EPIC logo
   
    ==============================================================
   
        @@@@  @@@@  @@@  @@@@      @    @     @@@@  @@@@  @@@@@
        @     @  @   @   @        @ @   @     @     @  @    @
        @@@@  @@@    @   @       @@@@@  @     @@@   @@@     @
        @     @      @   @       @   @  @     @     @  @    @
        @@@@  @     @@@  @@@@    @   @  @@@@  @@@@  @   @   @
   
    ==============================================================
    Volume 8.19                                 September 25, 2001
    --------------------------------------------------------------
   
                             Published by the
               Electronic Privacy Information Center (EPIC)
                             Washington, D.C.
   
              http://www.epic.org/alert/EPIC_Alert_8.19.html
   
=======================================================================
Table of Contents
=======================================================================
   
[1] Congress Urged to Carefully Consider Anti-Terrorism Proposals
[2] In Defense of Freedom Coalition Launches
[3] Judiciary Approves Limited Monitoring, Standards for Case Files
[4] International Developments on Cybercrime and Terrorism
[5] New Developments in Face Recognition Technology
[6] Microsoft Opens Passport to Competition and More Web Profiling
[7] EPIC Bookstore - Privacy & Human Rights 2001
[8] Upcoming Conferences and Events
   
=======================================================================
[1] Congress Urged to Carefully Consider Anti-Terrorism Proposals
=======================================================================
   
As Congress prepares to consider the Administration's far-reaching
Anti-Terrorism Act of 2001, the Electronic Privacy Information Center
on Monday urged careful consideration of proposals that could
significantly erode Internet privacy and constitutional rights.
Included in the proposed legislation are provisions that would
authorize and expand the use of the FBI's controversial Carnivore
system, limit judicial oversight of government surveillance
activities, erode the traditional separation of domestic law
enforcement and foreign intelligence functions, and authorize
surreptitious police entries in all criminal investigations.
   
The House Judiciary Committee heard testimony yesterday from Attorney
General John Ashcroft and other Justice Department officials.  In
response to civil liberties concerns raised by members on both sides
of the aisle, Committee Chair James Sensenbrenner (R-WI) postponed
until next week a mark-up session on the proposed bill, which was
initially scheduled for today.  The Senate Intelligence Committee also
held a hearing on the proposal yesterday.  The Attorney General is
appearing before the Senate Judiciary Committee today.
   
David L. Sobel, EPIC's General Counsel, said, "This is a major piece
of legislation that addresses complex issues involving rapidly
developing technology.  While we all recognize the urgency of the
situation our country now faces, we shouldn't rush to enact new laws
that could jeopardize the freedoms that form the basis of our
democracy."  Specifically, in a legislative analysis released on
Monday, EPIC urged Congress to be guided by the following factors as
it considers the anti-terrorism bill:
   
- Law enforcement and intelligence agencies already possess broad
authority to conduct investigations of suspected terrorist activity.
   
- Any expansion of existing authorities should be based upon a clear
and convincing demonstration of need.
   
- Congress should assess the likely effectiveness of any proposed new
powers in combating the threats posed by terrorist activity.
   
- Any new authorities deemed necessary should be narrowly drawn to
protect the privacy and constitutional rights of the millions of
law-abiding citizens who use the Internet and other communications
media on a daily basis.
   
- The longstanding distinction between domestic law enforcement and
foreign intelligence collection should be preserved to the greatest
extent possible consistent with the need to detect and prevent
terrorist activity.
   
- Expanded investigative powers should be limited to the investigation
of terrorist activity and should not be made generally applicable to
all criminal investigations.
   
EPIC's analysis of provisions of the Anti-Terrorism Act of 2001
affecting communications and information privacy is available at:
   
     http://www.epic.org/privacy/terrorism/ata_analysis.html
   
=======================================================================
[2] In Defense of Freedom Coalition Launches
=======================================================================
   
A broad and diverse coalition of civil liberties, religious, consumer,
and other advocacy groups has organized to defend American freedoms in
the wake of terrorist attacks against the country.  At a National
Press Club event on September 20, the coalition released a ten-point
statement that urges legislators to consider new proposals calmly and
deliberately and to protect the civil liberties that define the
American way of life.
   
The statement, "In Defense of Freedom," has already been endorsed by
over 150 organizations, 300 law professors, and 40 computer
scientists.  Members of the public are also encouraged to endorse the
statement.  Individuals can show their support by sending e-mail to:
   
     endorse@indefenseoffreedom.org
     (with the subject line "I Endorse")
   
Organizations wishing to endorse the statement should e-mail
sshin@dcaclu.org for more information.
   
