=============================================================== @@@@ @@@@ @@@ @@@@ @ @ @@@@ @@@@ @@@@@ @ @ @ @ @ @ @ @ @ @ @ @ @@@@ @@@ @ @ @@@@@ @ @@@ @@@ @ @ @ @ @ @ @ @ @ @ @ @ @@@@ @ @@@ @@@@ @ @ @@@@ @@@@ @ @ @ =============================================================== Volume 4.17 December 22, 1997 --------------------------------------------------------------- Published by the Electronic Privacy Information Center (EPIC) Washington, D.C. http://www.epic.org/ ======================================================================= Table of Contents ======================================================================= [1] Global Coalition Urges Rejection of PICS [2] Survey Shows Internet Users Want Privacy Laws [3] EPIC/ACLU File Comments on CALEA Implementation [4] FTC on Kids Privacy [5] FTC Punts on Lookup Services [6] Champion of Open Government Dies [7] Last Minute Holiday Gifts at the EPIC Bookstore [8] Upcoming Conferences and Events ======================================================================= [1] Global Coalition Urges Rejection of PICS ======================================================================= In the latest show of opposition to Internet ratings and filtering, members of the Global Internet Liberty Campaign (GILC) have asked the World Wide Web Consortium (W3C) to reject a pending proposal for the implementation of PICS (Platform for Internet Content Selection). The proposed "PICSRules 1.1" guidelines would enable the rating of Web site content by either the page publisher or a third-party ratings group. Such ratings are recognized by PICS-compliant browsers (for example, Microsoft's Internet Explorer) or filtering software. In their December 14 submission, the GILC members (including EPIC) said that the pending guidelines, proposed by the W3C in November, would "prevent individuals from using the Internet to exchange information on topics that may be controversial or unpopular" and could be easily exploited as a censorship tool by repressive governments. "PICSRules 1.1 go far beyond the original objective of PICS to empower Internet users to control what they and those under their care access." According to the W3C, the pending PICS proposal "defines a language for writing profiles, which are filtering rules that allow or block access to URLs based on PICS labels that describe those URLs." The guidelines are under consideration by the W3C's PICS Profiles Language Working Group, which will announce the disposition of the proposal on December 28. The GILC members, representing users in the United States, Europe and Australia, oppose the adoption of PICSRules 1.1 "on the grounds that it will provide a tool for widespread global censorship." The groups noted that such a result would "conflict with the W3C's mission to 'realize the full potential of the Web as an efficient human-to-human communications medium.'" The text of the GILC submission is available at: http://www.gilc.org/speech/ratings/gilc-pics-submission.html ======================================================================= [2] Survey Shows Internet Users Want Privacy Laws ======================================================================= A new survey of 10,000 Internet users finds that there is strong support for new laws to protect privacy. The survey, conducted by the Graphic, Visualization, & Usability Center's lab at the Georgia Institute of Technology, found that many Internet users want new laws to protect privacy on the net. According to the GVU poll, most respondents agree strongly (39%) or somewhat (33%) that there should be new laws to protect privacy on the Internet while only 7% disagreed strongly Privacy has also switched places with free expression and is now the number one concern of Internet users. According to the eighth annual GVU poll, 30% of users identify privacy as the most important issue, followed by censorship at 24%. Internet users also expressed strong opposition to content providers selling personal information about the people who access their pages. Some 63% disagreed strongly with the practice and another 19% disagreed somewhat. At the same time, 64% of respondents agree strongly that they ought to have complete control over their demographic information. The main condition that users place on giving up information is that a statement be provided about how the information is going to be used (70%). That is followed by being informed about what is collected (52%) and that the data be used in aggregate form only (46%). Only 9% report that they wouldn't not give demographic data under any circumstances. Seventy-five percent disagreed with the statement that third party advertising agencies should be able to compile usage behavior across different web sites for direct marketing purposes. The main reason that respondents do not register with web sites is that they do not provide a clear statement on how the information is going to be used (66%). This is followed closely by