You are here:
WorldLII >>
Databases >>
EPIC Alert >>
1999 >>
[1999] EPICAlert 15
Database Search
| Name Search
| Recent Articles
| Noteup
| LawCite
| Help
EPIC Alert 6.15 [1999] EPICAlert 15
EPIC ALERT
Volume 6.15 September 23, 1999
Published by the Electronic Privacy Information Center (EPIC)
Washington, D.C.
http://www.epic.org
Table of Contents
[1] Impact of New Encryption Policy Remains Unclear
[2] Privacy Agenda for the 21st Century Announced
[3] Report Slams Privacy Policies; Poll Finds Privacy is Top Concern
[4] Internet Filtering Debate Resumes in Congress
[5] "Public Voice in Electronic Commerce" Conference
[6] Provision Repealing National Driver's Licenses In Final Stages
[7] EPIC Bookstore - The Code Book and More
[8] Upcoming Conferences and Events
NOTE TO SUBSCRIBERS: A listserv problem has resulted in duplicate copies of recent Alerts being sent to some recipients. We
are aware of the problem and apologize for any inconvenience. Your patience is appreciated as we continue to diagnose the listserv.
[1] Impact of New Encryption Policy Remains Unclear
On September 16, the Clinton Administration unveiled a new encryptionpolicy initiative. The White House's revised approach seems
torecognize the futility of seeking to prevent the spread of privacy-
enhancing technologies, and shifts the emphasis to monitoring theexports of encryption products and developing "new tools" to countertheir
use. It remains unclear whether the revised policy willactually enhance the privacy of most computer users.
On the export control front, the Administration will draft newencryption export regulations that will "strike a balance" between theneeds
of industry and law enforcement. According to the White House,
the new rules -- due to be released by December 15 -- will constitutea significant liberalization of the export process. Any "retail"
encryption commodity or software reportedly will be exportable withouta license (after a "technical review") to commercial firms and
othernongovernment end users in any country except for seven statesdesignated as supporters of terrorism. The standards governing
therequired technical review have not yet been announced. TheAdministration's policy on export of encryption source code apparentlyhas
not changed, so that academic exchanges such as those at issue inthe pending Bernstein v. Department of Justice litigation (see EPICAlert
6.07) would still be subject to government approval prior toexport.
Coupled with the export revisions is new legislation that wouldprovide a legal framework for law enforcement access to decryptionkeys;
provide $80 million in funding for an FBI Technical SupportCenter; and protect the confidentiality of decryption techniquesdeveloped
cooperatively by government and industry. Under the latterprovision, law enforcement agents presenting "plaintext" evidencewould
be exempted from routine requirements of criminal procedure thatpermit a defendant to explore the means by which evidence wasobtained.
The proposal would also prohibit the government fromdisclosing "trade secrets disclosed to it [presumably by encryptionmanufacturers]
to assist it in obtaining access to informationprotected by encryption." The legislative vehicle for theseinitiatives -- the Cyberspace
Electronic Security Act -- will soon betransmitted to Congress. It does not include a highly controversialprovision contained in
an earlier White House draft that would haveauthorized secret police break-ins to alter computer equipment.
EPIC believes that more details of the new encryption policy must bereleased before its impact on user privacy can be fully assessed.
EPICwill closely monitor the process of implementing the newly- announcedinitiative, particularly the promulgation of the revised
exportcontrol regulations and the development of special sensitivetechniques to be used to extract plaintext from encryption productsand
services.
The details of the White House announcement, including the text of theCyberspace Electronic Security Act and other documents released
by theAdministration, are available at:
http://www.epic.org/crypto/announce_9_16.html
[2] Privacy Agenda for the 21st Century Announced
Supporters of privacy from around the world recently gathered in HongKong for the 1999 Privacy Agenda Conference. At the conference,
representatives from an international group of non-governmentalorganizations issued a declaration supporting strong privacyprotections
and continued vigilance against privacy abuses.
The meeting of NGOs from around the world took place as dataprotection commissioners were meeting to review new threats to privacyand
new opportunities for privacy protection. Earlier in the week,
Consumer International President Pamela Chan said that governmentsshould conduct research on the potential for abuse in the way Internettransactions
are carried out. She also urged the adoption of newsafeguards to protect the privacy of individuals.
Privacy International Director Simon Davies said, "We plan to goforward with an aggressive campaign to protect the right of privacyand
to stand against all who would undermine this critical freedom."
Marc Rotenberg, director of the Electronic Privacy Information Center,
said that national government must continue to listen to the "publicvoice" as they go forward with policies for the Internet. "Privacy
andthe protection of consumer interests remain a central concern for theInternet economy."
