=============================================================
@@@@ @@@@ @@@ @@@@ @ @ @@@@ @@@@ @@@@@
@ @ @ @ @ @ @ @ @ @ @ @
@@@@ @@@ @ @ @@@@@ @ @@@ @@@ @
@ @ @ @ @ @ @ @ @ @ @
@@@@ @ @@@ @@@@ @ @ @@@@ @@@@ @ @ @
==============================================================
Volume 4.03 February 27, 1997
--------------------------------------------------------------
Published by the
Electronic Privacy Information Center (EPIC)
Washington, D.C.
http://www.epic.org/
=======================================================================
Table of Contents
=======================================================================
[1] New Report Details FBI/European Tapping Agreements
[2] Airline Security Report Released
[3] Briefs Filed in Reno v. ACLU Internet "Indecency" Challenge
[4] Crypto Legislation Introduced
[5] Clipper Upgrade at DOD/Litigation Update
[6] State Department Reports Widespread Illegal Wiretapping Worldwide
[7] New Medical Privacy Survey
[8] Upcoming Conferences and Events
=======================================================================
[1] New Report Details FBI/European Tapping Agreements
=======================================================================
A report issued on Feb. 24 by Statewatch, a London-based advocacy
organization, shows that the FBI has been working with its counterparts
in the European Union for five years to create a "global tapping
system." The report reveals the existence of a Memorandum of
Understanding to ensure that surveillance of all existing and new
technologies is compatible and coordinated with the FBI's efforts to
advance its "digital telephony" agenda within the United States.
The FBI's plan is to facilitate wiretapping worldwide by pressuring
countries to harmonize national laws on interception; increase
cooperation of telecommunications providers; ensure equipment has
interception standards incorporated; and create de facto global
standards by persuading as many countries as possible to cooperate and
by providing compatible equipment to non-participating countries.
To achieve these goals, the FBI and its EU counterparts wrote a
resolution adopted by the Council of the European Union on "the lawful
interception of telecommunications." The Council issued the resolution
on Jan 17, 1995 (unpublished until November 1996) and a Memorandum of
Understanding on the requirements that need to be adopted into all
laws. The MOU has been signed by the 15 member countries of the EU, and
the US. There have also been "expressions of support" from Australia,
Canada, and Norway. The FBI and EU have also pushed the requirements as
standards before the international telecommunications standards bodies
such as the ITU and pressured other countries to adopt them.
The requirements are almost exactly the same as the FBI demands for
digital telephony. They include "real-time access" to the "entire
telecommunication transmitted" sent to a "law enforcement monitoring
facility", access to all associated call data, geographic location
information for mobile phone users, decrypted information for all
operator-provided encryption, and response times "in urgent cases within
hours or minutes."
The report notes that even countries that do not agree will be
affected:
The strategy appears to be to first get the "Western world" (EU, US
plus allies) to agree to "norms" and "procedures" and then to sell
these products to Third World countries -- who even if they do not
agree to "interception orders" will find their telecommunications
monitored ... the minute it hits the airwaves.
The digital telephony proposal has received significant criticism in
the United States since its adoption in 1994. The FBI originally
claimed that law provided a mandate to simultaneously monitor a
significantly higher percentage of phone lines that is current practice
in the US. That interpretation was withdrawn after public protect.
The FBI then claimed that the law would require the development of a
global locator system based on the nation's telephone system. That
interpretation was also withdrawn after public protect. Several
members of Congress have said that they will oppose future funding of
the plan.
A copy of the Statewatch report, the Council of Europe Resolution and
more information is available at:
http://www.privacy.org/pi/activities/tapping/
=======================================================================
[2] Airline Security Report Released
=======================================================================
The White House Commission on Airline Safety and Security released its
final recommendations for improving airline security on February 12.
