============================================================== @@@@ @@@@ @@@ @@@@ @ @ @@@@ @@@@ @@@@@ @ @ @ @ @ @ @ @ @ @ @ @ @@@@ @@@ @ @ @@@@@ @ @@@ @@@ @ @ @ @ @ @ @ @ @ @ @ @ @@@@ @ @@@ @@@@ @ @ @@@@ @@@@ @ @ @ ============================================================== Volume 5.02 February 10, 1998 -------------------------------------------------------------- Published by the Electronic Privacy Information Center (EPIC) Washington, D.C. http://www.epic.org/ ======================================================================= Table of Contents ======================================================================= [1] New World Survey Finds Few Crypto Controls [2] McCain Introduces Internet School Filtering Act [3] U.S. Appeals Court Rules Secret Genetic Tests Violate Privacy [4] State Department Releases World Human Rights Report [5] Canada Proposes Comprehensive Privacy Law [6] Fingerprinting is on the Rise [7] New Congressional Bills and Upcoming Hearings [8] Upcoming Conferences and Events ======================================================================= [1] New World Survey Finds Few Crypto Controls ======================================================================= The Global Internet Liberty Campaign (GILC) has released the first comprehensive review of cryptography policies around the globe. "Cryptography and Liberty: An International Survey of Encryption Policy" is based on a survey of more than two hundred countries and regions. The purpose of the survey was to determine whether countries are limiting the availability of new technologies that are used by Internet users and others to protect personal privacy. According to the GILC report, most countries in the world do not have controls on the use of cryptography. "In the vast majority of countries, cryptography may be freely used, manufactured and sold without restriction." The report says that recent trends in cryptography policy suggest greater liberalization in the use of this technology, which was originally controlled during the Cold War for reasons of national security. A rough breakdown of the countries into five categories -- from "Red" through "Yellow" to "Green" -- indicating how restrictive the policies toward encryption are, found that most countries are grouped toward the "Green" end of the spectrum, while a handful of countries fall in the "Red" category. Those countries are Belarus, China, Israel, Pakistan, Russia and Singapore. The GILC report notes the "surprising" policies of the United States, given that "virtually all of the other democratic, industrial nations have few if any controls on the use of cryptography." The report suggest that the U.S. position may be explained by "the dominant role that state security agencies in the United States hold in the development of encryption policy." But the report warns that law enforcement agencies in the U.S. and elsewhere will continue to push for an encryption "key management infrastructure" that would expand electronic surveillance of private communications. The report concludes by urging the development of a public education campaign to inform various political, labor and social groups on the benefits of and techniques for using encryption. The GILC encryption survey is available on the Internet at: http://www.gilc.org/crypto/crypto-survey.html ======================================================================= [2] McCain Introduces Internet School Filtering Act ======================================================================= On February 9, Senator John McCain (R-AZ) introduced "The Internet School Filtering Act." The proposed legislation would require schools and libraries receiving federal Internet subsidies to install systems "to filter or block matter deemed to be inappropriate for minors." The bill is co-sponsored by Senators Ernest Hollings (D-SC), Dan Coats (R-IN) and Patty Murray (D-WA). Libraries would be required to certify that at least one computer uses a filtering system so that "it will be appropriate for minors' use." A library would have to inform the Federal Communications Commission within 10 days if it decided to change its filtering system or drop its use completely. A number of surveys have shown that all current filtering and rating systems block out thousands, if not millions, of web pages that are not obscene or indecent. A recent study of a popular filtered search engine conducted by EPIC found that it filtered out 99 percent of material on non-controversial topics such as the American Red Cross, the Boy Scouts, and pages created by elementary school students. More information on the McCain bill and filters is available from the Internet Free Express Alliance web page at: http://www.ifea.net/ ======================================================================= [3] U.S. Appeals Court Rules Secret Genetic Tests Violate Privacy ======================================================================= A