============================================================== @@@@ @@@@ @@@ @@@@ @ @ @@@@ @@@@ @@@@@ @ @ @ @ @ @ @ @ @ @ @ @ @@@@ @@@ @ @ @@@@@ @ @@@ @@@ @ @ @ @ @ @ @ @ @ @ @ @ @@@@ @ @@@ @@@@ @ @ @@@@ @@@@ @ @ @ ============================================================== Volume 9.13 July 11, 2002 -------------------------------------------------------------- Published by the Electronic Privacy Information Center (EPIC) Washington, D.C. http://www.epic.org/alert/EPIC_Alert_9.13.html ======================================================================= Table of Contents ======================================================================= [1] EPIC Urges Accountability for Homeland Security Department [2] Supreme Court Limits FERPA, Expands Student Drug Testing [3] EU Confirms Probe of Microsoft Passport [4] Privacy Groups Demand Protection of Users' Anonymity Online [5] DC Police Use Surveillance Cameras on the Fourth of July [6] EPIC Bill-Track: New Bills in Congress [7] EPIC Bookstore - The Organization Man [8] Upcoming Conferences and Events ======================================================================= [1] EPIC Urges Accountability for Homeland Security Department ======================================================================= In testimony before the House Energy and Commerce Committee on July 9, EPIC General Counsel David Sobel urged rejection of a proposal to exempt from the Freedom of Information Act (FOIA) large amounts of material relating to "infrastructure protection" and counter-terrorism measures. Testifying on the Bush Administration's legislation to create a new Department of Homeland Security, Sobel said an FOIA exemption would "cast a shroud of secrecy over one of the Department's critical functions, removing any semblance of meaningful public accountability." The secrecy provision is the latest in a series of proposals designed to encourage private sector operators of "critical infrastructures" to voluntarily share with the government information concerning security flaws and other vulnerabilities in their systems. A broad coalition of civil liberties, environmental and consumer organizations has expressed serious concerns about such proposals, which would render the public unable to hold the new Department accountable should it fail to make effective use of information it obtains. As Sobel told the committee, "What did DHS know and when did it know it?" is a question that will go unanswered if the secrecy provision becomes law. Sobel also noted that a new FOIA exemption designed to protect voluntarily-submitted private sector information is not needed. FOIA caselaw makes it clear that existing exemptions contained in the Act provide adequate protection against harmful disclosures of "critical infrastructure information." Most significantly, Exemption 4, which protects against disclosures of trade secrets and confidential information, extends to virtually all of the "critical infrastructure" material that properly could be withheld from disclosure. Exemption proponents have not cited a single instance in which a federal agency has disclosed voluntarily submitted data against the express wishes of an industry submitter. In his testimony, Sobel noted the irony of Congress discussing the desire of private companies to keep secret potentially embarrassing information at a time when the disclosure practices of many in the business world are being scrutinized. He told the committee that "if a company is willing to fudge its financial numbers to maintain its stock price, it would be similarly inclined to hide behind a 'critical infrastructure' FOIA exemption in order to conceal gross negligence in its maintenance and operation of a chemical plant or a transportation system." The secrecy provision is becoming a key point of contention as Congress quickly moves to finalize Homeland Security legislation. House action on the bill is scheduled to be completed tomorrow, July 12. EPIC's testimony on the Homeland Security bill is available at: http://www.epic.org/security/infowar/07_02_testimony.html Background information is available at EPIC's Critical Infrastructure Protection page: http://www.epic.org/security/infowar/resources.html ======================================================================= [2] Supreme Court Limits FERPA, Expands Student Drug Testing ======================================================================= The Supreme Court concluded its 2001 term with two decisions that will diminish student privacy. In Gonzaga University v. Doe, a University official informed a state teacher licensing board that a graduate was accused of sexual misconduct. The graduate sued under the Family Education Rights and Privacy Act of 1974 (FERPA), a law that conditions federal funding on the protection of students' educational records. The Court held that FERPA does not create an individual right to sue. Instead, enforcement of the privacy protections rests with the Secretary of Education where a educational institution has a "policy or practice" of disclosing student records inappropriately. In a dissenting opinion, Justices Stevens and Ginsburg argued that FERPA does create individual rights, and that every federal circuit court had recognized an individual right to bring suit under the statute. In Board of Ed. v. Earls, the Supreme Court expanded the ability of school administrators to engage in suspicionless drug testing of students. In the case, a student was required to submit a urine sample in order to participate in non-athletic extracurricular activities such as choir and an academic club. The Court reasoned that drug tests were justified under the "special needs" exception to the Fourth Amendment because the students had a reduced expectation of privacy and because the government has a interest in preventing drug use. In a strong dissent, four justices called the testing plan "perverse," as it targeted students who were least likely to engage in illegal drug use. Gonzaga Univ. v. Doe, No. 01-679, 536 U.S. ___ (2002). http://www.supremecourtus.gov/opinions/01pdf/01-679.pdf Board of Ed. of Independent School Dist. No. 92 of Pottawatomie Cty. v. Earls, No. 01-332, 536 U.S. ___ (2002): http://www.supremecourtus.gov/opinions/01pdf/01-332.pdf ======================================================================= [3] EU Confirms Probe of Microsoft Passport ======================================================================= European Union (EU) officials have issued their first official confirmation of an investigation into the Microsoft Passport identification and authentication service. The Article 29 Working Party has issued a statement outlining legal issues raised by the Passport system. The Working Party will inquire into whether Microsoft is giving individuals adequate notice of information processing and transferring of data; whether adequate consent from the individual is being obtained; whether Passport affiliates have adequate privacy protection rules; whether Passport's use of a unique identifier is necessary; the quality of data collected by the system; the rights of individuals to access or delete their Passport profile; and the security risks in the Passport system. The stakes are rising because Microsoft recently announced plans to implement a Digital Rights Management Operating System called "Palladium." The Palladium system would limit the use of content through software and hardware controls. These controls could also be used to identify individuals and eliminate anonymous communication. Additionally, in order to legitimize the Passport system, Microsoft has begun a partnership to develop Passport as an authentication tool for credit card transactions. A competing identification system, called Project Liberty, is also developing. This week, the project's sponsors will release the specifications for their federated identification scheme. Project Liberty presents the same risks as Microsoft's Passport. It will likely be used to profile individuals' web surfing habits, as the group's stated goals include the ability to "[e]nable commercial and non-commercial organizations to realize new revenue and cost saving opportunities that economically leverage their relationships with customers, business partners, and employees." "First orientations of the Article 29 Working Party concerning on-line authentication services," EU Article 29 Working Party, July 2, 2002 (PDF document): http://www.epic.org/redirect/eu_redirect.html EPIC's Passport Investigation Docket Page: http://www.epic.org/privacy/consumer/microsoft/passport.html EPIC's Sign Out of Passport Page: http://www.epic.org/privacy/consumer/microsoft/ ======================================================================= [4] Privacy Groups Demand Protection of Users' Anonymity Online ======================================================================= In a letter sent to over 100 Internet Service Providers (ISPs), Internet discussion boards, and other online companies, EPIC, in a coalition of civil liberties and privacy groups, urged the adoption of policies protecting the rights of users to engage in anonymous speech over the Internet. The letter asked each company to include in its privacy policy a promise that it would notify any customer whose personal information or identity is subpoenaed. The Supreme Court has repeatedly found that anonymous speech is a right protected by the First Amendment. That right has come under attack in recent years through a growing number of "cyberSLAPP" (Strategic Lawsuits Against Public Participation) lawsuits, in which companies file suit just to discover the identity of their online critics -- often in order to silence or intimidate them. In a cyberSLAPP suit, the target of anonymous online criticism typically files a lawsuit against an anonymous "John Doe" defendant and then issues an identity-seeking subpoena to an ISP. CyberSLAPP cases are considered unfair because the 'punishment' that often matters most to average citizens (i.e. the loss of anonymity) comes not after consideration and judgment by a court or jury, but as a result of the mere filing of a lawsuit. Although some online service providers already notify their customers when they receive subpoenas for identifying information, there is currently no legal requirement that ISPs notify their customers before complying with such subpoenas, even though many of the lawsuits are frivolous and have no chance of prevailing in court. The anti-SLAPP coalition also announced the unveiling of a new Web site that includes a broad range of information about the cyberSLAPP issue, from a "Frequently Asked Questions" list for the general public to legal briefs and other detailed information about ongoing legal battles. The new cyberSLAPP Web site is available at: http://www.cyberslapp.org/ EPIC's Free Speech Page: http://www.epic.org/free_speech/ ======================================================================= [5] DC Police Use Surveillance Cameras on the Fourth of July ======================================================================= The United States Park Police and District of Columbia Police operated video surveillance cameras during the Fourth of July festivities on the National Mall. The Park Police said they installed temporary cameras and would draft guidelines for their permanent use. Discussion of the cameras' installation came as a surprise to the congressional committee overseeing the District of Columbia, prompting members of the committee to call for guidelines that would treat the use of video surveillance like any other form of electronic surveillance. EPIC sought details of the Park Police plans in March under open government law, but was informed that no records existed. EPIC is currently seeking under the Freedom of Information Act any records of surveillance conducted by the Park Police during the July 4th celebration. ACTION: DC Council Considers Cameras - Your Views Still Needed The District of Columbia has extended the deadline for accepting public comments on the video surveillance regulations until July 27, 2002. You should act now to express your views on this matter. Send your comments via our link below, or send them directly to: Ms. Phyllis Jones, Secretary to the Council, Suite 5, John A. Wilson Building, 1350 Pennsylvania Avenue, N.W., Washington, DC 20004. DC Surveillance Comment page: http://www.epic.org/privacy/surveillance/comments.html EPIC's Video Surveillance page: http://www.epic.org/privacy/surveillance/ Observing Surveillance: http://www.observingsurveillance.org/ ======================================================================= [6] EPIC Bill-Track: New Bills in Congress ======================================================================= *House* H.R.4757 Our Lady of Peace Act. To improve the national instant criminal background check system, and for other purposes. Sponsor: Rep McCarthy, Carolyn (D-NY). Latest Major Action: 5/16/2002 Referred to House committee. Latest Status: Referred to the House Committee on the Judiciary. Committees: House Judiciary. H.R.4779 To authorize appropriations for fiscal years 2002 through 2004 for the United States Customs Service for antiterrorism, drug interdiction, and other operations, for the Office of the United States Trade Representative, for the United States International Trade Commission, and for other purposes. Sponsor: Rep Crane, Philip M. (R-IL). Latest Major Action: 5/21/2002 Referred to House committee. Latest Status: Referred to the House Committee on Ways and Means. Committees: House Ways and Means. H.R.4860 United States Commission on an Open Society with Security Act. To establish the United States Commission on an Open Society with Security. Sponsor: Rep Norton, Eleanor Holmes (D-DC). Latest Major Action: 6/5/2002 Referred to House subcommittee. Latest Status: Referred to the Subcommittee on Economic Development, Public Buildings and Emergency Management. Committees: House Transportation and Infrastructure. H.R.5005 Homeland Security Act of 2002. To establish the Department of Homeland Security, and for other purposes. Sponsor: Rep Armey, Richard K. (R-TX). Latest Major Action: 6/27/2002 House committee/subcommittee actions. Latest Status: Committee Hearings Held. Committees: House Select Committee on Homeland Security; House Agriculture; House Appropriations; House Armed Services; House Energy and Commerce; House Financial Services; House Government Reform; House Select Committee on Intelligence; House International Relations; House Judiciary; House Science; House Transportation and Infrastructure; House Ways and Means. H.R.5057 To prevent and punish counterfeiting and copyright piracy, and for other purposes. Sponsor: Rep Smith, Lamar (R-TX). Latest Major Action: 6/27/2002 Referred to House committee. Latest Status: Referred to the House Committee on the Judiciary. Committees: House Judiciary. H.R.5061 To amend part D of title IV of the Social Security Act to improve the collection of child support arrears in interstate cases. Sponsor: Rep Woolsey, Lynn C. (D-CA). Latest Major Action: 6/27/2002 Referred to House committee. Latest Status: Referred to the House Committee on Ways and Means. Committees: House Ways