WorldLII [Home] [Databases] [WorldLII] [Search] [Feedback]

EPIC Alert

You are here:  WorldLII >> Databases >> EPIC Alert >> 1995 >> [1995] EPICAlert 2

[Database Search] [Name Search] [Recent Alerts] [Noteup] [Help]

EPIC Alert 2.02 [1995] EPICAlert 2 (6 February 1995)


EPIC ALERT




Volume 2.02 February 6, 1995

Published by the Electronic Privacy Information Center (EPIC)
Washington, DC infoepic.org

Table of Contents



[1] IRS Backs Off Compliance 2000 Program
[2] New Secrecy Order Needs Work
[3] Caller ID Blocking Fails in New York
[4] Post Office Partially Limits Access to Addresses
[5] Clinton Announces National ID Registry
[6] Correction: EU Directive Still Under Consideration
[7] Overview of New Congressional Privacy Legislation
[8] Upcoming Conferences and Events


[1] IRS Backing Off of Compliance 2000 Program


The Internal Revenue Service announced on Friday, January 20, that itwas delaying implementation of the controversial Compliance 2000program after heated opposition to the proposal from the ElectronicPrivacy Information Center (EPIC) and other privacy advocatesappeared in over two dozen newspapers across the country. Theproposal also drew sharp criticism from Senator David Pryor. Theplan called for IRS collection and use of personal information fromcommercial databases. This data would not be subject to therequirements of the Privacy Act.

IRS officials told the EPIC Alert that the Compliance 2000 noticepublished in the Federal Register was going to be revised in the nextfew weeks and then reissued. IRS Privacy Advocate Robert Veeder saidthat the notice had been drafted more than a year ago and that theprogram had been revised substantially since then.

EPIC has filed a Freedom of Information Act request with the IRS,
asking for more information about the types of data that would becollected if Compliance 200 goes forward, the sources of theinformation and the proposed uses.



[2] Draft Secrecy Order Still Needs Work


The White House recently circulated the latest draft of thePresident's long-awaited revised Executive Order on theclassification of national security information. The current versionback-pedals on favorable proposed reforms of the classificationsystem, retreating from an earlier proposal that prohibited secrecywhen the "public interest in keeping the information unclassifiedoutweighs the need for classification." Such a standard would permitthe public and the news media to challenge classification decisionsin court. The draft also fails to go far enough in opening thegovernment's civilian cryptographic activities to public scrutiny.

Efforts to revise the current Executive Order (issued by PresidentReagan in 1982) began almost two years ago, soon after the ClintonAdministration assumed office. Several drafts have circulated sincethen, and the issuance of a final revision was anticipated more thana year ago. The Center for National Security Studies, the Federationof American Scientists, the National Security Archive, and EPIC haveall urged the relaxation of classification authority.

EPIC has specifically recommended that classification be removed forcryptographic information. In comments submitted to the InformationSecurity Oversight Office in July 1993, EPIC staff urged removal of"cryptology" from the categories of information presumed to beclassifiable. The statement said that the "designation of a routineprivacy-enhancing technology as presumptively a national securitymatter is inconsistent with the end of the Cold War and the dramaticgrowth of commercial and civilian telecommunications networks. ...
[Cryptographic] technology today plays an essential role in assuringthe security and privacy of a wide range of communications affectingfinance, education, research, and personal correspondence."

The recent Clinton proposal does indeed narrow the government'sclassification authority for "cryptology", although the final ordershould go further. Under the original Reagan Order, "cryptology" wassingled out as a separate and independent category. The recent draftdrops cryptology as an independent category and instead refersgenerally to "intelligence activities (including special operations),
intelligence sources or methods, or cryptology."

This formulation suggests a recognition that information concerningencryption technology should only be classified if it relates tointelligence uses of the technology, as opposed to the increasing useof encryption in civilian applications. The language, however,
leaves open the possibility that the government might still attemptto classify information relating to cryptography. This positiondoes not comport with the overwhelming opinion outside of governmentthat cryptography should never be presumptively classified.

The classification of cryptographic information has already hamperedthe public's ability to monitor the government's activities in thearea of civilian communications security. Information relating tothe Digital Signature Standard (intended for the authentication ofunclassified electronic transmissions) has been withheld fromdisclosure under the Reagan Executive Order. Likewise, keyinformation concerning the Clipper encryption initiative (includingthe underlying Skipjack algorithm) has been classified and placedbeyond public review.

Congress sought to prevent such secrecy when it enacted the ComputerSecurity Act of 1987, which limited the civilian role of the NationalSecurity Agency (NSA). Congress noted that NSA's "natural tendencyto restrict and even deny access to information that it deemsimportant would disqualify that agency from being put in charge ofthe protection of non-national security information." The ClintonAdministration, through further revision of its draft ExecutiveOrder, has an opportunity to build upon the openness andaccountability that Congress envisioned.



[3] Caller ID Blocking Fails in New York


NYNEX has admitted that the personal phone numbers of at least 30,000of its customers who requested per-line blocking of Caller ID havebeen improperly disclosed. The problem resulted from a failure tocorrectly implement the blocking feature. The New York Times reportsthat NYNEX had known of the problem for at least a year before anyaction was taken.

The Rhode Island Public Utilities Commission has ordered NYNEX not toallow customers in that state to order new Caller ID services or perline blocking until the problem is resolved. NYNEX must also run adstelling customers about the problem and provide an 800 number forconsumers to call.

EPIC has received several calls from individuals in New York who havehad their phone numbers disclosed. The individuals work in sensitivejobs and have already received threatening phone calls as a result ofthe disclosures.



[4] Post Office Partially Limits Access to Addresses


The U.S. Postal Service announced on December 28 its final rule onaccess to names and addresses. The agency announced it waseliminating the service that allows anyone to obtain the new addressof any individual for a $3.00 fee. The Postal Service, however, leftintact its service that provides the addresses of all postalcustomers to large mailers such as direct marketers.

The notice states "Congress has not given the Postal Service thefunction of serving as a national registration point for the physicalwhereabouts of individuals."

HR 434, The Postal Privacy Act of 1995, (introduced by Rep. GaryCondit) requires that the Postal Service inform individuals of theuses of information contained in Change of Address cards and mandatesthat customers be offered an option to not have their names andaddresses forwarded.



[5] Clinton Announces National ID Worker Registry


In the annual State of the Union address on January 25, PresidentClinton suggested he would support the creation of a nationalregistry of all citizens and resident aliens. The idea wasrecommended by the U.S. Commission on Immigration Reform and is anattempt to address concerns about immigration control.

The proposal would create a national database of all employees basedon Social Security Numbers. Employers would be required to check thisdatabase before hiring. Civil liberties groups believe that thissystem, once in place, would lead to the development of a national IDcard. The Commission previously proposed the creation of an ID cardbut backed off in the face of public opposition.

Senator Alan Simpson (R-WY) has introduced a bill (S. 269) toimplement the registry. Sen. Barbara Boxer (D-CA) told USA Todaythat Congress was planning to address the issue and that the systemmay be the only way to provide accurate citizenship information andprotect privacy.

Leaders of civil rights and immigration organizations and privacyadvocates attended a meeting at the White House with representativesfrom the Department of Justice, HHS, INS, and the White House todiscuss the implications of the program in early January. Furtherdiscussion is likely.



[6] Correction: EU Directive Still Under Consideration


We reported in EPIC Alert 2.01 that the Council of Ministers hadreached a common position on the closely watched European dataprotection directive. The directive, once adopted, will establishEuropean-wide privacy standards.

We jumped the gun. At the time of the report, the common positionhad not been reached officially, though our sources told us theythought the Council of Ministers had effectively endorsed the finalproposal.

On February 6, Reuters reported that the General Affairs Council wasunable to formally adopt the draft data protection directive earlierthis month due to delays in getting the text translated into the EU'snewest languages -- Swedish and Finnish. The report went on to saythat "The Council was able to agree on the details of the commonposition on the directive, which will now probably be adopted at aCouncil meeting next week."

More news as it happens.



[7] Overview of New Congressional Privacy Legislation Available


EPIC has produced an overview of current privacy legislation in the104th Congress. Bills that improve privacy protections or negativelyaffect privacy are summarized. The summary will be updated regularlyas new legislation is introduced or pending bills are revised. Asummary will appear in the next issue of the EPIC Alert.

Copies of the new bills are available for retrieval from the EPICArchive at cpsr.org. Also included are floor statements on thelegislation when available and updates on the status of the bills.

To obtain the overview and copies of the house and Senate bills,
ftp/gopher/wais to cpsr.org /cpsr/privacy/epic/104th_congress_bills/



[8] Upcoming Privacy Related Conferences and Events


AAAS Annual Meeting & Science Innovation Expo. Atlanta. Feb 16-21. Aspecial full-day session on cryptography and privacy will take placeon Tuesday, Feb. 21. Contact: Alex Fowler 202/326-7016 orafowleraaas.org
Cryptography: Technology, Law and Economics. New York City. Mar. 3,
1995. Sponsored by CITI, Columbia University. Contact:
citiresearch.gsb.columbia.edu
Towards an Electronic Patient Record '95. Orlando, FL. Mar. 14-19,
1995. Sponsored by Medical Records Institute. Contact: 617-964-3926(fax).

Access, Privacy, and Commercialism: When States Gather PersonalInformation. College of William and Mary, Williamsburg, VA, March 17.
Contact: Trotter Hardy 804 221-3826.

Computers, Freedom and Privacy '95. Palo Alto, Ca. Mar. 28-31, 1995.
Sponsored by ACM. Contact: cfp95forsythe.stanford.edu.

ETHICOMP95: An international conference on the ethical issues ofusing Information Technology. DeMontfort University, Leicester,
ENGLAND, March 28-30, 1995. Contact: Simon Rogerson srogdmu.ac.uk44 533 577475 (phone) 44 533 541891 (Fax).

"Quality of Life in the Electronic Village," March 30, 1995. Liveteleconference, broadcast nationally from Virginia Tech, featuringeminent presenters from the fields of ethics, law, education,
anthropology, medicine, and government. Contact 703/231-6476 orchoicesvt.edu.

National Net '95: Reaching Everyone. Washington, DC. Apr. 5-7, 1995.
Sponsored by EDUCOM. Contact: net95educom.edu or call 202/872-4200.

Information Security and Privacy in the Public Sector. Herndon, VA.
Apr. 19-20, 1995. Sponsored by AIC Conferences. Contact:
212/952-1899.

1995 IEEE Symposium on Security and Privacy. Oakland, CA, May 8-10.
Contact: sp95itd.nrl.navy.mil.

INET '95. Honolulu, HI. June 28-30, 1995. Sponsored by the InternetSociety. Contact inet95isoc.org.

Key Players in the Introduction of Information Technology: TheirSocial Responsibility and Professional Training. July 5-6-7, 1995.
Namur, Belgium. Sponsored by CREIS. Contact: nolodccr.jussieu.fr.

Advanced Surveillance Technologies. Sept. 4-5, 1995. Copenhagen,
Denmark. Sponsored by Privacy International and EPIC. Contactpiepic.org.

(Send calendar submissions to Alertepic.org)



The EPIC Alert is a free biweekly publication of the ElectronicPrivacy Information Center. To subscribe, send the message:

SUBSCRIBE CPSR-ANNOUNCE Firstname Lastname
to listservcpsr.org. You may also receive the Alert by reading theUSENET newsgroup comp.org.cpsr.announce.

Back issues are available via FTP/WAIS/Gopher/HTTP from cpsr.org/cpsr/alert and on Compuserve (Go NCSA), Library 2 (EPIC/Ethics). AnHTML version of the current issue is available fromepic.digicash.com/epic


The Electronic Privacy Information Center is a public interestresearch center in Washington, DC. It was established in 1994 tofocus public attention on emerging privacy issues relating to theNational Information Infrastructure, such as the Clipper Chip, theDigital Telephony proposal, medical record privacy, and the sale ofconsumer data. EPIC is sponsored by the Fund for ConstitutionalGovernment and Computer Professionals for Social Responsibility.
EPIC publishes the EPIC Alert and EPIC Reports, pursues Freedom ofInformation Act litigation, and conducts policy research on emergingprivacy issues. For more information, email infoepic.org, WWW atHTTP://epic.digicash.com /epic or write EPIC, 666 Pennsylvania Ave.,
SE, Suite 301, Washington, DC 20003. (202) 544-9240 (tel), (202)
547-5482 (fax).

The Fund for Constitutional Government is a non-profit organizationestablished in 1974 to protect civil liberties and constitutionalrights. Computer Professionals for Social Responsibility is anational membership organization of people concerned about the impactof technology on society. For information contact:
cpsr-infocpsr.org
If you'd like to support the work of the Electronic PrivacyInformation Center, contributions are welcome and fullytax-deductible. Checks should be made out to "The Fund forConstitutional Government" and sent to EPIC, 666 Pennsylvania Ave.,
SE, Suite 301, Washington DC 20003.

Your contributions will help support Freedom of Information Actlitigation, strong and effective advocacy for the right of privacyand efforts to oppose Clipper and Digital Telephony wiretappingproposals.

END EPIC Alert 2.02


WorldLII: Copyright Policy | Disclaimers | Privacy Policy | Feedback
URL: http://www.worldlii.org/int/journals/EPICAlert/1995/2.html