======================================================================= E P I C A l e r t ======================================================================= Volume 10.11 June 6, 2003 ----------------------------------------------------------------------- Published by the Electronic Privacy Information Center (EPIC) Washington, D.C. http://www.epic.org/alert/EPIC_Alert_10.11.html ====================================================================== Table of Contents ====================================================================== [1] EPIC Conference Explores Privacy and Technology Issues [2] Ashcroft Testifies on PATRIOT Act Implementation [3] Inspector General Criticizes DOJ on September 11 Detainees [4] FCC Opens Door to Media Consolidation [5] Council of Europe Adopts Declaration of Freedom on the Internet [6] News in Brief [7] EPIC Bookstore: Privacy Times [8] Upcoming Conferences and Events ====================================================================== [1] EPIC Conference Explores Privacy and Technology Issues ====================================================================== "There was of course no way of knowing whether you were being watched at any given moment." - George Orwell, 1984. In honor of the 100th anniversary of George Orwell's birth, EPIC hosted a conference on June 2 entitled "Privacy and Technology: Looking Back, Looking Ahead" at the National Press Club in Washington, DC. Members of EPIC's advisory board discussed the challenges of new technologies as they relate to privacy and surveillance, the role of law in safeguarding freedom, and the role of technology in safeguarding freedom. In talking about new technologies as they relate to privacy and surveillance, many panelists, including Professor Daniel Solove of Seton Hall Law School, discussed the risks of the Defense Department's proposed Terrorism Information Awareness (TIA) system and the government's expanding use of third-party information brokers. Dr. Barbara Simons of the U.S. Association of Computing Machinery discussed data mining problems and issues related to false positive results. She also noted how often a technology bias leads toward technological solutions to problems that would best be solved by non-technological means. Professor Oscar Gandy of the University of Pennsylvania's Annenberg School of Communication concluded the panel by comparing industrialization's impact on the environment with the negative externalities on privacy produced by government security technologies. Regarding the role of law in safeguarding freedom, Professor Jerry Kang of the UCLA Law School presented two different visions of pervasive computing and how they might alter legal paradigms. Professor Anita Ramasatry of the University of Washington Law School expressed concern over a lack of due process in current security systems, while Judith Krug, the Director of the American Library Association's Office for Intellectual Freedom, discussed efforts to modify Section 215 of the PATRIOT Act, which allows authorities to examine book sales and library records. When it came to the role of technology in safeguarding freedom, Professor Ann Bartow of the University of South Carolina School of Law discussed how the Digital Millennium Copyright Act in some cases prevents users from fully understanding the technology that they use. Dr. David Chaum's discussion centered on voting technology and the simultaneous need for voter anonymity and voting audit trails. Dr. Peter Neumann's opening presentation also discussed the issue of ensuring privacy and integrity in the voting process. The conference concluded with Dr. Bruce Schneier, Chief Technology Officer of Counterpane Internet Security, who presented a five-part framework for analyzing the nature of security threats and determining the suitability of security solutions. EPIC Privacy and Technology Conference Website: http://www.orwell2003.org/ ====================================================================== [2] Ashcroft Testifies on PATRIOT Act Implementation ====================================================================== After a long hiatus, Attorney General Ashcroft appeared before the House Judiciary Committee to answer questions concerning the Justice Department's implementation of the controversial USA PATRIOT Act. Ashcroft began his testimony by stating that terrorists still pose a significant threat to American security. He said that without the tools provided by the PATRIOT Act, combating terrorism would be difficult if not "impossible." He warned Committee members that, "As we consider the Constitutional methods we use to fight the enemies of freedom, we must remember that terrorism threatens our future." Ashcroft concluded his testimony by describing measures to expand the PATRIOT Act, including adding to the definition of "material support to terrorists" punishable under the