============================================================== @@@@ @@@@ @@@ @@@@ @ @ @@@@ @@@@ @@@@@ @ @ @ @ @ @ @ @ @ @ @ @ @@@@ @@@ @ @ @@@@@ @ @@@ @@@ @ @ @ @ @ @ @ @ @ @ @ @ @@@@ @ @@@ @@@@ @ @ @@@@ @@@@ @ @ @ ============================================================== Volume 5.16 November 10, 1998 -------------------------------------------------------------- Published by the Electronic Privacy Information Center (EPIC) Washington, D.C. http://www.epic.org ======================================================================= Table of Contents ======================================================================= [1] ACTION: Comment on U.S. Privacy Policy [2] Congress Approves Identity Theft Legislation [3] Appeals Court Limits Copyright of Legal Documents [4] Encryption Policy Update [5] Final Actions in 105th Congress [6] Nominations Sought for PEN First Amendment Award [7] Updated and Expanded EPIC Bookstore [8] Upcoming Conferences and Events ======================================================================= [1] ACTION: Comment on U.S. Privacy Policy ======================================================================= The Department of Commerce has posted a draft policy on privacy. The policy proposes the establishment of a "Safe Harbor" regime that would allow U.S. firms to self-certify compliance with principles established by the Commerce Department. The proposal is intended to address European concerns that privacy protection in the United States is not "adequate." But the plan falls short of standard fair information practices and leaves open the question of when actual privacy safeguards will be adopted in the United States. While it remains unclear whether the Commerce Department is genuinely interested in the views of the American public -- the draft is addressed to "Industry Representatives" -- EPIC is urging individuals concerned about privacy to submit comments to the Department. We believe that the position espoused by the U.S. government on privacy issues should reflect more than the trade concerns of U.S. companies. Here are the points that EPIC will emphasize to the Department of Commerce: - The Safe Harbor proposal falls short of the 1980 OECD Privacy Principles that the United States endorsed almost twenty years ago and recently pledged to continue to support. - The Safe Harbor principles undermine key elements of data protection. "Consent" is redefined as "choice." There is no reference to "use limitation" or "purpose specification," even though both principles are found in the 1980 OECD Privacy Guidelines - There is no real means of enforcement for the Safe Harbor Principles. Enforcement by self-regulation has not worked. For example, Geocities received a certification from Truste even while under investigation for violating the privacy of its users. - The Safe Harbor principles discriminate against small and medium sized companies operating on the Internet that may not be able to self-certify. - The Safe Harbor principles do not address the need to fix U.S. policies on encryption and other privacy enhancing technologies. - The U.S. still lacks privacy protection in critical areas, such as medical records, and the American public supports legislation to protect privacy online. - The Safe Harbor principles do not address the need to create a permanent privacy agency to represent the interests on privacy protection. Comments are due by November 19. The text of the Department of Commerce letter on "Safe Harbor" is available at: http://www.ita.doc.gov/ecom/menu.htm Submit comments ("U.S. Privacy Policy") to Eric Fredell, Task Force on Electronic Commerce, International Trade Administration, Department of Commerce, 14th and Constitution Ave., Washington, DC 20230 or by email ecommerce@ita.doc.gov (email). ======================================================================= [2] Congress Approves Identity Theft Legislation ======================================================================= In the last days of the legislative session, Congress approved a new law providing limited legal protections against identity theft. Support for the Identity Theft and Assumption Deterrence Act of 1998 (H.R. 4151) was led by Rep. John Shadegg (R-AZ). The law imposes criminal penalties on any person who "knowingly transfers or uses, without lawful authority, a means of identification of another person with the intent to commit, or to aid or abet, any unlawful activity that constitutes a violation of Federal law, or that constitutes a felony under any applicable State or local law." The law penalizes persons who assume others' identities and use them to obtain car loans, credit cards and other financial obligations. Violators can be imprisoned for up to three years and fined a maximum of $250,000. The bill also directs the Federal Trade Commission to establish a clearinghouse for receiving complaints about identity theft and providing information and referrals to identity theft victims. Efforts to place limits of the dissemination of personal information that makes identity theft possible were strongly opposed by businesses and were not included in the bill. President Clinton signed the bill into law on October 30. At the signing ceremony, Clinton said, "As we enter the Information Age, it is critical that our newest technologies support our oldest values." ======================================================================= [3] Appeals Court Limits Copyright of Legal Documents ======================================================================= In two cases decided on November 3, the U.S. Court of Appeals for the 2nd Circuit limited the ability of legal publisher West Publishing to copyright legal decisions. In the first case, the court ruled that West does not obtain copyrights to the text of judicial decisions when it makes minor grammatical and formatting changes to them. In the second case, the court ruled that page numbers in West's law books are not protected by copyright law. The court ruled in Matthew Bender v. West Publishing that minor editorial changes made by West are not sufficiently