federal appeals court ruled on February 3 that a government research laboratory that secretly tested employees for various genetic and medical conditions had violated their privacy. The U.S. Court of Appeals for the Ninth Circuit ruled that the testing of administrative and clerical workers for syphilis, sickle cell trait and pregnancy without their consent was a violation of Federal and State constitutional rights to privacy and the Civil Rights Act of 1964. The employees had consented to a general medical exam as a condition of being hired and filled out questionnaires. The court found the genetic tests were intrusive and that completing the questionnaire was not sufficient grounds to justify the intrusion: [I]t is not reasonable to infer that a person who answers a questionnaire upon personal knowledge is put on notice that his employer will take intrusive means to verify the accuracy of his answers. There is a significant difference between answering on the basis of what you know about your health and consenting to let someone else investigate the most intimate aspects of your life . . . That one has consented to a general medical examination does not abolish one's privacy right not to be tested for intimate, personal matters involving one's health -- nor does consenting to giving blood or urine samples, or filling out a questionnaire. As we have made clear, revealing one's personal knowledge as to whether one has a particular medical condition has nothing to do with one's expectations about actually being tested for that condition. The court also found that the state constitutional right to privacy was violated. In the matter of black and female employees who were given additional tests, the court found that those tests violated the Civil Rights Act of 1964. A claim based on the Americans with Disabilities Act was rejected. The appeals court directed the lower court to make additions findings on the adequacy of the notice given to the employees. More information on medical privacy is available at: http://www.epic.org/privacy/medical/ ======================================================================= [4] State Department Releases World Human Rights Report ======================================================================= The U.S. State Department released its annual Human Rights Guide on January 29, finding that privacy rights around the world were again widely violated. The report covers a wide range of issues, from disappearances to children's rights -- including free speech and privacy. Wiretaps continued to be abused around the world. The State Department reports that abuses of wiretapping occurred in 90 countries. The worst regions were Africa, the Middle East, Asia and many of the countries that made up the former Soviet Union. On a positive note, the situation in Latin America has improved markedly over the last few years. The report has some notable omissions. There is no mention of the European Court of Human Rights' finding that police in the United Kingdom had illegally wiretapped a police constable who had alleged sexual harassment. The report also omits a major decision by the Indian Supreme Court on illegal tapping in India. A number of countries limit use of the Internet. In Burma, a 1996 law requires government permission before accessing the Internet. In Eritrea, the government has prohibited online access outright. Singapore and China were also mentioned for their Internet controls. Many counties in the Middle East also limited access for various reasons. Other technologies are also limited. In many countries in the Middle East and Asia, the legality of satellite dishes is unclear. Iraqi and Burmese laws impose imprisonment for possession of the devices without government permission. Some countries, such as Bahrain, reportedly keep tight controls on dishes while others, such as Saudi Arabia and Syria, have regulations but do not seem to enforce them. Privacy and communications related excerpts from the State Department reports are available from the Privacy International Page at: http://www.privacy.org/pi/reports/ ======================================================================= [5] Canada Proposes Comprehensive Privacy Law ======================================================================= A Canadian task force has recommended that comprehensive privacy laws be enacted in Canada. The Task Force on Electronic Commerce made up of Industry Canada and Justice Canada found that for electronic commerce to succeed, "consumers, business and government ... need to feel confident about how our personal information is gathered, stored, and used." This can be achieved "by setting clear and predictable rules governing the protection of personal information." A major impetus for the effort is the European directive on privacy, which goes into effect in October 1998. The EU directive requires all counties in the European Union to enact strict privacy laws and to