============================================================== @@@@ @@@@ @@@ @@@@ @ @ @@@@ @@@@ @@@@@ @ @ @ @ @ @ @ @ @ @ @ @ @@@@ @@@ @ @ @@@@@ @ @@@ @@@ @ @ @ @ @ @ @ @ @ @ @ @ @@@@ @ @@@ @@@@ @ @ @@@@ @@@@ @ @ @ ============================================================== Volume 5.05 April 23, 1998 -------------------------------------------------------------- Published by the Electronic Privacy Information Center (EPIC) Washington, D.C. http://www.epic.org/ *** 1998 EPIC Cryptography and Privacy Conference *** http://www.epic.org/events/crypto98/ ======================================================================= Table of Contents ======================================================================= [1] Daley Criticizes Crypto Policy, Doubts Self-Regulation [2] Court Finds AOL Immune From Libel Suit [3] Library Internet Filters Held to High Free Speech Test [4] New Report Finds E-FOIA Efforts Lacking [5] Court Rules Infrared Scanner Violates Fourth Amendment [6] IRS Audit Finds Lax Privacy Protections [7] New Congressional Bills and Upcoming Hearings [8] Upcoming Conferences and Events ======================================================================= [1] Daley Criticizes Crypto Policy, Doubts Self-Regulation ======================================================================= On April 15, Secretary of Commerce William Daley delivered a major speech on "The Emerging Digital Economy." Daley made a number of comments about privacy and encryption, and their roles in the emerging information economy. He described privacy as a "make or break issue" for electronic commerce and said that the White House was pursuing a policy of self-regulation, but that "industry has been slow to put protections in place." Daley asked industry to "move quickly to establish an overarching, self-regulatory effort that includes consumer representation." On the encryption issue, the Secretary was surprisingly candid. He described the effort to implement the current policy as a "failure," and warned that "our own paralysis has made it difficult to persuade other nations to pursue policies similar to our own." His comments contrasted sharply with other officials who have claimed that there is support for the U.S. key escrow/ key recovery initiative. Still, Daley said that the administration remains committed to finding a "compromise" between the interests of law enforcement and business and privacy groups. A group of privacy experts, advocates and scholars wrote to Secretary Daley in late February about privacy issues. The group urged him to look more closely at the adequacy of self-regulation as a means to protect privacy, and recommended that more attention be paid to the important role of encryption and related techniques in on-line privacy. The Department of Commerce has scheduled a conference on privacy issues that will take place on May 13-14 in Washington, DC. Information should soon be available at the Department of Commerce web site. Secretary Daley's recent address is available at: http://www.osec.doc.gov/ops/ecom.htm The "Letter Regarding a Proposed White House Conference on Privacy" is available at: http://www.epic.org/privacy/internet/daley_ltr_2_26_98.html ======================================================================= [2] Court Finds AOL Immune From Libel Suit ======================================================================= A federal judge in Washington has ruled that America Online cannot be sued for posting an allegedly defamatory item by gossip columnist Matt Drudge. The ruling came in a lawsuit filed by White House official Sidney Blumenthal after Drudge reported that Blumenthal had "a spousal abuse past that has been effectively covered up." The suit named as defendants both Drudge and AOL, which carried "The Drudge Report" under a license agreement with the columnist. In an opinion issued on April 22, U.S. District Judge Paul L. Friedman held that AOL enjoys broad immunity from suit under a surviving provision of the Communications Decency Act (most of which was struck down by the Supreme Court last summer). That provision, which was intended to encourage online providers to "self-police" their systems for "offensive" content, states: No provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider. The judge noted that, under the terms of its agreement with Drudge, AOL retained "certain editorial rights ... including the right to require changes in content and to remove it." While finding that the CDA provision relieves the online service of any potential liability, Judge Friedman noted an anomaly in the result: Because it has the right to exercise editorial control over those with whom it contracts and whose words it disseminates, it would seem only fair to hold AOL to the liability standards applied to a publisher or, at least, like a book store owner or library, to the liability standards applied to a distributor. But Congress has made a different policy choice by providing immunity even where the interactive service provider has an active, even aggressive role in making available content prepared by others. The suit against Drudge will proceed, and attorneys for Blumenthal have indicated that they will appeal the dismissal of AOL as a defendant. ======================================================================= [3] Library Internet Filters Held to High Free Speech Test ======================================================================= In the first court ruling on the use of Internet filtering software in libraries, a federal judge on April 7 rejected a motion to dismiss a lawsuit challenging the use of filters in public libraries in Loudoun County, Virginia. In a 