original to warrant additional legal protection: All of West's alterations to judicial opinions involve the addition and arrangement of facts, or the rearrangement of data already included in the opinions, and therefore any creativity in these elements of West's case reports lies in West's selection and arrangement of this information. In light of accepted legal conventions and other external constraining factors, West's choices on selection and arrangement can reasonably be viewed as obvious, typical, and lacking even minimal creativity. In the second case, the court ruled that CD-ROM publishers could include in the text of decisions the page numbers used by West in it printed volumes. This is important since West holds a de facto monopoly over printed legal decisions and competing publishers need to refer to West page numbers to ensure that courts and attorneys can locate cited cases. The case may have important implications when the 106th Congress convenes next year. Several members of the Senate have announced plans to seek adoption of a bill to provide legal protections for databases of non-copyrighted facts. Additional information is available at: http://www.hyperlaw.com/hlvwest.htm ======================================================================= [4] Encryption Policy Update ======================================================================= - The Finnish government announced a new encryption policy on November 9. It calls for no domestic restrictions on the development and use of encryption products and relaxed policies on exports: "Finland supports free trade and use of cryptographic products. In Finland, the use of strong encryption should not be restricted by legislation or international agreements ... Finland's aims are to examine the restrictions on cryptographic products so that control lists correspond to technical development, and to ensure that the necessary restrictions will not unreasonably impede normal foreign trade of industry and businesses." The text of the Finnish policy is available at: http://www.vn.fi/lm/telecom.htm. - The 6th Circuit U.S. Court of Appeals has indicated that it will delay consideration of a closely followed encryption case. The court will delay proceedings in Junger v. Daley for at least 45 days, possibly anticipating that the 9th Circuit will soon announce a ruling in the Bernstein case, which raises similar issues. On July 7, Judge James Gwin of the U.S. District Court for the Northern District of Ohio ruled that law professor Peter Junger cannot challenge encryption export restrictions on the ground that they abridge his right to free speech on the Internet. In his decision, Judge Gwin stated that "... exporting source code is conduct that can occasionally have communicative elements. Nevertheless, merely because conduct is occasionally expressive does not necessarily extend First Amendment protection to it." Professor Junger appealed that decision to the 6th Circuit. - The Bureau of Export Administration (BXA) has approved Private Doorbell, a product proposal presented by a coalition of 10 U.S. technology companies lead by Cisco Systems, Inc. The system consists of secure routers which would allow interception of plaintext before the router encrypts the communication. The system doesn't account for end-to-end encryption systems; if internet users encrypt e-mail at their PCs, the system does not help law enforcement recover the plaintext of the message. Additional information on encryption policy is available at: http://www.crypto.org ======================================================================= [5] Final Actions in 105th Congress ======================================================================= The following measures were enacted in the closing days of the 105th Congress: Digital Millennium Copyright Act (Public Law 105-304). Expands copyrights for electronic media. Criminalizes possession and use of tools that remove copyright protection. Limited exceptions for privacy protection, security and encryption research. Does not include provisions providing legal protections for databases. Consumer Reporting Employment Clarification Act of 1998 (Public Law 105-347). Amends Fair Credit Report Act to allow oral consent for employers in trucking industry to obtain credit report. Expands exemptions of FCRA in use for national security investigations. The Omnibus Consolidated and Emergency Supplemental Appropriations Act, 1999 (H.R. 4328). Included the Child Online Protection Act (see EPIC Alert 5.15) and the following provisions: Children's Online Privacy Protection Act (Title XIII). Limits collection and dissemination of personal information about children under age of 13. Allows access by parents to information collected. Gives Federal Trade Commission and states enforcement power. Identity Cards (Sec. 362). Prohibits Department of Transportation from spending money in the current fiscal year to issue final standards on DOT's national ID card proposal. Government Paperwork Elimination Act (Title XVII). Requires agencies to disclose electronic records instead of physical records and use and accept digital signatures within five years. Requires OMB and NTIA to conduct study of digital signatures. Drug Free Workplace Act of 1998 (Title IX). Encourages small businesses to test for drug use. Creates pilot program with incentives. Requires privacy protections for drug testing program. Prison guard privacy (Sec. 127). Prohibits disclosure of financial or personal information of a person employed by a state or federal prison without a court order or consent. The text of all laws enacted in the 105th Congress is available at: http://thomas.loc.gov/bss/d105/d105laws.html ======================================================================= [6] Nominations Sought for PEN First Amendment Award ======================================================================= Nominations are encouraged for the PEN/Newman's Own First Amendment Award. The award, $25,000 and a limited-edition artwork, is presented each spring to a U.S. resident who has fought courageously, despite adversity, to safeguard the First Amendment right to freedom of expression as it applies to the written word. Previous winners have included a journalist, playwright, bookstore owner and school teachers. The judges for last year's award were PEN members Bette Bao Lord, Kurt Vonnegut and Sean Wilentz and First Amendment experts Joan E. Bertin and Leon Friedman. For further information and an application form, please write: Elham Kalantar, PEN/Newman's Own First Amendment Award, PEN American Center, 568 Broadway, Suite 401, New York, NY 10012 Deadline for application: December 31, 1998 Additional information, including the application form, is available at: http://www.pen.org/freedom/nomination.html Information on Internet censorship is available at the Internet Free Expression Alliance website: http://www.ifea.net ======================================================================= [7] Updated and Expanded EPIC Bookstore ======================================================================= EPIC is pleased to announce its newly updated and expanded online bookstore. This month, the following books are among those featured at the site: The Shadow University: The Betrayal of Liberty on America's Campuses by Alan Charles Kors and Harvey A. Silverglate (Free Press, 320 pages, 1998). The authors "deliver the unexpected. Refreshingly, they seem to believe that even if professors teach what they wish, Western civilization will survive.... The abuses they describe need fixing, and this cogent book should help." - The New York Times Book Review Secrecy : The American Experience by Daniel Patrick Moynihan, Richard Gid Powers (Introduction) (Hardcover, 320 pages, Yale University Press, 1998). A Senator and historian looks at the history of secrecy in America and weighs its costs for democratic government, national security, and agency accountability. His conclusion: more secrecy not less is the key to protecting the nation. The Privacy Law Sourcebook: United States Law, International Law, and Recent Developments. Marc Rotenberg, Editor (EPIC 1998). The Privacy Law Sourcebook is the first one-volume resource for students, attorneys, researchers and journalists who need a comprehensive collection of both US and International privacy law, as well as a fully up-to-date section on recent developments. Includes the full texts of most major privacy laws and directives including the FCRA, the Privacy Act, FOIA, Family Educational Rights Act, Right to FInancial Privacy Act, Privacy Protection Act, Cable Communications Policy Act, ECPA, Video Privacy Protection Act, OECD Privacy Guidelines, OECD Cryptography Guidelines, European Union Directives for both Data Protection and Telecommunications, and more. Order these and other titles at the EPIC Bookstore: http://www.epic.org/bookstore/ ======================================================================= [8] Upcoming Conferences and Events ======================================================================= PDC 98 - the Participatory Design Conference, "Broadening Participation." November 12-14. Seattle, WA. Sponsored by Computer Professionals for Social Responsibility in cooperation with ACM and CSCW 98. Contact: http://www.cpsr.org/conferences/pdc98 Data Privacy in the Global Age. November 13. Milwaukee, WI. Sponsored by ACLU of Wisconsin Data Privacy Project. Contact: Carole Doeppers <acluwicmd@aol.com>. Computer Ethics. Philosophical Enquiry 98 (CEPE'98). December 14-15. London, UK. Sponsored by ACMSIGCAS and London School of Economics. http://is.lse.ac.uk/lucas/cepe98.htm 1999 RSA Data Security Conference. January 18-21, 1999. San Jose, CA. Sponsored by RSA. Contact: http://www.rsa.com/conf99/ FC '99 Third Annual Conference on Financial Cryptography. February 22-25, 1999 Anguilla, B.W.I. Contact: http://fc99.ai. Computers, Freedom and Privacy (CFP) '99. April 6-8, 1999. Washington, DC. Sponsored by ACM. Contact: info@cfp99.org. 1999 EPIC Cryptography and Privacy Conference. June 7, 1999. Washington, DC. Sponsored by EPIC. Contact: info@epic.org. ======================================================================= Subscription Information ======================================================================= The EPIC Alert is a free biweekly publication of the Electronic Privacy Information Center. To subscribe or unsubscribe, send email to epic-news@epic.org with the subject: "subscribe" (no quotes) or "unsubscribe". A Web-based form is available at: http://www.epic.org/alert/subscribe.html Back issues are available at: http://www.epic.org/alert/ ======================================================================= About EPIC ======================================================================= The Electronic Privacy Information Center is a public interest research center in Washington, DC. It was established in 1994 to focus public attention on emerging privacy issues such as the Clipper Chip, the Digital Telephony proposal, national ID cards, medical record privacy, and the collection and sale of personal information. EPIC is sponsored by the Fund for Constitutional Government, a non-profit organization established in 1974 to protect civil liberties and constitutional rights. EPIC publishes the EPIC Alert, pursues Freedom of Information Act litigation, and conducts policy research. For more information, e-mail info@epic.org, http://www.epic.org or write EPIC, 666 Pennsylvania Ave., SE, Suite 301, Washington, DC 20003. +1 202 544 9240 (tel), +1 202 547 5482 (fax). If you'd like to support the work of the Electronic Privacy Information Center, contributions are welcome and fully tax- deductible. Checks should be made out to "The Fund for Constitutional Government" and sent to EPIC, 666 Pennsylvania Ave., SE, Suite 301, Washington DC 20003. Your contributions will help support Freedom of Information Act and First Amendment litigation, strong and effective advocacy for the right of privacy and efforts to oppose government regulation of encryption and funding of the digital wiretap law. Thank you for your support. ---------------------- END EPIC Alert 5.16 ----------------------- .
Return to: