============================================================== @@@@ @@@@ @@@ @@@@ @ @ @@@@ @@@@ @@@@@ @ @ @ @ @ @ @ @ @ @ @ @ @@@@ @@@ @ @ @@@@@ @ @@@ @@@ @ @ @ @ @ @ @ @ @ @ @ @ @@@@ @ @@@ @@@@ @ @ @@@@ @@@@ @ @ @ ============================================================== Volume 9.25 December 19, 2002 -------------------------------------------------------------- Published by the Electronic Privacy Information Center (EPIC) Washington, D.C. http://www.epic.org/alert/EPIC_Alert_9.25.html ** HAPPY HOLIDAYS! ** ----------------------------------------------------------------------- End of Year Appeal - Support EPIC - Protect Privacy - Annoy the Snoops ----------------------------------------------------------------------- Send checks for "EPIC" to: 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009, or contribute online: http://www.epic.org/donate/ Thank you for your support. ======================================================================= Table of Contents ======================================================================= [1] FTC Announces National Do-Not-Call List for Telemarketing [2] EPIC Files Suit on "Total Information Awareness" Documents [3] Court Asked to Reconsider Faxed Warrant Decision [4] ICANN Meets in Amsterdam, Adopts By-Law Changes [5] EPIC Files Comments on Canadian Surveillance Proposal [6] New Report Finds Errors, Inconsistency in Credit Scores [7] EPIC Publications [8] Upcoming Conferences and Events ======================================================================= [1] FTC Announces National Do-Not-Call List for Telemarketing ======================================================================= The Federal Trade Commission (FTC) will create a national do-not-call (DNC) list and has adopted new regulations to give individuals greater control over telemarketing. EPIC and a coalition of consumer and civil liberties groups filed comments on the proposals earlier this year. Many of the protections suggested in the comments were incorporated in the FTC regulation. The DNC list will support both telephone and Internet enrollment. Once enrolled, individuals remain on the list for five years. Most telemarketers will be prohibited from calling individuals enrolled on the DNC list. However, charitable organizations, banks, and common carriers that have in-house telemarketing operations will not be affected by the list. In order to include those telemarketers, the Federal Communications Commission (FCC) will have to adopt new sales call regulations. The FCC requested comments on these issues earlier this month, and is said to be coordinating with the FTC to ensure comprehensive application of the DNC list. The FTC's announcement is the first step toward giving individuals greater control over telemarketing. FTC must obtain approval from Congress to charge telemarketers $16 million in order to build and administer the list. Additionally, telemarketing industry groups are likely to mount lobbying and litigation campaigns against the new protections. The industry has long used grossly-inflated statistics and questionable research methods to prevent protections against telemarketing. According to recent Direct Marketing Association figures, nearly $300 billion was spent on telemarketing in 2001. If that statistic were true, it would mean that the average household in the United States spends over $2,800 annually on goods pitched by telemarketers. Other regulations included in the FTC package include the requirement that telemarketers transmit valid caller ID information. Telemarketers also face greater restrictions on the use of predictive dialers that produce "dead air" or abandoned calls. Telemarketers will continue to be permitted to engage in "preacquired account number" sales calling, but the practice will be subject to the new rules. President Bush commended the FTC for planning a DNC list. In a statement released yesterday, he said, "Time with family is a precious commodity, and families should be given the tools they need to help prevent unwanted calls from telemarketers." FTC Do Not Call Page: http://www.ftc.gov/donotcall/ EPIC Comments on the TSR: http://www.epic.org/privacy/telemarketing/tsrcomments.html EPIC Comments on the TCPA: http://www.epic.org/privacy/telemarketing/tcpacomments.html EPIC Telemarketing Page: http://www.epic.org/privacy/telemarketing/ ======================================================================= [2] EPIC Files Suit on "Total Information Awareness" Documents ======================================================================= The Electronic Privacy Information Center on December 17 asked a federal judge to issue an emergency order requiring the Pentagon to release information about the controversial "Total Information Awareness" (TIA) program. The invasive data-mining initiative, headed by retired Admiral John Poindexter, has raised widespread privacy concerns. Within hours of the court filing, the Defense Department claimed that only one document discusses the privacy implications of TIA and released it to EPIC. The lawsuit challenges the Defense Department's continuing efforts to block EPIC's Freedom of Information Act (FOIA) requests for documents about DoD's Information Awareness Office. EPIC first requested information about the Office in February, but the Defense Department, in a very unusual move, tried to impose substantial processing fees, often applied to commercial requesters but never applied to an organization like EPIC. That earlier Pentagon action is the subject of pending litigation. The new lawsuit seeks to overturn DoD's refusal to expedite the processing of a second information request EPIC submitted on November 21. The FOIA requires agencies to expedite their handling of requests involving issues of substantial public interest. Soon after EPIC filed suit, the Defense Department released one document -- a study titled "Security with Privacy" which was prepared by the Information Sciences and Technologies Study Group (ISAT), a group of civilian and military researchers. The study recommends more DoD research on privacy, but does not address policy issues and states explicitly that it is "not a review of Total Information Awareness." The TIA program is developing data-mining tools that will sort through massive amounts of personal information, including financial, medical, communications, and travel records as well as new sources of information. Several members of Congress have already called for investigations of the program. EPIC's lawsuit against the Defense Department is available at: http://www.epic.org/privacy/profiling/tia/foia_complaint.pdf The ISAT study "Security with Privacy" is available at: http://www.epic.org/privacy/profiling/tia/isat_study.pdf Background information is available at EPIC's TIA page: http://www.epic.org/privacy/profiling/tia/ ======================================================================= [3] Court Asked to Reconsider Faxed Warrant Decision ======================================================================= EPIC has filed a response to a petition for reconsideration in the U.S. Court of Appeals for the Eighth Circuit, urging the court to reconsider a November ruling that service of a warrant on an ISP by fax complies with the "reasonableness" requirements of the Fourth Amendment. EPIC's latest filing argues that the November opinion "fails to distinguish between an officer's presence at the service of a warrant, and an officer's presence at the execution of that warrant." The case arose after Yahoo! was "served" with a search warrant by fax. The defendant had argued that the law enforcement practice of faxing the warrant to the Internet Service Provider (ISP) and having the ISP execute the warrant violated his Fourth Amendment rights. Although the district court agreed, the Eighth Circuit ruled in November that service of a warrant on an ISP by fax was "reasonable," without deciding the broader issue of whether an Internet user has a Fourth Amendment expectation of privacy in their e-mail. EPIC filed an amicus brief arguing that police officer presence is required during the service of a warrant on an ISP, because service of a search warrant by fax machine doesn't adequately safeguard Fourth Amendment guarantee of a "reasonable" search. EPIC's brief details the history of U.S. search and seizure law, which has mandated officer presence at the service of a warrant since the 1700s. The case was one of the first to address the issue of how the Fourth Amendment applies to the protection of stored e-mail and other files held by ISPs. The application of Fourth Amendment protection to privacy interests in digital environments raises important questions concerning the procedural service of a valid search warrant. EPIC participated as an amicus in this case to ensure that, as the legal system responds to advances in technology, the law continues to protect Fourth Amendment guarantees. EPIC's response to the petition for reconsideration urges the Eighth Circuit to affirm the district court's conclusion that "[t]he circumstances of this case, . . . do not justify [the officer's] choice to fax the warrant to Yahoo and allow Yahoo employees to conduct the search and seizure without any supervision or instruction." The filing concluded that "[a]lthough in limited circumstances, civilian searches may be more reasonable than searches by law enforcement officers, the justification for this exception does not extend to an abrogation of the requirement of an officer's presence at the service of the warrant." EPIC's response to the petition for rehearing is available at: http://www.epic.org/privacy/bach/rehearing_en_banc.pdf The Eighth Circuit's Opinion is available at: http://www.ca8.uscourts.gov/opndir/02/11/021238P.pdf For more information on the case, see EPIC's Bach Page: http://www.epic.org/privacy/bach/ Recordings of the oral arguments and other files are available through the Web site of the U.S. Court of Appeals for the 8th Circuit: http://www.ca8.uscourts.gov/tmp/021238.html ======================================================================= [4] ICANN Meets in Amsterdam, Adopts By-Law Changes ======================================================================= The Internet Corporation for Assigned Names and Numbers (ICANN) annual meeting took place in Amsterdam on December 14-15, 2002. In response to criticism that ICANN has moved too slowly in approving new generic Top-Level Domains (gTLDs), ICANN resolved to draft a Request for Proposals for a limited number of new sponsored gTLDs. The ICANN Board also adopted changes to its bylaws that include: - the formation of an interim At-Large Advisory Committee (ALAC) to become the permanent ALAC, serving to foster participation from the Internet community in ICANN's decision making process; - the termination of the Domain Name Supporting Organization (DNSO); - the formation of the new Generic Names Supporting Organization (GNSO) to make the work of policy development more efficient; - the termination of the Protocol Supporting Organization (PSO); - the formation of a Technical Liaison Group (TLG) to provide technical expertise on Internet standards setting; and - the appointment of liaisons from various advisory committees, including the Governmental Advisory Committee (GAC), to other Councils and Committees to augment communication among ICANN constituent groups. At the meeting, the WHOIS Task Force asked the Names Council to endorse its recommendations on the accuracy and marketing of WHOIS data. While the Names Council accepted the report, it requested that the report comments site be reopened. The comments site will remain open until January 30, 2003, after which the WHOIS Task Force will put forward another version of its policy recommendations, taking any additional comments into account. The Names Council will then vote on the recommendations on February 20, 2003. The Names Council also asked the WHOIS Task Force to plan to terminate. The Names Council hopes to establish a new Task Force, acknowledging the possibility of membership overlap. ICANN's preliminary meeting report: http://www.icann.org/minutes/prelim-report-15dec02.htm WHOIS Task Force report: http://www.epic.org/redirect/icann.html ======================================================================= [5] EPIC Files Comments on Canadian Surveillance Proposal ======================================================================= EPIC has submitted recommendations on the Canadian government's "Lawful Access Consultation Document" that would give police more power to monitor Canadians' private communications. In its recommendations, EPIC supports many of the country's civil liberties groups' concerns about the lack of justification and counter-balancing measures that would sufficiently protect the public interest and prevent misuse of the new powers. The Consultation Document proposes amendments to many Canadian statutes in preparation for the ratification of the Council of Europe's Convention on Cybercrime. The proposal would require all providers of Internet, wireline and wireless services to add surveillance capabilities to their networks in order for police and security agencies to monitor people's communications more easily. Further, new investigatory powers for law enforcement could be exercised under lower judicial standards than those applied under current criminal statutes to search warrants and intercepts. New mechanisms for providing centralized subscriber and service provider information to law enforcement would be established. The Consultation Document has met with strong opposition among several stakeholders in Canada. The telecommunications and ISP industries have raised issues regarding implementation and cost of compliance. Internet users and citizens have expressed their concerns about losing more privacy. Privacy watchdogs, provincial data protection authorities, and the civil society are criticizing the document for supporting an unjustified increase in the level of electronic surveillance, as well as noting the major impact the government proposal could have upon important constitutional values and rights, such as the right to online privacy and anonymity. EPIC's comments are available at: http://www.epic.org/privacy/intl/lawfulaccess_121602.pdf Canadian government's Consultation Document: http://www.canada.justice.gc.ca/en/cons/la_al/law_access.pdf Other submissions: http://www.lexinformatica.org/cybercrime/ Background information on the CoE Cyber-Crime Convention: http://www.treatywatch.org/ http://www.privacyinternational.org/issues/cybercrime/ ======================================================================= [6] New Report Finds Errors, Inconsistency in Credit Scores ======================================================================= Millions of Americans may pay more for their home loans and insurance, and may be denied other opportunities because of errors or inconsistencies in credit scores, according to a new report written by the Consumer Federation of America (CFA) and the National Credit Reporting Association (NCRA). Credit scores are used by many businesses to evaluate risk, set interest rates, and even to make hiring decisions. The scores range from a low of 400 to a high of 800 points. Credit scoring violates privacy principles because individuals do not have access to underlying algorithms or factors used to evaluate their credit history. Because of a loophole in the Fair Credit Reporting Act (FCRA), credit bureaus are not required to provide the score with credit reports. In the last year, however, credit bureaus have been selling scores to consumers who wish to monitor their credit for indications of identity theft or for errors. The CFA and NCRA analyzed 500,000 credit scores and more than 1,700 credit reports from all three major credit bureaus. The groups found that credit scores varied an average of 41 points. Individuals on the edge of the sub-prime lending market would be affected by this variance greatly. A home loan applicant improperly classified in the sub-prime market could receive a 9.8% interest rate rather than a 6.5% one, resulting in an enormous increase in interest payments over the life of a mortgage. The groups also found that certain items on the credit reports, such as entries regarding medical collections, could indicate that the consumer has a specific medical condition. Congress is likely to amend the FCRA in the next session, and possibly provide individuals with greater access to their credit scores and the system used to determine the scores. Credit Score Accuracy and Implications for Consumers (PDF document): http://www.epic.org/redirect/consumerfed.html EPIC Fair Credit Reporting Act Page: http://www.epic.org/privacy/fcra/ ======================================================================= [7] EPIC Publications ======================================================================= "The Privacy Law Sourcebook 2002: United States Law, International Law, and Recent Developments," Marc Rotenberg, editor (EPIC 2002). Price: $40. http://www.epic.org/bookstore/pls2002/ The "Physicians Desk Reference of the privacy world." An invaluable resource for students, attorneys, researchers and journalists who need an up-to-date collection of U.S. and International privacy law, as well as a comprehensive listing of privacy resources. ================================ "FOIA 2002: Litigation Under the Federal Open Government Laws," Harry Hammitt, David Sobel and Mark Zaid, editors (EPIC 2002). Price: $40. http://www.epic.org/bookstore/foia2002/ This is the standard reference work covering all aspects of the Freedom of Information Act, the Privacy Act, the Government in the Sunshine Act, and the Federal Advisory Committee Act. The 21st edition fully updates the manual that lawyers, journalists and researchers have relied on for more than 25 years. For those who litigate open government cases (or need to learn how to litigate them), this is an essential reference manual. ================================ "Privacy & Human Rights 2002: An International Survey of Privacy Laws and Developments" (EPIC 2002). Price: $25. http://www.epic.org/bookstore/phr2002/ This survey, by EPIC and Privacy International, reviews the state of privacy in over fifty countries around the world. The survey examines a wide range of privacy issues including data protection, telephone tapping, genetic databases, video surveillance, location tracking, ID systems and freedom of information laws. ================================ "Filters and Freedom 2.0: Free Speech Perspectives on Internet Content Controls" (EPIC 2001). Price: $20. http://www.epic.org/bookstore/filters2.0/ A collection of essays, studies, and critiques of Internet content filtering. These papers are instrumental in explaining why filtering threatens free expression. ================================ "The Consumer Law Sourcebook 2000: Electronic Commerce and the Global Economy," Sarah Andrews, editor (EPIC 2000). Price: $40. http://www.epic.org/cls/ The Consumer Law Sourcebook provides a basic set of materials for consumers, policy makers, practitioners and researchers who are interested in the emerging field of electronic commerce. The focus is on framework legislation that articulates basic rights for consumers and the basic responsibilities for businesses in the online economy. ================================ "Cryptography and Liberty 2000: An International Survey of Encryption Policy," Wayne Madsen and David Banisar, authors (EPIC 2000). Price: $20. http://www.epic.org/crypto&/ EPIC's third survey of encryption policies around the world. The results indicate that the efforts to reduce export controls on strong encryption products have largely succeeded, although several governments are gaining new powers to combat the perceived threats of encryption to law enforcement. ================================ EPIC publications and other books on privacy, open government, free expression, crypto and governance can be ordered at: EPIC Bookstore http://www.epic.org/bookstore/ "EPIC Bookshelf" at Powell's Books http://www.powells.com/features/epic/epic.html ======================================================================= [8] Upcoming Conferences and Events ======================================================================= ** The Public Voice in the Digital Economy. January 14, 2002. Honolulu, HI. The Electronic Privacy Information Center (EPIC) will host a free public symposium in conjunction with the OECD-APEC Global Forum and the WSIS Prep Meeting. For more information: http://www.thepublicvoice.org/events/honolulu03/ ** ======================================================================= World Sousveillance/Subjectrights Day (WSD). December 24, 2002. For more information: http://www.wearcam.org/wsd.htm Government Convention on Emerging Technologies. Defending America Together: The New Era. Government Emerging Technology Alliance (GETA). January 8-10, 2003. Las Vegas, NV. For more information: http://federalevents.com/govcon/ O'Reilly Bioinformatics Technology Conference. February 3-6, 2003. San Diego, CA. For more information: http://conferences.oreilly.com/macosxcon/ Politics of Code: Shaping the Future of the Next Internet. Oxford University Programme in Comparative Media Law and Policy. February 6, 2003. Oxford, England. For more information: http://pcmlp.socleg.ox.ac.uk/code/ Third Annual Privacy & Data Security Summit: Implementing & Managing Privacy in a Complex Environment. International Association of Privacy Professionals. February 26-28, 2003. Washington, DC. For more information: http://www.privacyassociation.org/html/conferences.html Spectrum Policy: Property or Commons? Stanford Law School Center for Internet and Society. March 1, 2003. For more information: http://cyberlaw.stanford.edu/spectrum/ P&AB's Privacy Practitioners' Workshop and Ninth Annual National Conference. Privacy & American Business. March 12-14, 2002. Washington, DC. For more information: http://www.pandab.org/postcard.pdf CFP2003: 13th Annual Conference on Computers, Freedom, and Privacy. Association for Computing Machinery (ACM). April 1-4, 2003. New York, NY. For more information: http://www.cfp2003.org/ 28th Annual AAAS Colloquium on Science and Technology Policy. American Association for the Advancement of Science. April 10-11, 2003. Washington, DC. For more information: http://www.aaas.org/spp/rd/colloqu.htm O'Reilly Emerging Technology Conference. April 22-25, 2003. Santa Clara, CA. For more information: http://conferences.oreilly.com/etcon/ O'Reilly Open Source Convention. July 7-11, 2003. Portland, OR. For more information: http://conferences.oreilly.com/oscon/ ======================================================================= Subscription Information ======================================================================= Subscribe/unsubscribe via Web interface: http://mailman.epic.org/cgi-bin/mailman/listinfo/epic_news Subscribe/unsubscribe via e-mail: To: epic_news-request@mailman.epic.org Subject line: "subscribe" or "unsubscribe" (no quotes) Help with subscribing/unsubscribing: To: epic_news-request@mailman.epic.org Subject: "help" (no quotes) Back issues are available at: http://www.epic.org/alert/ The EPIC Alert displays best in a fixed-width font, such as Courier. ======================================================================= Privacy Policy ======================================================================= The EPIC Alert mailing list is used only to mail the EPIC Alert and to send notices about EPIC activities. We do not sell, rent or share our mailing list. We also intend to challenge any subpoena or other legal process seeking access to our mailing list. We do not enhance (link to other databases) our mailing list or require your actual name. In the event you wish to subscribe or unsubscribe your e-mail address from this list, please follow the above instructions under "subscription information". Please contact info@epic.org if you would like to change your subscription e-mail address, if you are experiencing subscription/unsubscription problems, or if you have any other questions. ======================================================================= About EPIC ======================================================================= The Electronic Privacy Information Center is a public interest research center in Washington, DC. It was established in 1994 to focus public attention on emerging privacy issues such as the Clipper Chip, the Digital Telephony proposal, national ID cards, medical record privacy, and the collection and sale of personal information. EPIC publishes the EPIC Alert, pursues Freedom of Information Act litigation, and conducts policy research. For more information, e-mail info@epic.org, http://www.epic.org or write EPIC, 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009. +1 202 483 1140 (tel), +1 202 483 1248 (fax). If you'd like to support the work of the Electronic Privacy Information Center, contributions are welcome and fully tax-deductible. Checks should be made out to "EPIC" and sent to 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009. Or you can contribute online at: http://www.epic.org/donate/ ======================================================================= Drink coffee, support civil liberties, get a tax deduction, and learn Latin at the same time! Receive a free epic.org "sed quis custodiet ipsos custodes?" coffee mug with donation of $75 or more. ======================================================================= Your contributions will help support Freedom of Information Act and First Amendment litigation, strong and effective advocacy for the right of privacy and efforts to oppose government regulation of encryption and expanding wiretapping powers. Thank you for your support. ---------------------- END EPIC Alert 9.25 ----------------------- .