=============================================================
@@@@ @@@@ @@@ @@@@ @ @ @@@@ @@@@ @@@@@
@ @ @ @ @ @ @ @ @ @ @ @
@@@@ @@@ @ @ @@@@@ @ @@@ @@@ @
@ @ @ @ @ @ @ @ @ @ @
@@@@ @ @@@ @@@@ @ @ @@@@ @@@@ @ @ @
==============================================================
Volume 4.02 January 24, 1997
--------------------------------------------------------------
Published by the
Electronic Privacy Information Center (EPIC)
Washington, D.C.
http://www.epic.org/
=======================================================================
Table of Contents
=======================================================================
[1] Appeals Court Punts Crypto Export Case
[2] Stage Set for Supreme Court CDA Showdown
[3] FBI Releases New Wiretap Capacity Notice
[4] New Government Crypto Algorithm Sought
[5] States Introduce New Privacy Bills
[6] EPIC Congressional Bill Tracking
[7] Upcoming Conferences and Events
=======================================================================
[1] Appeals Court Punts Crypto Export Case
=======================================================================
The federal appeals court in Washington, DC has decided to sit out the
battle over encryption policy, at least for now. In a brief decision
issued on January 21, the court remanded Philip Karn's legal challenge
to encryption export controls back to the lower court (which rejected
Karn's claims last year). The court acted "in light of the recent
Executive Order transferring regulatory authority of non-military
cryptographic computer source code to the Commerce Department, and the
Commerce Department's promulgation of a new regulation [controlling
exports]." Despite a spirited discussion of the status of source code
under the First Amendment at the oral argument in the case on January
10, the court expressly declined to "reach the constitutional issues
raised by this appeal." EPIC, joined by the ACLU, Internet Society,
and the U.S. Public Policy Committee of the Association for Computing
Machinery, filed a "friend of the court" (amicus) brief in support of
Karn's position.
The court's decision returns the focus of attention to Congress, where
Sen. Conrad Burns will re-introduce the "Promotion of Commerce On-Line
in the Digital Era (Pro-CODE) Act" next week. Sen. Burns, joined by
Sen. Patrick Leahy, will appear via satellite at the RSA Data Security
Conference in San Francisco, following the keynote address of the
Administration's "crypto czar," Ambassador David Aaron. The Senators
are expected to announce a new legislative push for Pro-CODE, which
would substantially relax export controls on encryption.
A copy of the court's decision in the Karn case, and other materials
on cryptography export controls, is available at:
http://www.epic.org/crypto/export_controls/
=======================================================================
[2] Stage Set for Supreme Court CDA Showdown
=======================================================================
The U.S. Supreme Court has scheduled oral argument in Reno v. ACLU for
March 19 at 10 a.m. The decision in the landmark case will be the
high court's first pronouncement on the crucial issue of free speech
in cyberspace. The specific question before the Court is whether the
Communications Decency Act (CDA), which criminalizes the transmission
of "indecent" material via the Internet, violates the constitutionally
protected rights of net users. A three-judge court in Philadelphia
struck down the CDA last June, and the government appealed that ruling
to the Supreme Court.
In a brief filed on January 21, the Justice Department argues that the
full potential of the Internet can only be realized if parents can be
assured that their children will not be exposed to "indecency" on the
net. The government further contends that a system of "age
verification" could be imposed on websites to prevent minors from
accessing such material. Such a procedure would, among other things,
eliminate users' ability to receive information anonymously on the
Internet and require the maintenance of logs identifying all
recipients of material that might be deemed "indecent" or "offensive"
under the CDA.
Briefs challenging the CDA are due to be filed on February 20. EPIC
is participating as both plaintiff and co-counsel in Reno v. ACLU. An
extensive archive of materials on the case is available at:
http://www.epic.org/cda/
=======================================================================
[3] FBI Releases New Wiretap Capacity Notice
=======================================================================
On January 14, the Federal Bureau of Investigation released a revised
notice detailing the level of telecommunications surveillance it seeks
under the Communications Assistance for Law Enforcement Act of 1994
(the "digital telephony" law).
