You are here:
WorldLII >>
Databases >>
EPIC Alert >>
1999 >>
[1999] EPICAlert 6
Database Search
| Name Search
| Recent Articles
| Noteup
| LawCite
| Help
EPIC Alert 6.06 [1999] EPICAlert 6
EPIC ALERT
Volume 6.06 April 22, 1999
Published by the Electronic Privacy Information Center (EPIC)
Washington, D.C.
http://www.epic.org
Table of Contents
[1] FTC Proposes Rules for Kids' Privacy Protection
[2] Encryption Bill Introduced in Senate
[3] Know Your Passenger: FAA Introduces New Screening Rules
[4] Online Anonymity Under Attack in the Courts
[5] Justice Department Appeals Internet Censorship Ruling
[6] "Orwell Awards" Presented to Biggest U.S. Privacy Invaders
[7] EPIC Bill-Track: New Bills in Congress
[8] Upcoming Conferences and Events
[1] FTC Proposes Rules for Kids' Privacy Protection
The Federal Trade Commission issued proposed rules on April 20designed to protect the privacy of children on the Internet. Theproposed
rules, which would apply to certain commercial websites, isthe FTC's first step in the implementation of the Children's OnlinePrivacy
Protection Act, which Congress enacted last October. Theintended goal of the statute is to put parents in control ofinformation
collected online from children under 13.
"Protecting kids who surf the Internet has been a top priority of theCommission's online privacy initiative," said FTC Chairman RobertPitofsky.
"This proposed rule aims to achieve that goal by puttingparents in control of personal information that is collected fromtheir children
on the Web. The proposed rule also providesflexibility to accommodate varied business practices and the fast paceof technological
change."
The proposed FTC rules, which are subject to public comment, apply tocommercial websites directed to, or that knowingly collect informationfrom,
children under 13. With certain exceptions, these sites wouldhave to obtain parental consent before collecting, using, ordisclosing
personal information from children. To inform parents oftheir information practices, these sites also would be required toprovide
notice on the site and to parents about their policies withrespect to the collection, use and disclosure of children's personalinformation.
Under the proposed rules, sites must give parents a choice as towhether their child's information can be disclosed to third parties,
and give parents a chance to prevent further use or future collectionof personal information from their child. Parents must also,
uponrequest, be given access to the personal information collected fromtheir child and a means of reviewing that information.
Written comments on the proposed rules will be accepted until June 11,
1999. Comments may be submitted by e-mail to KidsRuleftc.gov.
More information on children's privacy, including the text of theproposed FTC rules, is available at:
http://www.epic.org/privacy/kids/
[2] Encryption Bill Introduced in Senate
Senator John McCain (R-AZ) on April 14 introduced the Promote ReliableOn-Line Transactions to Encourage Commerce and Trade (PROTECT)
Act of1999 (S.798), which is designed to promote international electroniccommerce and limit the power of the federal government to
mandateencryption requirements for the domestic market. The bill prohibitsmandatory access to encryption keys or key recovery information
by theUnited States government or the government of any state. The billwould also permit the export of unlimited strength encryption
tomembers of NATO, the Organization for Economic Cooperation andDevelopment (OECD), and the Association of Southeast Asian Nations(ASEAN).
Exports to other nations would limited to strengths of64-bits.
The bill would require the National Institute of Standards andTechnology (NIST) to complete work on the Advanced Encryption Standard(AES)
by January 1, 2002. It further stipulates that productsadhering to the standard will be permitted to be exported "consistentwith
the national security requirements of the United States." ThePROTECT Act also establishes an Encryption Export Advisory Board whichwould
periodically determine the availability of various encryptionproducts abroad and make necessary recommendations to the Secretary
ofCommerce to amend export regulations on encryption.
Notably, the bill does not include a criminalization provision likethe one included in the SAFE Act currently pending in the House
ofRepresentatives. That provision would create a new federal crime forthe use of encryption in the commission of a felony.
The introduction of the legislation is also significant because itappears to signal a change in Sen. McCain's position on the encryptionissue.
As Chairman of the Senate Commerce Committee, Sen. McCain hasin the past opposed any liberalization of existing encryption policy.
