You are here:
EPIC Alert >>
 EPICAlert 12
EPIC Alert 2.12  EPICAlert 12 (23 October 1995)
Volume 2.12 October 23, 1995
Published by the Electronic Privacy Information Center (EPIC)
Washington, DC infoepic.org http://www.epic.org/
* Special Edition: National Wiretap Plan *
Table of Contents
 FBI Wiretap Plan Exceeds Legislative Authority (and what you can do)
 Illegal Bugging by US Agencies Continues
 Status of Wiretap Funding
 Court Rules Against Hi-tech Spy Devices
 NTIA to Release Privacy "Policy"
 Privacy Success -- Marketry Drops Plan to Sell Net Data
 ACLU Civil Liberties Update / Privacy Rights Clearinghouse
 Upcoming Conferences and Events
 FBI Wiretap Plan Exceeds Legislative Authority (and what you can do)
The FBI has released a dramatic "reinterpretation" of the CommunicationsAssistance for Law Enforcement Act (the "Digital Telephony"
"CALEA"). In a Federal Register notice which outlines "capacity
requirements" for surveillance of the nation's communications
infrastructure, the FBI is claiming that compliance with CALEA requires
that telephone companies and other service providers in some regions ofthe country build in enough surveillance capacity so that *one
of all phone lines could be *simultaneously* wiretapped, calls isolated,
and forwarded to the FBI. This would permit wiretapping at a level at
least a thousand time greater than currently occurs in the United
States. This level of surveillance is also far in excess of what
Congress intended when it enacted the CALEA. The rule, if adopted, will
lead to a radical change in the surveillance capabilities of the
The methodology used to determine capacity requirements is also deeply
flawed. Wiretapping reports, as required by law, have always been based
on actual taps authorized, actual conversations intercepted, and actual
lines surveilled. These numbers are reported annually by the
Administrative Office of the U.S. Courts. The Bureau's proposed rule
attempts to shift from the analytic approach required by current wiretap
law to one that is based on percentages of total communications
activity. It is similar (in purpose and magnitude) to a government
agency that had received an annual appropriation of $12 m to argue by
regulation that it was now entitled to 1% of the federal budget (roughly
EPIC has filed a Freedom of Information Act request seeking all
documents relating to the development of this proposed rule.
WHAT YOU CAN DO:
(a) Submit comments to the FBI. Object to the "percentage approach" to
wiretap capacity. Urge the FBI to follow the current measurement
of wiretapping, as reported annually by the Administrative
Office of the U.S. Courts, which considers the actual number of wiretaps authorized. If you are a telephone customer, ask
the FBI to address the privacy risks of unauthorized, illegal, or
excessive wire surveillance. Comments should be submitted in
triplicate to the Telecommunications Industry Liaison Unit
(TILU), Federal Bureau of Investigation, P.O. Box 220450,
Chantilly, VA 22022-0450. For further information, contact TILU at (800) 551-0336. Refer to your question as a "capacity
** Comments must be received by November 15, 1995.**
(b) If you represent or work for a telecommunications company,
equipment manufacturer, or service provider, assess carefully the
cost and liability that this proposed federal regulation may impose
on your company and the risk that it may expose your customers to
illegal wiretapping. If you are interested in challenging the
final FBI rule, contact EPIC and send us a copy of your comments.
We are prepared to assist individuals and companies with a legal challenge.
The FBI Federal Register notice (October 16, 1995, Volume 60, Number
199, Pages 53643 - 53646) is available at:
EPIC will soon post a copy of its FOIA request and its comments on theregulation to implement a national wiretap plan.
 Illegal Bugging by U.S. Agencies Continues
Reports of illegal wiretapping by U.S. agencies are on the rise. Last
week Japanese officials expressed concern over a report of CIA spying
during automotive trade talks earlier this year, and said they would ask
the United States to investigate, according to an October 16 Reuters
report. "This is certainly not a very pleasant matter," said Trade
Minister Ryutaro Hashimoto. Ichiro Fujisaki, political minister at the
Japanese embassy "expressed the Japanese government's concern that
should the report be true, it could hurt our national sentiment and
U.S.-Japanese friendship and mutual trust."
The New York Times reported earlier that the Central Intelligence Agencyconducted electronic surveillance in the course of preparing
reports forAmerican negotiators prior to an accord reached in June. The Times also
reported that U.S. Trade Representative Mickey Kantor "was regularlysupplied with information gathered about the Japanese negotiation
position by the CIA's Tokyo station and the National Security Agency,
which operates electronic eavesdropping equipment." (NYT, Oct. 14,
1995). The Washington Post confirmed the incident and noted that the
"eavesdropping reflected the U.S. intelligence community's increasing
involvement in economic and commercial information gathering since the
end of the Cold War."
