EPIC Alert 6.04 (3/4/99)

   ==============================================================
 
       @@@@  @@@@  @@@  @@@@      @    @     @@@@  @@@@  @@@@@
       @     @  @   @   @        @ @   @     @     @  @    @
       @@@@  @@@    @   @       @@@@@  @     @@@   @@@     @
       @     @      @   @       @   @  @     @     @  @    @
       @@@@  @     @@@  @@@@    @   @  @@@@  @@@@  @   @   @
 
   ==============================================================
   Volume 6.04	                                    March 4, 1999
   --------------------------------------------------------------
 
                            Published by the
              Electronic Privacy Information Center (EPIC)
                            Washington, D.C.
 
                          http://www.epic.org
 
=======================================================================
Table of Contents
=======================================================================
 
[1] Intel ID Plan Under Fire: Competitors Critical, Advocates Protest
[2] Reno Proposes National DNA Database
[3] CFP 99 - Early Registration Deadline Approaching
[4] GAO Releases Two Reports on Privacy
[5] Crypto Export Relaxation Bill Introduced
[6] EPIC Bookstore - The End of Privacy
[7] EPIC Bill-Track: New Bills in Congress
[8] Upcoming Conferences and Events
 
=======================================================================
[1] Intel ID Plan Under Fire: Competitors Critical, Advocates Protest
=======================================================================
 
Even in the face of continued public opposition and government
investigations, Intel announced plans to move forward with the
controversial Processor Serial Number at the Intel Developers Forum
last week. According to ZDNN, Michael Glancy, general manager of
Intel's platform security division, told developers to expect the chip
ID in all the company's products soon including Internet appliances and
portable devices based on Intel's StrongARM processor. Intel is also
working with several Australian content providers on developing web
sites that can only be accessed if the user releases the PSN.
 
Meanwhile, other chip manufacturers have declined to adopt the PSN.
Wired News reported that Brian Halla, CEO of National Semiconductor was
also dismissive of the PSN, "We personally think security belongs in
your wallet. It's personal, not a CPU-centric thing. It doesn't make
any sense to have an ID in information appliances." Advanced Micro
Designs (AMD), the major competitor of Intel has also not introduced a
PSN.
 
Privacy groups wrote to the heads of socially responsible mutual funds
on February 26 asking that they divest Intel from their portfolios. Amy
Domini, president of the Domini Social Equity Fund, issued a prepared
statement: "We take the situation very seriously. Privacy on the
Internet is more than simply an issue of personal choice. Without
privacy our every political view, personal interest, contact of an old
friend or checking on the weather becomes trackable for uses ranging
>from selling soap to monitoring segments of the populationÉ We have
begun our evaluation, and will include communication with Intel and
will make a decision once it is complete."
 
Meanwhile, a European Union recommendation, adopted in late February
and announced by EU Internal Market Commission Mario Monti indicates
that EU privacy officials will be looking more closely at Internet-
based identity schemes. The recommendation cites problems with Web
browsers and programming technologies, as well as 'cookies.'
 
More information on the PSN controversy is available at:
 
     http://www.bigbrotherinside.com/
 
=======================================================================
[2] Reno Proposes National DNA Database
=======================================================================
 
Attorney General Janet Reno has asked a federal commission to study the
possibility of requiring that a DNA sample be collected from every
person arrested in the United States and permanently kept in a national
database. Reno asked the National Commission on the Future of DNA
Evidence to look into the plausibility of genetic sampling on everyone
arrested, including for minor traffic violations, at a meeting of the
Commission in Dallas last week.
 
If the proposal is adopted, the DNA database would be quite large. In
1997, over 15 million people were arrested in the US. Currently, the
law allows only individuals convicted for a few crimes including sex
offenders to have their DNA collected. The FBI Combined Index DNA
Indexing System (CODIS) currently contains information on 38,000
people. Another 450,000 samples are awaiting processing. Reno suggested
at a press conference in January that in the future police could verify
the identity of a detained motorist by means of an onsite DNA test and
advanced police computers.
 
Civil libertarians argued against the increased collection at the
meeting, saying that mass collection of DNA would be an illegal search
with little purpose in most cases, especially for minor crimes. There
are concerns that the DNA samples collected could also be used for
other purposes, such as research into genetic issues, or be released to
others such as insurance companies. The US Defense Department has began
to collect samples of all persons in the military and plans to keep the
samples indefinitely for other uses such as research.
 
Some states are already moving forward on testing. Louisiana will begin
testing all persons arrested in September and New York and North
Carolina are considering doing the same. New York City Mayor Rudolf
Guiliani went one step further and suggested last month that all
children should have a sample of their DNA taken at birth for use in
future criminal investigations. The Commission is planning to respond
to Reno's request in August.
 
