===========================================================

        @@@@  @@@@  @@@  @@@@      @    @     @@@@  @@@@  @@@@@
        @     @  @   @   @        @ @   @     @     @  @    @
        @@@@  @@@    @   @       @@@@@  @     @@@   @@@     @
        @     @      @   @       @   @  @     @     @  @    @
        @@@@  @     @@@  @@@@    @   @  @@@@  @@@@  @   @   @
   
    ==============================================================
    Volume 6.17                                   October 25, 1999
    --------------------------------------------------------------
   
                             Published by the
               Electronic Privacy Information Center (EPIC)
                             Washington, D.C.
   
                           http://www.epic.org
   
=======================================================================
Table of Contents
=======================================================================
   
[1] EPIC Joins Amicus on FCC Petition for Rehearing
[2] FTC Issues Rules on Child Online Privacy Protection
[3] EPIC Submits Comments for Online Profiling Workshop
[4] State of First Amendment -- First Amendment Center Survey
[5] Model State Public Health Privacy Act Now Available
[6] Privacy International's Big Brother Awards
[7] EPIC Bookstore -  Compilation of State and Federal Privacy Laws
[8] Upcoming Conferences and Events
   
=======================================================================
[1] EPIC Joins Amicus on FCC Petition for Rehearing
=======================================================================
   
Today, EPIC joined an amicus, "friend of the court", brief -- along
with more than a dozen consumer and privacy organizations and twenty
legal scholars -- defending the privacy of telephone records against
telephone companies who want to distribute information about
customers' calling habits to marketing companies.
   
The amicus brief was filed in support of a petition from the Federal
Communications Commission (FCC).  The "friend of the court" brief asks
the Tenth Circuit Court of Appeals, based in Denver, Colorado, to
uphold a privacy provision that was enacted by Congress in 1996 and
implemented by the FCC.  In US West v. FCC, the federal appeals court
said that the "opt-in" privacy safeguard recommended by the FCC
violated the First Amendment rights of the telephone company to market
products and services.
   
In the brief, the organizations and scholars said that the case is of
great importance to telephone consumers across the United States.  The
information that would be disclosed "consists of customer calling
records that would not exist but for the private activities of
telephone customers.  These records, which are not publicly available,
include such sensitive and personal information as who an individual
calls, when, for how long, and how often."  They described the
alternative opt-out approach as burdensome and said it "would have
required telephone customers to contact their carrier to prevent the
disclosure of their personal calling records."
   
They concluded that an "opt-in approach is consistent with the First
Amendment and is the most reasonable fit with the Congress's intent to
protect the privacy of telephone subscribers' personal information."
   
A wide range of privacy and consumer organizations joined the brief,
including EPIC, the ACLU, the Consumer Federation of America, and the
US Public Interest Research Group.  The brief was also endorsed by
many leading legal scholars. The Washington law firm of Covington &
Burling filed the brief on behalf of the coalition.
   
Information about US West v. FCC:
   
      http://www.epic.org/privacy/litigation/uswest/
   
Brief of Amicus Curiae in Support of Respondent's Petition for
Rehearing:
   
http://www.epic.org/privacy/litigation/USWest/amicus_brief_SRPR.html
   
=======================================================================
[2] FTC Issues Rules on Child Online Privacy Protection
=======================================================================
   
Last Wednesday, the Federal Trade Commission released new standards to
protect childrens' online privacy.  The rules, scheduled to take
effect in April, require Web sites to gain parental consent for their
child's disclosure of personal information and specify procedures for
the posting of privacy policies.  The standards were written in
compliance with the Children's Online Privacy Protection Act (COPPA),
passed by Congress last year.  The FTC voted 4-0 in favor of the new
regulations, which apply to children under the age of thirteen.
   
The FTC's rules will set the methods used by Web site operators obtain
parental permission based on a "sliding scale" -- varying according to
the type of information collected and how it is used.  Before children
can participate in chat rooms or provide information that will be
disclosed to third parties, Web sites will have to gain permission
through more secure means, such as postal mail, fax, credit card or
digital signatures.  If the Web site will use the information only
internally, the company can receive consent via e-mail, provided that
the company takes further steps to confirm the parent's identity, such
as a follow-up telephone call or e-mail.  The FTC plans to allow the
sliding scale standard to expire after two years in exchange for more
reliable electronic forms of consent.
   
The new rules will also require Web sites to post a conspicuous link
to a notice of their information collection practices on their home
page, as well as every other page where information is collected.  The
notice must reveal the name and contact information of the Web site
operators, the type of information that is collected, how it is used,
and whether it is provided to third parties.  In addition, the notice
must declare that children will not be excluded from particular
activities if they do not provide certain information.  The notice
must also explain that parents have a right to review and delete their
child's information as well as prohibit additional collection of
information about their child.
   
Congress passed COPPA after an FTC survey released in March 1998
revealed that 89% of Web sites collected personal information about
children, yet only 24% posted privacy policies and merely 1% requested
that children receive parental consent before disclosing their
information.
   
The FTC's press release about its children online privacy regulations
is available at:
   
      http://www.ftc.gov/opa/1999/9910/childfinal.htm
   
The FTC's rules (PDF) governing children online privacy are available
at:
   
      http://www.ftc.gov/os/1999/9910/childrensprivacy.pdf
   
=======================================================================
[3] EPIC Submits Comments for Online Profiling Workshop
=======================================================================
   
EPIC has submitted comments and a formal request for participation to
the Federal Trade Commission (FTC) and the U.S. Department of Commerce
National Telecommunications and Information Administration (NTIA) for
an upcoming public workshop on "online profiling".
   
On November 8, the FTC and NTIA will hold a public workshop on online
profiling -- "the practice of aggregating information about consumers'
preferences and interests, gathered primarily by tracking their
movements online, and using the resulting consumer profiles to create
targeted advertising on Web sites."  The workshop will consist of
three panels encompassing: (1) the development of technology that
facilitates online profiling, (2) the implications of online profiling
for consumer privacy, and (3) the consequences of industry
self-regulation on protection of data obtained through online
profiling.  The workshop is open to the public although the NTIA does
encourage voluntary registration.  Over the past couple of weeks, the
FTC and NTIA have also been accepting and posting public comment on
these issues.
   
EPIC has requested participation in the third panel -- industry
self-regulation and its impact on privacy concerns about online
profiling.  In the comments, EPIC argues that online profiling gives
companies an unprecedented ability to record and track consumer
behavior at a detailed and personal level.  Furthermore, online
profiling is an industry practice that occurs without the knowledge or
consent of most consumers.  Considering the invasive quality of the
information collected, the secrecy under which the practice operates,
and the lack of adequate legal protection of personal data in the
hands of private businesses -- self-regulation will ultimately give
companies valuable personal information with no ability on the part of
individuals to control the ultimate use of that data.
   
For more information about the online profiling workshop and to view
comments, including those submitted by EPIC:
   
      http://www.ntia.doc.gov/ntiahome/privacy/index.html or
   
      http://www.ftc.gov/bcp/profiling/index.htm
   
EPIC's comments (PDF) are also available at:
   
      http://www.epic.org/privacy/internet/Online_Profiling_Workshop.PDF
   
=======================================================================
[4] State of First Amendment -- First Amendment Center Survey
=======================================================================
   
A survey released by the First Amendment Center reveals that support
for Internet free speech has increased over the past two years,
although a majority of Americans favor restrictions on online content.
The findings are part of an annual survey sponsored by the First
Amendment Center at Vanderbilt University that measures public
attitudes toward freedom of speech, press and religion, and the rights
of assembly and petition.
   
Sixty-four percent of survey respondents said that the Internet should
enjoy the same protection as printed speech, a rise in 8 percentage
points from the 56% who answered similarly in the 1997 survey.
Overall, public attitude still remains uncomfortable about free speech
online.  Only 24% of respondents agreed that sexually explicit
material should be permitted on the Internet.  Fifty-eight percent of
respondents responded that libraries should restrict access to certain
Internet sites that might offend some people.  Fifty-eight percent
also said that the government should play a role in developing a
system to rate online content.
   
In general, survey respondents expressed support for freedom of
speech.  The percentage who declared that Americans have too little
free speech rose from 18% in 1997 to 26% in 1999.  Exactly half of the
respondents said they believe speech freedom is the most important
freedom -- the same result was obtained in the 1997 survey.
   
The Center for Survey Research and Analysis at the University of
Connecticut conducted the survey through telephone interviews of 1,001
adults, ages 18 or older, between February 26 and March 24, 1999.  The
margin of error is plus or minus 3 percentage points.
   
Additional information about the survey is available at:
   
      http://www.freedomforum.org/first/sofa/1999/welcome.asp
   
=======================================================================
[5] Model State Public Health Privacy Act Now Available
=======================================================================
   
The Model State Public Health Privacy Project (MSPHPP) has completed a
final draft of its model state law for the protection of public health
information.
   
The MSPHPP brought together the Center for Disease Control (CDC), the
Council of State and Territorial Epidemiologists (CSTE), the
Association of State and Territorial Health Officials (ASTHO), the
National Conference of State Legislatures (NCSL), and the Georgetown
University Law Center (GULC) for the purpose of developing a model
state law addressing privacy and confidentiality issues arising from
the collection, use, and dissemination of health information by public
health departments with special attention paid to records about
HIV/AIDS status.  The protection of records about HIV/AIDS status are
particularly important given that all states require reporting of AIDS
status and thirty-one require some reporting about HIV status.
   
