WorldLII Home | Databases | WorldLII | Search | Feedback

EPIC Alert

You are here:  WorldLII >> Databases >> EPIC Alert >> 2001 >> [2001] EPICAlert 10

Database Search | Name Search | Recent Articles | Noteup | LawCite | Help

EPIC Alert 8.10 [2001] EPICAlert 10






EPIC ALERT




Volume 8.10 May 30, 2001

Published by the Electronic Privacy Information Center (EPIC)
Washington, D.C.

http://www.epic.org/alert/EPIC_Alert_8.10.html

Table of Contents



[1] EU Echelon Committee Calls for Increased Use of Encryption
[2] CoE Cybercrime Treaty Still Lacks Balance
[3] FTC Refuses to Pursue Amazon's Privacy Policy Changes
[4] Supreme Court Ruling Implicates Free Speech and Privacy
[5] EPIC Testifies before Congress on SSN Privacy
[6] EPIC Bill-Track: New Bills in Congress
[7] EPIC Bookstore - Not in Front of the Children
[8] Upcoming Conferences and Events


[1] EU Echelon Committee Calls for Increased Use of Encryption


A new European Parliament report calls for expanded development anduse of encryption technology within Europe to protect communicationsagainst the U.S.-led surveillance network known as Echelon. Thereport, issued by the Parliament's Temporary Committee on the EchelonInterception System after seven months of research, concludes that theworldwide spy network does exist, despite official U.S. denials.
The committee notes allegations that U.S. intelligence agencies havepassed on intercepted European trade secrets to give U.S. businessesa competitive advantage, but finds that "no such case has beensubstantiated."

According to the committee, the Echelon system (reportedly run by theUnited States in cooperation with Britain, Canada, Australia and NewZealand) was set up at the beginning of the Cold War for intelligencegathering and has developed into a network of intercept stationsaround the world. Its primary purpose, according to the report, isto intercept private and commercial communications, not militaryintelligence. The committee concludes that "the existence of a globalsystem for intercepting communications . . . is no longer in doubt."

The report recommends "self-protection" by EU citizens and companies,
and urges the European Commission and Member States "to deviseappropriate measures to promote, develop and manufacture Europeanencryption technology and software and above all to support projectsaimed at developing user-friendly open-source encryption software."
It also calls upon EU institutions "systematically to encrypt e-mails,
so that ultimately encryption becomes the norm."

U.S. officials have refused to confirm the existence of anEchelon-like surveillance system, and have denied that Americanagencies engage in commercial espionage. The EU committee traveledto Washington earlier this month to meet with relevant U.S. officialsand agencies, several of which (including the National SecurityAgency) refused to meet them. The committee did meet with EPIC, theAmerican Civil Liberties Union and several members of Congress.

The report of the Temporary Committee on the Echelon InterceptionSystem is available at:

http://www.europarl.eu.int/tempcom/echelon/pdf/prechelon_en.pdf


[2] CoE Cybercrime Treaty Still Lacks Balance


Following strong criticism from privacy, human rights and industrygroups, the final text of the controversial Council of Europe (CoE)
Cybercrime Treaty acknowledges the potential privacy impact ofinternational efforts to investigate online activity. Thenewly-released text (version 27) includes language that would requireinvestigative agencies to take some procedural steps to protectprivacy and human rights when accessing transactional data andintercepting communications. The text does not, however, requirepolice agencies to reimburse service providers for the cost ofcomplying with law enforcement data demands, a requirement that wouldcreate a financial disincentive to overly broad and invasive requests.

Even with the most recent changes, the proposed treaty would stillgrant government investigators broad powers to track the onlineactivities of suspects. While those powers are spelled out with greatspecificity, the procedural protections are relatively vague; Article15 provides that signatories must ensure that their national lawsrespect the privacy provisions of CoE, United Nations and otherinternational human rights documents and be subject to "judicial orother independent supervision." The text still requires serviceproviders to store potentially incriminating data for at least 60 daysafter police request it, a requirement the EU Data Protection WorkingParty in March called a "considerable burden on business" because ofthe amount of electronic storage space needed (see EPIC Alert 8.06).