The In Defense of Freedom statement is available online at:
   
     http://www.indefenseoffreedom.org/
   
Endorse the In Defense of Freedom statement:
   
     http://www.indefenseoffreedom.org/endorse.html
   
=======================================================================
[3] Judiciary Approves Limited Monitoring, Standards for Case Files
=======================================================================
   
The Judicial Conference, the chief policymaking body for the federal
courts, has approved policies relating to employee Internet monitoring
and privacy protections for electronic case files.
   
The new policy on Internet monitoring allows the Administrative
Offices of the U.S. Courts to monitor employees' computers to detect
transfers of pornography and large media files over the Internet.  In
addition, certain services, such as Napster, will be blocked. However,
the Administrative Office will be prohibited from monitoring the
e-mail communications of judges and their staff.
   
The Judicial Conference adopted the Internet use policy drafted by the
federal Chief Information Officers Council as a minimum nationwide
standard.  The policy will allow judicial employees limited access to
the Internet for personal use.  In addition, a controversial portion
of the use policy that eliminated employees' reasonable expectation of
privacy has been tabled for more consideration in committee.
   
Judges and commentators have raised objections to Internet monitoring
of judicial networks recently.  EPIC sent a letter to the Judicial
Conference urging the body to end the practice of monitoring, warning
that the monitoring may violate the Electronic Communications Privacy
Act (ECPA) and that merely giving employees notice of the monitoring
would not cure the underlying Fourth Amendment issues.
   
The Judicial Conference also approved a policy that will enhance
privacy protections for public access to electronic to case files
(ECF).  Electronic access to case files raises new risks of identity
theft, harassment, and profiling, as they are becoming more easily
accessible and contain detailed personal information.  The new rules
provide notice to litigants, and place specific restrictions on the
availability of personal information within civil case files.
Electronic access to criminal case files will be delayed until safety
concerns can be addressed.
   
EPIC filed comments and testified to the Judicial Conference earlier
this year in support of greater protections for ECF.  Many of EPIC's
recommendations are embodied in the Judicial Conference policy.
   
Judicial Conference Press Release on Internet Use and Electronic Case
File Availability (PDF):
   
     http://www.uscourts.gov/Press_Releases/jc901a.pdf
   
EPIC Letter to the Judicial Conference on Employee Monitoring:
   
     http://www.epic.org/privacy/workplace/judicialmonitoring.html
   
Report on Privacy and Public Access to Electronic Case Files:
   
     http://www.uscourts.gov/Press_Releases/att81501.pdf
   
EPIC's comments on electronic public access to case files:
   
     http://www.epic.org/open_gov/ecfcomments.html
   
=======================================================================
[4] International Developments on Cybercrime and Terrorism
=======================================================================
   
On September 19, the Council of Europe Convention on Cybercrime was
approved by the Committee of Minister's Deputies.  It will be
presented to the Committee of Ministers for formal adoption in
November.  The Treaty will then be open for signature by the 43 member
states of the Council of Europe and other countries, such as the
United States, Canada and Australia, that contributed to the drafting
process.  It will come into force as soon as five countries, including
three of the member states, have ratified it.
   
The Convention is the first international treaty to address crimes
committed in "Cyberspace" including breach of copyright, computer-
related fraud, child pornography and hacking.  The convention requires
signatory countries to ensure that their laws meet uniform standards
relating to a wide range of investigative powers, including electronic
surveillance and access to user records maintained by communications
operators.  During its negotiation, the Convention was strongly
criticized by the Global Internet Liberty Campaign, a coalition of
international privacy, security and civil liberties organizations, and
the European Privacy Commissioners as disproportionately weighted in
favor of law enforcement interests.
   
In response to the terrorist attacks of September 11, the Council of
Europe is also considering new anti-terrorist proposals.  On September
21 a special meeting of the Committee of Ministers was held to discuss
this issue and a request for "an urgent debate on democracies facing
terrorism" has been presented to the Parliamentary Assembly.
   
Terrorism is also high on the agenda at the European Union.  On
September 20, the European Commission presented two important policy
initiatives: a "Framework Decision on combating terrorism" and a
"Framework Decision on an EU Arrest Warrant" to a special meeting of
the European  Justice and Home Affairs Ministers in Brussels.  The
main objective of these initiatives is to increase co-operation
between police and intelligence services through the Europol network,
to agree on a common definition of terrorism, to harmonize penalties
and sanctions for terrorist acts to abolish formal extradition
procedures among EU states and to introduce a common arrest warrant to
cover all forms of crime, not just terrorism.  The EU Justice and Home
Affairs Ministers approved the more than 30 measures contained in
these documents and stressed the need for speed in their
implementation. They vowed to secure agreement and support from their
national governments by December.
   
