WorldLII Home | Databases | WorldLII | Search | Feedback

EPIC Alert

You are here:  WorldLII >> Databases >> EPIC Alert >> 1995 >> [1995] EPICAlert 11

Database Search | Name Search | Recent Articles | Noteup | LawCite | Help

EPIC Alert 2.11 [1995] EPICAlert 11


Volume 2.11 October 16, 1995

Published by the Electronic Privacy Information Center (EPIC)
Washington, DC

Table of Contents

[1] EPIC Seeks Disclosure of Clipper Documents
[2] Landmark Privacy Case, Avrahami v. USN&WR
[3] Your Net Activities for Sale (and what you can do)

[4] Canadian Direct Marketers Call for Privacy Law
[5] Opposition to ID Systems Grows
[6] Who You Gonna Trust? Bankers and Hackers
[7] VTW Alert / Telecom Post / PJ Updates
[8] Developments at EPIC Web Site
[9] Upcoming Conferences and Events

[1] EPIC Seeks Disclosure of Clipper Documents

The Electronic Privacy Information Center (EPIC) has filed a brief infederal court challenging the "national security" classification of
information concerning the "Clipper Chip" encryption system and the
underlying SKIPJACK algorithm. The brief was filed in response to theNational Security Agency's attempt to withhold the information from thepublic following a Freedom of Information Act (FOIA) request.

Urging disclosure of the disputed information, EPIC argues that:

1) Clipper's technical details have been withheld for *law
enforcement* reasons, not "national security" reasons. As such,
the information is not properly classified;

2) The security of the Clipper encryption system does not require
the secrecy of the SKIPJACK algorithm or other technical details;

3) Disclosure of the withheld information will not (as NSA claims)
constitute a violation of U.S. export control laws; and
4) The withheld information was part of the government's decision-
making process that culminated in the adoption of FIPS 185, the
"Escrowed Encryption Standard."

The brief was filed in a FOIA case initiated on behalf of EPIC's co-
sponsoring organization, Computer Professionals for Social
Responsibility, in May 1993. NSA was granted a delay of more than two
years in order to process relevant documents. The agency recently movedfor summary judgment in the case, arguing (among other things) that thedisputed information is properly classified.

The full text of the EPIC brief can be obtained via the World Wide
Web at:

[2] Landmark Privacy Case

A Virginia resident has filed suit in state court against US News &
World Report, challenging the right of the magazine to sell or rent his
name to another publication without his express written consent. Ram
Avrahami argues that USN&WR has benefited commercially from his name,
thus violating the Virginia law which protects every person from having
his/her name being used for commercial purpose without consent.

The suit raises a critical question for the future of privacy: who
controls personal information? If Mr. Avrahami prevails, companies that
sell personal information could be required to obtain permission before
data is sold to others. Such an ownership right could establish a more
equitable and efficient relationship between consumers and companies.

EPIC has put together an expert team to assist Mr. Avrahami, to preparean amicus brief for the court proceeding, and to pursue other aspects ofthe case. This case may quickly become the leading consumer privacycase in the country. A feature article appeared in the Wall StreetJournal on October 13.

What are Mr. Avrahami's prospects for success? Not clear, but a 1991Time/CNN poll found that 93% of American adults believed that "companiesthat sell information to others should be required by law to askpermission from individuals before making the information available."
(Time Magazine, Nov. 11, 1991).

A web page with details about the case, the relevant law, information
about the direct marketing industry, and books and articles about
privacy and marketing data can be found at:

[3] Your Net Activities for Sale (and what you can do)

The Marketry company of Bellvue, Washington is now selling email
addresses of Internet users obtained from Newsgroup postings. From
the company's press release:

"These are email address of individuals who are actively using the Internet to obtain and transfer information. They have demonstrated a substantial interest in specific area of information on the Internet. They are regularly accessing information in their interest areas from newsgroups, Internet chats and websites. . . .
The file is anticipated to grow at the rate of 250,000 E Mail
addresses per month, all with Interest selections."

What are the interest areas currently available? "Adult, Computer,
Sports, Science, Education, News, Investor, Games, Entertainment
Religion, Pets." The release notes that "additional interests areas
will be added, please inquire." Activities of US and non-US Net users
will be included in the Marketry product.