36-page decision, U.S. District Judge Leonie M. Brinkema held that "the Library Board may not adopt and enforce content-based restrictions on access to protected Internet speech" unless it meets the highest level of constitutional scrutiny. Noting that public libraries are places of "freewheeling and independent inquiry," the court quoted extensively from Reno v. ACLU, the landmark Supreme Court decision on Internet free speech, and emphasized that the Court "analogized the Internet to a 'vast library including millions of readily available and indexed publications,' the content of which 'is as diverse as human thought.'" The Loudoun County decision comes as Congress is considering the Internet School Filtering Act, a bill that would require all public libraries and schools that receive federal funds for Internet access to install filtering and blocking software. The bill (S. 1619) has been approved by the Senate Commerce Committee and could reach the Senate floor as early as mid-May. Efforts are underway to revise the bill to provide for Internet education programs and acceptable use policies as more effective (and constitutional) alternatives to mandatory filtering. Information on Internet filtering, including the text of the Loudoun County decision, is available at the Internet Free Expression Alliance website: http://www.ifea.net ======================================================================= [4] New Report Finds E-FOIA Efforts Lacking ======================================================================= A new report released on April 20 finds that a majority of federal agencies have failed to meet the requirements of the Electronic Freedom of Information Act (EFOIA). EFOIA was enacted in 1996 and went into effect in October 1997. It was designed to make access to electronic government records easier. The study, produced by OMB Watch, found that of the 56 agencies responding to a survey, 23 percent "have no EFOIA presence," 73 percent have "varying degrees of compliance with the requirements," and as of January 31, 1998, "no agency had complied fully with EFOIA." OMB Watch found that the Office of Management and Budget, which is required to provide guidance under the law, has not provided adequate guidance or assistance to agencies during the implementation process. It also faulted Congress for failing to provide adequate funding to implement the Act. The report recommends that OMB provide better guidance and support, that agencies better organize their online records, and that an enforcement mechanism be created to identify and penalize agencies that are not complying with the Act. More information on EFOIA is available at: http://www.epic.org/open_government/ ======================================================================= [5] Court Rules Infrared Scanner Violates Fourth Amendment ======================================================================= The U.S. Court of Appeals for the 9th Circuit ruled on April 9 that the use of thermal imaging devices to examine homes in criminal investigations is a violation of the Fourth Amendment. The court ruled in U.S. v. Kyllo that police must obtain a court order based on probable cause before a thermal imager can be used. The court found that the information gleaned from the infrared scanner is "sufficiently intimate to give rise to a Fourth Amendment violation." The court noted that with a basic understanding of the layout of a home, a thermal imager could identify a variety of daily activities conducted in homes across America: use of showers and bathtubs, ovens, washers and dryers, and any other household appliance that emits heat. Even the routine and trivial activities conducted in our homes are sufficiently "intimate" as to give rise to Fourth Amendment violation if observed by law enforcement without a warrant. We therefore conclude that the use of a thermal imager to observe heat emitted from various objects within the home infringes upon an expectation of privacy that society clearly deems reasonable. The court rejected prosecution arguments that the scanner was merely recording "waste heat" and cited the 10th Circuit Court of Appeals in finding that the interpretation of the heat information yields information on the activities inside the house: [o]ur fellow circuits have, we think, misapprehended the most pernicious of the device's capabilities. The machine intrudes upon the privacy of the home not because it records white spots on a dark background but rather because the interpretation of that data allows the government to monitor those domestic activities that generate a significant amount of heat. Thus, while the imager cannot reproduce images or sounds, it nonetheless strips the sanctuary of the home of one vital dimension of its security: "the right to be let alone" from the arbitrary and discre- tionary monitoring of our actions by government officials. The text of the opinion is available at: http://laws.findlaw.com/9th/9630333.html ======================================================================= [6] IRS Audit Finds Lax Privacy Protections ======================================================================= An IRS audit publicly released in early April found that IRS employees disclosed personal tax information over the telephone to undercover auditors posing as taxpayers who only provided names, addresses and Social Security Numbers. According to the report, which was written in September 1997, "Auditors were able to secure tax and income information over the phone using names, addresses and SSNs obtained from sources available to the public." IRS workers only asked for a person's name, address and Social Security