============================================================== @@@@ @@@@ @@@ @@@@ @ @ @@@@ @@@@ @@@@@ @ @ @ @ @ @ @ @ @ @ @ @ @@@@ @@@ @ @ @@@@@ @ @@@ @@@ @ @ @ @ @ @ @ @ @ @ @ @ @@@@ @ @@@ @@@@ @ @ @@@@ @@@@ @ @ @ ============================================================== Volume 7.03 February 22, 2000 -------------------------------------------------------------- Published by the Electronic Privacy Information Center (EPIC) Washington, D.C. http://www.epic.org ======================================================================= Table of Contents ======================================================================= [1] EPIC Complaint Focuses Attention on DoubleClick and Privacy [2] Michigan Community Targeted by Filtering Proponents [3] EPIC Testifies on Data Protection before European Parliament [4] Consumer Groups Shed Light on Privacy Aspects of Mergers [5] Proposed Financial Privacy Rules Released [6] President Issues Executive Order on Genetic Privacy [7] EPIC Bookstore -- EPIC Publications [8] Upcoming Conferences and Events ======================================================================= [1] EPIC Complaint Focuses Attention on DoubleClick and Privacy ======================================================================= The information practices of DoubleClick, the leading Internet advertising firm, have moved online privacy issues to the forefront of public attention. On February 10, EPIC filed a formal complaint against the company with the Federal Trade Commission (FTC). The complaint alleges that DoubleClick is unlawfully tracking the online activities of Internet users and combining surfing records with detailed personal profiles contained in a national marketing database. EPIC asked the FTC to investigate the practices of the company, to destroy all records wrongfully obtained, to invoke civil penalties, and to enjoin the firm from violating the Federal Trade Commission Act. DoubleClick recently revealed that the FTC has notified the firm that it is "conducting an informal inquiry into our business practices to determine whether, in collecting and maintaining information concerning Internet users, we have engaged in unfair or deceptive practices." The company also disclosed that it is being investigated by the New York Attorney General's office and has been named in six separate lawsuits concerning its information collection activities. The Attorney General of Michigan has also announced her intention to file suit against the company. The EPIC complaint, and the other proceedings, follow the recent merger of DoubleClick and Abacus Direct, the country's largest catalog database firm. DoubleClick has announced its intention to combine anonymous Internet profiles in the DoubleClick database with the personal information contained in the Abacus database. EPIC's complaint alleges that DoubleClick's merger of the two databases violates the companies' assurances that the information it collects on Internet users would remain anonymous, and that the data collection was therefore unfair and deceptive. EPIC also charges that the company has failed to follow its revised privacy policy and that this is also unfair. The FTC investigation of DoubleClick is likely to be a critical test of the current state of privacy protection in the United States. It may determine, for instance, whether companies that break their promises and collect personal information in an unfair and deceptive manner will be held accountable. Because much of the information collection that occurs on the Internet is invisible to the consumer, it raises serious questions of fairness and informed consent. The text of EPIC's complaint against DoubleClick is available online at: http://www.epic.org/privacy/internet/DCLK_complaint.pdf Background information on the DoubleClick/Abacus merger, including links to coverage of the recent controversy, is available at: http://www.epic.org/doubletrouble/ ======================================================================= [2] Michigan Community Targeted by Filtering Proponents ======================================================================= Citizens of Holland, Michigan are today voting on a ballot measure that would require the city to withhold funding to the district library unless the library installs Internet filtering software on its public computers. The referendum campaign has been financed by the American Family Association, a conservative religious group based in Mississippi. The group has been running television ads urging Holland voters to "Send America a Message" and "Vote 'Yes' on Internet Filters." Presidential candidate Sen. John McCain (R-AZ) endorsed the Internet filter measure during a campaign visit to Holland last month. McCain, chairman of the Senate Commerce Committee, has long been an advocate of mandatory Internet filters in public schools and libraries (see EPIC Alert 6.10). The ballot measure has also been endorsed by McCain's rivals in today's Michigan primary, Texas Gov. George W. Bush and Alan Keyes. Significantly, the filtering referendum is opposed by Holland Mayor Al McGeehan and other city officials, many of whom describe themselves as "conservatives." Opponents of the measure resent the involvement of "outside agitators," and cite the potential financial and legal ramifications that would follow a "yes" vote. Without Holland's contribution to the regional library's budget, the library would default on a construction loan used to build the new library a year ago. Such a default would destroy the community's bond rating. Opposition is being coordinated by an ad-hoc local group, Families for Internet Access, which has mounted its door-to-door educational campaign with less than $2,500 in local donations. The filtering advocates have received $45,000 in donations (much of it from outside interest groups) to finance television spots, direct mail and telephone canvassing. Additional information on mandatory Internet filtering is available at the Internet Free Expression Alliance website: http://www.ifea.net ======================================================================= [3] EPIC Testifies on Data Protection before European Parliament ======================================================================= The