EPIC logo 

  ==============================================================
 
       @@@@  @@@@  @@@  @@@@      @    @     @@@@  @@@@  @@@@@
       @     @  @   @   @        @ @   @     @     @  @    @
       @@@@  @@@    @   @       @@@@@  @     @@@   @@@     @
       @     @      @   @       @   @  @     @     @  @    @
       @@@@  @     @@@  @@@@    @   @  @@@@  @@@@  @   @   @
 
   ==============================================================
   Volume 5.06	                                     May 12, 1998
   --------------------------------------------------------------
 
                            Published by the
              Electronic Privacy Information Center (EPIC)
                            Washington, D.C.
 
                          http://www.epic.org/
 
         ***  1998 EPIC Cryptography and Privacy Conference  ***
                   http://www.epic.org/events/crypto98/
                 **  Last week for Early Registration  **
 
=======================================================================
Table of Contents
=======================================================================
 
[1] New Senate Crypto Bill: A Mixed Bag
[2] Senate May Soon Consider Internet Filtering Bill
[3] Wiretaps Increase in 1997; Only Two Computer Taps
[4] EPIC Testifies on International Privacy
[5] Industry, Public Interest Groups Ask FCC to Delay Wiretap Law
[6] Last Week for Early Registration for EPIC Crypto Conference
[7] New Congressional Bills and Upcoming Hearings
[8] Upcoming Conferences and Events
 
=======================================================================
[1] New Senate Crypto Bill: A Mixed Bag
=======================================================================
 
Senators John Ashcroft (R-MO) and Patrick Leahy (D-VT) today
introduced the "Encryption Protects the Rights of Individuals from
Violation and Abuse in Cyberspace (E-PRIVACY) Act."  The proposed
legislation is the latest in a series of congressional measures
designed to resolve the debate surrounding current U.S. encryption
policy.  Like the SAFE Act (H.R. 695) now pending in the House, the
E-PRIVACY Act seeks to relax existing controls on the export of
encryption products.  Controls would be lifted for encryption
products that are deemed to be "generally available" within the
international market.  Exporters would be given new procedural rights
to obtain expedited determinations on the exportability of their
products.
 
The bill also contains several provisions that would preserve the
right of Americans to use encryption techniques and that would
enhance the privacy protections currently accorded to personal
communications and stored data. Among its positive features, the bill
would prohibit government-compelled key escrow and provide enhanced
privacy protections for stored electronic data held by third parties,
location information generated by wireless communications services,
and transactional information obtained from pen registers and trap
and trace devices.
 
The bill contains two provisions that raise significant civil
liberties and privacy concerns.  One would make the use of encryption
to conceal "incriminating" communications or information during the
commission of a crime a new federal criminal offense.  The other
would create within the Department of Justice a National Electronic
Technology Center (NET Center) to "serve as a center for . . . law
enforcement authorities for information and assistance regarding
decryption and other access requirements."  The NET Center would have
a broad mandate and could potentially spawn a new domestic
surveillance bureaucracy within the Department of Justice.  The bill
authorizes other federal agencies to provide "assistance" to the NET
Center, including the detailing of personnel to the new entity.
Given that existing federal expertise in the areas of electronic
surveillance and decryption resides at the National Security Agency
(NSA), the bill in effect authorizes unprecedented NSA involvement in
domestic law enforcement activities.
 
EPIC's analysis of the E-PRIVACY bill (including a link to the text
of the legislation) is available at:
 
     http://www.epic.org/crypto/legislation/epriv_analysis.html
 
=======================================================================
[2] Senate May Soon Consider Internet Filtering Bill
=======================================================================
 
The Senate may soon vote on the "Internet School Filtering Act" (S.
1619). The bill would require schools and libraries receiving federal
Internet subsidies to install filtering software designed to prevent
children from accessing "inappropriate" material.  The Senate
Commerce Committee approved the measure on March 12.
 
The filtering bill was initially scheduled for a vote during the
Senate's "Tech Week" (which began on May 11), when "non-controversial"
technology legislation will be brought to the Senate floor.  Growing
controversy surrounding the bill apparently led to its removal from the
agenda.
 
The bill raises serious constitutional questions.  In a decision issued
on April 7, a federal judge in Virginia rejected an effort to dismiss a
challenge to Internet filtering at a public library, finding that "the
Library Board may not adopt and enforce content- based restrictions on
access to protected Internet speech" unless it meets the highest level
of constitutional scrutiny.  Many local communities have decided that
the best approach to online content is one that emphasizes "acceptable
use policies" and Internet education programs.  They have rejected the
use of filtering software as ineffective and contrary to educational
objectives.
 
EPIC is joining with the ACLU and EFF in sponsoring an online campaign
to raise Congressional awareness of the implications of Internet
filtering. Faxes can be sent -- free of charge -- to your Senators by
visiting the EPIC Free Speech Action page:
 
     http://www.epic.org/free_speech/action/
 
Additional information on Internet filtering is also available at the
Internet Free Expression Alliance website:
 
     http://www.ifea.net
 
=======================================================================
[3] Wiretaps Increase in 1997; Only Two Computer Taps
=======================================================================
 
State and Federal wiretapping increased by three percent in 1997
according to the annual report of the Administrative Office of the U.S.
Courts, released last week. The total number of wiretaps approved by
state and federal judges in 1997 was 1186, up from 1149 in 1996.  There
was a slight decrease in federal orders and an eight percent increase
in state requests, mainly from a special New York police anti-narcotics
squad.  Once again, no request for a wiretap order was turned down by a
federal or state judge.
 
Investigation of drug cases was again the major reason for wiretaps.
Seventy-three percent of all applications listed narcotics as the
primary reason, up from 71 percent the previous year.  Gambling and
racketeering each accounted for eight percent of the applications.
Only three cases involved "arson, explosives, and weapons" cases.
 
Wiretaps continued to be relatively inefficient as an investigative
tool. In 1997, each tap intercepted an average of 2081 calls for a
total of nearly 2.5 million calls intercepted.  Only 20 percent of
conversations intercepted were deemed "incriminating" by prosecutors.
Federal taps were even less efficient -- only 16 percent were deemed
"incriminating."
 
An analysis by EPIC of the reports for 1995-1997 has found that while
the FBI continues its push towards limiting cryptography used to
protect the privacy of electronic communications, federal and state
investigators only conducted five wiretaps that involved computer
communications in that period.  In 1997, two such instances were
reported.  The two 1997 cases were a fraud case in Ohio and an
extortion case in Illinois.  The Illinois order was only in force for
six days and did not yield any "incriminating conversations."
 
More information on wiretapping, including the text of the
Administrative Office of the U.S. Court's 1997 Wiretap report (in PDF
format) is available at:
 
     http://www.epic.org/privacy/wiretap/
 
=======================================================================
[4] EPIC Testifies on International Privacy
=======================================================================
 
EPIC testified before the U.S. House of Representatives Committee on
International Relations on May 7 on privacy in the United States and
the European Union's privacy directive.  The hearing was held to
discuss the pending EU Directive, which will require that all European
countries establish a high level of privacy protection and prevent the
sending of personal information to other countries which do not have
the same level of protection.  It will go into effect this October.
 
Executive Director Marc Rotenberg's testimony focused on the inadequacy
of U.S. privacy laws and the demand by U.S. citizens for privacy
protection: "It is not the privacy laws in Europe that raise concern;
it is the absence of privacy laws in the United States that created the
difficult situation we face today. "
 
Highlights from the testimony:
 
1. Privacy as a legal right is well established in the United States,
and the United States has passed many privacy laws in response to new
technologies.  But the Administration and some companies are now
actively opposing the adoption of real privacy safeguards.  A country
such as ours that prides itself on human rights should not be
campaigning against privacy -- which is one of the most important
rights in the information age.
 
2. The self-regulatory approach that has been offered as an alternative
to strong legal and technical protections is not doing very well.
Public support for privacy legislation has grown during the time that
self-regulatory policies have been pursued.
 
3. Other countries are following the European approach and adopting new
laws and new technical measures to protect privacy.  The United States
is becoming increasingly isolated in the global debate over privacy
protection.
 
4. Europe is committed to the enforcement of the Directive.  Failure by
the United States to address this issue will have specific economic
consequences for U.S. firms and transborder data flows.
 
5. The U.S. policy on privacy is particularly ineffective because we
are simultaneously urging surveillance standards in the
telecommunications field for European governments and businesses even
as we tell the Europeans not to apply their privacy guidelines to
American firms operating in Europe.
 