The recommendations include a call for the use of the controversial
technique of "profiling" passengers to determine if they are security
threats. This would involve creating new databases of passengers and
checking those systems each time a person flies. If the person fits the
profile, he or she would be subject to more intrusive searches and
questioning before being permitted to board a flight. The Commission
also recommended the use of security profiles developed by the FBI or
CIA.
At about the same time that the Commission report was released, the
Washington Post reported that Arab-Americans were often stopped at
airports by security officers.
EPIC has joined a coalition of 19 civil liberties, religious,
Arab-American and conservative organizations that sent a letter to Vice
President Gore addressing the privacy implications of the
recommendations. The letter urges that ID checks, profiling, and new
intrusive x-ray technology be rejected, and that all decisions of the
FAA that might affect civil liberties be open to public scrutiny.
More information on the issue, including the final report and the
coalition letter, are available at:
http://www.epic.org/privacy/faa/
=======================================================================
[3] Briefs Filed in Reno v. ACLU Internet "Indecency" Challenge
=======================================================================
The plaintiffs in the landmark case of Reno v. ACLU submitted their
briefs to the U.S. Supreme Court on February 20. The case, which will
be argued on March 19, presents the Court with its first opportunity to
apply the First Amendment to the Internet and will thus have a lasting
impact on the medium. The specific issue before the Court is whether a
special three-judge court in Philadelphia was correct when it enjoined
enforcement of the controversial Communications Decency Act (CDA) in a
ground-breaking decision issued last June.
The brief filed by the ACLU, EPIC and 18 other plaintiffs notes that
the lower court judges made hundreds of detailed factual findings about
the Internet to support their conclusion that the CDA is
unconstitutional. The court's findings conclusively show that it is
impossible for most speakers on the Internet to distinguish between
adults and minors in their audience, and therefore they cannot comply
with the CDA's prohibition against the dissemination of "indecent"
material to minors. The CDA would thus reduce all Internet
communication to a level that is suitable for children, a result that
the Supreme Court has consistently condemned.
The ACLU/EPIC brief also addresses the privacy implications of the CDA
-- a point often overlooked in the censorship debate. By making it a
crime to distribute certain information to minors, the CDA would
destroy anonymity on the Internet and mandate the use of age and
identity verification mechanisms to screen the online audience. The
brief argues that "it is unconstitutional to require adults to
'register' in order to gain access to constitutionally protected
speech" and that "a registration requirement would also prevent
Americans from exercising their First Amendment right to engage in
communication anonymously on the Internet."
Briefs were also submitted by the group of plaintiffs led by the
American Library Association, and dozens of individuals and
organizations who signed on to the eleven friend-of-the-court
("amicus") briefs filed in opposition to the CDA.
The ACLU/EPIC brief, as well as links to several of the other
submissions, are available at:
http://www.epic.org/cda/
=======================================================================
[4] Crypto Legislation Introduced
=======================================================================
Several bills have been introduced in Congress to liberalize export
control laws, protect the legal right to use all forms of encryption,
and to prevent the imposition of mandatory key escrow encryption. The
proposals would effectively end the attempt by the White House to force
the adoption of cryptographic techniques designed for third party
access.
On February 27, Senator Conrad Burns reintroduced the Pro-CODE
legislation to promote commerce and privacy on the Internet. Senator
Burns said that "support has been building in Congress every year and
will soon reach a critical mass as it becomes apparant that the
administration policy could devastate our high-tech sector and a vital
Internet." The bill has gained the support of twenty Senators.
However, one new provision in the bill would create a secret
Information Security Board that would give law enforcement agencies
special access to the development of new plans for privacy enhancing
technologies. EPIC has said that such a board should operate subject to
the Federal Advisory Committee Act, which requires that government
business be conducted in the open. EPIC also recommended that the board
be composed of a wide range of organizations, including users groups,
technical experts, and consumer advocates. At the same time that
Senator Burns introduced Pro-CODE, Senator Patrick Leahy (D-VT)
introduced the Encryption Communications Privacy Act. The bill would
protect the right to use encryption, but would criminalize the use of
encryption in furtherance of a crime and also sets up a legal framework
to promote key escrow.
Earlier this month, Rep. Bob Goodlatte (R-VA) re-introduced the Security
and Freedom Through Encryption (SAFE) Act (H.R. 695). The bill, which
has over 50 cosponsors, relaxes crypto export controls and prohibits
mandatory key escrow. It also creates new criminal penalties for using
encryption to further a criminal act.
More information on encryption policy is available from:
http://www.epic.org/crypto/
=======================================================================
[5] Clipper Upgrade at DOD/Litigation Update
=======================================================================
Federal Computer Week has reported that the Defense Department plans to
modify the Fortezza encryption card to no longer generate a "Law
Enforcement Access Field" or "LEAF." Fortezza was introduced as a
companion to the Clipper Chip and uses the same algorithm. Several
commentators suggested that this development signal the "death of
Clipper." In fact, the revision to Fortezza signals its movement
to Clipper 4.0.
Sources tell EPIC that the NSA is likely to adopt the "key recovery"
technology currently being promoted by the U.S. government for use in
the revised Fortezza card. The agency hopes that with the new cards, it
will be able to pressure other government agencies to adopt the
technology and expand the market for key recovery products, something
that it was unable to do with Fortezza and the Clipper Chip.
Meanwhile, the Federal court hearing the 1993 CPSR/EPIC FOIA case
seeking information on the Clipper Chip has ordered the National
Security Agency to submit additional information to the court. The
court found that the NSA failed to adequately explain why the documents
it is withholding should not be released. The agency must submit the
additional information by March 5.
And the U.S. Court of Appeals for the D.C. Circuit has modified its
order remanding the Karn v. Department of State case back down to the
District Court. The appellate court has now suggested that the trial
court examine the procedural and constitutional issues in more detail.
The ruling is somewhat more favorable to Phil Karn than was the
original order.
More information on the Karn case is available at:
http://www.qualcomm.com/people/pkarn/export/index.html
The EPIC Litigation Docket is available at:
http://www.epic.org/privacy/litigation/
=======================================================================
[6] State Department Reports Widespread Illegal Wiretapping Worldwide
=======================================================================
The U.S. State Department reports that privacy invasions and illegal
wiretapping were widespread across the world in 1996.
The "Country Reports for Human Rights Practices for 1996" find that
most countries in the world have constitutional and legal guarantees of
the right to privacy and the secrecy of mail and communications.
However, in over 90 countries, the survey reports that police, defense
and intelligence agencies routinely violate those rights to monitor
political opponents, human rights workers and journalists.
This report comes at the same time that the U.S. Justice Department
continues to push international organizations such as the OECD, G-7,
Council of Europe and others to promote wiretapping and to limit
technical tools to prevent illegal electronic surveillance.
Excerpts from the 1994, 1995 and 1996 State Department reports are
available at the Privacy International web page at:
http://www.privacy.org/pi/reports/
=======================================================================
[7] New Medical Privacy Survey
=======================================================================
The Center for Disease Control has released a new report on privacy
statutes in the United States. "The Legislative Survey of State
Confidentiality Laws, with Specific Emphasis on HIV and Immunization"
was prepared by Professor Lawrence Gostin of Georgetown University Law
Center, along with Zita Lazzarini of the Harvard School of Public
Health and Kathleen M. Flaherty of the Georgetown/Johns Hopkins Program
on Law and Public Health
The report examines current state and federal laws protecting the
confidentiality of health information. It focuses on four specific
areas: public health information held by government; privately held
health care information; HIV and AIDS-related information; and
immunization information.
The report is available at:
http://www.epic.org/privacy/medical/cdc_survey.html
=======================================================================
[8] Upcoming Conferences and Events
=======================================================================
DIAC- Community Space and CyberSpace- What's the Connection? March 1-2,
1997. Seattle, WA. Sponsored by CPSR. Contact:
http://www.scn.org/tech/diac-97/index.html
ACM'97 -- The Next 50 Years of Computing. March 3-5, 1997, San Jose,
CA. Sponsored by the Association for Computing. Contact:
http://www.acm.org/acm97.
CFP97: Commerce & Community. March 11-14, 1997. Burlingame, California.
Sponsored by the Association for Computing Machinery. Contact:
cfp97@cfp.org or http://www.cfp.org
Privacy Summit. March 15, 1997, Burlingame, California. 8.30 am - 10.30
am. Contact: akrause@igc.apc.org or dhurley@well.com
Eurosec'97: the Seventh Annual Forum on Information Systems Quality and
Security. March 17-19, 1997. Paris, France. Sponsored by XP Conseil.
Contact: http://ourworld.compuserve.com/homepages/eurosec/
CYBER://CON.97: Rules for Cyberspace?:Governance, Standards and
Control. June 4-7, 1997. Chicago, Illinois. Sponsored by the John
Marshall Law School. Contact: cyber97@jmls.edu.
Ethics in the Computer Society: The Second Annual Ethics and Technology
Conference. June 6-7, 1997. Chicago, Ill. Sponsored by Loyola
University Chicago. http://www.math.luc.edu/ethics97
INET 97 -- The Internet: The Global Frontiers. June 24-27, 1997. Kuala
Lumpur, Malaysia. Sponsored by the Internet Society. Contact:
inet97@isoc.org or http://www.isoc.org/inet97
Privacy laws & Business 10th Anniversary Conference. July 1-3, 1997.
St. John's College, Cambridge, England. Contact:
info@privacylaws.co.uk.
AST3: Cryptography and Internet Privacy. Sept. 15, 1997. Brussels,
Belgium. Sponsored by Privacy International and EPIC. Contact:
pi@privacy.org. http://www.privacy.org/pi/conference/brussels/
19th Annual International Privacy and Data Protection Conference. Sept.
17-18, 1997. Brussels, Belgium. Sponsored by Belgium Data Protection
and Privacy Commission.
International Conference on Privacy. September 23-26, 1997. Montreal,
Canada. Sponsored by the Commission d'Acces a l'information du Quebec.
(Send calendar submissions to alert@epic.org)
=======================================================================
The EPIC Alert is a free biweekly publication of the Electronic Privacy
Information Center. To subscribe, send email to epic-news@epic.org with
the subject: "subscribe" (no quotes) or use the subscription form at:
http://www.epic.org/alert/subscribe.html
Back issues are available at:
http://www.epic.org/alert/
=======================================================================
The Electronic Privacy Information Center is a public interest research
center in Washington, DC. It was established in 1994 to focus public
attention on emerging privacy issues such as the Clipper Chip, the
Digital Telephony proposal, national ID cards, medical record privacy,
and the collection and sale of personal information. EPIC is sponsored
by the Fund for Constitutional Government, a non-profit organization
established in 1974 to protect civil liberties and constitutional
rights. EPIC publishes the EPIC Alert, pursues Freedom of Information
Act litigation, and conducts policy research. For more information,
email info@epic.org, HTTP://www.epic.org or write EPIC, 666
Pennsylvania Ave., SE, Suite 301, Washington, DC 20003. +1 202 544 9240
(tel), +1 202 547 5482 (fax).
If you'd like to support the work of the Electronic Privacy Information
Center, contributions are welcome and fully tax-deductible. Checks
should be made out to "The Fund for Constitutional Government" and sent
to EPIC, 666 Pennsylvania Ave., SE, Suite 301, Washington DC 20003.
Individuals with First Virtual accounts can donate at
http://www.epic.org/epic/support.html
Your contributions will help support Freedom of Information Act and
First Amendment litigation, strong and effective advocacy for the right
of privacy and efforts to oppose government regulation of encryption
and funding of the National Wiretap Plan.
Thank you for your support.
---------------------- END EPIC Alert 4.03 -----------------------
