You are here:
WorldLII >>
Databases >>
EPIC Alert >>
2000 >>
[2000] EPICAlert 21
Database Search
| Name Search
| Recent Articles
| Noteup
| LawCite
| Help
EPIC Alert 7.21 [2000] EPICAlert 21
EPIC ALERT
Volume 7.21 November 30, 2000
Published by the Electronic Privacy Information Center (EPIC)
Washington, D.C.
http://www.epic.org/alert/EPIC_Alert_7.21.html
Table of Contents
[1] Senate Judiciary Committee Presses FBI on Carnivore
[2] Court Protects Anonymity of "John Doe" Posters
[3] Council of Europe Releases Revised Cyber-Crime Proposal
[4] Supreme Court Issues Decision on Indiana Police Roadblocks
[5] ICANN Selects Seven New Top-Level Domains
[6] U.S. Courts Seek Comment on Privacy of Court Documents
[7] EPIC Bookstore - The Consumer Law Sourcebook 2000
[8] Upcoming Conferences and Events
[1] Senate Judiciary Committee Presses FBI on Carnivore
Citing an internal FBI document released to EPIC through a Freedom ofInformation Act (FOIA) lawsuit, the Senate Judiciary Committee
hasasked the Bureau to provide additional information on the capabilitiesof the Carnivore Internet surveillance system. The document,
obtainedby EPIC on November 16, reports the results of an FBI test showingthat Carnivore "could reliably capture and archive all
unfilteredtraffic" transmitted through an Internet service provider and storethe communications on a hard drive or removable disks.
In a November 21 letter to FBI Director Louis Freeh, CommitteeChairman Orrin Hatch (R-UT) and ranking member Patrick Leahy (D-VT)
ask the Bureau to "explain why Carnivore was tested to determine if itwas capable of intercepting and archiving unfiltered traffic
throughan ISP, whether Carnivore in fact has that capability, and under whatcircumstances it could ever be legitimately used to draw
on thatcapability." They also request "complete and unredacted copies of thedocuments produced thus far in response to the FOIA
lawsuit togetherwith any other documents related to Carnivore's capability tointercept and archive unfiltered traffic." The FBI's
public defenseof Carnivore has centered on the claim that the system only capturestraffic that has been isolated by a software filter
that "minimizes"
collection and limits it to the particular information authorized forseizure in a court order.
Hatch and Leahy told Freeh that "[s]kepticism about Carnivore is basedprecisely on concerns about this program's capability
and whether thiscapability would be exploited to do more than just intercept narrowlytargeted pieces of information."
In other developments, an independent technical review of Carnivorereleased on November 21 found that FBI agents operating the system
caninadvertently collect more private communications than permitted bylaw, underscoring the potential dangers of the invasive technology.
The reviewers also reported that they "did not find adequateprovisions (e.g. audit trails) for establishing individualaccountability
for actions taken during use of Carnivore." The reportwas produced by a review team from the Illinois Institute ofTechnology and
was sanitized for release by Justice Departmentofficials. The Department has set a deadline of December 1 for thesubmission of public
comments on the technical review.
Selected Carnivore documents released as part of EPIC's FOIA lawsuitare available at:
http://www.epic.org/privacy/carnivore/foia_documents.html
The Carnivore review report is available at:
http://www.usdoj.gov/jmd/publications/carniv_entry.htm
[2] Court Protects Anonymity of "John Doe" Posters
In a significant decision concerning anonymity on the Internet, a NewJersey state court judge has ruled that a software company is
notentitled to learn the identities of two "John Doe" defendants whoanonymously posted critical comments on a Yahoo message board.
It isthe first known judicial decision denying the identification of suchdefendants.
In a 22-page opinion released on November 28, Judge Kenneth MacKenzieupheld the anonymity of the two posters but ruled that DendriteInternational
can subpoena Yahoo for the identities of two otherposters who did not challenge the subpoenas. Dendrite had allegedthat some of
the messages posted by the four "John Does" containedproprietary and confidential information, and that some of thestatements were
defamatory. Judge MacKenzie found that the companyfailed to provide adequate evidence that two of the posters madedefamatory statements
or did anything unlawful.
"The Internet has become a forum for vast discussion reaching manyindividuals with diverse backgrounds and opinions," the judge wrote.
"These four individuals were utilizing that forum to voice theiropinions and engage in discussion regarding issues important to them.
They were doing so under the protection of anonymity, which . . .
encourages the free flow of ideas. Allowing this protection to bestripped away would stifle that free discussion." The judge foundthat
the right of companies to sue for alleged wrongful behavior "mustbe balanced against the legitimate and valuable right to participatein
online forums anonymously or pseudonymously."
