=============================================================== @@@@ @@@@ @@@ @@@@ @ @ @@@@ @@@@ @@@@@ @ @ @ @ @ @ @ @ @ @ @ @ @@@@ @@@ @ @ @@@@@ @ @@@ @@@ @ @ @ @ @ @ @ @ @ @ @ @ @@@@ @ @@@ @@@@ @ @ @@@@ @@@@ @ @ @ ============================================================== Volume 5.15 October 28, 1998 -------------------------------------------------------------- Published by the Electronic Privacy Information Center (EPIC) Washington, D.C. http://www.epic.org ======================================================================= Table of Contents =======================================================================  Lawsuit Filed Against New Censorship Law  European Privacy Law Goes Forward  FCC Gives Tentative Approval to FBI Wiretap Standards  EPIC Releases New Report on Endangered Civil Liberties  10th GVU WWW Survey Underway  Report on NSA's Echelon Network Goes to Congress  New at the EPIC Bookstore  Upcoming Conferences and Events =======================================================================  Lawsuit Filed Against New Censorship Law ======================================================================= EPIC has joined other online civil liberties groups in a court challenge to the new federal Internet censorship bill signed by President Clinton as part of the omnibus budget package. The lawsuit, filed in Philadelphia on October 22, asserts that the "Child Online Protection Act" will violate both the free speech and privacy rights of Internet users. The case is being litigated by EPIC, the American Civil Liberties Union and the Electronic Frontier Foundation. Demonstrating the range of speech affected, the list of plaintiffs includes the Internet Content Coalition, a member group including Time Inc., Warner Bros., C/NET and The New York Times Online; OBGYN.Net, a women's health website; Philadelphia Gay News; and Salon Magazine. In February 1996, EPIC, ACLU and EFF filed a challenge to the ill-fated Communications Decency Act. A three-judge federal panel in Philadelphia struck down the law in June 1996, a ruling that was upheld by a unanimous Supreme Court one year later. The "Child Online Protection Act" makes it a federal crime to "knowingly" communicate "for commercial purposes" material considered "harmful to minors." Penalties include fines of up to $50,000 for each day of violation, and up to six months in prison if convicted of a crime. The government also has the option of bringing a civil suit against individuals under a lower standard of proof, with the same financial penalty of up to $50,000 per violation. Compliance with the Act would require websites to obtain identification and age verification from visitors, a feature of the law that threatens online privacy and anonymity. In a seven-page analysis of the bill sent to Congress on October 5, the Justice Department said that the bill had "serious constitutional problems" and would likely draw resources away from more important law enforcement efforts such as tracking down hard-core child pornographers and child predators. The Justice Department also noted that the new law is ineffective because minors would still be able to access news groups or Internet relay chat channels, as well as any website generated from outside of the United States. The text of the complaint is available at: http://www.epic.org/free_speech/copa/complaint.html =======================================================================  European Privacy Law Goes Forward ======================================================================= The European Union Data Directive goes into force this week. The new law provides basic privacy rights for consumers and should encourage the development of privacy enhancing technologies. The data directive grew out of specific circumstances related to the integration of the European economies and the need to harmonize national privacy laws. It also reflects a widely held belief that privacy is a fundamental human right, entitled to full protection in law. Under the EU rules, European citizens have a right to: See any information about them and know how the information will be used; access the information and make corrections; be notified before the information is sold or shared elsewhere and choose who else can have access to the information; and sue if a company is in violation of these conditions. The EU Data Directive has been endorsed strongly by BEUC, the leading European Consumers Organization. In a letter this month to European Commission Member Mario Monti, BEUC Director Jim Murray wrote, "Our concern is with the personal data of European consumers which may be exported to the U.S. European consumers must not lose their specific protections when that data is exported. If the U.S. cannot give effective guarantees on this point, personal data should not be exported from the EU to the U.S." Other countries are following Europe's lead. Canada is the most recent of several governments that have announced plans to adopt comprehensive privacy legislation to promote consumer confidence and encourage the development of new commercial services. The EU Data Directive has also been cited several times as contributing to the decision of EU member countries not to endorse the U.S.-promoted key escrow/key recovery encryption scheme. Simon Davies, Director of Privacy International, has indicated that PI will begin enforcement actions against firms that fail to comply with the requirements of the EU Directive as early as this year. Louise Sylvan, Vice President of Consumer International, has said that the international consumer organization will begin an evaluation this year of the adequacy of consumer privacy protection around the globe. In the United States opinion polls show public support for new privacy legislation. The following resources are available online: European Union Directive http://www.privacy.org/pi/intl_orgs/ec/eudp.html Privacy International http://www.privacy.org/pi/ Consumers International http://www.consumersinternational.org/ EPIC Congressional Testimony on the EU Data Directive and Privacy http://www.epic.org/privacy/intl/rotenberg-eu-testimony-598.html =======================================================================  FCC Gives Tentative Approval to FBI Wiretap Standards ======================================================================= In a statement released on October 22, the Federal Communications Commission expressed its tentative approval of FBI-proposed technical requirements that would enable law enforcement to determine the location of individuals using cellular telephones. The Commission tentatively approved some other capabilities requested by the Bureau, rejected several, and deferred decisions on other issues, including surveillance of Internet "packet" communications. The initial decision came in a proceeding under the controversial Communications Assistance to Law Enforcement Act (CALEA). EPIC previously filed formal comments with the FCC urging the protection of communications privacy. In its "Further Notice of Proposed Rulemaking," the FCC proposes to adopt the "uncontested" elements of an interim technical standard for CALEA compliance developed by the FBI and the telecommunications industry. Despite the Commission's characterization, EPIC and other parties had urged the rejection of the interim standard. With respect to nine capabilities the Bureau and industry were unable to agree on, the FCC tentatively endorsed five, rejected three and expressed no opinion on one. "Location information" -- the ability to determine the physical location of a cellular phone user -- was the most controversial issue before the Commission and is likely to receive the most attention in further proceedings. The FCC action of October 22 is not final. The Commission emphasized that while the [Notice] proposes only initial threshold judgments on each of the above issues, the Commission in this proceeding -- as directed by Congress -- will also take into account five factors that must be considered under [CALEA]. Those factors are: (1) meeting the assistance capability requirements of section 103 by cost-effective methods; (2) protecting the privacy and security of communications not authorized to be intercepted; (3) minimizing the cost of CALEA compliance on residential ratepayers; (4) serving the policy of the United States to encourage the provision of new technologies and services to the public; and (5) providing a reasonable time and conditions for CALEA compliance. Additional information on CALEA is available at: http://www.epic.org/privacy/wiretap/ =======================================================================  EPIC Releases New Report on Endangered Civil Liberties ======================================================================= On October 26, EPIC released a new report -- "Critical Infrastructure Protection and the Endangerment of Civil Liberties." The report finds that several Administration recommendations and proposals -- including two Presidential Decision Directives (62 and 63) -- may severely impact the privacy and civil liberties of Americans. Notably, the report calls into question the increased national policing powers of the FBI and the Defense Department in monitoring potential attacks on the nation's critical infrastructure, including the Internet. These activities are being facilitated by several new federal agencies with significant powers to conduct monitoring of network activity, including the FBI's National Infrastructure Threat Center, the White House's Critical Infrastructure Assurance Office (CIAO), and the President's National Coordinator for Security, Infrastructure Protection, and Counter-Terrorism. Several proposals contained in last year's report by the President's Commission on Critical Infrastructure Protection (the "Marsh Report") could significantly weaken such important legislation as the Privacy Act of 1974, the Electronic Communications Privacy Act, the Computer Security Act, Posse Comitatus, the Freedom of Information Act, the Employee Polygraph Protection Act, the Federal Advisory Committee Act, and various state privacy and freedom of information laws. The EPIC report was released at a press briefing at the National Press Club. Proposals to virtually "deputize" private sector information system and network security personnel by requiring them to be subjected to polygraph examinations were criticized as "absurd" by noted computer security expert Bill Murray, who spoke as a panelist on behalf of the International Information System Security Certification Consortium (ISC2), Resource materials on critical infrastructure protection, including the EPIC report (in PDF format), are available at: http://www.epic.org/security/infowar/resources.html =======================================================================  10th GVU WWW Survey Underway ======================================================================= The Graphics, Visualization & Usability Center, an academic research center affiliated with Georgia Tech's College of Computing, is now conducting the 10th WWW Survey. The survey will focus on web and Internet usage habits; consumer preferences and behaviors; consumer online privacy; attitudes and opinions on social issues and electronic commerce; webmastering and more. Web users are encouraged to visit the survey site and answer a series of questions. Privacy and anonymity will be protected. The survey runs from October 10 to November 10, 1998. Results should be available around January 25, 1999. The GVU would also like you to know that "numerous $100 (US) cash prizes will be awarded to randomly selected respondents (you have a much better chance of winning than the lottery)." The 10th GVU WWW Survey: http://www-survey.cc.gatech.edu/ For more information about public attitudes toward privacy, visit the EPIC Privacy Surveys Archive at: http://www.epic.org/privacy/survey/ =======================================================================  Report on NSA's Echelon Network Goes to Congress ======================================================================= A new report on the National Security Agency's top-secret spying network will soon be sent to members of Congress. The report -- "Echelon: America's Spy in the Sky" was produced by the Free Congress Foundation and details the history and workings of the NSA's global electronic surveillance system. The system is reportedly capable of intercepting, recording and translating any electronic communication sent anywhere in the world. The surveillance system has recently been the focus of controversy. The European Parliament will commission a full report into the workings of Echelon. The parliamentary report is expected to focus on concerns that the system has been expanded and is being directed at the communications of European companies and elected officials. The Free Congress Foundation is urging the U.S. Congress to examine Echelon as carefully as the European Parliament has. The NSA refuses to confirm nor deny Echelon's existence, but investigative journalists and civil liberties activists have uncovered a number of the system's details in recent years. The new report on Echelon is available at: http://www.freecongress.org/ctp/echelon.html =======================================================================  New at the EPIC Bookstore ======================================================================= New and Available from the EPIC bookstore: EPIC's latest publication, "Critical Infrastructure Protection and the Endangerment of Civil Liberties." This report, authored by EPIC Senior Fellow Wayne Madsen, an expert in intelligence community issues, was released October 26 at the National Press Club. The EPIC report responds to earlier recommendations of the President's Commission on Critical Infrastructure Protection (PCCIP) that would extend government investigative authority and secrecy while limiting privacy rights. The report warns that efforts to protect the nation's critical infrastructures could result in sweeping new limitations on personal privacy and government accountability. Hard copies of the 54 page report are available for $10 plus $3 shipping and handling. To order, send a check or money order along with your delivery address to: EPIC Publications, 666 Pennsylvania Avenue S.E., Suite 301, Washington, D.C. 20003. For many other great titles on privacy, free speech and encryption, visit the EPIC Bookstore at: http://www.epic.org/bookstore/ =======================================================================  Upcoming Conferences and Events ======================================================================= Encryption Controls Workshop. Bedford, MA. October 29. Sponsored by U.S. Department of Commerce. Contact: (202) 482-6031. "Protecting Personal Privacy on the Internet: Risks, Laws, and 'Self-Regulation.'" Washington, DC. November 4. Communication, Culture and Technology Program, Georgetown University. Speakers include David Sobel of EPIC. Contact: http://cct.georgetown.edu/events/lectures.html PDC 98 - the Participatory Design Conference, "Broadening Participation." November 12-14. Seattle, WA. Sponsored by Computer Professionals for Social Responsibility in cooperation with ACM and CSCW 98. Contact: http://www.cpsr.org/conferences/pdc98 Data Privacy in the Global Age. November 13. Milwaukee, WI. Sponsored by ACLU of Wisconsin Data Privacy Project. Contact: Carole Doeppers <firstname.lastname@example.org>. Computer Ethics. Philosophical Enquiry 98 (CEPE'98). December 14-15. London, UK. Sponsored by ACMSIGCAS and London School of Economics. http://is.lse.ac.uk/lucas/cepe98.htm 1999 RSA Data Security Conference. January 18-21, 1999. San Jose, CA. Sponsored by RSA. Contact: http://www.rsa.com/conf99/ FC '99 Third Annual Conference on Financial Cryptography. February 22-25, 1999 Anguilla, B.W.I. Contact: http://fc99.ai. Computers, Freedom and Privacy (CFP) '99. April 6-8, 1999. Washington, DC. Sponsored by ACM. Contact: email@example.com. 1999 EPIC Cryptography and Privacy Conference. June 7, 1999. Washington, DC. Sponsored by EPIC. Contact: firstname.lastname@example.org. ======================================================================= Subscription Information ======================================================================= The EPIC Alert is a free biweekly publication of the Electronic Privacy Information Center. To subscribe or unsubscribe, send email to email@example.com with the subject: "subscribe" (no quotes) or "unsubscribe". A Web-based form is available at: http://www.epic.org/alert/subscribe.html Back issues are available at: http://www.epic.org/alert/ ======================================================================= About EPIC ======================================================================= The Electronic Privacy Information Center is a public interest research center in Washington, DC. It was established in 1994 to focus public attention on emerging privacy issues such as the Clipper Chip, the Digital Telephony proposal, national ID cards, medical record privacy, and the collection and sale of personal information. EPIC is sponsored by the Fund for Constitutional Government, a non-profit organization established in 1974 to protect civil liberties and constitutional rights. EPIC publishes the EPIC Alert, pursues Freedom of Information Act litigation, and conducts policy research. For more information, e-mail firstname.lastname@example.org, http://www.epic.org or write EPIC, 666 Pennsylvania Ave., SE, Suite 301, Washington, DC 20003. +1 202 544 9240 (tel), +1 202 547 5482 (fax). If you'd like to support the work of the Electronic Privacy Information Center, contributions are welcome and fully tax- deductible. Checks should be made out to "The Fund for Constitutional Government" and sent to EPIC, 666 Pennsylvania Ave., SE, Suite 301, Washington DC 20003. Individuals with First Virtual accounts can donate at http://www.epic.org/epic/support.html Your contributions will help support Freedom of Information Act and First Amendment litigation, strong and effective advocacy for the right of privacy and efforts to oppose government regulation of encryption and funding of the digital wiretap law. Thank you for your support. ---------------------- END EPIC Alert 5.15 ----------------------- .
Alert Home Page | EPIC Home Page