The illegal wiretapping report follows an incident earlier this year
when French officials charged that the United States intelligence
agencies engaged in clandestine monitoring of trade negotiations.
Meanwhile, the President of Estonia was forced to resign following newsthat he had engaged in secret wiretapping of political opponents.
According to the New York Times, residents of Estonia wondered whether
the days of Soviet police agents spying on citizens had returned. Newlychosen President Lennart Mei called the scandal "a crisis of
He said, "We must ask ourselves: Does power belong to the people ifsurveillance equipment is in the hands of others?" (NYT, Oct.
Estonia is the most recent country to see its government fall after
public disclosure of illegal wiretapping. In the last few years, Greeceand France have replaced political leaders because of wiretapping
 Status of Wiretap Funding
In 1995 the Communications Assistance for Law Enforcement Act authorizedthe expenditure of $500,000,000 over four years to reimburse
companiesto design wiretap-ready communications technologies. But opposition to
the "Digital Telephony" proposal forced the FBI and the White House to
find a creative way to fund the unpopular program. Now the
Administration is proposing that the $500 M be gathered from a specialfund which authorizes the surcharge of 40 percent on all civil
levied by the United States after October 1, 1995, excluding fines
levied by the Internal Revenue Service. [The specific legislative
provision may be found in Title IV of the Counterterrorism Bill, HR 1710
(Civil Monetary Penalty Surcharges and Telecommunications Carrier
Compliance Payments). The terrorism bill is now under consideration by
Congress and will be the subject of an upcoming EPIC Alert].
But even the "slush" fund may not generate enough money to reimbursecompanies to design wiretap capabilities, which some industry
estimate may run in excess of $2 billion. The House appropriations bill
for the Department of Justice sets aside only $50 M for the Telephone
Carrier Compliance program.
The U.S. Telephone Association earlier recommended that the government
follow traditional funding methods for the program rather than theslush fund approach taken in the Counter-terrorism bill. The benefitsof
such a budget, said the USTA, include the fact that "it brings the
process into the sunshine, making government surveillance expenditures
an issue for public scrutiny." (USTA Wiretap Workshop, May 1995). The
Office of Technology Assessment, before its demise, also prepared a
useful overview of the bill and discussed the funding issues --
"Electronic Surveillance in a Digital Age" (OTA 1995).
Further information about wiretapping is available at the EPIC web page:
 Court Rules Against Hi-tech Spy Toys
In a case that illustrates that the protections provided by the Fourth
Amendment against the intrusiveness of modern technologies are still
very much alive, the U.S. Court of Appeals for the 10th Circuit ruled onOctober 4 that police must obtain a warrant before using Forward
LookingInfrared Radar (FLIR) devices to examine private residences. FLIR
measures heat differentials on surfaces of as little as 0.5 degrees
Celsius to determine activities inside homes. Police use FLIR devices toscan neighborhoods an detect houses that emanate heat which
caused by "grow" lamps.
In U.S. v. Cusumano, No 94-8056, No 94-8057, Oct. 4, 1995, the court
ruled that new technologies do not eliminate the normal expectation of
privacy that individuals have in their homes. Echoing the words ofJustice Brandeis' opinion in a 1928 wiretap case, the court said:
the Defendants need not have anticipated and guarded against every investigative tool in the government's arsenal. To hold
otherwise would leave the privacy of the home at the mercy of the government's ability to exploit technological advances: the
government could always argue that an individual's failure (or inability) to ward off the incursions of the latest scientific
innovation forfeits the protection of the Fourth Amendment ... [T]he government would allow the privacy of the home to hinge
upon the outcome of a technological race of measure/counter-measure between the average citizen and the government -- a race,
we expect, that
the people will surely lose.
Other courts have split on this question. Recently, the Washington State
Supreme Court ruled that a warrant is required before FLIR can be used
(State v. Young, 867 P.2d 593 (Wash. 1994), while several other federal
appeals courts have ruled that the heat is "waste" not protected by the
Fourth Amendment. The 10th Circuit opinion rejected the waste argument"because the interpretation of that data allows the government
monitor those domestic activities that generate a significant amount of
heat. It . . . strips the sanctuary of the home of one vital dimension
of its security: the 'right to be let alone' from the arbitrary and
discretionary monitoring of our actions by government officials."
 NTIA to Release Privacy "Policy"
The National Telecommunications and Information Administration is
expected to release today (October 23) a white paper entitled "Privacy
and the NII: Safeguarding Telecommunications-Related Personal
Information." In an agency press release, NTIA administrator Larry
Irving said, "We hope to contribute to the effort of addressing the
public's concerns regarding the protection of their personal
information." NTIA says the paper will focus on "privacy concerns
associated with an individual's subscription to or use of a
telecommunications or information service."
discussed by an NTIA official at a conference earlier this month in
Brehmen, Germany there is little that will reassure the public aboutthis policy. Ignoring mounting evidence that voluntary codes have
failed and that new technologies of privacy should be promoted, the
NTIA recommends a "be careful out there" strategy, in effect saying
that it is better to post warning signs along the information highway
than to make the road safer to travel.
The NTIA proposal specifically recommends the "contract" approach to
privacy that was rejected by European officials earlier this year as
an inadequate safeguard for consumers using advanced communications
NTIA officials, and other members of this Administration, have claimed
that with changing technology it is too difficult to legislate
effectively. But a different group of public officials, facing a
similar challenge 20 years ago did not make such excuses. *Records,
Computers, and the Rights of Citizens* (1973) was a ground-breakingreport that spoke clearly of the need to protect citizens rights,
passage of the Privacy Act of 1974, and established firmly the
importance of Fair Information Practices. NTIA's report, like the other
privacy "policies" of this administration, will occupy no similar place
in history. The spirit of Clipper has infused this government.
Copies of the report are available from NTIA at 202/482-3999 and will
soon be posted at the EPIC web site with a complete critique. EPIC has
also prepared a detailed review of an earlier administration privacy
 Privacy Success -- Marketry Drops Plan to Sell Net Data
In a notable victory for consumer privacy and on-line activism, a
Bellevue, Washington company has backed off plans to sell personal
information gathered from the Internet following reports in the
Washington Post and a call to action in the EPIC Alert. Marketry
President Norm Swent announced last week "Marketry's resignation as
manager of the email Internet Interest Selector list." However, Marketry
was not the compiler of the data. Another agent could still be found.
Washington Post reporter John Schwartz broke the Marketry story in the
paper's Business section following news of the proposal in the industry
trade publication The Friday Report. The Marketry data was to be
gathered from newsgroup posts, website visits, and chat room comments.
 ACLU Civil Liberties Alert / Privacy Rights Clearinghouse
An excellent civil liberties on-line newsletter is the ACLUCyber-Liberties Update/
To subscribe to the ACLU Cyber-Liberties Update, send an e-mail
message to infoacluaclu.org with "subscribe ACLU" in the subject
line of your message. For more information about the newsletter,
contact editor Ann Beeson, beesonaclu.org.
One of the leading consumer privacy organizations in the country isthe Privacy Rights Clearinghouse in San Diego. Formed in 1992,
Clearinghouse has produced many consumers fact sheets on common privacyconcerns, and maintains a toll free hotline to provide advice
consumers about their rights.
More information about the Privacy Rights Clearinghouse is available at http://www.manymedia.com/prc/. 5998 Alcala Park, San
92110. (619) 260-4806 (tel). 800-773-7748 (in Cal. only)
prcteetot.acusd.edu (email) Director: Beth Givens.
For a comprehensive guide to online privacy resources, check out:
 Upcoming Privacy Related Conferences and Events
SPECIAL: Ram Avrahami will discuss efforts to strengthen consumer
privacy this week on NPR's Morning Edition and then on CNN Today. For more information, check out http://www.epic.org/privacy/junk_mail/)
Smithsonian Institution, "Frontiers in Cyberspace: Encryption, Privacy,
and Cybercodes. October 25, 1995. Marc Rotenberg, Director, Electronic
Privacy Information Center (EPIC), Philip Zimmermann, Creator, Pretty
Good Privacy (PGP); Stewart Baker, Attorney, Steptoe & Johnson, formerGeneral Counsel, National Security Agency. Contact: Melody Curtis
Managing the Privacy Revolution. October 31 - November 1, 1995.
Washington, DC. Sponsored by Privacy & American Business. Speakers
include Mike Nelson (White House) C.B. Rogers (Equifax). Contact Alan
Innovation and the Information Environment. November 3-4. University
of Oregon School of Law in Eugene, Oregon. Contact: Keith AokiKAOKIlaw.uoregon.edu.
National Privacy and Public Policy Symposium. November 2-4., Hartford,
Cosponsored by the Connecticut Foundation for Open Government. Contact
Richard Akeroyd, rakeroydcsunet.ctsateu.edu 203/566-4301 (tel),
22nd Annual Computer Security Conference and Exhibition. November 6-8,
Washington, DC. Sponsored by the Computer Security Institute.
Global Security and Global Competitiveness: Open Source Solutions.
November 7-9. Washington, D.C. Sponsored by OSS. Contact: Robert Steeleossoss.net.
"The Right to Privacy," November 9. Authors Caroline Kennedy and EllenAlderman discuss their new book on privacy. Lizner Auditorium,
Washington University, Washington, DC. Contact 202/357-3030.
11th Annual Computer Security Applications Conference: Technicalpapers, panels, vendor presentations, and tutorials that address theapplication
of computer security and safety technologies in the civil,
defense, and commercial environments. December 11-15, 1995, New Orleans,
Louisiana. Contact Vince Reed at (205)890-3323 or vreedmitre.org.
RSA 6th Annual Data Security Conference: Cryptography Summit.
Focus on the commercial applications of modern cryptographic technology,
with an emphasis on Public Key Cryptosystems. January 17-19, 1996.
Fairmont Hotel, San Francisco. Contact Layne Kaplan Events, at (415)
340-9300, e-mail at infolke.com, or register at http://www.rsa.com/.
Computers Freedom and Privacy '96. March 27-30. Cambridge, Mass.
Sponsored by MIT, ACM and WWW Consortium. Contact cfp96mit.edu orhttp://www-swiss.ai.mit.edu/~switz/cfp96
Conference on Technological Assaults on Privacy, April 18-20, 1996.
Rochester Institute of Technology, Rochester, New York. Papers should
be submitted by February 1, 1996. Contact Wade Robison privacyrit.edu,
by FAX at (716) 475-7120, or by phone at (716) 475-6643.
Australasian Conference on Information Security and Privacy June24-26, 1996. New South Wales, Australia. Sponsored by AustralasianSociety
for Electronic Security and University of Wollongong. Contact:
Jennifer Seberry (jenniecs.uow.edu.au).
Visions of Privacy for the 21st Century: A Search for Solutions.
May 9-11, 1996. Victoria, British Columbia. Sponsored by The Office
of Information and Privacy Commissioner for the Province of British
Columbia and the University of Victoria. Program at
18th International Conference of Data Protection and Privacy
Commissioners. Sponsored by the Privacy Commissioner of Canada.
September 18-20, 1996. Ottawa, Canada.
Advanced Surveillance Technologies II. Sponsored by EPIC and PrivacyInternational. September 17, 1995. Ottawa, Canada. Contact
International Colloquium on the Protection of Privacy and PersonalInformation. Commission d'acces a l'information du Quebec. May 1997.
Quebec City, Canada.
(Send calendar submissions to Alertepic.org)
The EPIC Alert is a free biweekly publication of the ElectronicPrivacy Information Center. To subscribe, send the message:
SUBSCRIBE CPSR-ANNOUNCE Firstname Lastname
to listservcpsr.org. You may also receive the Alert by reading theUSENET newsgroup comp.org.cpsr.announce.
Back issues are available via http://www.epic.org/alert/ orFTP/WAIS/Gopher/HTTP from cpsr.org /cpsr/alert/ and on Compuserve (GoNCSA),
Library 2 (EPIC/Ethics).
The Electronic Privacy Information Center is a public interestresearch center in Washington, DC. It was established in 1994 tofocus
public attention on emerging privacy issues relating to theNational Information Infrastructure, such as the Clipper Chip, theDigital
Telephony proposal, medical record privacy, and the sale ofconsumer data. EPIC is sponsored by the Fund for ConstitutionalGovernment
and Computer Professionals for Social Responsibility. EPICpublishes the EPIC Alert and EPIC Reports, pursues Freedom ofInformation
Act litigation, and conducts policy research on emergingprivacy issues. For more information, email infoepic.org, WWW atHTTP://www.epic.org
or write EPIC, 666 Pennsylvania Ave., SE, Suite
301, Washington, DC 20003. (202) 544-9240 (tel), (202) 547-5482 (fax).
The Fund for Constitutional Government is a non-profit organizationestablished in 1974 to protect civil liberties and constitutionalrights.
Computer Professionals for Social Responsibility is anational membership organization of people concerned about the impactof technology
on society. For information contact: cpsr-infocpsr.org
If you'd like to support the work of the Electronic Privacy InformationCenter, contributions are welcome and fully tax-deductible.
should be made out to "The Fund for Constitutional Government" and sent
to EPIC, 666 Pennsylvania Ave., SE, Suite 301, Washington DC 20003.
Your contributions will help support Freedom of Information Actlitigation, strong and effective advocacy for the right of privacy
andefforts to oppose government regulation of encryption and funding ofthe National Wiretap Plan.
Thank you for your support.
END EPIC Alert 2.12