On September 24, Marc Rotenberg, Executive Director of EPIC, addressed
these and other issues at the 23rd International Conference of Data
Commissioners which is taking place in Paris, France.
   
Council of Europe Press Release, "First International Treaty to Combat
Crime in Cyberspace Approved by Ministers' Deputies,"
   
     http://press.coe.int/cp/2001/646a(2001).htm
   
Council of Europe Press Release, "Democracies Facing Terrorism on the
Agenda for the Autumn," September 21, 2001:
   
     http://press.coe.int/cp/2001/626a(2001).htm
   
European Union Initiatives:
   
     http://www.europa.eu.int/comm/dgs/justice_home/index_en.htm
   
Information on the 23rd International Data Commissioners' Conference:
   
     http://www.paris-conference-2001.org
   
=======================================================================
[5] New Developments in Face Recognition Technology
=======================================================================
   
Visionics Corporation, maker of the Face-It facial recognition
technology currently used in the Ybor City district of Tampa, Florida,
released on Monday a white paper entitled "Protecting Civilization
>From The Faces Of Terror."  The document analyzes the role of facial
recognition technology in airport security, and addresses the need for
responsible use guidelines to prevent the abuse of the technology.  It
identifies five key areas relating to the use of biometric
technologies for airport security: Facial Screening and Surveillance,
Automated Biometric-Based Boarding, Screening of Airport Employees,
Physical Security, and Intelligence Data Mining.  While the document
claims to be cognizant of privacy concerns, the introduction of data
mining raises the important issue that information in face recognition
databases could possibly be shared with third parties.
   
In related news, the federal government is considering the
installation of facial recognition technology at Washington's Reagan
National Airport, among others, as a measure to increase security. 
Cameras would be installed at security checkpoints and possibly linked
to each other so that information about suspected terrorists could be
transmitted to government officials via the Internet.  A government
committee appointed by Transportation Secretary Norman Mineta was
briefed on Thursday and told that equipment could be installed and
operating within a few weeks.  Dr. Joseph Atick, president of
Visionics, has said that the federal government should adopt rules to
regulate face recognition databases and protect the privacy of the
public.  Dr. Atick continued to say that Visionics was "not going to
walk away from the privacy issues we've previously raised."
   
EPIC Advisory Board member Phil Agre has written an essay entitled
"Your Face is Not a Bar Code: Arguments Against Automatic Face
Recognition in Public Places," which carefully examines privacy issues
raised by the use of this technology.
   
Visionics Corporation's white paper is available (PDF) at:
   
  http://www.visionics.com/newsroom/downloads/whitepapers/counterterrorism.pdf
     
Phil Agre's essay, "Your Face is Not a Bar Code":
   
     http://dlis.gseis.ucla.edu/people/pagre/bar-code.html
     
EPIC's Face Recognition Information Page:
   
     http://www.epic.org/privacy/facerecognition/
   
=======================================================================
[6] Microsoft Opens Passport to Competition and More Web Profiling
=======================================================================
   
In an attempt to create a single identity for all web users, Microsoft
has opened its Passport system to allow competitors and others to
employ the identification and authentication scheme.  As a result,
e-commerce companies could employ the identification and
authentication system by participating in a "federated" Passport
network.
   
While opening the Passport system is likely intended to allay
antitrust concerns, it creates new privacy risks for Internet users.
The opening of Passport is intended to facilitate the spread of
personalization services that are dependent on identification.  It
could result in more sites requiring that an individual reveal one's
identity in order to view content or enjoy web services.  Microsoft
has used Passport to require user identification before viewing
support pages.
   
In July, EPIC and fourteen other organizations filed a complaint with
the Federal Trade Commission (FTC) alleging that Microsoft violated
consumer protection law by tying Passport to the Windows XP operating
system.  EPIC continues to pursue the complaint, and Commission action
is likely to be announced after the new FTC chair, Timothy Muris,
announces the agency's new approach to privacy in early October.
   
EPIC's page on Microsoft Passport:
   
     http://www.epic.org/privacy/consumer/microsoft/
   
=======================================================================
[7] EPIC Bookstore - Privacy & Human Rights 2001
=======================================================================
   
* JUST PUBLISHED! *
   
Privacy & Human Rights: An International Survey of Privacy Laws and
Developments (EPIC 2001)
   
     http://www.powells.com/cgi-bin/biblio?partner_id=24075&cgi=biblio&show=trade+paper:new:1131377354:20.00
   
This annual report by EPIC and Privacy International reviews the state
of privacy in over fifty countries around the world.  It outlines
legal protections for privacy, new challenges, and summarizes
important issues and events relating to privacy and surveillance.
Updated and expanded for 2001, the report includes new sections on
genetic privacy, location tracking, authentication and identification
requirements, electronic numbering, corporate sharing of information
with governments, and the privacy implications of digital rights
management schemes.
   
