WorldLII Home | Databases | WorldLII | Search | Feedback

EPIC Alert

You are here:  WorldLII >> Databases >> EPIC Alert >> 2000 >> [2000] EPICAlert 6

Database Search | Name Search | Recent Articles | Noteup | LawCite | Help

EPIC Alert 7.06 [2000] EPICAlert 6



EPIC ALERT




Volume 7.06 April 3, 2000

Published by the Electronic Privacy Information Center (EPIC)
Washington, D.C.

http://www.epic.org

Table of Contents



[1] New EPIC Crypto Report Finds Progress and Potential Threats
[2] Census Questions Create Privacy Furor
[3] Judge Prohibits Distribution of "Censorware" Decoding Program
[4] SEC Proposal Would Search Web and Invade Privacy
[5] No Agreement on Safe Harbor Proposal
[6] European Parliament Supports Echelon Hearing
[7] EPIC Bookstore -- EPIC Publications
[8] Upcoming Conferences and Events


[1] New EPIC Crypto Report Finds Progress and Potential Threats


The Electronic Privacy Information Center (EPIC) today released"Cryptography and Liberty 2000: An International Survey of EncryptionPolicies." This is the third annual survey of encryption policyconducted by EPIC. The report finds that the movement towards therelaxation of regulations of encryption technologies has largelysucceeded. In particular, in the vast majority of countries,
cryptography may be freely used, manufactured, and sold withoutrestriction.

"Cryptography and Liberty" notes that export controls remain the mostpowerful obstacle to the development and free flow of encryptionproducts and services. However, the rise of electronic commerce andthe need to protect privacy and increase the security of the Internethave resulted in the development of policies that favor the spread ofstrong encryption worldwide.

Despite these advances, the battle for secure and privatecommunications is not yet won. EPIC's report finds that somecountries are now proposing "lawful access" requirements that wouldforce users to disclose keys or decrypted files to governmentagencies. Others are considering proposals that give intelligence andlaw enforcement agencies new powers to conduct surveillance, breakinto buildings or hack computers to obtain encryption keys and obtaininformation. Law enforcement and intelligence agencies are alsodemanding and receiving substantial increases in budgets. These newpowers and budgets raise concerns about the expansion of governmentsurveillance and the need for public accountability.

Presenting the findings of the report at a press conference today inWashington, EPIC Senior Fellow Wayne Madsen stressed that "themajority of countries around the world are not interested incontrolling encryption; however, a few nations are now proposingsurreptitious and covert methods for obtaining private keys and accessto encoded communications."

EPIC Executive Director Marc Rotenberg said that the report willcontribute significantly to the ongoing discussion about the right tocommunicate freely and in private in the digital age. "Strongencryption is critical for the development of networks that willsafeguard personal communications," he said.

An online version of the report is available at:

http://www2.epic.org/reports/crypto2000/

The printed, book version of "Cryptography and Liberty 2000: AnInternational Survey of Encryption Policy" (EPIC, 154 pages,
softcover, ISBN: 1893044076, $20) is available at:

http://www.epic.org/crypto&/



[2] Census Questions Create Privacy Furor


The U.S. Census Bureau is quickly learning something that many onlinecompanies have known for awhile: the American public is growingincreasingly concerned about privacy.

Census 2000, the decennial process of counting the U.S. population,
has become mired in a privacy controversy concerning census questionsthat many citizens find intrusive. The questions -- included on the"long form" that the Census Bureau mailed to one of every six U.S.
households -- seek information concerning physical and mentaldisabilities, employment, income, housing specifications, and otherpersonal details. In the face of public concern over the questions,
several members of Congress have recently suggested that long formrecipients should refrain from providing information they considersensitive. Sen. Chuck Hagel (R-NE) has reportedly preparedlegislation that would remove the existing criminal penalties forfailing to answer all census questions.

The Census Bureau is defending the long form questionnaire, notingthat it does not seek any more information than has been requested inearlier census counts and that, in fact, this year's form is shorterthan those issued in previous years. Census officials also maintainthat there is a legitimate basis for all of the data being sought.
According to Census Director Kenneth Prewitt, the information iscritical for implementation of specific legislation and governmentprograms. But he has acknowledged the discomfort the form is causingmany recipients. "Millions of Americans have expressed anunprecedented level of concern for their privacy when asked tocomplete the long form," Prewitt said. "While it may be the shortestlong form in history, it has raised more questions than any of itspredecessors."

