============================================================== @@@@ @@@@ @@@ @@@@ @ @ @@@@ @@@@ @@@@@ @ @ @ @ @ @ @ @ @ @ @ @ @@@@ @@@ @ @ @@@@@ @ @@@ @@@ @ @ @ @ @ @ @ @ @ @ @ @ @@@@ @ @@@ @@@@ @ @ @@@@ @@@@ @ @ @ ============================================================== Volume 7.08 May 2, 2000 -------------------------------------------------------------- Published by the Electronic Privacy Information Center (EPIC) Washington, D.C. http://www.epic.org ======================================================================= Table of Contents ======================================================================= [1] Administration Financial Privacy Proposal Released [2] Privacy Coalition Seeks Review of Phone Records Privacy Case [3] Intel Drops Processor Serial Numbers [4] Pending Bills Would Impact Online Speech [5] Council of Europe Releases Draft Cyber-Crime Treaty [6] Electronic Surveillance Up Again in 1999 [7] EPIC Bookstore - Censored 2000 [8] Upcoming Conferences and Events ======================================================================= [1] Administration Financial Privacy Proposal Released ======================================================================= On April 30, during an address at Eastern Michigan University, President Clinton unveiled a new Administration initiative protecting financial privacy. The proposal had been long expected, as the President had remarked on the need for greater privacy protection soon after signing the Financial Services Modernization Act into law and again in his last State of the Union address. The Financial Services Modernization Act, otherwise known as Gramm- Leach-Bliley, eliminated many of the barriers preventing mergers between securities firms, insurance companies, and other financial institutions and simultaneously threw open the doors for more sharing of personal financial information. Some of those problems are addressed in the new Clinton-Gore proposal, but other matters are still left unresolved. Perhaps the most significant loophole to be potentially closed by the proposal is the unfettered transfer of personal information from financial institutions to marketers. Under current proposed rules, consumers would not be given even an opt-out before such information was shared through joint marketing agreements. The other components of the proposal include the ability to opt-out from sharing of financial information between affiliates of a single institution; opt-in for the sharing of medical billing or payment information and consumer spending habits; a right to access and correct financial records; increased authority for the Federal Trade Commission (FTC) to assess monetary damages; increased cooperation between the FTC and State Attorney Generals in prosecuting deceptive business practices; requirements that banks provide privacy policies at the beginning of a customer relationship; and a study on public bankruptcy records that often contain a great deal of personal information. Many groups, including EPIC, have recognized that Gramm-Leach-Bliley does not offer an adequate level of privacy protection and would prefer an opt-in for personal financial information to be shared with affiliates and third parties. The full text of the proposal is still unavailable, but should be made public later this week. Whether or not the proposal succeeds in gaining the approval of Congress, the standards in Gramm-Leach-Bliley are set to go into effect later this year. A summary of the proposal is available at: http://www.whitehouse.gov/WH/New/html/20000501_4.html ======================================================================= [2] Privacy Coalition Seeks Review of Phone Records Privacy Case ======================================================================= On May 1, EPIC was joined by 14 consumer organizations and 19 law professors in a "friend of the court" brief filed with the U.S. Supreme Court urging review of a lower court decision in U.S. West v. FCC. The case, decided last year by the Tenth Circuit Court of Appeals, struck down a Federal Communications Commission (FCC) regulation that sought to protect the privacy of an individual's telephone records. The appellate court held that the regulation, which prohibited telephone companies from disclosing their customers' sensitive Consumer Proprietary Network Information (CPNI) records without first receiving opt-in permission, constituted an undue restriction on free speech in violation of the First Amendment. In their brief, EPIC and the other parties argue that the opt-in permission the regulation requires is necessary to protect an individual's right to privacy; that it is in accordance with the intention of Congress; and that it does not violate the First Amendment. Furthermore, the brief argues that the appellate opinion conflicts with the recent decision in Reno v. Condon, where the Supreme Court ruled that Congress can prohibit the disclosure of personal information by state motor vehicle departments without the individual driver's express consent. Privacy advocates and scholars regard U.S. West as an important precedent-setting case. They contend that, if allowed to stand, the lower court decision could establish a dangerous principle regarding the disclosure of personal information and the right to communications privacy. The EPIC brief is available at: http://www.epic.org/privacy/litigation/USWest/cert_pet.html ======================================================================= [3] Intel Drops Processor Serial Numbers ======================================================================= In a major victory for Internet anonymity, the world's dominant chip maker has decided to discontinue the use of Processor Serial Numbers (PSNs) in its next generation of products. The PSN, which was embedded in Intel Pentium III and Celeron chips, was extremely controversial and led to a consumer boycott led by EPIC and other privacy groups. Citing privacy concerns, Intel recently announced that its new processors, code-named Willamette and scheduled for release later this year, will no longer contain the identifiers. Since the inception of the PSN last January, privacy groups have maintained that computer users are opposed to the placement of permanent identifiers in their machines. EPIC and other organizations asked the Federal Trade Commission to investigate the practice (to date, the federal agency has not publicly commented on the matter). According to Intel VP Patrick Gelsinger, the PSN was to be used to identify users who accessed Internet web sites or chat rooms. Intel also initially stated that the technology would be used for authentication in e-commerce, which would attach the PSN to a user's real-world identity. Those objectives have apparently been abandoned. While the death of the PSN is good news for privacy and anonymity, other troubling initiatives are on the horizon. The Wall Street Journal has reported that Microsoft plans to include in future versions of the Windows operating system software that uses "biometric" devices such as fingerprint or eye scanners to authenticate users. And on the profiling front, software start-up Predictive Networks has released a product that precisely tracks online behavior and use the collected information to send targeted advertisements to individual Web surfers. More information on the Intel PSN is available at: http://www.bigbrotherinside.org/ ======================================================================= [4] Pending Bills Would Impact Online Speech ======================================================================= Congress is considering several bills that would regulate material on the Internet, two of which have attracted particular attention. The Unsolicited Electronic Mail Act (H.R. 3113) aims to curb the distribution of "spam," yet could also impede free speech and anonymity online. The bill would require unsolicited e-mail to include a subject-line label such as "ADV" (for advertisement) to "permit automatic blocking or filtering of identified messages by a recipient." The legislation would also require senders to provide valid e-mail addresses and accurate routing information so that recipients could opt-out of future mailings. Individuals who continued to receive unsolicited e-mail after requesting to be removed from a distribution list could seek damages of up to $500 per e-mail. The Unsolicited Electronic Mail Act combines the provisions of three separate anti-spam bills sponsored by Reps. Gene Gree (D-TX), Gary Mill (R-CA), and Heather Wilson (R-NM). A measure that would make it illegal to link to a page advertising drug paraphernalia with the "intent to facilitate or promote" its business is gaining ground in Congress. The Methamphetamine Anti-Proliferation Act of 1999 makes it a felony "to teach or demonstrate the manufacture of a controlled substance, or to distribute by any means information pertaining to, in whole or in part, the manufacture or use of a controlled substance" if the information is used in a crime. Advertising any information that could facilitate the sale of drug paraphernalia would also be a federal violation. Sens. Dianne Feinstein (D-CA) and Orrin Hatch (R-UT) introduced the Methamphetamine Anti-Proliferation Act of 1999 in the Senate. ======================================================================= [5] Council of Europe Releases Draft Cyber-Crime Treaty ======================================================================= A secretive international group of law enforcement officials has released a draft treaty on computer crime that would require adoption of extensive new law enforcement powers. The Committee of Experts on Crime in Cyberspace of the Council of Europe released its "Draft Convention on Cyber-crime" on April 27, following more than three years of discussions. The draft treaty would require that all participating countries adopt new laws requiring government access to encrypted information, expanding copyrights and criminalizing the possession of common security tools. It also would alter wiretapping laws in all of the countries. The treaty would also facilitate the collection of information by requiring companies that provide Internet services to collect and maintain information in case it is needed by law enforcement agencies. It would permit international access to such information by governmental authorities in different jurisdictions. Two key sections on the interception of communications are left blank in the draft. These are likely to be the most controversial sections as the drafting process continues. The current draft also contains controversial provisions mandating that every country enact laws that would require an individual to release encryption