You are here:
WorldLII >>
Databases >>
EPIC Alert >>
2002 >>
[2002] EPICAlert 17
Database Search
| Name Search
| Recent Articles
| Noteup
| LawCite
| Help
EPIC Alert 9.17 [2002] EPICAlert 17
EPIC ALERT
Volume 9.17 September 20, 2002
Published by the Electronic Privacy Information Center (EPIC)
Washington, D.C.
http://www.epic.org/alert/EPIC_Alert_9.17.html
Table of Contents
[1] Groups Urge Secret Appeals Court to Reject Expanded Spying Powers
[2] Bush Administration Releases Cyber Security Plan
[3] EPIC Testifies Before Congress on Preventing SSN Misuse
[4] FCC Approves Rulemaking on Telephone Consumer Protection Act
[5] Coalition Urges FTC to Adopt Effective Strategy for Passport
[6] Groups File Brief Opposing Identification of ISP Subscriber
[7] EPIC Bookstore - Litigation Under the Federal Open Government Laws
[8] Upcoming Conferences and Events
[1] Groups Urge Secret Appeals Court to Reject Expanded Spying Powers
EPIC today joined with a coalition of civil liberties groups to urge asecret appeals court to reject a government bid for broadly
expandedpowers to conduct "national security" surveillance on U.S. citizens.
In a "friend of the court" brief filed with the Foreign IntelligenceSurveillance Court of Review (FISCR), the groups said
that expandingsuch powers would jeopardize fundamental constitutional interests,
"including the First Amendment right to engage in lawful publicdissent, and the warrant, notice, and judicial review rightsguaranteed
by the Fourth and Fifth Amendments."
At issue in the case is whether new Justice Department surveillancerules seeking to use looser foreign intelligence standards to conductcriminal
investigations in the United States are constitutional andpermissible under the USA PATRIOT Act adopted by Congress after theSeptember
11 terrorist attacks. The civil liberties brief urges theFISCR to uphold a decision of the Foreign Intelligence SurveillanceCourt,
which in May unanimously rejected the government's bid forexpanded powers. In its decision, the intelligence court documentedabuses
of "national security" warrants by both the Bush and ClintonAdministrations, including serious errors in approximately
75applications for foreign intelligence surveillance (see EPIC Alert9.16).
At a hearing last week, members of the Senate Judiciary Committee,
which has oversight of the Justice Department, also condemned thegovernment's position. "We need to do our work well and ensure
thatdomestic surveillance is aimed at true national security targets anddoes not simply serve as an excuse to violate the Constitutionalrights
of our own citizens," said Committee Chairman Patrick J. Leahy(D-VT). "The abuses of the past are far too fresh simply
to surrenderto the executive branch unfettered discretion to determine the scopeof these changes."
After the lower court's decision was made public in late August, thecivil liberties groups notified the FISCR that they intended to
file abrief. The groups had hoped to submit their brief before the appealscourt met to review the case, but the secret court met
on September 9and only the government was allowed to present arguments. EPIC joinedthe American Civil Liberties Union, Center for
Democracy andTechnology, Center for National Security Studies, Electronic FrontierFoundation, and the Open Society Institute in submitting
today'sbrief.
The civil liberties amicus brief is available at:
http://www.epic.org/privacy/terrorism/fisa/FISCR_amicus_brief.pdf
Background information on the Foreign Intelligence Surveillance Act,
including the current controversy, is available at:
http://www.epic.org/privacy/terrorism/fisa/
The text of the USA PATRIOT ACT is available at:
http://www.epic.org/privacy/terrorism/hr3162.html
[2] Bush Administration Releases Cyber Security Plan
Amid tight security on pre-publication, the President's CriticalInfrastructure Protection Board on September 18 released its firstpublic
draft of the National Strategy to Secure Cyberspace at a jointgovernment-industry press event at Stanford University. The WhiteHouse
claimed the draft plan "was developed in close collaborationwith key sectors of the economy that rely on cyberspace, State,
andlocal governments, colleges and universities, and concernedorganizations."