The proposed CoE convention would be the first treaty to specify howpolice in one country can request their counterparts abroad to collectdata traffic on a system intruder, have him arrested and extradited toserve a prison sentence. It also provides for internationalcooperation to fight against distributors of child pornography,
copyright violators and other online offenders. The draft treaty isscheduled to be submitted to the Council of Europe's Committee ofMinisters for adoption in September and then ratified by member statesand observers over the next year or two. The United States has playedan active part in the drafting of the treaty as an observer.

The text of Version 27 of the proposed cybercrime treaty is availableat:

http://conventions.coe.int/treaty/EN/projets/cybercrime27.htm


[3] FTC Refuses to Pursue Amazon's Privacy Policy Changes


The Federal Trade Commission (FTC) has decided that Amazon.com did notdeceive its customers when it unilaterally changed the terms of itsprivacy policy last fall. In a letter dated May 24, sent to EPIC andJunkbusters, the FTC stated that Amazon.com did not, under its revisedpolicy, change its practices with respect to its customers' personalinformation in a way that was unfair and deceptive. Relying onfurther information provided by Amazon, the FTC stated that therevised privacy policy did not "materially conflict" with earlierrepresentations regarding privacy.

In its previous privacy policy, Amazon stated that it did not sell,
rent, trade, or otherwise disclose customers' personal information tothird parties and that customers could guarantee that this would notoccur in the future by sending an email to neveramazon.com. OnAugust 31, 2000, however, Amazon revised its policy to state that incertain circumstances (for example, in the case of a merger oracquisition) it would treat customer information as one of itsbusiness assets and transfer it accordingly. The FTC beganinvestigating this issue in response to a joint petition submitted byEPIC and Junkbusters in December. The petition alleged that Amazon'scontradictory privacy statements violated Section 5 of the FTC Act andurged the FTC to grant specific remedies to consumers, including theright to delete or prohibit the future disclosures of personalinformation collected under the previous policy.

In a separate investigation, the FTC also announced that despitefinding that "certain of Amazon.com's and Alexa Internet's practiceslikely were deceptive in violation of Section 5 of the FTC Act," theCommission staff is not recommending any enforcement action. Atissue in the investigation was whether Alexa's zBubbles service wascorrelating personally identifiable information (PII) with anonymousdata. Alexa is a subsidiary of Amazon.com.

EPIC also asked the Federal Trade Commission and the NationalAssociation of Attorneys General on May 25 to investigate the purchaseof assets of eTour.com by search engine website Ask Jeeves. The saleincluded the transfer of eTour.com registration information. The EPICletter alleges that eTour.com's actions deceived its customers due tothat company's numerous statements that it would never share personalinformation with any third party.

The closing letter sent by the FTC to EPIC and Junkbusters regardingthe changes to Amazon.com's privacy policy:

http://www.ftc.gov/os/closings/staff/amazonletter.htm
The FTC closing letter on Alexa:

http://www.ftc.gov/os/closings/staff/amazonalexa.pdf
EPIC's letter to the FTC and the National Association of AttorneysGeneral (NAAG) about eTour.com:

http://www.epic.org/privacy/internet/etour.html


[4] Supreme Court Ruling Implicates Free Speech and Privacy


In a 6-3 ruling, the Supreme Court held in Bartnicki v. Vopper thatthe First Amendment rights of the media outweigh a federal wiretappingstatute designed to prevent interception of private conversations.
The May 21 ruling, which upheld the Third Circuit's dismissal of thecase on First Amendment grounds, involved the dissemination of anillegal tape recording of a cell phone conversation between GloriaBartnicki, the chief negotiator for a teacher's union in WyomingValley West School District in Pennsylvania, and Anthony Kane, theunion's president. The tape included Bartnicki's complaints about theschool board's reluctance to approve a proposal for a three percentpay raise, and a discussion about blowing up the front porches ofuncooperative school board members. An unknown person gave a copy ofthe tape to Jack Yocum, leader of the group opposed to the union'swage proposals. Yocum passed a copy of the tape to Frederick Vopper,
a radio talk show host, who played it repeatedly on his show.

