You are here:
WorldLII >>
Databases >>
EPIC Alert >>
2002 >>
[2002] EPICAlert 5
Database Search
| Name Search
| Recent Articles
| Noteup
| LawCite
| Help
EPIC Alert 9.05 [2002] EPICAlert 5
EPIC ALERT
Volume 9.05 March 15, 2002
Published by the Electronic Privacy Information Center (EPIC)
Washington, D.C.
http://www.epic.org/alert/EPIC_Alert_9.05.html
Table of Contents
[1] National Freedom of Information Day -- March 16, 2002
[2] EPIC Files FOIA Lawsuit for Air Travel Security Documents
[3] Council of Europe Considers Cybercrime Protocols
[4] UK Holds Big Brother Awards
[5] Scarfo "Key Logger" Case Ends in Plea Bargain
[6] EPIC Bill-Track: New Bills in Congress
[7] EPIC Bookstore - Privacy Defended: Protecting Yourself Online
[8] Upcoming Conferences and Events
[1] National Freedom of Information Day -- March 16, 2002
Knowledge will forever govern ignorance, and a people who mean to be their own governors, must arm themselves with the
power knowledge gives. A popular government without popular information or the means of acquiring it, is but a prologue
to a farce or a tragedy or perhaps both. -- James Madison
On March 16 -- James Madison's birthday -- EPIC will join with otheropen government advocates to emphasize the value and importance
of theFreedom of Information Act.
The public's right of access to government information is acornerstone of our democratic society. Free and open access toinformation
is a basic principle that has enabled the United States toendure and prosper for more than 200 years. For more than a quarterof
a century, the Freedom of Information Act (FOIA) has ratified thepublic's right to know what the government, its agencies, and itsofficials have done. It has substituted
public oversight for secrecy,
and our country has benefited from the truths that been extracted frompublic records. Although our nation must be safeguarded from
furtheracts of terrorism, we must never allow the public's right to know,
enshrined in the FOIA, to be suppressed for the sake of officialconvenience. Our system of representative democracy depends on thefree
flow of information produced, collected and published by thegovernment and available to the American people so they canparticipate
as an informed electorate and be aware of actions thegovernment takes in their name.
On October 12, 2001, Attorney General John Ashcroft issued amemorandum on behalf of the Bush Administration, directing federalagency
heads -- with the full support of the Department of Justice --
to search for and use any legal authority for denying access torecords under FOIA. This policy of secrecy is incompatible with thevalues
of a free society.
In February, the House Government Reform Committee, with oversight onFOIA issues, marked up a draft update of its popular "Citizen's
Guideon Using the Freedom of Information Act and the Privacy Act of 1974 toRequest Government Records." Rep. Henry Waxman (D-CA) offered, andCommittee Chair Dan Burton (R-IN)
approved, the addition of thefollowing paragraphs to the 2002 draft:
The history of the act reflects that it is a disclosure law. It presumes that requested records will be disclosed,
and the agency must make its case for withholding in terms of the act's exemptions to the rule of disclosure. . . .
Contrary to the instructions issued by the Department of Justice on October 12, 2001, the standard should not be to allow
the withholding of information whenever there is merely a "sound legal basis" for doing so.
The action represents a symbolic, bipartisan Congressional repudiationof the Attorney General's October directive.
In these trying times, our future as a nation and as individuals willbe determined by how successfully we use information. That is
whyEPIC urges individuals and associations across American to join incelebrating the public's "right to know" on Freedom of InformationDay,
March 16. EPIC has created an online "Freedom of Information ActGallery" to showcase some of the information recently made public
as aresult of the law.
EPIC's Freedom of Information Act Gallery:
http://www.epic.org/open_gov/foiagallery.html
EPIC's Former Secrets Page:
http://www.epic.org/open_gov/foia/secrets.html
Information on the 2002 National Freedom of Information Dayconference, "Access & Security in a Time of Crisis," is available at:
http://www.freedomforum.org/templates/document.asp?documentID=15783
[2] EPIC Files FOIA Lawsuit for Air Travel Security Documents
EPIC filed suit on March 14 against the Department of Transportation(DOT), seeking the expedited release of documents concerning proposedair
travel security systems. EPIC asserts in the lawsuit that thepotential privacy implications of such proposals require full andinformed
public debate on the design of security systems.
In early February, EPIC submitted Freedom of Information Act (FOIA)
requests to DOT for records relating to the newly-createdTransportation Security Administration's plans to develop a biometricidentification
card for use in a "trusted passengers" program, and toestablish airline passenger screening and profiling systems. Notingthe privacy
issues surrounding these initiatives and the substantialpublic interest in security matters, EPIC requested "expeditedprocessing"
of its requests -- a procedure Congress mandated in 1996to hasten the disclosure of information concerning matters of "currentexigency
to the American public." Despite a legal requirement torender a decision on an expedition request within 10 days, DOT neverresponded
to EPIC's request.
EPIC does not question the need for effective air travel security, butbelieves that there is no reason to develop these procedures
under ashroud of secrecy. The public has a significant interest in the designof new security systems and ensuring that privacy rights
are respected.
EPIC's lawsuit is available at:
http://www.epic.org/open_gov/foia/DOT_complaint.pdf
ID Card for Air Passengers, Washington Times, Jan. 31, 2002:
http://www.washtimes.com/business/20020131-32817256.htm
Intricate Screening of Fliers in Works, Washington Post, Feb. 1, 2002:
http://www.washingtonpost.com/wp-dyn/articles/A5185-2002Jan31.html
[3] Council of Europe Considers Cybercrime Protocols
On February 7, the Council of Europe publicly released a draft of theFirst Additional Protocol to the Convention on Cybercrime on
thecriminalization of acts of a racist or xenophobic nature committedthrough computer systems. The Convention itself was signed
inNovember 2001 by most of the body's 43 member states, as well asobserver nations Canada, Japan, South Africa and the U.S. (see
EPICAlert 8.23). It is the first international treaty to address crimescommitted in "cyberspace," including intellectual property
violations,
computer-related fraud, child pornography, hacking, and thedistribution of hacking tools. It greatly expands law enforcementinvestigative
powers, including real time electronic surveillance andaccess to user records maintained by Internet Service Providers, notonly for
these crimes, but also for any other crime "committed bymeans of a computer system" or for "the collection of evidence inelectronic
form" of a crime. It also requires signatory countries toprovide each other with mutual legal assistance in investigations. Ithas
been widely criticized by civil liberties, privacy, and securityadvocates as disproportionately weighted in favor of law enforcementinterests.
The protocol is an optional supplement to the Convention that willcriminalize the "making available" or "distribution" of racist andxenophobic
material through a computer system. An articlecriminalizing the "denial or justification of racist or xenophobiccrimes" is stated
in the draft to be under preparation. The draft wasmade available the day after the Global Internet Liberty Campaign(GILC) -- an
international coalition of civil liberties and humanrights groups -- sent a letter to the Council of Europe asking for itsrelease
in conformity with "principles of transparency and democraticdecision-making." Although the U.S. government is participating inthe
negotiation of this protocol, it has stated that it does notintend to sign it due to the obvious inconsistencies with the FirstAmendment.
GILC also sent a letter to the Council of Europe on February 28following reports that the body was considering a second optionalprotocol
on "terrorist messages and the decoding thereof." AlthoughGILC has not received an official response from the Council of Europe,
member groups in the U.S. have been assured by the government that nosuch proposal is moving forward. Work on the First AdditionalProtocol
is expected to be completed by April 30, 2002.
The draft Protocol is available on the Council of Europe site at:
http://www.coe.int/T/E/Communication%5Fand%5FResearch/Press/Themes%5Ffiles/Cybercrime/
GILC's February 6 letter to the Council of Europe is available at:
http://www.treatywatch.org/Letter_Feb_6_2002.html
GILC's February 28 letter to the Council of Europe is available at:
http://www.treatywatch.org/Letter_Feb_28_2002.html
For more information on the Treaty generally see:
http://www.treatywatch.org/
[4] UK Holds Big Brother Awards
On March 4, Privacy International presented the 4th annual UK "BigBrother" awards to the government and private sector organizationsthat
have done the most to invade personal privacy in Britain. Theaward for "Worst Public Servant" went to Sir Richard Wilson, CabinetSecretary;
"Most Invasive Company" went to Norwich Union; "MostAppalling Project" went to the National Criminal Intelligence Service(NCIS),
and "Most Heinous Organization" went to the Department ofEducation and Skills. A "Lifetime Menace" award was given to thenational
identification and data sharing scheme.
"Winston" awards were also given to individuals and organizations thathave made an outstanding contribution to the protection of privacy,
aswell as to people who have been victims of privacy invasion. Thoseindividuals and organizations were: Maurice Frankel, Campaign
forFreedom of Information; Lord Andrew Phillips; The Daily Telegraph;
David Shaylor; and Ilka Schroeder, Member of the European Parliament.
Other countries that have held Big Brother Awards so far this yearinclude Denmark, France, and the Netherlands. Hungary, Germany,
Austria, and Switzerland all presented Big Brother Awards late lastyear.
Detailed information about the 2002 UK Big Brother Awards is availableat:
http://www.privacyinternational.org/bigbrother/uk2002/
For more information on the Big Brother Awards, see:
http://www.privacyinternational.org/bigbrother/
The Campaign for Freedom of Information Web site is located at:
http://www.cfoi.org.uk/
[5] Scarfo "Key Logger" Case Ends in Plea Bargain
The federal government and Nicodemo Scarfo, Jr. entered into a pleaagreement on February 28, ending a case that raised novel privacyissues.
In a decision issued in December, a federal judge in NewJersey upheld the legality of the FBI's use of a "key logger system"
secretly installed on Scarfo's computer to capture his encryptionpassphrase, and denied a defense motion to suppress evidence obtainedthrough
the technique. As a result of the plea bargain, there will beno appellate consideration of the issues raised in the case.
The gambling and loansharking case against Scarfo became the first totest the legality of law enforcement efforts to counter the use
ofencryption. Scarfo's lawyers had argued that the "key-logger system"
violated both the Fourth Amendment (by collecting more informationthan needed) and the federal wiretap statute (by intercepting modemtransmissions
without a wiretap order). They asserted that theyneeded, through pre-trial discovery, a detailed explanation of thetechnology to
determine whether its use was improper.
In a decision issued on December 26, U.S. District Judge NicholasPolitan upheld the legality of the FBI's use of the technique anddenied
a defense motion to suppress evidence obtained through it.
Judge Politan also allowed prosecutors to keep secret the specifics ofthe technology, saying disclosure "would cause identifiable
damage tothe national security of the United States." The government hadearlier invoked the Classified Information Procedures Act
(CIPA) toconceal details of the surveillance system (see EPIC Alert 8.16). Theevents of September 11 seem to have had an influence
in the case;
Judge Politan wrote in the first paragraph of his opinion that "thematter takes on added importance in light of recent events andpotential
national security implications."
The court's opinion is available at:
http://lawlibrary.rutgers.edu/fed/html/scarfo2.html-1.html
Other selected court documents on the Scarfo case are available at:
http://www.epic.org/crypto/scarfo.html
[6] EPIC Bill-Track: New Bills in Congress
*House*
H.R.3806 Paul Revere Freedom to Warn Act. To amend title 5, UnitedStates Code, to protect those who defend the United States byexercising
their duty as patriots to warn against the existence ofthreats to weaknesses created by institutional failures that should beidentified
and corrected in a timely manner, and for other purposes.
Sponsor: Rep Israel, Steve (D-NY). Latest Major Action: 2/27/2002Referred to House committee: House Judiciary; House Government Reform.
H.R.3825 Homeland Security Information Sharing Act. To provide for thesharing of homeland security information by Federal intelligence
andlaw enforcement agencies with State and local entities. Sponsor: RepChambliss, Saxby (R-GA). Latest Major Action: 2/28/2002 Referred
toHouse committee: House Select Committee on Intelligence; HouseJudiciary; House Government Reform.
H.R.3833 Dot Kids Implementation and Efficiency Act of 2002. Tofacilitate the creation of a new, second-level Internet domain withinthe
United States country code domain that will be a haven formaterial that promotes positive experiences for children and familiesusing
the Internet, provides a safe online environment for children,
and helps to prevent children from being exposed to harmful materialon the Internet, and for other purposes. Sponsor: Rep Shimkus,
John(R-IL). Latest Major Action: 3/7/2002 House committee/subcommitteeactions: Forwarded by Subcommittee to Full Committee by Voice
Vote.
