===============================================================
@@@@ @@@@ @@@ @@@@ @ @ @@@@ @@@@ @@@@@
@ @ @ @ @ @ @ @ @ @ @ @
@@@@ @@@ @ @ @@@@@ @ @@@ @@@ @
@ @ @ @ @ @ @ @ @ @ @
@@@@ @ @@@ @@@@ @ @ @@@@ @@@@ @ @ @
===============================================================
Volume 4.17 December 22, 1997
---------------------------------------------------------------
Published by the
Electronic Privacy Information Center (EPIC)
Washington, D.C.
http://www.epic.org/
=======================================================================
Table of Contents
=======================================================================
[1] Global Coalition Urges Rejection of PICS
[2] Survey Shows Internet Users Want Privacy Laws
[3] EPIC/ACLU File Comments on CALEA Implementation
[4] FTC on Kids Privacy
[5] FTC Punts on Lookup Services
[6] Champion of Open Government Dies
[7] Last Minute Holiday Gifts at the EPIC Bookstore
[8] Upcoming Conferences and Events
=======================================================================
[1] Global Coalition Urges Rejection of PICS
=======================================================================
In the latest show of opposition to Internet ratings and filtering,
members of the Global Internet Liberty Campaign (GILC) have asked the
World Wide Web Consortium (W3C) to reject a pending proposal for the
implementation of PICS (Platform for Internet Content Selection). The
proposed "PICSRules 1.1" guidelines would enable the rating of Web site
content by either the page publisher or a third-party ratings group.
Such ratings are recognized by PICS-compliant browsers (for example,
Microsoft's Internet Explorer) or filtering software.
In their December 14 submission, the GILC members (including EPIC) said
that the pending guidelines, proposed by the W3C in November, would
"prevent individuals from using the Internet to exchange information on
topics that may be controversial or unpopular" and could be easily
exploited as a censorship tool by repressive governments. "PICSRules
1.1 go far beyond the original objective of PICS to empower Internet
users to control what they and those under their care access."
According to the W3C, the pending PICS proposal "defines a language for
writing profiles, which are filtering rules that allow or block access
to URLs based on PICS labels that describe those URLs." The guidelines
are under consideration by the W3C's PICS Profiles Language Working
Group, which will announce the disposition of the proposal on December
28.
The GILC members, representing users in the United States, Europe and
Australia, oppose the adoption of PICSRules 1.1 "on the grounds that it
will provide a tool for widespread global censorship." The groups
noted that such a result would "conflict with the W3C's mission to
'realize the full potential of the Web as an efficient human-to-human
communications medium.'"
The text of the GILC submission is available at:
http://www.gilc.org/speech/ratings/gilc-pics-submission.html
=======================================================================
[2] Survey Shows Internet Users Want Privacy Laws
=======================================================================
A new survey of 10,000 Internet users finds that there is strong
support for new laws to protect privacy. The survey, conducted by the
Graphic, Visualization, & Usability Center's lab at the Georgia
Institute of Technology, found that many Internet users want new laws
to protect privacy on the net. According to the GVU poll, most
respondents agree strongly (39%) or somewhat (33%) that there should be
new laws to protect privacy on the Internet while only 7% disagreed
strongly
Privacy has also switched places with free expression and is now the
number one concern of Internet users. According to the eighth annual
GVU poll, 30% of users identify privacy as the most important issue,
followed by censorship at 24%.
Internet users also expressed strong opposition to content providers
selling personal information about the people who access their pages.
Some 63% disagreed strongly with the practice and another 19% disagreed
somewhat. At the same time, 64% of respondents agree strongly that
they ought to have complete control over their demographic information.
The main condition that users place on giving up information is that a
statement be provided about how the information is going to be used
(70%). That is followed by being informed about what is collected
(52%) and that the data be used in aggregate form only (46%). Only 9%
report that they wouldn't not give demographic data under any
circumstances. Seventy-five percent disagreed with the statement that
third party advertising agencies should be able to compile usage
behavior across different web sites for direct marketing purposes. The
main reason that respondents do not register with web sites is that
they do not provide a clear statement on how the information is going
to be used (66%). This is followed closely by the belief that it is
not worth divulging personal data to access the site (63%) and not
trusting the entity collecting the data (58%).