There are, indeed, early indications that privacy concerns mayseriously hamper the census process. Three weeks after census formswere sent out, half of the recipient households have mailed them back.
The response rate for the long form is ten percent below the rate forthe short form, enough of a variance, according to Prewitt, to "makeus somewhat concerned."

Official handling of personal information was also at issue in acontroversial judicial decision issued last week. In an opinion thatgrows out of the FBI "Filegate" litigation, U.S. District Judge RoyceC. Lamberth found that the White House and President Clinton committeda "criminal violation of the Privacy Act" when they released personalletters sent to the President by Kathleen Willey. The White House hasstrongly denied the allegation.

An online version of Judge Lamberth's opinion is available at:

http://www.epic.org/privacy/litigation/clinton_privacy_act.pdf


[3] Judge Prohibits Distribution of "Censorware" Decoding Program


A federal judge in Boston has issued a permanent injunction againstdistribution of a decoding program that unlocks the list of Web sitesblocked by the Cyber Patrol filtering program. In an opinion issuedon March 28, U.S. District Judge Edward F. Harrington refused toclarify whether U.S. website operators who posted "mirror" copies ofthe program are subject to the injunction. He also appeared tosuggest that mirror sites could test that question only by risking acontempt charge that could lead to fines and incarceration.

Prior to the ruling, EPIC joined with the American Civil LibertiesUnion in court papers filed on behalf of three U.S. mirror siteoperators, arguing that the court lacked jurisdiction over the matterand that the First Amendment precludes the broad prohibition ondissemination sought by toy manufacturer Mattel, which markets CyberPatrol. Mattel sought the injunction after the decoding program wasposted on sites in Sweden and Canada by the two programmers who wrotethe code. The company alleged that the "reverse-engineering" processemployed by the authors violated U.S. copyright laws, despite the factthat the activity occurred outside of the United States. At a courthearing on March 27, Mattel disclosed that it had reached a settlementwith the Swedish and Canadian programmers and had obtained the rightsto the decoding program. As a result, the real impact on the court'sinjunction falls only on the mirror sites.

Underlying the copyright issues raised in the case is the controversysurrounding "censorware" programs that contain secret lists of blockedsites. Filtering critics have long maintained that users of suchproducts should have a means of reviewing the "block lists" containedin the programs. While the right of parents to use the software wasnever at issue, Judge Harrington wrote that the case "raises aprofound societal issue, namely, who is to control the educational andintellectual nourishment of young children -- the parents or thepurveyors of pornography and the merchants of death and violence." Butby allowing the owners of Cyber Patrol to control the dissemination ofthe decoding program, the judge's ruling leaves parents in the darkabout the products they are buying to protect their children.

More information on the Cyber Patrol litigation, including links torelevant court filings, is available at:

http://www.epic.org/free_speech/censorware/cyberpatrol/

More information on the free speech issues surrounding filteringsoftware is available at the Internet Free Expression Alliancewebsite:

http://www.ifea.net


[4] SEC Proposal Would Search Web and Invade Privacy


Controversy has recently arisen around a Securities and ExchangeCommission (SEC) plan to use webcrawlers to search the Internet forpotential securities fraud. Many have found the plan to be anoverreaction that invades privacy and could chill free speech.

The SEC's plan would utilize webcrawlers to browse and recordstatements made in chat rooms, bulletin boards, and web pages basedon undisclosed keywords. In the process of storing publicly postedstatements, the webcrawler would also attempt to collect personalinformation to identify posters who often attempt to maintain theiranonymity. While the SEC currently takes these steps manually inattempts to thwart potential securities fraud, the automation of theprocess would potentially extend the reach of the federal agency intoactivities that could violate the Privacy Act of 1974.

Many critics have considered the plan a violation of the Privacy Act,
which puts limits on the collection and use of personal information byfederal agencies. The Act prohibits the collection of personalinformation without the data subject's consent, allows the datasubject to review any information in the possession of governmentagencies, and forbids the storage of statements that would beprotected by the First Amendment. While the Privacy Act providesexceptions in order to protect the integrity of ongoing criminalinvestigations, the law restricts what government agencies like theSEC can do in the normal course of their business.



[5] No Agreement on Safe Harbor Proposal


The Article 31 Committee, the EU body responsible for theimplementation of the EU Data Protection Directive, has failed toaccept the most recent draft of the Safe Harbor arrangement releasedby the U.S. Department of Commerce.