Committees: House Energy and Commerce.
H.R.3844 To strengthen Federal Government information security,
including through the requirement for the development of mandatoryinformation security risk management standards. To strengthen FederalGovernment
information security, including through the requirement forthe development of mandatory information security risk managementstandards.
Sponsor: Rep Davis, Tom (R-VA). Latest Major Action:
3/5/2002 Referred to House committee: House Government Reform; HouseScience.
H.R.3911 Telemarketing Relief Act of 2002. To direct the Federal TradeCommission to issue rules that establish a list of telephone
numbersof consumers who do not want to receive telephone calls fortelemarketing purposes, and for other purposes. Sponsor: Rep Johnson,
Nancy L. (R-CT). Latest Major Action: 3/7/2002 Referred to Housecommittee: House Energy and Commerce; House Financial Services; HouseAgriculture.
*Senate*
S.1974 Federal Bureau of Investigation Reform Act of 2002. A bill tomake needed reforms in the Federal Bureau of Investigation, and
forother purposes. Sponsor: Sen Leahy, Patrick J. (D-VT). Latest MajorAction: 2/28/2002 Referred to Senate committee: Senate Judiciary.
S.1981 Enhanced Penalties for Enabling Terrorists Act of 2002. A billto enhance penalties for fraud in connection with identificationdocuments
that facilitates an act of domestic terrorism. Sponsor: SenBoxer, Barbara (D-CA). Latest Major Action: 3/1/2002 Referred toSenate
committee: Senate Judiciary.
S.1989 National Cyber Security Defense Team Authorization Act. A billto authorize the establishment of a National Cyber Security DefenseTeam
for purposes of protecting the infrastructure of the Internetfrom terrorist attack. Sponsor: Sen Schumer, Charles E. (D-NY) LatestMajor
Action: 3/5/2002 Referred to Senate committee: Senate Judiciary.
S.1995 Genetic Information Nondiscrimination Act of 2002. A bill toprohibit discrimination on the basis of genetic information withrespect
to health insurance and employment. Sponsor: Sen Snowe,
Olympia J. (R-ME). Latest Major Action: 3/6/2002 Referred to Senatecommittee: Senate Health, Education, Labor, and Pensions.EPIC Bill Track: Tracking Privacy, Speech, and Cyber-Liberties Billsin the 107th Congress, is available at:
http://www.epic.org/privacy/bill_track.html
[7] EPIC Bookstore - Privacy Defended: Protecting Yourself Online
Privacy Defended: Protecting Yourself Online, by Gary Bahadur, WilliamChan, and Chris Weber.
http://www.epic.org/bookstore/powells/redirect/alert905.html
Privacy Defended is a comprehensive yet highly readable book thatexplains why you should care about online privacy and security in
thisdigital age, and teaches you step-by-step how to use various tricksand technologies to protect your privacy. It examines legal
threatsto privacy (such as people-finder Web sites, online public records,
the Gramm-Leach-Bliley Act, and the PATRIOT Act) as well as illegalthreats (such as hackers, insidious business tactics, spyware,
andidentity theft), and shows you how to understand and avoid thosethreats. Also contained in the book are good summaries of the
historyof the right to privacy and privacy-related cases and laws, a brieflisting of privacy organizations and initiatives, and numerousexamples
of privacy-enhancing tools that you can use to protect yourpersonal information and communications. There are also a fewchapters
devoted to technical information that relates to setting upsecure networks and detecting security breaches.
Written in a personal yet technology-savvy tone by three computer andnetwork security experts, Privacy Defended is a great resource
on howto protect yourself against threats to your privacy and security. Itcontains a great deal of in-depth information about laws
andtechnology, but you don't have to be an expert in either of thosefields to find this book both useful and easy to read.
EPIC Publications:
"Privacy & Human Rights 2001: An International Survey of Privacy Lawsand Developments," (EPIC 2001). Price: $20.
http://www.epic.org/bookstore/phr2001/
This survey, by EPIC and Privacy International, reviews the state ofprivacy in over fifty countries around the world. The survey
examinesa wide range of privacy issues including, data protection, telephonetapping, genetic databases, ID systems and freedom of
informationlaws.