Justice Stevens, writing for the majority, held that although theprivacy of communications and the minimization of harm to those whosecommunications were illegally intercepted represented stronggovernment interests, these interests did not outweigh the FirstAmendment right to publish matters of public concern. The Courtaccepted that the defendants had played no part in the illegalintercept, and therefore posed the legal issue as whether thegovernment may punish the dissemination of lawfully obtainedinformation where the publisher's source obtained the informationunlawfully.

Although they signed on to the majority's holding, Justices Breyer andO'Connor concurred separately in a narrower opinion stating that inthis situation, the publication was protected by the First Amendmentbecause the recording was of public interest and the speakers werepublic figures. Furthermore, Breyer and O'Connor were swayed by thefact that the federal statutes were more broad than necessary to deterthe relevant bad conduct, and that the publications concerned apotential threat to public safety, decreasing the speakers' legitimateinterest in maintaining the privacy of the communication. Therefore,
rather than creating a "public interest" exception, the publicationwas protected because the privacy expectations of the speakers wereparticularly low and were balanced against an unusually high interestin publication.

Chief Justice Rehnquist and Justices Scalia and Thomas dissented,
citing concern for privacy in electronic communications such ascordless and cellular telephone conversations and e-mail records.

Bartnicki et al. v. Vopper, aka Williams, et al., Certiorari to theUnited States Court of Appeals for the Third Circuit, No. 99-1687:

http://www.supremecourtus.gov/opinions/00pdf/99-1687.pdf


[5] EPIC Testifies before Congress on SSN Privacy


On May 22, EPIC Executive Director Marc Rotenberg testified before theU.S. House of Representatives Subcommittee on Social Security on"Protecting Privacy and Preventing Misuse of Social Security Numbers."
Also testifying before the Subcommittee were several victims ofidentity theft, representatives of the Social Security Administration,
financial industry lobbyists and other privacy advocates.

EPIC's testimony before the Subcommittee argued that legislationlimiting the collection and use of Social Security numbers (SSNs) is"appropriate, necessary, and fully consistent with U.S. law." Someof the earliest studies of SSNs noted the risks associated with thecreation of a unique identifier and the possibility of profilingindividuals if they became widely used. Based on these recommenda-
tions, Congress included limitations on the SSN in the Privacy Act of1974. The testimony concluded with five recommendations: limiting theuse of the SSN in the private sector unless explicitly authorized bylaw; prohibiting the sale and limiting the display of the SSN bygovernment agencies; preventing companies from compelling thedisclosure of SSNs as a condition of conducting business; penalizingthe fraudulent use of the SSN only when the number corresponds to anactual individual; and encouraging the development of alternativeidentifiers.

In related SSN privacy news, Rep. Clay Shaw (R-FL), Chairman of theSocial Security Subcommittee, introduced a bill on May 25 that seeksto provide greater privacy protections for individuals and to preventfraudulent use of the SSN.

EPIC's written testimony before the Subcommittee:

http://www.epic.org/privacy/ssn/testimony_0501.html
Written testimony of other witnesses at the hearing:

http://waysandmeans.house.gov/socsec/107cong/ss-4wit.htm


[6] EPIC Bill-Track: New Bills in Congress


*House*

H.R.1846 Who Is E-Mailing Our Kids Act. To amend section 254 of theCommunications Act of 1934 to require schools and libraries receivinguniversal service assistance to block access to Internet services thatenable users to access the World Wide Web and transfer electronic mailin an anonymous manner. Sponsor: Rep Grucci, Felix J., Jr. (R-NY).
Latest Major Action: 5/22/2001 Referred to House subcommittee: HouseEnergy and Commerce.

