You are here:
WorldLII >>
Databases >>
EPIC Alert >>
2002 >>
[2002] EPICAlert 1
Database Search
| Name Search
| Recent Articles
| Noteup
| LawCite
| Help
EPIC Alert 9.01 [2002] EPICAlert 1
EPIC ALERT
Volume 9.01 January 14, 2002
Published by the Electronic Privacy Information Center (EPIC)
Washington, D.C.
http://www.epic.org/alert/EPIC_Alert_9.01.html
Table of Contents
[1] State DMVs Developing National ID System
[2] EPIC Urges Qwest to Drop Marketing Plan
[3] Court Upholds FBI Use of Secret "Key Logger" Technology
[4] Companies Stop Privacy-Invasive Practices
[5] Student Privacy Protections Enacted
[6] Digital Rights Management Discussed at Future of Music Conference
[7] EPIC Bookstore - A National ID Card: A License to Live
[8] Upcoming Conferences and Events
[1] State DMVs Developing National ID System
A Task Force of the American Association of Motor VehicleAdministrators (AAMVA) announced plans today to increase uniformity ofstate
driver's licenses and information sharing between states and lawenforcement agencies. The AAMVA proposal combines severalinitiatives,
each with very different privacy implications, and asksfor $100 million in federal funding to determine what technologyshould be
used and to expand information sharing capacity. Efforts toenhance document security and prevent forgery, such as improvedholograms
and printing techniques, are a positive application oftechnology to the driver's license regime. The AAMVA also advocatesstricter
enforcement and tougher penalties for fraud and abuse ofdriver's licenses occurring inside and outside of DMVs.
Standardization of driver's license security features and issuancestandards across the 50 states, as well as information sharing withfederal
agencies and state law enforcement, would make the driver'slicense a de facto national identity card. The AAMVA has notdisclosed
how the detailed personal information required to obtain alicense, including residency and immigration status and socialsecurity
information, will be collected, used and shared under the newprogram. The AAMVA has also proposed making the driver's license aunique
identifier. While they have not yet determined what technologywill be implemented, they plan to use biometric or other identifiersto
positively ensure that license applicants are who they say theyare, and that no person holds more than one license. This proposalpresents
the most significant privacy and security risks, which aredetailed in EPIC's ID Card and Biometrics pages referenced below.
The possible creation of national identification cards throughdriver's licenses deserves careful examination and open publicdiscussion.
EPIC is in the process of drafting a memo discussing therisks and policy implications of national identification schemes, tobe prepared
in time for the AAMVA's leadership summit, where the headsof the state DMVs will discuss the task force's recommendations.
AAMVA's website (including an archived webcast of the January 14thpress conference):
http://www.aamva.org/
EPIC's ID Card Page:
http://www.epic.org/privacy/id_cards/
EPIC's Biometrics Page:
http://www.epic.org/privacy/biometrics/
[2] EPIC Urges Qwest to Drop Marketing Plan
Last week, millions of Qwest customers across the country receivedopt-out notices in their monthly billing statements. The notices,
which were contained within a pamphlet that said "the following willnot affect your billing," provided that Qwest could
use customercalling data -- information such as services subscribed to and calllogs -- unless customers opted-out of this plan by
calling a toll-freenumber within 30 days.
Customers attempting to call the toll-free number to opt-out havereported numerous difficulties, including long waits and disconnects.
The information that Qwest is planning on using is known as customerproprietary network information, and is protected from use absent"customer
approval" by the 1996 Communications Act. The FCCpromulgated a rule in 1998 that required telecommunication carriers toobtain
explicit customer approval (opt-in) before using suchinformation in any manner inconsistent with provision of services. TheFCC explicitly
rejected an opt-out approach as insufficientlyprotective of customer privacy. However, in 1999 the US Court ofAppeals for the 10th
Circuit ruled that the opt-in approach did notpass First Amendment scrutiny because the decision to require "opt-in"
was not adequately considered or supported by existing facts.
In response to this 1999 court decision, the FCC in October 2001issued a request for public comments, seeking advice on, among otherthings,
whether an opt-in approach inherently violates the FirstAmendment. EPIC and consumer groups filed comments and reply commentsurging
the FCC to implement an opt-in approach. Similar comments werefiled by 39 Attorneys General.
