WorldLII Home | Databases | WorldLII | Search | Feedback

EPIC Alert

You are here:  WorldLII >> Databases >> EPIC Alert >> 1995 >> [1995] EPICAlert 1

Database Search | Name Search | Recent Articles | Noteup | LawCite | Help

EPIC Alert 2.01 [1995] EPICAlert 1


Volume 2.01 January 18, 1995

Published by the Electronic Privacy Information Center (EPIC)
Washington, DC

Table of Contents

[1] Nader Speaks to Privacy Advocates
[2] European Privacy Directive Moves Forward
[3] EPIC Calls for Congressional FOIA
[4] New DOJ Guidelines on Computer Search and Seizure
[5] Court Dismisses LaMacchia Case
[6] IRS Initiates New Database System
[7] EPIC WWW Page and Digicash Donations
[8] Upcoming Conferences and Events

[1] Nader Speaks to Privacy Advocates

Consumer advocate Ralph Nader urged privacy activists and academics toput a "hard edge on the privacy movement" at a meeting sponsored bythe Electronic Privacy Information Center and the Privacy Journal inWashington, DC in mid-January. The conference brought together morethan thirty leading privacy experts and advocates from across thecountry. The group discussed prospects for privacy reform in the newCongress and efforts to support local and international privacyinitiatives.

Mr. Nader, who thirty years ago won a landmark privacy case againstGeneral Motors, said it was time to "name names" and present the"rogues gallery" of privacy violators. He noted that greatest privacyinvaders are "super private." "They know everything about you, and youhave no idea who they are."

Mr. Nader said that privacy advocates need to hold government andcorporate privacy violators accountable. "Invasions of privacy are asystem of control that must be challenged," said Mr. Nader.

The group also heard from Hill staffpeople, members of theAdministration and other about prospects for privacy reform. Amongthe issues discussed were medical record privacy, privacy protectionfor the information infrastructure, Intelligent TransportationSystems, and consumer privacy.

The group agreed to take specific action to oppose the $500 millionappropriation for the FBI wiretap bill, to support efforts to improvemedical record privacy, and to work together on privacy efforts aroundthe country.

[2] European Privacy Directive Moves Forward

The Council of Ministers of the European Community have adopted acommon position on the European data protection directive. As aresult, the directive will now go to the European Parliament for asecond reading. The directive is considered to be on a fast track foradoption.

The directive is significant for European privacy because it willrequire changes in existing privacy laws and necessitate the adoptionof privacy safeguards in the remaining European countries that do notyet have legislation.

According to Professor Joel Reidenberg of Fordham Law School, "Thecommon position takes a stronger position on data protection thanexisting national laws. There are also important implications for theUnited States. The directive will result in greater scrutiny ofcountries without a data protection commission and without adequatelegislative protections."

[3] EPIC Calls for Congressional FOIA

The Electronic Privacy Information Center (EPIC) on January 11 wroteto Speaker of the House Newt Gingrich asking him to include theFreedom of Information Act (FOIA) in the Congressional AccountabilityAct, legislation that will make several statutes applicable toCongress itself.

EPIC congratulated Speaker Gingrich on the introduction of the THOMASon-line information system but expressed surprise at the omission ofthe FOIA from the list of statutes that will now be applied toCongress. The letter stated "While the initiation of THOMAS willcontribute significantly to the public's understanding ofCongressional activities, we believe that an equally importantinnovation would be to bring Congressional records within the coverageof the Freedom of Information Act (FOIA)

EPIC Director Marc Rotenberg noted: "FOIA is essential to ensure thatgovernment is truly accountable. The FOIA encourages informed debateon national issues and effective participation in the politicalprocess."

The Freedom of Information Act allows ordinary citizens and the mediato request specific documents from federal agencies to oversee theworkings of government. Agencies must release the information unlessit falls within a few narrow exceptions. EPIC has used the FOIA toobtain critical documents on the Clipper Chip, the Digital Telephonyproposal and other documents relevant to electronic privacy issues.

A copy of EPIC's letter to Rep. Gingrich is available at

[4] New DOJ Guidelines on Computer Search and Seizure Guidelines

The Electronic Privacy Information Center (EPIC) has obtained theDepartment of Justice's recently issued "Federal Guidelines forSearching and Seizing Computers." The guidelines provide an overviewof the law surrounding searches, seizures and uses of computer systemsand electronic information in criminal and civil cases. They discusscurrent law and suggest how it may apply to situations involvingcomputers. The guidelines were developed by the Justice Department'sComputer Crime Division and an informal group of federal agenciesknown as the Computer Search and Seizure Working Group.

Areas covered include encryption (where the guidelines suggest thatthe government must provide limited immunity before requiring asuspect to disclose a key), the Privacy Protection Act of 1980 (whichthe guidelines suggest that all investigators review before seizing aBBS) and the use of experts during searches and seizures. Theguidelines also review standards for using electronic evidence incourt and the Electronic Communications Privacy Act of 1986.

A more comprehensive analysis is available from EPIC at EPIC, with thecooperation of the Bureau of National Affairs, is making theguidelines available electronically. The document is available viaFTP/Gopher/WAIS/listserv from the EPIC online archive at A printedversion appears in the Bureau of National Affairs publication,
Criminal Law Reporter, Vol. 56, No. 12 (December 21 1994).

[5] Court Dismisses LaMacchia Case

On December 28, 1994, the U.S. District Court for the District ofMassachusetts dismissed the case against MIT Student David LaMacchiafor illegally distributing copyrighted software over the Internet. Thecourt found that there was no criminal act punishable under thegeneral wire fraud statues because Congress has declined to extend thecriminal penalties to the free distribution of copyrighted software.

The case was brought under the wire fraud statute because Congress haslimited the criminal penalties under Copyright Act to acts which are"willful and for purpose of commercial advantage or private financialgain." 17 U.S.C. Sec. 506(a). The court rejected the prosecutors'
arguments that the wire fraud act should apply, ruling that in thearea of copyrights, Congress has declined to enact criminal penaltiesfor the acts such as those of LaMacchia:

What the government is seeking to do is to punish conduct that reasonable people might agree deserves the sanctions of the criminal law. But as Justice Blackmun observed in Dowling, copyright is an area in which Congress has chosen to tread cautiously,
relying "chiefly . . . on an array of civil remedies to provide copyright holders protection against infringement," while mandating "studiously graded penalties" in those instances where Congress has concluded that the deterrent effect of criminal sanctions are required.

The court worried that extending the general provisions would have
untold effects on computer users everywhere:

While the government's objective is a laudable one,
particularly when the facts alleged in this case are considered, its interpretation of the wire fraud statute would serve to criminalize the conduct of not only persons like LaMacchia, but also the myriad of home computer users who succumb to the temptation to copy even a single software program for private use. It is not clear that making criminals of a large number of consumers of computer software is a result that even the software industry would consider desirable.

Finally, the judge suggests that the law should be changed to
criminalize these activities:

This is not, of course, to suggest that there is
anything edifying about what LaMacchia is alleged to
have done. If the indictment is to be believed, one
might at best describe his actions as heedlessly irresponsible. and at worst as nihilistic, self-indulgent,
and lacking in any fundamental sense of values. Criminal
as well as civil penalties should probably attach to
willful, multiple infringements of copyrighted software
even absent a commercial motive on the part of the infringer.
One can envision ways that the copyright law could be
modified to permit such prosecution. But, "'[i]t is the legislature, not the Court which is to define a crime,
and ordain its punishment.

EPIC will be monitoring any attempts to modify the copyright law. Acopy of the opinion is available from /cpsr/computer_crime/

[6] IRS Initiates Massive New Database

On December 20, the Internal Revenue Service announced in the FederalRegister that it was planning a new database to monitor compliance oftaxpayers in a project entitled Compliance 2000. The database wouldcontain information on all individuals in the U.S. who conduct certainfinancial transactions and would be segmented by different criteria:

Any individual who has business and/or financial activities. These may be grouped by industry, occupation,
or financial transactions, included in commercial databases, or in information provided by state and local licensing agencies.

The new database will combine private and public sector databases in asingle searchable entity. A number of federal financial databasesfrom the IRS will be enhanced with state, local and commercialsources. The Federal Register notice describes the non-tax databases:

Examples of other information would include data from commercial databases, any state's Department of Motor Vehicles (DMV), credit bureaus, state and local real estate records, commercial publications,
newspapers, airplane and pilot information, U.S.
Coast Guard vessel registration information, any state's Department of Natural Resources information, as well as other state and local records. In addition, Federal government databases may also be accessed, such as, federal employment files, federal licensing data, etc.

Finally, even though the proposed system would use frequentlyinaccurate "commercial databases" such as direct marketing records,
taxpayers would not be able to review their records to ensure thatthey are accurate and up to date: "This system is exempt from theaccess and contest provisions of the Privacy Act."

EPIC is filing comments asking the IRS to reconsider its use ofcommercial databases and to ensure that there are greater safeguardson the collection and use of personal information.

A copy of the Federal Register notice is available at on the proposed system must be received by January 19, 1995,
and sent to Office of Disclosure, Internal Revenue Service, 1111 Conn.
Ave, NW, Washington, DC 20224. EPIC's Comments are available /cpsr/privacy/epic/epic_irs_compliance_2000_comments.txt

[7] EPIC WWW Page and Digicash Donations

EPIC has set up a temporary World Wide Web page to enhanceindividuals' access to its materials on privacy. The Web pageincludes information such as the EPIC program and FAQ, material
on current issues of interest (including Clipper and the DigitalTelephony proposal) and HTML access to the current EPIC Alert. EPICwill be announcing a permanent EPIC WWW, Gopher and FTP site in thenear future.

The Web page is set up in conjunction with Digicash, a Netherlands-
based company that specializes in cryptography and anonymous
transactions. The address is
Individuals who are participating in testing Digicash's anonymous
online cash system can contribute to EPIC's work in support of civilliberties. Digicash, after the testing period, will be announcing aformal system of convertible money so individuals will be able to
donate actual money to EPIC. More information on the system is
available from

[8] Upcoming Privacy Related Conferences and Events

Privacy, The Information Infrastructure and Healthcare Reform. OhioState University, Columbus, OH, Jan. 27. Contact:

Cryptography: Technology, Law and Economics. New York City. Mar. 3,
1995. Sponsored by CITI, Columbia University. Contact:
Towards an Electronic Patient Record '95. Orlando, FL. Mar. 14-19,
1995. Sponsored by Medical Records Institute. Contact: 617-964-3926(fax).

Access, Privacy, and Commercialism: When States Gather PersonalInformation. College of William and Mary, Williamsburg, VA, March 17.
Contact: Trotter Hardy 804 221-3826.

Computers, Freedom and Privacy '95. Palo Alto, Ca. Mar. 28-31, 1995.
Sponsored by ACM. Contact:

ETHICOMP95: An international conference on the ethical issues ofusing Information Technology. DeMontfort University, Leicester,
ENGLAND, March 28-30, 1995. Contact: Simon Rogerson 44533 577475 (phone) 44 533 541891 (Fax).

National Net '95: Reaching Everyone. Washington, DC. Apr. 5-7, 1995.
Sponsored by EDUCOM. Contact: or call 202/872-4200.

Information Security and Privacy in the Public Sector. Herdon, VA.
Apr. 19-20, 1995. Sponsored by AIC Conferences. Contact: 212/952-1899.

1995 IEEE Symposium on Security and Privacy. Oakland, CA, May 8-10.

INET '95. Honolulu, HI. June 28-30, 1995. Sponsored by the InternetSociety. Contact

Key Players in the Introduction of Information Technology: TheirSocial Responsibility and Professional Training. July 5-6-7, 1995.
Namur, Belgium. Sponsored by CREIS. Contact:

Advanced Surveillance Technologies. Sept. 5, 1995. Copenhagen, Denmark.
Sponsored by Privacy International and EPIC. Contact

(Send calendar submissions to

The EPIC Alert is a free biweekly publication of the ElectronicPrivacy Information Center. To subscribe, send the message:

to You may also receive the Alert by reading theUSENET newsgroup

Back issues are available via FTP/WAIS/Gopher/HTTP from and on Compuserve (Go NCSA), Library 2 (EPIC/Ethics). AnHTML version of the current issue is available from

The Electronic Privacy Information Center is a public interestresearch center in Washington, DC. It was established in 1994 tofocus public attention on emerging privacy issues relating to theNational Information Infrastructure, such as the Clipper Chip, theDigital Telephony proposal, medical record privacy, and the sale ofconsumer data. EPIC is sponsored by the Fund for ConstitutionalGovernment and Computer Professionals for Social Responsibility. EPICpublishes the EPIC Alert and EPIC Reports, pursues Freedom ofInformation Act litigation, and conducts policy research on emergingprivacy issues. For more information, email, WWW atHTTP:// /epic or write EPIC, 666 Pennsylvania Ave.,
SE, Suite 301, Washington, DC 20003. (202) 544-9240 (tel), (202)
547-5482 (fax).

The Fund for Constitutional Government is a non-profit organizationestablished in 1974 to protect civil liberties and constitutionalrights. Computer Professionals for Social Responsibility is anational membership organization of people concerned about the impactof technology on society. For information contact:
If you'd like to support the work of the Electronic PrivacyInformation Center, contributions are welcome and fullytax-deductible. Checks should be made out to "The Fund forConstitutional Government" and sent to EPIC, 666 Pennsylvania Ave.,
SE, Suite 301, Washington DC 20003.

Your contributions will help support Freedom of Information Actlitigation, strong and effective advocacy for the right of privacy andefforts to oppose Clipper and Digital Telephony wiretapping proposals.

END EPIC Alert 2.01

WorldLII: Copyright Policy | Disclaimers | Privacy Policy | Feedback