Among the initiatives called for in the strategy are the creation of aNorth American "Cyber Safe Zone," extension of the
Council of EuropeCybercrime Convention to other countries not currently signatories tothe Convention, and the promotion of "national
and international watchand warning" and a "global 'culture of security.'" Identifiable"cyber points of contact"
are also encouraged in the plan.
The plan separates cyberspace into five levels: 1) Home users andsmall businesses; 2) Major private enterprises; 3) Various sectors
ofthe national information infrastructure; 4) National Priorities; and5) Global.
The draft represents an ongoing work in progress that is subject tochange and modification, according to White House sources. Earlierdrafts
of the plan were viewed by the private sector, particularly thewireless industry and Internet Service Providers, as unreasonablymandating
government-induced security standards.
Contrary to earlier reports, the National Strategy does not containrequirements of data retention or any other data collection/datamining
requirements by ISPs or other IT service providers.
Significantly, unlike previous versions of the plan, the current draftstrategy does not call for the creation of a Federal privacy
"czar"
position.
Comments on the plan are invited until November 18, 2002. They may bee-mailed to feedbackwho.eop.gov.
The draft National Strategy to Secure Cyberspace is available at:
http://www.epic.org/security/draftstrategy0902.pdf
[3] EPIC Testifies Before Congress on Preventing SSN Misuse
At a joint hearing before two House subcommittees, EPIC legislativecounsel Chris Hoofnagle urged Congress to create a comprehensive
setof limitations on the collection and use of the Social Security Number(SSN). The hearing, chaired by Rep. Clay Shaw (R-FL), focused
on"Preserving the Integrity of Social Security Numbers and PreventingTheir Misuse by Terrorists and Identity Thieves."
Representativesfrom the Social Security Administration, the Federal Bureau ofInvestigation, and the Secret Service also testified
before thecommittee.
EPIC's testimony covered recent developments in identity theft, stateattempts to limit the SSN, and federal legislation designed to
stemSSN use. According to the Privacy Rights Clearinghouse,
500,000-700,000 persons are affected by identity theft annually. Thetoll on victims is burdensome -- most victims do not discover
thattheir identities have been stolen until many months after the crimehas occurred. Victims spend hundreds of hours and substantial
sums ofmoney fixing their credit rating.
Two states, California and Georgia, have recently passed legislationto limit the use of SSNs. In California, Senate Bill 168 was
signedinto law in October 2001. The bill prohibits public posting of SSNsand the printing of SSNs on identity cards or documents
used to obtaina product or service. The bill also prohibits businesses fromprinting SSNs on invoices or bills sent through the mail.
In Georgia,
businesses are now required to safely dispose of records that containpersonal identifiers. Business records -- including data stored
oncomputer hard drives -- must be shredded or, in the case of electronicrecords, completely wiped clean where they contain SSNs,
driver'slicense numbers, dates of birth, medical information, accountbalances, or credit limit information. The Georgia law carriespenalties
up to $10,000.
EPIC praised H.R. 2036, the Social Security Number Privacy andIdentity Theft Prevention Act of 2001, which was introduced by Rep.
Shaw and enjoys bipartisan support. The bill would establishmeaningful restrictions on the sale and display of SSNs, anddiscourage
the use of the identifier in the private sector.
EPIC's Testimony:
http://www.epic.org/privacy/ssn/ssntestimony9.19.02.html
Hearing Notice and Links to Witness Testimony:
http://waysandmeans.house.gov/socsec/107cong/ss-16wit.htm
H.R. 2036, Social Security Number Privacy and Identity TheftPrevention Act of 2001:
http://thomas.loc.gov/cgi-bin/bdquery/z?d107:h.r.02036:
[4] FCC Approves Rulemaking on Telephone Consumer Protection Act
The Federal Communications Commission (FCC) has approved a notice ofproposed rulemaking (NPRM) on the Telephone Consumer Protection
Act of1991 (TCPA), a federal law that regulates telemarketing and faxadvertising. The NPRM solicits comments on a series of telemarketingissues,
including automatic dialers, prerecorded voice telemarketing,
unsolicited fax advertising, and whether the FCC should create anational do-not-call (DNC) list. The TCPA authorized the FCC tocreate
a DNC list ten years ago, but the agency declined to do so.