In a letter sent to Qwest President Afshin Mohebbi on January 7, EPICurged Qwest to suspend their marketing plan.
Although the initial comment period closed in November, the FCC hasannounced -- in the wake of Qwest’s implementation of their marketingplan
-- that they will continue to accept comments from anyone wishingto express their opinion in this ongoing debate. Consumers wishing
todo so can comment by e-mail: <fccinfofcc.gov> or by regular mail:
FCC, 445 12th St. S.W., Washington, D.C. 20554, attn: ConsumerInformation Bureau. Reference Docket No. 96-115.
EPIC's comments are available at:
http://www.epic.org/privacy/cpni/CPNI_CMN.pdf
EPIC’s reply comments are available at:
http://www.epic.org/privacy/cpni/CPNI_Reply_Comments.html
Attorneys General comments are available at:
http://www.naag.org/features/cpni_comments.cfm
EPIC’s letter to Qwest President Afshin Mohebbi:
http://www.epic.org/privacy/cpni/qwest_let_jan2002.html
[3] Court Upholds FBI Use of Secret "Key Logger" Technology
In a decision issued on December 26, a federal judge in New Jerseyupheld the legality of the FBI's use of a "key logger system"
secretlyinstalled on a suspect's computer to capture his encryption passphraseand denied a defense motion to suppress evidence obtained
through thetechnique. U.S. District Judge Nicholas Politan also allowedprosecutors to keep secret the specifics of the technology,
sayingdisclosure "would cause identifiable damage to the national securityof the United States." The government had earlier
invoked theClassified Information Procedures Act (CIPA) to conceal details of thesurveillance system (see EPIC Alert 8.16).
The gambling and loansharking case aginst defendant Nicodemo Scarfo,
Jr. has become the first to test the legality of law enforcementefforts to counter the use of encryption. The events of September
11seem to have had an influence in the case; Judge Politan wrote in thefirst paragraph of his opinion that "the matter takes
on addedimportance in light of recent events and potential national securityimplications." Prosecutors and FBI officials met
privately with thejudge on Sept. 28 to present "top-secret, classified evidence" aboutthe system and its use in national
security investigations.
Scarfo's lawyers had argued that the "key-logger system" violated boththe Fourth Amendment (by collecting more information
than needed) andthe federal wiretap statute (by intercepting modem transmissionswithout a wiretap order). They asserted that they
needed, throughpre-trial discovery, a detailed explanation of the technology todetermine whether its use was improper. Politan ruled
that anunclassified "summary" report on the system's capabilities providedthe defense with an adequate description.
The case will proceed to trial sometime in 2002; if convicted, Scarfocould raise the discovery and suppression issues on appeal.
The court's opinion is available at:
http://lawlibrary.rutgers.edu/fed/html/scarfo2.html-1.html
Other selected court documents on the Scarfo case are available at:
http://www.epic.org/crypto/scarfo.html
[4] Companies Stop Privacy-Invasive Practices
This month, two large companies revealed that they were putting an endto practices with major privacy implications, thereby sending
animportant message to other industry groups that violation of consumerprivacy is not a profitable or useful enterprise.
First, as initially reported by CNET, DoubleClick has decided todiscontinue its profiling services. Effective December 31, 2001,
thecompany no longer offers the targeted marketing that was once centralto its business plan. Relying on techniques such as cookies
andweb-bugs to track users on the Internet, over the years DoubleClickbuilt up profiles on millions of individuals' surfing habits,
preferences, and past purchases. As a result, it earned considerablenotoriety as one of the worst invaders of personal privacy on
theInternet. In February 2000, following complaints from EPIC andothers, the Federal Trade Commission launched a formal investigationof
the company when it was reveale d that it planned to linkpersonally identifiable information to these formerly anonymousInternet
profiles. That investigation was officially closed inJanuary 2001, consequent to DoubleClick's commitment to abide byself-regulatory
guidelines for online profiling (see EPIC Alert 8.02).
Second, Dollar Rent-a-Car has ended its practice of requiringcustomers to be fingerprinted before renting a vehicle, because theeffort
failed to meet its goal of reducing theft and fraud. Mr. JimSenese, Vice President of Quality Assurance at Dollar, is reported bythe
Washington Post as saying that although there was some reductionin car theft over the course of the program, any savings that weremade
did not compensate for the number of customers who were"irritated" by having to give thumbprints to the company.