The Washington Post reported that the president of Markertry, NormSwent, would not disclose who the actual owner of the list is. "Thatreally is confidential information," Swent said, "and we are obviouslybound by confidentiality agreements with the list owner."


(a) Sit back, let your newsgroup postings get swept up by the data
scavengers and watch the junk email pile high on your system, or
(b) Send email to Marketry and tell them to STOP SELLING PERSONAL DATA GATHERED FROM THE NET. Send email to: and tell your friends to send email. And tell your friends' friends.

It's your name. It's your mailbox. Think about it.

[4] Canadian Direct Marketers Call for Privacy Law

The Canadian Direct Marketing Association (CDMA) has announced itsintention to support the adoption of comprehensive privacy legislationin Canada. In a letter dated October 2 to John Manley, the Canadian
Minister of Industry, the CDMA writes, "The Canadian Direct Marketing
Association is asking the Government of Canada to pass national privacy
legislation governing the private sector. We believe every Canadian is
entitled to fundamental protection of their personal data." The CDMA
said that it hoped the government would build on the Model Code for the
Protection of Personal Information developed by the Canadian Standards
Association. (See Alert 2.10
[4] "CSA Announces Privacy Standards").

Unlike the Direct Marketing Association in the United States, theCDMA has long required its members to follow a compulsory privacycode. The CDMA notes that many industries have complied with theCode, but given the failure of "other private sector organizationsthere seems to be no realistic possibility of comprehensive self-

The CDMA announcement follows growing support in Canada for privacylegislation and increasing skepticism about the viability ofindustry self-regulation. (See EPIC Alert 2.10
[5] "Around the Globe:
Privacy Notes").

More information is available from Scott McClellan, Director ofCommunications, CDMA, 416/391-2362 ext. 226

[5] Opposition to ID Systems Grows

An emerging groundswell of opposition to proposed new databases and
identity cards for immigration verification purposes is threatening the
passage of immigration bills in Congress. Advocates are now hopeful
that the ID proposals currently pending in Congress will be rejected.
Last week a test program authorized by the Immigration in the National
Interest Act of 1995 (HR 2202) narrowly survived a 17-15 vote in theHouse Judiciary Committee 17-15. Bipartisan opposition to the plan,
originally expected to pass easily, continues to grow.

The immigration verification system recommended by the US Commission on
Immigration Reform would create a database of all persons eligible for
employment in the United States. Employers would be required to call a
number and provide the name and Social Security Number of the potential
employee. The proposal is supported by Rep. Lamar Smith (R-TX),
chairman of the House Judiciary Committee's subcommittee on Immigration.
Senators Alan Simpson (R-WY) and Diane Feinstein (D-CA) and Congressman
Bill McCullum (R-FL) would expand the plan and have recommended the
creation of national ID cards based on the Social Security Account. TheCard that would contain the name, photo, address, Social Security
number and other information on every card and a magnetic stripe on the
back. Feinstein recommended that the ID card also contain a retinal scan.

Opposition to the proposal has come from across the political spectrum.
The coalition opposing the proposals includes civil liberties groups,
conservative think tanks, immigration groups, religious associations and
small businesses. Conservative and liberal members of Congress have
also come out in opposition to the proposals. Rep. Steve Chabot (R-OH)
described the proposal as "1-800-BIG-BROTHER." Rep. John Conyers (D-MI)
told the Washington Post that the card "would usher in an era of all-
intrusive government." House Majority Leader Dick Armey (R-TX) has
promised to oppose any attempt to create a national ID card.

The bill remains in the House Judiciary Committee. Several members have
promised to attempt to remove the provision on the House floor. The
Senate has not yet taken up the issue. It is unlikely that the Senate
will address the bill before next year.

