===============================================================
@@@@ @@@@ @@@ @@@@ @ @ @@@@ @@@@ @@@@@
@ @ @ @ @ @ @ @ @ @ @ @
@@@@ @@@ @ @ @@@@@ @ @@@ @@@ @
@ @ @ @ @ @ @ @ @ @ @
@@@@ @ @@@ @@@@ @ @ @@@@ @@@@ @ @ @
==============================================================
Volume 5.10 July 20, 1998
--------------------------------------------------------------
Published by the
Electronic Privacy Information Center (EPIC)
Washington, D.C.
http://www.epic.org
=======================================================================
Table of Contents
=======================================================================
[1] Groups Write Senate on Pending Net Censorship Bills
[2] FBI Asks Congress to Enhance Wiretap Powers
[3] Proposed Rules Issued for National Identity Card
[4] HHS Proposes New Health Care Identifier
[5] House Committee Approves Copyright Bill
[6] Encryption Policy Update
[7] New Bills and Action in Congress
[8] Upcoming Conferences and Events
=======================================================================
[1] Groups Write Senate on Pending Net Censorship Bills
=======================================================================
EPIC joined with a dozen other free speech and civil liberties groups on
July 14 in a letter sent to the U.S. Senate concerning two pending
Internet censorship bills, saying they violate the First Amendment. The
groups contend that the bills -- one requiring Internet content filters
and the other setting criminal penalties for providing "inappropriate"
online material to minors) -- would severely restrict free expression on
the Internet.
The Senate may soon vote on both bills. Sen. John McCain's "Internet
School Filtering Act" (S. 1619) would require schools and libraries
receiving federal Internet subsidies to install filtering software
designed to prevent children from accessing "inappropriate" material. Sen.
Dan Coats' bill (S. 1482) would criminalize the "commercial" distribution
on websites of material that is "harmful to minors." The Coats bill, in
adopting a criminalization approach to online content, is similar to the
Communications Decency Act (CDA) struck down last year by the Supreme
Court. The bill, which has been dubbed "CDA II," could come to the Senate
floor as early as this week.
"One year ago, the Supreme Court unanimously ruled that the Communications
Decency Act of 1996, which made it a crime to transmit 'indecent'
materials on the Internet, violated the First Amendment," the coalition
letter states. "The two pending bills ignore the central holding of the
Court; expression on the Internet is entitled to the highest degree of
First Amendment protection.
"We share the concern of Sens. McCain and Coats that the Internet remain a
safe and rewarding medium for young people," the letter continues.
"However, we strongly believe that these bills embrace approaches --
filtering and criminalization -- that are both constitutionally suspect
and ultimately ineffective in providing our children with positive online
experiences."
EPIC is supporting an online campaign to raise Congressional awareness of
the implications of these Internet censorship bills. Faxes can be sent --
free of charge -- to your Senators by visiting the EPIC Free Speech Action
page:
http://www.epic.org/free_speech/action/
If you sent faxes to the Senate earlier, you helped keep these bills off
the floor. Please reiterate your concerns once again and let your
Senators know that these measures remain controversial.
The text of the coalition letter to the Senate is available at the
Internet Free Expression Alliance website:
http://www.ifea.net/joint_ltr_7_14.html
=======================================================================
[2] FBI Asks Congress to Enhance Wiretap Powers
=======================================================================
Last week, the FBI sought support from the Senate Appropriations Committee
for an amendment to the FY 1999 Justice Department funding bill that would
substantially amend the Communications Assistance for Law Enforcement Act
of 1994 (CALEA). The provision would grant the Bureau new powers to
conduct wiretaps and demand changes to the nation's telephone system.
The amendment would limit the role of the Federal Communications
Commission (FCC) in mediating the current dispute between the FBI,
industry and public interest groups over the technical standards
implementing CALEA. It would require the FCC to adopt the current draft
standard and approve the controversial "punch list" of additional features
surveillance demanded by the FBI. Industry and public interest groups
would be precluded from commenting on the standard.
The FBI proposal also would require phone companies to disclose
information on the "exact physical location" of cell phone subscribers if
a court finds that "there is a reason to believe that the location
information is relevant to a legitimate law enforcement objective." Under
this standard, no crime would be necessary for judicial authorization. The
proposal would also permit law enforcement to obtain location information
without a warrant for any felony offense if they apply for a court order
within 48 hours.
EPIC and five other privacy groups wrote to Senator Ted Stevens (R-AZ),
Chairman of the Senate Appropriations Committee, on July 17 urging him to
reject the FBI proposal.
More information on the letter and CALEA is available at:
http://www.epic.org/privacy/wiretap/
=======================================================================
[3] Proposed Rules Issued for National Identity Card
=======================================================================
The U.S. Department of Transportation (DOT) issued a notice on June 17
that would effectively turn state drivers' licenses into national identity
cards. The proposed rule would require that all states modify their
drivers' licenses to create a uniform national drivers' license. It would
prohibit government agencies from accepting any identification besides the
authorized identity card.
The proposed rule would also encourage states to include the persons'
Social Security Number either in written form on the face of the license
or in electronic form of all drivers' licenses. If a state does not wish
to include the SSN on the license, it must minimally require every license
applicant to provide the number. State agencies would be required to send
every such SSN to the Social Security Administration for review.
The DOT is basing its rule on provisions in the Illegal Immigration Reform
and Immigrant Responsibility Act of 1996. Reps. Ron Paul (R-TX) and Bob
Barr (R-GA) have introduced H. R. 4217, the Freedom and Privacy
Restoration Act of 1998, which would repeal the immigration act's
provisions on identification. It would also prohibit federal agencies
from "accept[ing] for any identification-related purpose an
identification document, if any other Federal agency accepts such document
for any such purpose."
More information on the proposed rule is available at:
http://www.epic.org/privacy/id-cards/
=======================================================================
[4] HHS Proposes New Health Care Identifier
=======================================================================
The U.S. Department of Health and Human Services (HHS) issued a white
paper on July 2 to discuss the development of a single national
identification number for every person in the United States for health
care purposes.
The identifier is designed to facilitate the sharing of medical
information. Under the 1996 Health Insurance Portability and
Accountability Act (commonly known as the Kennedy-Kassebaum Act), the
Secretary of HHS is required to adopt standards for an identification
number for all patients to be used for every health care encounter. An
advisory committee to the Department recommended that no identification
number be chosen before the enactment of a medical privacy law.
The white paper examines possible identity systems, including the Social
Security Number (in its existing form or in a modified form), a new
number, a system based on a master patient index, cryptography, biometric
identification, and other possibilities. The paper proposes that all
systems be analyzed against a set of 30 criteria developed by the American
Society for Testing and Materials that include the requirement that the
number be: public, accessible, linkable, unique, universal, focused and
governed.
The adoption of the number is considered to be politically sensitive. Any
universal number would facilitate the sharing and abuse of medical
information. A number based on the SSN could be used to link medical
records with other information such as employment and financial
information currently indexed with the SSN. A new number that is deployed
without any additional privacy protections could be universally adopted by
other agencies and private businesses and become a new de facto national
identity number.
HHS is holding a series of hearings on the choice of identification
numbers. The text of the proposal and more information on medical privacy
is available at:
http://www.epic.org/medical/
=======================================================================
[5] House Committee Approves Copyright Bill
=======================================================================
On July 17, the House Commerce Committee approved H.R. 2281, the Digital
Millennium Copyright Act, by a unanimous vote. Intended to protect
copyrighted works from piracy, the bill would outlaw devices used to
circumvent technological protection measures, such as encryption, which
could be used to protect copyrighted works. Additionally, opponents of
the legislation are concerned that the blanket prohibition on the simple
act of circumventing such technologies could stifle fair use rights for
copyrighted works, resulting in a pay-per-use world.
Of the eight amendments introduced in the Commerce Committee, six were
adopted and two were withdrawn. The first amendment adopted permitted the
circumvention of technological protection measures in the course of an act
of "good faith encryption research." Good faith in this case means that
the person lawfully obtained the encrypted work, the act of circumvention
was necessary to conduct the research, and the person made a good faith
effort to obtain authorization before the circumvention. Another adopted
amendment focused on the privacy rights of the consumer. This privacy
amendment permits the circumvention of technological protection measures
for the purposes of preventing the collection or dissemination of
personally identifying information.
An amendment defining a "technological protection measure" was vigorously
debated, but ultimately withdrawn. Supporters of the amendment argued
that it was necessary to preserve the constitutionality of the bill.
Without a clear definition of a "technological protection measure," courts
may be more likely to invalidate the law due to the vague term. While
opponents of the amendment conceded that a precise definition was
necessary, they argued that the amendment as drafted provided a poor
definition. Ultimately, the amendment was withdrawn with the provision
that members would work together to perfect the definition in the
legislative history.
As a result of the Commerce Committee action, there are now two House
versions of the bill; one approved by the Commerce Committee and another
by the Judiciary Committee. The two versions are inconsistent and must
ultimately be reconciled before the bill can be considered on the House
floor.
EPIC Director Marc Rotenberg testified before the Commerce Committee on
June 5 in support of changes to H.R. 2281 that would protect consumer
privacy and limit the anti-circumvention provision. The testimony is
available at:
http://www.epic.org/privacy/copyright/epic-wipo-testimony-698.html
More information on the WIPO bill is available from the Digital Futures
Coalition page at:
http://www.dfc.org/
=======================================================================
[6] Encryption Policy Update
=======================================================================
High-powered DES Cracker Developed
The Electronic Frontier Foundation announced on July 17 that it has
produced a DES cracking supercomputer, capable of brute forcing a 56-bit
DES key in four days or less. John Gilmore, leader of the project, has
published the source code, hardware diagrams, and schematics in a book to
encourage others to duplicate his work. The Data Encryption Standard,
developed in 1974 by IBM and the NSA, is possibly the most widely
implemented encryption algorithm in the world. The U.S. government has
long maintained that 56-bit DES offers adequate protection for sensitive
data.
Junger Decision
On July 7, a federal judge ruled in a closely followed encryption case
that source code does not enjoy First Amendment free speech protection.
Judge James Gwin of the U.S. District Court for the Northern District of
Ohio ruled that law professor Peter Junger can not challenge encryption
export restrictions on the ground that they abridge his right to free
speech on the Internet. In his decision, Judge Gwin stated that "...
exporting source code is conduct that can occasionally have communicative
elements. Nevertheless, merely because conduct is occasionally expressive
does not necessarily extend First Amendment protection to it." Professor
Junger is expected to appeal the decision.
"ClearZone" Proposal
A group of 13 companies lead by Cisco Systems announced on July 13 that
they would develop a product called ClearZone, which would enable routers
to capture e-mail, URLs, and other data before they are encrypted and sent
over the network that could then be given to law enforcement agencies.
The proposal has serious implications for personal privacy on the
Internet, and many are skeptical of Cisco's assertion that it will meet
law enforcement's demands and gain export approval.
New Crypto Export Guidelines
Secretary of Commerce William Daley announced on July 7 a new set of
guidelines for crypto exports for financial institutions such as banks and
credit card companies. U.S.-manufactured encryption systems of any key
length may be exported to a specified set of 45 countries by the financial
firms once the products have been subjected to a one-time examination by
the Bureau of Export Administration (BXA).
More information on encryption policy is available at:
http://www.crypto.org/
=======================================================================
[7] New Congressional Bills and Upcoming Hearings
=======================================================================
H.R. 4124. E-Mail User Protection Act of 1998. Anti-Spam bill. Introduced
by Cook (R-UT) on June 24, 1998. Referred to the Committee on Commerce.
H.R. 4151. Identity Theft and Assumption Deterrence Act of 1998. Creates
new federal law against ID theft. Creates central bureau for victims of id
theft. Introduced by Shadegg (R-AZ).Referred to the Committee on
Judiciary.
H.R. 4176. Digital Jamming Act of 1998. Anti-spam bill. Introduced by
Markey (D-MA) on June 25, 1998. Referred to the Committee on Commerce.
H.R. 4217. Freedom and Privacy Restoration Act of 1998. Repeals
immigration law requirements on national id. Introduced by Paul (R-TX) on
July 15, 1998. Referred to the Committee on Government Reform and
Oversight.
S.2291. Collections of Information Antipiracy Act. Creates new form of
intellectual property for databases. Introduced by Grams (R-MN). Referred
to the Committee on the Judiciary.
=======================================================================
[8] Upcoming Conferences and Events
=======================================================================
INET'98, July 21-24, 1998, Geneva, Switzerland. Sponsored by Internet
Society. Contact: http://www.isoc.org/inet98/
Online Privacy: The Role of Government and Industry in Ensuring Individual
Privacy on the Internet. Friday, July 24,1998, 12:00-1:30 p.m. Room 902
Hart Senate Building. Washington, DC. Sponsored by the Congressional
Internet Caucus.