Instead, the FCC adopted a "company-specific" DNC list that requiresindividuals to opt-out from each business that engages
intelemarketing.
The Direct Marketing Association (DMA) has opposed the creation of DNClists, arguing that its opt-out list, the "Telephone PreferenceService"
(TPS), adequately protects consumers. However, the TPS onlyapplies to DMA members. Enrollment in the TPS is burdensome, as theDMA
allows a free opt-out only to those who send in a letter by postalmail. Additionally, states have been far more effective infacilitating
convenient enrollment in DNC lists. Many states offerfree Internet enrollment, but the DMA continues to charge $5 for thesame service.
Earlier this year, the Federal Trade Commission (FTC) sought publiccomment on telemarketing practices and on whether that agency shouldcreate
a national DNC list. The FCC voted 4-0 to examine these sameissues, marking a willingness to cooperate with FTC in order to createmore
comprehensive protections against telemarketing. The mood of theFCC commissioners was favorable to empowering individuals to exercisecontrol
over telemarketing solicitations. Commissioner Michael Coppssaid, "Unrestricted telemarketing has gone beyond being a nuisance
andbecome in many cases an invasion of privacy."
FCC NPRM on Regulations Implementing the Telephone Consumer ProtectionAct of 1991:
http://hraunfoss.fcc.gov/edocs_public/attachmatch/FCC-02-250A1.doc
EPIC's Telemarketing Page:
http://www.epic.org/privacy/telemarketing/
[5] Coalition Urges FTC to Adopt Effective Strategy for Passport
In comments to the Federal Trade Commission (FTC), EPIC and acoalition of privacy organizations urged the agency to amend itsConsent
Order regarding Microsoft Passport to include greater privacyprotections. In July and August 2001, EPIC and a coalition of privacyorganizations
filed complaints with the FTC describing privacy andsecurity risks inherent in the Microsoft Passport identification andauthentication
system. The FTC began an investigation into Passport,
and in July 2002, issued a Complaint and Consent Order finding fourviolations of federal consumer protection law (see EPIC Alert 9.15).
The Consent Order requires Microsoft to implement a new informationsecurity program that is audited by an independent third-party.
Thecompany must reassess this security program every two years. Microsoftis also barred from making misrepresentations about the
security orprivacy of Passport.
The groups made four recommendations to the FTC to ensure effectiveimplementation of the Consent Order. First, the groups requested
thatthe security audits of Passport be made available to the public, andthat individuals be given access to their entire Passport
profile.
Second, the groups recommended that the FTC examine AOL'sauthentication system, the "Screen Name Service," and Project Liberty,
which is currently under development. Third, the groups recommendedthat the FTC ensure Microsoft is complying with the EU-US Safe
Harbor.
Last, the groups requested the FTC to establish limitations on thefunctions of Passport. Without limitations on the functions thatPassport
performs and the information that Passport collects, Passportbecomes an increasingly attractive and lucrative target for malicioushackers.
EPIC's Comments on the Microsoft Passport Consent Order:
http://www.epic.org/privacy/consumer/microsoft/ordercomments.html
EPIC's "Sign Out of Passport" Page:
http://www.epic.org/privacy/consumer/microsoft/
FTC Consent Order Page:
http://www.ftc.gov/opa/2002/08/microsoft.htm
[6] Groups File Brief Opposing Identification of ISP Subscriber
EPIC and a coalition of civil liberties groups filed an amicus briefin late August challenging the Recording Industry Association
ofAmerica (RIAA)'s attempt to identify a Verizon ISP subscriber. Thebrief argues that a portion of the Digital Millennium Copyright
Act(DMCA) unconstitutionally violates individuals' right to anonymouscommunications.