Act, increasing the maximum penalties for terrorism, and allowing for pretrial detentions in terrorism cases. The House Judiciary Committee has been at the forefront of efforts to ensure legislative oversight of Executive Branch powers granted in the PATRIOT Act. Last month the Justice Department submitted written responses to a series of questions surrounding the implementation of the PATRIOT Act (See Alert 10.10). The questions from the Committee members during the hearing focused on the impact of the Department's policies on privacy and civil liberties. Rep. James Sensenbrenner (R-WI), chair of the Committee, said that his support of the PATRIOT Act was neither "perpetual, nor unconditional" and that he wanted to consider the long term effect of the measure even if might produce some short term results. Ranking member John Conyers (D-MI) reminded Ashcroft that America was "marching into history" and that the terrorists must be dealt with in the context of Constitutional values such as due process, which "separate us from our enemies." The first line of questioning focused on the legislative oversight of the Justice Department. Ashcroft acknowledged that he did not consult with members of Congress concerning his significant revisions of the Attorney General Guidelines governing security investigations. He promised to be more forthcoming with Congress in the future. Several members questioned the Attorney General concerning the use of library and bookstore records during investigations following passage of the PATRIOT Act. Rep. William Delahunt (D-MA) criticized the Justice Department's penchant for excessive secrecy saying, "It appears that the American people feel that the government is intent on prying into every nook and cranny of people's private lives, while at the same time doing all it can to block access to government information that would inform the American people about what is being done in their name." In response to a question about data mining, Ashcroft advocated a policy of "minimization." He noted that faulty data is a problem and said that the best safeguard is to ensure that the FBI obtains only information required for investigations. Ashcroft stated that he did not believe that FBI is conducting data mining on non-criminal suspects. In regards to the Terrorist Information Awareness system, Ashcroft recognized the need for operational safeguards, efficacy and accuracy of search tools, and security systems to prevent unauthorized access. The Attorney General was also repeated questioned about the Inspector General's report on the abusive practices concerning the September 11 detainees (see item below). Finally, a number of Committee members, instead of taking the opportunity to examine how the Justice Department is employing the sweeping anti-terrorism laws, asked a series of questions about the Department's effort to stop peer to peer file sharing of copyrighted material. Attorney General Ashcroft's Prepared Statement: http://www.house.gov/judiciary/ashcroft060503.htm EPIC PATRIOT Act page: http://www.epic.org/privacy/terrorism/usapatriot/ EPIC Attorney General Guidelines page: http://www.epic.org/privacy/fbi/ ====================================================================== [3] Inspector General Criticizes DOJ on September 11 Detainees ====================================================================== The Inspector General of the Department of Justice has released a 198-page report examining the treatment of people who were held on immigration charges in connection with the investigation of the September 11, 2001 terrorist attacks. The report details how the Justice Department used federal immigration laws to detain 762 persons, mostly of Arab or South Asian origin, who were suspected of having ties to the attacks or connections to terrorism, or who were simply encountered during the course of the FBI's inquiry into the attacks. The report highlights serious problems with the round-up and treatment of the 762 detainees, including arbitrary detentions, prolonged detentions, restrictive detention conditions, and in some instances physical and verbal abuse. The Office of Inspector General is an independent internal investigation unit within the Justice Department. The report, instigated by media reports and reports from human rights organizations, paints a picture of chaos immediately following the attacks, followed by a long period of negligence that left detainees in administrative limbo. Only after details of the abusive treatment emerged in the press did the Department begin to process the detainees more quickly in January 2002. DOJ has not apologized for its actions, but instead has taken the position that the crisis atmosphere immediately after September 11, and the fact that all the persons detained were in technical violation of immigration laws, makes it "unfair to criticize the conduct" of