the belief that it is not worth divulging personal data to access the site (63%) and not trusting the entity collecting the data (58%). Anonymity also was important to many respondents. Just over half agree that they prefer anonymous payment systems (51%), while a quarter are neutral. Most respondents agree (56%) that they should be able to take on different roles or aliases on the Internet and 27% agree strongly. There continues to be strong support for the privacy of email. Some 89% of respondents agree that they should be able to communicate over the Internet without others reading the content of email and 75% strongly agree. The GVU poll is consistent with a recent poll from Family PC magazine. That survey noted that when parents are asked what they found most troubling about the Internet for themselves, they cited abuse of personal information as their chief concern. Links to the GVU survey and previous polls and surveys are available at: http://www.epic.org/privacy/survey/ The Family PC poll is available at: http://www.zdnet.com/familypc/content/kidsafety/results.html ======================================================================= [3] EPIC/ACLU File Comments on CALEA ======================================================================= EPIC recently joined with the ACLU in submitting comments to the FCC on the Communications Assistance for Law Enforcement Act (CALEA). The comments ask the Commission to delay the implementation of CALEA until October 24, 2000. The comments were also joined by the Electronic Frontier Foundation. The comments point out numerous problems with the ongoing CALEA implementation process: 1. To date, the FBI has not met its public capacity notice requirements under the Act, which require law enforcement to quantify the actual and maximum technical needs for capacity, including projections with the number of anticipated interceptions. 2. Law enforcement is not permitted to dictate system design under CALEA, but has placed a choke hold on the process by repeatedly preventing the adoption of industry standards and creating a "wish list" of technically infeasible and costly requirements. In addition, it has become abundantly clear that the FBI is seeking unprecedented surveillance capabilities never envisioned by the Congress. The FBI has consistently requested that industry provide numerous capabilities for surveillance that go far beyond the current court-authorized electronic surveillance. 3. Congressional limitations on information subject to interception have been disregarded. CALEA requires the strengthening of privacy protections so that carriers do not intercept or disclose any information absent specific authorization. The additional surveillance features sought by the FBI contravene the Congress' intention to maintain current levels of surveillance and not expand them. A total of 31 comments were filed with the FCC. Meanwhile, the FBI continues to pressure industry standards committees to adopt its enhanced wiretap standards by having small local law enforcement agencies submit identical FBI-written ballots (a process described as ballot stuffing in Congressional testimony in October). In a standards vote organized by the Telecommunications Industry Association in October, the FBI and its law enforcement allies submitted 193 ballots opposing the industry standards. A copy of the ACLU/EPIC/EFF submission and more information on wiretapping and CALEA are available at: http://www.epic.org/privacy/wiretap/ ======================================================================= [4] FTC Warns Sites on Collecting Children's Information ======================================================================= The Federal Trade Commission staff announced last week the results of "Kids Privacy Surf Day," which was designed as a "snapshot" of children's Web sites' privacy practices. FTC staff found that approximately 86 percent of the sites surveyed were collecting personally identifiable information from children -- most without seeking parental permission or allowing parents to control the collection and use of the information. FTC staff surveyed 126 Web sites listed by "Yahooligans!," a popular directory of child-oriented sites. According to the FTC, the survey was a quick snapshot of what child-oriented Web sites are doing to inform parents about their information gathering practices. Approximately 86 percent of the sites surveyed were collecting personally identifiable information from children -- names, e-mail addresses, postal addresses and telephone numbers. Fewer than 30 percent of those sites collecting this personal data posted either a privacy policy or a confidentiality statement on their Web site. Four percent of those sites collecting personally identifiable information required parental authorization for the collection of the information. "Protecting children's privacy online is a high priority," said Jodie Bernstein, Director of the FTC's Bureau of Consumer Protection Bernstein. "Any company that engages in deceptive or unfair practices involving children violates the FTC Act. The FTC can bring legal action to halt such violations and seek an order imposing restrictions on future practices to ensure compliance with the FTC Act. The FTC staff last July issued an opinion letter to the Center for Media Education, describing certain information collection practices which could be found to be deceptive or unfair. FTC staff will send the Web sites surveyed in the Mini-Surf e-mail messages notifying them about the FTC staff opinion letter and the principles it contains. The messages note that according to FTC staff, (1) it is a deceptive practice expressly or impliedly to misrepresent the purpose for which personally identifiable information is being collected from children, and (2) it is likely to be an unfair practice to collect personally identifiable information from children and sell or otherwise disclose that information to third parties without providing parents with adequate notice and an opportunity to control the collection and use of the information. The e-mail also states that FTC staff has not determined that the online information collection practices of the site have violated federal law. The FTC Announcement is available at: http://www.ftc.gov/opa/9712/kids.htm The opinion letter in CME v. KidsCom is available at: http://www.ftc.gov/os/9707/cenmed~1.htm ======================================================================= [5] FTC Punts on Lookup Services ======================================================================= The Federal Trade Commission, which had been asked by Congress to investigate "possible violations of consumer privacy rights by companies that operate computer data bases," has decided instead to endorse industry guidelines that lack enforcement and provide no legal rights for aggrieved parties. The FTC recommendations come more than year after a public protest led Lexis/Nexis to remove Social Secuity Numbers from an on-line lookup service called P-TRAK. Members of the Senate Commerce Committee wrote to the FTC in October 1996 and asked the Commission to "investigate the compilation, sale, and usage of electronically transmitted data bases that include identifiable personal information of private citizens without their knowledge." The Commerce Committee specifically asked the FTC to investigate: (1). Is the non-consensual compilation, sale, and usage of data-base a violation of private citizens civil rights? (2). Are the data-bases subject to unlawful usage? Do they create an undue potential for fraud on consumers? (3). Are the compilation, sale and usage of consumers' personal data consistent with the Fair Credit Reporting Act and federal telemarketing regulations? (4). Are there ways consumers can prevent data- based service companies from including their personal background information in commercial data bases absent their content? Questions remain about how the guidelines will be enforced and the mew burden on consumers to control the misuse of personal information. The letter to FTC from Senate Commerce Committee is available at: http://www.epic.org/privacy/databases/ftc_databases.html The FTC Announcement is available at: http://www.ftc.gov/opa/9712/inrefser.htm ======================================================================= [6] Champion of Open Government Dies ======================================================================= We note with sadness the passing of former Rep. John E. Moss of California -- "the father of the Freedom of Information Act" -- who died in San Francisco on December 5 at the age of 82. During his 26-year tenure in Congress, Rep. Moss was a tireless champion of government accountability, consumer rights and the First Amendment. He played a leading role in enacting not only the FOIA, but also the Privacy Act of 1974, and was instrumental in establishing the Consumer Product Safety Commission in 1972 and the reform of the Federal Trade Commission. Rep. Moss struggled to create the FOIA for more than a decade before it became law in 1966. Amendments adopted in 1974 in the wake of Watergate strengthened it and broadened its effect. Rep. Moss believed that citizens have a right to the information maintained by their government and that enforcing that right is essential to a democracy. That concept was strongly opposed by the federal bureaucracy, successive Presidents and the leadership of both parties in Congress. Rep. Moss nonetheless persisted in advocating a strong open government law. More information on FOIA and open government is available at: http://www.epic.org/open_gov/ ======================================================================= [7] Last Minute Holiday Gifts at the EPIC Bookstore ======================================================================= It's not too late to visit the EPIC Bookstore for last minute holiday shopping. The EPIC Bookstore offers one of the most