In a related development on fingerprinting, a federal judge ruled lastweek that the technology used to "match" fingerprints
does not meetstandards set by the Supreme Court for scientific evidence. JudgeLouis Pollak of the U.S. District Court found that
expert witnessescannot rely on fingerprint analysis, which compares near perfectprints taken at the police station to partial smudges
or latent printsfrom a crime scene, to conclusively determine that the latent print isthat of the accused person. In what has been
described as a"blockbuster opinion," Judge Pollak's ruling casts doubt upon theincreased use of fingerprints as unique
identifiers by private andpublic organizations, and may affect the evaluation of other forensictechniques such as handwriting and
hair analysis.
Background information on DoubleClick:
http://www.epic.org/doubletrouble/
CNET article on DoubleClick, January 8, 2002:
http://news.cnet.com/news/0-1005-200-8407125.html
Washington Post article on Dollar Rent-a-Car, January 9, 2002:
http://www.washingtonpost.com/wp-dyn/articles/A22350-2002Jan9.html
New York Times article on Justice Pollak's decision, January 11, 2002:
http://www.nytimes.com/2002/01/11/national/11PRIN.html
[5] Student Privacy Protections Enacted
In December, Congress passed limited privacy protections for students.
The protections were passed because a number of companies collectpersonal information from children while they are at school formarketing
purposes. Much of this profiling is conducted under thepretense of college admissions or job recruitment purposes, andparents are
often not notified of the privacy policies associated withthe information collection. Companies such as American Student Listsell
the survey data in profiles that include children's names,
contact information, sex, age, whether they own a telephone, income,
religion, and their race or ethnicity.
The protections, included in H.R. 1, the "No Child Left Behind Act of2001," were primarily supported by Sen. Christopher
Dodd (D-CT) andSen. Richard Shelby (R-AL). The original Dodd-Shelby proposalincluded notice and opt-in protections for all commercial
collectionof data from schoolchildren. However, compromise language was adoptedafter a lobbying push by the student profiling industry.
The new protections grant parents the right to inspect all surveysadministered at school that were written by third parties. Localeducation
agencies, which are defined as schools, school districts, orboards of education, must give notice of "arrangements to protectstudent
privacy" and allow the parent to opt a child out ofparticipation where the survey instrument contains questions seekingpolitical
affiliations, mental or psychological information, sexualbehavior, criminal behavior, income, or religious belief. Parents mayalso
opt children out of surveys that collect personal information formarketing purposes.
These new protections contain significant loopholes. The opt-out formarketing does not apply where the information collection is
formagazine subscriptions or for "student recognition programs."
However, magazine marketing is a significant purpose of studentprofiling. In addition, some student recognition programs have asignificant
marketing component.
H.R. 1, The No Child Left Behind Act of 2001 (see section 1061):
http://thomas.loc.gov/cgi-bin/bdquery/z?d107:h.r.00001:
EPIC's Profiling Page:
http://www.epic.org/privacy/profiling/
[6] Digital Rights Management Discussed at Future of Music Conference
The Future of Music Coalition (FMC) held its second annual policysummit on January 7-8, 2002, in Washington, D.C. Many topics werediscussed
that relate to issues of music and technology policy,
copyright law, and other areas of interest to musicians, the media,
policymakers, and the public.
The emphasis of the conference was on finding ways to protect theinterests of artists and copyright holders, as well as themusic-loving
public, in a constantly changing technologicalenvironment. There was also much talk of Digital Rights Management(DRM) and its efficacy
as an anti-piracy technique.
Notably, in a keynote speech, Rep. Rick Boucher (D-VA) said that hewill take steps to nurture the broad availability of music on theInternet,
and that he intends to introduce a bill that would eliminatethe anti- circumvention clause of the DMCA (section 1201).
Panelist bios, transcripts, and more post-conference information iscurrently available at the Future of Music Coalition website.