The Article 31 Committee, which comprises of representatives from allEU member states, met on March 30-31 to discuss the draft. No formaldecision was reached and the Committee is now expected to draft a listof areas which still have to be improved in the U.S. proposal.
Prominent among these outstanding issues will be the matter ofindividual redress for privacy violations.

During its meetings, the Committee referred to comments recentlysubmitted by the Trans Atlantic Consumer Dialogue (TACD), a coalitionof over sixty American and European consumer groups that includesEPIC. In its comments, the TACD argued that the latest Safe Harborproposal would still provide European citizens with less thanadequate protection with respect to the processing of their personaldata. In particular, the TACD expressed "little confidence" in theeffectiveness of a self-regulatory scheme for protecting privacy andcalled for the establishment of stronger principles with a clearenforcement mechanism.

The next meeting of the Article 31 committee is scheduled for May30-31.

The TACD's comments are available at:

http://www.tacd.org/press_releases/state300300.html
The current version of the Safe Harbor Principles and FAQs:

http://www.ita.doc.gov/td/ecom/menu1.html
Information and news on the EU Data Protection Directive:

http://europa.eu.int/comm/internal_market/en/media/dataprot/index.htm


[6] European Parliament Supports Echelon Hearing


On March 28, the Green Party secured the necessary number ofsignatures from members of the European Parliament to support theestablishment of a formal commission of enquiry into the Echelonsurveillance system. The motion to appoint the commission was putforward by the Green Party in response to a report presented to theEuropean Parliament on February 23 by British journalist DuncanCampbell. The report, "Interception Capabilities 2000," suggestedthat Echelon forms part of a global surveillance scheme carried outby the U.S., the UK and other countries capable of intercepting allelectronic communications.

The Greens have presented the signatures to the President of theEuropean Parliament, Nicole Fontaine. In accordance with the rules ofprocedure, the Parliament's Conference of Presidents will now decidewhether to make a formal recommendation for an Inquiry Committee. TheGreens have also asked the European Commission and Council to confirmwhether they are doing enough to protect the privacy of Europeancitizens' communications.

Echelon has also provoked public debate in the U.S., with recentallegations that the National Security Agency (NSA) has used itssurveillance powers not only for foreign intelligence purposes butalso to intercept domestic communications. Campbell is currentlyworking with EPIC to prepare a new report on this issue. The report,
scheduled for publication in early May, will serve as a roadmap forproposed Congressional hearings into NSA activities, expected to beheld later this spring.

See the Green Party press release at:

http://www.europarl.eu.int/greens/press/2000/0328_en.htm
The European Parliament report, "Interception Capabilities 2000" (inPDF format) is available at:

http://www.europarl.eu.int/dg4/stoa/en/publi/pdf/98-14-01-2en.pdf


[7] EPIC Bookstore -- EPIC Publications


EPIC Publications:

"Cryptography and Liberty 2000: An International Survey of EncryptionPolicy," Wayne Madsen and David Banisar, editors, (EPIC 2000).
Price: $20. http://www.epic.org/crypto&/

EPIC's third survey of encryption policies around the world. Theresults indicate that the efforts to reduce export controls on strongencryption products have largely succeeded, although severalgovernments are gaining new powers to combat the perceived threats ofencryption to law enforcement.



"The Privacy Law Sourcebook: United States Law, International Law, andRecent Developments," Marc Rotenberg, editor (EPIC 1999). Price: $50.
http://www.epic.org/pls/

The "Physicians Desk Reference of the privacy world." An invaluableresource for students, attorneys, researchers and journalists who needan up-to-date collection of U.S. and International privacy law, as wellas a comprehensive listing of privacy resources.



"Filters and Freedom - Free Speech Perspectives on Internet ContentControls," David Sobel, editor (EPIC 1999). Price: $20.
http://www.epic.org/filters&freedom/

A collection of essays, studies, and critiques of Internet contentfiltering. These papers are instrumental in explaining why filteringthreatens free expression.



"Privacy and Human Rights 1999: An International Survey of Privacy Lawsand Developments," David Banisar, Simon Davies, editors, (EPIC 1999).
Price: $15. http://www.epic.org/privacy&humanrights99/

An international survey of the privacy and data protection laws foundin 50 countries around the globe. This report outlines theconstitutional and legal conditions of privacy protection, andsummarizes important issues and events relating to privacy andsurveillance.



Additional titles on privacy, open government, free expression,
computer security, and crypto, as well as films and DVDs can beordered through the EPIC Bookstore: http://www.epic.org/bookstore/



[8] Upcoming Conferences and Events


Call for Papers -- Freedom of Expression in the Information Age.
Stanford Journal of International Law. Deadline April 15, 2000. Formore information: http://www.stanford.edu/group/SJIL/

Regulating the Internet: EU & US Perspectives. April 27-29, 2000.
European Union Center, the School of Communications, and the Centerfor Law, Commerce & Technology at the University of Washington.
Seattle, WA. For more information:
http://jsis.artsci.washington.edu/programs/europe/euc.html
Access Act Reform: The Destruction of Records and Proposed Access ActAmendments. Riley Information Services. May 1, 2000. Westin Hotel.
Ottawa, Canada. For more information: http://www.rileyis.com/seminars/

Entrust SecureSummit 2000. May 1-4, 2000. Hyatt Regency Dallas atReunion. Dallas, TX. For more information: http://www.securesummit.com
Call for Papers -- 16th Annual Computer Security ApplicationsConference. Deadline May 12, 2000. Sheraton Hotel. New Orleans, LA.
December 11-15, 2000. For more information: http://www.acsac.org/

Electronic Government: New Challenges for Public Administration andLaw. May 18, 2000. Center for Law, Public Administration, andInformatization of Tilburg University, Netherlands. For moreinformation: http://schoordijk.kub.nl/crbi/egov/

Shaping the Network: The Future of the Public Sphere in Cyberspace.
Computer Professionals for Social Responsibility (CPSR). May 20-23,
2000. Seattle, WA. For more information:
http://www.scn.org/cpsr/diac-00
First Annual Institute on Privacy Law: Strategies for Legal Compliancein a High Tech and Changing Regulatory Environment. Practicing LawInstitute. June 22-23, 2000. PLI Conference Center. New York, NY.
For more information: http://www.pli.edu
Telecommunications: The Bridge to Globalization in the InformationSociety. Biennial Conference of the International TelecommunicationsSociety. July 2-5, 2000. For more information:
http://www.its2000.org.ar
KnowRight 2000 - InfoEthics Europe. Austrian Computer Society andUNESCO. September 26-29, 2000. Vienna, Austria. For more information:
http://www.ocg.at/KR-IE2000.html
Privacy2000: Information and Security in the Digital Age. November 29,
2000. Adam's Mark Hotel. Columbus, Ohio. For more information:
http://www.privacy2000.org

Subscription Information


The EPIC Alert is a free biweekly publication of the ElectronicPrivacy Information Center. A Web-based form is available forsubscribing or unsubscribing at:

http://www.epic.org/alert/subscribe.html
To subscribe or unsubscribe using email, send email toepic-newsepic.org with the subject: "subscribe" (no quotes) or"unsubscribe".

Back issues are available at:

http://www.epic.org/alert/


About EPIC


The Electronic Privacy Information Center is a public interestresearch center in Washington, DC. It was established in 1994 tofocus public attention on emerging privacy issues such as the ClipperChip, the Digital Telephony proposal, national ID cards, medicalrecord privacy, and the collection and sale of personal information.
EPIC is sponsored by the Fund for Constitutional Government, anon-profit organization established in 1974 to protect civil libertiesand constitutional rights. EPIC publishes the EPIC Alert, pursuesFreedom of Information Act litigation, and conducts policy research.
For more information, e-mail infoepic.org, http://www.epic.org orwrite EPIC, 666 Pennsylvania Ave., SE, Suite 301, Washington, DC20003. +1 202 544 9240 (tel), +1 202 547 5482 (fax).

If you'd like to support the work of the Electronic PrivacyInformation Center, contributions are welcome and fullytax-deductible. Checks should be made out to "The Fund forConstitutional Government" and sent to EPIC, 666 Pennsylvania Ave.,
SE, Suite 301, Washington, DC 20003.

Your contributions will help support Freedom of Information Act andFirst Amendment litigation, strong and effective advocacy for theright of privacy and efforts to oppose government regulation ofencryption and expanding wiretapping powers.

Thank you for your support.

END EPIC Alert 7.06


.










WorldLII: Copyright Policy | Disclaimers | Privacy Policy | Feedback
URL: http://www.worldlii.org/int/journals/EPICAlert/2000/6.html