The case arose after Verizon refused to comply with a subpoena sent bythe RIAA in July, compelling the ISP to release the name of
a customeraccused of illegally trading hundreds of songs. RIAA filed suitseeking to have a court enforce the subpoena and force
Verizon todisclose the customer's name. The RIAA's subpoena was sent pursuantto a provision of the DMCA that permits a copyright
owner to send asubpoena (without filing a lawsuit) ordering a "service provider" toturn over information about a subscriber.
The amicus brief states that the provision violates the right ofAmericans to be anonymous online: "Purported copyright owners
shouldnot have the right to violate protected, anonymous speech with whatamounts to a single snap of the fingers." The amicus
brief (as wellas Verizon's brief, which opposes RIAA's motions mostly on proceduralgrounds) maintains that the RIAA has the right
to unmask a truecopyright infringer, but argues that common civil procedure rules havealways provided sufficient routes for obtaining
such information.
If copyright owners were permitted to use the DMCA's subpoena processto assail peer-to-peer pirates, the amicus brief argues, the
combinednumber of notices and subpoenas that Internet providers would have toprocess could easily reach into the millions annually.
The coalition's Amicus Brief is available at:
http://www.eff.org/Cases/RIAA_v_Verizon/20020830_eff_amicus.html
Verizon's Brief is available at:
http://www.politechbot.com/docs/verizon.brief.090302.pdf
[7] EPIC Bookstore - Litigation Under the Federal Open Government Laws
JUST PUBLISHED!
Litigation Under the Federal Open Government Laws 2002570 pages, $40.00
http://www.epic.org/bookstore/foia2002/
"Deserves a place in the library of everyone who is involved in, or thinking about, litigation under the Freedom
of Information Act."
- Steve Aftergood Federation of American ScientistsThis is the standard reference work covering all aspects of theFreedom of Information Act, the Privacy Act, the Government in theSunshine Act, and the Federal Advisory Committee Act. EPIC haspublished the book jointly
with Access Reports and the James MadisonProject.
This 21st edition fully updates the manual that lawyers, journalistsand researchers have relied on for more than 25 years. It is
editedby Harry Hammitt of Access Reports, David L. Sobel of EPIC, and MarkS. Zaid of the James Madison Project. The book draws upon
theexpertise of practicing attorneys who are recognized leaders in thefield.
Appendices include the text of the relevant acts, and sample pleadingsfor litigators. "Litigation Under the Federal Open Government
Laws2002" adheres to the same high standards as previous editions and isintended as a guide for FOIA requesters and plaintiff
litigators. Forthose who litigate open government cases (or need to learn how tolitigate them), this is an essential reference manual.
EPIC Publications:
"Privacy & Human Rights 2002: An International Survey of Privacy Lawsand Developments" (EPIC 2002). Price: $25.
http://www.epic.org/bookstore/phr2002/
This survey, by EPIC and Privacy International, reviews the state ofprivacy in over fifty countries around the world. The survey
examinesa wide range of privacy issues including data protection, telephonetapping, genetic databases, video surveillance, location
tracking, IDsystems and freedom of information laws.
"The Privacy Law Sourcebook 2001: United States Law, InternationalLaw, and Recent Developments," Marc Rotenberg, editor
(EPIC 2001).
Price: $40. http://www.epic.org/bookstore/pls2001/
The "Physicians Desk Reference of the privacy world." An invaluableresource for students, attorneys, researchers and journalists
who needan up-to-date collection of U.S. and International privacy law, aswell as a comprehensive listing of privacy resources.
"Filters and Freedom 2.0: Free Speech Perspectives on Internet ContentControls" (EPIC 2001). Price: $20.
http://www.epic.org/bookstore/filters2.0/
A collection of essays, studies, and critiques of Internet contentfiltering. These papers are instrumental in explaining why filteringthreatens
free expression.
"The Consumer Law Sourcebook 2000: Electronic Commerce and the GlobalEconomy," Sarah Andrews, editor (EPIC 2000). Price:
$40.
http://www.epic.org/cls/
The Consumer Law Sourcebook provides a basic set of materials forconsumers, policy makers, practitioners and researchers who areinterested
in the emerging field of electronic commerce. The focus ison framework legislation that articulates basic rights for consumersand
the basic responsibilities for businesses in the online economy.
"Cryptography and Liberty 2000: An International Survey of EncryptionPolicy," Wayne Madsen and David Banisar, authors (EPIC
2000). Price:
$20. http://www.epic.org/crypto&/
EPIC's third survey of encryption policies around the world. Theresults indicate that the efforts to reduce export controls on strongencryption
products have largely succeeded, although severalgovernments are gaining new powers to combat the perceived threats ofencryption
to law enforcement.
EPIC publications and other books on privacy, open government, freeexpression, crypto and governance can be ordered at:
EPIC Bookstore http://www.epic.org/bookstore/
"EPIC Bookshelf" at Powell's Books http://www.powells.com/features/epic/epic.html
[8] Upcoming Conferences and Events
Civil Liberties Under Attack -- One Year Later. National LawyersGuild; Refuse & Resist. September 7, 2002. Los Angeles, CA. For
moreinformation: http://www.refuseandresist.org/new/calendar.php
IT and Law. University of Geneva, University of Bern, SwissAssociation of IT and Law. September 9-10, 2002. Geneva, Switzerland.
For more information: http://www.informatiquejuridique.ch/
Observing Surveillance. Photo Exhibit. September 12, 2002. Washington,
DC. For more information: dcvspepic.org
ILPF Conference 2002: Security v. Privacy. Internet Law & PolicyForum. September 17-19, 2002. Seattle, WA. For more information:
http://www.ilpf.org/conference2002/
The Biometric Consortium Conference (BC2002). Biometric Consortium.
September 23-25, 2002. Arlington, VA. For more information:
http://www.nist.gov/bc2002/
Privacy2002: Information, Security & New Global Realities. TechnologyPolicy Group. September 24-26, 2002. Cleveland, OH. For moreinformation:
http://www.privacy2000.org/privacy2002/
Privacy Management Summit. Privastaff. September 25, 2002. San Jose,
CA. For more information: http://www.privastaff.com/psevents.html
Commercialization of Human Genomics: Consequences for Science andHumanity. Duke University Center for Genome Ethics, Law, and Policy.
September 27-28, 2002. Durham, NC. For more information:
http://www.law.duke.edu/conference/gelp/
Privacy in Ubicomp 2002: Workshop on Socially-informed Design ofPrivacy-enhancing Solutions in Ubiquitous Computing. Held as part
ofUBICOMP 2002. September 29, 2002. Goeteborg, Sweden. For moreinformation: http://guir.berkeley.edu/privacyworkshop2002/
Shrinking World, Expanding Net. Computer Professionals for SocialResponsibility (CPSR). October 5, 2002. Cambridge, MA. For moreinformation:
http://www.cpsr.org/conferences/annmtg02/
Bridging the Digital Divide: Challenge and Opportunities. 3rd WorldSummit on Internet and Multimedia. October 8-11, 2002. Montreux,
Switzerland. For more information: http://www.internetworldsummit.org/
2002 WSEAS International Conference on Information Security (ICIS'02). World Scientific and Engineering Academy and Society. October14-17,
2002. Rio de Janeiro, Brazil. For more information:
http://www.wseas.org/conferences/2002/brazil/icis/
IAPO Privacy & Security Conference. International Association ofPrivacy Officers. October 16-18, 2002. Chicago, IL. For moreinformation:
http://www.privacyassociation.org/html/conferences.html
Privacy Trends: Complying With New Demands. Riley Information ServicesInc. and the Commonwealth Centre for Electronic Governance.
October22, 2002. Ottawa, Canada. For more information:
http://www.rileyis.com/seminars/
3rd Annual Privacy and Security Workshop: Privacy & Security: TotallyCommitted. Centre for Applied Cryptographic Research, University
ofWaterloo and the Information and Privacy Commissioner/Ontario.
University of Toronto. November 7-8, 2002. Toronto, Canada. For moreinformation: http://www.epic.org/redirect/cacr.html
First Hawaii Biometrics Conference. Windward Community College,
Pacific Center for Advanced Technology Training (PCATT). November10-13, 2002. Waikiki, HI. For more information:
http://biometrics.wcc.hawaii.edu/
Transformations in Politics, Culture and Society. Inter-
Disciplinary.Net. December 6-8, 2002. Brussels, Belgium. For moreinformation: http://www.inter-disciplinary.net/tpcs1.htm
18th Annual Computer Security Applications Conference (ACSAC):
Practical Solutions to Real Security Problems. Applied ComputerSecurity Associates. December 9-13, 2002. Las Vegas, NV. For moreinformation:
http://www.acsac.org/
Third Annual Privacy Summit. International Association of PrivacyOfficers. February 26-28, 2003. Washington, DC. For more information:
http://www.privacyassociation.org/html/conferences.html
CFP2003: 13th Annual Conference on Computers, Freedom, and Privacy.
Association for Computing Machinery (ACM). April 1-4, 2003. New York,
NY. For more information: http://www.cfp.org/
Subscription Information
Subscribe/unsubscribe via Web interface:
http://mailman.epic.org/cgi-bin/mailman/listinfo/epic_news
Subscribe/unsubscribe via email:
To: epic_news-requestmailman.epic.org
Subject line: "subscribe" or "unsubscribe" (no quotes)
Help with subscribing/unsubscribing:
To: epic_news-requestmailman.epic.org
Subject: "help" (no quotes)
Back issues are available at:
http://www.epic.org/alert/
The EPIC Alert displays best in a fixed-width font, such as Courier.
Privacy Policy
The EPIC Alert mailing list is used only to mail the EPIC Alert and tosend notices about EPIC activities. We do not sell, rent or
share ourmailing list. We also intend to challenge any subpoena or other legalprocess seeking access to our mailing list. We do
not enhance (linkto other databases) our mailing list or require your actual name.
In the event you wish to subscribe or unsubscribe your email addressfrom this list, please follow the above instructions under"subscription
information". Please contact infoepic.org if you wouldlike to change your subscription email address, if you areexperiencing subscription/unsubscription problems, or if you
have anyother questions.
About EPIC
The Electronic Privacy Information Center is a public interestresearch center in Washington, DC. It was established in 1994 tofocus
public attention on emerging privacy issues such as the ClipperChip, the Digital Telephony proposal, national ID cards, medicalrecord
privacy, and the collection and sale of personal information.
EPIC publishes the EPIC Alert, pursues Freedom of Information Actlitigation, and conducts policy research. For more information,
e-mail infoepic.org, http://www.epic.org or write EPIC, 1718Connecticut Ave., NW, Suite 200, Washington, DC 20009.
+1 202 483 1140 (tel), +1 202 483 1248 (fax).
If you'd like to support the work of the Electronic PrivacyInformation Center, contributions are welcome and fullytax-deductible.
Checks should be made out to "EPIC" and sent to1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009.
Or you can contribute online at:
http://www.epic.org/donate/
Drink coffee, support civil liberties, get a tax deduction, and learnLatin at the same time! Receive a free epic.org "sed quis
custodietipsos custodes?" coffee mug with donation of $75 or more.
Your contributions will help support Freedom of Information Act andFirst Amendment litigation, strong and effective advocacy for theright of privacy and efforts to oppose government regulation
ofencryption and expanding wiretapping powers.
Thank you for your support.
END EPIC Alert 9.17
.
WorldLII:
Copyright Policy
|
Disclaimers
|
Privacy Policy
|
Feedback
URL: http://www.worldlii.org/int/journals/EPICAlert/2002/17.html
