=============================================================== @@@@ @@@@ @@@ @@@@ @ @ @@@@ @@@@ @@@@@ @ @ @ @ @ @ @ @ @ @ @ @ @@@@ @@@ @ @ @@@@@ @ @@@ @@@ @ @ @ @ @ @ @ @ @ @ @ @ @@@@ @ @@@ @@@@ @ @ @@@@ @@@@ @ @ @ ============================================================== Volume 5.12 September 16, 1998 -------------------------------------------------------------- Published by the Electronic Privacy Information Center (EPIC) Washington, D.C. http://www.epic.org ======================================================================= Table of Contents ======================================================================= [1] House Committee Holds Ironic Censorship Hearing [2] Global Groups Urge Removal of Crypto Controls; More Minor Changes in U.S. Policy Announced [3] FCC Extends Deadline for Wiretap Law Compliance [4] Federal Trade Commission Acts on Privacy [5] Global Conference on Internet Policy - Ottawa, October 7 [6] EPIC Publishes Privacy Law Sourcebook [7] New Bills and Action in Congress [8] Upcoming Conferences and Events ======================================================================= [1] House Committee Holds Ironic Censorship Hearing ======================================================================= A House subcommittee held a hearing on September 11 to consider "legislative proposals to protect children from inappropriate materials on the Internet." The timing of the hearing proved to be ironic; several lawmakers and witnesses noted that the House of Representatives would, within hours, post on its website Independent Counsel Kenneth Starr's sexually explicit report on President Clinton's relationship with Monica Lewinsky. The coincidence underscores the fact that distinguishing between "inappropriate" material and that which deserves wide distribution requires difficult -- and subjective -- judgments. Before the subcommittee are a half dozen bills intended to limit children's access to online materials. The "Safe Schools Internet Act" (H.R. 3177) would require that all public libraries and schools that receive federal funds for Internet access install blocking software to restrict minors' access to "inappropriate" material. The "E-Rate Policy and Child Protection Act" (H.R. 3442) would require schools and libraries to adopt policies "with respect to access to material that is inappropriate for children." The "Child Online Protection Act" (H.R. 3783) would punish commercial online distributors of material deemed "harmful to minors" with up to six months in jail and a $50,000 fine. Three pending bills (H.R. 774, H.R. 1180 and H.R. 1964) would require Internet access providers to offer customers "screening" software designed to block access to material that might be "unsuitable" or "inappropriate" for children. The Senate has already approved its own versions of H.R. 3177 and H.R. 3783 and a requirement that ISPs make screening software available. In a joint statement submitted at the hearing, 24 organizations urged Congress "to oppose any measure that would dilute the potential" of the Internet. The groups expressed their view that "community-based educational approaches, as opposed to federally-mandated filtering requirements and new criminal laws, are the best ways to address the issue of how our children use the Internet." The statement was coordinated by the Internet Free Expression Alliance (IFEA). The House Subcommittee on Telecommunications, Trade and Consumer Protection has scheduled a markup of H.R. 3783, the Child Online Protection Act, for September 17. Additional information on pending Internet censorship legislation, including the full text of the joint statement, is available at the IFEA website: http://www.ifea.net ======================================================================= [2] Global Groups Urge Removal of Crypto Controls: More Minor Changes in U.S. Policy Announced ======================================================================= Members of the Global Internet Liberty Campaign (GILC) -- a coalition of nearly 50 non-governmental human rights, civil liberties, consumer, and computer user groups from around the world -- issued an open statement on September 14 calling for the removal of cryptography controls from the Wassenaar Arrangement, an international agreement that governs the proliferation of offensive military technology. The statement was sent to the technical expert representatives of the 33 nations who are signatories to the Wassenaar Arrangement and who are due to begin a review of the arrangement this Fall. The statement argues that continued efforts to impose controls on the use of encryption based on outdated Cold War policies run contrary to the growing trend among national government to promote the availability of strong encryption to encourage electronic commerce and protect personal privacy. Earlier this year, GILC released a report that found that few countries impose controls on the use, manufacture, or distribution of encryption products. The report cited the disproportionate influence of state security agencies in the United States to explain that country's efforts to expand law enforcement authority in the development of encryption policy. EPIC serves as the U.S. coordinator of the international campaign to remove encryption from the Wassenaar Arrangement. The GILC member statement, which was signed by 25 non-governmental organizations from around the world, can be found at: http://www.gilc.org/crypto/wassenaar/ The White House announced on September 16 more changes to U.S. export control laws on cryptography. The announcement reflects minor changes in existing controls and the bulk of controls on strong encryption still remain, especially for end users who are not major corporations. Under the new changes, strong crypto would be available to a limited number of non-us companies - insurance, health care and online merchants in the 45 countries with money laundering laws. US Companies would be able to export to their subsidiaries in nearly all countries. Following the announcement by the Electronic Frontier Foundation of the creation of a DES-cracker, restrictions on 56-bit products would be relaxed to most countries. Regulations on export of key recover products would be reduced and export of products such as Cisco Systems' "Private Doorbell" would be exportable with minimum review. A "Technology Support Center" would be created to assist law enforcement agencies with encryption problems. The White House is calling on Congress to fund the center and the private sector will work in partnership with the effort. Additional information on the new U.S. encryption control policy will soon be available at: http://www.crypto.org/ ======================================================================= [3] FCC Extends Deadline for Wiretap Law Compliance ======================================================================= In an order issued on September 11, the Federal Communications Commission extended until June 30, 2000, the deadline for industry compliance with the Communications Assistance for Law Enforcement Act (CALEA). At issue is the feasibility of implementing the controversial 1994 law, which requires the telecommunications industry to ensure that new digital technologies do not hamper traditional law enforcement wiretapping capabilities. Had the Commission not acted, compliance would have been required by October 25 of this year. The current FCC proceedings on CALEA began after negotiations between the FBI and the telecommunications industry broke down over FBI demands for enhanced access to the communications network. Disputed issues include: whether wireless service providers must provide location tracking capabilities; increased abilities to monitor conference calls; proposed access to the full content of customer communications from carriers using packet switching; and the scope of "call-identifying information" that must be provided to law enforcement agencies. The FCC proceeding is the culmination of a controversy that began in the early 1990's when the FBI first sought a "digital telephony" law to address new communications technology. The Commission expressly rejected "the FBI's assertion that an extension of the compliance date would interfere with law enforcement's ability to protect the public from criminal activity," noting that "All carriers currently provide technical assistance to law enforcement to conduct lawfully authorized wiretaps, and nothing in this Order should be construed as relieving carriers of their pre-CALEA responsibilities to assist law enforcement authorities in conducting authorized surveillance." The Senate Judiciary Committee is scheduled to debate and approve H.R. 3303, the Justice Department authorization bill already approved by the House, on September 17. The bill includes a two-year delay in CALEA implementation and a change in the law extending the deadlines for telephone companies to be reimbursed for equipment required under the law. Additional information on CALEA is available at: http://www.epic.org/privacy/wiretap/ ======================================================================= [4] Federal Trade Commission Acts on Privacy ======================================================================= An FTC Administrative Law Judge ruled on July 31 that Trans Union, one of the nation's largest credit agencies, violated the Fair Credit Reporting Act by selling information from individuals' credit records to direct marketing firms. The Judge ordered the company to stop the practice, finding that "Trans Union invades consumers' privacy when it sells consumers' credit histories to third-party marketers without consumers' knowledge or consent." The judge was also critical of opt-out approaches, citing evidence that most consumers are unaware of their ability to be removed from marketing lists. He found that "there is no direct credible evidence of the success rate of the opt-out actually stopping direct mail and telemarketing calls." On August 13, the FTC agreed to a settlement with GeoCities, a major Internet site. GeoCities was charged with collecting personal information from users and disclosing it to other companies and deceptively collecting information from children. Under the settlement, GeoCities agreed to post on its site a privacy notice telling consumers what information is being collected and for what purpose; to whom it will be disclosed; and how consumers can access and remove the information. To ensure parental control, GeoCities also will need to obtain parental consent before collecting information from children 12 and under. However, the agreement is limited because the settlement does not set standards for GeoCities's