=============================================================== @@@@ @@@@ @@@ @@@@ @ @ @@@@ @@@@ @@@@@ @ @ @ @ @ @ @ @ @ @ @ @ @@@@ @@@ @ @ @@@@@ @ @@@ @@@ @ @ @ @ @ @ @ @ @ @ @ @ @@@@ @ @@@ @@@@ @ @ @@@@ @@@@ @ @ @ ============================================================== Volume 5.08 June 17, 1998 -------------------------------------------------------------- Published by the Electronic Privacy Information Center (EPIC) Washington, D.C. http://www.epic.org ======================================================================= Table of Contents ======================================================================= [1] Subcommittee to Vote on Copyright Bill [2] Senate May Soon Consider Internet Censorship Bills [3] Commerce Department Announces Net Privacy Summit [4] FTC Releases Report on Online Privacy [5] House Approves Child Protection Bill [6] EPIC Testifies on Copyright and Privacy [7] New Congressional Bills and Upcoming Hearings [8] Upcoming Conferences and Events ======================================================================= [1] Subcommittee to Vote on Copyright Bill ======================================================================= The House Commerce Subcommittee on Telecommunications, Trade and Consumer Protection will vote today on controversial legislation to implement the World Intellectual Property Organization Treaty on Copyright. The "WIPO Implementation Act" (H.R. 2281) will over-regulate emerging technologies, eliminate privacy protections, outlaw reverse engineering and encryption research, and weaken fair use privileges. The bill has already been approved by the Senate and the House Judiciary Committee. Computer professionals and consumers are urged to contact their Representatives and the members of the Commerce Committee and say that they oppose the bill as currently drafted and that they support amendments that will correct the problems described below: Section 1201: Makes the use, manufacture or sale of any technology that can be used to circumvent copyright protections illegal. This section will criminalize the manufacture, import, or use of tools necessary to perform research in cryptography; impede the ability of system operators to find and correct weaknesses in their systems; prevent computer users from protecting their privacy online by removing cookies from their computer. Additionally, if cookies are used as a copyright protection system it would be unlawful to manufacture a device that removes the cookie from the system. Section 1202: Allows for the collection of personally identifiable information as part of the Copyright Management System. This section will allow content owners to collect personally-identifiable information about users who access their copyrighted works. This will eliminate anonymous reading and allow content owners to track not only which online magazines you access but also which articles you read and which pictures you look at. [See item 6, below, for details of EPIC's testimony on the bill.] More information is available from the EPIC/EFF/CPT alert at: http://www.epic.org/privacy/copyright/wipo-alert-698.html ======================================================================= [2] Senate May Soon Consider Internet Censorship Bills ======================================================================= The Senate may soon vote on two Internet censorship bills. Sen. John McCain's "Internet School Filtering Act" (S. 1619) would require schools and libraries receiving federal Internet subsidies to install filtering software designed to prevent children from accessing "inappropriate" material. Sen. Dan Coats' bill (S. 1482) would criminalize the "commercial" distribution on websites of material that is "harmful to minors." The Coats bill, in adopting a criminalization approach to online content, is similar to the Communications Decency Act (CDA) struck down last year by the U.S. Supreme Court. The bill has been dubbed "CDA II." The Senate Commerce Committee approved both measures on March 12. The bills were initially scheduled for consideration during the Senate's "Tech Week" last month, when "non-controversial" technology legislation were brought to the Senate floor. Growing controversy surrounding the bills apparently led to their removal from the agenda. It is likely that supporters of the legislation will again attempt to bring the bills to the floor, possibly as amendments to less controversial Internet-related measures. EPIC is joining with the ACLU and EFF in sponsoring an online campaign to raise Congressional awareness of the implications of these Internet censorship bills. Faxes can be sent -- free of charge -- to your Senators by visiting the EPIC Free Speech Action page: http://www.epic.org/free_speech/action/ If you sent faxes to the Senate last month, you helped keep these bills off the floor. Please reiterate your concerns once again and let your Senators know that these measures remain controversial. Additional information on Internet censorship is also available at the Internet Free Expression Alliance website: http://www.ifea.net ======================================================================= [3] Commerce Department to Hold Privacy Summit ======================================================================= The Commerce Department has announced that its long-awaited public meeting on privacy will be held on June 23 and 24 in Washington, D.C. The topics discussed will include: * Lack of privacy in online transactions, Internet browsing and email; * Privacy issues specific to children in the online environment; * The problems with industry self regulation; * A proposed methodology to further delay reform of privacy policies; * Need for legislation to protect privacy on the Internet; * Technologies based on anonymity currently available on the Internet to protect consumer privacy + Importance of strong encryption for electronic commerce and consumer privacy The