EPIC logo

       @@@@  @@@@  @@@  @@@@      @    @     @@@@  @@@@  @@@@@
       @     @  @   @   @        @ @   @     @     @  @    @
       @@@@  @@@    @   @       @@@@@  @     @@@   @@@     @
       @     @      @   @       @   @  @     @     @  @    @
       @@@@  @     @@@  @@@@    @   @  @@@@  @@@@  @   @   @
   Volume 8.03                                  February 14, 2001
                            Published by the
              Electronic Privacy Information Center (EPIC)
                            Washington, D.C.
Table of Contents
[1] The Privacy Coalition Launches New Initiative
[2] DCS1000: The Device Formerly Known as Carnivore
[3] EPIC Launches Public Interest Law Program
[4] Medical Industry Seeks Roll-Back of Privacy Regulations
[5] FTC Hosts Discussion on Cross-Border Legal Disputes
[6] EPIC Bill-Track: New Bills in Congress
[7] EPIC Bookstore - Why Things Bite Back
[8] Upcoming Conferences and Events
[1] The Privacy Coalition Launches New Initiative
At a press conference at the National Press Club on February 12, The
Privacy Coalition, a nonpartisan group of consumer, civil liberties,
educational, library, labor, and family-based groups, launched its
first initiative.  The group presented "The Privacy Pledge" as the
standard for future protection of privacy.
Public interest organizations representing a wide spectrum of
constituencies support the Privacy Pledge including: the American
Association of Law Libraries, American Library Association, American
Civil Liberties Union (ACLU), Center for Media Education, Computer
Professionals for Social Responsibility, Consumer Action, Consumer
Federation of America, Consumer Project on Technology, Consumers
Union, Eagle Forum, Electronic Privacy Information Center (EPIC), Free
Congress Foundation, Home School Legal Defense Association, Institute
for Global Communication, International Union, United Automobile,
Aerospace and Agricultural Implement Workers of America (UAW),
Junkbusters, Media Access Project, National Consumers League,
NetAction, Privacy Foundation, Privacy Journal, Privacy International,
Privacy Rights Clearinghouse, Privacy Times, Traditional Values
Coalition, and U.S. Public Interest Research Group (PIRG).
The Privacy Pledge addresses the future, necessary steps to protect
privacy.  The pledge advocates the adoption of a legal framework based
on full Fair Information Practices, including the rights to access
one's own information held by others, to limit the use of the
information, and to obtain redress when information is improperly
used, as well as notice, consent, and security; independent
enforcement and oversight; the promotion of genuine Privacy Enhancing
Technologies; legal restrictions on surveillance technologies; and a
foundation of federal privacy safeguards that allow the private sector
and states to implement supplementary protections as needed.
The Privacy Coalition invites state and federal legislators to sign
the pledge and thus protect one of the most important values of the
information age.
The Privacy Pledge can be found at:
The press release announcing the formation of The Privacy Coalition,
as well as the pledge presented on February 12:
[2] DCS1000: The Device Formerly Known as Carnivore
In an apparent effort to minimize the damage from one of its biggest
recent public relations blunders, the Federal Bureau of Investigation
has given the Carnivore Internet surveillance system a new name.  From
now on, the FBI will refer to the controversial device as "DCS1000."
Despite some reports indicating that the name is an acronym for "data
collection system," a Bureau spokesperson told Reuters that it
"doesn't stand for anything."
The new name is reportedly just the first step in an anticipated
make-over for Carnivore, which monitors large volumes of traffic
passing through the facilities of an Internet service provider and,
according to the FBI, captures only those data packets that the Bureau
has legal authorization to collect.  The Justice Department is soon
expected to present the results of an internal review of Carnivore,
along with recommended changes, to Attorney General John Ashcroft.
That internal report was originally scheduled to be presented to
former Attorney General Janet Reno in December; the Department has
issued no public explanation for the delay.
