	Home \| Databases \| WorldLII \| Search \| Feedback EPIC Alert

Home | Databases | WorldLII | Search | Feedback

EPIC Alert

You are here: WorldLII >> Databases >> EPIC Alert >> 1994 >> [1994] EPICAlert 2

EPIC Alert 1.02 [1994] EPICAlert 2

EPIC ALERT

Volume 1.02 June 16, 1994

Published by the Electronic Privacy Information Center (EPIC)
Washington, DC (Alertepic.org)

Table of Contents

[1] NIST Adopts Digital Signature Standard
[2] National Performance Review Issues Info Tech Report
[3] Federal Telephone Transactional Surveillance Increases
[4] IRS Issues Privacy Principles
[5] Government Printing Office Goes Online
[6] New Files at the Internet Library
[7] Upcoming Conferences and Events

[1] NIST Adopts Digital Signature Standard

On May 19, the National Institute of Standards and Technology approvedits cryptographic standard to provide digital signatures forelectronic documents. Digital signatures are used to authenticateusers and to ensure that messages are not altered. These assurancesare important for applications such as electronic commerce and virusprotection.

The DSS has been mired in controversy since its announcement in 1991.
NIST originally planned to develop an algorithm that also providedprivacy and confidentiality protection to replace the currentgovernment Data Encryption Standard (DES). Documents obtained by CPSRreveal that the National Security Agency pressured NIST into adoptingthe DSS instead. In 1993, NIST proposed the NSA-developed Clipper Chipto replace DES.

The DSS has also been controversial because RSA Data Security claimsthat it infringes several of its patents. NIST contends that it foundno patent infringements.

[2] National Performance Review Releases Info Tech Report

Vice President Al Gore's National Performance Review this weekreleased the long awaited report "Reengineering Through InformationTechnology."

The report finds that the federal government lacks leadership and acoherent plan to address information technology issues. It concludesthat "government is falling dangerously behind the private sector inusing technology to deliver services."

The privacy and security sectioof a privacy organization within the executive branch. Theorganization would advise the president, assist federal agencies,
coordinate US privacy initiatives with international organizations,
and advise state and local governments on privacy issues. TheInformation Infrastructure Task Force (IITF) is directed to providerecommendations on the creation of the organization, including itssize, authority and budget. The IITF will either propose a draftexecutive order or legislation for its creation. Office of Managementand Budget official Bruce McConnell is in charge of the effort.

The IITF is also directed to create an interagency task force todevelop uniform privacy principles for information systems by July1994, coordinated by the OMB. The task force must issue a report inless a year.

The report calls for NIST, in consultation with the OMB and theassistance of the NSA, to "create opportunities for industry todevelop the encryption capabilities required for protection ofnetworked distributed systems." A high priority is set for "finalizingand promulgating digital encryption standards."

A copy of the full report is available from cpsr.org. See below fordetails.

[3] Transactional Surveillance Increased in 1993

Federal law enforcement use of telephone transactional recordsincreased in 1993 for the sixth straight year. Last year, the FBI, theDrug Enforcement Administration, the Immigration and NaturalizationService and the Marshals Service increased their use of pen registersand trap and trace devices sharply over 1992.

Pen registers capture the telephone numbers of every phone call madefrom a particular line. In 1993, 3,423 orders for pen registersaffecting the lines of 8,130 people were issued, a nine percentincrease over 1992's total. Since 1987, when the use of pen registersbecame regulated under the Electronic Communications Privacy Act,
their use has increased 201 percent. While the number of telephonenumbers captured is not available, in 1987 the DEA reported that for716 installed pen registers, over 53,000 numbers were recorded.

The use of trap and trace devices also increased sharply in 1993 (up221 percent over 1992), to a total of 2,153 orders affecting 3,777persons. Since 1987, the use of trap and trace devices has increasedover 2,300 percent. Trap and trace devices capture the originatingtelephone numbers of incoming calls to a particular phone line. In1987, the DEA reported that 91 trap and trace devices captured 2,886numbers.

[4] IRS Issues Privacy Guidelines

The Internal Revenue Service has issued Privacy Guidelines to assistits employees in maintaining the confidentiality of taxpayerinformation. The guidelines provide no additional legal authority butare intended to remind employees of their already existing legalobligations.

In 1993, the General Accounting Office reported that 368 IRS employeeshad been caught browsing through files, inspecting the records ofrelatives and celebrities.

The guidelines set out 10 principles that each employee should follow:

1. Protecting taxpayer privacy and safeguarding confidential taxpayerinformation is a public trust.

2. No information will be collected or used with respect to taxpayersthat is not necessary and relevant for tax administration and otherlegally mandated or authorized purposes.

3. Information will be collected, to the greatest extent practicable,
directly from the taxpayer to whom it relates.

4. Information about taxpayers collected from third parties will beverified to the extent practicable with the taxpayers themselvesbefore action is taken against them.

5. Personally identifiable taxpayer information will be used only forthe purpose for which it was collected, unless other uses arespecifically authorized or mandated by law.

6. Personally identifiable taxpayer information will be disposed of atthe end of the retention period required by law or regulation.

7. Taxpayer information will be kept confidential and will not bediscussed with, nor disclosed to, any person within or outside the IRSother than as authorized by law in the performance of official duties.

8. Browsing, or any unauthorized access of taxpayer information by anyIRS employee, constitutes a serious breach of the confidentiality ofthat information and will not be tolerated.

9. Requirements governing the accuracy, reliability, completeness, andtimeliness of taxpayer information will be such as to ensure fairtreatment of all taxpayers.

10. The privacy rights of taxpayers will be respected at all times andevery taxpayer will be treated honestly, fairly, and respectfully.