keys and unencrypted data when requested by government officials. Most countries have rejected adopting these powers over concerns about violating individuals' rights against self-incrimination. EPIC's recent "Cryptography and Liberty 2000" report found that only Malaysia and Singapore have existing laws mandating such "lawful access." The draft has been under development since 1997, but had never been publicly seen until last week. According to sources, the U.S. Department of Justice has played a significant role in the drafting process. The final draft is expected to be completed by December and will then be opened for signature. The COE is an international governmental organization made up of 41 countries in Europe, but the treaty will also be open to signature by other countries that contributed to the drafting process, including the United States, Canada, Hong Kong and Australia. The text of the draft treaty is available at: http://conventions.coe.int/treaty/en/projets/cybercrime.htm ======================================================================= [6] Electronic Surveillance Up Again in 1999 ======================================================================= The number of court-authorized wiretaps for criminal investigations rose again in 1999, continuing a 20-year trend of increased surveillance. According to a report released today by the Administrative Office of the U.S. Courts, court authorized surveillance orders were up two percent from 1998, to 1,350 in 1999. Federal wiretaps were up again by six percent in 1999, while state wiretaps declined slightly. Since the Clinton Administration came into office in 1993, federal wiretapping has increased by 33 percent. Since 1980, the total number of wiretaps has increased by 230 percent. In 1999, not a single request for a wiretap was declined by any judge in the United States. The new report also shows law enforcement's increased focus on the interception of cellular telephones and other new means of communications. Nearly half of all applications were for interceptions of electronic communications. However, prosecutors only reported seven requests for interception of e-mail and computer communications. Of the remaining interceptions, 31 percent were traditional wiretaps, and microphones only accounted for 4.5 percent of all installed surveillance. Ninety-four of the requests were for roving wiretaps; 50 percent of those were in New York State. The vast majority of the wiretap orders were issued in investigations of drug offenses. More than 72 percent were listed for narcotics cases while ten percent were for racketeering and 4.5 percent for homicide and assault. The number of days that wiretaps were in place jumped by 18 percent in 1999. Wiretaps recorded over 63,000 days of conversations of nearly 250,000 people. According to prosecutors, only 20 percent of the calls that they intercepted were actually "relevant" to a criminal investigation. The 1999 report is available at: http://www.uscourts.gov/wiretap99/contents.html More information on wiretapping, including previous reports and analysis is available at: http://www.epic.org/privacy/wiretap/ ======================================================================= [7] EPIC Bookstore -- Censored 2000: The Years Top 25 Censored Stories ======================================================================= Censored 2000: The Years Top 25 Censored Stories by Peter Phillips http://www.amazon.com/exec/obidos/ISBN=1583220232/electronicprivacA In stark contrast to the reports on the nightly news and in the daily papers, Censored 2000 reveals what is being kept from the public by a lower quality of reporting, the downsizing of newsrooms, and the media conglomerates. Ralph Nader calls it a book "that should be affixed to the bulletin boards in every newsroom across the country," and the American Journalism Review has hailed the series as "a distant early warning system for society's problems." Along with the top 25 stories, Censored 2000 focuses on the struggle to bring untold news to light, including an introduction by imprisoned journalist Mumia Abu-Jamal. ================================ EPIC Publications: "Cryptography and Liberty 2000: An International Survey of Encryption Policy," Wayne Madsen and David Banisar, editors, (EPIC 2000). Price: $20. http://www.epic.org/crypto&/ EPIC's third survey of encryption policies around the world. The results indicate that the efforts to reduce export controls on strong encryption products have largely succeeded, although several governments are gaining new powers to combat the perceived threats of encryption to law enforcement. ================================ "The Privacy Law Sourcebook: United States Law, International Law, and Recent Developments," Marc Rotenberg, editor (EPIC 1999). Price: $50. http://www.epic.org/pls/ The "Physicians Desk Reference of the privacy world." An invaluable resource for students, attorneys, researchers and journalists who need an up-to-date collection of U.S. and International privacy law, as well as a comprehensive listing of privacy resources. ================================ "Filters and Freedom - Free Speech Perspectives on Internet Content Controls," David Sobel, editor (EPIC 1999). Price: $20. http://www.epic.org/filters&freedom/ A collection of essays, studies, and critiques of Internet content filtering. These