============================================================== @@@@ @@@@ @@@ @@@@ @ @ @@@@ @@@@ @@@@@ @ @ @ @ @ @ @ @ @ @ @ @ @@@@ @@@ @ @ @@@@@ @ @@@ @@@ @ @ @ @ @ @ @ @ @ @ @ @ @@@@ @ @@@ @@@@ @ @ @@@@ @@@@ @ @ @ ============================================================== Volume 7.10 May 24, 2000 -------------------------------------------------------------- Published by the Electronic Privacy Information Center (EPIC) Washington, D.C. http://www.epic.org ======================================================================= Table of Contents ======================================================================= [1] FTC Calls for Privacy Legislation to Protect Internet Users [2] Requirement for Cable Scrambling Violates First Amendment [3] International Law Enforcement and Industry Discuss Cyber-Crime [4] EU Holds Off on Removing Barriers to Export of Crypto [5] New Financial Privacy Rules Protect Credit Header Info [6] Annenberg Research Reveals Teens Will Share Family Info [7] EPIC Bookstore - From Gutenberg to the GII [8] Upcoming Conferences and Events ======================================================================= [1] FTC Calls for Privacy Legislation to Protect Internet Users ======================================================================= On May 22, the Federal Trade Commission (FTC) released its third report on the state of online privacy protection. In a major shift in policy, a majority of the FTC Commissioners concurred with the report's finding that legislation is necessary to adequately protect consumer privacy online. On May 25, all five Commissioners will present the report and their conclusions to the Senate Commerce Committee. Also speaking at the hearing will be representatives from the privacy community and industry groups. The report, "Privacy Online: Fair Information Practices in the Electronic Marketplace", was the FTC's first in-house survey of how well privacy policies are addressing Fair Information Practices. The survey found that in a random sample of over 300 websites that collect personal information, only 20 percent discussed all four elements of the FTC's version of Fair Information Practices - notice, consent, access and security. In a sample of more popular websites, only 42 percent covered all four elements of privacy protection. In comparison to the FTC report, EPIC's last survey of privacy policies, "Surfer Beware 3: Privacy Policies without Privacy Protection", found that none of the top 100 e-commerce websites adequately provided all elements of Fair Information Practices. Based on these results and those of past studies, three of the five Commissioners agreed with the conclusion of the report that self-regulation alone would not provide adequate privacy protection. The report finds that legislation would also be needed, and the Commission is expected to present a proposal at the upcoming Commerce Committee hearing. The day after the FTC report was made public, Sen. Ernest Hollings (D-SC) introduced his bill protecting online privacy, the Consumer Privacy Protection Act. The bill has already garnered the support of other Democratic members of Congress and is expected to cover many of the legislative recommendations of the FTC. In addition, many surveys and reports continue to show strong public support for online privacy legislation. For example, the March 20 issue of BusinessWeek included a poll in which 57 percent of people surveyed supported laws governing the collection and use of personal information online while only 15 percent supported letting industry groups develop voluntary standards. The FTC's report, appendices and individual statements issued by the Commissioners are available at: http://www.ftc.gov/os/2000/05/index.htm#22 "Surfer Beware 3: Privacy Policies without Privacy Protection": http://www.epic.org/reports/surfer-beware3.html The BusinessWeek Harris Interactive poll on the public's attitudes on online privacy is available at: http://www.businessweek.com/2000/00_12/b3673010.htm ======================================================================= [2] Requirement for Cable Scrambling Violates First Amendment ======================================================================= On May 21, the U.S. Supreme Court ruled in United States v. Playboy Entertainment Inc. that a federal requirement for cable operators transmitting sexually-explicit channels was an unconstitutional content-based restriction on free speech. The law in question, enacted as part of the Communications Decency Act in 1996, required all cable operators providing channels "primarily dedicated to sexually-oriented programming" to either fully scramble those channels or to restrict their transmission to the hours when children would be unlikely to watch television. Due to high costs associated with scrambling technology, most cable operators chose to comply with the statute by limiting transmission of the programming to late night hours. The scrambling requirement was intended to protect children from hearing or seeing portions of scrambled cable programs resulting from "signal bleed" to non-subscribers. While the Supreme Court agreed that exposure to harmful and indecent materials was a legitimate problem for Congress to address, it concluded that it could have done so by less restrictive means. It continued that an alternative procedure set out in another section of the Act, by which subscribers could request a cable operator to fully scramble or otherwise fully block any channel they did not wish to receive, provided adequate content-neutral protection for subscribers without violating the First Amendment. Delivering the majority 5-4 opinion, Justice Anthony Kennedy stated that the "the objective of shielding children does not suffice to support a blanket ban if the protection can be accomplished by a less restrictive alternative". He expressed continued support for free speech concluding that "it is through speech that our personalities are formed and expressed" and that all citizens are entitled "to seek out or reject certain ideas or influences without Government interference or control". Supreme Court's opinion in U.S. v. Playboy Entertainment Group (PDF) is available at: http://www.supremecourtus.gov/opinions/99pdf/98-1682.pdf ======================================================================= [3] International Law Enforcement and Industry Discuss Cyber-Crime ======================================================================= Top law enforcement and industry officials from major industrialized countries met in Paris last week to discuss responses to cyber-crime. The meeting is a lead-up to a meeting of the Presidents and Prime Ministers of the countries in Okinawa, Japan this July. One of the primary controversies discussed at the event was a proposal that Internet Service Providers (ISPs) be required to keep logs of all of their users' activities online. Under proposals suggested at the meeting, ISPs would be required to maintain user logs for up to one year. Many industry participants were critical of this suggestion, noting the costs of maintaining the logs and the difficulty in keeping the logs secure and tamperproof for law enforcement purposes. The Council of Europe (COE) "Draft Convention on Cyber-crime" (See EPIC Alert 7.08) was also discussed. At the meeting, the French Government recommended allowing non-COE countries to sign the Convention but opposed the creation of an international cyber-force to fight cyber-crime. This conference was the first meeting held by the G-8 on the issue that included participants from outside the governments. However, only one representative from a consumer group was invited and no members of privacy or cyber-rights groups were invited. The G-8 is made up of senior government officials from France, Germany, Japan, United Kingdom, United States, Italy, Canada and Russia. A subgroup on High Tech Crime chaired by the U.S. Department of Justice has been meeting since 1997. In the end, only a weak resolution calling for more discussion and cooperation was issued. A second closed meeting of government experts was held in Tokyo this week to work on the text of a resolution that will be issued by the heads of state of the G-8 at their July meeting. More information on the G-8 and COE is available at: http://www.privacyinternational.org/issues/cybercrime/ ======================================================================= [4] EU Holds Off on Removing Barriers to Export of Crypto ======================================================================= In a surprising turn of events, European Union officials decided not to vote on a measure which would have removed all controls on the export of cryptographic technologies from European countries. The European Ministers of Foreign Affairs, meeting on May 22, withdrew the proposal from their agenda at the last minute despite widespread reports in the media that the decision to decontrol had been made and that the vote was a mere formality. If passed, the measure would have removed cryptographic technologies from the current export regime set out in the Dual Use Regulation of 1994. Under this regulation, most encryption products can only be exported to countries outside the EU upon the issuance of a special license from national authorities. European industry has always been strongly critical of this procedure, saying that it restricts their access to the global market for encryption products. There is also widespread consensus that consumers need a wider array of encryption products because of concerns that U.S. technologies may be weakened during the "technical review" stage of the current export regime, a process largely overseen by the U.S. National Security Agency. No reason for this change of heart by European ministers was given. French and British authorities expressed early reservations about the measure and officials have confirmed that the U.S. also pressured the European Union to block the decision. However, no official statement has been made. For more information about the availability of cryptography worldwide, "Cryptography & Liberty 2000: An International Survey of Encryption Policy": http://www.epic.org/bookstore/crypto&/ ======================================================================= [5] New Financial Privacy Rules Protect Credit Header Info ======================================================================= Two recent actions by the Federal Trade Commission (FTC) will provide greater protections for personal information contained in credit reports. In a recent decision concerning credit reporting agency Trans Union, the FTC found that the company was violating the Fair Credit Reporting Act (FCRA) by using personal information to construct targeted mailing lists. As part of that decision, the FTC also concluded that dates of birth -- often used as an element in determining credit-worthiness -- should also be considered as information which can be used only as specifically set out in FCRA. More recently, the FTC's portion of the new federal financial privacy rules will increase protections over credit header information. Currently, the data in the credit header (including name, mailing address, telephone number, Social Security number, and age) can be sold freely by credit reporting agencies to individual reference services and direct marketers. Under the rules, credit reporting agencies would only be able to distribute that information if the financial institution that transfers data to the agency has provided the customer with notice and the opportunity to opt-out. The FTC's opinion in Trans Union (PDF): http://www.ftc.gov/os/2000/03/transunionopinionofthecommission.pdf The FTC's final financial privacy rules (PDF): http://www.ftc.gov/os/2000/05/glb000512.pdf ======================================================================= [6] Annenberg Research Reveals Teens Will Share Family Info ======================================================================= Children are more likely than their parents to reveal personal family information online, according to a study by the Annenberg Public Policy Center of the University of Pennsylvania. While 89 percent of parents believe that the Internet is beneficial to their kids' schoolwork and 85 percent say that children find fascinating and useful information on the Internet, 74 percent of parents surveyed cited concerns about their children divulging personal information on the Web. The report showed that children could be enticed into providing information in exchange for a free gift. For example, 65 percent of the children said they would reveal the name of their favorite stores and 54 percent said they would provide the name of their parents' favorite stores in order to receive a free gift. Forty-one percent of parents and 36 percent of children said they have had tension in the home over children's release of personal information. The study also found that older kids (ages 13-17) are more likely than younger kids (ages 10-12) and boys are more likely than girls to provide sensitive family information. For example, 53 percent of boys and 37 percent of girls said it would be fine to disclose the type of car their family owns. Forty-five percent of older kids and 27 percent of younger kids responded that it would be acceptable to reveal how much allowance they receive. Thirty-nine percent of 13-17 year-old children said they have provided personal family information, and 16 percent of children ages 10-12 said they have done so. The researchers surveyed 1001 parents and 304 children between the ages of 10 and 17 during January and February 2000. The Annenberg report is available (in PDF) at: http://www.appcpenn.org/finalrepor_fam.pdf ======================================================================= [7] EPIC Bookstore - From Gutenberg to the GII ======================================================================= From Gutenberg to the Global Information Infrastructure: Access to Information in the Networked World by Christine L. Borgman http://www.amazon.com/exec/obidos/ISBN=026202473X/electronicprivacA Will the emerging global information infrastructure (GII) create a revolution in communication equivalent to that wrought by Gutenberg, or will the result be simply the evolutionary adaptation of existing behavior and institutions to new media? Will the GII improve access to information for all? Will it replace libraries and publishers? How can computers and information systems be made easier to use? What are the trade-offs between tailoring information systems to user communities and standardizing them to interconnect with systems designed for other communities, cultures, and languages? This book takes a close look at these and other questions of technology, behavior, and policy surrounding the GII. Topics covered include the design and use of digital libraries; behavioral and institutional aspects of electronic publishing; the evolving role of libraries; the life cycle of creating, using, and seeking information; and the adoption and adaptation of information technologies. The book takes a human-centered perspective, focusing on how well the GII fits into the daily lives of the people it is supposed to benefit. Taking a unique holistic approach to information access, the book draws on research and practice in computer science, communications, library and information science, information policy, business, economics, law, political science, sociology, history, education, and archival and museum studies. It explores both domestic and international issues. The author's own empirical research is complemented by extensive literature reviews and analyses. ================================ EPIC Publications: "Cryptography and Liberty 2000: An International Survey of Encryption Policy," Wayne Madsen and David Banisar, editors, (EPIC 2000). Price: $20. http://www.epic.org/crypto&/ EPIC's third survey of encryption policies around the world. The results indicate that the efforts to reduce export controls on strong encryption products have largely succeeded, although several governments are gaining new powers to combat the perceived threats of encryption to law enforcement. ================================ "The Privacy Law Sourcebook: United States Law, International Law, and Recent Developments," Marc Rotenberg, editor (EPIC 1999). Price: $50. http://www.epic.org/pls/ The "Physicians Desk Reference of the privacy world." An invaluable resource for students, attorneys, researchers and journalists who need an up-to-date collection of U.S. and International privacy law, as well as a comprehensive listing of privacy resources. ================================ "Filters and Freedom - Free Speech Perspectives on Internet Content Controls," David Sobel, editor (EPIC 1999). Price: $20. http://www.epic.org/filters&freedom/ A collection of essays, studies, and critiques of Internet content filtering. These papers are instrumental in explaining why filtering threatens free expression. ================================ "Privacy and Human Rights 1999: An International Survey of Privacy Laws and Developments," David Banisar, Simon Davies, editors, (EPIC 1999). Price: $15. http://www.epic.org/privacy&humanrights99/ An international survey of the privacy and data protection laws found in 50 countries around the globe. This report outlines the constitutional and legal conditions of privacy protection, and summarizes important issues and events relating to privacy and surveillance. ================================ Additional titles on privacy, open government, free expression, computer security, and crypto, as well as films and DVDs can be ordered through the EPIC Bookstore: http://www.epic.org/bookstore/ ======================================================================= [8] Upcoming Conferences and Events ======================================================================= EPIC Event at the National Press Club. Panels on Privacy and the Free Software Movement featuring new publications by Jeffrey Rosen, Robert Ellis Smith and Peter Wayner. June 5, 2000. Washington, DC. New Millennium, New Horizons: Marketing and Public Policy Conference 2000. American Marketing Association. June 1-3, 2000. Marriott Metro Center. Washington, DC. For more information: http://www.ama.org/events/ Chief Privacy Officer 2000. Privacy & American Business. June 5, 2000. Doyle Hotel. Washington, DC. For more information: http://www.pandab.org/ A New Intelligence System for a New Era: The Case for Reform. The Fund for Constitutional Government and the Center for International Policy. June 7, 2000. Dirksen Senate Office Building, Rm 628. Washington, DC. For more information: kturney@ciponline.org Data Sharing: Initiatives and Challenges Among Benefit and Loan Programs. United States General Accounting Office. June 7-8, 2000. Library of Congress, Jefferson Building. Washington, DC. For more information: morehousec.hehs@gao.gov First Annual Institute on Privacy Law: Strategies for Legal Compliance in a High Tech and Changing Regulatory Environment. Practicing Law Institute. June 22-23, 2000. PLI Conference Center. New York, NY. For more information: http://www.pli.edu Telecommunications: The Bridge to Globalization in the Information Society. Biennial Conference of the International Telecommunications Society. July 2-5, 2000. For more information: http://www.its2000.org.ar Successfully Managing the New Data Protection Laws. Privacy Laws & Business. July 3-5, 2000. Cambridge, England. For more information: http://www.privacylaws.com/ INET 2000: Internet Global Summit. Internet Society. July 18-20, 2000. Yokohama, Japan. For more information: http://www.isoc.org/inet2000 First International Hackers Forum. The Green Planet. August 18-20, 2000. Zaporozhye, Ukraine. For more information: http://www.geocities.com/hack_forum Surveillance Expo 2000. August 28-30, 2000. Arlington, VA. For more information: http://www.surveillance-expo.com KnowRight 2000 - InfoEthics Europe. Austrian Computer Society and UNESCO. September 26-29, 2000. Vienna, Austria. For more information: http://www.ocg.at/KR-IE2000.html Privacy: A Social Research Conference. New School University. October 5-7, 2000. New York, NY. For more information: http://www.newschool.edu/centers/socres/privacy/ Privacy2000: Information and Security in the Digital Age. October 31- November 1, 2000. Adam's Mark Hotel. Columbus, Ohio. For more information: http://www.privacy2000.org ======================================================================= Subscription Information ======================================================================= The EPIC Alert is a free biweekly publication of the Electronic Privacy Information Center. A Web-based form is available for subscribing or unsubscribing at: http://www.epic.org/alert/subscribe.html To subscribe or unsubscribe using email, send email to epic-news@epic.org with the subject: "subscribe" (no quotes) or "unsubscribe". Back issues are available at: http://www.epic.org/alert/ ======================================================================= About EPIC ======================================================================= The Electronic Privacy Information Center is a public interest research center in Washington, DC. It was established in 1994 to focus public attention on emerging privacy issues such as the Clipper Chip, the Digital Telephony proposal, national ID cards, medical record privacy, and the collection and sale of personal information. EPIC is sponsored by the Fund for Constitutional Government, a non-profit organization established in 1974 to protect civil liberties and constitutional rights. EPIC publishes the EPIC Alert, pursues Freedom of Information Act litigation, and conducts policy research. For more information, e-mail info@epic.org, http://www.epic.org or write EPIC, 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009. +1 202 483 1140 (tel), +1 202 483 1248 (fax). If you'd like to support the work of the Electronic Privacy Information Center, contributions are welcome and fully tax-deductible. Checks should be made out to "The Fund for Constitutional Government" and sent to EPIC, 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009. Your contributions will help support Freedom of Information Act and First Amendment litigation, strong and effective advocacy for the right of privacy and efforts to oppose government regulation of encryption and expanding wiretapping powers. Thank you for your support. ---------------------- END EPIC Alert 7.10 ----------------------- .