H.R.1847 Hands Off Our Kids Act of 2001. To require the AttorneyGeneral to identify organizations that recruit juveniles toparticipate in violent and illegal activities related to theenvironment or to animal rights; and to amend the Juvenile Justice andDelinquency Prevention Act of 1974 to provide assistance to States tocarry out activities to prevent the participation of juveniles in suchactivities. Sponsor: Rep Grucci, Felix J., Jr. (R-NY). Latest MajorAction: 5/15/2001 Referred to House committee: House Education and theWorkforce; House Judiciary.

H.R.1854 Parental Freedom of Information Act. To amend the GeneralEducation Act to allow parents access to certain information abouttheir children. Sponsor: Rep Tiahrt, Todd (R-KS). Latest Major Action:
5/15/2001 Referred to House committee: House Education and theWorkforce.

H.R.1869 Amy Robinson Memorial Act. To amend the Fair Labor StandardsAct of 1938 to require an employer to notify the parent or guardian ofan employee who is under the age of 18 or handicapped and who works atthe same facility as an individual who has a criminal record thatincludes a conviction for a crime of violence. Sponsor: Rep Frost,
Martin (D-TX). Latest Major Action: 5/16/2001 Referred to Housecommittee: House Education and the Workforce.

H.R.1877 Child Sex Crimes Wiretapping Act of 2001. To amend title 18,
United States Code, to provide that certain sexual crimes againstchildren are predicate crimes for the interception of communications,
and for other purposes. Sponsor: Rep Johnson, Nancy L.(R-CT). LatestMajor Action: 5/16/2001 Referred to House committee: House Judiciary.

*Senate*

S.906 Instant Check Gun Tax Repeal and Gun Owner Privacy Act of 2001.
A bill to provide for protection of gun owner privacy and ownershiprights, and for other purposes. Sponsor: Sen Enzi, Michael B. (R-WY).
Latest Major Action: 5/17/2001 Referred to Senate committee: SenateJudiciary.

S.915. A bill to amend the Internal Revenue Code of 1986 to allow theSecretary of the Treasury to disclose taxpayer identity informationthrough mass communications to notify persons entitled to tax refunds.
Sponsor: Sen Schumer, Charles E. (D-NY). Latest Major Action:
5/21/2001 Referred to Senate committee: Senate Finance.


EPIC Bill Track: Tracking Privacy, Speech, and Cyber-Liberties Billsin the 107th Congress, is available at:

http://www.epic.org/privacy/bill_track.html


[7] EPIC Bookstore - Not in Front of the Children


Not in Front of the Children: Indecency, Censorship, and the Innocenceof Youth, by Marjorie Heins
http://www.powells.com/cgi-bin/partner?partner_id=24075&cgi=search/
search&searchtype=isbn&searchfor=0374175454
From Huckleberry Finn to Harry Potter, from Internet filters to thev-chip, censorship exercised on behalf of children and adolescentsis often based on the assumption that they must be protected from"indecent" information that might harm their development - whether inart, in literature, or on a website. But where does this assumptioncome from, and is it true?

In Not in Front of the Children, Marjorie Heins explores thefascinating history of "indecency" laws and other restrictions aimedat protecting youth. From Plato's argument for rigid censorship,
through Victorian laws aimed at repressing libidinous thoughts, tocontemporary battles over sex education in public schools and violencein the media, Heins guides us through what became, and remains, anideological minefield. With fascinating examples drawn from aroundthe globe, she suggests that the "harm to minors" argument rests onshaky foundations.

There is an urgent need for informed, dispassionate debate about theperceived conflict between the free-expression rights of young peopleand the widespread urge to shield them from expression that isconsidered harmful. Not in Front of the Children will spur thislong-needed conversation.

