You are here:
WorldLII >>
Databases >>
EPIC Alert >>
2002 >>
[2002] EPICAlert 20
Database Search
| Name Search
| Recent Articles
| Noteup
| LawCite
| Help
EPIC Alert 9.20 [2002] EPICAlert 20
EPIC ALERT
Volume 9.20 October 24, 2002
Published by the Electronic Privacy Information Center (EPIC)
Washington, D.C.
http://www.epic.org/alert/EPIC_Alert_9.20.html
Table of Contents
[1] EPIC FOIA Lawsuit Seeks USA PATRIOT Act Information
[2] EPIC Files Comments at FCC to Protect Telephone Privacy
[3] Public Protest Over Data Retention Increases in Europe
[4] DC City Council Discusses Regulation of Surveillance Cameras
[5] National Academies Report on "Sensitive but Unclassified"
[6] California Leads States in Privacy Protection
[7] EPIC Bookstore - CTRL [SPACE]
[8] Upcoming Conferences and Events
[1] EPIC FOIA Lawsuit Seeks USA PATRIOT Act Information
The Electronic Privacy Information Center today filed a Freedom ofInformation Act (FOIA) lawsuit asking a federal court to order theDepartment
of Justice to account for its use of the extraordinary newsurveillance powers granted to it by Congress last year. The recordsrequested
concern the government's implementation of the USA PATRIOTAct, legislation that was passed in the wake of the September 11terrorist
attacks. By amending laws such as the Foreign IntelligenceSurveillance Act (FISA), the USA PATRIOT Act vastly expanded thegovernment's
authority to obtain personal information about thoseliving in the United States, including United States citizens.
EPIC and the American Civil Liberties Union filed the lawsuit asattorneys for their organizations and for the American BooksellersFoundation
for Free Expression and the Freedom to Read Foundation,
citing concerns that the new surveillance laws threaten the FirstAmendment-protected activities of librarians, library patrons,
booksellers and their customers, and investigative journalists. TheFOIA request, which was submitted to DOJ and the FBI on August
21,
seeks general information about the use of new surveillance powers,
including the number of times the government has:
Directed a library, bookstore or newspaper to produce "tangible things," e.g, the titles of books an individual has purchased
or borrowed or the identity of individuals who have purchased or borrowed certain books;
Initiated surveillance of Americans under the expanded Foreign Intelligence Surveillance Act;
Conducted "sneak and peek" searches, which allow law enforcement to enter people's homes and search their belongings
without informing them until long after;
Authorized the use of devices to trace the telephone calls or e-mails of people who are not suspected of any crime;
Investigated American citizens or permanent legal residents on the basis of activities protected by the First Amendment (e.g.,
writing a letter to the editor or attending a rally).
Some of the information was previously sought by the House JudiciaryCommittee, and last week Rep. James Sensenbrenner (R-WI), the
Chairmanof the Committee, reported that he had received some of theinformation in classified form.
The EPIC/ACLU court complaint is available at:
http://www.epic.org/privacy/terrorism/patriot_foia_complaint.pdf
Information on the USA PATRIOT Act is available at:
http://www.epic.org/privacy/terrorism/usapatriot/
[2] EPIC Files Comments at FCC to Protect Telephone Privacy
On October 21, EPIC filed comments with the Federal CommunicationsCommission (FCC) urging it to protect the privacy of telephonecustomers
when a telecommunications company goes out of business orwants to sell customer information as a business asset.
The comments relate to the use by telecommunications carriers of"customer proprietary network information" (CPNI), which
includes thename, telephone number, call information and services subscribed to bya telephone customer. In 1998, the FCC formulated
its initial ruleregarding CPNI, which required telecommunications carriers to obtainexplicit customer approval (opt-in) before using
customer informationin any manner inconsistent with provision of services (for example,
building detailed profiles based on personal information obtainedthrough private telephone calls).