papers are instrumental in explaining why filtering threatens free expression. ================================ "Privacy and Human Rights 1999: An International Survey of Privacy Laws and Developments," David Banisar, Simon Davies, editors, (EPIC 1999). Price: $15. http://www.epic.org/privacy&humanrights99/ An international survey of the privacy and data protection laws found in 50 countries around the globe. This report outlines the constitutional and legal conditions of privacy protection, and summarizes important issues and events relating to privacy and surveillance. ================================ Additional titles on privacy, open government, free expression, computer security, and crypto, as well as films and DVDs can be ordered through the EPIC Bookstore: http://www.epic.org/bookstore/ ======================================================================= [8] Upcoming Conferences and Events ======================================================================= Entrust SecureSummit 2000. May 1-4, 2000. Hyatt Regency Dallas at Reunion. Dallas, TX. For more information: http://www.securesummit.com Online Privacy in the Global Economy. The Law & Internet Forum. University of Chicago Law School. May 3, 2000. Chicago, IL. For more information: http://home.uchicago.edu/orgs/law-internet/index.htm Call for Papers -- 16th Annual Computer Security Applications Conference. Deadline May 12, 2000. Sheraton Hotel. New Orleans, LA. December 11-15, 2000. For more information: http://www.acsac.org/ Electronic Government: New Challenges for Public Administration and Law. May 18, 2000. Center for Law, Public Administration, and Informatization of Tilburg University, Netherlands. For more information: http://schoordijk.kub.nl/crbi/egov/ Shaping the Network: The Future of the Public Sphere in Cyberspace. Computer Professionals for Social Responsibility (CPSR). May 20-23, 2000. Seattle, WA. For more information: http://www.scn.org/cpsr/diac-00 New Millennium, New Horizons: Marketing and Public Policy Conference 2000. American Marketing Association. June 1-3, 2000. Marriott Metro Center. Washington, DC. For more information: http://www.ama.org/events/ First Annual Institute on Privacy Law: Strategies for Legal Compliance in a High Tech and Changing Regulatory Environment. Practicing Law Institute. June 22-23, 2000. PLI Conference Center. New York, NY. For more information: http://www.pli.edu Telecommunications: The Bridge to Globalization in the Information Society. Biennial Conference of the International Telecommunications Society. July 2-5, 2000. For more information: http://www.its2000.org.ar First International Hackers Forum. The Green Planet. August 18-20, 2000. Zaporozhye, Ukraine. For more information: http://www.geocities.com/hack_forum KnowRight 2000 - InfoEthics Europe. Austrian Computer Society and UNESCO. September 26-29, 2000. Vienna, Austria. For more information: http://www.ocg.at/KR-IE2000.html Privacy2000: Information and Security in the Digital Age. October 31- November 1, 2000. Adam's Mark Hotel. Columbus, Ohio. For more information: http://www.privacy2000.org Privacy: A Social Research Conference. New School University. October 5-7, 2000. New York, NY. For more information: http://www.newschool.edu/centers/socres/privacy/ ======================================================================= Subscription Information ======================================================================= The EPIC Alert is a free biweekly publication of the Electronic Privacy Information Center. A Web-based form is available for subscribing or unsubscribing at: http://www.epic.org/alert/subscribe.html To subscribe or unsubscribe using email, send email to epic-news@epic.org with the subject: "subscribe" (no quotes) or "unsubscribe". Back issues are available at: http://www.epic.org/alert/ ======================================================================= About EPIC ======================================================================= The Electronic Privacy Information Center is a public interest research center in Washington, DC. It was established in 1994 to focus public attention on emerging privacy issues such as the Clipper Chip, the Digital Telephony proposal, national ID cards, medical record privacy, and the collection and sale of personal information. EPIC is sponsored by the Fund for Constitutional Government, a non-profit organization established in 1974 to protect civil liberties and constitutional rights. EPIC publishes the EPIC Alert, pursues Freedom of Information Act litigation, and conducts policy research. For more information, e-mail info@epic.org, http://www.epic.org or write EPIC, 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009. +1 202 483 1140 (tel), +1 202 483 1248 (fax). If you'd like to support the work of the Electronic Privacy Information Center, contributions are welcome and fully tax-deductible. Checks should be made out to "The Fund for Constitutional Government" and sent to EPIC, 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009. Your contributions will help support Freedom of Information Act and First Amendment litigation, strong and effective advocacy for the right of privacy and efforts to oppose government regulation of encryption and expanding wiretapping powers. Thank you for your support. ---------------------- END EPIC Alert 7.08 ----------------------- .