                   ================================
   
EPIC Publications:
   
"Privacy & Human Rights 2001: An International Survey of Privacy Laws
and Developments," (EPIC 2001). Price: $20.
http://www.epic.org/bookstore/phr2001/
   
This survey, by EPIC and Privacy International, reviews the state of
privacy in over fifty countries around the world.  The survey examines
a wide range of privacy issues including, data protection, telephone
tapping, genetic databases, ID systems and freedom of information
laws.
   
                   ================================
   
"The Privacy Law Sourcebook 2001: United States Law, International
Law, and Recent Developments," Marc Rotenberg, editor (EPIC 2001).
Price: $40. http://www.epic.org/bookstore/pls2001/
   
The "Physicians Desk Reference of the privacy world." An invaluable
resource for students, attorneys, researchers and journalists who need
an up-to-date collection of U.S. and International privacy law, as
well as a comprehensive listing of privacy resources.
   
                   ================================
   
"Filters and Freedom 2.0: Free Speech Perspectives on Internet Content
Controls" (EPIC 2001). Price: $20.
http://www.epic.org/bookstore/filters2.0/
   
A collection of essays, studies, and critiques of Internet content
filtering.  These papers are instrumental in explaining why filtering
threatens free expression.
   
                   ================================
   
"The Consumer Law Sourcebook 2000: Electronic Commerce and the Global
Economy," Sarah Andrews, editor (EPIC 2000). Price: $40.
http://www.epic.org/cls/
   
The Consumer Law Sourcebook provides a basic set of materials for
consumers, policy makers, practitioners and researchers who are
interested in the emerging field of electronic commerce.  The focus is
on framework legislation that articulates basic rights for consumers
and the basic responsibilities for businesses in the online economy.
   
                   ================================
   
"Cryptography and Liberty 2000: An International Survey of Encryption
Policy," Wayne Madsen and David Banisar, authors (EPIC 2000).
Price: $20. http://www.epic.org/crypto&/
   
EPIC's third survey of encryption policies around the world. The
results indicate that the efforts to reduce export controls on strong
encryption products have largely succeeded, although several
governments are gaining new powers to combat the perceived threats of
encryption to law enforcement.
   
                   ================================
   
Additional titles on privacy, open government, free expression,
computer security, and crypto, as well as films and DVDs can be
ordered through the EPIC Bookstore: http://www.epic.org/bookstore/
   
=======================================================================
[8] Upcoming Conferences and Events
=======================================================================
   
WorkSurv: A Seminar on the Technical, Legal & Business Issues of
Workplace Surveillance. Privacy Foundation. September 25, 2001.
Denver, CO. For more information:
http://www.privacyfoundation.org/worksurv.asp
   
Health Information Privacy: Dialogue with the Stakeholders. Riley
Information Services, Inc. September 28, 2001. Ottawa, Canada. For
more information: http://www.rileyis.com/seminars/
   
Privacy2001: Information, Security & Ethics for the New Century.
Technology Policy Group. October 3-4, 2001. Cleveland, OH. For more
information: http://www.privacy2000.org/
   
Consumers and Utilities. Residential Utilities Services: Meeting
Consumer Energy and Communications Needs in a Dynamic Marketplace.
Consumer Federation of America. October 4-5, 2001. Washington, D.C.
For more information: http://www.consumerfed.org/
   
Call for Proposals - October 15, 2001. CFP 2002: The Twelfth
Conference on Computers, Freedom & Privacy. April 16-19, 2002. San
Francisco, CA. For more information: http://www.cfp2002.org/
   
Privacy: The New Management Imperative - Chief Privacy Officer
Training Program. Southern Methodist University and Privacy Council.
October 15-17, 2001. Dallas, TX. For more information:
http://execdev.cox.smu.edu/
   
Nurturing the Cybercommons, 1981-2021. Computer Professionals for
Social Responsibility (CPSR) 20th Anniversary Conference and Wiener
Award Dinner. October 19-21, 2001. Ann Arbor, MI. For more
information: http://www.cpsr.org/
   
The New HIPAA Privacy Rule: Guiding Your Clients Through the
Implementation Process. Practising Law Institute. October 24, 2001.
New York, NY. For more information: http://www.pli.edu/
   
The Third National HIPAA Summit: From Theory to Practice - From
Planning to Implementation. October 24-26, 2001. Washington, DC. For
more information: http://www.hipaasummit.com/
   
The 29th Research Conference on Communication, Information and
Internet Policy. Telecommunications Policy Research Conference.
October 27-29, 2001. Alexandria, VA. For more information:
http://www.tprc.org/
   
The 8th Annual Centre for Applied Cryptographic Research (CACR)
Information Security Workshop: The Human Face of Privacy Technology.
University of Waterloo and Information and Privacy Commission/Ontario.
November 1-2, 2001. Toronto, Ontario. For more information:
http://www.cacr.math.uwaterloo.ca/
   
Symposium on Privacy and Security 2001. Foundation for Data Protection
and Information Security. November 1-2, 2001. Zurich, Switzerland. For
more information: http://www.privacy-security.ch/
   
Workshop on Security and Privacy in Digital Rights Management 2001.
Eighth Association for Computing Machinery (ACM) Conference on
Computer and Communications Security. November 5, 2001. Philadelphia,
PA. For more information: http://www.star-lab.com/sander/spdrm/
   
Privacy: The New Management Imperative - Chief Privacy Officer
Training Program. Cambridge University and Privacy Council. November
5-8, 2001. Cambridge, England. For more information:
kturner@privacycouncil.com
   
Learning for the Future. Business for Social Responsibility's Ninth
Annual Conference. November 7-9, 2001. Seattle, WA. For more
information: http://www.bsr.org/events/2001.asp
   
Information Operations: Applying Power in the Information Age. Jane's
Information Group. November 14-15, 2001. Washington, DC. For more
information:
http://www.janes.com/security/conference/info_op/info_op.shtml
   
Information Gathering in the 21st Century. Seton Hall Law School.
November 16, 2001. South Orange, NJ. For more information: ilst@shu.edu
   
Managing Privacy of Health Information. The Canadian Institute.
November 19-20, 2001. Vancouver, British Columbia. For more
information: http://www.CanadianInstitute.com/
   
Call for Papers - December 1, 2001. 11th Annual EICAR & 3rd European
Anti-Malware Conference. European Institute for Computer Anti-Virus
Research (EICAR). June 8-11, 2002. Berlin, Germany. For more
information: http://conference.eicar.org/
   
Call for Papers - December 10, 2001. Workshop on Privacy Enhancing
Technologies 2002. April 14-15, 2002. San Francisco, CA. For more
information: http://www.pet2002.org/
   
=======================================================================
Subscription Information
=======================================================================
   
Subscribe/unsubscribe via Web interface:
   
      http://mailman.epic.org/cgi-bin/mailman/listinfo/epic_news/
   
Subscribe/unsubscribe via email: epic_news-request@mailman.epic.org
subject line: "subscribe" or "unsubscribe"
   
Back issues are available at:
   
      http://www.epic.org/alert/
   
=======================================================================
Privacy Policy
=======================================================================
   
The EPIC Alert mailing list is used only to mail the EPIC Alert and to
send notices about EPIC activities.  We do not sell, rent or share our
mailing list.  We also intend to challenge any subpoena or other legal
process seeking access to our mailing list.  We do not enhance (link
to other databases) our mailing list or require your actual name.
   
In the event you wish to subscribe or unsubscribe your email address
from this list, please follow the above instructions under
"subscription information".  Please contact info@epic.org if you have
any other questions.
   
=======================================================================
About EPIC
=======================================================================
   
The Electronic Privacy Information Center is a public interest
research center in Washington, DC.  It was established in 1994 to
focus public attention on emerging privacy issues such as the Clipper
Chip, the Digital Telephony proposal, national ID cards, medical
record privacy, and the collection and sale of personal information.
EPIC publishes the EPIC Alert, pursues Freedom of Information Act
litigation, and conducts policy research.  For more information,
e-mail info@epic.org, http://www.epic.org or write EPIC, 1718
Connecticut Ave., NW, Suite 200, Washington, DC 20009.
+1 202 483 1140 (tel), +1 202 483 1248 (fax).
   
If you'd like to support the work of the Electronic Privacy
Information Center, contributions are welcome and fully
tax-deductible.  Checks should be made out to "EPIC" and sent to
1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009.
Or you can contribute online at
http://www.guidestar.org/aol/search/report/report.adp?ein=52-2225921
   
Your contributions will help support Freedom of Information Act and
First Amendment litigation, strong and effective advocacy for the
right of privacy and efforts to oppose government regulation of
encryption and expanding wiretapping powers.
   
Thank you for your support.
   
   ---------------------- END EPIC Alert 8.19 -----------------------
   
   
.