Now that the model state law has been completed, the MSPHPP seeks to
circulate it among legislators and public health agencies at the
local, state, and federal levels.
   
State medical privacy laws play an increasingly important role given
recent inability of the federal government to draft federal protection
for health records.  By missing the self-imposed deadline of August 21
to draft a medical privacy law, Congress triggered a previously passed
mandate requiring the Department of Health and Human Services to start
work on federal regulations -- which do not have the same legal weight
as legislation.
   
More information about MSPHPP and the draft of the model state law are
available at:
   
      http://www.critpath.org/msphpa/privacy.htm
   
EPIC's archive on medical privacy can be viewed at:
   
      http://www.epic.org/privacy/medical
   
=======================================================================
[6] Privacy International's Big Brother Awards
=======================================================================
   
The Second Annual Big Brother Awards were presented in London on
October 18.  The awards, annually distributed by the UK-based
Privacy International, are given to those individuals or parties that
"have done the most to destroy personal privacy in Britain."  The
"winners" of the Big Brother Award receive a trophy in the shape of a
boot stamping on a human head.  On the same night, the ceremony gives
out "Winstons," in honor of Winston Smith -- hero of George Orwell's
1984, to those have done the most to protect privacy.
   
The winners of the Big Brother Awards include the Home Office for the
"Lifetime Menace Award", Jack Straw as the "Worst Public Servant",
Experian for "Most Invasive Company", the Borders Police as the "Most
Heinous Goverment Organisation", and RACAL for the "Most Appalling
Project."  Recipients of the Winston include Duncan Campbell, Tony
Bunyan, Clive Norris and Gary Armstrong, David Burke, and Fleur
Fisher.
   
For more information about the awards see:
   
      http://www.bigbrotherawards.org/
   
Also, for more information about Privacy International:
   
      http://www.privacyinternational.org/
   
=======================================================================
[7] EPIC Bookstore - Compilation of State and Federal Privacy Laws
=======================================================================
   
Compilation of State and Federal Privacy Laws by Robert Ellis Smith.
http://www.amazon.com/exec/obidos/ISBN=0930072111/electronicprivacA
   
The COMPILATION OF STATE AND FEDERAL PRIVACY LAWS (136 pages, 1999,
$31) is an indispensable reference book describing and citing more
than 600 laws affecting confidentiality, grouped by state in several
categories, including credit, medical, financial, electronic
surveillance, telephones, Social Security numbers, and much more.
Canada's federal and provincial laws are also described. INCLUDES
CURRENT 1999 SUPPLEMENT.
   
The full texts of major U.S. laws - including laws on telephone
solicitation, electronic surveillance, and credit bureaus - are
reprinted in full in the appendix.
   
"Recommended for all public libraries," says LIBRARY JOURNAL
   
   
EPIC Publications:
   
"The Privacy Law Sourcebook: United States Law, International Law, and
Recent Developments," Marc Rotenberg, editor (EPIC 1999). Price: $50.
http://www.epic.org/pls/
   
The "Physicians Desk Reference of the privacy world." An invaluable
resource for students, attorneys, researchers and journalists who need
an up-to-date collection of US and International privacy law, as well
as a comprehensive listing of privacy resources.
   
   
"Filters and Freedom - Free Speech Perspectives on Internet Content
Controls," David Sobel, editor (EPIC 1999). Price: $20.
http://www.epic.org/filters&freedom/
   
A collection of essays, studies, and critiques of Internet content
filtering. These papers are instrumental in explaining why filtering
threatens free expression.
   
   
"Cryptography and Liberty: An International Survey of Cryptography
Policy" Wayne Madsen and David Banisar, editors, (EPIC 1999). Price:
$15. http://www.epic.org/cryptobook99/
   
An international survey of encryption policies around the world. Survey
results show that in the vast majority of countries, cryptography may
be freely used, manufactured, and sold without restriction, with the
U.S. being a notable exception.
   
   
"Privacy and Human Rights 1999: An International Survey of Privacy Laws
and Developments" David Banisar, Simon Davies, editors, (EPIC 1999).
Price: $15. http://www.epic.org/privacy&humanrights99/
   
An international survey of the privacy and data protection laws found
in 50 countries around the globe. This report outlines the
constitutional and legal conditions of privacy protection, and
summarizes important issues and events relating to privacy and
surveillance.
   
