EPIC logo
    ==============================================================
   
       @@@@  @@@@  @@@  @@@@      @    @     @@@@  @@@@  @@@@@
       @     @  @   @   @        @ @   @     @     @  @    @
       @@@@  @@@    @   @       @@@@@  @     @@@   @@@     @
       @     @      @   @       @   @  @     @     @  @    @
       @@@@  @     @@@  @@@@    @   @  @@@@  @@@@  @   @   @
   
    ==============================================================
    Volume 6.13                                  September 1, 1999
    --------------------------------------------------------------
   
                            Published by the
              Electronic Privacy Information Center (EPIC)
                            Washington, D.C.
   
                          http://www.epic.org
   
=======================================================================
Table of Contents
=======================================================================
   
[1] FCC Grants FBI Surveillance Standards Request
[2] Administration Proposes Secret Break-ins to Combat Crypto
[3] Appeals Court Strikes Down Telephone Privacy Regs
[4] Advisory Group Urges Change in Crypto Policy
[5] Appellate Brief Challenges Internet Censorship Law
[6] New Amazon.com Feature Raises Privacy Concerns
[7] EPIC Bookstore - The Tin Drum
[8] Upcoming Conferences and Events
   
=======================================================================
[1] FCC Grants FBI Surveillance Standards Request
=======================================================================
   
In a decision released on August 31, the Federal Communications
Commission (FCC) largely adopted technical standards proposed by the
Federal Bureau of Investigation (FBI) that would re-design the
nation's telecommunications networks to facilitate electronic
surveillance.  The ruling could result in a significant increase in
government interception of digital communications.  Included is a
requirement that cellular telephone networks must provide police the
ability to track the physical location of cell phone users.
   
The FCC decision involves the Communications Assistance for Law
Enforcement Act (CALEA), a controversial law enacted by Congress in
1994, which requires the telecommunications industry to design its
systems in compliance with FBI technical specifications.  In
negotiations over the last few years, the FBI and industry
representatives were unable to agree upon those standards, resulting
in the current proceeding before the Commission.  EPIC opposed the
enactment of CALEA in 1994 and has participated as a party in the FCC
proceeding, arguing that many of the FBI standards go beyond the scope
of the legislation and threaten communications privacy.
   
Another standard approved by the FCC would allow police investigators
to listen in on phone conversations of all parties to a conference
call, even if some were put on hold and were no longer talking to the
target of the authorized surveillance.  The standards would also enable
police to determine when someone is using call-forwarding, three-way
calling or other features.
   
On an issue of potentially great significance to the Internet, the
Commission directed that "packet-mode communications" be made available
to law enforcement no later than September 2001. Such communications
can contain both voice and data.  Noting the privacy problems raised by
this requirement, the FCC requested the telecom industry to "study
CALEA solutions for packet-mode technology" that will "better address
privacy concerns" and report back in one year.
   
EPIC is reviewing the full text of the decision and may challenge the
FCC action in federal court.
   
Additional information on CALEA, including the full text of the FCC
decision, is available at:
   
     http://www.epic.org/privacy/wiretap/
   
=======================================================================
[2] Administration Proposes Secret Break-ins to Combat Crypto
=======================================================================
   
A new Clinton Administration proposal could result in an unprecedented
intrusion into the sanctity of private homes and businesses.  The White
House plan would enable federal and local law enforcement agents to
secretly break into private premises and alter computer equipment to
collect e-mail messages and other electronic information.
   
As first disclosed on August 20, the administration is circulating
draft legislation known as the Cyberspace Electronic Security Act
(CESA), the latest White House effort to address the growing use of
encryption technology.  As described in an August 4 analysis of the
legislation obtained by EPIC, the proposal would amend current law to
authorize "the alteration of hardware or software that allows plaintext
to be obtained even if attempts were made to protect it through
encryption."  Courts would, for the first time, be able to approve
covert police entries into homes and offices for the purposes of making
such alterations.
   
CESA outlines law enforcement's ability to obtain the plaintext version
of encrypted information.  Under CESA, officials would be allowed to
obtain keys that can decipher encrypted information after obtaining a
warrant. While CESA provides for the issuance of warrants when keys are
in the hands of "recovery agents," it also includes more alarming
provisions when there are no such "recovery agents."
   
When there are no third parties that possess keys and it is deemed
important not to alert the suspect, law enforcement officials would be
given the power to enter homes surreptitiously to install a "recovery
device."  It is unclear what such a device may entail, but it would
modify software or hardware and allow for the recovery of plaintext
even if the suspect attempts to encrypt any of his or her computer
files.
   