"The Privacy Law Sourcebook 2001: United States Law, InternationalLaw, and Recent Developments," Marc Rotenberg, editor (EPIC 2001).
Price: $40. http://www.epic.org/bookstore/pls2001/
The "Physicians Desk Reference of the privacy world." An invaluableresource for students, attorneys, researchers and journalists who
needan up-to-date collection of U.S. and International privacy law, aswell as a comprehensive listing of privacy resources.
"Filters and Freedom 2.0: Free Speech Perspectives on Internet ContentControls" (EPIC 2001). Price: $20.
http://www.epic.org/bookstore/filters2.0/
A collection of essays, studies, and critiques of Internet contentfiltering. These papers are instrumental in explaining why filteringthreatens
free expression.
"The Consumer Law Sourcebook 2000: Electronic Commerce and the GlobalEconomy," Sarah Andrews, editor (EPIC 2000). Price: $40.
http://www.epic.org/cls/
The Consumer Law Sourcebook provides a basic set of materials forconsumers, policy makers, practitioners and researchers who areinterested
in the emerging field of electronic commerce. The focus ison framework legislation that articulates basic rights for consumersand
the basic responsibilities for businesses in the online economy.
"Cryptography and Liberty 2000: An International Survey of EncryptionPolicy," Wayne Madsen and David Banisar, authors (EPIC 2000).
Price: $20. http://www.epic.org/crypto&/
EPIC's third survey of encryption policies around the world. Theresults indicate that the efforts to reduce export controls on strongencryption
products have largely succeeded, although severalgovernments are gaining new powers to combat the perceived threats ofencryption
to law enforcement.
EPIC publications and other books on privacy, open government, freeexpression, crypto and governance can be ordered at:
EPIC Bookstore http://www.epic.org/bookstore/
"EPIC Bookshelf" at Powell's Books http://www.powells.com/features/epic/epic.html
[8] Upcoming Conferences and Events
HIPAA Summit West II: The Leading Forum on Healthcare Privacy,
Confidentiality, Data Security, and HIPAA Compliance. March 13-15,
2002. San Francisco, CA. For more information:
http://www.hipaasummit.com/
Eighth Annual National Conference, "Managing the NEW PrivacyRevolution," and First Annual Privacy Expo 2002. Privacy & AmericanBusiness
and Privacy Council. March 20-22, 2002. Washington, DC. Formore information: http://www.ManagingThePrivacyRevolution.com/
Fourth Annual e-ProtectIT Infrastructure Security Conference. NorwichUniversity. March 20-22, 2002. Northfield, Vermont. For moreinformation:
http://www.e-protectIT.org/
The Role of the Federal Communications Commission in the Digital Era:
A Panel Discussion at Duke Law School. Duke Fellowship in IntellectualProperty and the Public Domain. March 25, 2002. Durham, NC.
For moreinformation: http://www.law.duke.edu/fccfuture/
International Symposium on Freedom of Information and Privacy. Officeof the New Zealand Privacy Commissioner. March 28, 2002. Auckland,
NewZealand. For more information: Blair.Stewartprivacy.org.nz
Consumer Protection Issues in 2002 and Beyond. Association of the Barof the City of New York, Committee on Consumer Affairs. April
11,
2002. New York, NY. For more information: avernickfgkks.com
The 27th Annual AAAS Colloquium on Science and Technology Policy:
Science and Technology in a Vulnerable World: Rethinking Our Roles.
American Association for the Advancement of Science. April 11-12,
2002. Washington, DC. For more information:
http://www.aaas.org/spp/dspp/rd/colloqu.htm
Workshop on Privacy Enhancing Technologies. April 14-15, 2002. SanFrancisco, CA. For more information: http://www.pet2002.org/
CFP 2002: The Twelfth Conference on Computers, Freedom & Privacy.
April 16-19, 2002. San Francisco, CA. For more information:
http://www.cfp2002.org/
4th Annual MIT Sloan eBusiness Awards. Massachusetts Institute ofTechnology, Sloan School of Management. April 17, 2002. Cambridge,
MA.
For more information: http://www.mitawards.org/home.asp
4th National HIPAA Summit: The Leading Forum on Healthcare Privacy,
Confidentiality, Data Security and HIPAA Compliance. April 24-26,
2002. Washington, DC. For more information:
http://www.hipaasummit.com/
2002 IEEE Symposium on Security and Privacy. IEEE and theInternational Association for Cryptologic Research. May 12-15, 2002.
Oakland, CA. For more information:
http://www.ieee-security.org/TC/SP02/sp02index.html
Information Integrity World Summit. The Hands-On Summit to ProtectYour Organization: Overcoming Cyber-security and E-Privacy Threats.
Information Integrity. May 15-16, 2002. Washington, DC. For moreinformation: http://www.411integrity.com/live/80/events/80II102
Privacy Law: Emerging Issues in Employee and Consumer Relations. CLEInternational. May 16-17, 2002. Los Angeles, CA. For more information:
http://www.cle.com/upcoming/laxpri02.shtml
Personal Privacy in the Digital Age: The Challenge for State and LocalGovernments. Joint Center for eGovernance. May 19-21, 2002.
Arlington,
VA. For more information: http://www.conted.vt.edu/privacy/agenda.htm
Call For Papers - June 1, 2002 (special recognition for outstandingstudent papers). 18th Annual Computer Security Applications Conference(ACSAC):
Practical Solutions to Real Security Problems. AppliedComputer Security Associates. December 9-13, 2002. Las Vegas, Nevada.
For more information: http://www.acsac.org/
INET 2002. Internet Crossroads: Where Technology and Policy Intersect.
Internet Society. June 18-21, 2002. Washington, DC. For moreinformation: http://www.inet2002.org/
Privacy2002. Technology Policy Group. September 24-26, 2002.
Cleveland, OH. For more information:
http://www.privacy2000.org/privacy02/index.shtml
Subscription Information
Subscribe/unsubscribe via Web interface:
http://mailman.epic.org/cgi-bin/mailman/listinfo/epic_news
Subscribe/unsubscribe via email:
To: epic_news-requestmailman.epic.org
Subject line: "subscribe" or "unsubscribe"
Back issues are available at:
http://www.epic.org/alert/
The EPIC Alert displays best in a fixed-width font, such as Courier.
Privacy Policy
The EPIC Alert mailing list is used only to mail the EPIC Alert and tosend notices about EPIC activities. We do not sell, rent or
share ourmailing list. We also intend to challenge any subpoena or other legalprocess seeking access to our mailing list. We do
not enhance (linkto other databases) our mailing list or require your actual name.
In the event you wish to subscribe or unsubscribe your email addressfrom this list, please follow the above instructions under"subscription
information". Please contact infoepic.org if you wouldlike to change your subscription email address, or if you have anyother questions.
About EPIC
The Electronic Privacy Information Center is a public interestresearch center in Washington, DC. It was established in 1994 tofocus
public attention on emerging privacy issues such as the ClipperChip, the Digital Telephony proposal, national ID cards, medicalrecord
privacy, and the collection and sale of personal information.
EPIC publishes the EPIC Alert, pursues Freedom of Information Actlitigation, and conducts policy research. For more information,
e-mail infoepic.org, http://www.epic.org or write EPIC, 1718Connecticut Ave., NW, Suite 200, Washington, DC 20009.
+1 202 483 1140 (tel), +1 202 483 1248 (fax).
If you'd like to support the work of the Electronic PrivacyInformation Center, contributions are welcome and fullytax-deductible.
Checks should be made out to "EPIC" and sent to1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009.
Or you can contribute online at:
http://www.epic.org/donate/
Drink coffee, support civil liberties, get a tax deduction, and learnLatin at the same time! Receive a free epic.org "sed quis custodietipsos
custodes?" coffee mug with donation of $75 or more.
Your contributions will help support Freedom of Information Act andFirst Amendment litigation, strong and effective advocacy for theright of privacy and efforts to oppose government regulation
ofencryption and expanding wiretapping powers.
Thank you for your support.
END EPIC Alert 9.04
.
WorldLII:
Copyright Policy
|
Disclaimers
|
Privacy Policy
|
Feedback
URL: http://www.worldlii.org/int/journals/EPICAlert/2002/5.html
