============================================================== @@@@ @@@@ @@@ @@@@ @ @ @@@@ @@@@ @@@@@ @ @ @ @ @ @ @ @ @ @ @ @ @@@@ @@@ @ @ @@@@@ @ @@@ @@@ @ @ @ @ @ @ @ @ @ @ @ @ @@@@ @ @@@ @@@@ @ @ @@@@ @@@@ @ @ @ ============================================================== Volume 5.06 May 12, 1998 -------------------------------------------------------------- Published by the Electronic Privacy Information Center (EPIC) Washington, D.C. http://www.epic.org/ *** 1998 EPIC Cryptography and Privacy Conference *** http://www.epic.org/events/crypto98/ ** Last week for Early Registration ** ======================================================================= Table of Contents ======================================================================= [1] New Senate Crypto Bill: A Mixed Bag [2] Senate May Soon Consider Internet Filtering Bill [3] Wiretaps Increase in 1997; Only Two Computer Taps [4] EPIC Testifies on International Privacy [5] Industry, Public Interest Groups Ask FCC to Delay Wiretap Law [6] Last Week for Early Registration for EPIC Crypto Conference [7] New Congressional Bills and Upcoming Hearings [8] Upcoming Conferences and Events ======================================================================= [1] New Senate Crypto Bill: A Mixed Bag ======================================================================= Senators John Ashcroft (R-MO) and Patrick Leahy (D-VT) today introduced the "Encryption Protects the Rights of Individuals from Violation and Abuse in Cyberspace (E-PRIVACY) Act." The proposed legislation is the latest in a series of congressional measures designed to resolve the debate surrounding current U.S. encryption policy. Like the SAFE Act (H.R. 695) now pending in the House, the E-PRIVACY Act seeks to relax existing controls on the export of encryption products. Controls would be lifted for encryption products that are deemed to be "generally available" within the international market. Exporters would be given new procedural rights to obtain expedited determinations on the exportability of their products. The bill also contains several provisions that would preserve the right of Americans to use encryption techniques and that would enhance the privacy protections currently accorded to personal communications and stored data. Among its positive features, the bill would prohibit government-compelled key escrow and provide enhanced privacy protections for stored electronic data held by third parties, location information generated by wireless communications services, and transactional information obtained from pen registers and trap and trace devices. The bill contains two provisions that raise significant civil liberties and privacy concerns. One would make the use of encryption to conceal "incriminating" communications or information during the commission of a crime a new federal criminal offense. The other would create within the Department of Justice a National Electronic Technology Center (NET Center) to "serve as a center for . . . law enforcement authorities for information and assistance regarding decryption and other access requirements." The NET Center would have a broad mandate and could potentially spawn a new domestic surveillance bureaucracy within the Department of Justice. The bill authorizes other federal agencies to provide "assistance" to the NET Center, including the detailing of personnel to the new entity. Given that existing federal expertise in the areas of electronic surveillance and decryption resides at the National Security Agency (NSA), the bill in effect authorizes unprecedented NSA involvement in domestic law enforcement activities. EPIC's analysis of the E-PRIVACY bill (including a link to the text of the legislation) is available at: http://www.epic.org/crypto/legislation/epriv_analysis.html ======================================================================= [2] Senate May Soon Consider Internet Filtering Bill ======================================================================= The Senate may soon vote on the "Internet School Filtering Act" (S. 1619). The bill would require schools and libraries receiving federal Internet subsidies to install filtering software designed to prevent children from accessing "inappropriate" material. The Senate Commerce Committee approved the measure on March 12. The filtering bill was initially scheduled for a vote during the Senate's "Tech Week" (which began on May 11), when "non-controversial" technology legislation will be brought to the Senate floor. Growing controversy surrounding the bill apparently led to its removal from the agenda. The bill raises serious constitutional questions. In a decision issued on April 7, a federal judge in Virginia rejected an effort to dismiss a challenge to Internet filtering at a public library, finding that "the Library Board may not adopt