============================================================== @@@@ @@@@ @@@ @@@@ @ @ @@@@ @@@@ @@@@@ @ @ @ @ @ @ @ @ @ @ @ @ @@@@ @@@ @ @ @@@@@ @ @@@ @@@ @ @ @ @ @ @ @ @ @ @ @ @ @@@@ @ @@@ @@@@ @ @ @@@@ @@@@ @ @ @ ============================================================== Volume 7.13 July 12, 2000 -------------------------------------------------------------- Published by the Electronic Privacy Information Center (EPIC) Washington, D.C. http://www.epic.org/alert/EPIC_Alert_7.13.html ======================================================================= Table of Contents ======================================================================= [1] FBI's Carnivore Gobbles Lots of E-Mail [2] FTC Attempts to Block Sale of Toysmart Customer Lists [3] New Internet Democracy Project To Focus on ICANN [4] European Parliament Adopts Resolution on Safe Harbor [5] Supreme Court to Review Constitutionality of Wiretap Laws [6] Survey Conducted on the State of First Amendment [7] EPIC Bill-Track: New Bills in Congress [8] Upcoming Conferences and Events ======================================================================= [1] FBI's Carnivore Gobbles Lots of E-Mail ======================================================================= Recent press reports confirm the roll-out of a new Federal Bureau of Investigation (FBI) system called Carnivore, which is designed to covertly search electronic mail messages to and from targeted criminal suspects, but could also compromise the privacy of millions of Internet users. The system, which is installed directly into an Internet service provider's network, reportedly can scan millions of messages each second. The FBI recently demonstrated the Carnivore system to telecommunications industry representatives, many of whom are disturbed by the prospect of having the invasive technology installed on their internal systems and administered by federal agents. Public details concerning Carnivore's capabilities are sketchy. The existence of the system was first revealed by attorney Robert Corn-Revere in Congressional testimony in April. He described a case in which government agents sought to install Carnivore on the system of an ISP he represented. Published reports suggest that the system could give the government the ability to intercept the communications of all of an ISP's customers, not just those of a targeted criminal suspect. Even when programmed to obtain only the communications of a suspect, Carnivore would enable government agents to intercept the actual content of e-mail messages without first making a showing of probable cause as required by the Fourth Amendment and federal wiretap statutes. Armed just with a pen register or trap and trace order, which authorizes only the collection of information identifying the senders and recipients of e-mail messages, Carnivore would enable agents to receive the entire communication. The deployment of Carnivore is just the latest indication that legal protections have failed to keep pace with advancing surveillance technology. The existing wiretap statutes, which were drafted with telephones in mind and amended in 1986 to apply to electronic communications, do not adequately address many of the realities of the Internet. For that reason, it is likely that Congress will review the use of Carnivore and consider the need for updating the relevant federal laws. House Majority Leader Dick Armey today called on Attorney General Janet Reno and FBI Director Louis Freeh to address the privacy concerns raised by the Carnivore system. There is also a need for public disclosure of the capabilities of Carnivore and other intrusive new technologies being used by law enforcement investigators. EPIC has submitted a Freedom of Information Act request to the FBI seeking the release of information on Carnivore and related technologies. Robert Corn-Revere's testimony on Carnivore is available at: http://www.house.gov/judiciary/corn0406.htm ======================================================================= [2] FTC Attempts to Block Sale of Toysmart Customer Lists ======================================================================= On July 10, the Federal Trade Commission (FTC) unanimously decided to file a complaint against Toysmart.com, a failed online retailer trying to sell its customer lists. Earlier this year, Toysmart, the 24th most popular Web site last December, ran out of money and began selling its assets. In early June, the company advertised in the Wall Street Journal that it was selling its property -- including its customer lists. Toysmart's privacy policy, licensed by TRUSTe, stated that "Personal information, voluntarily submitted by visitors to our site, such as name, address, billing information and shopping preferences, is never shared with a third party." TRUSTe learned of Toysmart's attempt to sell its customer lists and asked the FTC to investigate. The Federal Trade Commission's complaint argues that Toysmart has violated the FTC Act by deceptively claiming that its customers' personal data would never