Anonymity also was important to many respondents. Just over half agree
that they prefer anonymous payment systems (51%), while a quarter are
neutral. Most respondents agree (56%) that they should be able to take
on different roles or aliases on the Internet and 27% agree strongly.
There continues to be strong support for the privacy of email. Some
89% of respondents agree that they should be able to communicate over
the Internet without others reading the content of email and 75%
strongly agree.
The GVU poll is consistent with a recent poll from Family PC magazine.
That survey noted that when parents are asked what they found most
troubling about the Internet for themselves, they cited abuse of
personal information as their chief concern.
Links to the GVU survey and previous polls and surveys are available
at:
http://www.epic.org/privacy/survey/
The Family PC poll is available at:
http://www.zdnet.com/familypc/content/kidsafety/results.html
=======================================================================
[3] EPIC/ACLU File Comments on CALEA
=======================================================================
EPIC recently joined with the ACLU in submitting comments to the FCC on
the Communications Assistance for Law Enforcement Act (CALEA). The
comments ask the Commission to delay the implementation of CALEA until
October 24, 2000. The comments were also joined by the Electronic
Frontier Foundation.
The comments point out numerous problems with the ongoing CALEA
implementation process:
1. To date, the FBI has not met its public capacity notice requirements
under the Act, which require law enforcement to quantify the actual and
maximum technical needs for capacity, including projections with the
number of anticipated interceptions.
2. Law enforcement is not permitted to dictate system design under
CALEA, but has placed a choke hold on the process by repeatedly
preventing the adoption of industry standards and creating a "wish
list" of technically infeasible and costly requirements. In addition,
it has become abundantly clear that the FBI is seeking unprecedented
surveillance capabilities never envisioned by the Congress. The FBI
has consistently requested that industry provide numerous capabilities
for surveillance that go far beyond the current court-authorized
electronic surveillance.
3. Congressional limitations on information subject to interception
have been disregarded. CALEA requires the strengthening of privacy
protections so that carriers do not intercept or disclose any
information absent specific authorization. The additional surveillance
features sought by the FBI contravene the Congress' intention to
maintain current levels of surveillance and not expand them.
A total of 31 comments were filed with the FCC. Meanwhile, the FBI
continues to pressure industry standards committees to adopt its
enhanced wiretap standards by having small local law enforcement
agencies submit identical FBI-written ballots (a process described as
ballot stuffing in Congressional testimony in October). In a standards
vote organized by the Telecommunications Industry Association in
October, the FBI and its law enforcement allies submitted 193 ballots
opposing the industry standards.
A copy of the ACLU/EPIC/EFF submission and more information on
wiretapping and CALEA are available at:
http://www.epic.org/privacy/wiretap/
=======================================================================
[4] FTC Warns Sites on Collecting Children's Information
=======================================================================
The Federal Trade Commission staff announced last week the results of
"Kids Privacy Surf Day," which was designed as a "snapshot" of
children's Web sites' privacy practices.
FTC staff found that approximately 86 percent of the sites surveyed
were collecting personally identifiable information from children --
most without seeking parental permission or allowing parents to control
the collection and use of the information. FTC staff surveyed 126 Web
sites listed by "Yahooligans!," a popular directory of child-oriented
sites.
According to the FTC, the survey was a quick snapshot of what
child-oriented Web sites are doing to inform parents about their
information gathering practices. Approximately 86 percent of the sites
surveyed were collecting personally identifiable information from
children -- names, e-mail addresses, postal addresses and telephone
numbers. Fewer than 30 percent of those sites collecting this personal
data posted either a privacy policy or a confidentiality statement on
their Web site. Four percent of those sites collecting personally
identifiable information required parental authorization for the
collection of the information.
"Protecting children's privacy online is a high priority," said Jodie
Bernstein, Director of the FTC's Bureau of Consumer Protection
Bernstein. "Any company that engages in deceptive or unfair practices
involving children violates the FTC Act. The FTC can bring legal
action to halt such violations and seek an order imposing restrictions
on future practices to ensure compliance with the FTC Act.