Department officials. The Department spokesperson said that, "We make no apologies for finding every legal way possible to protect the American public from further terrorist attacks." EPIC and a coalition of public interest groups is litigating under the Freedom of Information Act to require disclosure of the names of the detainees; the case is now pending before the D.C. Circuit Court of Appeals. According to the report, the Justice Department instituted a "no bond" policy for all detainees connected to the terrorism probe after the attacks -- even though immigration officials quickly questioned the policy's legality. Without bail, terrorism suspects remained in jail for an average of nearly three months, much longer than the FBI projected before it cleared most of them for release, the report said. In addition, detainees faced monumental difficulties and weeks of delay before they were allowed to make phone calls and find lawyers. Some were kept for months in cells illuminated 24 hours a day and were escorted in handcuffs, leg irons and waist chains. Most of the detainees were eventually found to have no connection to the terrorist attacks. The September 11 Detainees Report, Office of Inspector General: http://www.usdoj.gov/oig/special/0603/full.pdf CNSS/EPIC v. Department of Justice (detainee FOIA case): http://www.epic.org/open_gov/foia/cnss_v_doj.html ====================================================================== [4] FCC Opens Door to Media Consolidation ====================================================================== On June 2 the Federal Communications Commission voted 3-2 along party lines to relax the rules surrounding media ownership. The regulations, among other things, would permit a television station to own a newspaper in the same media market. The agency received an unprecedented 750,000 public comments, with 99 percent opposed to deregulation, but only held a single official hearing on the issue in Richmond, Virginia last winter. The Center for Public Integrity reports that in the months leading up to the final decision, agency staff met with senior industry lobbyists behind closed doors on 71 different instances, while they privately met with public interest advocates only 5 times. The FCC decision came under close scrutiny in the Senate Commerce Committee; at a hearing on June 3, several senators voiced their bipartisan opposition to the Commission's decision to promote media concentration. Lawmakers warned that the deregulation of the radio media market promoted significant consolidation, and that the new FCC rules could produce a similar environment for other media outlets. Consumers Union, the Media Access Project, and other public interest groups have begun a campaign to educate people about the consequences of the FCC decision and to mobilize a grassroots campaign to support stronger public interest regulations. The agency decision to deregulate is spurred by the belief that new information sources including cable, satellite, and Internet, allow for enough diversity and that dominance by a handful of media moguls should no longer be a concern. Critics charge that traditional media outlets continue to dominate how most people receive their news, and that the media giants in the offline world are using their position to extend their power in the online world. In addition, the FCC proposal to allow wireline broadband to be exempt from open access requirements would further consolidate the dominance of information providers who increasingly straddle the content and transmission industries. Public interest advocates contend that the FCC's commitment to media deregulation does not serve the important public interest values, including localism, diversity, and competition. "This is the most sweeping and destructive rollback of consumer protection rules in the history of American broadcasting," said Commissioner Adelstein who voted against the measure. FCC Press Release on Decision: http://www.epic.org/redirect/fcc_press.html (PDF) "Behind Closed Doors," Center for Public Integrity Report: http://www.epic.org/redirect/CPI_report.html FCC Critique, Consumer Federation of America and Consumers Union: http://www.consumerfed.org/FCCcritique.05.21.03.pdf ====================================================================== [5] Council of Europe Adopts Declaration of Freedom on the Internet ====================================================================== The Council of Europe (CoE) Committee of Ministers adopted on May 28 a "Declaration on Freedom of Communication on the Internet" that establishes seven principles underlining freedom of communication, and condemns practices aimed at restricting or controlling Internet access, especially for political reasons. Most notable among the principles enshrined in the Declaration is the acknowledgement that CoE Member States must respect Internet users' anonymity, "in