privacy policy and there will be compensation for people affected by the deceptive practices. More information on the FTC is available at: http://www.ftc.gov/ ======================================================================= [5] Global Internet Policy Conference in Ottawa, October 7 ======================================================================= The Global Liberty Internet Campaign (GILC) will sponsor "The Public Voice in the Development of Internet Policy" in Ottawa, Canada on Wednesday, October 7, 1998. The meeting is scheduled to coincide with the Ministerial meeting of the Organization for Economic Cooperation and Development that begins in Ottawa on October 8. The Public Voice conference is a public meeting on the role of the citizen in the development of the information society. The meeting will hear from consumer groups, human rights organizations and civil liberties advocates on such issues as privacy, access, consumer protection and human rights in the 21st century. The featured speakers include M. David Johnston, the former chairman of the Canadian Information Highway Advisory Council (IHAC) and Stephen Lau, the Privacy Commissioner for Personal Data in Hong Kong. The GILC meeting is being organized by EPIC in cooperation with Federation Nationale des Associations de Consommateurs du Quebec (Montreal), the Public Interest Advocacy Center (Ottawa), and Electronic Frontiers Canada. More information about the GILC Public Voice conference, including registration information, is available at: http://www.gilc.org/events/ottawa98/ ======================================================================= [6] EPIC Publishes Privacy Law Sourcebook ======================================================================= New from EPIC: "The Privacy Law Sourcebook: United States Law, International Law, and Recent Developments" by EPIC's Director Marc Rotenberg, is the most-current single-volume collection of major privacy laws from around the globe. This essential resource contains all of the major U.S. privacy laws, including the Privacy Act of 1974, the Electronic Communications Privacy Act of 1986 and the Telephone Consumer Protection Act of 1991, as well as the text of the OECD Cryptography Guidelines and the European Union Data Directive, which goes into force in the fall of 1998. The Sourcebook also includes the complete text of the 1980 OECD Privacy Guidelines, the international privacy framework that is the basis for many privacy laws around the globe. Recent working papers from the European Commission on the critical issue of determining "adequacy" of data protection in third party countries are also covered. The detailed Table of Contents makes it easy to find and identify the statutory provisions that you are looking for, while a Privacy Resources page provides you with the online addresses to several excellent sites dealing with privacy laws and policies. Total length of the soft cover book is approximately 435 pages. To order, send a check or money order along with your delivery address to: EPIC Publications, 666 Pennsylvania Avenue S.E., Suite 301, Washington, D.C. 20003. Within the U.S., cost is $54 per copy, $29 for law students, non-government organizations and non-profits. Outside of the U.S., the Sourcebook is $60 per copy, $35 for law students, non-government organizations and non-profits. All prices include shipping and handling and are in U.S. funds. For many other great titles on privacy, free speech and encryption, visit the EPIC Bookstore at: http://www.epic.org/bookstore/ ======================================================================= [7] New Bills and Action in Congress ======================================================================= H.R. 4281. Patient Privacy Act of 1998. Repeals requirement for national patient ID number. Introduced by Paul (R-TX) on July 21. Referred to the Committee on Ways and Means. H.R. 4312. Medical Privacy Protection Act of 1998. Repeals national ID number for patients. Introduced by Barr (R-GA) on July 22. Referred to the Committee on Ways and Means, and in addition to the Committee on Government Reform and Oversight. H.R. 4321. Financial Information Privacy Act of 1998. To protect consumers and financial institutions by preventing personal financial information from being obtained from financial institutions under false pretenses. Introduced by Leach (R-IA) on July 23. Referred to the Committee on Banking and Financial Services. Approved by House Committee on Banking and Financial Service on August 21. Referred sequentially to the House Committee on the Judiciary and House Committee on Commerce until Sept 25. H.R. 4388. Consumer Financial Privacy Protection Act of 1998. Amends the Consumer Credit Protection Act to require consumer privacy protections. Introduced by LaFalce (D-NY) on August 4. Referred to the Committee on Banking and Financial Services. H.R. 4395. Real Estate Transaction Privacy Promotion Act. Prohibit a lender from requiring a borrower in a residential mortgage transaction to provide the lender with unlimited access to the borrower's tax return information. Introduced by Rivers (D-MI) on August 4. Referred to the Committee on Banking and Financial Services. H.R. 4425. Personal Privacy Protection Act. Anti-Paparazzi bill. Introduced by Conyers (D-MI) on August 6. Referred to the Committee