In a letter to Attorney General Janet Reno, Rep. Bob Barr (R-GA) said,
"This proposal demonstrates how addicted federal law enforcement has
become to electronic surveillance.  In my opinion, this addiction
threatens both civil liberties and the effectiveness of law
enforcement."  Barr predicted that CESA would be "dead on arrival" if
it is transmitted to Congress.
   
CESA is the latest in a long line of administration efforts to ensure
government access to encrypted information.  While the Justice
Department defends CESA as striking a reasonable balance between civil
liberties concerns and the needs of law enforcement, the proposal would
give government unprecedented authority to engage in the most invasive
techniques.
   
=======================================================================
[3] Appeals Court Strikes Down Telephone Privacy Regs
=======================================================================
   
In a somewhat odd opinion, a federal appeals court has ruled that
regulations developed by the FCC to implement the privacy provisions of
the 1996 Telecommunications Act violate the First Amendment rights of
telephone companies to disclose the detailed calling records of their
customers.
   
The challenge, brought by US West, focused on the opt-in provisions
that were included in the FCC regulations.  Those provisions require
telephone companies to obtain affirmative consent from customers before
disclosing "Customer Proprietary Network Information," which includes,
for example, monthly billing information.  US West contended that the
purpose of the Act could be satisfied by means of an opt-out that would
require customers to first learn about the disclosure of the personal
information and then to object.
   
Judge Deanell Reese Tacha, joined by Circuit Judge David M. Ebel, found
that the FCC's CPNI regulations restricted constitutionally protected
commercial speech.  They further held that although the government has
a substantial interest in protecting customer privacy and promoting
competition, the FCC didn't show that its CPNI rules would "directly
and materially" advance those interests.  The majority held that the
CPNI rules were not sufficiently narrowly tailored to meet those
objectives.
   
Writing in dissent, Judge Mary Beck Briscoe said that "Congress made it
abundantly clear it intended for telecommunications carriers to obtain
customer 'approval' prior to using, disclosing, or permitting access to
individually identifiable CPNI."  She concluded that US West's petition
for review was "little more than a run-of-the-mill attack on an agency
order clothed by ingenious argument in the garb of First and Fifth
Amendment issues" and said that the CPNI Order is an entirely
reasonable interpretation of section 222 of the 1996 Telecommunications
Act.
   
Robert Ellis Smith, publisher of the Privacy Journal, noted that the
the U.S. Supreme Court has "held unequivocally that a commercial entity
that is not a news publication cannot claim to have full First
Amendment protection for the information it includes in a credit
report."  The reason is that this "ledger" information is for a
specialized business purpose, circulated within a narrowly confined
community of users; it is not widely circulated public-interest
material for which the amendment was intended.
   
The text of US West v. FCC (10th Cir., Aug. 18, 1999) is available
at:
   
     http://www.kscourts.org/ca10/cases/1999/08/98-9518.htm
   
=======================================================================
[4] Advisory Group Urges Change in Crypto Policy
=======================================================================
   
A White House advisory subcommittee announced on August 25 that it has
recommended that the Clinton Administration substantially revise its
restrictive stance on the export of encryption products.  The
President's Export Council Subcommittee on Encryption (PECSENC) was
formed earlier this year to provide guidance in the U.S. Government's
development of encryption policy, which has been the subject of heated
debate.  The government has insisted for years that liberalizing
encryption export could cause serious national security problems by
giving terrorists and criminals access to the technology.
   
Critics of the Administration's policy had expected to find little
support in the subcommittee's recommendations. William Crowell, the
subcommittee's chairman, previously served as Deputy Director for the
National Security Agency. Several committee members also had ties to
law enforcement or other government agencies.  Despite these ties,
however, the subcommittee cited a need for the U.S. government to
"recognize market realities" and reverse its course on encryption
policy. Among its recommendations:
   
- License-Free Zones: Recognizing that the European Union is planning
to drop all cryptographic export rules between member countries, the
U.S. should likewise identify a list of countries which do not pose any
major terrorist threat, and allow encryption export (hardware and
software products) without a license.
   
- On-Line Merchants: On-line merchants based in other countries should
be added to the list of businesses permitted to have encryption
products exported to them from the United States.  Banks and a limited
number of other financial institutions currently enjoy this license
exception.
   