The full text of the testimony is available at:
 
     http://www.epic.org/privacy/intl/rotenberg-eu-testimony-598.html
 
=======================================================================
[5] Industry, Public Interest Groups Ask FCC to Delay Wiretap Law
=======================================================================
 
Public interest groups, telecommunications companies and trade
associations filed comments with the Federal Communications Commission
on May 8 asking the FCC to delay the implementation of new technical
standards required by the Communications Assistance for Law Enforcement
Act (CALEA).  Under the law, telecommunications companies and equipment
manufacturers have until October 25, 1998, to implement new standards
for digital wiretapping or face heavy fines.  However, delays due to
controversial FBI demands in the standard-setting process have
prevented them from being adopted.
 
Comments filed jointly by EPIC, the Electronic Frontier Foundation and
the American Civil Liberties Union asked the FCC to indefinitely stay
the proceeding until the controversy over the standards are resolved.
The groups also urged the FCC to issue one order covering all
companies, rather than process several thousand individual requests for
relief from the requirements.
 
More information on CALEA and wiretapping is available at:
 
     http://www.epic.org/privacy/wiretap/
 
=======================================================================
[6] Last Week for Early Registration for EPIC Crypto Conference
=======================================================================
 
May 15 is the deadline for early registration for the 1998 EPIC
Cryptography and Privacy Conference.
 
Top government officials -- including Senator John Ashcroft (R-MO),
William Reinsch (Undersecretary of Commerce for Export Administration)
and Robert Litt (Principal Associate Attorney General) -- will discuss
current U.S. encryption policy at the largest policy conference on
cryptography ever held in Washington, DC.  Other leading experts from
government, industry, public interest community and academia will also
debate important legal, political technical  issues.  If you are
interested in cryptography policy, this is the one meeting you must
attend!
 
The 1998 EPIC Cryptography and Privacy Conference is organized by the
Electronic Privacy Information Center, in cooperation with the Harvard
University Information Infrastructure Project and the Technology Policy
Research Group of the London School of Economics.
 
FEES
 
   Standard
 
       o $300.00 (before May 15) / $400.00 (after May 15)
 
   Academic/Govt/501(c)(3)
 
       o $150.00 (before May 15) / $200.00 (after May 15)
 
 
MORE INFORMATION, FULL AGENDA AND ONLINE REGISTRATION:
 
     http://www.epic.org/events/crypto98/
 
=======================================================================
[7] New Congressional Bills and Upcoming Hearings
=======================================================================
 
--- ACTIONS ---
 
Scheduled for votes, week of 5/11/98
 
    * S. 2037: An original bill to amend title 17, United States Code,
       to implement the WIPO Copyright Treaty and the WIPO Performances
       and Phonograms Treaty, to provide limitations on copyright
       liability relating to material online, and for other purposes.
 
    * H. R. 2652: A bill to amend title 17, United States Code, to
       prevent the misappropriation of collections of information.
       (Collections of Information Antipiracy Act)
 
 
--- UPCOMING HEARINGS ---
 
May 19-20.  Senate Governmental Affairs.  To hold hearings to examine
Government computer security.  SD-342.  10:00 a.m.
 
May 21.  Senate Labor and Human Resources.  To hold hearings on genetic
information issues.  SD-430.  10:00 a.m.
 
May 21.  Subcommittee on Telecommunications, Trade, and Consumer
Protection hearing on Electronic Commerce: Doing Business On-Line.
2123 RHOB.  10:00 a.m.
 
June 4.  House Committee on Commerce. Subcommittee on Finance and
Hazardous Materials hearing on Electronic Commerce: New Methods for
Making Electronic Purchases.  2123 RHOB.  10:00 a.m.
 
 
--- NEW BILLS ---
 
H.R. 3752.  Multipoint Wiretap Act of 1998.  Allows for police to
easily conduct roving wiretaps.  Introduced by McCullum (R-FL) on April
29, 1998. Referred to the Committee on the Judiciary.
 
H.R. 3755.  Prescription Privacy Protection Act of 1998.  Restricts
disclosure of pharmacy records.  Introduced by Nadler (D-NY) on April
29, 1998.  Referred to the Committee on Commerce.
 
H.R. 3783.  Child Online Protection Act.  CDA 2 bill criminalizes
material sent that is "harmful to minors."  Introduced by Oxley (R-OH)
on April 30, 1998. Referred to the Committee on Commerce
 
S. 1965.  Internet Predator Prevention Act of 1998.  To prohibit the
publication of identifying information relating to a minor for criminal
sexual purposes. Introduced by Moseley-Braun (D-IL) on April 22, 1998.
Referred to the Committee on the Judiciary.
 