limit transfers to countries -- such as the U.S. and Canada -- which do not provide the same level of protection. In Canada, the federal Privacy Act only applies to government agencies. Only the Province of Quebec has adopted laws that protect the privacy of information held by private corporations. Outside of Quebec, the report found that protections, as in the U.S., are "sporadic and uneven." The task force recommended that a starting point for protections should be the Canadian Standards Association's Model Code for the Protection of Personal Information, which was adopted last year. However, the model code is only voluntary, so legislation is required to ensure that it is implemented widely and to provide for redress if it is violated. The paper seeks comments on a number of issues, including obligations of information holders, the power of agencies to investigate and enforce protections, who will have jurisdiction, and the cooperation between federal and provincial officials. Comments are due on March 27. A copy of the task force report is available at: http://strategis.ic.gc.ca/privacy/ ======================================================================= [6] Fingerprinting is on the Rise ======================================================================= Fingerprinting -- once reserved for suspected criminals -- is becoming a national plague. The FBI estimated that it will process 14 million requests for fingerprints. In January 1998, Michigan parents were outraged when administrators of the state's standardized education tests apparently broke the law by requiring 122,000 public school fifth-graders to submit their fingerprints without parental permission. The fingerprints were collected as part of a science segment in this year's Michigan Educational Assessment Program test. The 1985 Child Identification and Protection Act requires written permission for children to be fingerprinted unless the child is a delinquent or otherwise ordered to be fingerprinted by a judge. Many states are now using fingerprints for drivers licenses. This is in part being pushed by the American Association of Motor Vehicle Administrators (AAMVA). The AAMVA wants to develop standards so that information can be exchanged between agencies and jurisdictions. Banks in 27 states, under pressure from national and state banking associations, have instituted policies which require fingerprinting for some people who cash checks. In a recent survey, the California Public Interest Research Group (CALPIRG) found that only one year after the practice first began, nearly every large bank in California now requires a fingerprint to cash a non-account holder's check and at least one bank also requires all customers opening new accounts to provide fingerprints. The group warned that, if left unchecked, the trend will spread to all bank account holders and to other industries. Fingerprinting on driver's licenses has become increasingly controversial. In Georgia, a campaign to repeal the fingerprinting requirement for licenses is under way. A bill to repeal the law allowing the practice passed the State Senate last year. In Alabama, the Department of Public Safety scuttled a plan to fingerprint all driver's license applicants in 1997 after protests. In Washington State, a bill that would have required fingerprints on all driver's licenses was also rejected by the State Senate last year. ======================================================================= [7] New Congressional Bills and Upcoming Hearings ======================================================================= Upcoming Hearings * Senate * February 10, 1998. Commerce, Science and Transportation. To hold hearings to examine incidents of indecency on the Internet. SR-253. 9:30 a.m. February 10, 1998. Permanent Subcommittee on Investigations. To hold oversight hearings on fraud on the Internet. SD-342. 9:30 a.m. February 10, 1998. Commerce, Science and Transportation -- Science, Technology, and Space Subcommittee. To hold hearings to examine current computer security vulnerabilities within civilian Federal agencies and current activities to prevent unauthorized computer access. SR-253. 2:30 p.m. February 26, 1998. Labor and Human Resources. To resume hearings to examine the confidentiality of medical information. SD-430. 