Following a court challenge to the FCC's 1998 CPNI rule, the FCCadopted a new rule in July 2002, which allowed telephone companies
andtheir affiliates to use customer information with only opt-outapproval from the customer. Opt-out allows the company to use CPNIuntil
a customer specifically informs the company otherwise. However,
the July 2002 rule requires opt-in customer approval when a companythat has no business relationship with a customer tries to use
ordisclose CPNI. In the July 2002 ruling, the FCC sought public commenton whether a company that is going out of business should
be allowedto sell CPNI as a business asset. In addition, the FCC asked whethera company who is going out of business or merges with
another companyshould be able to share customer information with the company who isgoing to take over the business.
EPIC's position is that the sale of CPNI as a business asset createsserious privacy concerns for consumers and should not be allowed.
Inthe case of a sale, EPIC urged the FCC to require that any companyseeking to sell its CPNI provide opt-in notification to customers,
prohibiting any sale of personal information without a customer'sconsent. In addition, EPIC urged the FCC to require companies to
usean opt-in approach before sharing CPNI when going out of business ormerging with another telecommunications company. EPIC reasoned
thatan opt-in approach is necessary to protect customers' privacy becausecustomers often have no previous business relationship with
the newtelephone company, and do not always have an alternative phone companyto choose from if they do not want to accept service
from the newcompany.
EPIC's comments are available at:
http://www.epic.org/privacy/cpni/epic_96-115.pdf
See EPIC's CPNI page:
http://www.epic.org/privacy/cpni/
[3] Public Protest Over Data Retention Increases in Europe
The prospect of generalized and systematic surveillance of electroniccommunications across Europe is raising many pressing questions.
Several recent developments in Europe show that the principle of dataretention, introduced in the recent EU Directive on Privacy andElectronic
Communications (Dir. 2002/58/EC) is facing strong criticismby privacy experts, data protection commissioners, civil libertiesgroups,
and the ISP industry.
This summer, the Danish government, current President of the EuropeanCouncil, sent to all Member States a "questionnaire on traffic
dataretention." The document intended to gather comments with respect tothe regulation, practice and experiences of traffic
data retention inEU countries. The responses were examined at a September 16 meetingof an EU Council expert group (the Multidisciplinary
Group onOrganized Crime), and most of the EU Member States' answers are nowavailable. They reveal that most governments wish they
could soonimplement an EU-wide data retention regulation with harmonizedstandards and requirements.
On September 11, during the International Conference of DataProtection Commissioners in Cardiff, the European Data ProtectionCommissioners
(also known as the "Working Party Article 29"), releaseda declaration strongly warning against any future EU-wide mandatoryand
systematic data retention scheme. "Such retention," theyasserted, "would be an improper invasion of the fundamental
rightsguaranteed to individuals by Article 8 of the European Convention onHuman Rights." They argued that retention of traffic
data forpurposes of law enforcement must occur for a limited period of timeand only where necessary, appropriate and proportionate
in ademocratic society.
A few days ago, the press reported that the British Internet ServiceProviders Association ("ISPA") is refusing to voluntarily
implementthe Home Office's controversial data retention scheme, which is partof the Anti-Terrorism Crime and Security Act enacted
last year. Thetrade group is worried about the huge cost and privacy implications ofa data retention scheme that would radically
change their customerdata storage and management procedures to allow law enforcement access.
Meanwhile, in Spain and Germany, civil liberties groups are fightingagainst their governments' data retention endeavors. Kriptopolis,
aSpanish activist organization, opposes some of the provisions of thenew Spanish "Law of Information Society Services and ElectronicCommerce"
("LSSI"), one of which compels all telecommunicationscompanies and ISPs to retain their customers' traffic and locationdata
for 12 months. Stop1984, a civil liberties organization based inGermany, is also launching a campaign to raise public awareness
aboutdata retention proposals in Europe, creating a Web page with links toother anti-data retention organizations, and collecting
and organizingmaterial related to the retention of electronic communications data.
Danish Presidency's questionnaire on traffic data retention, August14, 2002:
http://www.statewatch.org/news/2002/aug/11490-r1.pdf
EU Member States' answers to the questionnaire, September 16, 2002:
http://www.bof.nl/docs/data_retention_answers.pdf
Statement of the European Data Protection Commissioners at theInternational Conference in Cardiff (September 9-11, 2002) onmandatory
systematic retention of telecommunication traffic data:
http://www.fipr.org/press/020911DataCommissioners.html
Kriptopolis:
http://www.kriptopolis.com/
Stop1984's Anti-Data Retention Network:
http://www.stop1984.com/netzwerk/
For more information on developments related to data retention, seeEPIC's data retention Web page:
http://www.epic.org/privacy/intl/data_retention.html
[4] DC City Council Discusses Regulation of Surveillance Cameras
The Judiciary Committee of the D.C. City Council on October 22unanimously approved the proposed regulations governing the use ofsurveillance
cameras in Washington, DC. The regulations will now beconsidered by the full Council on November 7, after which they willserve as
an interim measure while the Council drafts permanentlegislation. Councilmember Kathy Patterson is drafting thislegislation, which
will be the subject of a public hearing scheduledfor December 12. The legislative debates are expected to considerwhether the surveillance
camera system is an effective or necessarycrime-fighting tool and whether it is an appropriate investment ofpublic funds. Meanwhile,
the interim regulations are at least animportant first step toward protecting the privacy of D.C. residentsand visitors, and they
help to set the baseline for future debates inother parts of the country. However, the current regulations stillcontain significant
deficiencies that will hopefully be cured in thefinal legislation.
In March, the D.C. City Council passed emergency legislation requiringthe Metropolitan Police Department (MPD) to draft regulations
for theuse of the surveillance cameras. The Council acted after learningfrom media reports that the MPD had constructed an 8 million-dollarsurveillance
camera system in the District. The MPD regulations haveimproved significantly from their April draft, in which they statedthat cameras
are a "valid law enforcement tool" useful in combatingcrime and even the "fear of crime," and provided for littleaccountability
or safeguards. At the Council's public hearing inJune, EPIC Executive Director Marc Rotenberg testified on theregulations, noting
several specific clauses in the regulations whereimprovements were necessary to protect the rights of residents andvisitors (see
EPIC Alert 9.12).
The final version of the regulations includes some of the changessuggested by critics of the surveillance camera system, includingEPIC,
the NAACP, and the National Capital Area ACLU. The regulationsnow limit the cameras to two uses: to help manage public resourcesduring
major public events and demonstrations, and to coordinatetraffic control. No cameras will be installed for general crimedeterrence
purposes until legislation approving it is enacted. Section2501.3 explicitly states, "Under no circumstances shall the CCTVsystems
be used for the purpose of infringing upon First Amendmentrights." The regulations will also create an extensive audit trail
ifrecording is authorized. However, they fail to properly consider theexpectation of privacy in public spaces and also do not provide
cleardefinitions for key terminology, including, for example, "exigentcircumstances." In addition, the regulations do
not address the needfor the system, and therefore should not be understood as legitimizingthe use of surveillance cameras.
Police chief Charles Ramsey has requested public comments on thesystem and on specific camera installations. Comments should be sentto
Terrence D. Ryan, General Counsel, Metropolitan Police Department,
Room 4125, 300 Indiana Avenue, NW, Washington, D.C. 20001. The CityCouncil is also accepting public comments (see EPIC Alert 9.13).
Further, there is a new slide show on the Observing Surveillance Website that documents the presence of the MPD's surveillance cameras.
EPIC's Video Surveillance page:
http://www.epic.org/privacy/surveillance/
Observing Surveillance:
http://www.observingsurveillance.org/
[5] National Academies Report on "Sensitive but Unclassified"
In a recent report, the National Academies asked the federalgovernment to abstain from creating inadequately defined categories of"sensitive,
but unclassified" information, while recognizing theirresponsibility to help protect the United States from terrorism andother
national security threats.
The National Academies expressed their concern that inadequatelydefined categories of "sensitive, but unclassified" do not
providesufficient guidance on what data should be restricted from publicaccess. Furthermore, while acknowledging that some restrictions
onpublic information may be necessary to protect strategic secrets, theNational Academies emphasized the necessity of openness to
scientificand technological advancement, including advancements in counteringnational security threats.
Vague criteria on when to classify and/or restrict public access toscientific information create confusion among scientists, engineers,
researchers and government officials responsible for enforcingregulations, thereby hindering progress and weakening nationalsecurity.
The National Academies accordingly maintained that anappropriate and necessary balance between security and opennessrequires clearly
defined categories of information, recommending arenewal of dialogue between the scientific, engineering and researchcommunity and
policy-makers to develop clear criteria for "sensitive,
but unclassified" information.
The National Academies' full report on the role of science andtechnology in countering terrorism is available at:
http://www.nap.edu/catalog/10415.html?onpi_newsdoc062402
[6] California Leads States in Privacy Protection
California leads the states in providing individuals with privacyprotections, according to a ranking performed by Robert Ellis Smith
ofthe Privacy Journal. The other states ranking in the top ten areMinnesota, Connecticut, Florida, Hawaii, Illinois, Massachusetts,
NewYork, Washington, and Wisconsin.
The ranking is based on "Compilation of State and Federal PrivacyLaws," a recently updated Privacy Journal publication that
describesmore than 1200 state and federal laws on the confidentiality ofpersonal information. States are assigned points based on
protectionsfor medical, financial, credit, and library records. Extra pointsaccrue to states with Constitutional privacy safeguards,
and to thosethat have been assertive in protecting privacy through regulation andlitigation.
Under the Privacy Journal ranking system, the federal government wouldfall among the next-to-last tier of states for privacy protection.
Thefederal government provides only limited protections for financial andmedical records, no statutory protection for library records,
andweakened protections against law enforcement surveillance as a resultof the USA PATRIOT Act.
Privacy Journal:
http://www.privacyjournal.net/
[7] EPIC Bookstore - CTRL [SPACE]
CTRL [SPACE]: Rhetorics of Surveillance from Bentham to Big Brother,
edited by Thomas Y. Levin, Ursula Frohne, and Peter Weibel.
http://www.epic.org/bookstore/powells/redirect/alert920.html
Video surveillance is an important topic that is currently beingexplored by policymakers, civil liberties organizations, and thepublic
at large. However, another important group has joined thediscussion about the subject of surveillance: artists. Just as theuse
of surveillance cameras in public spaces raises important policyquestions, the cameras themselves are a form of visual media, and
thusthe arts community has also become involved in the debate. "CTRL[SPACE]" uses the arts as a springboard to explore
different ideas andissues surrounding surveillance and its history, from philosophicalquestions posed by Michel Foucault and Jeremy
Bentham to 21st-centuryAmerica's growing obsession with "reality television." It also servesas an exhaustive catalog for
the recent art exhibition of the samename, held from October 13, 2001 to February 24, 2002 at the ZKMCenter for Art and Media in
Karlsruhe, Germany.
The book features numerous essays and artistic works by and about manydiverse groups, including the Surveillance Camera Players, the
NewYork Civil Liberties Union's "NYC Surveillance Camera Project," andnoted creative personalities such as Yoko Ono and
Andy Warhol. Alarge, elaborately designed work comprising over 650 pages of imagesand text, "CTRL [SPACE]" feels at home
in a library full of policybooks, philosophy books, art books, and/or all (or none) of the above.
- Kate RearsFor more perspectives on video surveillance, see the ObservingSurveillance project:
http://www.observingsurveillance.org/
EPIC Publications:
"FOIA 2002: Litigation Under the Federal Open Government Laws," HarryHammitt, David Sobel and Mark Zaid, editors (EPIC 2002).
Price: $40.
http://www.epic.org/bookstore/foia2002/
This is the standard reference work covering all aspects of theFreedom of Information Act, the Privacy Act, the Government in theSunshine Act, and the Federal Advisory Committee Act. The 21stedition fully updates the manual
that lawyers, journalists andresearchers have relied on for more than 25 years. For those wholitigate open government cases (or
need to learn how to litigatethem), this is an essential reference manual.
"Privacy & Human Rights 2002: An International Survey of Privacy Lawsand Developments" (EPIC 2002). Price: $25.
http://www.epic.org/bookstore/phr2002/
This survey, by EPIC and Privacy International, reviews the state ofprivacy in over fifty countries around the world. The survey
examinesa wide range of privacy issues including data protection, telephonetapping, genetic databases, video surveillance, location
tracking, IDsystems and freedom of information laws.
"The Privacy Law Sourcebook 2001: United States Law, InternationalLaw, and Recent Developments," Marc Rotenberg, editor
(EPIC 2001).
Price: $40. http://www.epic.org/bookstore/pls2001/
The "Physicians Desk Reference of the privacy world." An invaluableresource for students, attorneys, researchers and journalists
who needan up-to-date collection of U.S. and International privacy law, aswell as a comprehensive listing of privacy resources.
"Filters and Freedom 2.0: Free Speech Perspectives on Internet ContentControls" (EPIC 2001). Price: $20.
http://www.epic.org/bookstore/filters2.0/
A collection of essays, studies, and critiques of Internet contentfiltering. These papers are instrumental in explaining why filteringthreatens
free expression.
"The Consumer Law Sourcebook 2000: Electronic Commerce and the GlobalEconomy," Sarah Andrews, editor (EPIC 2000). Price:
$40.
http://www.epic.org/cls/
The Consumer Law Sourcebook provides a basic set of materials forconsumers, policy makers, practitioners and researchers who areinterested
in the emerging field of electronic commerce. The focus ison framework legislation that articulates basic rights for consumersand
the basic responsibilities for businesses in the online economy.
"Cryptography and Liberty 2000: An International Survey of EncryptionPolicy," Wayne Madsen and David Banisar, authors (EPIC
2000). Price:
$20. http://www.epic.org/crypto&/
EPIC's third survey of encryption policies around the world. Theresults indicate that the efforts to reduce export controls on strongencryption
products have largely succeeded, although severalgovernments are gaining new powers to combat the perceived threats ofencryption
to law enforcement.
EPIC publications and other books on privacy, open government, freeexpression, crypto and governance can be ordered at:
EPIC Bookstore http://www.epic.org/bookstore/
"EPIC Bookshelf" at Powell's Books http://www.powells.com/features/epic/epic.html
[8] Upcoming Conferences and Events
Liberties Lost! First Central European Cyber Liberties Conference(CECLC). Quintessenz and VIBE!AT User Group. October 25, 2002. Vienna,
Austria. For more information: http://ceclc.quintessenz.org/
Symposium on Privacy and Security (SPS). Stiftung für Datenschutz undInformationssicherheit (SDI), Basel/Switzerland. October 30-31,
2002.
Zurich, Switzerland. For more information:
http://www.privacy-security.ch/
2nd Courtroom 21 Conference on Privacy and Public Access to CourtRecords. Courtroom 21 (College of William & Mary and the NationalCenter
for State Courts). Williamsburg, VA. October 31-November 2,
2002. For more information: http://www.courtroom21.net/privacyconf/
3rd Annual Privacy and Security Workshop: Privacy & Security: TotallyCommitted. Centre for Applied Cryptographic Research, University
ofWaterloo and the Information and Privacy Commissioner/Ontario.
University of Toronto. November 7-8, 2002. Toronto, Canada. For moreinformation: http://www.epic.org/redirect/cacr.html
First Hawaii Biometrics Conference. Windward Community College,
Pacific Center for Advanced Technology Training (PCATT). November10-13, 2002. Waikiki, HI. For more information:
http://biometrics.wcc.hawaii.edu/
Call for Proposals: November 15, 2002. CFP2003: 13th Annual Conferenceon Computers, Freedom, and Privacy. Association for ComputingMachinery
(ACM). April 1-4, 2003. New York, NY. For more information:
http://www.cfp2003.org/
Ninth ACM Conference on Computer and Communications Security (CCS).
Association for Computing Machinery (ACM) Special Interest Group onSecurity, Audit, and Control (SIGSAC). November 18-22, 2002.