be disclosed to a third party and by subsequently attempting to sell those databases. The lists may also contain information about children's names and birthdates, in addition to the names and mailing addresses of customers. The Federal Trade Commission's complaint against Toysmart is available at: http://www.ftc.gov/os/2000/07/toysmartcmp.htm ======================================================================= [3] New Internet Democracy Project To Focus on ICANN ======================================================================= On July 6, EPIC, the ACLU and Computer Professionals for Social Responsibility (CPSR) launched the Internet Democracy Project. One of the Project's first events will be a Forum on Civil Society and ICANN that will take place on July 13, prior to the July 13-17 ICANN meetings in Yokohama, Japan. The Forum will present the perspective of civil society and present issues concerning the upcoming ICANN At-Large elections. A statement of guiding values for ICANN, already signed by representatives of organizations around the world, will be circulated and discussed. The Forum will be co-hosted by the Non-Commercial Domain Name Holders Constituency (NCDNHC) of the ICANN Domain Name Supporting Organization. The Internet Democracy Project is also encouraging Internet users to register for the first ICANN At-Large elections in October. Registration for the elections will close at the end of July. While encouragement of public involvement in ICANN will be the first goal for the Internet Democracy Project, the Project will focus on other entities and issues that may affect the future development of the Internet. The homepage of the Internet Democracy Project, with information about the Yokohama Forum on Civil Society and ICANN, is available at: http://www.internetdemocracyproject.org/ Information about the Internet Corporation for Assigned Names and Numbers and registration for the upcoming At-Large elections is available at: http://www.icann.org/ ======================================================================= [4] European Parliament Adopts Resolution on Safe Harbor ======================================================================= On July 5, the European Parliament adopted a resolution criticizing the preliminary decision of the European Commission to accept the latest Safe Harbor proposal. The report, drafted by the European Parliament Committee on Citizens' Freedoms and Rights, Justice and Home Affairs, argues that the agreement needs to be re-negotiated to provide better protection for the personal information of European citizens when processed by U.S. companies. The resolution stresses in particular the need for an individual right of appeal to an independent public body, a right to compensation for privacy infringements, clear guidelines for redress, and a review of the system within six months of its implementation. It also notes that Safe Harbor will only protect personal data from EU citizens, will only apply to companies overseen by the Federal Trade Commission and Department of Transportation (excluding the financial and telecommunications sectors) and carves out exceptions for public records information protected by EU law. Under EU law, the European Commission is not bound by the decision of the European Parliament. However, it may be subject to sanctions by the Parliament if it fails to re-negotiate the agreement in accordance with the resolution. The European Parliament resolution is available at: http://www.epic.org/privacy/intl/EP_SH_resolution_0700.html EPIC's Testimony before the European Parliament on Privacy and Data Protection (February 2000): http://www.epic.org/privacy/intl/EP_testimony_0200.html ======================================================================= [5] Supreme Court to Review Constitutionality of Wiretap Laws ======================================================================= On June 26, the Supreme Court decided to review a federal appellate decision which held that portions of the federal wiretap law are unconstitutional. In Bartnicki v. Vopper, the U.S. Third Circuit Court of Appeals concluded that an individual can lawfully distribute information that he or she knew, or had reason to know, was obtained through the illegal interception of a telephone call. The Court reasoned that provisions of the wiretap law that prohibit the disclosure of illegally obtained information violate the First Amendment and have a chilling effect on free speech. In an almost identical case, the D.C. Circuit Court of Appeals reached the opposite conclusion. In Boehner v. McDermott, the D.C. Circuit held that punishing the disclosure of an illegally intercepted conversation does not conflict with the Constitution. In a provocative analysis, the court noted the importance of preserving the privacy of cellular communications by finding that the wiretap laws do not restrict, but rather promote, free speech by removing the fear of unlawful eavesdropping. In light of these conflicting opinions, the Supreme Court decided to review the