	Home \| Databases \| WorldLII \| Search \| Feedback EPIC Alert

Home | Databases | WorldLII | Search | Feedback

EPIC Alert

You are here: WorldLII >> Databases >> EPIC Alert >> 1994 >> [1994] EPICAlert 3

EPIC Alert 1.03 [1994] EPICAlert 3

EPIC ALERT

Volume 1.03 June 29, 1994

Published by the Electronic Privacy Information Center (EPIC)
Washington, DC (Alertepic.org)

Table of Contents

[1] ACM to Release Crypto Report, Recommendations
[2] US House of Representatives Approve Credit Privacy Bill
[3] FCC Caller ID Decision Appealed
[4] NY Consumer Board Slams FCC Caller ID Decision
[5] SSN and Marketing List Privacy Bills Introduced
[6] New Files at the Internet Library
[7] Upcoming Conferences and Events

[1] ACM to Release Crypto Report, Recommendations

A press conference will be held at the U.S. Capitol on Thursday, June30 at 10:30 am to announce the release of a new study on thecontroversial Clipper cryptography proposal. The study was convenedby the Association for Computing Machinery (ACM) and sponsored by theNational Science Foundation.

The ACM cryptography panel was chaired by Dr. Stephen Kent, ChiefScientist for Security Technology with the firm of Bolt, Beranek andNewman. Dr. Susan Landau, Research Associate Professor in ComputerScience at the University of Massachusetts, co-ordinated the work ofthe panel and did most of the writing. The panel members were Dr.
Clinton Brooks, Advisor to the Director, National Security Agency;
Scott Charney, Chief of the Computer Crime Unit, Criminal Division,
U.S. Department of Justice; Dr. Dorothy Denning, Computer ScienceChair, Georgetown University; Dr. Whitfield Diffie, DistinguishedEngineer, Sun Microsystems; Dr. Anthony Lauck, Corporate ConsultingEngineer, Digital Equipment Corporation; Douglas Miller, GovernmentAffairs Manager, Software Publishers Association; Dr. Peter Neumann,
Principal Scientist, SRI International; and David Sobel, LegalCounsel, Electronic Privacy Information Center.

The final report of the panel will be made public at the Thursdaypress conference. Also, the policy committee of the 85,000 member ACMwill release a statement on cryptography issues facing the Clintonadministration.

The conference will be held in the United States Capitol building,
room SC-5. For more information, please call the US ACM WashingtonOffice at 202-298-0842.

[2] US House of Representatives Approve Credit Privacy Bill

The US House of Representatives approved substantial revisions to theFair Credit Reporting Act on June 7. The passing of this bill,
following the Senate enactment of a similar bill in May, virtuallyensures that long-awaited revisions to the FCRA will finally happenthis year.

The bill contains a number of improvements over existing law. Itprohibits the use of credit reports for directing marketing andunsolicited offers of credit unless the consumer is offered theopportunity to prevent the disclosure of their information. In thecase of credit offers, the offer must also be irrevocable and notcontingent on obtaining more information from the consumer. Creditagencies are also prohibited from transferring any medical informationfor either employment or credit purposes without the prior consent ofthe consumer.

Under the bill, consumers have an extended rights of access. Agenciescannot charge more than $3 for one copy per year of a consumer report.
Additional reports cannot cost more than $8. After an adverse decisionis made based on information in a credit report or incorrectinformation is found in a report, consumers can receive free reports.
To make it easier for consumers to obtain information, allnationally-based agencies must operate toll-free 800 numbers.

In addition, the bill implements tougher standards on the accuracy ofinformation. Agencies must investigate all disputed information within30 days. If information cannot be confirmed, it must be deleted fromthe record and cannot be reinserted unless the source of theinformation certifies that it is complete and accurate. Agencies musttake reasonable procedures to ensure that incorrect information doesnot reappear. There is a general prohibition from furnishingincomplete or inaccurate information to a credit agency and everyprovider has a duty to update and correct any information that theyhave furnished.

Civil and criminal penalties for willful or negligent use of incorrectinformation are increased. Criminal penalties are increased to twoyears and a $10,000 fine. Civil penalties are raised to at least$1,000 and attorney fees.

There are several controversial provisions in the bill. Under thebill, states a prohibited from enacting stronger protections until2003. In addition, the FBI may access records by showing a judge thatthere is a authorized foreign counterintelligence investigation and aminimal showing of facts that there may be a violation of a criminalstatute.

The bill now goes to a House-Senate conference committee to work outdifferences between the two bills. Areas of difference includepreemption, the duty of providers to furnish correct information, andthe FBI access provision.

[3] FCC Caller ID Decision Appealed

Several state utility commissions, including New York's andCalifornia's, have petitioned the Federal Communications Commission toreconsider its controversial Caller ID decision. The petitions ask theFCC to reverse its decision mandating per-call blocking for interstatecalls and its preemption of state regulations. The commissions areconcerned that the federal regulation will limit consumer privacyprotection for intra-state calls.

It is uncertain if the FCC will take the unusual action of acceptingthe petitions. Since the Caller ID decision was released in April, twonew commissioners have joined the FCC. A total of 48 parties,
including telephone companies who are concerned about which party ischarged the cost of transmitting the information, have filed petitionsasking the FCC to reconsider its decision.

Per-call blocking, which is favored by telephone companies, requiresthat a caller to enter a series of numbers into their telephone beforeeach call to prevent their number from being distributed. Underper-line blocking, privacy blocking is the default and the caller mayopt to release their number.

The New York Public Utility Commission's petition notes that "there isno technological bar to enabling each state to designate per line orper call blocking and have that privacy notation affixed to thatcaller's phone calls both intra and interstate." The PUC calls on theFCC, which did not hold a single hearing on Caller ID, to review thedecisions of the many states that did hold hearings.

Professor Rohan Samarajiva of Ohio State University, who also filedfor reconsideration, found that 46 states held hearings on Caller IDbefore the FCC issued their final decision. He found that asinformation became more available on Caller ID, the state utilitycommissioners increasingly required that per-line blocking be offeredin addition to per-call. By 1994, 33 jurisdictions developed ruleswith stronger privacy protection than the FCC decision. 18 statesrequire per-line blocking be offered to all consumers, includingPennsylvania, Ohio, California and New York.

CPSR has also filed a petition asking the FCC to revise its decision.
CPSR calls for free per-line blocking and note the additional burdenof per call blocking will cost consumers who have unlisted telephonenumbers $1.2 billion each year through the disclosure of unlistednumbers. They describe the FCCÕs suggestion that consumers who wishto ensure that their numbers remain private purchase equipment asÒunreliable and discriminatory.Ó

In addition, the California PUC has filed suit in the 9th CircuitCourt of Appeals, asking the court to overturn the ruling and preventits implementation.

The FCC decision on Caller ID and the CPSR Petition forReconsideration are available from cpsr.org. See below for details.

[4] NY PUC Letter to FCC on Caller ID

The following is a letter set by New York State Public UtilityCommittee Chairman Peter Bradford to FCC Chairman Reed Hundt on theFCC's Caller ID decision. For more information, contact Stacey Harwoodat 518-473-0276.

STATE OF NEW YORK PUBLIC SERVICE COMMISSION ALBANY 12223
PETER A. BRADFORD THREE EMPIRE STATE PLAZA CHAIRMAN (518)474-2530
June 1, 1994
Reed Hundt, Chairman
Federal Communications Commission
1919 M Street, N.W.
Washington, DC 20554
Dear Chairman Hundt:

I am writing to express My concern about the Federal CommunicationsCommission's recent decision (Docket #91-281) limiting the range ofprivacy protections available to telephone callers in connection withCall ID service. The potential preemptive features of this decisionundermine sensible allocation of responsibility between state andfederal jurisdictions, namely that the federal government preempt onlywhere issues of overriding national concern are clearly at stake andthen only after strong proof that no alternative approach will protectthe national concerns.

All of these essential elements (clear national concern, strongproof, and the absence of other alternatives) are lacking here.
Instead, the casual reasoning and the destructive remedy mock statedClinton Administration eagerness to work with the states to assurethat telecommunications decisions are sensitive to important consumerissues.

The FCC's decision appears to ignore the states' considerableexperience with Call ID. Prior to its authorization of Call ID, theNew York Public Service Commission (like many other states) conductedextensive customer outreach and education programs to determine howbest to balance the privacy interests of the calling and calledparties. many witnesses, including psychiatrists, social workers,
police, other public safety officials, as well as family violencecrisis centers, saw danger and/or nuisance in Call ID without theoption of per line blocking.

These hearings established that privacy protection consisting only ofper call blocking represents the worst of all worlds. The harassingcaller is unlikely to forget to use per call blocking. It is thecustomer who does not realize the implications of the availability ofCall ID to commercial number gatherers (or others who may abuse it)
who is likely to make his or her telephone number inadvertentlyavailable. As a result, we concluded that in New York callers shouldhave the option of both per call and per line blocking. Since Call IDservice was approved with these options two years ago, no complaintshave been received from either Call ID subscribers or callers on theissue of blocking. Furthermore, the market for Call ID does not seemto be hurt by the availability of per line blocking, for subscriptionrates are at least as high in states with per line blocking aselsewhere.

Nevertheless, the FCC decision contemplates preemption of staterequirements inconsistent with a federal per-call-blocking- onlyregime. Since per line blocking only for intrastate calls does notseem feasible, New York's standard (and those of some 40 other states)
will be preempted. Protracted litigation over the FCC decision iscertain and may impede the introduction of interstate Call ID service.
Several states, including New York are seeking reconsideration of theFCC decision and California has challenged the FCC order in court.
Customer confusion and disappointment with limitations on privacyoptions will spawn a host of complaints.

Furthermore, it will be hard for state regulators, to justify thecurrent surcharge for unpublished listings while telephone companiesmarket a service that compromises the value of those listings. I haveenclosed a recent New York notice raising this concern for parties intwo major cases. Telephone companies are not likely to go forward withCall ID if they must forego tens of millions of dollars per year incharges for unpublished numbers.

I hope that the FCC will think again about the impact of thisdecision. It is likely to damage the prospects for Call ID, and it iscertain to damage federal-state relations in the communications areaat a time when much depends on our mutual trust and cooperation.

Sincerely,
/sig Peter Bradford

[5] SSN and Marketing Lists Privacy Bills Introduced

Rep. Dean Gallo (R-NJ) introduced on May 5 two bills to improveconsumer privacy. HR 4353 requires that companies that compilepersonal information about consumers for the purpose of sellingmarketing lists must notify the consumers about the potential sale ofthe lists. Consumers may ask to be removed from the lists before theyare sold. The Federal Trade Commission is authorized to investigateand enforce violations. The bill has been referred to Committee onEnergy and Commerce.

HR 4354 amends the Social Security Act to prohibit any person,
company, or government agency from transferring a persons SSN or anyderivative of it without the written consent of the person. It hasbeen referred to the Ways and Means Committee.

[6] Files Available for retrieval

The CPSR Internet Library is a free service available viaFTP/WAIS/Gopher/listserv from cpsr.org:/cpsr. Materials from PrivacyInternational, the Taxpayers Assets Project and the Cypherpunks arealso archived. For more information, contact ftp-admincpsr.org.

Files on Caller ID: /privacy/communications/caller_id/

The FCC decision - fcc_caller_id_decision_94.txt.

CPSR Petition for Reconsideration - CPSR_RFR_on_FCC_Caller-ID_Order.txt

[7] Upcoming Privacy Related Conferences and Events

DEF CON ][ ("underground" computer culture) "Load up your laptopMuffy, we're heading to Vegas!" The Sahara Hotel, Las Vegas, NV. July22-24. Contact: dtangentdefcon.org.

Hackers on Planet Earth: The First US Hacker Congress. HotelPennsylvania, New York City, NY. August 13-14. Sponsored by 2600Magazine. Contact: 2600well.sf.ca.us.

Technologies of Surveillance; Technologies of Privacy. The Hague, TheNetherlands. September 5. Sponsored by Privacy International and EPIC.
Contact: Simon Davies (daviesprivint.demon.co.uk).

16th International Conference on Data Protection. The Hague,
Netherlands. September 6-8. Contact: B. Crouwers 31 70 3190190(tel), 31-70-3940460 (fax).

CPSR Annual Meeting. University of California, San Diego. October 8-9.
Contact: Phil Agre

Symposium: An Arts and Humanities Policy for the National InformationInfrastructure. Boston, Mass. October 14-16. Sponsored by the Centerfor Art Research in Boston. Contact: Jay Jaroslav(jaroslavartdata.win.net).

Third Biannual Conference on Participatory Design, Chapel Hill, NorthCarolina. October 27-28. Sponsored by CPSR. Contact:
triggparc.xerox.com.

Ethics in the Computer Age Conference. Gatlinburg, Tennessee. November11-13. Sponsored by ACM. Contact: jkizzautcvm.utc.edu
(Send calendar submissions to Alertepic.org)

To subscribe to the EPIC Alert, send the message:

"subscribe cpsr-announce " (without quotes or brackets) tolistservcpsr.org. You may also receive the Alert by reading theUSENET newsgroup comp.org.cpsr.announce

The Electronic Privacy Information Center is a public interestresearch center in Washington, DC. It was established in 1994 tofocus public attention on emerging privacy issues relating to theNational Information Infrastructure, such as the Clipper Chip, theDigital Telephony proposal, medical record privacy, and the sale ofconsumer data. EPIC is sponsored by the Fund for ConstitutionalGovernment and Computer Professionals for Social Responsibility. EPICpublishes the EPIC Alert and EPIC Reports, pursues Freedom ofInformation Act litigation, and conducts policy research on emergingprivacy issues. For more information email infoepic.org, or writeEPIC, 666 Pennsylvania Ave., SE, Suite 301, Washington, DC 20003. +1202 544 9240 (tel), +1 202 547 5482 (fax).

The Fund for Constitutional Government is a non-profit organizationestablished in 1974 to protect civil liberties and constitutionalrights. Computer Professionals for Social Responsibility is a nationalmembership organization of people concerned about the impact oftechnology on society. For information contact: cpsrcpsr.org
END EPIC Alert 1.03

WorldLII: Copyright Policy | Disclaimers | Privacy Policy | Feedback
URL: http://www.worldlii.org/int/journals/EPICAlert/1994/3.html