European Parliament Committee on Citizens' Freedoms and Rights, Justice and Home Affairs, along with the Committee on Legal Affairs and the Internal Market, is currently holding hearings on the "European Union and Data Protection." EPIC Executive Director Marc Rotenberg will be presenting testimony on the current state of data protection in the United States. The hearings will touch on several issues relating to privacy protection in the European Union, including implementation of the EU Data Protection Directive, the ongoing Safe Harbor negotiations, and the ECHELON surveillance network. EPIC's testimony largely addresses the failure of self-regulation in the United States to adequately protect consumer privacy on the Internet. The testimony also supports legally enforceable privacy protection and adoption of privacy enhancing techniques as necessary for the continued protection of the fundamental right of privacy in the information society. The text of EPIC's testimony before the European Parliament is available at: http://www.epic.org/privacy/intl/EP_testimony_0200.html More information about the European Parliament hearing on the "European Union and Data Protection" is available at: http://www.europarl.eu.int/dg2/hearings/20000222/libe/ en/default.htm ======================================================================= [4] Consumer Groups Shed Light on Privacy Aspects of Mergers ======================================================================= On February 15, the Trans Atlantic Consumer Dialogue (TACD), a coalition of over sixty American and European consumer groups, called on U.S. and EU officials to halt the America Online-Time Warner merger until consumer privacy concerns have been adequately addressed. The proposed multimedia merger would combine records from America Online's 20 million subscribers and Time Warner's customer base of over 65 million households. The TACD resolution notes that neither company has a stellar record on consumer privacy. Furthermore, the value of the information in the hands of the merged company should not be overlooked: The combined databases of the two firms would likely produce the most detailed records on consumers ever assembled, from favorite television programs to book purchases to associations with religious organizations and even political preferences. In addition to its recommendation that approval of the merger be conditioned on the provision of privacy safeguards, the TACD also urges the United States to adopt a comprehensive privacy law that would apply in these situations. The coalition also recommends that the Safe Harbor negotiators consider the consequences of such mergers in the course of future discussions, and that both the U.S. and the EU consider legal mechanisms to protect privacy in future mergers. The TACD "Resolution on the Merger of America Online and Time Warner and Privacy Protection in the Interactive Broadband Environment" is available at: http://www.tacd.org/ecommercef.html#aolmerge For more information about the TACD and other resolutions concerning consumer protection in electronic commerce: http://www.tacd.org/ ======================================================================= [5] Proposed Financial Privacy Rules Released ======================================================================= On February 3, the Office of the Comptroller of the Currency, the Board of Governors of the Federal Reserve System, the Federal Deposit Insurance Corporation, and the Office of Thrift Supervision issued a joint notice of proposed rulemaking on financial privacy. The rules will implement the privacy provisions of the Financial Services Modernization Act (also known as Gramm-Leach-Bliley). The Act eliminated many federal barriers to mergers between various financial institutions, including banks, securities firms and insurers. Importantly, Gramm-Leach-Bliley will establish some limits on disclosure of personal financial information in the hands of these businesses. Many consumer groups, including EPIC, US PIRG, Consumers Union, and the Consumer Federation of America, have found the privacy provisions of the Financial Services Modernization Act inadequate, especially considering the mergers that will take place after the law goes into effect. Also, President Clinton noted the need for greater protections over financial information than those offered by the bill when he signed it into law. Comments on the proposed rules are due on March 31. Copies of the proposed rules and instructions for filing comments can be downloaded in PDF format from: http://www.occ.ustreas.gov/ftp/regs/npr0203.pdf ======================================================================= [6] President Issues Executive Order on Genetic Privacy ======================================================================= Following-up on a proposal made in his State of the Union Address, President Clinton issued an Executive Order on February 8 prohibiting federal agencies from using genetic information in decisions concerning employment. The Executive Order would cover roughly 2.8 million citizens working for the federal government. The Executive Order does not flatly prohibit federal agencies from collecting genetic information from their employees. Such information can be collected in certain instances but will be stored as part of confidential medical records. In the press release accompanying the Executive Order, the President also expressed his support for similar legislative proposals that would apply to the private sector. The Genetic Information Nondiscrimination in Health Insurance and Employment Act of 1999 introduced in the Senate (S.1322) by Sen. Tom Daschle (D-SD) and in the House of Representatives (H.R.2457) by Rep. Louise Slaughter (D-NY) would extend similar protections to non-government workplaces. The President's Executive Order is available at: http://www.pub.whitehouse.gov/uri-res/I2R?urn:pdi:// oma.eop.gov.us/2000/2/8/8.text.1 The accompanying press release can be found at: http://www.pub.whitehouse.gov/uri-res/I2R?urn:pdi:// oma.eop.gov.us/2000/2/9/2.text.1 ======================================================================= [7] EPIC Bookstore -- EPIC Publications ======================================================================= EPIC