- Mass-market hardware and software: Mass-market products which utilize
up to 128-bit key length triple DES should enjoy a license exception.
"The U.S. government should recognize the difficulty of controlling
mass-market products once they are allowed to be exported to even
limited sectors".
   
The subcommittee also suggests eliminating cumbersome reporting
requirements for manufacturers of encryption products, as well as
removal of source code, cryptographic Application Programming
Interfaces and devices such as encrypting routers from the list of
restricted technologies.
   
PECSENC Chair William Crowell has said that the Administration will
make further changes to its encryption export policy based on the
recommendations sometime in September.
   
=======================================================================
[5] Appellate Brief Challenges Internet Censorship Law
=======================================================================
   
A coalition of cyber-rights groups and Web publishers filed an
appellate brief on August 27 supporting a lower court decision
enjoining enforcement of the Child Online Protection Act (COPA).  The
case against COPA -- brought by EPIC, the ACLU and other organizations
-- is now pending before the U.S. Court of Appeals for the Third
Circuit. The Justice Department initiated the appeals court proceeding
in April.
   
The government's appeal challenges the finding of Judge Lowell A. Reed,
Jr. that the new Internet censorship law would restrict free speech in
the "marketplace of ideas."  Judge Reed's February 1 ruling enjoins
enforcement of COPA, the statutory successor to the Communications
Decency Act (CDA), which the Supreme Court struck down in June 1997.
The legal challenge to COPA was filed on behalf of 17 organizations
publishing information on the World Wide Web.  In granting a
preliminary injunction against COPA, the lower court held that the
plaintiffs are likely to succeed on their claim that the law "imposes
a burden on speech that is protected for adults." The ruling came after
a six-day hearing which featured testimony from website operators who
provide free information about fine art, news, gay and lesbian issues
and sexual health for women and the disabled, and who all fear that
COPA would force them to shut down their websites.
   
In his 49-page opinion, Judge Reed listed 68 separate "findings of
fact" to support his decision.  The judge considered evidence that COPA
imposed technological and economic burdens on speakers, but concluded
that ultimately the relevant inquiry is the "burden imposed on the
protected speech, not the pressure placed on the pocketbooks or bottom
lines of the plaintiffs."
   
The full text of the Judge Reed's decision, and complete information on
the legal challenge, is available at:
   
     http://www.epic.org/free_speech/copa/
   
=======================================================================
[6] New Amazon.com Feature Raises Privacy Concerns
=======================================================================
   
On August 20, Amazon.com initiated a new feature on its website --
"purchase circles" -- that lists best sellers organized by geographic
area, companies, or universities.  The firm compiled the lists using
aggregate data that it had collected and subsequently displayed without
the permission or knowledge of its customers.  While Amazon.com
intended "purchase circles" to be a fun and innovative feature, many
Amazon customers were surprised and upset to see that their buying
habits were being collected.
   
Even though none of the displayed information was individually
identifiable, the public reaction to "purchase circles" demonstrates
that consumers are concerned when information is used without their
consent. Furthermore, the incident highlights the absence of any legal
protections that individuals may have in preventing information from
being collected or disclosed.
   
Despite privacy criticisms, Amazon.com initially defended "purchase
circles" and deflected the complaints as an unavoidable result of
implementing an inventive feature.  However, by August 27, Amazon's
director of product development responded to the public concern and
announced that "privacy is of utmost importance to our customers and to
us."  Amazon.com now allows customers to opt-out from having their
buying information included in future "purchase circles."
   
=======================================================================
[7] EPIC Bookstore - The Tin Drum
=======================================================================
   
The featured item in the EPIC Bookstore this week is the video of the
widely acclaimed Gunter Grass novel "The Tin Drum."  The movie depicts
the rise and fall of the Third Reich and won the 1979 Oscar for best
foreign film. It also contains scenes of a sexual nature involving
children.
   
In 1997, police in Oklahoma City, acting without a search warrant or
court order, seized the video from local video stores. On October 20,
1998, a federal judge in Oklahoma City ruled that the film does not
violate the state's child pornography laws.
   
Last week an Oklahoma man won a $2,500 judgment when a jury found that
police violated his civil rights by obtaining his name from a video
shop where he rented the movie. Michael Camfield was confronted by
police at his home in 1997 and asked to return the copy of the film.
The jury found that the police violated the Video Privacy Protection
Act by getting his name from the shop.
   
Celebrate freedom of speech, the right of privacy, and intellectual
freedom. Purchase the movie today from the EPIC Bookstore.
   