order to ensure protection against online surveillance and to enhance the free expression of information and ideas." Another principle condemns the practice of governmental blocking and filtering measures ordered preventively, that is, before any decision is taken by competent national authorities on the illegality of a web site. The Declaration recommends that Internet content, if it is to be removed or blocked, must be clearly identified, and that Article 10, paragraph 2 of the Convention for the Protection of Human Rights and Fundamental Freedoms be followed. The declaration also tackles the issue of the liability of service providers for Internet content by providing that CoE Member States should not impose on service providers a general obligation to monitor content on the Internet to which they give access, that they transmit or store, closely following in that the legal framework of the EU E-Commerce Directive (2000/31/EC). However, contrary to the Directive, the Council of Europe emphasizes that where CoE Member States regulate at the national level the obligations of service providers, they need to protect the freedom of expression and the rights of users to information. The Council of Europe is an intergovernmental organization formed in 1949 by West European countries that is currently composed of 45 member countries from across Europe. Its main role is "to strengthen democracy, human rights and the rule of law throughout its Member states," which it does mainly by promoting the binding rules of the European Convention for the Protection of Human Rights and Fundamental Freedoms of 1950 (ECHR), an international convention covering a wide range of civil and political rights that is enforced by the European Court of Human Rights in Strasbourg. Council of Europe Declaration (May 28, 2003): http://www.epic.org/redirect/CoE_declaration.html EPIC Page on Anonymity: http://www.epic.org/free_speech/default.html#anonymity EPIC's Filters & Freedom 2.0: http://www.epic.org/bookstore/filters2.0/ ====================================================================== [6] News in Brief ====================================================================== Tivo Sells Viewing Data Tivo, a company that sells digital video recorders, announced this week that the company will sell aggregate information collected from customers' viewing habits. Tivo's product is capable of tracking individuals' second-by-second viewing behaviors, and whether commercials were skipped using the device. Tivo claims that the information sold to advertisers will be anonymous, and not reveal personal or household-level viewing data. AOL/Microsoft Agreement on Digital Rights Management America Online and Microsoft came to an agreement last week that will result in the companies entering into a partnership to develop digital media initiatives. The move is likely to accelerate the development of Digital Rights Management (DRM) systems, many of which are privacy invasive and incompatible with fair use rights. Many DRMs, including systems developed by Microsoft, link individuals' identity to the content they choose, thus enabling tracking and profiling of intellectual pursuits. EPIC Digital Rights Management Page: http://www.epic.org/privacy/drm/ California Privacy Laws Advance This week, California Governor Gray Davis announced support for Sen. Jackie Speier's (D-San Francisco) financial information privacy bill, SB 1. The bill would improve notice requirements and require opt-in consent from the consumer before information could be sold to non-affiliates. Individuals could opt-out of affiliate sharing under the law, but a recent compromise would allow such sharing if the affiliates are in the same line of business. A second bill, SB 27, sponsored by Sen. Liz Figueroa (D-Fremont) passed the State Senate. That bill would require businesses to disclose whether personal information is being sold to marketers upon a consumer's request. If information is being sold, the business must also disclose the sources and recipients of the data and the actual information disclosed. Businesses could not condition a sale of a product on waving this rights of access, and a failure to comply with the law carries civil penalties. SB 1: http://www.epic.org/redirect/SB1.html SB 27: http://www.epic.org/redirect/SB27.html North Dakota Enacts Two Privacy Laws Rep. Jim Kasper (R-Fargo) has introduced three privacy bills in the North Dakota legislature, two of which are now law in that State. HB 1478 requires financial services institutions to obtain opt-in consent before exploiting personal information for joint marketing purposes. The law also requires a rulemaking to limit financial information sharing exemptions in the Gramm-Leach-Bliley Act of 1999. A second bill, HB 1179, requires a rulemaking that may result in the adoption of opt-in regulations for insurance industry sharing