meeting was originally scheduled for April but it has been delayed several times due to controversy over who would organize it and what topics would be discussed. Over 70 advocates, professionals and academics wrote Commerce Secretary Daley in February expressing concern over the agenda, which was heavily biased towards industry self-regulation and had little representation from consumer and privacy advocates. More information on the meeting is available at: http://www.ntia.doc.gov/ Letter Regarding a Proposed White House Conference on Privacy: http://www.epic.org/privacy/internet/daley_ltr_2_26_98.html ======================================================================= [4] FTC Releases Privacy Report ======================================================================= Earlier this month, the Federal Trade Commission released its Privacy Online Report to Congress. The report is based on a comprehensive online survey of information practices of commercial Web sites conducted in March 1998. Surveying over 1,400 Web sites, the Commission reported that upwards of 85 percent of Web sites collect personal information, while only 14 percent provide any notice about their information practice. The Commission also performed a separate study concerning the collection of information at children's sites. It found that 89 percent of those sites collect personal information from children. While 54 percent of children's sites do provide some sort of disclosure about their information practices, only 23 percent tell the children to seek parental permission before providing personal information. Furthermore, only seven percent of the sites indicate that they will notify parents of their information practices and less than 10 percent provide for parental control over the collection and/or use of information obtained from children. It is evident from these findings that self-regulation has been so far unsuccessful. As the Commission concludes, "substantially greater incentives are needed to spur self-regulation." It will recommend an appropriate response to protect online consumer privacy later this summer. However, in response to its findings on children's privacy, the Commission already recommends that Congress develop legislation placing parents in control of the online collection and use of personal information from children 12 and under. In addition, the FTC has released a staff opinion letter stating that the collection of certain personal information from children online and its transfer to third parties without obtaining prior parental consent may be an unfair practice in violation of Section 5 of the Federal Trade Commission Act. The findings of the FTC report confirms EPIC's own 1997 online privacy report -- "Surfer Beware" -- which reviewed 100 of the most frequently visited web sites on the Internet. However, despite its findings, the FTC still seems to be leaning towards an industry self-regulation approach. According to the report, "the question is what additional incentives are required in order to encourage effective self-regulatory efforts by industry." The Commission's focus on notice as "the most fundamental fair information practice" also seems misled. Fair information practices need to further articulate the responsibilities of the data collectors and rights of the data subjects. The FTC report is available at: http://www.ftc.gov/privacy/reports.htm EPIC's "Surfer Beware" report is available at: http://www.epic.org/reports/surfer-beware.html ======================================================================= [5] House Approves Child Protection Bill ======================================================================= The House of Representatives approved a bill on June 9 that would weaken legal protections on the privacy of electronic mail and records and threaten online privacy. The House unanimously approved H.R. 3494, the Child Protection and Sexual Predator Punishment Act of 1998. The bill requires Internet service providers who become aware of child pornography to report it to the Justice Department. The bill requires that ISPs who "obtain knowledge of facts or circumstances from which a violation of [laws on] child pornography is apparent shall make a report to a [federal] agency." The bill amends the Electronic Communications Privacy Act by removing the requirement that law enforcement obtain a court order before the ISP can disclose private email when the presence of child pornography is suspected. ISPs that do not report can be fined $100,000. The bill also criminalizes transmitting personally identifiable information about persons under 18 by computer for the purpose of "facilitating, encouraging, offering, or soliciting any person to engage in sexual activity." It requires the Attorney General to "begin a study of computer-based technologies and other approaches to the problem of the availability of pornographic materials to children on the Internet, in order to develop possible amendments to Federal criminal law and other law enforcement techniques to respond to this problem." The study would look at filtering technologies and their limitations, criminal law options for promoting the development, and applicable constitutional limitations. The report would be due in two years. ======================================================================= [6] EPIC Testifies on Copyright and Privacy ======================================================================= On June 5, EPIC Director Marc Rotenberg testified before the Subcommittee on Telecommunications, Trade, and Consumer Protection of the House Commerce Committee. His testimony focused on the privacy issues concerning H.R. 2281, a bill currently being considered in the House of Representatives. Known as the WIPO Copyright Treaties Implementation Act, H.R. 2281 intends to implement the World Intellectual Property Organization (WIPO) Copyright Treaty to protect copyrighted material in the