Paul Levy, who filed a "friend of the court" brief in the case forPublic Citizen, said, "By setting forth strict evidentiary standardsfor
compelled identification, and then showing that these standardscan produce real protection for anonymity, this decision is atremendous
victory for free speech." He predicted that for thisreason, as well as the court's thorough analysis of the constitutionalrights
involved, the decision is likely to be especially influentialin future cases.
The court's decision is available at:
http://www.citizen.org/litigation/briefs/dendrite.pdf
[3] Council of Europe Releases Revised Cyber-Crime Proposal
On November 19, the European Committee on Crime Problems and theCommittee of Experts on Crime in Cyberspace released the 24th draft
ofthe controversial cyber-crime convention. Although some changes havebeen made, the revised treaty still retains provisions on
access toencryption keys, banning the use of security tools and ISP logging ofuser activity. It also includes provisions on wiretapping
andinterception of traffic data. When finalized, the treaty will be opento countries around the world for signature.
Dozens of human rights, civil liberties, free speech and journalists'
groups wrote to the Council of Europe in October expressing oppositionto the proposal. Industry groups in the United States and Europe
havealso expressed concern.
It is expected that the committee of experts will conclude its work bythe end of this year. Afterward the proposal will be considered
bythe Committee of Ministers. It will then be open for signature byMember States. It is likely that the United States will seek
to havenon-COE countries (including Canada, Australia, Japan, and the U.S.)
also ratify the treaty.
The Council of Europe has made available contact information fornational representatives participating in the COE Cyber Crime treatydiscussion
(see below). EPIC urges readers to contact their nationalrepresentatives and ask them to give careful consideration to theprivacy
and human rights concerns expressed by NGOs.
Council of Europe Convention on Cyber-Crime, draft of Nov. 19, 2000:
http://conventions.coe.int/treaty/EN/projets/cybercrime24.htm
Global Internet Liberty Campaign Letter on COE Cyber-Crime Convention:
http://www.gilc.org/privacy/coe-letter-1000.html
Privacy International Cyber-Crime Page:
http://www.privacyinternational.org/issues/cybercrime/
Council of Europe National Contacts:
http://conventions.coe.int/treaty/EN/projets/contactCyber.htm
[4] Supreme Court Issues Decision on Indiana Police Roadblocks
In a six-to-three decision authored by Justice O'Connor, the U.S.
Supreme Court on November 28 held that suspicionless vehiclecheckpoints for the discovery and interdiction of illegal narcoticsviolate
the Fourth Amendment. In City of Indianapolis v. Edmond (No.
99-1030), officers randomly stopped drivers to detect and arrest drugoffenders. At the checkpoint, officers examined license andregistration
materials, performed an "open-view" examination ofvehicle contents, and led a drug-sniffing dog along the outside of thevehicle.
The officers had no discretion in choosing which drivers tostop, and were only supposed to delay a driver for less than fiveminutes.
In holding the Indianapolis procedure invalid, the Court distinguishedprior cases where suspicionless checkpoints were upheld. The
Courthas held that brief, suspicionless seizures at fixed checkpoints arepermissible where the purpose was to detect undocumented
citizens orintoxicated drivers. The use of checkpoints for these purposesclosely serve interests related to policing borders and
ensuringroadway safety. Checkpoints for drug interdiction, however, do notserve purposes closely related to stemming the flow and
use of illegalnarcotics. Allowing checkpoints for ordinary criminal wrongdoingcould result in a system where "the Fourth Amendment
would do littleto prevent such intrusions from becoming a routine part of Americanlife."
Chief Justice Rehnquist and Justices Thomas and Scalia dissented,
reasoning that drug checkpoints serve important state interests, andthat the seizures in question were brief and non-intrusive.
Importantly, a separate dissent authored by Justice Thomas questionedthe practice of suspicionless police searches in general: "I
ratherdoubt that the Framers of the Fourth Amendment would have considered'reasonable' a program of indiscriminate stops of individuals
notsuspected of wrongdoing."
The decision is available at:
http://www.supremecourtus.gov/opinions/99pdf/99-1030.pdf
[5] ICANN Selects Seven New Top-Level Domains
At its annual meeting in Los Angeles, the Internet Corporation ofAssigned Names and Numbers (ICANN) completed its first selection
ofnew global top-level domains (gTLDs). Only seven gTLDs -- .biz, .pro,
.aero, .museum, .coop, .info, and .name -- were chosen from 44applications. One of the new gTLDs, .info, will be an unrestrictedgTLD
in which any individual or organization can register a domainname. The rest of the gTLDs are restricted insofar as the registryestablishes
certain rules over which individuals or organizations canregister in the domain. For example, the .museum registry will onlyallow
registration of domain names by museums.
