============================================================== @@@@ @@@@ @@@ @@@@ @ @ @@@@ @@@@ @@@@@ @ @ @ @ @ @ @ @ @ @ @ @ @@@@ @@@ @ @ @@@@@ @ @@@ @@@ @ @ @ @ @ @ @ @ @ @ @ @ @@@@ @ @@@ @@@@ @ @ @@@@ @@@@ @ @ @ ============================================================== Volume 4.11 July 23, 1997 -------------------------------------------------------------- Published by the Electronic Privacy Information Center (EPIC) Washington, D.C. http://www.epic.org/ ======================================================================= Table of Contents ======================================================================= [1] AOL to Sell Subscriber Telephone Numbers [2] Search Engine Rating Scheme Touted at White House [3] Another House Committee Approves SAFE Crypto Bill [4] FTC Acts on Kids' Privacy [5] Cellular Phone Group Asks FCC to Set Wiretap Standards [6] New Bills in Congress [7] New at the EPIC Bookstore [8] Upcoming Conferences and Events ======================================================================= [1] AOL to Sell Subscriber Telephone Numbers ======================================================================= In a quiet change to its privacy policy, America Online will soon be adding subscriber phone numbers to the list of personal information that it sells to direct marketers. The company may also match member lists against "publicly available third-party data" to develop lists for outside direct mail opportunities. Previously, AOL's privacy policy prevented the disclosure of subscriber telephone numbers, while allowing the company to sell member names and addresses. The new policy, which is to take effect on July 31, can be found in the relatively obscure "Terms of Service" area of the online service. No notice of the new policy has been provided on the "Welcome" screen where new AOL features are typically announced. The revised policy states that We make our mailing list (name and address) available to select independent companies that offer products and information we think may interest you. Additionally, we may make the list with telephone numbers available to companies with which AOL, Inc. has contractual marketing and online relationships for the purpose of permitting such companies to offer products and services over the telephone. AOL, Inc. may also match the Member lists against publicly available third-party data (demographic information, areas of interest, etc.) to develop lists for use by these companies. The new policy, which is to take effect on July 31, also points out that AOL discloses individual information in an aggregated form in order to describe its services to prospective partners, advertisers and other third parties. AOL may also use publicly available third-party data such as demographic information and areas of interest to assist AOL in their "programming, editorial research and to offer special opportunities to our Members." While AOL will generally not disclose "navigational" or "transactional" information (such as where you go or what you buy through AOL) to third parties, it may use such information to develop member lists for companies with which AOL has a contractual marketing relationship. For years (and most recently before the Federal Trade Commission), industry has argued that self-regulation and not legislation is the only way to ensure that businesses protect individual privacy in electronic media. If AOL's new privacy policy is representative of industry's vision of what self regulation entails, users may have real cause for concern. More information on online privacy is available at: http://www.epic.org/privacy/ ======================================================================= [2] Search Engine Rating Scheme Touted at White House ======================================================================= Leading industry groups suggested on July 16 that they may exclude material from widely used search engines unless the authors agree to attach subjective rating labels to all web pages and other online information. Less than three weeks after the Supreme Court struck down the Communications Decency Act, a far more sweeping proposal to restrict information available on the Internet -- "filtering," "blocking" and rating online content -- was touted at a White House summit meeting. Announcing the Administration's "Strategy for a Family Friendly Internet," President Clinton described the private sector initiative that will presumably preclude the need for new content-control legislation: For ["family-friendly"] controls to work to their full potential, we also need to encourage every Internet site, whether or not it has material harmful for young people, to label its own content as the Vice President described just a few moments ago. To help to speed the labeling process along, several Internet search engines -- the Yellow Pages of cyberspace, if you will -- will begin to ask that all Web sites label content when applying for a spot in their directories. I want to thank Yahoo, Excite and Lycos for this important commitment. You're helping greatly to assure that self- labeling will become the standard practice. And that must be our objective. While such an approach might seem preferable to CDA-type legislation at first glance, it raises the specter of an Internet where only the equivalent of "PG" rated content could be found through the search engines users have come to depend on. EPIC is encouraging users to contact the search services and oppose such rating requirements as fundamentally at odds with free speech principles. More information on filtering/blocking/rating, and contact information for the major search engines, is available at: http://www.epic.org/free_speech/censorware/ ======================================================================= [3] Another House Committee Approves SAFE Crypto Bill ======================================================================= The House International Relations Committee approved the SAFE encryption bill on July 22. The legislation, which had already been approved by the House Judiciary Committee, would substantially relax U.S. export controls on encryption. By a vote of 22-13, the committee rejected an amendment offered by Chairman Benjamin Gilman (R-NY) that would have permitted the President to maintain strict controls on the technology upon a finding that "the export of such items would adversely affect the national security." The Committee's rejection of Gilman's amendment was particularly significant, given that top officials from the FBI, National Security Council and the Drug Enforcement Agency took the unusual step of appearing before the panel to warn that use of encryption by criminals would hamper their ability to fight crime. Secretary of Defense William Cohen also transmitted a written appeal to the Committee members in which he urged rejection of the SAFE bill. While encryption reform efforts have moved forward in the House, prospects in the Senate are less promising. On June 18, the Senate Commerce Committee approved the Secure Public Networks Act (S. 909), which was introduced by Sens. Bob Kerrey (D-NE) and John McCain (R-AZ). That bill contains a number of coercive measures that would force widespread domestic adoption of key escrow encryption techniques The SAFE bill will now be considered by the Commerce, National Security, and Intelligence committees in the House, which are expected to vote on the legislation by early September. More information on the SAFE bill is available at: http://www.epic.org/crypto/ ======================================================================= [4] FTC Acts on Kids' Privacy ======================================================================= The Federal Trade Commission has found that a web site which collects data from kids and then sells it without notice is engaging in a deceptive business practice in violation of the Federal Trade Commission Act. The Center for Media Education brought the complaint against KidsCom on May 13, 1996, charging that the popular children's Web site was using deceptive and unfair practices to market to children. CME filed the petition in an effort to address the growing problem of deceptive and unfair marketing practices targeting children on the Web. The Commission's action marks the first formal articulation of policy by the agency's Bureau of Consumer Protection regarding what is permissible when marketing to children online. The FTC letter sets out broad principles that apply generally to online information collection from children. The FTC stated that: A practice is unfair under Section 5 if it causes, or is likely to cause, substantial injury to consumers which is not reasonably avoidable and is not outweighed by countervailing benefits to consumers or competition.(11) We believe that it would likely be an unfair practice in violation of Section 5 to collect personally identifiable information, such as name, e-mail address, home address or phone number, from children and sell or otherwise disclose such identifiable information to third parties without providing parents with adequate notice, as described above, and an opportunity to control the collection and use of the information. Because KidsCom changed the operation of its website after the CME complaint was filed, the FTC said that it would take no enforcement action. The FTC letter concluded: We will continue to monitor KidsCom, as well as other commercial Web site operators, to ascertain whether they may be engaged in deceptive or unfair practices. Hereafter, staff may recommend law enforcement proceedings against marketers who engage in deceptive information practices, or who unfairly use personally identifiable information collected from children. FTC Letter Ruling is available at: http://www.ftc.gov/os/9707/cenmed~1.htm CME Statement is available at: http://tap.epn.org/cme/ftc716.html ======================================================================= [5] Cellular Phone Group Asks FCC to Set Wiretap Standards ======================================================================= The Cellular Telephone Industry Association (CTIA) on July 16 asked the Federal Communications Commission to step in to help develop the standards for wiretapping under the Communications Assistance for Law Enforcement Act (CALEA). The telephone industry and the FBI have been quietly meeting for two years to develop the new standards required by the law. The CTIA is objecting to additional FBI demands not included in the law such as that cellular phones function as tracking devices. In a July 15 letter to FBI Director Louis Freeh, the head of CTIA, Thomas Wheeler, called the FBI position "intractable" and detailed how FBI and law enforcement objections prevent an industry-sponsored standard from being adopted. In response, the Bureau called the CTIA action a "short circuit" of the standards process and denied that it was seeking additional powers. Both the industry position and the FBI demands are problematic from a privacy perspective, as both would facilitate easier wiretapping and the collection of transactional information. CALEA requires that all telecommunications providers redesign their systems by October 1998 to make wiretapping of new communications technologies easier. Phone companies are eligible to receive $500 million from the FBI to implement the new systems. More information on CALEA and wiretapping is available from: http://www.epic.org/privacy/wiretap/ ======================================================================= [6] New Bills in Congress ======================================================================= H.R. 