EPIC Bookstore - The Tin Drum (VHS)
   
  http://www.amazon.com/exec/obidos/ASIN/6304239297/electronicprivacA
   
EPIC Bookstore - Featured videos
   
  http://www.epic.org/bookstore/films.html
   
EPIC Bookstore
   
  http://www.epic.org/bookstore
   
=======================================================================
[8] Upcoming Conferences and Events
=======================================================================
   
The 21st International Conference on Privacy and Personal Data
Protection.  Hong Kong, September 13-14, 1999.  A distinguished group
of over 50 speakers/panelists from overseas and Hong Kong will explore
the theme of  "Privacy of Personal Data, Information Technology &
Global Business in the Next Millennium."" Sponsored by the Office of
the Privacy Commissioner for Personal Data in Hong Kong.  Contact:
icc@asiaonline.net
   
"A Privacy Agenda for the 21st Century." September 15, 1999. Hong Kong
Convention and Exhibition Centre, Hong Kong PRC. Contact:
rotenberg@epic.org
   
"Certified Wide Area Road Use Monitoring." September 21-23, 1999.
Albuquerque, New Mexico.  Sponsored by the New Mexico State Highway and
Transportation Department Research Bureau in cooperation with the
University of New Mexico Alliance for Transportation Research
Institute. An intensive 2 1/2 day educational and developmental
symposium on a single rapidly evolving concept in Intelligent
Transportation Systems (ITS).  For more information:
http://www.unm.edu/~nmtrans/CWARUM-1.html
   
Final Call for Papers - Fourth Annual Conference on Financial
Cryptography '00. Submissions due by September 24, 1999. For more
information: http://www.fc00.cs.uwm.edu/esub.html
   
Information Security Solutions Europe 1999. October 4-6, 1999. Maritim
proArte Hotel, Berlin, Germany. For more information:
http://www.eema.org/isse/
   
The Public Voice in Electronic Commerce. October 11, 1999. Organization
for Economic Co-operation and Development. Paris, France. Contact:
rotenberg@epic.org
   
The Internet Security Conference (TISC). October 11-15, 1999. Boston
World Trade Center. Boston, MA. For more information:
http://tisc.corecom.com
   
Integrating Government with New Technologies '99 Policy vs Technology:
Service Integration in the New Environments - A two-day Seminar and
Training Session. December 13-14, 1999. Government Conference Center.
Ottawa, Canada. For more information: http://www.rileyis.com/seminars
   
RSA 2000. The ninth annual RSA Data Security Conference and Expo.
January 16-20, 2000. San Jose McEnery Convention Center. San Jose, CA.
For more information: http://www.rsa.com/rsa2000/
   
=======================================================================
Subscription Information
=======================================================================
   
The EPIC Alert is a free biweekly publication of the Electronic
Privacy Information Center. A Web-based form is available for
subscribing or unsubscribing at:
   
     http://www.epic.org/alert/subscribe.html
   
To subscribe or unsubscribe using email, send email to
epic-news@epic.org with the subject: "subscribe" (no quotes) or
"unsubscribe".
   
Back issues are available at:
   
     http://www.epic.org/alert/
   
=======================================================================
About EPIC
=======================================================================
   
The Electronic Privacy Information Center is a public interest
research center in Washington, DC.  It was established in 1994 to focus
public attention on emerging privacy issues such as the Clipper Chip,
the Digital Telephony proposal, national ID cards, medical record
privacy, and the collection and sale of personal information. EPIC is
sponsored by the Fund for Constitutional Government, a non-profit
organization established in 1974 to protect civil liberties and
constitutional rights.  EPIC publishes the EPIC Alert, pursues Freedom
of Information Act litigation, and conducts policy research. For more
information, e-mail info@epic.org, http://www.epic.org or write EPIC,
666 Pennsylvania Ave., SE, Suite 301, Washington, DC 20003. +1 202 544
9240 (tel), +1 202 547 5482 (fax).
   
If you'd like to support the work of the Electronic Privacy Information
Center, contributions are welcome and fully tax-deductible.  Checks
should be made out to "The Fund for Constitutional Government" and sent
to EPIC, 666 Pennsylvania Ave., SE, Suite 301, Washington, DC 20003.
   
Your contributions will help support Freedom of Information Act and
First Amendment litigation, strong and effective advocacy for the right
of privacy and efforts to oppose government regulation of encryption
and expanding wiretapping powers.
   
Thank you for your support.
   
  ---------------------- END EPIC Alert 6.13 -----------------------
   
   
.
   
Return to:

Alert Home Page | EPIC Home Page