Prior to the formal ICANN meeting, a group of ICANN At-Large membersheld a forum to organize future At-Large activities. Several
currentAt-Large elected members of the ICANN board, as well as a number ofAt-Large nominated candidates, participated in the meeting.
Oneoutcome of the event was the formation of an Interim CoordinatingCommittee (ICC). The ICC seeks to promote and facilitate theparticipation
of Internet users around the world in ICANN proceedings.
One of the first projects for the ICC will concern the "Clean Sheet"
study proposed by the ICANN Board in its July 1999 Yokohama meeting.
The "Clean Sheet" study will look at the concept and structure of theICANN At-Large membership. Comments on the ICANN StaffRecommendations
for the At-Large study are due by December 27.
Information about the new gTLDs selected by ICANN is available at:
http://www.icann.org/tlds/
Background on the Interim Coordinating Committee and information aboutthe At-Large study:
http://www.icannmembers.org/
[6] U.S. Courts Seek Comment on Privacy of Court Documents
The federal judiciary is seeking comment on the privacy and securityimplications of providing electronic public access to court casefiles.
These files currently contain financial and tax information,
arrest and plea bargain agreements, medical records, employment files,
and other sensitive personal information.
Access to this sensitive information has become more convenient ascourts increasingly accept electronic files and convert their paperfiles
into electronic documents. In the past, interested parties hadto inspect records at the courthouse. In the near future, anyone
maybe able to access this information from any location over theInternet. Accordingly, the federal judiciary seeks comments toimplement
a consistent policy that recognizes both the public accessand privacy interests involved in providing access to court casefiles.
The request for comments is available at:
http://www.privacy.uscourts.gov/RFC.htm
[7] EPIC Bookstore - The Consumer Law Sourcebook 2000
The Consumer Law Sourcebook 2000: Electronic Commerce and the GlobalEconomy, edited by Sarah Andrews
http://www.epic.org/bookstore/cls/
The Consumer Law Sourcebook provides a basic set of materials forconsumers, policy makers, practitioners and researchers who areinterested
in the emerging field of electronic commerce. The focus ison framework legislation that articulates basic rights for consumersand
the basic responsibilities for businesses in the online economy.
The Sourcebook includes the text of many of the major consumer lawsand directives such as the Anticybersquatting Consumer Protection
Act,
the Electronic Signatures Act, the Electronic Fund Transfer Act, theFederal Trade Commission Act, OECD Consumer Protection Guidelines,
European Union Directives on Electronic Commerce, ElectronicSignatures and Distance Contracts, and more. Also included is a listof
consumer resources with contact information for consumer agenciesand organizations and links to useful publications and reports.
EPIC Publications:
"Privacy & Human Rights 2000: An International Survey of Privacy Lawsand Developments," David Banisar, author (EPIC 2000).
Price: $20. http://www.epic.org/phr/
This survey, by EPIC and Privacy International, reviews the state ofprivacy in over fifty countries around the world. The survey
examinesa wide range of privacy issues including, data protection, telephonetapping, genetic databases, ID systems and freedom of
informationlaws.
"The Privacy Law Sourcebook 2000: United States Law, InternationalLaw, and Recent Developments," Marc Rotenberg, editor (EPIC 2000).
Price: $40. http://www.epic.org/pls/
The "Physicians Desk Reference of the privacy world." An invaluableresource for students, attorneys, researchers and journalists who
needan up-to-date collection of U.S. and International privacy law, aswell as a comprehensive listing of privacy resources.
"Cryptography and Liberty 2000: An International Survey of EncryptionPolicy," Wayne Madsen and David Banisar, editors (EPIC 2000).
Price: $20. http://www.epic.org/crypto&/
EPIC's third survey of encryption policies around the world. Theresults indicate that the efforts to reduce export controls on strongencryption
products have largely succeeded, although severalgovernments are gaining new powers to combat the perceived threats ofencryption
to law enforcement.
"Filters and Freedom - Free Speech Perspectives on Internet ContentControls," David Sobel, editor (EPIC 1999). Price: $20.
http://www.epic.org/filters&freedom/
A collection of essays, studies, and critiques of Internet contentfiltering. These papers are instrumental in explaining why filteringthreatens
free expression.
Additional titles on privacy, open government, free expression,
computer security, and crypto, as well as films and DVDs can beordered through the EPIC Bookstore: http://www.epic.org/bookstore/
[8] Upcoming Conferences and Events
National Computer System Security and Privacy Advisory Board Meeting.
Hosted by Microsoft. December 4-6, 2000. Redmond, WA. For moreinformation: http://csrc.nist.gov/csspab/
Government Secrecy in a New Administration and a New Century.
Information Security Oversight Office and the James Madison Project.
December 5, 2000. Washington, DC. For more information:
http://www.fas.org/sgp/news/2000/11/symposium.pdf
Public Workshop: The Mobile Wireless Web, Data Services and Beyond.
Federal Trade Commission (FTC). December 11-12, 2000. Washington, DC.
For more information: http://www.ftc.gov/opa/2000/11/wireless.htm
16th Annual Computer Security Applications Conference (ACSAC).
December 11-15, 2000. New Orleans, Louisiana. For more information:
http://www.acsac.org
Call for Content - December 15, 2000. INET 2001: A Net Odyssey.
The 11th Annual Internet Society Conference . For more information:
http://www.isoc.org/inet2001/cfc.shtml
Network and Distributed System Security Symposium (NDSS '01). InternetSociety. February 7-9, 2001. San Diego, CA. For more information:
http://www.isoc.org/ndss01/
Privacy in the New Environments: What the Personal InformationProtection and Electronic Documents Act Means to Your Organization.
Riley Information Services. February 19, 2001. Ottawa, Canada. Formore information: http://www.rileyis.com/seminars/
CFP 2001: the Eleventh Conference on Computers, Freedom and Privacy.
March 6-9, 2001. Cambridge, MA. For more information:
http://www.cfp2001.org/
EUROSEC 2001: Forum sur la Sécurité des Systèmes d'Information. XPConseil. March 13-15, 2001. Paris, France.
For more information:
http://www.xpconseil.com/eurosec2001/
Online, Offshore and Cross-Border: Regulating Global E-Commerce.
Washington College of Law, American University. March 30, 2001.
Washington, DC. For more information: http://www.wcl.american.edu
First International Conference on Human Aspects of the InformationSociety. Information Management Research Institute, University ofNorthumbria
at Newcastle. April 9-11, 2001. Newcastle upon Tyne,
England. For more information: http://is.northumbria.ac.uk/imri
The 26th Annual AAAS Colloquium on Science and Technology Policy.
American Association for the Advancement of Science. May 3-4, 2001.
Washington, DC. For more information:
http://www.aaas.org/spp/dspp/rd/colloqu.htm
Subscription Information
The EPIC Alert is a free biweekly publication of the ElectronicPrivacy Information Center. A Web-based form is available forsubscribing
or unsubscribing at:
http://www.epic.org/alert/subscribe.html
To subscribe or unsubscribe using email, send email toepic-newsepic.org with the subject: "subscribe" (no quotes) or"unsubscribe".
Back issues are available at:
http://www.epic.org/alert/
Privacy Policy
The EPIC Alert mailing list is used only to mail the EPIC Alert and tosend notices about EPIC activities. We do not sell, rent or
share ourmailing list. We also intend to challenge any subpoena or other legalprocess seeking access to our mailing list. We do
not enhance (linkto other databases) our mailing list or require your actual name.
In the event you wish to subscribe or unsubscribe your email addressfrom this list, please follow the above instructions under"subscription
information". Please contact infoepic.org if you haveany other questions.
About EPIC
The Electronic Privacy Information Center is a public interestresearch center in Washington, DC. It was established in 1994 tofocus
public attention on emerging privacy issues such as the ClipperChip, the Digital Telephony proposal, national ID cards, medicalrecord
privacy, and the collection and sale of personal information.
EPIC publishes the EPIC Alert, pursues Freedom of Information Actlitigation, and conducts policy research. For more information,
e-mail infoepic.org, http://www.epic.org or write EPIC, 1718Connecticut Ave., NW, Suite 200, Washington, DC 20009.
+1 202 483 1140 (tel), +1 202 483 1248 (fax).
If you'd like to support the work of the Electronic PrivacyInformation Center, contributions are welcome and fullytax-deductible.
Checks should be made out to "EPIC" and sent to1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009.
Your contributions will help support Freedom of Information Act andFirst Amendment litigation, strong and effective advocacy for theright of privacy and efforts to oppose government regulation
ofencryption and expanding wiretapping powers.
Thank you for your support.
END EPIC Alert 7.21
.
WorldLII:
Copyright Policy
|
Disclaimers
|
Privacy Policy
|
Feedback
URL: http://www.worldlii.org/int/journals/EPICAlert/2000/21.html