Additional information on encryption, including the text of thePROTECT Act, is available at:
http://www.epic.org/crypto/
[3] Know Your Passenger: FAA Introduces New Screening Rules
The Federal Aviation Administration proposed new rules on April 20 forincreasing airline security by requiring that all airlines conductcomputerized
profiling of all passengers on domestic flights. The newprogram, called Computer Assisted Passenger Screening (CAPS), woulduse data
from airline computers and secret profiling standards toselect passengers for additional questioning and searches.
Under the new rules, airlines would select passengers for increasedscrutiny based on internal profiling standards. They would alsorandomly
select some passengers for the "deterrent value that wouldincrease airline passenger safety." The FAA funded the program,
paying the carriers over $10 million to develop CAPS. The new rules'
details on who would be targeted by the automated systems are notrevealed for security reasons. However, the Department of Justice
hasdetermined that the rules raise no civil liberties concerns.
The rules are based on the recommendations of the White HouseCommissioner on Aviation Safety and Security, led by Vice PresidentAl
Gore. The Gore Commission issued its report in 1997 and wascriticized by a coalition of groups for its intrusive proposals. Theproposed
rules recognize that there have been few actual incidents ofthe sort that CAPS seeks to address (the only one reported was in1979),
but links unrelated occurrences such as the World Trade Centerbombing and the accidental crash of TWA Flight 800 as justificationfor
the stringent new procedures. The FAA estimates that it will costbetween $50 million and $70 million to implement the program, whichwill
be paid by the airlines and presumably passed onto passengers.
Comments are due on the proposal by June 18, 1999. They can bee-mailed to 9-NPRM-CMTSfaa.gov. More information on the proposedrules,
airline security and privacy issues is available at:
http://www.epic.org/privacy/faa/
[4] Online Anonymity Under Attack in the Courts
Several recent court cases around the country highlight anincreasingly popular litigation tactic: the use of civil discovery tounmask
the identities of anonymous Internet posters. In the last fewmonths, a growing number of corporations have issued subpoenas toInternet
service providers (ISPs) and operators of online messageboards seeking to identify and locate individuals who posted materialthat
the companies, for one reason or another, find objectionable.
Brian Payea, a spokesman for Lycos, recently told Salon Magazine thatthe firm receives subpoenas on "pretty close to a regular basis."
Theunderlying allegations in these cases include defamation, misappropri-
ation of trade secrets and securities law violations. Many observersworry, however, that the legal tactic can easily be used to intimidatepotential
critics into silence and destroy the anonymity that hascontributed to the Internet's explosive growth.
The recent cases, which include actions filed by Raytheon, Shoney'sand Wade Cooke Financial, raise serious issues concerning the rightsof
anonymous Internet users and the procedural protections they shouldbe entitled to before their identities are disclosed. At present,
there is no legal guidance in this area. The federal ElectronicCommunications Privacy Act (ECPA) doesn't even require the issuance
ofsubpoenas when a private party seeks a subscriber's identity from anISP; only government agencies are required to present a legal
demandfor such information. While many service providers (such as AmericaOnline) provide in their terms of service that they will
not disclosesubscriber information to private parties without a subpoena, most arenot obligated to notify a subscriber that a subpoenas
has beenreceived. Even when the subscriber is notified of a pending demandfor identifying information, there are no established
judicialprocedures that would enable "John Doe" to argue in support of hisanonymity.
While many of the pending cases involve serious charges of allegedwrongdoing, there is no mechanism currently in place to distinguishbetween
someone who is hiding behind their anonymity to commit a crimeor other wrongful act, and someone who is, for instance, shieldingtheir
identity for whistle-blowing purposes or to communicateanonymously in an HIV-support group or on a message board for batteredwomen.
Until the courts or Congress establish basic ground rules forthese cases, the number of subpoenas -- legitimate and otherwise --
is likely to increase.
[5] Justice Department Appeals Internet Censorship Ruling
The U.S. Department of Justice on April 2 appealed a lower courtdecision enjoining enforcement of the Child Online Protection Act(COPA).
The case against COPA -- brought by EPIC, the ACLU and otherorganizations -- now moves to the U.S. Court of Appeals for the ThirdCircuit.
Appellate briefs are likely to be filed sometime thissummer.
The government appeal will challenge the finding of Judge Lowell A.
Reed, Jr. that the new Internet censorship law would restrict freespeech in the "marketplace of ideas." Judge Reed's February 1 rulingenjoins
enforcement of COPA, the statutory successor to theCommunications Decency Act (CDA), which the Supreme Court struck downin June 1997.