=======================================================================
[3] CFP 99  - Early Registration Deadline Approaching
=======================================================================
 
Register now for the cyber event of the year:
 
 
  C                COMPUTERS, FREEDOM, AND PRIVACY
  F                      THE GLOBAL INTERNET
  P
  9                         WASHINGTON, DC
  9                      Omni Shoreham Hotel
  .                        April 6-8, 1999
  O
  R
  G
          ** Early Registration Deadline - March 15, 1999 **
 
For almost a decade, the conference on Computers, Freedom and Privacy
has shaped the public debate on the future of privacy and freedom in
the online world. Register now for the number one Internet policy
conference. Join a diverse audience from government, industry,
academics, the non-profit sector, the hacker community and the media.
Enjoy the U.S. Capital in the spring at one of Washington's premier
hotels.
 
  *	Keynote speakers include Tim Berners-Lee (Director, World Wide
	Web Consortium), Vint Cerf (President, Internet Society),
	Congressman Ed Markey (sponsor of "The Electronic Bill of
	Rights Act"), Congressman Ron Paul (sponsor of the Freedom and
	Privacy Restoration Act), Henrikas Yushkiavitshus (Associate
	Director, UNESCO).
 
  *     Lively and thought-provoking panels on -- "the Creation of a
	Global Surveillance Network," "Access and Equity on the Global
	Internet," "Anonymity and Identity in Cyberspace," "Free
	Speech and Cyber Censorship," "Is Escrow Dead? And what is
	Wassenaar?", "Self-Regulation Reconsidered" and more.
 
  *	Tutorials -- "The Electronic Communications Privacy Act" (Mark
	Eckenwiler); "Cryptography: Basic Overview & Nontraditional
	Uses" (Matt Blaze and Phil Zimmermann), "Free Speech, The
	Constitution and Privacy in Cyberspace" (Mike Godwin),
	"Techniques for Circumventing Internet Censorship" (Bennett
	Haselton and Brian Ristuccia).
 
  *     Other Events -- Privacy International's Big Brother Awards to
        the worst privacy violators in the US, EFF's Pioneer Awards
        to those who have done the most to promote the net.
 
  Early Registration Deadline - March 15, 1999
  --------------------------------------------
 
Register on-line at http://www.regmaster.com/cfp99.html or call +1 407
628 3602.  Registration inquiries may also be sent to
mann@regmaster.com.
 
For more information about CFP99, visit http://www.cfp99.org/ or call
+1 401 628 3186
 
=======================================================================
[4] GAO Releases Two Reports on Privacy
=======================================================================
 
The General Accounting Office has released reports on the use of the
Social Security Number and medical privacy and research.
 
Medical Records Privacy: Access Needed for Health Research, but
Oversight of Privacy Protections is Limited (GAO/HEHS-99-55), Feb.
1999. This report reviews privacy protections of identifiable medical
information used for research purposes. It finds that many
organizations have internal procedures governing use of medical
information including requiring that an institutional review Board
(IRB) review all proposals. However, it found that IRBs have limited
oversight abilities and frequently waive confidentiality requirements
for records.
 
     http://www.epic.org/privacy/medical/gao-medical-privacy-399.pdf
 
Social Security: Government and Commercial Use of the Social Security
Number is Widespread (GAO/HEHS-99-28), February 1999. The report
reviews uses of the SSN by state agencies and commercial organizations
including information brokers, financial services and health care
organizations. Not suprisingly, the SSN is widely used as either a
primary or secondary identifier and the lack of federal laws limiting
its use or disclosure is encouraging more uses. These organizations
oppose restrictions on their uses of the SSN. However, some states are
pulling back from making it available in public records due to privacy
concerns.
 
     http://www.epic.org/privacy/ssn/gao_ssn_2_99.html
 
=======================================================================
[5] Crypto Export Relaxation Bill Introduced
=======================================================================
 
Congressman Bob Goodlatte (R-VA) has re-introduced legislation in the
House of Representatives to relax export controls on encryption
products. His bill The Security And Freedom through Encryption (SAFE).
H.R. 850, Act marks the 5th consecutive Congress in which legislation
to reduce controls has been introduced.
 
The bill limits export license requirements for encryption products
that are generally available such as sold on the Internet or though
retail outlets, in the public domain, or used in commercial products
such as DIVX machines to a one-time 15 day technical review. More
specialized products can be sold if the country is one of 45 that
manufacturers can currently send strong encryption to financial
institutions or if the Secretary of Commerce finds that a foreign
producers without export limitations is making a similar product
available.
 