Links to FMC conference materials and press coverage:
http://www.futureofmusic.org/events/summit0102/
EPIC's new Digital Rights Management Page:
http://www.epic.org/privacy/drm/
[7] EPIC Bookstore - A National ID Card: A License to Live
A National ID Card: A License to Live, by Robert Ellis Smith
http://www.infopost.com/ItemDescription.asp?navtyp=SRH&ItemI=80143
Just in time to illuminate a new national debate, A National ID Card:
A License to Live brings together the provocative writings of RobertEllis Smith, publisher of Privacy Journal newsletter, on the seriousconsequences
of adopting a mandatory universal identity document. Thisbook includes a bibliography on the subject, a list of other nationsand
their ID practices, a history of IDs and Social Security Numbersin the U.S., and a frank discussion of airport security thatdistinguishes
the window-dressing from the workable solutions.This book is also available from Privacy Journal at:
http://www.privacyjournal.net/
EPIC Publications:
"Privacy & Human Rights 2001: An International Survey of Privacy Lawsand Developments," (EPIC 2001). Price: $20.
http://www.epic.org/bookstore/phr2001/
This survey, by EPIC and Privacy International, reviews the state ofprivacy in over fifty countries around the world. The survey
examinesa wide range of privacy issues including, data protection, telephonetapping, genetic databases, ID systems and freedom of
informationlaws.
"The Privacy Law Sourcebook 2001: United States Law, InternationalLaw, and Recent Developments," Marc Rotenberg, editor
(EPIC 2001).
Price: $40. http://www.epic.org/bookstore/pls2001/
The "Physicians Desk Reference of the privacy world." An invaluableresource for students, attorneys, researchers and journalists
who needan up-to-date collection of U.S. and International privacy law, aswell as a comprehensive listing of privacy resources.
"Filters and Freedom 2.0: Free Speech Perspectives on Internet ContentControls" (EPIC 2001). Price: $20.
http://www.epic.org/bookstore/filters2.0/
A collection of essays, studies, and critiques of Internet contentfiltering. These papers are instrumental in explaining why filteringthreatens
free expression.
"The Consumer Law Sourcebook 2000: Electronic Commerce and the GlobalEconomy," Sarah Andrews, editor (EPIC 2000). Price:
$40.
http://www.epic.org/cls/
The Consumer Law Sourcebook provides a basic set of materials forconsumers, policy makers, practitioners and researchers who areinterested
in the emerging field of electronic commerce. The focus ison framework legislation that articulates basic rights for consumersand
the basic responsibilities for businesses in the online economy.
"Cryptography and Liberty 2000: An International Survey of EncryptionPolicy," Wayne Madsen and David Banisar, authors (EPIC
2000).
Price: $20. http://www.epic.org/crypto&/
EPIC's third survey of encryption policies around the world. Theresults indicate that the efforts to reduce export controls on strongencryption
products have largely succeeded, although severalgovernments are gaining new powers to combat the perceived threats ofencryption
to law enforcement.
EPIC publications and other books on privacy, open government, freeexpression, crypto and governance can be ordered at:
EPIC Bookstore http://www.epic.org/bookstore/
"EPIC Bookshelf" at Powell's Books http://www.powells.com/features/epic/epic.html
[8] Upcoming Conferences and Events
** POSTPONED! ** First Privacy Expo 2001. Privacy & American Businessand Privacy Council. Was November 27-29, 2001; will be rescheduled
forFebruary or March 2002. Washington, DC. For more information:
infopandab.org
** POSTPONED! ** Eighth Annual National "Managing the NEW PrivacyRevolution" Conference. Privacy & American Business and
PrivacyCouncil. Was November 28-29, 2001; will be rescheduled for February orMarch 2002. Washington, DC. For more information: infopandab.org
Chief Privacy Officer Skills Development Workshop. PRIVA-C and SelectKnowledge. January 14-16, 2002 and February 18-20, 2002. Dallas,
TX.
For more information: http://www.priva-c.com/cpoworkshop/
Closing 'Windows' on Antitrust or Opening a New Era of Intervention?:
Competition Policy after the Microsoft Settlement. CATO Institute.
January 16, 2002. Washington, DC. For more information:
http://www.cato.org/events/020116pf.html
Debating Privacy and ICT: Before and After September 11th. RathenauInstituut. January 17, 2002. Amsterdam, The Netherlands. For moreinformation:
http://www.privacyconference.nl/
Eye in the Sky and Everywhere Else: Do Biometric Technologies ViolateOur Rights? CATO Insitute. January 24, 2002. Washington, DC.
For moreinformation: http://www.cato.org/events/020124pf.html
National Conference on Organized Resistance. American UniversityAnimal Rights Effort. January 25-27, 2002. Washington, DC. For moreinformation:
http://www.organizedresistance.org/
The Biometric Consortium Conference. February 13-15, 2002 (rescheduledfrom September 12-14, 2001). Arlington, VA. For more information:
http://www.nist.gov/bcfeb02/
CLA 6th Annual Cyberspace Camp Conference. Computer Law Association.
February 14-16. San Jose, CA. For more information:
http://www.cla.org/cal_camp.htm
Moving to the Forefront of Privacy Management for Bank & FinancialServices Executives. World Research Group. February 26-28, 2002.
NewOrleans, LA. For more information: http://www.worldrg.com/
2nd Annual BNA Summit: Combatting Cyber Attacks on your CorporateData. Bureau of National Affairs. February 27-28, 2002. Washington,
DC. For more information: http://cybersecurity.pf.com
International Symposium on Freedom of Information and Privacy. Officeof the New Zealand Privacy Commissioner. March 28, 2002. Auckland,
NewZealand. For more information: Blair.Stewartprivacy.org.nz
Workshop on Privacy Enhancing Technologies. April 14-15, 2002. SanFrancisco, CA. For more information: http://www.pet2002.org/
CFP 2002: The Twelfth Conference on Computers, Freedom & Privacy.
April 16-19, 2002. San Francisco, CA. For more information:
http://www.cfp2002.org/
2002 IEEE Symposium on Security and Privacy. IEEE and theInternational Association for Cryptologic Research. May 12-15, 2002.
Oakland, CA. For more information:
http://www.ieee-security.org/TC/SP02/sp02index.html
INET 2002. Internet Society. June 18-21, 2002. Washington, DC. Formore information: http://www.isoc.org/inet2002/
Subscription Information
Subscribe/unsubscribe via Web interface:
http://mailman.epic.org/cgi-bin/mailman/listinfo/epic_news
Subscribe/unsubscribe via email:
To: epic_news-requestmailman.epic.org
Subject line: "subscribe" or "unsubscribe"
Back issues are available at:
http://www.epic.org/alert/
The EPIC Alert displays best in a fixed-width font, such as Courier.
Privacy Policy
The EPIC Alert mailing list is used only to mail the EPIC Alert and tosend notices about EPIC activities. We do not sell, rent or
share ourmailing list. We also intend to challenge any subpoena or other legalprocess seeking access to our mailing list. We do
not enhance (linkto other databases) our mailing list or require your actual name.
In the event you wish to subscribe or unsubscribe your email addressfrom this list, please follow the above instructions under"subscription
information". Please contact infoepic.org if you wouldlike to change your subscription email address, or if you have anyother questions.
About EPIC
The Electronic Privacy Information Center is a public interestresearch center in Washington, DC. It was established in 1994 tofocus
public attention on emerging privacy issues such as the ClipperChip, the Digital Telephony proposal, national ID cards, medicalrecord
privacy, and the collection and sale of personal information.
EPIC publishes the EPIC Alert, pursues Freedom of Information Actlitigation, and conducts policy research. For more information,
e-mail infoepic.org, http://www.epic.org or write EPIC, 1718Connecticut Ave., NW, Suite 200, Washington, DC 20009.
+1 202 483 1140 (tel), +1 202 483 1248 (fax).
If you'd like to support the work of the Electronic PrivacyInformation Center, contributions are welcome and fullytax-deductible.
Checks should be made out to "EPIC" and sent to1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009.
Or you can contribute online at:
http://www.epic.org/donate/
Drink coffee, support civil liberties, get a tax deduction, and learnLatin at the same time! Receive a free epic.org "sed quis
custodietipsos custodes?" coffee mug with donation of $75 or more.
Your contributions will help support Freedom of Information Act andFirst Amendment litigation, strong and effective advocacy for theright of privacy and efforts to oppose government regulation
ofencryption and expanding wiretapping powers.
Thank you for your support.
END EPIC Alert 9.01 .
WorldLII:
Copyright Policy
|
Disclaimers
|
Privacy Policy
|
Feedback
URL: http://www.worldlii.org/int/journals/EPICAlert/2002/1.html
