==============================================================
@@@@ @@@@ @@@ @@@@ @ @ @@@@ @@@@ @@@@@
@ @ @ @ @ @ @ @ @ @ @ @
@@@@ @@@ @ @ @@@@@ @ @@@ @@@ @
@ @ @ @ @ @ @ @ @ @ @
@@@@ @ @@@ @@@@ @ @ @@@@ @@@@ @ @ @
==============================================================
Volume 4.08 June 5, 1997
--------------------------------------------------------------
Published by the
Electronic Privacy Information Center (EPIC)
Washington, D.C.
http://www.epic.org/
=======================================================================
Table of Contents
=======================================================================
[1] FTC Privacy Hearings Set to Begin
[2] FBI Director Seeks Enhanced Surveillance Capabilities
[3] Cryptographers Call Key-Escrow Unworkable
[4] Anti-Spam Legislation Introduced
[5] Clinton Endorses Privacy Rights
[6] Annual U.S. Wiretap Report Released
[7] 1997 EPIC Cryptography Sourcebook Now Available
[8] Upcoming Conferences and Events
=======================================================================
[1] FTC Privacy Hearings Set to Begin
=======================================================================
The Federal Trade Commission will hold a week-long public workshop on
consumer privacy issues, beginning June 10. Topics will include
consumer privacy on-line, children's privacy, unsolicited email (spam),
and computer databases. Several surveys, reports, and proposals are
expected to be released. The hearing follows a similar hearing last
year when the FTC first began exploration of consumer privacy issues.
The Electronic Privacy Information Center will be participating in
several of the FTC panels. EPIC submitted comments to the FTC in which
it argued for an enforceable code of fair information practices and the
protection of anonymity on-line. EPIC said that "the best approach for
Internet privacy would be to develop a Code of Fair Information
Practices that would provide clear guidelines for users and service
providers. This is the approach that the United States had
historically taken in areas where there was public recognition of the
need to protect privacy interests. It is also the approach that many
countries are taking today to protect privacy interests in the online
world."
EPIC will be releasing a report on Internet Privacy at the National
Press Club on Monday, June 9. More details will be available at the
EPIC web site on Monday.
More information on the FTC Public Workshop on Consumer Privacy is
available at:
http://www.ftc.gov/bcp/privacy2/index.html
The EPIC FTC Privacy page (including our comments to the Commission) is
available at:
http://www.epic.org/privacy/internet/ftc/
=======================================================================
[2] FBI Director Seeks Enhanced Surveillance Capabilities
=======================================================================
Testifying before the Senate Judiciary Committee on June 4, FBI
Director Louis Freeh asserted that Congress must give the Bureau "the
capability to deal with current and future technology" by enhancing its
ability to conduct electronic surveillance. Specifically, Freeh called
for full funding of the controversial 1994 digital telephony law;
enactment of a "balanced legislative solution" to the encryption issue;
and new legal authority to conduct "multipoint electronic
surveillance."
On the encryption front, Freeh told the Committee that the nation is at
a "historical crossroads" on the issue and repeated his frequent claim
that "uncrackable encryption will allow drug lords, terrorists and even
gangs to communicate with impunity." The FBI Director touted
key-recovery techniques, criticized pending encryption legislation and
suggested a need for domestic controls:
Other than some kind of key recovery system, there is no
technical solution. Several bills have recently been introduced in
Congress that address certain aspects of the encryption issue. The
legislative proposals introduced thus far would largely remove
existing export controls on encryption and promote the widespread
availability and use of any type of encryption, regardless of the
impact on public safety and national security, and these proposals
do not address the public safety issue associated with the
availability and use of encryption within the United States.
The full text of Director Freeh's testimony is available at:
http://www.epic.org/crypto/legislation/freeh_6_4_97.html
=======================================================================
[3] Cryptographers Call Key-Escrow Unworkable
=======================================================================
As the White House and the FBI continue to pursue a key-recovery
encryption policy, a new study provides important baseline information
for evaluating the implications of such an approach to security
technology.
On May 21, several distinguished cryptographers and computer scientists
released a new report, "The Risks of Key Recovery, Key Escrow, and
Trusted Third-Party Encryption." The report is the first in-depth
examination of the risks and implications of government-promoted
key-recovery systems. The report concludes that "the deployment of a
global key-recovery-based encryption infrastructure to meet law
enforcement's stated specifications will result in substantial
sacrifices in security and greatly increased costs to the end-user."
The authors note that "building a secure infrastructure of the
breathtaking scale and complexity demanded by these requirements is far
beyond the experience and current competency of the field."
The report's authors, recognized leaders in the cryptography and
computer science field, include Hal Abelson, Ross Anderson, Steven M.
Bellovin, Josh Benaloh, Matt Blaze, Whitfield Diffie, John Gilmore,
Peter G. Neumann, Ronald L. Rivest, Jeffrey I. Schiller and Bruce
Schneier.
The text of the report is available at:
http://www.crypto.com/key_study/report.shtml
=======================================================================
[4] Anti-Spam Legislation Introduced
=======================================================================
Two bills designed to regulate unsolicited commercial e-mail were
recently introduced in Congress. On May 23, Rep. Chris Smith (R-NJ)
introduced H.R. 1748, the Netizen Protection Act of 1997, while Sen.
Frank Murkowski (R-AK) introduced S. 771, the Unsolicited Commercial
Electronic Mail Choice Act of 1997 on May 21.
Both bills attempt to control "spam," or junk e-mail, through the
imposition of civil liability or civil penalties. However, the two
measures are fundamentally different in the way they attempt to control
unsolicited commercial e-mail. Smith's bill takes an "opt-in"
approach. This means that unsolicited commercial e-mail would be
prohibited unless a potential recipient gives his or her consent to
receive the communication. It also includes a provision permitting the
transmission of commercial e-mail where there is a pre-existing
business or personal relationship between the sender and the recipient.
Murkowski's bill contains an "opt-out" provision. This means that
unsolicited commercial e-mail could be sent unless a potential
recipient affirmatively indicates that they do not want to receive the
communication. Such a preference could be sent to the party sending the
unsolicited commercial e-mail or to the potential recipient's Internet
service provider. The bill would also require that a sender of
unsolicited commercial e-mail include the term "advertisement" in the
subject line as well as contact information and correct routing
information so recipients can identify and contact the sender.
If either of these bills become law, they could face Constitutional
challenges on the ground that they interfere with the sender's First
Amendment right to free speech. Senator Robert Torricelli (D-NJ) is
also planning to introduce a bill to regulate unsolicited commercial
e-mail, but the details are not yet available.
The text of the Smith bill is available at:
http://thomas.loc.gov/cgi-bin/query/z?c105:H.R.1748:
The text of the Murkowski bill is available at:
http://thomas.loc.gov/cgi-bin/query/z?c105:S.771:
=======================================================================
[5] Clinton Endorses Privacy Rights
=======================================================================
In a commencement address at Morgan State University on May 18,
President Clinton called privacy "one of our most cherished freedoms"
and said that technology should not "break down the wall of privacy and
autonomy free citizens are guaranteed in a free society." The speech
contained the most detailed references to personal privacy the
President has yet made:
Today, when marketers can follow every aspect of our
lives, from the first phone call we make in the morning
to the time our security system says we have left the house,
to the video camera at the toll booth and the charge slip we
have for lunch, we cannot afford to forget this most basic lesson.
As the Internet reaches to touch every business and every
household and we face the frightening prospect that private
information -- even medical records -- could be made instantly
available to the world, we must develop new protections for
privacy in the face of new technological reality.
The President also called for legislation to prohibit insurance
companies from using genetic screening information to determine the
premium rates or eligibility of Americans for health insurance.
The full text of the Presidential address is available at:
http://www.epic.org/privacy/laws/clinton_speech_5_18_97.html
=======================================================================
[6] Annual U.S. Wiretap Report Released
=======================================================================
The use of electronic surveillance for criminal and national security
investigations increased substantially in 1996, according to statistics
recently released by the Administrative Office of the U.S. Courts and
the Department of Justice.
Court orders for national security wiretaps and bugs approved under the
Foreign Intelligence Surveillance Act (FISA) increased at the greatest
rate, rising over 20 percent, from 697 orders in 1995 to 839 orders in
1996. Such orders are approved by the Foreign Intelligence
Surveillance Court, a secretive panel of nine judges appointed by the
Chief Justice of the United States. No FISA applications were denied
in 1996 -- indeed, the FISA court has never denied a request for a
surveillance order in its 20-year existence.
Court orders for electronic surveillance by state and federal agencies
for criminal purposes also increased, from 1058 in 1995 to 1150 in 1996
(a nine percent increase). However, for the first time in eight years,
a court denied a surveillance application. Extensions of surveillance
orders increased from 834 to 887. In all, interceptions were in effect
for a total of 43,635 days in 1996.
The vast majority of interceptions continued to occur in drug-related
cases: 71.4 percent (821 total) for drug investigations; 9.9 percent
(114) for gambling; 9.1 percent (105) for racketeering; 3.5 percent
(41) for homicide and assault and a few each for bribery, kidnapping,
larceny and theft, and loan sharking. No orders were issued for
"arson, explosives, and weapons" investigations.
Electronic surveillance continued to be relatively inefficient.
Overall, 2.2 million conversations were captured in 1996. A total of
1.7 million intercepted conversations were deemed not "incriminating"
by prosecutors. Each interception resulted in the capture of an
average of 1,969 conversations. Prosecutors reported that on average,
422 (21.4 percent) of the conversations were "incriminating." Federal
intercepts were particularly efficient, with only 15.6 percent of the
intercepted conversations reported as "incriminating."
More information on wiretapping is available at:
http://www.epic.org/privacy/wiretap/
=======================================================================
[7] 1997 EPIC Cryptography Sourcebook Now Available
=======================================================================
The 1997 edition of EPIC's "Cryptography and Privacy Sourcebook" is now
available. The 300-page volume contains an extensive collection of key
documents central to the controversies over privacy and security in the
Information Age. Included are reports, briefing papers, pending bills
and materials obtained under the Freedom of Information Act detailing
the development of U.S. government policy on encryption. As the
National Research Council has noted, "important source documents can be
found ... in the cryptography policy source books published annually by
the Electronic Privacy Information Center."
To order: send payment of $25 (check or cash) to Sourcebook, EPIC, 666
Pennsylvania Ave., S.E., Washington, DC 20003. Please allow three
weeks for delivery within the U.S.
=======================================================================
[8] Upcoming Conferences and Events
=======================================================================
Ethics in the Computer Society: The Second Annual Ethics and Technology
Conference. June 6-7, 1997. Chicago, Ill. Sponsored by Loyola
University Chicago. http://www.math.luc.edu/ethics97
Public Workshop on Consumer Privacy. June 10-13, 1997. Washington, DC.
Sponsored by the Federal Trade Commission. Contact:
http://www.ftc.gov/os/9703/privacy.htm
Cyberpayments 97. June 19-20, 1997. Washington, DC. Sponsored by NACHA.
Contact: http://www.nacha.org
INET 97 -- The Internet: The Global Frontiers. June 24-27, 1997. Kuala
Lumpur, Malaysia. Sponsored by the Internet Society. Contact:
inet97@isoc.org or http://www.isoc.org/inet97
Informational Meeting of the Global Internet Liberty Campaign (GILC).
June 25, 1997. INET 97, Putra World Trade Center, Kuala Lumpur,
Malaysia. Contact: rotenberg@epic.org.
Privacy Laws & Business 10th Anniversary Conference. July 1-3, 1997.
St. John's College, Cambridge, England. Contact:
info@privacylaws.co.uk.
4th Annual Privacy Issues Forum., July 10-11, 1997. Auckland, New
Zealand. Sponsored by NZ Privacy Commissioner. Contact: Terry Debenham,
Fax +649-302 2305 or email privacy@iprolink.co.nz.
Communities, Culture, Communication, and Computers (C**5): On the Role
of Professionals in the Information Age. August 20-22, 1997.
Paderborn, Germany. Sponsored by FIFF. Contact: c5@uni-paderborn.de
AST3: Cryptography and Internet Privacy. Sept. 15, 1997. Brussels,
Belgium. Sponsored by Privacy International. Contact: pi@privacy.org.
http://www.privacy.org/pi/conference/brussels/
19th Annual International Privacy and Data Protection Conference. Sept.
17-18, 1997. Brussels, Belgium. Sponsored by Belgium Data Protection
and Privacy Commission.
International Conference on Privacy. September 23-26, 1997. Montreal,
Canada. Sponsored by the Commission d'Acces a l'information du Quebec.
http://www.confpriv.qc.ca/
Managing the Privacy Revolution '97. October 21-23, 1997. Washington,
DC. Sponsored by Privacy and American Business. Contact:
http://shell.idt.net/~pab/conf97.html
(Send calendar submissions to alert@epic.org)
=======================================================================
The EPIC Alert is a free biweekly publication of the Electronic Privacy
Information Center. To subscribe, send email to epic-news@epic.org
with the subject: "subscribe" (no quotes) or use the subscription form
at:
http://www.epic.org/alert/subscribe.html
Back issues are available at:
http://www.epic.org/alert/
=======================================================================
The Electronic Privacy Information Center is a public interest research
center in Washington, DC. It was established in 1994 to focus public
attention on emerging privacy issues such as the Clipper Chip, the
Digital Telephony proposal, national ID cards, medical record privacy,
and the collection and sale of personal information. EPIC is sponsored
by the Fund for Constitutional Government, a non-profit organization
established in 1974 to protect civil liberties and constitutional
rights. EPIC publishes the EPIC Alert, pursues Freedom of Information
Act litigation, and conducts policy research. For more information,
e-mail info@epic.org, http://www.epic.org or write EPIC, 666
Pennsylvania Ave., SE, Suite 301, Washington, DC 20003. +1 202 544 9240
(tel), +1 202 547 5482 (fax).
If you'd like to support the work of the Electronic Privacy Information
Center, contributions are welcome and fully tax-deductible. Checks
should be made out to "The Fund for Constitutional Government" and sent
to EPIC, 666 Pennsylvania Ave., SE, Suite 301, Washington DC 20003.
Individuals with First Virtual accounts can donate at
http://www.epic.org/epic/support.html
Your contributions will help support Freedom of Information Act and
First Amendment litigation, strong and effective advocacy for the right
of privacy and efforts to oppose government regulation of encryption
and funding of the National Wiretap Plan.
Thank you for your support.
---------------------- END EPIC Alert 4.08 -----------------------