   
Additional titles on privacy, open government, free expression,
computer security, and crypto, as well as films and DVDs can be
ordered through the EPIC Bookstore: http://www.epic.org/bookstore/
   
=======================================================================
[8] Upcoming Conferences and Events
=======================================================================
   
Network for People Conference. Department of Commerce
Telecommunications and Information Infrastructure Assistance Program
(TIIAP). November 1-2, 1999. Key Bridge Marriott Hotel. Arlington, VA.
For more information: http://www.ntia.doc.gov/otiahome/tiiap
   
Washington, D.C., USA Internet Engineering Task Force (IETF) Meeting.
November 7-12, 1999. Omni Shoreham Hotel. Washington, D.C. For more
information: http://www.ietf.org/meetings/IETF-46.html
   
Public Workshop on "Online Profiling" -- November 8, 1999. National
Telecommunications and Information Administration, Commerce and Federal
Trade Commission. For more information:
http://www.ftc.gov/bcp/profiling/index.htm
   
Consumer Privacy in the Next Decade: New Trends, Forces and Directions
and The All New Practitioner's Privacy Policy Workshop. Privacy &
American Business' Sixth Annual National Conference. November 8-10,
1999. Hyatt Regency Hotel. Arlington, VA. For more information:
ctrslr@aol.com
   
The Government's Role in Computer Surveillance and the Federal
Intrusion Detection Network (FIDNet). Association for Computing
Machinery and Stanford University. November 9, 1999. Kresge Auditorium,
Stanford University. For more information: http://www.acm.org
   
The 1999 BNA Public Policy Forum: E-Commerce and Internet Regulation.
November 15, 1999. Mayflower Hotel. Washington, D.C. For more
information: http://internetconference.pf.com/
   
Call for Papers -- Impacts of Economic Liberalization on IT Production
and Use. The Information Society. Manuscripts due November 15, 1999.
For more information: http://www.slis.indiana.edu/TIS
   
Annual Computer Security Applications Conference: Practical Solutions
to Real Security Problems. December 6-10, 1999. Radisson Resort
Scottsdale. Phoenix, Arizona. For more information:
http://www.acsac.org/
   
Integrating Government with New Technologies '99 Policy vs Technology:
Service Integration in the New Environments - A two-day Seminar and
Training Session. December 13-14, 1999. Government Conference Center.
Ottawa, Canada. For more information: http://www.rileyis.com/seminars
   
Surveillance Expo '99. December 13-15, 1999. Doubletree Hotel. Crystal
City, Virginia. For more information: http://www.rosseng.com
   
PEN/Newman's Own Eighth Annual First Amendment Award. Nominations due
December 31, 1999. For more information: http://www.pen.org
   
RSA 2000. The ninth annual RSA Data Security Conference and Expo.
January 16-20, 2000. San Jose McEnery Convention Center. San Jose, CA.
For more information: http://www.rsa.com/rsa2000/
   
=======================================================================
Subscription Information
=======================================================================
   
The EPIC Alert is a free biweekly publication of the Electronic
Privacy Information Center. A Web-based form is available for
subscribing or unsubscribing at:
   
      http://www.epic.org/alert/subscribe.html
   
To subscribe or unsubscribe using email, send email to
epic-news@epic.org with the subject: "subscribe" (no quotes) or
"unsubscribe".
   
Back issues are available at:
   
      http://www.epic.org/alert/
   
=======================================================================
About EPIC
=======================================================================
   
The Electronic Privacy Information Center is a public interest
research center in Washington, DC.  It was established in 1994 to focus
public attention on emerging privacy issues such as the Clipper Chip,
the Digital Telephony proposal, national ID cards, medical record
privacy, and the collection and sale of personal information. EPIC is
sponsored by the Fund for Constitutional Government, a non-profit
organization established in 1974 to protect civil liberties and
constitutional rights.  EPIC publishes the EPIC Alert, pursues Freedom
of Information Act litigation, and conducts policy research. For more
information, e-mail info@epic.org, http://www.epic.org or write EPIC,
666 Pennsylvania Ave., SE, Suite 301, Washington, DC 20003. +1 202 544
9240 (tel), +1 202 547 5482 (fax).
   
If you'd like to support the work of the Electronic Privacy Information
Center, contributions are welcome and fully tax-deductible.  Checks
should be made out to "The Fund for Constitutional Government" and sent
to EPIC, 666 Pennsylvania Ave., SE, Suite 301, Washington, DC 20003.
   
Your contributions will help support Freedom of Information Act and
First Amendment litigation, strong and effective advocacy for the right
of privacy and efforts to oppose government regulation of encryption
and expanding wiretapping powers.
   
Thank you for your support.
   
   ---------------------- END EPIC Alert 6.17 -----------------------
   
   
   
   
.