On a different front, both the House and Senate welfare reform bills
contain provisions to create a database of all newly hired people
working in the US. This databases would then be used to track down
people who are behind on their child support. It is expended that the
list of uses would grow. The bills would also expand the use of the
Social Security Numbers and require its placement on a number of state
documents including birth certificates, drivers' licensees, and marriage

[6] Whom You Gonna Trust? Bankers and Hackers

Bankers Trust, one of the leading proponents of the Commercial Key
Escrow scheme (see ) was the subject of a recent
BusinessWeek cover story. The news feature described racketeering
charges brought by clients of Bankers Trust who lost hundred of million
of dollars. Procter & Gamble is charging that Bankers Trust "engaged in
a pervasive pattern of fraud spanning a number of years and involving
numerous victims." Supporters of the Bankers Trust plan to hold in
escrow keys to private encrypted communications might take note of two
quotations that appeared on the cover of the BusinessWeek story: "What
Bankers Trust can do for Sony and IBM is get in the middle and rip them
off" and "Funny business, you know. Lure people into that calm and then
just totally f
' em." ("The Bankers Trust Tapes," BW, Oct. 16, 1995).

Meanwhile, the Wall Street Journal reports that Netscape will be turning
to the hacker community to find flaws and plug holes in the popular websoftware. Under the "Bugs Bounty" program, Netscape will offer $1,000to the first person to identify major security flaws. "There are a
whole bunch of people out there with a lot of great computer science
knowledge. We thought it was time to proactively harness all that
energy to give them a reward" for finding bugs says Mike Homer, Vice
President of marketing for Netscape. (WSJ, Oct. 9, 1995).

[7] VTW Alert / Telecom Post / PJ Updates

Two excellent legislative alerts worth reading closely as the actionin Congress heats up:

VTW BillWatch: A weekly newsletter tracking US Federal legislation
affecting civil liberties. BillWatch is published every Friday
evening as long as Congress is in session. Contact:
(email), gopher -p1/vtw (gopher), (URL). Publisher: Shabbir J. Safdir
Telecom Post covers activity in Congress on telecommunications and related issues. To subscribe, send to LISTSERVCPSR.ORG with the
message SUBSCRIBE TELECOM-POST YOUR NAME. Publisher: Coralee Whitcomb (

Privacy Journal has released updates for three popular publications for
professionals who need reference books on the privacy issues.
*Compilation of State and Federal Privacy Laws ($29)* describes by
category more than 500 laws on the confidentiality of personal
information. *War Stories* is a collection of real-life stories
involving invasions of privacy, along with the sources of the stories
and the lawyers who represent the victims. *Directory of Privacy
Professionals* ($14.50) provides postal addresses, phone numbers, and
electronic addresses for 200 individuals and organizations, in business
and in government, actively involved in privacy issues. The books are
available by check or credit card from Privacy Journal, P.O. Box 28577,
Providence, RI 02908, 401/274-7861 There is a
$4 handling fee.

[8] Developments at EPIC Web Site

The EPIC Web site is undergoing a major upgrade. We have put in a 56kbline and upgraded the server software and hardware. In the next few
months we will be adding listserver software to improve the delivery of
EPIC-related information. We are also making arrangements to expand
significantly the privacy resources available at the web site. You will
now find materials at WWW.EPIC.ORG organized in four categories:

-- Hot topics (Current news)
-- Resources (Legislative Guide, On-line Guide, EPIC Docket,
EPIC Alert)
-- Policy Archives (Cryptography, Privacy, Free Speech, Open
-- About EPIC
Please send your comments and suggestions to Weapologize for any difficulties that result from our transition toa better server.

[9] Upcoming Privacy Related Conferences and Events

Smithsonian Institution, "Frontiers in Cyberspace: Encryption, Privacy,
and Cybercodes. October 25, 1995. Marc Rotenberg, Director, Electronic
Privacy Information Center (EPIC), Philip Zimmerman, Creator, Pretty
Good Privacy (PGP); Stewart Baker, Attorney, Steptoe & Johnson. Contact:
Melody Curtis (

Managing the Privacy Revolution. October 31 - November 1, 1995.
Washington, DC. Sponsored by Privacy & American Business. Speakers
include Mike Nelson (White House) C.B. Rogers (Equifax). Contact Alan
Westin 201/996-1154.