and Means. *Senate* S.2476 International Cooperation Against Terrorism Act of 2002. A bill to improve antiterrorism efforts, and for other purposes. Sponsor: Sen Schumer, Charles E. (D-NY). Latest Major Action: 5/8/2002 Referred to Senate committee. Latest Status: Read twice and referred to the Committee on Foreign Relations. Committees: Senate Foreign Relations. S.2534 Reducing Crime and Terrorism at America's Seaports Act of 2002. A bill to reduce crime and prevent terrorism at America's seaports. Sponsor: Sen Biden Jr., Joseph R. (D-DE). Latest Major Action: 5/21/2002 Referred to Senate committee. Latest Status: Read twice and referred to the Committee on Finance. Committees: Senate Finance. S.2537 Dot Kids Implementation and Efficiency Act of 2002. A bill to facilitate the creation of a new, second-level Internet domain within the United States country code domain that will be a haven for material that promotes positive experiences for children and families using the Internet, provides a safe online environment for children, and helps to prevent children from being exposed to harmful material on the Internet, and for other purposes. Sponsor: Sen Dorgan, Byron L. (D-ND). Latest Major Action: 5/21/2002 Referred to Senate committee. Latest Status: Referred to the Committee on Commerce, Science, and Transportation. Committees: Senate Commerce, Science, and Transportation. S.2541 Identity Theft Penalty Enhancement Act of 2002. A bill to amend title 18, United States Code, to establish penalties for aggravated identity theft, and for other purposes. Sponsor: Sen Feinstein, Dianne (D--CA). Latest Major Action: 5/22/2002 Referred to Senate committee. Latest Status: Read twice and referred to the Committee on the Judiciary. Committees: Senate Judiciary. S.2629 Federal Privacy and Data Protection Policy Act of 2002. A bill to provide for an agency assessment, independent review, and Inspector General report on privacy and data protection policies of Federal agencies, and for other purposes. Sponsor: Sen Torricelli, Robert G. (D-NJ). Latest Major Action: 6/17/2002 Referred to Senate committee. Latest Status: Read twice and referred to the Committee on Governmental Affairs. Committees: Senate Governmental Affairs. S.2659 To amend the Foreign Intelligence Surveillance Act of 1978 to modify the standard of proof for issuance of orders regarding non-United States persons from probable cause to reasonable.... A bill to amend the Foreign Intelligence Surveillance Act of 1978 to modify the standard of proof for issuance of orders regarding non-United States persons from probable cause to reasonable suspicion. Sponsor: Sen DeWine, Michael (R-OH). Latest Major Action: 6/20/2002 Referred to Senate committee. Latest Status: Read twice and referred to the Committee on Intelligence. Committees: Senate Intelligence. S.2661 Video Voyeurism Act of 2002. A bill to amend title 18, United States Code, to prohibit video voyeurism in the special maritime and territorial jurisdiction of the United States. Sponsor: Sen DeWine, Michael (D-OH). Latest Major Action: 6/20/2002 Referred to Senate committee. Latest Status: Read twice and referred to the Committee on the Judiciary. Committees: Senate Judiciary. S.2686 A bill to strengthen national security by providing whistleblower protections to certain employees at airports, and for other purposes. Sponsor: Sen Grassley, Charles E. (R-IA). Latest Major Action: 6/26/2002 Referred to Senate committee. Latest Status: Read twice and referred to the Committee on Commerce, Science, and Transportation. Committees: Senate Commerce, Science, and Transportation. EPIC Bill Track: Tracking Privacy, Speech, and Cyber-Liberties Bills in the 107th Congress, is available at: http://www.epic.org/privacy/bill_track.html ======================================================================= [7] EPIC Bookstore - The Organization Man ======================================================================= The Organization Man, by William H. Whyte Jr. (1st Ed. 1956) http://www.epic.org/bookstore/powells/redirect/alert913.html The youth have abandoned Protestant values of individualism and competitive struggle for a collectivist system that emphasizes survival of the group and blunts creative spirit and ambition. So argued William H. Whyte Jr. in "The Organization Man," a book detailing the decline of American values for a culture of conformity. At its first printing in 1956, the book had a profound effect. Last month, the University of Pennsylvania Press republished the text with an afterword by Whyte's wife. Whyte writes with disdain for the organization, be it the corporation, the labor union, university, or law firm -- any entity that dictates that creativity only flows from "group think," that "belongingness" is the desire of every individual, and that science can be applied to individuals in order to create organization men. The brotherhood of the organization is in reality a prison, a slave morality that employs mindless social science to control deviance and to create a bland, predictable life. Organization grade schools turn introverts into extroverts. Organization churches ignore basic religious tradition in order to appeal to a larger audience. Organization colleges emphasize practical training over academic coursework, and use the fraternity to identify and eliminate "aberrant tendencies." And, organization businesses use tools such as the "Harwald Group-Thinkometer," to eliminate the troublesome "personality factor." For the organization to operate, individuals must believe that they do not have control over their own lives. They must believe that burning a bridge, or engaging in some form of social deviance, will result in harm to their future. This is creating a generation of people who fear authority and have abandoned their duties as moral agents in society. Whyte argues that the individual needs to fight the organization. The individual, using education and spirit, must recognize that there are conflicts between the individual and society. One way to fight, Whyte suggests, is to cheat on personality tests. Whyte's advice is to appear complacent, conservative, and submissive to group or social interests: "you should try to answer as if you were like everybody else." Whyte died in 1999. However, his ideas from 50 years ago have clearly influenced modern rejections of work- and consumption-oriented society, such as Chuck Palahniuk's "Fight Club" (1996), Mike Judge's "Office Space" (1999), and the work of Kalle Lasn and Adbusters Magazine. - Chris Hoofnagle ================================ EPIC Publications: "Privacy & Human Rights 2001: An International Survey of Privacy Laws and Developments," (EPIC 2001). Price: $20. http://www.epic.org/bookstore/phr2001/ This survey, by EPIC and Privacy International, reviews the state of privacy in over fifty countries around the world. The survey examines a wide range of privacy issues including, data protection, telephone tapping, genetic databases, ID systems and freedom of information laws. ================================ "The Privacy Law Sourcebook 2001: United States Law, International Law, and Recent Developments," Marc Rotenberg, editor (EPIC 2001). Price: $40. http://www.epic.org/bookstore/pls2001/ The "Physicians Desk Reference of the privacy world." An invaluable resource for students, attorneys, researchers and journalists who need an up-to-date collection of U.S. and International privacy law, as well as a comprehensive listing of privacy resources. ================================ "Filters and Freedom 2.0: Free Speech Perspectives on Internet Content Controls" (EPIC 2001). Price: $20. http://www.epic.org/bookstore/filters2.0/ A collection of essays, studies, and critiques of Internet content filtering. These papers are instrumental in explaining why filtering threatens free expression. ================================ "The Consumer Law Sourcebook 2000: Electronic Commerce and the Global Economy," Sarah Andrews, editor (EPIC 2000). Price: $40. http://www.epic.org/cls/ The Consumer Law Sourcebook provides a basic set of materials for consumers, policy makers, practitioners and researchers who are interested in the emerging field of electronic commerce. The focus is on framework legislation that articulates basic rights for consumers and the basic responsibilities for businesses in the online economy. ================================ "Cryptography and Liberty 2000: An International Survey of Encryption Policy," Wayne Madsen and David Banisar, authors (EPIC 2000). Price: $20. http://www.epic.org/crypto&/ EPIC's third survey of encryption policies around the world. The results indicate that the efforts to reduce export controls on strong encryption products have largely succeeded, although several governments are gaining new powers to combat the perceived threats of encryption to law enforcement. ================================ EPIC publications and other books on privacy, open government, free expression, crypto and governance can be ordered at: EPIC Bookstore http://www.epic.org/bookstore/ "EPIC Bookshelf" at Powell's Books http://www.powells.com/features/epic/epic.html ======================================================================= [8] Upcoming Conferences and Events ======================================================================= IViR International Copyright Law Summer Course. Royal Netherlands Academy of Arts and Sciences. July 8-12, 2002. Amsterdam, Netherlands. For more information: http://www.ivir.nl/ O'Reilly Open Source Convention. O'Reilly and Associates. July 22-26, 2002. San Diego, CA. For more information: http://conferences.oreilly.com/oscon/ Cyberwar, Netwar and the Revolution in Military Affairs: Real Threats and Virtual Myths. International School on Disarmament and Research on Conflicts (ISODARCO). August 3-13, 2002. Trento, Italy. For more information: http://www.isodarco.it/html/trento02.html IT and Law. University of Geneva, University of Bern, Swiss Association of IT and Law. September 9-10, 2002. Geneva, Switzerland. For more information: http://www.informatiquejuridique.ch/ ILPF Conference 2002: Security v. Privacy. Internet Law & Policy Forum. September 17-19, 2002. Seattle, WA. For more information: http://www.ilpf.org/conference2002/ Privacy2002: Information, Security & New Global Realities. Technology Policy Group. September 24-26, 2002. Cleveland, OH. For more information: http://www.privacy2000.org/privacy2002/ Bridging the Digital Divide: Challenge and Opportunities. 3rd World Summit on Internet and Multimedia. October 8-11, 2002. Montreux, Switzerland. For more information: http://www.internetworldsummit.org/ 2002 WSEAS International Conference on Information Security (ICIS '02). World Scientific and Engineering Academy and Society. October 14-17, 2002. Rio de Janeiro, Brazil. For more information: http://www.wseas.org/conferences/2002/brazil/icis/ IAPO Privacy & Security Conference. International Association of Privacy Officers. October 16-18, 2002. Chicago, IL. For more information: http://www.privacyassociation.org/html/conferences.html 3rd Annual Privacy and Security Workshop: Privacy & Security: Totally Committed. Centre for Applied Cryptographic Research, University of Waterloo and the Information and Privacy Commissioner/Ontario. University of Toronto. November 7-8, 2002. Toronto, Canada. For more information: http://www.epic.org/redirect/cacr.html 18th Annual Computer Security Applications Conference (ACSAC): Practical Solutions to Real Security Problems. Applied Computer Security Associates. December 9-13, 2002. Las Vegas, NV. For more information: http://www.acsac.org/ Third Annual Privacy Summit. International Association of Privacy Officers. February 26-28, 2003. Washington, DC. For more information: http://www.privacyassociation.org/html/conferences.html CFP2003: 13th Annual Conference on Computers, Freedom, and Privacy. Association for Computing Machinery (ACM). April 1-4, 2003. New York, NY. For more information: http://www.cfp.org/ ======================================================================= Subscription Information ======================================================================= Subscribe/unsubscribe via Web interface: http://mailman.epic.org/cgi-bin/mailman/listinfo/epic_news Subscribe/unsubscribe via email: To: epic_news-request@mailman.epic.org Subject line: "subscribe" or "unsubscribe" (no quotes) Help with subscribing/unsubscribing: To: epic_news-request@mailman.epic.org Subject: "help" (no quotes) Back issues are available at: http://www.epic.org/alert/ The EPIC Alert displays best in a fixed-width font, such as Courier. ======================================================================= Privacy Policy ======================================================================= The EPIC Alert mailing list is used only to mail the EPIC Alert and to send notices about EPIC activities. We do not sell, rent or share our mailing list. We also intend to challenge any subpoena or other legal process seeking access to our mailing list. We do not enhance (link to other databases) our mailing list or require your actual name. In the event you wish to subscribe or unsubscribe your email address from this list, please follow the above instructions under "subscription information". Please contact info@epic.org if you would like to change your subscription email address, if you are experiencing subscription/unsubscription problems, or if you have any other questions. ======================================================================= About EPIC ======================================================================= The Electronic Privacy Information Center is a public interest research center in Washington, DC. It was established in 1994 to focus public attention on emerging privacy issues such as the Clipper Chip, the Digital Telephony proposal, national ID cards, medical record privacy, and the collection and sale of personal information. EPIC publishes the EPIC Alert, pursues Freedom of Information Act litigation, and conducts policy research. For more information, e-mail info@epic.org, http://www.epic.org or write EPIC, 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009. +1 202 483 1140 (tel), +1 202 483 1248 (fax). If you'd like to support the work of the Electronic Privacy Information Center, contributions are welcome and fully tax-deductible. Checks should be made out to "EPIC" and sent to 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009. Or you can contribute online at: http://www.epic.org/donate/ ======================================================================= Drink coffee, support civil liberties, get a tax deduction, and learn Latin at the same time! Receive a free epic.org "sed quis custodiet ipsos custodes?" coffee mug with donation of $75 or more. ======================================================================= Your contributions will help support Freedom of Information Act and First Amendment litigation, strong and effective advocacy for the right of privacy and efforts to oppose government regulation of encryption and expanding wiretapping powers. Thank you for your support. ---------------------- END EPIC Alert 9.13 ----------------------- .