S. 1973.  Telephone Privacy Act of 1998.  Requires two-party consent
before recording telephone calls.  Introduced by Bumpers (D-AK) on
April 23, 1998. Referred to the Committee on the Judiciary.
 
An updated list of the over 100 bills pending in Congress that relate
to privacy and free speech is available at:
 
     http://www.epic.org/privacy/bill_track.html
 
=======================================================================
[8] Upcoming Conferences and Events
=======================================================================
 
The Threats to Democracy Conference. May 15-18. Washington D.C.
Sponsored by People For the American Way. Contact: balcomgrp@aol.com
 
SCRAMBLING FOR SAFETY:   Privacy, security and commercial implications
of the UK and EU crypto policy announcements. 29th May 1998. London,
UK. Sponsored by Cambridge University. contact:
http://www.cl.cam.ac.uk/users/rja14/sfs98.html
 
Ethics and Technology. June 5-6. San Jose, CA. Sponsored by Santa Clara
University. Contact: www.scu.edu/ethics/
 
1998 EPIC Cryptography and Privacy Conference. June 8, 1998.
Washington, DC. Sponsored by EPIC, Harvard University and London School
of Economics. Contact: http://www.epic.org/events/crypto98/
 
Net Censorship In Europe.  June 9, 1998. Washington, DC. Sponsored by
the Freedom Forum. Contact: apowell@freedomforum.org
 
INET'98, July 21-24, 1998, Geneva, Switzerland. Sponsored by Internet
Society. Contact: http://www.isoc.org/inet98/
 
Advances in Social Informatics and Information Systems, Baltimore, MD,
Aug. 14-16, 1998.  Sponsored by the Association for Information Systems
Contact:  http://info.cwru.edu/rlamb/ais98cfp.htm
 
CPSR Annual Conference - Internet Governance.  Boston, Mass, Oct.
10-11. Sponsored by CPSR. contact: cpsr@cpsr.org
 
PDC 98 - the Participatory Design Conference, "Broadening
Participation" November 12-14, 1998. Seattle, Washington.  Sponsored by
Computer Professionals for Social Responsibility in cooperation with
ACM and CSCW 98. Contact: http://www.cpsr.org/conferences/pdc98
 
1999 RSA Data Security Conference.  San Jose, California, January
18-21, 1999. Sponsored by RSA. Contact: http://www.rsa.com/conf99/
 
          (Send calendar submissions to alert@epic.org)
 
=======================================================================
Subscription Information
=======================================================================
 
The EPIC Alert is a free biweekly publication of the Electronic
Privacy Information Center.  To subscribe or unsubscribe, send email
to epic-news@epic.org with the subject: "subscribe" (no quotes) or
"unsubscribe". A Web-based form is available at:
 
     http://www.epic.org/alert/subscribe.html
 
Back issues are available at:
 
     http://www.epic.org/alert/
 
=======================================================================
About EPIC
=======================================================================
 
The Electronic Privacy Information Center is a public interest
research center in Washington, DC.  It was established in 1994 to
focus public attention on emerging privacy issues such as the Clipper
Chip, the Digital Telephony proposal, national ID cards, medical
record privacy, and the collection and sale of personal information.
EPIC is sponsored by the Fund for Constitutional Government, a
non-profit organization established in 1974 to protect civil liberties
and constitutional rights.  EPIC publishes the EPIC Alert, pursues
Freedom of Information Act litigation, and conducts policy research.
For more information, e-mail info@epic.org, http://www.epic.org or
write EPIC, 666 Pennsylvania Ave., SE, Suite 301, Washington, DC
20003. +1 202 544 9240 (tel), +1 202 547 5482 (fax).
 
If you'd like to support the work of the Electronic Privacy
Information Center, contributions are welcome and fully
tax-deductible.  Checks should be made out to "The Fund for
Constitutional Government" and sent to EPIC, 666 Pennsylvania Ave.,
SE, Suite 301, Washington DC 20003. Individuals with First Virtual
accounts can donate at http://www.epic.org/epic/support.html
 
Your contributions will help support Freedom of Information Act and
First Amendment litigation, strong and effective advocacy for the
right of privacy and efforts to oppose government regulation of
encryption and funding of the digital wiretap law.
 
Thank you for your support.
 
  ---------------------- END EPIC Alert 5.06 -----------------------
 

Return to:

Alert Home Page | EPIC Home Page