For other books recommended by EPIC, browse the EPIC Bookshelf at:

http://www.powells.com/features/epic/epic.html


EPIC Publications:

"Filters and Freedom 2.0: Free Speech Perspectives on Internet ContentControls," (EPIC 2001). Price: $20.
http://www.epic.org/bookstore/filters2.0/

A collection of essays, studies, and critiques of Internet contentfiltering. These papers are instrumental in explaining why filteringthreatens free expression.



"The Consumer Law Sourcebook 2000: Electronic Commerce and the GlobalEconomy," Sarah Andrews, editor (EPIC 2000). Price: $40.
http://www.epic.org/cls/

The Consumer Law Sourcebook provides a basic set of materials forconsumers, policy makers, practitioners and researchers who areinterested in the emerging field of electronic commerce. The focus ison framework legislation that articulates basic rights for consumersand the basic responsibilities for businesses in the online economy.



"Privacy & Human Rights 2000: An International Survey of Privacy Lawsand Developments," David Banisar, author (EPIC 2000).
Price: $20. http://www.epic.org/phr/

This survey, by EPIC and Privacy International, reviews the state ofprivacy in over fifty countries around the world. The survey examinesa wide range of privacy issues including, data protection, telephonetapping, genetic databases, ID systems and freedom of informationlaws.



"The Privacy Law Sourcebook 2000: United States Law, InternationalLaw, and Recent Developments," Marc Rotenberg, editor (EPIC 2000).
Price: $40. http://www.epic.org/pls/

The "Physicians Desk Reference of the privacy world." An invaluableresource for students, attorneys, researchers and journalists who needan up-to-date collection of U.S. and International privacy law, aswell as a comprehensive listing of privacy resources.



"Cryptography and Liberty 2000: An International Survey of EncryptionPolicy," Wayne Madsen and David Banisar, authors (EPIC 2000).
Price: $20. http://www.epic.org/crypto&/

EPIC's third survey of encryption policies around the world. Theresults indicate that the efforts to reduce export controls on strongencryption products have largely succeeded, although severalgovernments are gaining new powers to combat the perceived threats ofencryption to law enforcement.



Additional titles on privacy, open government, free expression,
computer security, and crypto, as well as films and DVDs can beordered through the EPIC Bookstore: http://www.epic.org/bookstore/



[8] Upcoming Conferences and Events


Call for Papers - June 1, 2001. Summer 2001 Issue on Cybermedicine.
John Marshall Journal of Computer and Information Law. For moreinformation: 5simondostu.jmls.edu
The Internet Security Conference (TISC) 2001. Core Competence, Inc.
June 4-8, 2001. Los Angeles, CA. For more information:
http://www.tisc2001.com/

INET 2001: A Net Odyssey, Mobility and the Internet. The 11th AnnualInternet Society Conference. June 5-8, 2001. Stockholm, Sweden. Formore information: http://www.isoc.org/inet2001/

ETHICOMP 2001: Systems of the Information Society. Telecommunicationsand Informatics Technical University of Gdansk, Poland. June 18-20,
2001. Gdansk, Poland. For more information:
http://www.ccsr.cse.dmu.ac.uk/conferences/ccsrconf/ethicomp2001/

ACS/IEEE International Conference on Computer Systems and Applications2001: Taking Stock of Existing Technology, Charting Future Trends.
Lebanese American University. June 25-29, 2001. Beirut, Lebanon. Formore information:
http://www.lau.edu.lb/news-events/conferences/aiccsa2001.html
Democracy Forum 2001: Democracy and the Information Revolution.
International Institute for Democracy and Electoral Assistance. June27-29, 2001. Stockholm, Sweden. For more information:
http://www.idea.int/frontpage_forum2001.htm
Call for Papers - June 30, 20001. CEPE2001: Computer Ethics,
Philosophical Enquiries. Lancaster University (UK). Centre for Studyof Technology in Organizations, Institute for Environment, Philosophyand Public Policy. December 14-16, 2001. For more information:
http://www.lancs.ac.uk/depts/philosophy/conferences/