Participants in the Privacy Agenda conference included representativesfrom Australia, Canada, Denmark, Italy, Hong Kong SAR, Japan,
Malaysia, the Netherlands, New Zealand, Thailand, the United Kingdom,
and the United States.
"A Privacy Agenda for the 21st Century"
http://www.epic.org/events/privacyagenda/declaration.htm
1999 Privacy Agenda Conference http://www.epic.org/events/privacyagenda/
EPIC and PI, "Privacy & Human Rights: An International Survey of Privacy Laws and Developments"
http://www.epic.org/privacy&humanrights99/
[3] Report Slams Privacy Policies; Poll Finds Privacy is Top Concern
According to a recent article in E-Commerce Times, a new report byForrester Research, Inc., finds that 90 percent of Web sites fail
tocomply with basic privacy principles. The report strongly contradictsthe findings of the Federal Trade Commission, which recently
toldCongress that industry self-policing is working. "The vast majorityof such policies, like those of the Gap, Macy's and JC Penney,
usevague terms and legalese that serve to protect companies and notindividuals."
The report also notes that "clever interactive tools such asReel.com's Mood Matcher -- which helps customers find movies based ontheir
moods -- and PlanetRx's personalized prescription filler make itpossible for companies to collect "highly intrusive psychographic
datathat individuals would rarely provide on a standard registrationform."
The report suggests that the FTC, rather than producing reassuringmessages to the industry, should push companies to take bigger andfaster
strides towards complying with already established privacyprinciples. Forrester also suggests that companies should be requiredto
make customer profiles available to users, including all partieswith whom data is shared, and provide the ability for customers tocontrol
who the information is shared with and the option to removethemselves from lists. Finally, the report says that "becauseindependent
privacy groups like TRUSTe and BBBOnline earn their moneyfrom e-commerce organizations, they become more of a privacy advocatefor
the industry -- rather than for consumers. The FTC should callfor a consumer-based organization to provide principles and redress."
Meanwhile, a Wall Street Journal/NBC News polls finds that the loss ofpersonal privacy is the Number One concern of Americans as thetwenty-first
century approaches. When asked what concerns them themost about the next century, twenty-nine percent of respondentsanswered the
"loss of personal privacy." Overpopulation and terroristacts on U.S. soil followed at twenty-three percent, racial tensions atseventeen
percent, world war at sixteen percent, and global warming atfourteen percent.
The Wall Street Journal/NBC News poll was based on nationwidetelephone interviews of 2,025 adults, by the polling organizations ofPeter
Hart and Robert Teeter.
"Report Labels Internet Privacy Policies 'A Joke'"
http://www.ecommercetimes.com/news/articles/990916-3.shtml
Forrester Research Inc. http://www.forrester.com/
Wall Street Journal http://www.wsj.com
[4] Internet Filtering Debate Resumes in Congress
Congress' move towards mandatory Internet filtering for schools andlibraries is likely to resume next week, as Senate and House confereeson
juvenile justice legislation are expected to consider the issue.
The House-approved version of the legislation would mandate thatpublic schools and libraries receiving "E-Rate" universal servicefunds
purchase and use Internet filtering software to regulate accessby minors. The Senate did not include such a provision in its versionof
the massive juvenile justice bill and the conferees must decidewhether to retain the mandate in the final, consensus measure.
Although not included in the Senate's juvenile justice package, theissue has been addressed by the Senate Commerce Committee. On
June23, the committee approved Sen. John McCain's (R-AZ) Children'sInternet Protection Act (S.97). That action came over the objectionsof
leading education, library and civil liberties groups, which arguedthat the legislation would impose a costly unfunded requirement
andignore a variety of alternative approaches being taken in localitiesaround the country.
The juvenile justice conferees will consider language included in theHouse bill that would require schools and libraries to certify
thatthey have selected and installed "a technology for computers withInternet access to filter or block . . . materials deemed to
beharmful to minors." It further provides that "the determination ofwhat material is to be deemed harmful to minors shall be made
by theschool, school board, library or other [local] authority," and not thefederal government. While the latter provision
was included tocounter concerns over the creation of a national standard for Internetcontent, it amounts to a federal mandate requiring
local censorshipdecisions. Such local actions have already been challenged in thecourts, including a case in which the Loudoun County,
Virginialibraries were ordered to remove filtering software from theircomputers (see EPIC Alert 5.18).
More information on mandatory Internet filtering is available at thewebsite of the Internet Free Expression Alliance:
http://www.ifea.net/
[5] "Public Voice in Electronic Commerce" Conference
The 3rd Trade-Union/NGO Public Voice conference, "The Public Voice inElectronic Commerce," will be held at the Organization for EconomicCooperation
and Development (OECD) in Paris, on October 11th, 1999.