comprehensive collection of books on civil liberties, privacy, and on-line freedom available anywhere on the Internet today. Gift wrapping and express shipping available. Among our featured titles: *May It Please the Court: The First Amendment* by Peter Irons (editor). This collection focuses on sixteen key First Amendment cases illustrating the most controversial debates over issues of free speech, freedom of the press, and the right to assemble. Includes actual oral arguments made before the Supreme Court by well-known attorneys, along with transcripts placing speakers and cases in context. hardcover book; four 90-minute cassettes. *The Electronic Privacy Papers* by Bruce Schneier (Editor), David Banisar (Editor). Forward by Hon. John Anderson. The definitive collection of materials on the issues, players, and history of the battle for electronic privacy in the information age. Contain more than 700 pages of previously classified government documents, Congressional testimony, reports, and news items. *The Privacy Rights Handbook: How to Take Control of Your Personal Information* by Beth Givens. A consumer's guide to protecting privacy. Filled with advice and information about how you can protect your personal information. Covers medical records, bank records, credit reports, and more. *Digital Cash* by Peter Wayner. The second edition of the highly acclaimed Digital Cash is an updated and comprehensive guide to exchanging money over the Net. The EPIC Bookstore is located online at: http://www.epic.org/bookstore/ ======================================================================= [8] Upcoming Conferences and Events ======================================================================= Education in Computer Security Workshop, January 19-21, 1998. Pacific Grove, California. Sponsored by Naval Postgraduate School Center for INFOSEC. Contact: http://www.cs.nps.navy.mil/research/cisr/events/wecs98_announce.html RSA'98 -- The 1998 RSA Data Security Conference. January 12-16, 1998. San Francisco, CA. Contact kurt@rsa.com or http://www.rsa.com/conf98/ Financial Cryptography '98. February 23-26, 1998. Anguilla, BWI. http://www.cwi.nl/conferences/FC98 7th USENIX Security Symposium. January 26-29, 1998. San Antonio, TX Sponsored by USENIX & CERT. http://www.usenix.org/sec/sec98.html The Eighth Conference on Computers, Freedom & Privacy. February, 18-20, 1998. Austin, TX. Contact: mlemley@mail.law.utexas.edu. http://www.cfp.org/ ETHICOMP98 March 25-27,1998. Erasmus University The Netherlands. Sponsored by the Centre for Computing and Social Reponsibility Contact: http://www.ccsr.cms.dmu.ac.uk/conf/ccsrorgconf.html ACM Policy98. May 10-12, 1998. Washington, DC. Sponsored by ACM and USACM. http://www.acm.org/usacm/events/policy98/ (Send calendar submissions to alert@epic.org) ======================================================================= Subscription Information ======================================================================= The EPIC Alert is a free biweekly publication of the Electronic Privacy Information Center. To subscribe or unsubscribe, send email to epic-news@epic.org with the subject: "subscribe" (no quotes) or "unsubscribe". A Web-based form is available at: http://www.epic.org/alert/subscribe.html Back issues are available at: http://www.epic.org/alert/ ======================================================================= About EPIC ======================================================================= The Electronic Privacy Information Center is a public interest research center in Washington, DC. It was established in 1994 to focus public attention on emerging privacy issues such as the Clipper Chip, the Digital Telephony proposal, national ID cards, medical record privacy, and the collection and sale of personal information. EPIC is sponsored by the Fund for Constitutional Government, a non-profit organization established in 1974 to protect civil liberties and constitutional rights. EPIC publishes the EPIC Alert, pursues Freedom of Information Act litigation, and conducts policy research. For more information, e-mail info@epic.org, http://www.epic.org or write EPIC, 666 Pennsylvania Ave., SE, Suite 301, Washington, DC 20003. +1 202 544 9240 (tel), +1 202 547 5482 (fax). If you'd like to support the work of the Electronic Privacy Information Center, contributions are welcome and fully tax-deductible. Checks should be made out to "The Fund for Constitutional Government" and sent to EPIC, 666 Pennsylvania Ave., SE, Suite 301, Washington DC 20003. Individuals with First Virtual accounts can donate at http://www.epic.org/epic/support.html Your contributions will help support Freedom of Information Act and First Amendment litigation, strong and effective advocacy for the right of privacy and efforts to oppose government regulation of encryption and funding of the National Wiretap Plan. Thank you for your support. ---------------------- END EPIC Alert 4.17 -----------------------
Return to: