpolice violated his civil rights by obtaining his name from a videoshop where he rented the movie. Michael Camfield was confronted bypolice at his home in 1997 and asked to return the copy of the film.
The jury found that the police violated the Video Privacy ProtectionAct by getting his name from the shop.

Celebrate freedom of speech, the right of privacy, and intellectualfreedom. Purchase the movie today from the EPIC Bookstore.

EPIC Bookstore - The Tin Drum (VHS)

http://www.amazon.com/exec/obidos/ASIN/6304239297/electronicprivacA
EPIC Bookstore - Featured videos
http://www.epic.org/bookstore/films.html
EPIC Bookstore
http://www.epic.org/bookstore


[8] Upcoming Conferences and Events


The 21st International Conference on Privacy and Personal DataProtection. Hong Kong, September 13-14, 1999. A distinguished groupof over 50 speakers/panelists from overseas and Hong Kong will explorethe theme of "Privacy of Personal Data, Information Technology &
Global Business in the Next Millennium."" Sponsored by the Office ofthe Privacy Commissioner for Personal Data in Hong Kong. Contact:
iccasiaonline.net
"A Privacy Agenda for the 21st Century." September 15, 1999. Hong KongConvention and Exhibition Centre, Hong Kong PRC. Contact:
rotenbergepic.org
"Certified Wide Area Road Use Monitoring." September 21-23, 1999.
Albuquerque, New Mexico. Sponsored by the New Mexico State Highway andTransportation Department Research Bureau in cooperation with theUniversity of New Mexico Alliance for Transportation ResearchInstitute. An intensive 2 1/2 day educational and developmentalsymposium on a single rapidly evolving concept in IntelligentTransportation Systems (ITS). For more information:
http://www.unm.edu/~nmtrans/CWARUM-1.html
Final Call for Papers - Fourth Annual Conference on FinancialCryptography '00. Submissions due by September 24, 1999. For moreinformation: http://www.fc00.cs.uwm.edu/esub.html
Information Security Solutions Europe 1999. October 4-6, 1999. MaritimproArte Hotel, Berlin, Germany. For more information:
http://www.eema.org/isse/

The Public Voice in Electronic Commerce. October 11, 1999. Organizationfor Economic Co-operation and Development. Paris, France. Contact:
rotenbergepic.org
The Internet Security Conference (TISC). October 11-15, 1999. BostonWorld Trade Center. Boston, MA. For more information:
http://tisc.corecom.com
Integrating Government with New Technologies '99 Policy vs Technology:
Service Integration in the New Environments - A two-day Seminar andTraining Session. December 13-14, 1999. Government Conference Center.
Ottawa, Canada. For more information: http://www.rileyis.com/seminars
RSA 2000. The ninth annual RSA Data Security Conference and Expo.
January 16-20, 2000. San Jose McEnery Convention Center. San Jose, CA.
For more information: http://www.rsa.com/rsa2000/


Subscription Information


The EPIC Alert is a free biweekly publication of the ElectronicPrivacy Information Center. A Web-based form is available forsubscribing or unsubscribing at:

http://www.epic.org/alert/subscribe.html
To subscribe or unsubscribe using email, send email toepic-newsepic.org with the subject: "subscribe" (no quotes) or"unsubscribe".

Back issues are available at:

http://www.epic.org/alert/


About EPIC


The Electronic Privacy Information Center is a public interestresearch center in Washington, DC. It was established in 1994 to focuspublic attention on emerging privacy issues such as the Clipper Chip,
the Digital Telephony proposal, national ID cards, medical recordprivacy, and the collection and sale of personal information. EPIC issponsored by the Fund for Constitutional Government, a non-profitorganization established in 1974 to protect civil liberties andconstitutional rights. EPIC publishes the EPIC Alert, pursues Freedomof Information Act litigation, and conducts policy research. For moreinformation, e-mail infoepic.org, http://www.epic.org or write EPIC,
666 Pennsylvania Ave., SE, Suite 301, Washington, DC 20003. +1 202 5449240 (tel), +1 202 547 5482 (fax).

If you'd like to support the work of the Electronic Privacy InformationCenter, contributions are welcome and fully tax-deductible. Checksshould be made out to "The Fund for Constitutional Government" and sentto EPIC, 666 Pennsylvania Ave., SE, Suite 301, Washington, DC 20003.

Your contributions will help support Freedom of Information Act andFirst Amendment litigation, strong and effective advocacy for the rightof privacy and efforts to oppose government regulation of encryptionand expanding wiretapping powers.

Thank you for your support.

END EPIC Alert 6.13


.










WorldLII: Copyright Policy | Disclaimers | Privacy Policy | Feedback
URL: http://www.worldlii.org/int/journals/EPICAlert/1999/13.html