10 a.m. March 11, 1998. Judiciary Committee. Hearings on encryption policy. Sponsored by Senator Ashcroft and Leahy. * New Bills * H.R.3131. Makes reports written by the Congressional Research Service available to the public via the Internet. Introduced by Rep. Shays on January 28, 1998. Referred to the Committee on House Oversight. H. R. 3174. Requires electronic preservation and filing of reports filed with the Federal Election Commission by certain persons; to require such reports to be made available through the Internet; and for other purposes. Introduced by Rep. White (R-WA) on February 5, 1998. Referred to the Committee on House Oversight. S 1578. Makes reports written by the Congressional Research Service available to the public via the Internet. Introduced by Sen. McCain (R-AZ) on January 28, 1998. Referred to the Committee on Rules and Administration. S.1594. Digital Signature and Electronic Authentication Law (SEAL) of 1998. Facilitates the use of electronic authentication techniques by financial institutions. Introduced by Senator Bennett (R-UT) on February 2, 1998. Referred to the Committee on Banking, Housing, and Urban Affairs. ======================================================================= [8] Upcoming Conferences and Events ======================================================================= Cyber-Labels: For Better or For Worse? Jim Miller, World Wide Web Consortium, and Barry Steinhardt, Electronic Frontier Foundation. February 17, 1998. Sponsored by the Cyberspace Policy Institute. Contact: http://www.seas.gwu.edu/seas/institutes/cpi/ACTIVITIES/SEMINARS/ The Eighth Conference on Computers, Freedom & Privacy. February, 18-20, 1998. Austin, TX. Contact: mlemley@mail.law.utexas.edu. http://www.cfp98.org/ "Building Trust in Electronic Commerce" ICX London Conference - Digital Signatures and Trusted Third Parties One Whitehall Place, 19th February 1998. Westminster, London. Sponsored by International Commerce Exchange. Contact: http://www.icx.org Financial Cryptography '98. February 23-26, 1998. Anguilla, BWI. http://www.cwi.nl/conferences/FC98 Workshop on Societal, Ethical, and Policy Dimensions of Information Technology, Computer Science Dept, Princeton University, Feb. 28 -Mar 1. Contact: http://dimacs.rutgers.edu/Workshops/Ethical/index.html. ETHICOMP98 March 25-27,1998. Erasmus University The Netherlands. Sponsored by the Centre for Computing and Social Reponsibility Contact: http://www.ccsr.cms.dmu.ac.uk/conf/ccsrorgconf.html 1998 IEEE Symposium on IEEE Computer Society, Oakland, CA, May 3-6. Sponsored by IEEE and IACR. Contact: http://www.research.att.com/~reiter/oakland98.html ACM Policy98. May 10-12, 1998. Washington, DC. Sponsored by ACM and USACM. http://www.acm.org/usacm/events/policy98/ 1998 EPIC Cryptography and Privacy Conference. June 8, 1998. Washington, DC. Sponsored by EPIC, Harvard University and London School of Economics. Contact: info@epic.org INET'98, July 21-24, 1998, Geneva, Switzerland. Sponsored by Internet Society. http://www.isoc.org/inet98/ Advances in Social Informatics and Information Systems, Baltimore, MD, Aug. 14-16, 1998. Sponsored by the Association for Information Systems Contact: http://info.cwru.edu/rlamb/ais98cfp.htm CPSR Annual Conference - Internet Governance. Boston, Mass, Oct. 10-11. Sponsored by CPSR. contact: cpsr@cpsr.org (Send calendar submissions to alert@epic.org) ======================================================================= Subscription Information ======================================================================= The EPIC Alert is a free biweekly publication of the Electronic Privacy Information Center. To subscribe or unsubscribe, send email to epic-news@epic.org with the subject: "subscribe" (no quotes) or "unsubscribe". A Web-based form is available at: http://www.epic.org/alert/subscribe.html Back issues are available at: http://www.epic.org/alert/ ======================================================================= About EPIC ======================================================================= The Electronic Privacy Information Center is a public interest research center in Washington, DC. It was established in 1994 to focus public attention on emerging privacy issues such as the Clipper Chip, the Digital Telephony proposal, national ID cards, medical record privacy, and the collection and sale of personal information. EPIC is sponsored by the Fund for Constitutional Government, a non-profit organization established in 1974 to protect civil liberties and constitutional rights. EPIC publishes the EPIC Alert, pursues Freedom of Information Act litigation, and conducts policy research. For more information, e-mail info@epic.org, http://www.epic.org or write EPIC, 666 Pennsylvania Ave., SE, Suite 301, Washington, DC 20003. +1 202 544 9240 (tel), +1 202 547 5482 (fax). If you'd like to support the work of the Electronic Privacy Information Center, contributions are welcome and fully tax-deductible. Checks should be made out to "The Fund for Constitutional Government" and sent to EPIC, 666 Pennsylvania Ave., SE, Suite 301, Washington DC 20003. Individuals with First Virtual accounts can donate at http://www.epic.org/epic/support.html Your contributions will help support Freedom of Information Act and First Amendment litigation, strong and effective advocacy for the right of privacy and efforts to oppose government regulation of encryption and funding of the National Wiretap Plan. Thank you for your support. ---------------------- END EPIC Alert 5.02 -----------------------
Return to:
Alert Home Page | EPIC Home Page