of information among non-affiliates. A third measure, HB 1477, would have restricted affiliate sharing and joint marketing agreements in the securities industry, but that bill failed narrowly in the State Senate. HB 1478: http://www.state.nd.us/lr/assembly/58-2003/bill_index/BI1478.html HB 1179: http://www.state.nd.us/lr/assembly/58-2003/bill_index/BI1179.html Industry Anti-Privacy Commercial in North Dakota: http://www.privacy.org/ndoptin.mpg ====================================================================== [7] EPIC Bookstore: Privacy Times ====================================================================== Privacy Times http://www.privacytimes.com/ Since 1981, Privacy Times has provided its readers with accurate reporting, objective analysis and thoughtful insight into the events that shape the ongoing debate over privacy. Publisher Evan Hendricks is a widely respected and thoughtful member of the privacy community. Privacy Times is the leading subscription-only newsletter covering privacy & Freedom of Information Law and policy. It is read largely by attorneys and professionals who must stay abreast of the legislation, litigation, and executive branch activities, as well as consumer news, technology trends and business developments. Subscriptions are also available for individuals. ================================ EPIC Publications: "The Privacy Law Sourcebook 2002: United States Law, International Law, and Recent Developments," Marc Rotenberg, editor (EPIC 2002). Price: $40. http://www.epic.org/bookstore/pls2002/ The "Physicians Desk Reference of the privacy world." An invaluable resource for students, attorneys, researchers and journalists who need an up-to-date collection of U.S. and International privacy law, as well as a comprehensive listing of privacy resources. ================================ "FOIA 2002: Litigation Under the Federal Open Government Laws," Harry Hammitt, David Sobel and Mark Zaid, editors (EPIC 2002). Price: $40. http://www.epic.org/bookstore/foia2002/ This is the standard reference work covering all aspects of the Freedom of Information Act, the Privacy Act, the Government in the Sunshine Act, and the Federal Advisory Committee Act. The 21st edition fully updates the manual that lawyers, journalists and researchers have relied on for more than 25 years. For those who litigate open government cases (or need to learn how to litigate them), this is an essential reference manual. ================================ "Privacy & Human Rights 2002: An International Survey of Privacy Laws and Developments" (EPIC 2002). Price: $25. http://www.epic.org/bookstore/phr2002/ This survey, by EPIC and Privacy International, reviews the state of privacy in over fifty countries around the world. The survey examines a wide range of privacy issues including data protection, telephone tapping, genetic databases, video surveillance, location tracking, ID systems and freedom of information laws. ================================ "Filters and Freedom 2.0: Free Speech Perspectives on Internet Content Controls" (EPIC 2001). Price: $20. http://www.epic.org/bookstore/filters2.0/ A collection of essays, studies, and critiques of Internet content filtering. These papers are instrumental in explaining why filtering threatens free expression. ================================ "The Consumer Law Sourcebook 2000: Electronic Commerce and the Global Economy," Sarah Andrews, editor (EPIC 2000). Price: $40. http://www.epic.org/cls/ The Consumer Law Sourcebook provides a basic set of materials for consumers, policy makers, practitioners and researchers who are interested in the emerging field of electronic commerce. The focus is on framework legislation that articulates basic rights for consumers and the basic responsibilities for businesses in the online economy. ================================ "Cryptography and Liberty 2000: An International Survey of Encryption Policy," Wayne Madsen and David Banisar, authors (EPIC 2000). Price: $20. http://www.epic.org/crypto&/ EPIC's third survey of encryption policies around the world. The results indicate that the efforts to reduce export controls on strong encryption products have largely succeeded, although several governments are gaining new powers to combat the perceived threats of encryption to law enforcement. ================================ EPIC publications and other books on privacy, open government, free expression, crypto and governance can be ordered at: EPIC Bookstore http://www.epic.org/bookstore/ "EPIC Bookshelf" at Powell's Books http://www.powells.com/features/epic/epic.html ====================================================================== [8] Upcoming Conferences and Events ====================================================================== June 23-27, 2003. Partenit, Crimea, Ukraine. For more information: http://www.itb.conferen.ru/eng/info_e.html Press Freedom on the