on the Judiciary. H.R. 4431. HIV Partner Protection Act. AIDS partner notification bill. Introduced by Ackerman (D-NY). Referred to the Committee on Commerce. H.R. 4470. Personal Data Privacy Act of 1998. To prohibit Federal, State, and local agencies and private entities from transferring, selling, or disclosing personal data with respect to an individual to other agencies or entities without the express consent of the individual except in limited circumstances, and to require such agencies and entities to provide individuals with personal data maintained with respect to such individuals. Introduced by Hinchey (D-NY) on August 6. Referred to the Committee on Government Reform and Oversight. H.R. 4478. Depository Institution Customers Financial Privacy Enhancement Act of 1998. To require insured depository institutions, depository institution holding companies, and insured credit unions to protect the confidentiality of financial information obtained concerning their customers, and for other purposes. Introduced by Markey (D-MA) on August 6. Referred to the Committee on Banking and Financial Services. H.R. 4479. Securities Investors Privacy Enhancement Act of 1998. To require brokers, dealers, investment companies, and investment advisers to protect the confidentiality of financial information obtained concerning their customers, and for other purposes. Introduced by Markey (D-MA) on August 6. Referred to the Committee on Committee on Commerce. S. 2433. To protect consumers and financial institutions by preventing personal financial information from being obtained from financial institutions under false pretenses. Introduced on September 2 by D'Amato (R-NY). ======================================================================= [8] Upcoming Conferences and Events ======================================================================= Telecommunications Policy Research Conference. October 3-5, 1998 Alexandria, Virginia. Contact: http://www.si.umich.edu/~prie/tprc/ The Public Voice in the Development of Internet Policy. Ottawa, Canada. October 7, 1998. Sponsored by GILC. Contact: http://www.gilc.org/events/ottawa98/ One Planet, One Net: Governing the Internet Symposium. Boston, Mass, Oct. 10-11. Sponsored by CPSR. Contact: http://www.cpsr.org/conferences/annmtg98/ PDC 98 - the Participatory Design Conference, "Broadening Participation" November 12-14, 1998. Seattle, Washington. Sponsored by Computer Professionals for Social Responsibility in cooperation with ACM and CSCW 98. Contact: http://www.cpsr.org/conferences/pdc98 Computer Ethics. Philosophical Enquiry 98 (CEPE'98). 14-15 December 1998 London, UK. Sponsored by ACMSIGCAS and London School of Economics. http://is.lse.ac.uk/lucas/cepe98.htm 1999 RSA Data Security Conference. January 18-21, 1999. San Jose, California. Sponsored by RSA. Contact: http://www.rsa.com/conf99/ FC '99 Third Annual Conference on Financial Cryptography. February 22-25 1999 Anguilla, B.W.I., (submissions due: September 25, 1998). Computers, Freedom and Privacy (CFP) '99. April 6-8. Washington, DC. Sponsored by ACM. Contact: info@cfp99.org. (Send calendar submissions to alert@epic.org) ======================================================================= Subscription Information ======================================================================= The EPIC Alert is a free biweekly publication of the Electronic Privacy Information Center. To subscribe or unsubscribe, send email to epic-news@epic.org with the subject: "subscribe" (no quotes) or "unsubscribe". A Web-based form is available at: http://www.epic.org/alert/subscribe.html Back issues are available at: http://www.epic.org/alert/ ======================================================================= About EPIC ======================================================================= The Electronic Privacy Information Center is a public interest research center in Washington, DC. It was established in 1994 to focus public attention on emerging privacy issues such as the Clipper Chip, the Digital Telephony proposal, national ID cards, medical record privacy, and the collection and sale of personal information. EPIC is sponsored by the Fund for Constitutional Government, a non-profit organization established in 1974 to protect civil liberties and constitutional rights. EPIC publishes the EPIC Alert, pursues Freedom of Information Act litigation, and conducts policy research. For more information, e-mail info@epic.org, http://www.epic.org or write EPIC, 666 Pennsylvania Ave., SE, Suite 301, Washington, DC 20003. +1 202 544 9240 (tel), +1 202 547 5482 (fax). If you'd like to support the work of the Electronic Privacy Information Center, contributions are welcome and fully tax- deductible. Checks should be made out to "The Fund for Constitutional Government" and sent to EPIC, 666 Pennsylvania Ave., SE, Suite 301, Washington DC 20003. Individuals with First Virtual accounts can donate at http://www.epic.org/epic/support.html Your contributions will help support Freedom of Information Act and First Amendment litigation, strong and effective advocacy for the right of privacy and efforts to oppose government regulation of encryption and funding of the digital wiretap law. Thank you for your support. ---------------------- END EPIC Alert 5.12 ----------------------- .
Return to:
Alert Home Page | EPIC Home Page