The conference seeks to inject the concerns of consumers andindividuals into the ongoing development of international e-commercepolicy.
The conference program includes four panels, on the following topics:
1. Protecting consumer rights in electronic commerce 2. Privacy and personal data protection 3. Access as the key for
development 4. Internet, the Future of Work, and Quality of Life
Two Global Internet Liberty Campaign (GILC) member organizations,
Imaginons un R#233#seau Internet Solidaire (IRIS) and the ElectronicPrivacy Information Center (EPIC) are organizing the 3rd Public
Voiceconference, in conjunction with the OECD Forum on Electronic Commerce(October 12-13, 1999).
"The Public Voice in Electronic Commerce" will be hosted by TUAC(Trade-Union Advisory Committee) and is sponsored by the GlobalInternet
Liberty Campaign, with the help of TACD (TransatlanticConsumer Dialogue).
For more detailed information about the program and registration,
please see:
http://www.thepublicvoice.org or
http://www.iris.sgdg.org/actions/publicvoice99
[6] Provision Repealing National Driver's Licenses In Final Stages
The pending Transportation Appropriations bill contains an amendmentthat could repeal a federal law requiring National Driver's Licenses.
National Driver's Licenses, so-called because of a requirement toinclude a Social Security number (SSN) on all state-issued driver'slicenses,
were initially introduced by Section 656(b) of the IllegalImmigration Reform and Immigrant Responsibility Act of 1996. Intendedto
weed out illegal immigrants -- who do not possess SSNs -- fromusing false driver's licenses as identification, the inclusion of SSNson
all driver's licenses could undermine privacy and increase fraud.
Social Security numbers, once actually used simply for distribution ofsocial security benefits, have become a widespread, unalterablepersonal
identifier. While someone may change their name, address, orjob, it is impossible to get a new SSN. For decades, the numbers havebeen
used by the government to keep track of citizens and theirinformation. In the private realm, SSNs are often used as passwordsand/or
identification for credit information, school records, andmedical histories.
Any widespread dissemination of SSNs on a commonly displayedidentification such as a driver's license increases the risk of fraudand
invasion of privacy. Privacy advocates have long argued that thenumber's use should be restricted to situations where it is the
onlysuitable piece of identification. With respect to the identificationof illegal immigrants, there are no less than twenty-six
other formsof documentation that available to the Immigration and NaturalizationService (INS).
For further comment on implementation of a national driver's licenseplease see:
http://www.epic.org/privacy/id_cards/epic-dot-898.html
[7] EPIC Bookstore - The Code Book and More
The Code Book : The Evolution of Secrecy from Mary, Queen of Scots toQuantum Cryptography by Simon Singh
http://www.amazon.com/exec/obidos/ISBN=0385495315/electronicprivacA
"For millennia, secret writing was the domain of spies, diplomats,
and generals; with the advent of the Internet, it has become the concern of the public and businesses. One cyber-libertarian responded
with the freeware encryption program Pretty Good Privacy (PGP), and Singh similarly meets a sharpening public curiosity about how
codes work.[. . .] Beginning with such simple ideas as monoalphabetic substitution, which can protect the communications
of a boy's treehouse club but not much more, Singh underscores with stories how codemakers and codebreakers have battled each other
throughout history. A tool called frequency analysis easily defeats the monoalphabetic cipher, and encryptors over time have added
the Vigenere square, cipher disks, one-time pads, and public-key cryptography that underlies PGP. But each security strategy, Singh
explains, contains some vulnerability that the clever code cracker can exploit, an opaque process the author splendidly illuminates.
Instances of successful decipherment, as of Egyptian hieroglyphics or the German Enigma cipher system in World War II, combine with
Singh's sketches of the mathematicians who have advanced the art of secrecy, from Julius Caesar to Alan Turing to contemporary mathematicians,
resulting in a wonderfully understandable survey."
-- Gilbert Taylor, Booklist
Also available from the EPIC Bookstore:
"The Privacy Law Sourcebook: United States Law, International Law, andRecent Developments," Marc Rotenberg, editor (EPIC 1999). Price:
$50.
http://www.epic.org/pls/
The "Physicians Desk Reference of the privacy world." An invaluableresource for students, attorneys, researchers and journalists who
needan up-to-date collection of US and International privacy law, as wellas a comprehensive listing of privacy resources.
"Filters and Freedom - Free Speech Perspectives on Internet ContentControls," David Sobel, editor (EPIC 1999). Price: $20.
http://www.epic.org/filters&freedom/
A collection of essays, studies, and critiques of Internet contentfiltering. These papers are instrumental in explaining why filteringthreatens
free expression.