Internet. The World Press Freedom Committee. June 26-28, 2003. New York, NY. For more information: mgreene@wpfc.org Building the Information Commonwealth: Information Technologies and Prospects for Development of Civil Society Institutions in the Countries of the Commonwealth of Independent States. Interparliamentary Assembly of the Member States of the Commonwealth of Independent States (IPA). June 30-July 2, 2003. St. Petersburg, Russia. For more information: http://www.communities.org.ru/conference/ O'Reilly Open Source Convention. July 7-11, 2003. Portland, OR. For more information: http://conferences.oreilly.com/oscon/ 1st Global Conference: Visions of Humanity in Cyberculture, Cyberpunk and Science Fiction. August 11-13, 2003. Prague, Czech Republic. For more information: http://www.inter-disciplinary.net/vhccsf03cfp.htm Integrating Privacy Into Your Overall Business Strategy: Complying with Privacy Legislation for Competitive Advantage. International Quality and Productivity Centre (IQPC Canada). July 9-10, 2003. Toronto, Canada. For more information: http://www.iqpc-canada.com/NA-1987-01 Chaos Communication Camp 2003: The International Hacker Open Air Gathering. Chaos Computer Club. August 7-10, 2003. Paulshof, Altlandsberg, Germany. For more information: http://www.ccc.de/camp/ WWW2003: 5th Annual Conference on World Wide Web Applications. Department of Information Studies, Rand Afrikaans University, and the Department of Information Systems and Technology, University of Durban-Westville. September 10-12, 2003. Durban, South Africa. For more information: http://www.udw.ac.za/www2003/ Making Intelligence Accountable, Oslo, Norway September 19-20, 2003. The Geneva Centre for the Democratic Control of Armed Forces. For more information: http://www.dcaf.ch/news/Intel%20Acct_Oslo%200903/ws_mainpage.html Privacy2003. Technology Policy Group. September 30-October 2, 2003. Columbus, OH. For more information: http://www.privacy2000.org/privacy2003/ ====================================================================== Subscription Information ====================================================================== Subscribe/unsubscribe via Web interface: http://mailman.epic.org/cgi-bin/mailman/listinfo/epic_news Subscribe/unsubscribe via e-mail: To: epic_news-request@mailman.epic.org Subject: "subscribe" or "unsubscribe" (no quotes) Automated help with subscribing/unsubscribing: To: epic_news-request@mailman.epic.org Subject: "help" (no quotes) Problems or questions? e-mail info@epic.org Back issues are available at: http://www.epic.org/alert/ The EPIC Alert displays best in a fixed-width font, such as Courier. ====================================================================== Privacy Policy ====================================================================== The EPIC Alert mailing list is used only to mail the EPIC Alert and to send notices about EPIC activities. We do not sell, rent or share our mailing list. We also intend to challenge any subpoena or other legal process seeking access to our mailing list. We do not enhance (link to other databases) our mailing list or require your actual name. In the event you wish to subscribe or unsubscribe your e-mail address from this list, please follow the above instructions under "subscription information". Please contact info@epic.org if you would like to change your subscription e-mail address, if you are experiencing subscription/unsubscription problems, or if you have any other questions. ====================================================================== About EPIC ====================================================================== The Electronic Privacy Information Center is a public interest research center in Washington, DC. It was established in 1994 to focus public attention on emerging privacy issues such as the Clipper Chip, the Digital Telephony proposal, national ID cards, medical record privacy, and the collection and sale of personal information. EPIC publishes the EPIC Alert, pursues Freedom of Information Act litigation, and conducts policy research. For more information, e-mail info@epic.org, http://www.epic.org or write EPIC, 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009. +1 202 483 1140 (tel), +1 202 483 1248 (fax). If you'd like to support the work of the Electronic Privacy Information Center, contributions are welcome and fully tax-deductible. Checks should be made out to "EPIC" and sent to 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009. Or you can contribute online at: http://www.epic.org/donate/ Your contributions will help support Freedom of Information Act and First Amendment litigation, strong and effective advocacy for the right of privacy and efforts to oppose government regulation of encryption and expanding wiretapping powers. Thank you for your support. ---------------------- END EPIC Alert 10.11 ---------------------- .