Publications: "The Privacy Law Sourcebook: United States Law, International Law, and Recent Developments," Marc Rotenberg, editor (EPIC 1999). Price: $50. http://www.epic.org/pls/ The "Physicians Desk Reference of the privacy world." An invaluable resource for students, attorneys, researchers and journalists who need an up-to-date collection of U.S. and International privacy law, as well as a comprehensive listing of privacy resources. ================================ "Filters and Freedom - Free Speech Perspectives on Internet Content Controls," David Sobel, editor (EPIC 1999). Price: $20. http://www.epic.org/filters&freedom/ A collection of essays, studies, and critiques of Internet content filtering. These papers are instrumental in explaining why filtering threatens free expression. ================================ "Cryptography and Liberty: An International Survey of Cryptography Policy" Wayne Madsen and David Banisar, editors, (EPIC 1999). Price: $15. http://www.epic.org/cryptobook99/ An international survey of encryption policies around the world. Survey results show that in the vast majority of countries, cryptography may be freely used, manufactured, and sold without restriction, with the U.S. being a notable exception. ================================ "Privacy and Human Rights 1999: An International Survey of Privacy Laws and Developments" David Banisar, Simon Davies, editors, (EPIC 1999). Price: $15. http://www.epic.org/privacy&humanrights99/ An international survey of the privacy and data protection laws found in 50 countries around the globe. This report outlines the constitutional and legal conditions of privacy protection, and summarizes important issues and events relating to privacy and surveillance. ================================ Additional titles on privacy, open government, free expression, computer security, and crypto, as well as films and DVDs can be ordered through the EPIC Bookstore: http://www.epic.org/bookstore/ ======================================================================= [8] Upcoming Conferences and Events ======================================================================= Privacy, Security & Confidentiality of Medical Records 2000: Complying With New HIPAA Regulations. NonProfit Management. One Day Seminars. Various Locations and Times. For more information: http://www.nonprofitmgt.com/privacy Federal Trade Commission Advisory Committee on Online Privacy and Security. Series of Meetings. Federal Trade Commission Headquarters. Washington, D.C. For more information: http://www.ftc.gov/acoas/ Financial Cryptography '00. International Financial Cryptography Association. February 21-24, 2000. InterIsland Hotel. Anguilla, British West Indies. For more information: http://fc00.ai/ The New Wave of Privacy Protection in Canada. BC Freedom of Information and Privacy Association and Riley Information Services. March 9-10, 2000. Hotel Vancouver. Vancouver, British Columbia. For more information: http://www.rileyis.com HIPAA Security and Privacy Requirements: A How To Blueprint for Compliance. MIS Training Institute. Two-day Seminars. Various Locations and Times. For more information: http://www.misti.com Entrust SecureSummit 2000. May 1-4, 2000. Hyatt Regency Dallas at Reunion. Dallas, Texas. For more information: http://www.securesummit.com Shaping the Network: The Future of the Public Sphere in Cyberspace. Computer Professionals for Social Responsibility (CPSR). Call for Papers -- Abstracts Due February 15. May 20-23, 2000. Seattle, Washington. For more information: http://www.scn.org/cpsr/diac-00 Telecommunications: The Bridge to Globalization in the Information Society. Biennial Conference of the International Telecommunications Society. July 2-5, 2000. For more information: http://www.its2000.org.ar KnowRight 2000 - InfoEthics Europe. Austrian Computer Society and UNESCO. Call for Papers -- Due March 3. September 26-29, 2000. Vienna. For more information: http://www.ocg.at/KR-IE2000.html Privacy2000: Information and Security in the Digital Age. November 29, 2000. Adam's Mark Hotel. Columbus, Ohio. For more information: http://www.privacy2000.org ======================================================================= Subscription Information ======================================================================= The EPIC Alert is a free biweekly publication of the Electronic Privacy Information Center. A Web-based form is available for subscribing or unsubscribing at: http://www.epic.org/alert/subscribe.html To subscribe or unsubscribe using email, send email to epic-news@epic.org with the subject: "subscribe" (no quotes) or "unsubscribe". Back issues are available at: http://www.epic.org/alert/ ======================================================================= About EPIC ======================================================================= The Electronic Privacy Information Center is a public interest research center in Washington, DC. It was established in 1994 to focus public attention on emerging privacy issues such as the Clipper Chip, the Digital Telephony proposal, national ID cards, medical record privacy, and the collection and sale of personal information. EPIC is sponsored by the Fund for Constitutional Government, a non-profit organization established in 1974 to protect civil liberties and constitutional rights. EPIC publishes the EPIC Alert, pursues Freedom of Information Act litigation, and conducts policy research. For more information, e-mail info@epic.org, http://www.epic.org or write EPIC, 666 Pennsylvania Ave., SE, Suite 301, Washington, DC 20003. +1 202 544 9240 (tel), +1 202 547 5482 (fax). If you'd like to support the work of the Electronic Privacy Information Center, contributions are welcome and fully tax-deductible. Checks should be made out to "The Fund for Constitutional Government" and sent to EPIC, 666 Pennsylvania Ave., SE, Suite 301, Washington, DC 20003. Your contributions will help support Freedom of Information Act and First Amendment litigation, strong and effective advocacy for the right of privacy and efforts to oppose government regulation of encryption and expanding wiretapping powers. Thank you for your support. ---------------------- END EPIC Alert 7.03 ----------------------- .