digital age. However, as Rotenberg testified, "H.R. 2281, as currently drafted, threatens to obliterate existing privacy safeguards." Specifically, privacy concerns must be addressed in Section 1202 of the bill which seeks to preserve the integrity of copyright management information. Copyright management information is information which may be collected in the course of establishing a copyright system. However, as defined in the bill, "copyright management information" is too broad. While the bill defines what copyright management information can be, it does not define what cannot be. That is, the definition of copyright management information does not preclude the collection of personally identifiable information. It is important that developers of copyright management systems are aware that personal identifiable information should not be incorporated in such systems. The testimony also discussed the privacy concerns in Section 1201(a)(1) which simply states that "No person shall circumvent a technological protection measure that effectively controls access." Because technology such as Internet cookies could arguably be used "control access" to copyrighted works on a Web site, Rotenberg argued that such language was too broad and would inadvertently make it illegal for individuals from removing cookies from their own hard drives. The EPIC testimony also addressed additional issues concerning the Online Service Provider liability, encryption research, and law enforcement exceptions in the bill. Ultimately, Rotenberg called for the Subcommittee to "consider a new provision that would explicitly guarantee the right of individual to receive information without disclosure of identity -- a right of anonymity." The EPIC testimony is available at: http://www.epic.org/privacy/copyright/epic-wipo-testimony-698.html ======================================================================= [7] New Congressional Bills and Upcoming Hearings ======================================================================= * New Bills * H.R. 3975. Drug-Free Ports Act. Allows greater access to information held by U.S. Justice Department for background checks. Introduced by Shaw (R-FL) on May 22. Referred to the Committee on the Judiciary. An updated list of the over 100 bills pending in Congress that relate to privacy and free speech is available at: http://www.epic.org/privacy/bill_track.html ======================================================================= [8] Upcoming Conferences and Events ======================================================================= INET'98, July 21-24, 1998, Geneva, Switzerland. Sponsored by Internet Society. Contact: http://www.isoc.org/inet98/ Advances in Social Informatics and Information Systems, Baltimore, MD, Aug. 14-16, 1998. Sponsored by the Association for Information Systems Contact: http://info.cwru.edu/rlamb/ais98cfp.htm Telecommunications Policy Research Conference. October 3-5, 1998 Alexandria, Virginia. Contact: http://www.si.umich.edu/~prie/tprc/ CPSR Annual Conference - Internet Governance. Boston, Mass, Oct. 10-11. Sponsored by CPSR. contact: cpsr@cpsr.org PDC 98 - the Participatory Design Conference, "Broadening Participation" November 12-14, 1998. Seattle, Washington. Sponsored by Computer Professionals for Social Responsibility in cooperation with ACM and CSCW 98. Contact: http://www.cpsr.org/conferences/pdc98 Computer Ethics. Philosophical Enquiry 98 (CEPE'98). 14-15 December 1998 London, UK. Sponsored by ACMSIGCAS and London School of Economics. http://is.lse.ac.uk/lucas/cepe98.htm 1999 RSA Data Security Conference. San Jose, California, January 18-21, 1999. Sponsored by RSA. Contact: http://www.rsa.com/conf99/ (Send calendar submissions to alert@epic.org) ======================================================================= Subscription Information ======================================================================= The EPIC Alert is a free biweekly publication of the Electronic Privacy Information Center. To subscribe or unsubscribe, send email to epic-news@epic.org with the subject: "subscribe" (no quotes) or "unsubscribe". A Web-based form is available at: http://www.epic.org/alert/subscribe.html Back issues are available at: http://www.epic.org/alert/ ======================================================================= About EPIC ======================================================================= The Electronic Privacy Information Center is a public interest research center in Washington, DC. It was established in 1994 to focus public attention on emerging privacy issues such as the Clipper Chip, the Digital Telephony proposal, national ID cards, medical record privacy, and the collection and sale of personal information. EPIC is sponsored by the Fund for Constitutional Government, a non-profit organization established in 1974 to protect civil liberties and constitutional rights. EPIC publishes the EPIC Alert, pursues Freedom of Information Act litigation, and conducts policy research. For more information, e-mail info@epic.org, http://www.epic.org or write EPIC, 666 Pennsylvania Ave., SE, Suite 301, Washington, DC 20003. +1 202 544 9240 (tel), +1 202 547 5482 (fax). If you'd like to support the work of the Electronic Privacy Information Center, contributions are welcome and fully tax-deductible. Checks should be made out to "The Fund for Constitutional Government" and sent to EPIC, 666 Pennsylvania Ave., SE, Suite 301, Washington DC 20003. Individuals with First Virtual accounts can donate at http://www.epic.org/epic/support.html Your contributions will help support Freedom of Information Act and First Amendment litigation, strong and effective advocacy for the right of privacy and efforts to oppose government regulation of encryption and funding of the digital wiretap law. Thank you for your support. ---------------------- END EPIC Alert 5.08 -----------------------
Return to:
Alert Home Page | EPIC Home Page