Third Circuit's decision in Bartnicki v. Vopper. The outcome of this case is likely to have a significant impact on the boundaries of free speech and the development of privacy rights in the digital age. In other litigation activity, EPIC recently filed an amicus brief with the Second Circuit in a telephone privacy case (Conboy v. AT&T), arguing that the lower court erred in concluding that consumers did not suffer any compensable damages when their unlisted phone number, billing address and billing information were disclosed without their consent. Background information about Bartnicki v. Vopper is available at: http://www.epic.org/privacy/litigation/bartnicki_vopper/ EPIC's amicus brief in Conboy v. AT&T is available at: http://www.epic.org/privacy/consumer/conboy_brief.html ======================================================================= [6] Survey Conducted on the State of First Amendment ======================================================================= According to the 2000 State of the First Amendment survey, many Americans, while theoretically in support of the First Amendment and its protections, are willing to temper some of those fundamental rights when confronted with offensive or controversial speech. In the survey of 1015 adults, sixty-three percent of the respondents were willing to place restrictions on racially offensive speech in public and fifty-three would support similar restrictions on religiously offensive speech. However, only thirty-six percent would support passing a law that actually forbade such speech. Opinions about freedom of the press were also surveyed, with only sixty-seven percent supporting the right of the press to report or publish what they thought was appropriate. In addition, forty percent of respondents replied that they believed the press had too much freedom. Respondents' views on Internet speech were mixed. While seventy-four percent theoretically supported treating online and offline speech the same, fifty-eight percent would agree to restricting sexually explicit materials on the Internet, and forty-two percent would support restricting racially offensive speech, even though such speech is protected in books and magazines. Additionally, while fifty-three percent of people surveyed would support blocking access to offensive Internet sites on public computers accessible to children, thirty-four percent of people surveyed would also be in favor of blocking all library access to offensive sites, regardless of a user's age. State of the First Amendment 2000 is available from the Freedom Forum: http://www.freedomforum.org/newsstand/reports/sofa4/printsofa4.asp ======================================================================= [7] EPIC Bill-Track: New Bills in Congress ======================================================================= *House* H.R.3770. Secure Online Communication Enforcement Act of 2000. Seeks to establish opt-in for all personal information collected online. Sponsor: Rep Jackson, Jesse L., Jr. (D-IL). Referred to the Subcommittee on Crime. H.R.4049. Privacy Commission Act. Would establish the Commission for the Comprehensive Study of Privacy Protection. Sponsor: Rep Hutchinson, Asa (R-AR). Referred to Committee on Government Reform. H.R.4059. Online Privacy and Disclosure Act. Creates voluntary system by which companies would agree to abide by privacy principles and display a seal overseen by the Federal Trade Commission. Sponsor: Rep Campbell, Tom (R-CA). Referred to the Subcommittee on Telecommunications, Trade, and Consumer Protection. H.R.4469. Child Support Distribution Act of 2000. Allows largely unregulated private child support enforcement agencies to have access to State Directory of New Hires database and other information normally available only to public agencies. Sponsor: Rep Johnson, Nancy L. (R-CT). Referred to House Education and the Workforce. H.R.4585. Medical Financial Privacy Protection Act. Amends the Gramm-Leach-Bliley Act (S.900, Financial Services Modernization Act of 1999) to include provisions governing the use of health information by financial institutions. Sponsor: Rep Leach, James A. (R-IA). Referred to House Commerce Committee. H.R.4611. Social Security Number Protection Act of 2000. Seeks to limit the sale and purchase of the social security number (also see S.2699). Sponsor: Rep Markey, Edward J. (D-MA). Referred to House Ways and Means. *Senate* S.2063. Secure Online Communication Enforcement Act of 2000. Seeks to establish opt-in for all personal information collected online. Sponsor: Sen Torricelli, Robert (D-NJ). Referred to the Committee on the Judiciary. S.2606. Consumer Privacy Protection Act. Broad privacy bill that would establish legal standards for privacy on the Internet and would increase protections for book and music purchase records. Sponsor: Sen Hollings, Ernest (D-SC). Referred to the Committee on Commerce, Science, and Transportation. S.2699. Social Security Number Protection Act of 2000. Seeks to limit the sale and purchase of the social security number (also see H.R.4611). Sponsor: Sen Feinstein, Dianne (D-CA). Read twice and referred to the Committee on Finance. EPIC Bill Track: Tracking Privacy, Speech, and Cyber-Liberties Bills in the 106th Congress, is available at: http://www.epic.org/privacy/bill_track.html ======================================================================= [8] Upcoming Conferences and Events ======================================================================= Yokohama Forum on Civil Society and ICANN Elections. Internet Democracy Project. July 13, 2000. Yokohama, Japan. For more information: http://www.internetdemocracyproject.org/ Internet Corporation for Assigned Names and Numbers (ICANN) Meetings in Yokohama. July 13-17, 2000. Yokohama, Japan. For more information: http://www.icann.org/yokohama/ State of the First Amendment. First Amendment Center. July 13, 2000. Arlington, VA. For more information: INET 2000: Internet Global Summit. Internet Society. July 18-20, 2000. Yokohama, Japan. For more information: http://www.isoc.org/inet2000 Infomediaries: Leveraging Consumer Profile Data on the Web. Institute for International Research. July 20-21, 2000. San Francisco, CA. Hyatt Regency Embarcadero Center. For more information: http://www.iir-ny.com/conference.cfm?EventID=M1185 First International Hackers Forum. The Green Planet. August 18-20, 2000. Zaporozhye, Ukraine. For more information: http://www.geocities.com/hack_forum Surveillance Expo 2000. August 28-30, 2000. Arlington, VA. For more information: http://www.surveillance-expo.com KnowRight 2000 - InfoEthics Europe. Austrian Computer Society and UNESCO. September 26-29, 2000. Vienna, Austria. For more information: http://www.ocg.at/KR-IE2000.html One World, One Privacy: 22nd Annual International Conference on Privacy and Personal Data Protection. September 28-30, 2000. Venice, Italy. For more information: http://www.dataprotection.org/ Privacy: A Social Research Conference. New School University. October 5-7, 2000. New York, NY. For more information: http://www.newschool.edu/centers/socres/privacy/ Privacy2000: Information and Security in the Digital Age. October 31- November 1, 2000. Columbus, Ohio. Adam's Mark Hotel. For more information: http://www.privacy2000.org ======================================================================= Subscription Information ======================================================================= The EPIC Alert is a free biweekly publication of the Electronic Privacy Information Center. A Web-based form is available for subscribing or unsubscribing at: http://www.epic.org/alert/subscribe.html To subscribe or unsubscribe using email, send email to epic-news@epic.org with the subject: "subscribe" (no quotes) or "unsubscribe". Back issues are available at: http://www.epic.org/alert/ ======================================================================= About EPIC ======================================================================= The Electronic Privacy Information Center is a public interest research center in Washington, DC. It was established in 1994 to focus public attention on emerging privacy issues such as the Clipper Chip, the Digital Telephony proposal, national ID cards, medical record privacy, and the collection and sale of personal information. EPIC is sponsored by the Fund for Constitutional Government, a non-profit organization established in 1974 to protect civil liberties and constitutional rights. EPIC publishes the EPIC Alert, pursues Freedom of Information Act litigation, and conducts policy research. For more information, e-mail info@epic.org, http://www.epic.org or write EPIC, 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009. +1 202 483 1140 (tel), +1 202 483 1248 (fax). If you'd like to support the work of the Electronic Privacy Information Center, contributions are welcome and fully tax-deductible. Checks should be made out to "The Fund for Constitutional Government" and sent to EPIC, 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009. Your contributions will help support Freedom of Information Act and First Amendment litigation, strong and effective advocacy for the right of privacy and efforts to oppose government regulation of encryption and expanding wiretapping powers. Thank you for your support. ======================================================================= Privacy Policy ======================================================================= The EPIC Alert mailing list is used only to mail the EPIC Alert and to send notices about EPIC activities. We do not sell, rent or share our mailing list. We also intend to challenge any subpoena or other legal process seeking access to our mailing list. We do not enhance (link to other databases) our mailing list or require your actual name. In the event you wish to subscribe or unsubscribe your email address from this list, please follow the above instructions under "subscription information". Please contact info@epic.org if you have any other questions. ---------------------- END EPIC Alert 7.13 ----------------------- .