Henry Philcox of the IRS told the EPIC Alert that the IRS has producedinstructional videotapes which display scenarios where the privacyguidelines would be in effect. The IRS has also appointed Rob Veeder,
formerly with the Office of Management and Budget, as director of itsprivacy project. Veeder will be on board at the IRS within a fewweeks.

[5] Federal Register, Congressional Record Online

The Government Printing Office has made the Federal Register, theCongressional Record and copies of bills signed by the Presidentavailable on the Internet through its online service.

The Federal Register contains notices filed by every federal agency ofproposed rules, decisions and other operations. The CongressionalRecord contains floor statements, copies of some pending legislationand other materials from both the Senate and the House ofRepresentatives.

This project is the culmination of a three year effort, led byTaxpayers Assets Project and the American Library Association, toincrease access to federal government information. Their campaignresulted in the enactment of the GPO WINDO bill in 1993, whichmandated that the Government Printing Office offer online access tothe Federal Register and the Congressional Record and encouraged moregovernment agencies to make information available electronically.

However, the high costs for the services have led many to questionwhether this project will improve access to government information.
For a single user, access to the Federal Register and theCongressional Record will cost $375 per year for each publication.
Monthly access at $35 is also available. No provisions are availablefor occasional searches. Taxpayers Assets Project has filed a formalappeal with the GPO, asking it to reconsider its pricing scheme.

For more information on access, telnet to wais.access.gpo.gov, login:
newuser, press for password or call 202-512-1661, login: wais,
password: , login: newuser, password: .

[6] Files Available for retrieval

New files on Clipper. /privacy/crypto/privacynist_reponse_to_blaze_paper.txtnist_response_senate_questions_6_94.txtnsa_response_senate_questions_6_94.txt
Vice President Gore's National Performance Review Report onInformation Technology. /privacy/communications/
national_performance_review_info_tech_report.txt
Files on the current crisis in the Italian bulletin board communitycpsr/computer_crimeitaly_crackdown_may94 News reports on the police crackdown on BBSsaccused of pirating software; large-scale confiscation of equipment.

italy_net_politics Speech by Bernardo Parrella of Agora (amulti-lingual Internet site in Italy: agora.stm.it) on the currentstate of BBS's and networking in Italy.

The CPSR Internet Library is a free service available viaFTP/WAIS/Gopher/listserv from cpsr.org:/cpsr. Materials fromPrivacy International, the Taxpayers Assets Project and theCypherpunks are also archived. For more information, contactftp-admincpsr.org.

[7] Upcoming Privacy Related Conferences and Events

DEF CON ][ ("underground" computer culture) "Load up your laptopMuffy, we're heading to Vegas!" The Sahara Hotel, Las Vegas, NV. July22-24. Contact: dtangentdefcon.org.

Symposium on Privacy and Intelligent Vehicle-Highway Systems. SantaClara University, Santa Clara, California. July 29-30. Contact:
Professor Dorothy J. Glancy 408-554-4075 (tel), 408-554-4426 (fax),
dglancysuacc.scu.edu.

Hackers on Planet Earth: The First US Hacker Congress. HotelPennsylvania, New York City, NY. August 13-14. Sponsored by 2600Magazine. Contact: 2600well.sf.ca.us.

Technologies of Surveillance; Technologies of Privacy. The Hague, TheNetherlands. September 5. Sponsored by Privacy International and EPIC.
Contact: Simon Davies (daviesprivint.demon.co.uk).

16th International Conference on Data Protection. The Hague,
Netherlands. September 6-8. Contact: B. Crouwers 31 70 3190190 (tel),
31-70-3940460 (fax).

CPSR Annual Meeting. University of California, San Diego. October 8-9.
Contact: Phil Agre

Symposium: An Arts and Humanities Policy for the National InformationInfrastructure. Boston, Mass. October 14-16. Sponsored by theCenter for Art Research in Boston. Contact: Jay Jaroslav(jaroslavartdata.win.net).

Third Biannual Conference on Participatory Design, Chapel Hill, NorthCarolina. October 27-28. Sponsored by CPSR. Contact:
triggparc.xerox.com.

Ethics in the Computer Age Conference. Gatlinburg, Tennessee. November11-13. Sponsored by ACM. Contact: jkizzautcvm.utc.edu
(Send calendar submissions to Alertepic.org)

To subscribe to the EPIC Alert, send the message:

"subscribe cpsr-announce " (without quotes or brackets) tolistservcpsr.org. You may also receive the Alert by reading theUSENET newsgroup comp.org.cpsr.announce

The Electronic Privacy Information Center is a public interestresearch center in Washington, DC. It was established in 1994 tofocus public attention on emerging privacy issues relating to theNational Information Infrastructure, such as the Clipper Chip, theDigital Telephony proposal, medical record privacy, and the sale ofconsumer data. EPIC is sponsored by the Fund for ConstitutionalGovernment and Computer Professionals for Social Responsibility. EPICpublishes the EPIC Alert and EPIC Reports, pursues Freedom ofInformation Act litigation, and conducts policy research on emergingprivacy issues. For more information email infoepic.org, or writeEPIC, 666 Pennsylvania Ave., SE, Suite 301, Washington, DC 20003. +1202 544 9240 (tel), +1 202 547 5482 (fax).

The Fund for Constitutional Government is a non-profit organizationestablished in 1974 to protect civil liberties and constitutionalrights. Computer Professionals for Social Responsibility is a nationalmembership organization of people concerned about the impact oftechnology on society. For information contact: cpsrcpsr.org
END EPIC Alert 1.02

WorldLII: Copyright Policy | Disclaimers | Privacy Policy | Feedback
URL: http://www.worldlii.org/int/journals/EPICAlert/1994/2.html