Washington, DC. For more information:
http://www.acm.org/sigs/sigsac/ccs/
eSafe Programme 2003-2004 -- Hearing on Options & Requirements.
European Commission. November 27-28, 2002. Kirchberg, Luxembourg. Formore information: http://www.saferinternet.org/news/esafe.asp
International Conference: Privacy: Cost to Resource. Safeguards forCitizens, Opportunities for Businesses: Advantages of aPrivacy-Oriented
Market. Garante per la Protezione dei Dati Personali(Italian Data Protection Commission). December 5-6, 2002. Rome, Italy.
For more information: http://www.garanteprivacy.it/
Transformations in Politics, Culture and Society. Inter-
Disciplinary.Net. December 6-8, 2002. Brussels, Belgium. For moreinformation: http://www.inter-disciplinary.net/tpcs1.htm
18th Annual Computer Security Applications Conference (ACSAC):
Practical Solutions to Real Security Problems. Applied ComputerSecurity Associates. December 9-13, 2002. Las Vegas, NV. For moreinformation:
http://www.acsac.org/
O'Reilly Bioinformatics Technology Conference. February 3 - 6, 2003.
San Diego, CA. For more information:
http://conferences.oreilly.com/macosxcon/
Third Annual Privacy Summit. International Association of PrivacyOfficers. February 26-28, 2003. Washington, DC. For more information:
http://www.privacyassociation.org/html/conferences.html
O'Reilly Open Source Convention. July 7-11, 2003. Portland, OR. Formore information: http://conferences.oreilly.com/oscon/
Subscription Information
Subscribe/unsubscribe via Web interface:
http://mailman.epic.org/cgi-bin/mailman/listinfo/epic_news
Subscribe/unsubscribe via email:
To: epic_news-requestmailman.epic.org
Subject line: "subscribe" or "unsubscribe" (no quotes)
Help with subscribing/unsubscribing:
To: epic_news-requestmailman.epic.org
Subject: "help" (no quotes)
Back issues are available at:
http://www.epic.org/alert/
The EPIC Alert displays best in a fixed-width font, such as Courier.
Privacy Policy
The EPIC Alert mailing list is used only to mail the EPIC Alert and tosend notices about EPIC activities. We do not sell, rent or
share ourmailing list. We also intend to challenge any subpoena or other legalprocess seeking access to our mailing list. We do
not enhance (linkto other databases) our mailing list or require your actual name.
In the event you wish to subscribe or unsubscribe your email addressfrom this list, please follow the above instructions under"subscription
information". Please contact infoepic.org if you wouldlike to change your subscription email address, if you areexperiencing subscription/unsubscription problems, or if you
have anyother questions.
About EPIC
The Electronic Privacy Information Center is a public interestresearch center in Washington, DC. It was established in 1994 tofocus
public attention on emerging privacy issues such as the ClipperChip, the Digital Telephony proposal, national ID cards, medicalrecord
privacy, and the collection and sale of personal information.
EPIC publishes the EPIC Alert, pursues Freedom of Information Actlitigation, and conducts policy research. For more information,
e-mail infoepic.org, http://www.epic.org or write EPIC, 1718Connecticut Ave., NW, Suite 200, Washington, DC 20009.
+1 202 483 1140 (tel), +1 202 483 1248 (fax).
If you'd like to support the work of the Electronic PrivacyInformation Center, contributions are welcome and fullytax-deductible.
Checks should be made out to "EPIC" and sent to1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009.
Or you can contribute online at:
http://www.epic.org/donate/
Drink coffee, support civil liberties, get a tax deduction, and learnLatin at the same time! Receive a free epic.org "sed quis
custodietipsos custodes?" coffee mug with donation of $75 or more.
Your contributions will help support Freedom of Information Act andFirst Amendment litigation, strong and effective advocacy for theright of privacy and efforts to oppose government regulation
ofencryption and expanding wiretapping powers.
Thank you for your support.
END EPIC Alert 9.20
.
WorldLII:
Copyright Policy
|
Disclaimers
|
Privacy Policy
|
Feedback
URL: http://www.worldlii.org/int/journals/EPICAlert/2002/20.html