and enforce content- based restrictions on access to protected Internet speech" unless it meets the highest level of constitutional scrutiny. Many local communities have decided that the best approach to online content is one that emphasizes "acceptable use policies" and Internet education programs. They have rejected the use of filtering software as ineffective and contrary to educational objectives. EPIC is joining with the ACLU and EFF in sponsoring an online campaign to raise Congressional awareness of the implications of Internet filtering. Faxes can be sent -- free of charge -- to your Senators by visiting the EPIC Free Speech Action page: http://www.epic.org/free_speech/action/ Additional information on Internet filtering is also available at the Internet Free Expression Alliance website: http://www.ifea.net ======================================================================= [3] Wiretaps Increase in 1997; Only Two Computer Taps ======================================================================= State and Federal wiretapping increased by three percent in 1997 according to the annual report of the Administrative Office of the U.S. Courts, released last week. The total number of wiretaps approved by state and federal judges in 1997 was 1186, up from 1149 in 1996. There was a slight decrease in federal orders and an eight percent increase in state requests, mainly from a special New York police anti-narcotics squad. Once again, no request for a wiretap order was turned down by a federal or state judge. Investigation of drug cases was again the major reason for wiretaps. Seventy-three percent of all applications listed narcotics as the primary reason, up from 71 percent the previous year. Gambling and racketeering each accounted for eight percent of the applications. Only three cases involved "arson, explosives, and weapons" cases. Wiretaps continued to be relatively inefficient as an investigative tool. In 1997, each tap intercepted an average of 2081 calls for a total of nearly 2.5 million calls intercepted. Only 20 percent of conversations intercepted were deemed "incriminating" by prosecutors. Federal taps were even less efficient -- only 16 percent were deemed "incriminating." An analysis by EPIC of the reports for 1995-1997 has found that while the FBI continues its push towards limiting cryptography used to protect the privacy of electronic communications, federal and state investigators only conducted five wiretaps that involved computer communications in that period. In 1997, two such instances were reported. The two 1997 cases were a fraud case in Ohio and an extortion case in Illinois. The Illinois order was only in force for six days and did not yield any "incriminating conversations." More information on wiretapping, including the text of the Administrative Office of the U.S. Court's 1997 Wiretap report (in PDF format) is available at: http://www.epic.org/privacy/wiretap/ ======================================================================= [4] EPIC Testifies on International Privacy ======================================================================= EPIC testified before the U.S. House of Representatives Committee on International Relations on May 7 on privacy in the United States and the European Union's privacy directive. The hearing was held to discuss the pending EU Directive, which will require that all European countries establish a high level of privacy protection and prevent the sending of personal information to other countries which do not have the same level of protection. It will go into effect this October. Executive Director Marc Rotenberg's testimony focused on the inadequacy of U.S. privacy laws and the demand by U.S. citizens for privacy protection: "It is not the privacy laws in Europe that raise concern; it is the absence of privacy laws in the United States that created the difficult situation we face today. " Highlights from the testimony: 1. Privacy as a legal right is well established in the United States, and the United States has passed many privacy laws in response to new technologies. But the Administration and some companies are now actively opposing the adoption of real privacy safeguards. A country such as ours that prides itself on human rights should not be campaigning against privacy -- which is one of the most important rights in the information age. 2. The self-regulatory approach that has been offered as an alternative to strong legal and technical protections is not doing very well. Public support for privacy legislation has grown during the time that self-regulatory policies have been pursued. 3. Other countries are following the European approach and adopting new laws and new technical measures to protect privacy. The United States is becoming increasingly isolated in the global debate over privacy protection. 4. Europe is committed to the enforcement of the Directive. Failure by the United States to address this issue will have specific economic consequences for U.S. firms and transborder data flows. 5. The U.S. policy on privacy is particularly ineffective because we are simultaneously urging surveillance standards in the telecommunications field for European governments and businesses even as we tell the Europeans not to apply their privacy guidelines to American firms operating in Europe. The full text of the testimony is available at: http://www.epic.org/privacy/intl/rotenberg-eu-testimony-598.html ======================================================================= [5] Industry, Public Interest Groups Ask FCC to Delay Wiretap Law ======================================================================= Public interest groups, telecommunications companies and trade associations filed comments with the Federal Communications Commission on May 8 asking the FCC to delay the implementation of new technical standards required by the Communications Assistance for Law Enforcement Act (CALEA). Under the law, telecommunications companies and equipment manufacturers have until October 25, 1998, to implement new standards for digital wiretapping or face heavy fines. However, delays due to controversial FBI demands in the standard-setting process have prevented them from being adopted. Comments filed jointly by EPIC, the Electronic Frontier Foundation and the American Civil Liberties Union asked the FCC to indefinitely stay the proceeding until the controversy over the standards are resolved. The groups also urged the FCC to issue one order covering all companies, rather than process several thousand individual requests for relief from the requirements. More information on CALEA and wiretapping is available at: http://www.epic.org/privacy/wiretap/ ======================================================================= [6] Last Week for Early Registration for EPIC Crypto Conference ======================================================================= May 15 is the deadline for early registration for the 1998 EPIC Cryptography and Privacy Conference. Top government officials -- including Senator John Ashcroft (R-MO), William Reinsch (Undersecretary of Commerce for Export Administration) and Robert Litt (Principal Associate Attorney General) -- will discuss current U.S. encryption policy at the largest policy conference on cryptography ever held in Washington, DC. Other leading experts from government, industry, public interest community and academia will also debate important legal, political technical issues. If you are interested in cryptography policy, this is the one meeting you must attend! The 1998 EPIC Cryptography and Privacy Conference is organized by the Electronic Privacy Information Center, in cooperation with the Harvard University Information Infrastructure Project and the Technology Policy Research Group of the London School of Economics. FEES Standard o $300.00 (before May 15) / $400.00 (after May 15) Academic/Govt/501(c)(3) o $150.00 (before May 15) / $200.00 (after May 15) MORE INFORMATION, FULL AGENDA AND ONLINE REGISTRATION: http://www.epic.org/events/crypto98/ ======================================================================= [7] New Congressional Bills and Upcoming Hearings ======================================================================= --- ACTIONS --- Scheduled for votes, week of 5/11/98 * S. 2037: An original bill to amend title 17, United States Code, to implement the WIPO Copyright Treaty and the WIPO Performances and Phonograms Treaty, to provide limitations on copyright liability relating to material online, and for other purposes. * H. R. 2652: A bill to amend title 17, United States Code, to prevent the misappropriation of collections of information. (Collections of Information Antipiracy Act) --- UPCOMING HEARINGS --- May 19-20. Senate Governmental Affairs. To hold hearings to examine Government computer security. SD-342. 10:00 a.m. May 21. Senate Labor and Human Resources. To hold hearings on genetic information issues. SD-430. 10:00 a.m. May 21. Subcommittee on Telecommunications, Trade, and Consumer Protection hearing on Electronic Commerce: Doing Business On-Line. 2123 RHOB. 10:00 a.m. June 4. House Committee on Commerce. Subcommittee on Finance and Hazardous Materials hearing on Electronic Commerce: New Methods for Making Electronic Purchases. 2123 RHOB. 10:00 a.m. --- NEW BILLS --- H.R. 3752. Multipoint Wiretap Act of 1998. Allows for police to easily conduct roving wiretaps. Introduced by McCullum (R-FL) on April 29, 1998. Referred to the Committee on the Judiciary. H.R. 3755. Prescription Privacy Protection Act of 1998. Restricts disclosure of pharmacy records. Introduced by Nadler (D-NY) on April 29, 1998. Referred to the Committee on Commerce. H.R. 3783. Child Online Protection Act. CDA 2 bill criminalizes material sent that is "harmful to minors." Introduced by Oxley (R-OH) on April 30, 1998. Referred to the Committee on Commerce S. 1965. Internet Predator Prevention Act of 1998. To prohibit the publication of identifying information relating to a minor for criminal sexual purposes. Introduced by Moseley-Braun (D-IL) on April 22, 1998. Referred to the Committee on the Judiciary. S. 1973. Telephone Privacy Act of 1998. Requires two-party consent before recording telephone calls. Introduced by Bumpers (D-AK) on April 23, 1998. Referred to the Committee on the Judiciary. An updated list of the over 100 bills pending in Congress that relate to privacy and free speech is available at: http://www.epic.org/privacy/bill_track.html ======================================================================= [8] Upcoming Conferences and Events ======================================================================= The Threats to Democracy Conference. May 15-18. Washington D.C. Sponsored by People For the American Way. Contact: balcomgrp@aol.com SCRAMBLING FOR SAFETY: Privacy, security and commercial implications of the UK and EU crypto policy announcements. 29th May 1998. London, UK. Sponsored by Cambridge University. contact: http://www.cl.cam.ac.uk/users/rja14/sfs98.html Ethics and Technology. June 5-6. San Jose, CA. Sponsored by Santa Clara University. Contact: www.scu.edu/ethics/ 1998 EPIC Cryptography and Privacy Conference. June 8, 1998. Washington, DC. Sponsored by EPIC, Harvard University and London School of Economics. Contact: http://www.epic.org/events/crypto98/ Net Censorship In Europe. June 9, 1998. Washington, DC. Sponsored by the Freedom Forum. Contact: apowell@freedomforum.org INET'98, July 21-24, 1998, Geneva, Switzerland. Sponsored by Internet Society. Contact: http://www.isoc.org/inet98/ Advances in Social Informatics and Information Systems, Baltimore, MD, Aug. 14-16, 1998. Sponsored by the Association for Information Systems Contact: http://info.cwru.edu/rlamb/ais98cfp.htm CPSR Annual Conference - Internet Governance. Boston, Mass, Oct. 10-11. Sponsored by CPSR. contact: cpsr@cpsr.org PDC 98 - the Participatory Design Conference, "Broadening Participation" November 12-14, 1998. Seattle, Washington. Sponsored by Computer Professionals for Social Responsibility in cooperation with ACM and CSCW 98. Contact: http://www.cpsr.org/conferences/pdc98 1999 RSA Data Security Conference. San Jose, California, January 18-21, 1999. Sponsored by RSA. Contact: http://www.rsa.com/conf99/ (Send calendar submissions to alert@epic.org) ======================================================================= Subscription Information ======================================================================= The EPIC Alert is a free biweekly publication of the Electronic Privacy Information Center. To subscribe or unsubscribe, send email to epic-news@epic.org with the subject: "subscribe" (no quotes) or "unsubscribe". A Web-based form is available at: http://www.epic.org/alert/subscribe.html Back issues are available at: http://www.epic.org/alert/ ======================================================================= About EPIC ======================================================================= The Electronic Privacy Information Center is a public interest research center in Washington, DC. It was established in 1994 to focus public attention on emerging privacy issues such as the Clipper Chip, the Digital Telephony proposal, national ID cards, medical record privacy, and the collection and sale of personal information. EPIC is sponsored by the Fund for Constitutional Government, a non-profit organization established in 1974 to protect civil liberties and constitutional rights. EPIC publishes the EPIC Alert, pursues Freedom of Information Act litigation, and conducts policy research. For more information, e-mail info@epic.org, http://www.epic.org or write EPIC, 666 Pennsylvania Ave., SE, Suite 301, Washington, DC 20003. +1 202 544 9240 (tel), +1 202 547 5482 (fax). If you'd like to support the work of the Electronic Privacy Information Center, contributions are welcome and fully tax-deductible. Checks should be made out to "The Fund for Constitutional Government" and sent to EPIC, 666 Pennsylvania Ave., SE, Suite 301, Washington DC 20003. Individuals with First Virtual accounts can donate at http://www.epic.org/epic/support.html Your contributions will help support Freedom of Information Act and First Amendment litigation, strong and effective advocacy for the right of privacy and efforts to oppose government regulation of encryption and funding of the digital wiretap law. Thank you for your support. ---------------------- END EPIC Alert 5.06 -----------------------
Return to:
Alert Home Page | EPIC Home Page