"Law Enforcement and the March of Technology: The Erosion of Privacy in
the Information Age," American Bar Association Annual Meeting. Sunday
August 2, 1998, from 2:00 pm to 3:15 pm, Toronto, Canada. Sponsored by the
ABA. Contact: Andrew Grosso
Advances in Social Informatics and Information Systems, Baltimore, MD,
Aug. 14-16, 1998. Sponsored by the Association for Information Systems
Contact: http://info.cwru.edu/rlamb/ais98cfp.htm
Fifth Annual Privacy Issues Forum. 2 - 3 September 1998, Wellington, New
Zealand. Sponsored by the NZ Privacy Commissioner. Contact:
privacy@iprolink.co.nz
The Outlook for Freedom, Privacy and Civil Society on the Internet in
Central and Eastern Europe. Budapest, Hungary. 4-6 September 1998.
Sponsored by Global Internet Liberty Campaign. Contact:
http://www.gilc.org/events/budapest/
Telecommunications Policy Research Conference. October 3-5, 1998
Alexandria, Virginia. Contact: http://www.si.umich.edu/~prie/tprc/
The Public Voice in the Development of Internet Policy. Ottawa, Canada.
October 7, 1998. Sponsored by GILC and Privacy International. Contact:
info@gilc.org
CPSR Annual Conference - Internet Governance. Boston, Mass, Oct. 10-11.
Sponsored by CPSR. contact: cpsr@cpsr.org
PDC 98 - the Participatory Design Conference, "Broadening Participation"
November 12-14, 1998. Seattle, Washington. Sponsored by Computer
Professionals for Social Responsibility in cooperation with ACM and CSCW
98. Contact: http://www.cpsr.org/conferences/pdc98
Computer Ethics. Philosophical Enquiry 98 (CEPE'98). 14-15 December 1998
London, UK. Sponsored by ACMSIGCAS and London School of Economics.
http://is.lse.ac.uk/lucas/cepe98.htm
1999 RSA Data Security Conference. San Jose, California, January 18-21,
1999. Sponsored by RSA. Contact: http://www.rsa.com/conf99/
FC '99 Third Annual Conference on Financial Cryptography, Anguilla,
B.W.I., February 22-25 1999 (submissions due: September 25, 1998).
(Send calendar submissions to alert@epic.org)
=======================================================================
Subscription Information
=======================================================================
The EPIC Alert is a free biweekly publication of the Electronic
Privacy Information Center. To subscribe or unsubscribe, send email
to epic-news@epic.org with the subject: "subscribe" (no quotes) or
"unsubscribe". A Web-based form is available at:
http://www.epic.org/alert/subscribe.html
Back issues are available at:
http://www.epic.org/alert/
=======================================================================
About EPIC
=======================================================================
The Electronic Privacy Information Center is a public interest
research center in Washington, DC. It was established in 1994 to
focus public attention on emerging privacy issues such as the Clipper
Chip, the Digital Telephony proposal, national ID cards, medical
record privacy, and the collection and sale of personal information.
EPIC is sponsored by the Fund for Constitutional Government, a
non-profit organization established in 1974 to protect civil liberties
and constitutional rights. EPIC publishes the EPIC Alert, pursues
Freedom of Information Act litigation, and conducts policy research.
For more information, e-mail info@epic.org, http://www.epic.org or
write EPIC, 666 Pennsylvania Ave., SE, Suite 301, Washington, DC
20003. +1 202 544 9240 (tel), +1 202 547 5482 (fax).
If you'd like to support the work of the Electronic Privacy
Information Center, contributions are welcome and fully tax-
deductible. Checks should be made out to "The Fund for
Constitutional Government" and sent to EPIC, 666 Pennsylvania Ave.,
SE, Suite 301, Washington DC 20003. Individuals with First Virtual
accounts can donate at http://www.epic.org/epic/support.html
Your contributions will help support Freedom of Information Act and
First Amendment litigation, strong and effective advocacy for the
right of privacy and efforts to oppose government regulation of
encryption and funding of the digital wiretap law.
Thank you for your support.
---------------------- END EPIC Alert 5.10 -----------------------
.