The notice is the Bureau's second attempt to set forth its demands for
increased surveillance capacity. The first notice, issued in October
1995, was widely criticized as an open-ended blueprint for a massive
expansion of law enforcement snooping. The new request, while somewhat
more clearly presented, also anticipates significant growth in
surveillance activity.
The new FBI notice calls for substantial increases in surveillance of
both landline and wireless communications over the next ten years,
with a total maximum capacity of 57,749 simultaneous intercepts to be
conducted in the United States. Calculating out the percentages
provided by the FBI, by 1998 the FBI anticipates an increase of 33
percent of landline interceptions and 70 percent of wireless phones.
By 2004, the Bureau estimates a total increase of 74 percent in
interceptions of landline phones and 277 percent in wireless phones.
Public comments on the FBI notice are due by February 17. They should
be submitted in triplicate to the Telecommunications Industry Liaison
Unit, Federal Bureau of Investigation, P.O. Box 220450, Chantilly, VA
20153-0450. A copy of the notice and is available at:
http://www.epic.org/privacy/wiretap/
=======================================================================
[4] New Government Crypto Algorithm Sought
=======================================================================
The U.S. National Institute of Standards and Technology (NIST) has
issued a notice calling for a new encryption algorithm to replace the
Data Encryption Standard (DES).
The new standard, to be called the Advanced Encryption Standard (AES)
must be a public, symmetric block cipher with a flexible key length,
that can be implemented into hardware or software and free from patent
restrictions.
The new algorithm reflects the failure of the Skipjack algorithm (that
was implemented in the Clipper Chip and the Fortezza card) to be
adopted by the marketplace. However, a separate NIST advisory
committee made up of government officials and supporters of key escrow
is developing a "key management infrastructure" that would be used
with the new algorithm.
A copy of the NIST notice is available at:
http://www.epic.org/crypto/aes_notice.html
=======================================================================
[5] State Privacy Roundup
=======================================================================
Nevada Junk Email Bill. In Nevada, Senator William Raggio, the
majority leader of the Nevada Senate, introduced a bill (S.B. 13) that
would prohibit sending unsolicited email for commercial purposes.
New Jersey Kids Privacy. In New Jersey, Sen. Robert W. Singer has
introduced the Children's Privacy Protection and Parental Empowerment
Act. The bill would prohibit marketers from disclosing information
about children without their parents' consent. It is based on the
federal bill introduced by Rep. Bob Franks.
California Car Tracking. In California, Sen. John Burton, chair of
the Judiciary Committee, plans to introduce legislation that would
prohibit police from placing tracking devices on people's cars
without a warrant. The bill was written after the Orange County
Registrar reported that police used hundreds of these devices each
year without ever informing the targets, their lawyers or the court.
Maryland Data Matching. The legislature is debating a bill to
authorize data matching of records using Social Security Numbers.
Clifford W. Layman, director of the Maryland Child Support Enforcement
Administration, testified that under the new federal welfare bill,
Maryland would loose $229 million in federal funds unless "the state
records social security numbers on marriage applications, divorce
decrees, paternity and support orders, death certificates and
drivers', professional and occupational license applications. The
state must also grant child support agencies authority to sift through
utility, cable and financial company information to search for
non-paying parents."
=======================================================================
[6] EPIC Congressional Bill Tracking
=======================================================================
EPIC has created a bill tracking service for privacy and online civil
liberties bills introduced in the 105th Congress. The service links
to a copy of each bill, summarizes the relevant provisions, links to
any floor statements, analysis or testimony and provides the name of
the sponsor and its current status.
The EPIC Online Guide to 105th Congress Privacy and Cyber-Liberties
Bills is available at:
http://www.epic.org/privacy/bill_track.html
=======================================================================
[7] Upcoming Conferences and Events
=======================================================================
1997 RSA Data Security Conference. January 28-31, 1997. San Francisco,
CA. Contact: http://www.rsa.com
Shaping the Future: Law, Electronic Commerce and the [Superhigh]way
Ahead. February 1, 1997. San Francisco, California. Sponsored by
Hastings Communications and Entertainment Law Journal,
Hewlett-Packard, and Wilson Sonsini Goodrich & Rosati. Contact: Curtis
Rau
Financial Cryptography 1997 (FC97). February 24-28, 1997. Anguilla,
BWI. Sponsored by the International Association for Cryptologic
Research. http://www.cwi.nl/conferences/FC97
DIAC- Community Space and CyberSpace- What's the Connection? March
1-2, 1997. Seattle, WA. Sponsored by CPSR. Contact:
http://www.scn.org/tech/diac-97/index.html
ACM'97 -- The Next 50 Years of Computing. March 3-5, 1997, San Jose,
CA. Sponsored by the Association for Computing. Contact:
http://www.acm.org/acm97.
CFP97: Commerce & Community. March 11-14, 1997. Burlingame,
California. Sponsored by the Association for Computing Machinery.
Contact: cfp97@cfp.org or http://www.cfp.org
Eurosec'97: the Seventh Annual Forum on Information Systems Quality
and Security. March 17-19, 1997. Paris, France. Sponsored by XP
Conseil. Contact: http://ourworld.compuserve.com/homepages/eurosec/
CYBER://CON.97: Rules for Cyberspace?:Governance, Standards and
Control June 4-7, 1997. Chicago, Illinois. Sponsored by the John
Marshall Law School. Contact: cyber97@jmls.edu.
Ethics in the Computer Society: The Second Annual Ethics and
Technology Conference. June 6-7, 1997. Chicago, Ill. Sponsored by
Loyola University Chicago. http://www.math.luc.edu/ethics97
INET 97 -- The Internet: The Global Frontiers. June 24-27, 1997. Kuala
Lumpur, Malaysia. Sponsored by the Internet Society. Contact:
inet97@isoc.org or http://www.isoc.org/inet97
Privacy laws & Business 10th Anniversary Conference. July 1-3, 1997.
St. John's College, Cambridge, England. Contact:
info@privacylaws.co.uk.
AST3: Cryptography and Privacy. September 15, 1997. Brussels, Belgium.
Sponsored by Privacy International and EPIC. Contact: pi@privacy.org.
19th Annual International Privacy and Data Protection Conference. Sept
17-18, 1997. Brussels, Belgium. Sponsored by Belgium Data Protection
Commission.
International Conference on Privacy. September 23-26, 1997. Montreal,
Canada. Sponsored by the Commission d'Acces a l'information du Quebec.
(Send calendar submissions to alert@epic.org)
=======================================================================
The EPIC Alert is a free biweekly publication of the Electronic
Privacy Information Center. To subscribe, send email to
epic-news@epic.org with the subject: "subscribe" (no quotes)
or use the subscription form at:
http://www.epic.org/alert/subscribe.html
Back issues are available via http://www.epic.org/alert/
=======================================================================
The Electronic Privacy Information Center is a public interest
research center in Washington, DC. It was established in 1994 to focus
public attention on emerging privacy issues such as the Clipper Chip,
the Digital Telephony proposal, national id cards, medical record
privacy, and the collection and sale of personal information. EPIC is
sponsored by the Fund for Constitutional Government, a non-profit
organization established in 1974 to protect civil liberties and
constitutional rights. EPIC publishes the EPIC Alert, pursues Freedom
of Information Act litigation, and conducts policy research. For more
information, email info@epic.org, HTTP://www.epic.org or write EPIC,
666 Pennsylvania Ave., SE, Suite 301, Washington, DC 20003. +1 202 544
9240 (tel), +1 202 547 5482 (fax).
If you'd like to support the work of the Electronic Privacy
Information Center, contributions are welcome and fully
tax-deductible. Checks should be made out to "The Fund for
Constitutional Government" and sent to EPIC, 666 Pennsylvania Ave.,
SE, Suite 301, Washington DC 20003. Individuals with First Virtual
accounts can donate at http://www.epic.org/epic/support.html
Your contributions will help support Freedom of Information Act and
First Amendment litigation, strong and effective advocacy for the
right of privacy and efforts to oppose government regulation of
encryption and funding of the National Wiretap Plan.
Thank you for your support.
---------------------- END EPIC Alert 4.02 -----------------------