"Cryptography and Liberty: An International Survey of CryptographyPolicy" Wayne Madsen and David Banisar, editors, (EPIC 1999). Price:
$15.
http://www.epic.org/cryptobook99/
An international survey of encryption policies around the world.
Survey results show that in the vast majority of countries,
cryptography may be freely used, manufactured, and sold withoutrestriction, with the U.S. being a notable exception.
"Privacy and Human Rights 1999: An International Survey of PrivacyLaws and Developments" David Banisar, Simon Davies, editors, (EPIC1999).
Price: $15.
http://www.epic.org/privacy&humanrights99/
An international survey of the privacy and data protection laws foundin 50 countries around the globe. This report outlines theconstitutional
and legal conditions of privacy protection, andsummarizes important issues and events relating to privacy andsurveillance.
Additional titles on privacy, open government, free expression,
computer security, and crypto, as well as films and DVDs can beordered through the EPIC Bookstore:
http://www.epic.org/bookstore/
[8] Upcoming Conferences and Events
Information Security Solutions Europe 1999. October 4-6, 1999. MaritimproArte Hotel. Berlin, Germany. For more information:
http://www.eema.org/isse/
The Public Voice in Electronic Commerce. October 11, 1999.
Organization for Economic Co-operation and Development. Paris, France.
For more information: http://www.thepublicvoice.org
The Internet Security Conference (TISC). October 11-15, 1999. BostonWorld Trade Center. Boston, MA. For more information:
http://tisc.corecom.com
Public Workshop on "Online Profiling" -- November 8, 1999. NationalTelecommunications and Information Administration, Commerce and
FederalTrade Commission. Submissions and requests to participate due October18, 1999. For more information:
http://www.ntia.doc.gov/ntiahome/privacy/index.html
The 1999 BNA Public Policy Forum: E-Commerce and Internet Regulation.
November 15, 1999. Mayflower Hotel. Washington, D.C. For moreinformation: http://internetconference.pf.com/
Annual Computer Security Applications Conference: Practical Solutionsto Real Security Problems. December 6-10, 1999. Radisson ResortScottsdale.
Phoenix, Arizona. For more information:
http://www.acsac.org/
Integrating Government with New Technologies '99 Policy vs Technology:
Service Integration in the New Environments - A two-day Seminar andTraining Session. December 13-14, 1999. Government Conference Center.
Ottawa, Canada. For more information: http://www.rileyis.com/seminars
Surveillance Expo '99. December 13-15, 1999. Doubletree Hotel. CrystalCity, Virginia. For more information: http://www.rosseng.com
PEN/Newman's Own Eighth Annual First Amendment Award. Nominations dueDecember 31, 1999. For more information: http://www.pen.org
RSA 2000. The ninth annual RSA Data Security Conference and Expo.
January 16-20, 2000. San Jose McEnery Convention Center. San Jose, CA.
For more information: http://www.rsa.com/rsa2000/
Subscription Information
The EPIC Alert is a free biweekly publication of the ElectronicPrivacy Information Center. A Web-based form is available forsubscribing
or unsubscribing at:
http://www.epic.org/alert/subscribe.html
To subscribe or unsubscribe using email, send email toepic-newsepic.org with the subject: "subscribe" (no quotes) or"unsubscribe".
Back issues are available at:
http://www.epic.org/alert/
About EPIC
The Electronic Privacy Information Center is a public interestresearch center in Washington, DC. It was established in 1994 to focuspublic
attention on emerging privacy issues such as the Clipper Chip,
the Digital Telephony proposal, national ID cards, medical recordprivacy, and the collection and sale of personal information. EPIC
issponsored by the Fund for Constitutional Government, a non-profitorganization established in 1974 to protect civil liberties andconstitutional
rights. EPIC publishes the EPIC Alert, pursues Freedomof Information Act litigation, and conducts policy research. For moreinformation, e-mail infoepic.org, http://www.epic.org or write EPIC,
666 Pennsylvania Ave., SE, Suite 301, Washington, DC 20003. +1 202 5449240 (tel), +1 202 547 5482 (fax).
If you'd like to support the work of the Electronic Privacy InformationCenter, contributions are welcome and fully tax-deductible.
Checksshould be made out to "The Fund for Constitutional Government" and sentto EPIC, 666 Pennsylvania Ave., SE, Suite 301, Washington,
DC 20003.
Your contributions will help support Freedom of Information Act andFirst Amendment litigation, strong and effective advocacy for the rightof privacy and efforts to oppose government regulation
of encryptionand expanding wiretapping powers.
Thank you for your support.
END EPIC Alert 6.15
.
WorldLII:
Copyright Policy
|
Disclaimers
|
Privacy Policy
|
Feedback
URL: http://www.worldlii.org/int/journals/EPICAlert/1999/15.html