2180. On-Line Copyright Liability Limitation Act. Would limit liability for online service providers that are not aware that copyrighted materials are going over their networks. Introduced by Rep. Coble (R-NC) on July 16. Referred to the Committee on the Judiciary. H.R.2198. Genetic Privacy and Nondiscrimination Act of 1997. Would limit use and disclosure of genetic information by health insurance companies; prohibit employers from attempting to acquire, or to use, genetic information, or "to require a genetic test of an employee or applicant for employment" or to disclose the information. Introduced by Rep. Stearns (R-FL) on July 17. Referred to the Committee on Commerce, and in addition to the Committees on Government Reform and Oversight, Education and the Workforce, and Veterans' Affairs. An up-to-date list of pending legislation is available at: http://www.epic.org/privacy/bill_track.html ======================================================================= [7] New at the EPIC Bookstore ======================================================================= The EPIC Bookstore includes a wide range of books on privacy, cryptography and free speech that can be ordered online. Many of the books are available at up to 40 percent off list price. New titles include: "Protect Your Privacy on the Internet" by Bryan Pfaffenberger "Digital Cash" by Peter Wayner "Contested Commodities" by Margaret Jane Radin Other popular titles: "The Right to Privacy" by Ellen Alderman & Caroline Kennedy "Who Knows: Safeguarding Your Privacy in a Networked World" by Ann Cavoukian & Don Tapscott "Applied Cryptography, 2nd Edition" by Bruce Schneier We are also now featuring _The Tin Drum_ by Gunther Grass. The novel, a bizarre but extraordinary diary of a young boy who refuses to grow up during the rise and fall of Nazi Germany, is considered by some the greatest German novel written since WWII. In 1979, the film version of the Tin Drum received an Academy Award for Best Foreign Film. However, in recent months, groups that oppose "pornography" have persuaded the Oklahoma City Library to remove copies of the film from the public library. For this reason, we are now making the book available at the EPIC Bookstore. Support the Freedom to Read. Check out the EPIC Bookstore at: http://www.epic.org/bookstore/ ======================================================================= [8] Upcoming Conferences and Events ======================================================================= Hacking In Progress. August 8-10, 1997. Almere, Netherlands. Sponsored by Hac-Tic. Contact: http://www.hip97.nl/ Beyond HOPE. August 8-10, New York City. Sponsored by 2600. Contact: http://www.hope.net. TELECOM Interactive 97. September 8-14, 1997. Geneva, Switzerland. Sponsored by the International Telecommunications Union. Contact: telecom-interactive@itu.int or http://gold.itu.int/TELECOM/int97/ AST3: Cryptography and Internet Privacy. September 15, 1997. Brussels, Belgium. Sponsored by Privacy International. Contact: pi@privacy.org. http://www.privacy.org/pi/conference/brussels/ 19th Annual International Privacy and Data Protection Conference. September 17-18, 1997. Brussels, Belgium. Sponsored by Belgium Data Protection and Privacy Commission. Email privacy@infoboard.be International Conference on Privacy. September 23-26, 1997. Montreal, Canada. Sponsored by the Commission d'Acces a l'information du Quebec. http://www.confpriv.qc.ca/ Managing the Privacy Revolution '97. October 21-23, 1997. Washington, DC. Sponsored by Privacy and American Business. Contact: http://shell.idt.net/~pab/conf97.html RSA'98 -- The 1998 RSA Data Security Conference. January 12-16, 1998. San Francisco, CA. Contact kurt@rsa.com or http://www.rsa.com/conf98/ (Send calendar submissions to alert@epic.org) ======================================================================= The EPIC Alert is a free biweekly publication of the Electronic Privacy Information Center. To subscribe, send email to epic-news@epic.org wih the subject: "subscribe" (no quotes) or use the subscription form at: http://www.epic.org/alert/subscribe.html Back issues are available at: http://www.epic.org/alert/ ======================================================================= The Electronic Privacy Information Center is a public interest research center in Washington, DC. It was established in 1994 to focus public attention on emerging privacy issues such as the Clipper Chip, the Digital Telephony proposal, national ID cards, medical record privacy, and the collection and sale of personal information. EPIC is sponsored by the Fund for Constitutional Government, a non-profit organization established in 1974 to protect civil liberties and constitutional rights. EPIC publishes the EPIC Alert, pursues Freedom of Information Act litigation, and conducts policy research. For more information, e-mail info@epic.org, http://www.epic.org or write EPIC, 666 Pennsylvania Ave., SE, Suite 301, Washington, DC 20003. +1 202 544 9240 (tel), +1 202 547 5482 (fax). If you'd like to support the work of the Electronic Privacy Information Center, contributions are welcome and fully tax-deductible. Checks should be made out to "The Fund for Constitutional Government" and sent to EPIC, 666 Pennsylvania Ave., SE, Suite 301, Washington DC 20003. Individuals with First Virtual accounts can donate at http://www.epic.org/epic/support.html Your contributions will help support Freedom of Information Act and First Amendment litigation, strong and effective advocacy for the right of privacy and efforts to oppose government regulation of encryption and funding of the National Wiretap Plan. Thank you for your support. ---------------------- END EPIC Alert 4.11 -----------------------
Alert Home Page | EPIC Home Page