The legal challenge to COPA was filed on behalf of 17organizations publishing information on the World Wide Web. Ingranting a preliminary
injunction against COPA, the court held thatthe plaintiffs are likely to succeed on their claim that the law"imposes a burden on
speech that is protected for adults." The rulingcame after a six-day hearing which featured testimony from websiteoperators who
provide free information about fine art, news, gay andlesbian issues and sexual health for women and the disabled, and whoall fear
that COPA would force them to shut down their websites.
In his 49-page opinion, Judge Reed listed 68 separate "findings offact" to support his decision. The judge considered evidence thatCOPA
imposed technological and economic burdens on speakers, butconcluded that ultimately the relevant inquiry is the "burden imposedon
the protected speech, not the pressure placed on the pocketbooks orbottom lines of the plaintiffs."
The full text of the Judge Reed's decision, and complete informationon the legal challenge, is available at:
http://www.epic.org/free_speech/copa/
[6] "Orwell Awards" Presented to Biggest U.S. Privacy Invaders
Privacy International presented its first Orwell Awards on April 7 tothe worst corporate and government privacy invaders in the UnitedStates.
Privacy International's Director, Simon Davies, said theawards were designed to raise awareness of the erosion of privacyrights
in the U.S. "Surveillance over our private lives has reached adangerous new level. It's time to turn the spotlight around and shineit
on the invaders." The awards were presented at the Computers,
Freedom and Privacy (CFP99) conference in Washington, DC.
A total of five awards were announced, but most recipients were not onhand to receive them. The winner in the "Worst Public Official"
category was Rep. Bill McCollum (R-FL) for his numerous activities inCongress opposing privacy, including pushing through a law increasingwiretapping
approved last year, several bills promoting the creationof a national ID card, opposition to efforts to improve financialprivacy,
and his recent efforts to amend the SAFE encryption bill tomandate key escrow. Runners-up were New York Mayor Rudolph Giuliani(for
his suggestion to take DNA samples of all children at birth) andAmbassador David Aaron and White House Advisor Ira Magaziner (fortheir
travels around the world promoting encryption restrictions andopposing privacy laws).
The Federal Depository Insurance Corporation received the award for"Most Invasive Proposal" for its "Know Your Customer" proposal
(seeEPIC Alert 6.05). The runners-up were the Communications Assistancefor Law Enforcement Act (CALEA) and the FAA's Airline ID
Program. The"Greatest Corporate Invader" award went to Elensys Inc., a Woburn,
Massachusetts company that has secretly collected the pharmacy recordsof millions of consumers from 15,000 pharmacies nationwide.
Therunners-up were Intel for the Pentium III Processor Serial Number(designed to identify and track users) and ImageData for its
attemptsto create a national database of drivers license photographs.
The "Lifetime Menace" award went to the Federal Bureau ofInvestigation for its activities over the past 80 years, includingCALEA,
COINTELPRO, and its efforts on information warfare. Runners-upwere the Direct Marketing Association, the National Security Agency,
and credit bureau TransUnion Corp. Finally, Microsoft Corp. receivedthe "People's Choice" award for the Global User ID Number, OpenProfiling
System, and the proposed P3P standard. The other candidateswere Intel, President Clinton and Special Prosecutor Kenneth Starr.
Two "Brandeis" Awards were presented to individuals who have made anoutstanding contribution to the protection of privacy, as well
as tovictims of privacy invasion who have successfully fought back. PhilZimmermann, author of the encryption program Pretty Good
Privacy, andDiana Mey, a West Virginia housewife who successfully took on Searstelemarketers, were the recipients this year.
More information on the awards can be found at:
http://www.bigbrotherawards.org/
[7] EPIC Bill-Track: New Bills in Congress
*House*
H.R. 1345. Eliminates requirement that states collect SSNs forrecreational licenses. Introduced by Obey (D-WI). Referred to theCommittee
on Ways and Means.
H.R. 1426. Money Laundering Prevention Act of 1999. Expands rules onmoney laundering. Requires banks to better identify account holders.
Introduced by Waters (D-CA). Referred to the Committee on Banking andFinancial Services.
H.R. 1450. Personal Information Privacy Act of 1999. Limits sale ofcredit information, SSNs, drivers photographs. Introduced by RepKleczka,
Gerald D. (D-WI). Referred to the Committee on Ways andMeans, and in addition to the Committees on Banking and FinancialServices,
and the Judiciary.
H.R. 1471. Money Laundering Prevention Act of 1999. Expands rules onmoney laundering. Requires banks to better identify account holders.
Introduced by Waters (D-CA). Referred to the Committee on Banking andFinancial Services.
*Senate*
S. 753. Financial Services Act of 1999. Prohibits obtaining financialinformation under false pretenses. Requires FTC to issue interimreport
on consumer privacy. Exempts law enforcement & financialinstitutions. Sponsor Sen Daschle, Thomas A. (D-ND). Referred to theCommittee
on Banking.
S. 759. Inbox Privacy Act of 1999. Anti-spam bill. Sponsor SenMurkowski, Frank H. (R-AS). Referred to the Committee on Commerce.
S. 781. Telephone Privacy Act of 1999. Requires 2 party consent forrecording telephone calls. Sponsor: Sen Feinstein, Dianne (D-CA).
Referred to the Committee on the Judiciary.
S. 782. Patients' Telephone Privacy Act of 1999. Limits health careproviders recording of patients phone calls. Sponsor: Sen Feinstein,
Dianne (D-CA). Referred to the Committee on the Judiciary.
S. 798. Promote Reliable On-Line Transactions to Encourage Commerceand Trade (PROTECT) Act of 1999. Slightly relaxes export controls
oncryptography. Sponsor Sen McCain, John (R-AZ). Referred to theCommittee on Commerce.
S. 800. Wireless Communications and Public Safety Act of 1999. Limitsuse of cellular location information for non-safety emergency
uses.
Sponsor: Sen Burns, Conrad R (R-MT). Referred to the Committee onCommerce, Science, and Transportation.
S. 809. Online Privacy Protection Act of 1999. Requires FTC to setrules on collection of personal information by online services and
webpages. Creates broad safe harbor protections for industry. Sponsor:
Sen Burns, Conrad R. (R-MT). Referred to the Committee on Commerce,
Science, and Transportation .
[8] Upcoming Conferences and Events
Encryption Controls Workshop. May 13, 1999. Raleigh, NC. Sponsored bythe U.S. Dep't of Commerce. Contact: (202) 482-6031
INET 99. San Jose, Calif., June 22-25, 1999. Sponsored by theInternet Society. Contact: http://www.isoc.org/inet99/
Subscription Information
The EPIC Alert is a free biweekly publication of the Electronic PrivacyInformation Center. A Web-based form is available for subscribing
orunsubscribing at:
http://www.epic.org/alert/subscribe.html
To subscribe or unsubscribe using email, send email toepic-newsepic.org with the subject: "subscribe" (no quotes) or"unsubscribe".
Back issues are available at:
http://www.epic.org/alert/
About EPIC
The Electronic Privacy Information Center is a public interest researchcenter in Washington, DC. It was established in 1994 to focus
publicattention on emerging privacy issues such as the Clipper Chip, theDigital Telephony proposal, national ID cards, medical record
privacy,
and the collection and sale of personal information. EPIC is sponsoredby the Fund for Constitutional Government, a non-profit organizationestablished
in 1974 to protect civil liberties and constitutionalrights. EPIC publishes the EPIC Alert, pursues Freedom of InformationAct litigation,
and conducts policy research. For more information,
e-mail infoepic.org, http://www.epic.org or write EPIC, 666Pennsylvania Ave., SE, Suite 301, Washington, DC 20003. +1 202 544 9240(tel),
+1 202 547 5482 (fax).
If you'd like to support the work of the Electronic Privacy InformationCenter, contributions are welcome and fully tax-deductible.
Checksshould be made out to "The Fund for Constitutional Government" and sentto EPIC, 666 Pennsylvania Ave., SE, Suite 301, Washington,
DC 20003.
Your contributions will help support Freedom of Information Act andFirst Amendment litigation, strong and effective advocacy for the rightof privacy and efforts to oppose government regulation
of encryption andexpanding wiretapping powers.
Thank you for your support.
END EPIC Alert 6.06
.
WorldLII:
Copyright Policy
|
Disclaimers
|
Privacy Policy
|
Feedback
URL: http://www.worldlii.org/int/journals/EPICAlert/1999/6.html