Innovation and the Information Environment. November 3-4. University
of Oregon School of Law in Eugene, Oregon. Contact: Keith

National Privacy and Public Policy Symposium. November 2-4., Hartford,
Cosponsored by the Connecticut Foundation for Open Government. Contact
Richard Akeroyd, 203/566-4301 (tel),
203/566-8940 (fax)

22nd Annual Computer Security Conference and Exhibition. November 6-8,
Washington, DC. Sponsored by the Computer Security Institute.
Contact: 415-905-2626.

Global Security and Global Competitiveness: Open Source Solutions.
November 7-9. Washington, D.C. Sponsored by OSS. Contact: Robert

11th Annual Computer Security Applications Conference: Technicalpapers, panels, vendor presentations, and tutorials that address theapplication of computer security and safety technologies in the civil,
defense, and commercial environments. December 11-15, 1995, New Orleans,
Louisiana. Contact Vince Reed at (205)890-3323 or

Computers Freedom and Privacy '96. March 27-30. Cambridge, Mass.
Sponsored by MIT, ACM and WWW Consortium. Contact or
Conference on Technological Assaults on Privacy, April 18-20, 1996.
Rochester Institute of Technology, Rochester, New York. Papers should
be submitted by February 1, 1996. Contact Wade Robison,
by FAX at (716) 475-7120, or by phone at (716) 475-6643.

Australasian Conference on Information Security and Privacy June24-26, 1996. New South Wales, Australia. Sponsored by AustralasianSociety for Electronic Security and University of Wollongong. Contact:
Jennifer Seberry (

Visions of Privacy for the 21st Century: A Search for Solutions.
May 9-11, 1996. Victoria, British Columbia. Sponsored by The Office
of Information and Privacy Commissioner for the Province of British
Columbia and the University of Victoria. Program at
18th International Conference of Data Protection and Privacy
Commissioners. Sponsored by the Privacy Commissioner of Canada.
September 18-20, 1996. Ottawa, Canada.

Advanced Surveillance Technologies II. Sponsored by EPIC and PrivacyInternational. September 17, 1995. Ottawa, Canada. Contact
International Colloquium on the Protection of Privacy and PersonalInformation. Commission d'acces a l'information du Quebec. May 1997.
Quebec City, Canada.

(Send calendar submissions to

The EPIC Alert is a free biweekly publication of the ElectronicPrivacy Information Center. To subscribe, send the message:

to You may also receive the Alert by reading theUSENET newsgroup

Back issues are available via orFTP/WAIS/Gopher/HTTP from /cpsr/alert/ and on Compuserve (GoNCSA), Library 2 (EPIC/Ethics).

The Electronic Privacy Information Center is a public interestresearch center in Washington, DC. It was established in 1994 tofocus public attention on emerging privacy issues relating to theNational Information Infrastructure, such as the Clipper Chip, theDigital Telephony proposal, medical record privacy, and the sale ofconsumer data. EPIC is sponsored by the Fund for ConstitutionalGovernment and Computer Professionals for Social Responsibility. EPICpublishes the EPIC Alert and EPIC Reports, pursues Freedom ofInformation Act litigation, and conducts policy research on emergingprivacy issues. For more information, email, WWW atHTTP:// or write EPIC, 666 Pennsylvania Ave., SE, Suite
301, Washington, DC 20003. (202) 544-9240 (tel), (202) 547-5482 (fax).

The Fund for Constitutional Government is a non-profit organizationestablished in 1974 to protect civil liberties and constitutionalrights. Computer Professionals for Social Responsibility is anational membership organization of people concerned about the impactof technology on society. For information contact:
If you'd like to support the work of the Electronic Privacy InformationCenter, contributions are welcome and fully tax-deductible. Checks
should be made out to "The Fund for Constitutional Government" and sent
to EPIC, 666 Pennsylvania Ave., SE, Suite 301, Washington DC 20003.

Your contributions will help support Freedom of Information Actlitigation, strong and effective advocacy for the right of privacy andefforts to oppose government regulation of encryption and funding ofthe National Wiretap Plan.

Thank you for your support.

END EPIC Alert 2.11

WorldLII: Copyright Policy | Disclaimers | Privacy Policy | Feedback