The FTC staff last July issued an opinion letter to the Center for
Media Education, describing certain information collection practices
which could be found to be deceptive or unfair.
FTC staff will send the Web sites surveyed in the Mini-Surf e-mail
messages notifying them about the FTC staff opinion letter and the
principles it contains. The messages note that according to FTC staff,
(1) it is a deceptive practice expressly or impliedly to misrepresent
the purpose for which personally identifiable information is being
collected from children, and (2) it is likely to be an unfair practice
to collect personally identifiable information from children and sell
or otherwise disclose that information to third parties without
providing parents with adequate notice and an opportunity to control
the collection and use of the information. The e-mail also states that
FTC staff has not determined that the online information collection
practices of the site have violated federal law.
The FTC Announcement is available at:
http://www.ftc.gov/opa/9712/kids.htm
The opinion letter in CME v. KidsCom is available at:
http://www.ftc.gov/os/9707/cenmed~1.htm
=======================================================================
[5] FTC Punts on Lookup Services
=======================================================================
The Federal Trade Commission, which had been asked by Congress to
investigate "possible violations of consumer privacy rights by
companies that operate computer data bases," has decided instead to
endorse industry guidelines that lack enforcement and provide no legal
rights for aggrieved parties.
The FTC recommendations come more than year after a public protest led
Lexis/Nexis to remove Social Secuity Numbers from an on-line lookup
service called P-TRAK.
Members of the Senate Commerce Committee wrote to the FTC in October
1996 and asked the Commission to "investigate the compilation, sale,
and usage of electronically transmitted data bases that include
identifiable personal information of private citizens without their
knowledge." The Commerce Committee specifically asked the FTC to
investigate:
(1). Is the non-consensual compilation, sale, and usage of data-base a
violation of private citizens civil rights?
(2). Are the data-bases subject to unlawful usage? Do they create an
undue potential for fraud on consumers?
(3). Are the compilation, sale and usage of consumers' personal data
consistent with the Fair Credit Reporting Act and federal telemarketing
regulations?
(4). Are there ways consumers can prevent data- based service companies
from including their personal background information in commercial data
bases absent their content?
Questions remain about how the guidelines will be enforced and the mew
burden on consumers to control the misuse of personal information.
The letter to FTC from Senate Commerce Committee is available at:
http://www.epic.org/privacy/databases/ftc_databases.html
The FTC Announcement is available at:
http://www.ftc.gov/opa/9712/inrefser.htm
=======================================================================
[6] Champion of Open Government Dies
=======================================================================
We note with sadness the passing of former Rep. John E. Moss of
California -- "the father of the Freedom of Information Act" -- who
died in San Francisco on December 5 at the age of 82. During his
26-year tenure in Congress, Rep. Moss was a tireless champion of
government accountability, consumer rights and the First Amendment. He
played a leading role in enacting not only the FOIA, but also the
Privacy Act of 1974, and was instrumental in establishing the Consumer
Product Safety Commission in 1972 and the reform of the Federal Trade
Commission.
Rep. Moss struggled to create the FOIA for more than a decade before it
became law in 1966. Amendments adopted in 1974 in the wake of
Watergate strengthened it and broadened its effect. Rep. Moss believed
that citizens have a right to the information maintained by their
government and that enforcing that right is essential to a democracy.
That concept was strongly opposed by the federal bureaucracy,
successive Presidents and the leadership of both parties in Congress.
Rep. Moss nonetheless persisted in advocating a strong open government
law.
More information on FOIA and open government is available at:
http://www.epic.org/open_gov/
=======================================================================
[7] Last Minute Holiday Gifts at the EPIC Bookstore
=======================================================================
It's not too late to visit the EPIC Bookstore for last minute holiday
shopping. The EPIC Bookstore offers one of the most comprehensive
collection of books on civil liberties, privacy, and on-line freedom
available anywhere on the Internet today. Gift wrapping and express
shipping available.
Among our featured titles:
*May It Please the Court: The First Amendment* by Peter Irons (editor).
This collection focuses on sixteen key First Amendment cases
illustrating the most controversial debates over issues of free speech,
freedom of the press, and the right to assemble. Includes actual oral
arguments made before the Supreme Court by well-known attorneys, along
with transcripts placing speakers and cases in context. hardcover book;
four 90-minute cassettes.