The bill makes it lawful to use and sell encryption in the US and
prohibits the federal government or state governments from requiring
key escrow. It also contains the controversial provision that creates a
new federal crime for the use of encryption to conceal criminal
conduct.
 
The bill has widespread support in the House but it faces an uphill
battle. The bill has 204 co-sponsors including House Majority Leader
Dick Armey (R-TZ), Whip Tom Delay (R-TX), Minority Leader Dick Gephardt
(D-MO) and Whip David Bonior (D-MI). However, new Speaker of the House
Dennis Hastert (R-IL) was an opponent of SAFE in the 105th Congress and
the White House remains opposed to any substantial relaxation and would
likely veto any bill that was approved.
 
More information on encryption policy is available at:
 
     http://www.crypto.org/
 
=======================================================================
[6] EPIC Bookstore - The End of Privacy
=======================================================================
 
Now available at the EPIC Bookstore [http://www.epic.org/bookstore/]:
 
The Limits of Privacy by Amitai Etzioni
    http://www.amazon.com/exec/obidos/ASIN/0465040896/electronicprivacA
 
"Etzioni continues his elucidation and defense of 'communitarianism'
begun in such previous works as The New Golden Rule: Community and
Morality in a Democratic Society (1997). Communitarianism holds that a
good society must maintain a balance between individual rights and the
common good. Since the 1960s or so, concern for the common good has
given way in the US to 'excessive deference to privacy.' Etzioni
believes its time to correct the balance. Certainly aware of the
importance of privacy, Etzioni lays out specific criteria to be met and
stringent processes to be followed when rights are to be curtailed.
There must be a real, not hypothetical, danger to the common good. The
danger must first be dealt with, without restricting privacy rights if
possible. When rights are curtailed the action should be minimally
intrusive, and undesired side effects must be guarded against, e.g., if
widespread HIV testing is found necessary, efforts must be made to
enhance the confidentiality of medical records. Taking this framework,
Etzioni examines five areas of public policy, among them mandatory HIV
testing of infants, [key escrow], the public listing of sex offenders
('Megan's Laws'), and medical- records privacy. Predictably, in all but
the last, where he argues that there should be more protection, he
finds a minimal diminution in individual rights justifiable. Sex
offenders, for instance, do have their rights curtailed when their
presence in a community is made public, but the benefit to the
community is worth it. These substantive chapters are intriguing, yet
overall there is not much new here. Etzioni has plowed this field
often, and the basic premises of his argument are not improved upon.
Curiously, he continues to paint privacy with broad strokes, with too
little regard for the nuances of that term. Is it hedonism he decries,
or selfishness? Are demands for rights all symptomatic of a disregard
for the public good? Such issues remain unexplored.  (Kirkus Reviews,
February 15, 1999, Copyright ©1999, Kirkus Associates, LP)
 
Privacy and Human Rights 1998 - An International Survey of Privacy Laws
and Developments
 
     http://www.epic.org/bookstore/epic_books.html
 
Now available is the Global Internet Liberty Campaign's comprehensive
survey of privacy laws in fifty countries around the world. Among the
report's key findings is that there is a growing trend in almost all
jurisdictions to enact comprehensive privacy and data protection acts,
either to address past government abuses, to promote electronic
commerce, or to ensure compatibility with international standards
developed by the European Union, the Council of Europe, and the
Organization for Economic Cooperation and Development. Less positive is
the finding that new technologies are increasingly eroding privacy
rights, and that surveillance authority is regularly abused, even in
many democratic countries.
 
Price: $15 plus shipping. Available directly from EPIC.
 
These and other titles are available for purchase online at the EPIC
Bookstore: http://www.epic.org/bookstore/
 
=======================================================================
[7] EPIC Bill-Track: New Bills in Congress
=======================================================================
 
EPIC Bill Track: Tracking Privacy, Speech, and Cyber-Liberties Bills in
the 106th Congress
 
     http://www.epic.org/privacy/bill_track.html
 
* Approved *
 
H.R. 438. Wireless Communications and Public Safety Act of 1999.
Mandates location information for cellular phones for 911. Limits use
of information. Sponsor Rep Shimkus, John (R-IL). Referred to the House
Committee on Commerce on 2/2/99. Subcommittee Hearings Held on 2/3/99.
Ordered to be Reported (Amended) by Voice Vote on 2/11/99. Measure
passed House, roll call #24 (415-2) on 2/24/99.
 
H.R. 514. Wireless Privacy Enhancement Act of 1999. Prohibits
interception of wireless communications, scanners. Sponsor Rep Wilson,
Heather. Referred to the Committee on Commerce. Referred to the House
Committee on Commerce on 2/2/99. Subcommittee Hearings Held on 2/3/99.
Ordered to be Reported (Amended) by Voice Vote on 2/11/99. Measure
passed House, roll call #28 (403-3) on 2/25/99.
 
* New House Bills *
 
H.R. 850. Security And Freedom through Encryption (SAFE) Act. Relaxes
export controls on encryption, prohibits mandatory key escrow, creates
criminal penalty for using crypto in a crime. Sponsor  Rep Goodlatte,
Bob (R-VA) 204 co-sponsors. Referred to the Committee on the Judiciary,
and in addition to the Committee on International Relations.
 
H.R. 852. Freedom to E-File Act. require the Department of Agriculture
to establish an electronic filing and retrieval system to enable the
public to file all required paperwork electronically with the
Department and to have access to public information on farm programs,
quarterly trade, economic, and production reports, and other similar
information. Sponsor  Rep LaHood, Ray. Referred to the House Committee
on Agriculture.
 
H.R. 896. Childrens' Internet Protection Act. Require the installation
and use by schools and libraries of a technology for filtering or
blocking material on the Internet on computers with Internet access to
be eligible to receive or retain universal service assistance. Sponsor
Rep Franks, Bob (R-NJ). Referred to the House Committee on Commerce.
 
* New Senate Bills *
 
S. 411. Clone Pager Authorization Act of 1999. Expands legal authority
to authorize broader use of clone pagers. Sponsor Sen DeWine, Michael
(R-OH). Referred to the Committee on Judiciary.
 
S. 466. American Financial Institutions Privacy Act of 1999. Prohibits
implementation of "Know your Customer" rules unless approved by Act of
Congress, requires study on privacy issues. Sponsor Jeffords, James
(R-VT). Referred to the Committee on Banking, Housing, and Urban
Affairs.
 
=======================================================================
[8] Upcoming Conferences and Events
=======================================================================
 
Access to Information: Strategies and Solutions. March 16, 1998.
Arlington, VA. Sponsored by the Freedom Forum and American Library
Association. http://www.freedomforum.org/first/1999/2/ombudevents.asp
 
CYBERSPACE 1999: Crime, Criminal Justice and the Internet. March 29 &
30, 1999. York, UK. Sponsored by the British and Irish Legal Education
Technology Association (BILETA). http://www.bileta.ac.uk/
 
"Computers, Freedom and Privacy: The Global Internet," April 6-8, 1999.
Washington, DC. Sponsored by ACM. Early registration deadline: March
15. Online registration: http://www.cfp99.org/
 
Encryption Controls Workshop. May 13, 1999. Raleigh, NC. Sponsored by
the U.S. Dep't of Commerce. Contact: (202) 482-6031
 
Cryptography & International Protection of Human Rights  (CIPHR'99).
August 9-13, 1999. Lake Balaton, Hungary. Contact:
http://www.cryptorights.org/
 
=======================================================================
Subscription Information
=======================================================================
 
The EPIC Alert is a free biweekly publication of the Electronic Privacy
Information Center. A Web-based form is available for subscribing or
unsubscribing at:
 
     http://www.epic.org/alert/subscribe.html
 
To subscribe or unsubscribe using email, send email to epic-news@epic.org
with the subject: "subscribe" (no quotes) or "unsubscribe".
 
Back issues are available at:
 
     http://www.epic.org/alert/
 
=======================================================================
About EPIC
=======================================================================
 
The Electronic Privacy Information Center is a public interest research
center in Washington, DC.  It was established in 1994 to focus public
attention on emerging privacy issues such as the Clipper Chip, the
Digital Telephony proposal, national ID cards, medical record privacy,
and the collection and sale of personal information.  EPIC is sponsored
by the Fund for Constitutional Government, a non-profit organization
established in 1974 to protect civil liberties and constitutional
rights.  EPIC publishes the EPIC Alert, pursues Freedom of Information
Act litigation, and conducts policy research.  For more information,
e-mail info@epic.org, http://www.epic.org or write EPIC, 666
Pennsylvania Ave., SE, Suite 301, Washington, DC 20003. +1 202 544 9240
(tel), +1 202 547 5482 (fax).
 
If you'd like to support the work of the Electronic Privacy Information
Center, contributions are welcome and fully tax-deductible.  Checks
should be made out to "The Fund for Constitutional Government" and sent
to EPIC, 666 Pennsylvania Ave., SE, Suite 301, Washington, DC 20003.
 
Your contributions will help support Freedom of Information Act and
First Amendment litigation, strong and effective advocacy for the right
of privacy and efforts to oppose government regulation of encryption
and expanding wiretapping powers.
 
Thank you for your support.
 
  ---------------------- END EPIC Alert 6.04 -----------------------
 
.
Return to:
Alert Home Page | EPIC Home Page