The re-naming is not the only damage control attempted by the Bureau
in recent weeks.  In a letter dated January 23, FBI Laboratory
Director Donald Kerr responded to questions about Carnivore raised by
Senators Orrin Hatch (R-UT) and Patrick Leahy (D-VT).  The leaders of
the Senate Judiciary Committee, citing language contained in internal
FBI documents released to EPIC, had asked the Bureau to explain the
results of a test showing that Carnivore "could reliably capture and
archive all unfiltered traffic" transmitted through an Internet
service provider and store the communications on a hard drive or
removable disks (see EPIC Alert 7.21).  Kerr responded that:
     Theoretically if Carnivore were to be installed and
     configured so as to attempt to intercept and archive "all"
     traffic in a *very small* ISP . . . , Carnivore might
     conceivably be able to reliably capture and archive the
     traffic packets.  However, it could not do so as to an ISP
     of any true size.
The FBI recently completed its processing of EPIC's Freedom of
Information Act request for Carnivore material, withholding a
significant amount of information.  EPIC's FOIA lawsuit is continuing,
and the court will consider the propriety of the Bureau's withholding
decisions over the next few months.
A scanned image of the January 23 FBI letter to Sens. Hatch and Leahy
is available at:
[3] EPIC Launches Public Interest Law Program
On February 8, EPIC launched the Internet Public Interest
Opportunities Program (IPIOP) which will serve law students from
across the country interested in public interest law and the Internet.
The program is made possible by a generous grant provided by Professor
Pam Samuelson and Dr. Robert Glushko.  The IPIOP will draw on EPIC's
past experience in many of the Internet's most significant policy and
legal issues such as litigation of the Communications Decency Act and
the Child Online Protection Act, campaigns against the Clipper Chip
and for free export of encryption products, advocacy for greater
protection of consumer privacy, as well as continued use of the
Freedom of Information Act.
"EPIC has done a wonderful job as a leading voice for the public on
these new challenges and has provided a great learning experience for
students interested in cyber law," said Professor Samuelson, a Boalt
Hall professor and a world-renowned expert on cyberlaw and
intellectual property.
The EPIC Internet Public Interest Opportunities Program will work in
conjunction with the newly established Samuelson Law, Technology and
Public Policy Clinic at the University of California at Berkeley,
Boalt School of Law, as well as other similar centers around the
country.  The Samuelson Clinic is the first law school program in the
country to focus on technology and the public interest.
For more details, see the press release announcing the establishment
of the EPIC Internet Public Interest Opportunities Program:
For more information about the Samuelson Law, Technology and Public
Policy Clinic:
[4] Medical Industry Seeks Roll-Back of Privacy Regulations
As reported by the New York Times on February 12, health care
lobbyists have pressured the Bush administration to weaken, delay, or
even withdraw the implementation of recently promulgated regulations
designed to protect patients' privacy.  The regulations require health
care providers to gain written consent from patients before using or
disclosing their medical records.  Also, patients have the right to
inspect their records and suggest corrections where inaccurate
information is held.  The regulations carry civil and criminal
penalties for violations.
Industry lobbyists argue that the regulations impose burdensome
requirements, including the re-training of employees, the purchase of
new systems designed to comply with the privacy protections, and the
hiring of privacy officers charged with the duty of ensuring
compliance.  Supporters of the new regulations have stated that
providing an adequate level of privacy protection will encourage
patients to be more forthcoming about their conditions and thus
facilitate medical treatment and research.
Privacy advocates, while supporting the adoption of federal standards
for the protection of medical privacy, have pointed to areas in which
the regulations could be improved.  Under the new rules, marketers can
target advertising to patients based on their afflictions.  Patients
must "opt-out" from this marketing.  In addition, the regulations
allow law enforcement officials to gain access to patients' medical
records without judicial review.
Senator Patrick Leahy (D-VT) has announced that his staff is drafting
a bill to address the marketing loophole exposed by privacy advocates.
Leahy's bill would give patients a private right of action where
medical information is sold by third parties.  The bill would also
require patients' consent before marketers could use their records for
The regulations are available online at:
[5] FTC Hosts Discussion on Cross-Border Legal Disputes
On February 6, the Federal Trade Commission (FTC) held a roundtable
discussion on alternative dispute resolution (ADR) and the future
Hague Treaty on Jurisdiction and Enforcement of Foreign Judgments.
Panelists included academics, business representative, civil liberties
groups, consumer advocates, government officials and trial lawyers.