Number 32 percent of the time. Agency workers asked for more detailed information 27 percent of the time. Auditors made 109 phone calls and received information from the IRS on the taxpayers' income, withholdings, or refunds in 96 cases. The information was provided over the phone, faxed, or sent to addresses other than the address on file with the agency. The report recommended that more information be required before sensitive tax information is released. The IRS now says that it will require more information before personal records are disclosed. ======================================================================= [7] New Congressional Bills and Upcoming Hearings ======================================================================= --- NEW BILLS --- H.R. 3601. Identity Theft and Assumption Deterrence Act of 1998. Criminalizes identify theft. Introduced by Shadegg (R-AZ) on March 30. Referred to the Committee on the Judiciary, and in addition to the Committee on Transportation and Infrastructure. H.R. 3605. Patients' Bill of Rights Act of 1998. Requires insurers to protect records and provide access to patients. Introduced by Dingell (D-MI) on March 30. Referred to the Committee on Commerce, and in addition to the Committees on Ways and Means, and Education and the Workforce. S. 1921. Health Care PIN Act. Comprehensive "medical privacy" bill. Requires patients to give up medical privacy before receiving health care. Introduced by Jeffords (R-VT) on April 2. Referred to the Committee on Labor and Human Resources ======================================================================= [8] Upcoming Conferences and Events ======================================================================= Encryption Intrigue on the International Stage. Washington, DC. April 30, 1998. Sponsored by the Cato Institute. Contact: http://www.cato.org/events/calendar.html 1998 IEEE Symposium on Security. IEEE Computer Society, Oakland, CA, May 3-6. Sponsored by IEEE and IACR. Contact: http://www.research.att.com/~reiter/oakland98.html As Technology Moves Forward, Do Worker Rights Move Backwards? -- Privacy in The Workplace. Chicago, Illinois. May 6 and 13, 1998. Sponsored by: The Crossroads Center for Faith and Work &The Institute for Business & Professional Ethics, DePaul University. http://www.depaul.edu/ethics ACM Policy98. May 10-12, 1998. Washington, DC. Sponsored by ACM and USACM. http://www.acm.org/usacm/events/policy98/ Department of Commerce Conference on Privacy. March 13-14. Washington, DC. Contact: Becky Burr <bburr@ntia.doc.gov> The Threats to Democracy Conference. May 15-18. Washington D.C. Sponsored by People For the American Way. Contact: balcomgrp@aol.com 1998 EPIC Cryptography and Privacy Conference. June 8, 1998. Washington, DC. Sponsored by EPIC, Harvard University and London School of Economics. Contact: http://www.epic.org/events/crypto98/ INET'98, July 21-24, 1998, Geneva, Switzerland. Sponsored by Internet Society. Contact: http://www.isoc.org/inet98/ Advances in Social Informatics and Information Systems, Baltimore, MD, Aug. 14-16, 1998. Sponsored by the Association for Information Systems Contact: http://info.cwru.edu/rlamb/ais98cfp.htm CPSR Annual Conference - Internet Governance. Boston, Mass, Oct. 10-11. Sponsored by CPSR. contact: cpsr@cpsr.org 1999 RSA Data Security Conference. San Jose, California, January 18-21, 1999. Sponsored by RSA. Contact: http://www.rsa.com/conf99/ (Send calendar submissions to alert@epic.org) ======================================================================= Subscription Information ======================================================================= The EPIC Alert is a free biweekly publication of the Electronic Privacy Information Center. To subscribe or unsubscribe, send email to epic-news@epic.org with the subject: "subscribe" (no quotes) or "unsubscribe". A Web-based form is available at: http://www.epic.org/alert/subscribe.html Back issues are available at: http://www.epic.org/alert/ ======================================================================= About EPIC ======================================================================= The Electronic Privacy Information Center is a public interest research center in Washington, DC. It was established in 1994 to focus public attention on emerging privacy issues such as the Clipper Chip, the Digital Telephony proposal, national ID cards, medical record privacy, and the collection and sale of personal information. EPIC is sponsored by the Fund for Constitutional Government, a non-profit organization established in 1974 to protect civil liberties and constitutional rights. EPIC publishes the EPIC Alert, pursues Freedom of Information Act litigation, and conducts policy research. For more information, e-mail info@epic.org, http://www.epic.org or write EPIC, 666 Pennsylvania Ave., SE, Suite 301, Washington, DC 20003. +1 202 544 9240 (tel), +1 202 547 5482 (fax). If you'd like to support the work of the Electronic Privacy Information Center, contributions are welcome and fully tax-deductible. Checks should be made out to "The Fund for Constitutional Government" and sent to EPIC, 666 Pennsylvania Ave., SE, Suite 301, Washington DC 20003. Individuals with First Virtual accounts can donate at http://www.epic.org/epic/support.html Your contributions will help support Freedom of Information Act and First Amendment litigation, strong and effective advocacy for the right of privacy and efforts to oppose government regulation of encryption and funding of the National Wiretap Plan. Thank you for your support. ---------------------- END EPIC Alert 5.05 -----------------------
Return to:
Alert Home Page | EPIC Home Page