Re-shaping the Culture of Research: People, Participation,
Partnerships & Practical Tools - Fourth Annual Community ResearchNetwork Conference. The Loka Institute. July 6-8, 2001. Austin, TX.
For more information: http://www.loka.org/

The Online Privacy Conference: Integrating Security and Privacy forData Protection. MIS Training Institute. July 17-18, 2001, OptionalWorkshops July 16, 2001. Chicago, IL. For more information:
http://www.misti.com/conference_show.asp?id=MP1
Call For Submissions - August 3, 2001. Workshop on Security andPrivacy in Digital Rights Management 2001. Eighth Association forComputing Machinery (ACM) Conference on Computer and CommunicationsSecurity. November 5, 2001. For more information:
http://www.star-lab.com/sander/spdrm/

ICSC 2001: International Conference on Social Computing. University ofBremen. October 1-3, 2001. Bremen, Germany. For more information:
http://icsc2001.informatik.uni-bremen.de/

Privacy2001: Information, Security & Ethics for the New Century.
Technology Policy Group. October 3-4, 2001. Cleveland, Ohio. For moreinformation: http://www.privacy2000.org/

Nurturing the Cybercommons, 1981-2001. Computer Professionals forSocial Responsibility (CPSR) 20th Annual Meeting. October 19-21, 2001.
Ann Arbor, MI. For more information:
http://www.cpsr.org/conferences/annmtg01/

Learning for the Future. Business for Social Responsibility's NinthAnnual Conference. November 7-9, 2001. Seattle, WA. For moreinformation: http://www.bsr.org/events/2001.asp

Subscription Information


The EPIC Alert is a free biweekly publication of the ElectronicPrivacy Information Center. A Web-based form is available forsubscribing or unsubscribing at:

http://www.epic.org/alert/subscribe.html
To subscribe or unsubscribe using email, send email toepic-newsepic.org with the subject: "subscribe" (no quotes) or"unsubscribe".

Back issues are available at:

http://www.epic.org/alert/


Privacy Policy


The EPIC Alert mailing list is used only to mail the EPIC Alert and tosend notices about EPIC activities. We do not sell, rent or share ourmailing list. We also intend to challenge any subpoena or other legalprocess seeking access to our mailing list. We do not enhance (linkto other databases) our mailing list or require your actual name.

In the event you wish to subscribe or unsubscribe your email addressfrom this list, please follow the above instructions under"subscription information". Please contact infoepic.org if you haveany other questions.


About EPIC


The Electronic Privacy Information Center is a public interestresearch center in Washington, DC. It was established in 1994 tofocus public attention on emerging privacy issues such as the ClipperChip, the Digital Telephony proposal, national ID cards, medicalrecord privacy, and the collection and sale of personal information.
EPIC publishes the EPIC Alert, pursues Freedom of Information Actlitigation, and conducts policy research. For more information,
e-mail infoepic.org, http://www.epic.org or write EPIC, 1718Connecticut Ave., NW, Suite 200, Washington, DC 20009.
+1 202 483 1140 (tel), +1 202 483 1248 (fax).

If you'd like to support the work of the Electronic PrivacyInformation Center, contributions are welcome and fullytax-deductible. Checks should be made out to "EPIC" and sent to1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009.
Or you can contribute online athttp://www.guidestar.org/aol/search/report/report.adp?ein=52-2225921
Your contributions will help support Freedom of Information Act andFirst Amendment litigation, strong and effective advocacy for theright of privacy and efforts to oppose government regulation ofencryption and expanding wiretapping powers.

Thank you for your support.

END EPIC Alert 8.10


.


WorldLII: Copyright Policy | Disclaimers | Privacy Policy | Feedback
URL: http://www.worldlii.org/int/journals/EPICAlert/2001/10.html