WorldLII Home | Databases | WorldLII | Search | Feedback

EPIC Alert

You are here:  WorldLII >> Databases >> EPIC Alert >> 1994 >> [1994] EPICAlert 6

Database Search | Name Search | Recent Articles | Noteup | LawCite | Help

EPIC Alert 1.06 [1994] EPICAlert 6


Volume 1.06 October 28, 1994

Published by the Electronic Privacy Information Center (EPIC)
Washington, DC (

Table of Contents

[1] FTC Orders Trans Union to Stop Selling Credit Reports to Marketers
[2] State Department Rules 1st Amendment Doesn't Apply to Disks
[3] FBI Director May Ask For Mandatory Key Escrow Legislation
[4] Clipper: Alive and Well
[5] EPIC on Compuserve
[6] New Files in the Archive
[7] Upcoming Conferences and Events

[1] FTC Cracks down on Trans Union

The Federal Trade Commission on October 18 ordered Trans Union, one ofthe nation's largest credit bureaus, to stop selling consumercredit information in its files to direct marketers in violation ofthe Fair Credit Reporting Act (FCRA). This decision follows a yearafter TRW, another large credit bureau, signed a consent decree withthe FTC to limit selling credit information. Equifax, the otherlarge credit bureau, also stopped voluntarily selling credit info
for marketing last year.

Trans Union, through its Transmark target marketing division, createdlists of individuals based on credit-related criteria and then soldthe information to companies to use for target marketing. TheCommission ruled that target marketing was illegal under the FCRAbecause the law requires that the consumer initiate the transactionbefore the information can be released. It also found that thecompanies had full access to consumers' names and were aware of thecriteria under which the names had been chosen from the Trans Uniondatabase, which is also an illegal disclosure of credit information.

Trans Union has said they will appeal and plan to continue selling theinformation in the meanwhile. Under a newly passed law, Trans Unionmust ask for a stay of the order after 60 days before they cancontinue selling the information. Ed. Mierwizinski, Consumer ProgramDirector of US Public Interest Research Group's Washington Officehailed the FTC's actions "its a good decision. I predict if theytry and appeal, they will loose."

[2] State Dept: 1st Amendment Doesn't Apply to Disks

The State Department ruled on October 7 that some forms of electronicspeech are not protected by the First Amendment and can be prohibitedfrom export. The decision raises questions about the protection offree speech on the information superhighway.

The controversy arose over the export of an electronic version ofApplied Cryptography: Protocols, Algorithms, and Source Code in C(John Wiley and Sons, 1994) by Bruce Schneier. The agency ruled thatelectronic source code for computer programs that containscryptographic algorithms is not protected under the First Amendmentand thus is not exportable under current law. The ruling follows justa few months after the same department OK'd the export of the samecode in printed form. Under current State Department rules, the export ofalmost allsoftware with confidentiality and privacy features is prohibitedunless permission is granted by the National Security Agency prior toexport.

Earlier this year Schneier and San Diego engineer Phil Karn requestedand received permission to export the printed version, which containsover 100 pages of source code for different cryptographic algorithmsin a type face easily converted to electronic form by a standardcomputer scanner. The book has sold over 17,000 copies worldwide inless than one year.

When Karn and Schneier requested permission to export the disks, whichhave the exact same information as is contained in the book, WilliamRobinson, the director of the Office of Defense Trade Controls,
rejected the request stating "the text files on the subject disk arenot an exact representation of what is found in AppliedCryptography...each source code listing has been partitioned into itsown file and has the capability of being easily compiled into anexecutable subroutine . . . This is an added value to any end userthat wishes to incorporate encryption into a product."

Computer users and experts are critical of the distinction. Karn noted"with the widespread availability of optical character recognition(OCR) equipment and software, even printed information such as theBook is easily turned into 'machine readable' disk files equivalent tothe diskette." Bob Stratton, a Senior Engineer at AlterNet "Whetherits in a book or on a disk, it doesn't matter. The technology [thecryptography code] will flow no matter what."

When Karn and Schneier appealed the decision, Martha C. Harris, theDeputy Assistant Secretary for Export Controls at the State Departmentstated "We...have concluded that continued control over the export ofsuch material is consistent with the protections of the FirstAmendment" She noted that a high level, interagency review hadresulted from the request. Bob Peck, a First Amendment lawyer with theAmerican Civil Liberties Union notes "any claim that the FirstAmendment is inapplicable because of the medium is just not valid."

Karn plans to appeal the decision.

[3] Clipper: Alive and Well

Vice President Gore's July letter to Rep. Maria Cantwell led someobservers to to hail the "death of Clipper." Others (including EPICand Sen. Patrick Leahy) maintained that the Gore letter simplyre-stated earlier Administration pronouncements on the encryptionissue and did not represent a change in policy.

Any lingering doubts were laid to rest recently by Lynn McNulty, theAssociate Director for Computer Security at the National Institute ofStandards and Technology (NIST). Speaking at a conference sponsoredby the Electronic Messaging Association, McNulty gave a presentationentitled "Clipper: Alive and Well." Noting that some media reportshad pronounced Clipper dead, McNulty said simply "that is notcorrect." He reported that the government is "moving ahead toimplement key escrow," and that the designated escrow agents are, infact, escrowing keys. To date, 10,000 Clipper-equipped telephoneunits have been purchased by the law enforcement community. And theNational Security Agency is continuing to aggressively market its keyescrow technology to private manufacturers.

[4] FBI Director May Ask For Mandatory Key Escrow Legislation

At a conference on Global Cryptography earlier this month, FBIDirector Louis Freeh suggested that if the administration's Clipperkey escrow encryption scheme was not widely adopted, he may askCongress for legislation making it mandatory. The FBI confirmed tocomments to reporters Brock Meeks and Steven Levy.

Excerpt from transcript of Freeh talk as faxed to MIchael Froomkin bythe FBI:

[note: bracked material is summary of earlier exchange]

Q: [If people pre-encrypt while using Clipper, would] the policy thenhave to change?

A: The terms of encryption being a voluntary standard? Oh yea,
definitely, I mean if five years from now we solve the access problembut what we are hearing is all encrypted I'll probably ah, if I amstill here, be talking about that in a very important way. Sure, Imean the objective is the same. The objective is for us to get thoseconversations whether they are by an alligator clipped or or [_sic_]
ones and zeros wherever they are, what ever they are, I need them.

[5] EPIC on Compuserve

EPIC has joined that National Computer Security Association and theNational Computer Ethics & Responsibilities Campaign in hosting aforum on privacy, security and ethical issues on the CompuserveInformation System.

EPIC materials, including back issues of the Alert, programdescription and reports are available in Library 2. Discussion ofprivacy topics are in Section 2 (EPIC/Ethics).

To access the forum, use the keyword: NCSA.

[6] New Files at the Archive

OTA Report on Cryptography
Final Version of HR 4922/S 2375. - The Communications Assistance forLaw Enforcement Act of 1994
HR 5199 - Encryption Standards and Procedures Act of 1994
Files related to the Applied Cryptography Export Decision

The CPSR Internet Library is a free service available viaFTP/WAIS/Gopher/listserv from Materials from PrivacyInternational, the Taxpayers Assets Project and the Cypherpunks arealso archived. For more information, contact

[5] Upcoming Privacy Related Conferences and Events

2nd ACM Conference on Computer and Communications Security, Fairfax,
Virginia. Nov 2-4, 1994. Sponsored by: ACM SIGSAC, Hosted by: BellAtlantic, George Mason University. Contact:
Ethics in the Computer Age Conference. Gatlinburg, Tennessee. November11-13. Sponsored by ACM. Contact:
The Technology for Information Security Conference '94 (TISC '94).
Galveston, Texas. Dec. 5-8, sponsored by: NASA Johnson Space CenterMission Operations Directorate (MOD), MOD AIS Security EngineeringTeam, and the ISSA. Contact: John D'Agostino(

Second International Conference on Information Warfare: "Chaos on theElectronic Superhighway" Jan 18-19, Montreal, CA. January 18, 1995,
Sponsored by NCSA. Contact: Mich Kabay (

(Send calendar submissions to

To subscribe to the EPIC Alert, send the message:

to You may also receive the Alert by reading theUSENET newsgroup

Back issues are available via FTP/WAIS/Gopher/HTTP from and on Compuserve at Keyword: NCSA, Library 2 (EPIC/Ethics)

The Electronic Privacy Information Center is a public interestresearch center in Washington, DC. It was established in 1994 tofocus public attention on emerging privacy issues relating to theNational Information Infrastructure, such as the Clipper Chip, theDigital Telephony proposal, medical record privacy, and the sale ofconsumer data. EPIC is sponsored by the Fund for ConstitutionalGovernment and Computer Professionals for Social Responsibility. EPICpublishes the EPIC Alert and EPIC Reports, pursues Freedom ofInformation Act litigation, and conducts policy research on emergingprivacy issues. For more information email, or writeEPIC, 666 Pennsylvania Ave., SE, Suite 301, Washington, DC 20003. +1202 544 9240 (tel), +1 202 547 5482 (fax).

The Fund for Constitutional Government is a non-profit organizationestablished in 1974 to protect civil liberties and constitutionalrights. Computer Professionals for Social Responsibility is a nationalmembership organization of people concerned about the impact oftechnology on society. For information contact:
END EPIC Alert 1.06


To alter or end your subscription to this mailing list,
write to For general information send the message:
HELPTo unsubscribe, send the message:
UNSUBSCRIBE CPSR-ANNOUNCEYou need to do this from the same machine you subscribed from.
In both cases, leave the subject blank, or at least not resembling anerror message.

WorldLII: Copyright Policy | Disclaimers | Privacy Policy | Feedback