The morning session focused on developing principles for online
dispute resolution for small value consumer contracts.  Overall
consensus was reached on the need for effective, inexpensive, fair and
accessible ADR services with some kind of oversight mechanism for
consumers.  There was strong disagreement, however, with proposals
from business groups that ADR should be mandatory and binding on
consumers.  Consumer groups and trial lawyers stated out that this
could deny a consumer's right to access the courts, prohibit class
action lawsuits, and discourage trust and confidence in the
marketplace.  They also pointed out that there are certain cases where
ADR is clearly not appropriate, for instance in some privacy cases,
where injunctive or other judicial relief would be needed.
The afternoon session was more contentious.  The discussion focused on
the future Hague Convention on Jurisdiction and Enforcement of Foreign
Judgments which is being negotiated by the Hague Conference on Private
International Law.  This convention will potentially affect all civil
and commercial cross-border lawsuits, including consumer, privacy,
intellectual property and free-speech disputes.  It will harmonize
rules of jurisdiction for cross border disputes and allow judgment
holders in one country to have their judgments enforced in the country
where the defendant is based.  The main source of controversy between
business and consumer groups was Article 7 of the October 1999 Draft
Treaty, which would prohibit businesses from including "choice of
court" clauses in consumer contracts and give consumers the right to
sue in their home courts.  Concerns were also raised by consumer and
civil liberties groups regarding intellectual property and free speech
issues.  They argued that unless claims involving, for example, breach
of copyright, defamation or trade secrets are specifically excluded
from the Treaty, individuals in one country may be sued by
"rights-holders" in other countries with far more restrictive laws on
these issues.  Discussions on this Convention are ongoing.  The next
meeting of the Hague Conference will be held in Ottawa from February
26 to March 2.
For details of the FTC's February 6 roundtable meeting visit:
For the October 1999 Draft Convention and other relevant documents,
see the Consumer Project on Technology's page on the Hague Treaty:
See also the Trans Atlantic Consumer Dialogue (TACD) resolution on
Alternative Dispute Resolution at:
[6] EPIC Bill-Track: New Bills in Congress
H.R.260 Wireless Privacy Protection Act of 2001, To require customer
consent to the provision of wireless call location information.
Sponsor: Rep Frelinghuysen, Rodney P (R-NJ). Latest Major Action:
1/30/2001 Referred to House committee: House Energy and Commerce.
H.R.347 Consumer Online Privacy and Disclosure Act, To require the
Federal Trade Commission to prescribe regulations to protect the
privacy of personal information collected from and about individuals
on the Internet, to provide greater individual control over the
collection and use of that information, and for other purposes.
Sponsor: Rep Green, Gene (D-TX), Latest Major Action: 1/31/2001
Referred to House committee: House Energy and Commerce.
H.R.583 Privacy Commission Act, to establish the Commission for the
Comprehensive Study of Privacy Protection. Sponsor: Rep Hutchinson,
Asa (R-AR). Latest Major Action: 2/13/2001 Referred to House
committee: House Government Reform.
S.197 Spyware Control and Privacy Protection Act of 2001, a bill to
provide for the disclosure of the collection of information through
computer software, and for other purposes. Sponsor: Sen Edwards, John
(D-NC). Latest Major Action: 1/29/2001 Referred to Senate committee:
Senate Commerce, Science, and Transportation
S.201 Federal Employee Protection Act of 2001, a bill to require that
Federal agencies be accountable for violations of antidiscrimination
and whistleblower protection laws, and for other purposes. Sponsor:
Sen Warner, John W. (R-VA) Latest Major Action: 1/29/2001 Referred to
Senate committee: Senate Governmental Affairs.
S.290 The Student Privacy Protection Act, a bill to increase parental
involvement and protect student privacy. Sponsor: Sen Dodd,
Christopher J. (D-CT) Latest Major Action: 2/8/2001 Referred to Senate
committee: Senate Health, Education, Labor, and Pensions
EPIC Bill Track: Tracking Privacy, Speech, and Cyber-Liberties Bills
in the 107th Congress, is available at:
[7] EPIC Bookstore - Why Things Bite Back
Why Things Bite Back: Technology and the Revenge of Unintended
Consequences, by Edward Tenner
In this perceptive and provocative look at everything from computer
software that requires faster processors and more support staff to
antibiotics that breed resistant strains of bacteria, Edward Tenner
offers a virtual encyclopedia of what he calls "revenge effects" --
the unintended consequences of the mechanical, chemical, biological,
and medical forms of ingenuity that have been hallmarks of the
progressive, improvement-obsessed modern age.  Tenner shows why our
confidence in technological solutions may be misplaced, and explores
ways in which we can better survive in a world where despite
technology's advances -- and often because of them -- "reality is
always gaining on us."  For anyone hoping to understand the ways in
which society and technology interact, Why Things Bite Back is
indispensable reading.
For other books recommended by EPIC, browse the EPIC Bookshelf at:
EPIC Publications:
"The Consumer Law Sourcebook 2000: Electronic Commerce and the Global
Economy," Sarah Andrews, editor (EPIC 2000). Price: $40.
The Consumer Law Sourcebook provides a basic set of materials for
consumers, policy makers, practitioners and researchers who are
interested in the emerging field of electronic commerce.  The focus is
on framework legislation that articulates basic rights for consumers
and the basic responsibilities for businesses in the online economy.
"Privacy & Human Rights 2000: An International Survey of Privacy Laws
and Developments," David Banisar, author (EPIC 2000).
Price: $20. http://www.epic.org/phr/
This survey, by EPIC and Privacy International, reviews the state of
privacy in over fifty countries around the world.  The survey examines
a wide range of privacy issues including, data protection, telephone
tapping, genetic databases, ID systems and freedom of information
"The Privacy Law Sourcebook 2000: United States Law, International
Law, and Recent Developments," Marc Rotenberg, editor (EPIC 2000).
Price: $40. http://www.epic.org/pls/
The "Physicians Desk Reference of the privacy world." An invaluable
resource for students, attorneys, researchers and journalists who need
an up-to-date collection of U.S. and International privacy law, as
well as a comprehensive listing of privacy resources.
"Cryptography and Liberty 2000: An International Survey of Encryption
Policy," Wayne Madsen and David Banisar, authors (EPIC 2000).
Price: $20. http://www.epic.org/crypto&/
EPIC's third survey of encryption policies around the world. The
results indicate that the efforts to reduce export controls on strong
encryption products have largely succeeded, although several
governments are gaining new powers to combat the perceived threats of
encryption to law enforcement.
"Filters and Freedom: Free Speech Perspectives on Internet Content
Controls," David Sobel, editor (EPIC 1999). Price: $20.
A collection of essays, studies, and critiques of Internet content
filtering.  These papers are instrumental in explaining why filtering
threatens free expression.
Additional titles on privacy, open government, free expression,
computer security, and crypto, as well as films and DVDs can be
ordered through the EPIC Bookstore: http://www.epic.org/bookstore/
[8] Upcoming Conferences and Events
Privacy and Technologies of Information: The Problem of Privacy
in Public. University of Maryland, School of Public Affairs.
February 15, 2001. College Park, MD. For more information:
Nominations - February 16, 2001. MIT Sloan eBusiness Awards:
Recognizing Successful Innovation in eBusiness. For more information:
Privacy in the New Environments: What the Personal Information
Protection and Electronic Documents Act Means to Your Organization.
Riley Information Services. February 19, 2001. Ottawa, Canada. For
more information: http://www.rileyis.com/seminars/
The Second National HIPAA Summit: The Leading Forum on Healthcare
Privacy, Confidentiality, Data Security and HIPAA Compliance. March
1-2, 2001. Washington, DC. For more information:
CFP 2001: the Eleventh Conference on Computers, Freedom and Privacy.
March 6-9, 2001. Cambridge, MA. For more information:
Consumer Assembly 2001: New Issues in a New Political and Economic
Era. Consumer Federation of America. March 8-9, 2001. Washington, DC.
For more information: http://www.consumerfed.org/events.html
Freedom of Expression: New and Existing Challenges. Organization for
Security and Co-operation in Europe, Office for Democratic
Institutions and Human Rights. March 12-13, 2001. Vienna, Austria.
For more information: http://www.osce.org/odihr/meetings.htm
The Information Marketplace: Merging and Exchanging Consumer Data.
Federal Trade Commission. March 13, 2001. Washington, DC. For more
information: http://www.ftc.gov/bcp/workshops/infomktplace/
EUROSEC 2001: Forum sur la Sécurité des Systèmes d'Information. XP
Conseil. March 13-15, 2001. Paris, France. For more information:
Online, Offshore and Cross-Border: Regulating Global E-Commerce.
Washington College of Law, American University. March 30, 2001.
Washington, DC. For more information: http://www.wcl.american.edu
Call For Papers - March 31, 2001 (prizes available for graduate
student papers). The 29th Research Conference on Communication,
Information and Internet Policy. October 27-29, 2001. Alexandria, VA.
For more information: http://www.tprc.org
BNA Public Policy Forum: Cybersecurity and Privacy. Pike and Fischer,
Inc. April 4, 2001. Washington, DC. For more information:
First International Conference on Human Aspects of the Information
Society. Information Management Research Institute, University of
Northumbria at Newcastle. April 9-11, 2001. Newcastle upon Tyne,
England. For more information: http://is.northumbria.ac.uk/imri
Corporate Privacy Officers Program 2001: Washington Briefing and Peer
Workshop. Privacy and American Business. April 11-12, 2001.
Washington, DC. For more information: http://www.pandab.org/
National Summit on Electronic Privacy. The National Institute for
Government Innovation. April 23-24, 2001. Washington, DC. For more
information: http://www.nigi.org/
The 26th Annual AAAS Colloquium on Science and Technology Policy.
American Association for the Advancement of Science. May 3-4, 2001.
Washington, DC. For more information:
The Internet Security Conference (TISC) 2001. Core Competence, Inc.
June 4-8, 2001. Los Angeles, CA. For more information:
INET 2001: A Net Odyssey, Mobility and the Internet. The 11th Annual
Internet Society Conference. June 5-8, 2001. Stockholm, Sweden. For
more information: http://www.isoc.org/inet2001/
Call For Submissions - August 3, 2001. Workshop on Security and
Privacy in Digital Rights Management 2001. Eighth Association for
Computing Machinery (ACM) Conference on Computer and Communications
Security. November 5, 2001. For more information:
Privacy2001: Information, Security & Ethics for the New Century.
Technology Policy Group. October 3-4, 2001. Cleveland, Ohio. For more
information: http://www.privacy2000.org/
Subscription Information
The EPIC Alert is a free biweekly publication of the Electronic
Privacy Information Center. A Web-based form is available for
subscribing or unsubscribing at:
To subscribe or unsubscribe using email, send email to
epic-news@epic.org with the subject: "subscribe" (no quotes) or
Back issues are available at:
Privacy Policy
The EPIC Alert mailing list is used only to mail the EPIC Alert and to
send notices about EPIC activities.  We do not sell, rent or share our
mailing list.  We also intend to challenge any subpoena or other legal
process seeking access to our mailing list.  We do not enhance (link
to other databases) our mailing list or require your actual name.
In the event you wish to subscribe or unsubscribe your email address
from this list, please follow the above instructions under
"subscription information".  Please contact info@epic.org if you have
any other questions.
About EPIC
The Electronic Privacy Information Center is a public interest
research center in Washington, DC.  It was established in 1994 to
focus public attention on emerging privacy issues such as the Clipper
Chip, the Digital Telephony proposal, national ID cards, medical
record privacy, and the collection and sale of personal information.
EPIC publishes the EPIC Alert, pursues Freedom of Information Act
litigation, and conducts policy research.  For more information,
e-mail info@epic.org, http://www.epic.org or write EPIC, 1718
Connecticut Ave., NW, Suite 200, Washington, DC 20009.
+1 202 483 1140 (tel), +1 202 483 1248 (fax).
If you'd like to support the work of the Electronic Privacy
Information Center, contributions are welcome and fully
tax-deductible.  Checks should be made out to "EPIC" and sent to
1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009.
Or you can contribute online at
Your contributions will help support Freedom of Information Act and
First Amendment litigation, strong and effective advocacy for the
right of privacy and efforts to oppose government regulation of
encryption and expanding wiretapping powers.
Thank you for your support.
  ---------------------- END EPIC Alert 8.03 -----------------------