*The Electronic Privacy Papers* by Bruce Schneier (Editor), David
Banisar (Editor). Forward by Hon. John Anderson. The definitive
collection of materials on the issues, players, and history of the
battle for electronic privacy in the information age. Contain more than
700 pages of previously classified government documents, Congressional
testimony, reports, and news items.
*The Privacy Rights Handbook: How to Take Control of Your Personal
Information* by Beth Givens. A consumer's guide to protecting privacy.
Filled with advice and information about how you can protect your
personal information. Covers medical records, bank records, credit
reports, and more.
*Digital Cash* by Peter Wayner. The second edition of the highly
acclaimed Digital Cash is an updated and comprehensive guide to
exchanging money over the Net.
The EPIC Bookstore is located online at:
http://www.epic.org/bookstore/
=======================================================================
[8] Upcoming Conferences and Events
=======================================================================
Education in Computer Security Workshop, January 19-21, 1998. Pacific
Grove, California. Sponsored by Naval Postgraduate School Center for
INFOSEC. Contact:
http://www.cs.nps.navy.mil/research/cisr/events/wecs98_announce.html
RSA'98 -- The 1998 RSA Data Security Conference. January 12-16, 1998.
San Francisco, CA. Contact kurt@rsa.com or http://www.rsa.com/conf98/
Financial Cryptography '98. February 23-26, 1998. Anguilla, BWI.
http://www.cwi.nl/conferences/FC98
7th USENIX Security Symposium. January 26-29, 1998. San Antonio, TX
Sponsored by USENIX & CERT. http://www.usenix.org/sec/sec98.html
The Eighth Conference on Computers, Freedom & Privacy. February, 18-20,
1998. Austin, TX. Contact: mlemley@mail.law.utexas.edu.
http://www.cfp.org/
ETHICOMP98 March 25-27,1998. Erasmus University The Netherlands.
Sponsored by the Centre for Computing and Social Reponsibility Contact:
http://www.ccsr.cms.dmu.ac.uk/conf/ccsrorgconf.html
ACM Policy98. May 10-12, 1998. Washington, DC. Sponsored by ACM and
USACM. http://www.acm.org/usacm/events/policy98/
(Send calendar submissions to alert@epic.org)
=======================================================================
Subscription Information
=======================================================================
The EPIC Alert is a free biweekly publication of the Electronic Privacy
Information Center. To subscribe or unsubscribe, send email to
epic-news@epic.org with the subject: "subscribe" (no quotes) or
"unsubscribe". A Web-based form is available at:
http://www.epic.org/alert/subscribe.html
Back issues are available at:
http://www.epic.org/alert/
=======================================================================
About EPIC
=======================================================================
The Electronic Privacy Information Center is a public interest research
center in Washington, DC. It was established in 1994 to focus public
attention on emerging privacy issues such as the Clipper Chip, the
Digital Telephony proposal, national ID cards, medical record privacy,
and the collection and sale of personal information. EPIC is sponsored
by the Fund for Constitutional Government, a non-profit organization
established in 1974 to protect civil liberties and constitutional
rights. EPIC publishes the EPIC Alert, pursues Freedom of Information
Act litigation, and conducts policy research. For more information,
e-mail info@epic.org, http://www.epic.org or write EPIC, 666
Pennsylvania Ave., SE, Suite 301, Washington, DC 20003. +1 202 544 9240
(tel), +1 202 547 5482 (fax).
If you'd like to support the work of the Electronic Privacy Information
Center, contributions are welcome and fully tax-deductible. Checks
should be made out to "The Fund for Constitutional Government" and sent
to EPIC, 666 Pennsylvania Ave., SE, Suite 301, Washington DC 20003.
Individuals with First Virtual accounts can donate at
http://www.epic.org/epic/support.html
Your contributions will help support Freedom of Information Act and
First Amendment litigation, strong and effective advocacy for the right
of privacy and efforts to oppose government regulation of encryption
and funding of the National Wiretap Plan.
Thank you for your support.
---------------------- END EPIC Alert 4.17 -----------------------
Return to: