You are here:
EPIC Alert >>
 EPICAlert 2
EPIC Alert 2.02  EPICAlert 2 (6 February 1995)
Volume 2.02 February 6, 1995
Published by the Electronic Privacy Information Center (EPIC)
Washington, DC infoepic.org
Table of Contents
 IRS Backs Off Compliance 2000 Program
 New Secrecy Order Needs Work
 Caller ID Blocking Fails in New York
 Post Office Partially Limits Access to Addresses
 Clinton Announces National ID Registry
 Correction: EU Directive Still Under Consideration
 Overview of New Congressional Privacy Legislation
 Upcoming Conferences and Events
 IRS Backing Off of Compliance 2000 Program
The Internal Revenue Service announced on Friday, January 20, that itwas delaying implementation of the controversial Compliance 2000program
after heated opposition to the proposal from the ElectronicPrivacy Information Center (EPIC) and other privacy advocatesappeared
in over two dozen newspapers across the country. Theproposal also drew sharp criticism from Senator David Pryor. Theplan called
for IRS collection and use of personal information fromcommercial databases. This data would not be subject to therequirements of
the Privacy Act.
IRS officials told the EPIC Alert that the Compliance 2000 noticepublished in the Federal Register was going to be revised in the
nextfew weeks and then reissued. IRS Privacy Advocate Robert Veeder saidthat the notice had been drafted more than a year ago and
that theprogram had been revised substantially since then.
EPIC has filed a Freedom of Information Act request with the IRS,
asking for more information about the types of data that would becollected if Compliance 200 goes forward, the sources of theinformation
and the proposed uses.
 Draft Secrecy Order Still Needs Work
The White House recently circulated the latest draft of thePresident's long-awaited revised Executive Order on theclassification of
national security information. The current versionback-pedals on favorable proposed reforms of the classificationsystem, retreating
from an earlier proposal that prohibited secrecywhen the "public interest in keeping the information unclassifiedoutweighs the need
for classification." Such a standard would permitthe public and the news media to challenge classification decisionsin court. The
draft also fails to go far enough in opening thegovernment's civilian cryptographic activities to public scrutiny.
Efforts to revise the current Executive Order (issued by PresidentReagan in 1982) began almost two years ago, soon after the ClintonAdministration
assumed office. Several drafts have circulated sincethen, and the issuance of a final revision was anticipated more thana year ago.
The Center for National Security Studies, the Federationof American Scientists, the National Security Archive, and EPIC haveall
urged the relaxation of classification authority.
EPIC has specifically recommended that classification be removed forcryptographic information. In comments submitted to the InformationSecurity
Oversight Office in July 1993, EPIC staff urged removal of"cryptology" from the categories of information presumed to beclassifiable.
The statement said that the "designation of a routineprivacy-enhancing technology as presumptively a national securitymatter is
inconsistent with the end of the Cold War and the dramaticgrowth of commercial and civilian telecommunications networks. ...
[Cryptographic] technology today plays an essential role in assuringthe security and privacy of a wide range of communications affectingfinance,
education, research, and personal correspondence."
The recent Clinton proposal does indeed narrow the government'sclassification authority for "cryptology", although the final ordershould
go further. Under the original Reagan Order, "cryptology" wassingled out as a separate and independent category. The recent draftdrops
cryptology as an independent category and instead refersgenerally to "intelligence activities (including special operations),
intelligence sources or methods, or cryptology."
This formulation suggests a recognition that information concerningencryption technology should only be classified if it relates tointelligence
uses of the technology, as opposed to the increasing useof encryption in civilian applications. The language, however,
leaves open the possibility that the government might still attemptto classify information relating to cryptography. This positiondoes
not comport with the overwhelming opinion outside of governmentthat cryptography should never be presumptively classified.
The classification of cryptographic information has already hamperedthe public's ability to monitor the government's activities in
thearea of civilian communications security. Information relating tothe Digital Signature Standard (intended for the authentication
ofunclassified electronic transmissions) has been withheld fromdisclosure under the Reagan Executive Order. Likewise, keyinformation
concerning the Clipper encryption initiative (includingthe underlying Skipjack algorithm) has been classified and placedbeyond public
Congress sought to prevent such secrecy when it enacted the ComputerSecurity Act of 1987, which limited the civilian role of the NationalSecurity
Agency (NSA). Congress noted that NSA's "natural tendencyto restrict and even deny access to information that it deemsimportant
would disqualify that agency from being put in charge ofthe protection of non-national security information." The ClintonAdministration,
through further revision of its draft ExecutiveOrder, has an opportunity to build upon the openness andaccountability that Congress
 Caller ID Blocking Fails in New York
NYNEX has admitted that the personal phone numbers of at least 30,000of its customers who requested per-line blocking of Caller ID
havebeen improperly disclosed. The problem resulted from a failure tocorrectly implement the blocking feature. The New York Times
reportsthat NYNEX had known of the problem for at least a year before anyaction was taken.
The Rhode Island Public Utilities Commission has ordered NYNEX not toallow customers in that state to order new Caller ID services
or perline blocking until the problem is resolved. NYNEX must also run adstelling customers about the problem and provide an 800
number forconsumers to call.
EPIC has received several calls from individuals in New York who havehad their phone numbers disclosed. The individuals work in sensitivejobs
and have already received threatening phone calls as a result ofthe disclosures.
 Post Office Partially Limits Access to Addresses
The U.S. Postal Service announced on December 28 its final rule onaccess to names and addresses. The agency announced it waseliminating
the service that allows anyone to obtain the new addressof any individual for a $3.00 fee. The Postal Service, however, leftintact
its service that provides the addresses of all postalcustomers to large mailers such as direct marketers.
The notice states "Congress has not given the Postal Service thefunction of serving as a national registration point for the physicalwhereabouts
HR 434, The Postal Privacy Act of 1995, (introduced by Rep. GaryCondit) requires that the Postal Service inform individuals of theuses
of information contained in Change of Address cards and mandatesthat customers be offered an option to not have their names andaddresses
 Clinton Announces National ID Worker Registry
In the annual State of the Union address on January 25, PresidentClinton suggested he would support the creation of a nationalregistry
of all citizens and resident aliens. The idea wasrecommended by the U.S. Commission on Immigration Reform and is anattempt to address
concerns about immigration control.
The proposal would create a national database of all employees basedon Social Security Numbers. Employers would be required to check
thisdatabase before hiring. Civil liberties groups believe that thissystem, once in place, would lead to the development of a national
IDcard. The Commission previously proposed the creation of an ID cardbut backed off in the face of public opposition.
Senator Alan Simpson (R-WY) has introduced a bill (S. 269) toimplement the registry. Sen. Barbara Boxer (D-CA) told USA Todaythat
Congress was planning to address the issue and that the systemmay be the only way to provide accurate citizenship information andprotect
Leaders of civil rights and immigration organizations and privacyadvocates attended a meeting at the White House with representativesfrom
the Department of Justice, HHS, INS, and the White House todiscuss the implications of the program in early January. Furtherdiscussion
 Correction: EU Directive Still Under Consideration
We reported in EPIC Alert 2.01 that the Council of Ministers hadreached a common position on the closely watched European dataprotection
directive. The directive, once adopted, will establishEuropean-wide privacy standards.
We jumped the gun. At the time of the report, the common positionhad not been reached officially, though our sources told us theythought
the Council of Ministers had effectively endorsed the finalproposal.
On February 6, Reuters reported that the General Affairs Council wasunable to formally adopt the draft data protection directive
earlierthis month due to delays in getting the text translated into the EU'snewest languages -- Swedish and Finnish. The report
went on to saythat "The Council was able to agree on the details of the commonposition on the directive, which will now probably
be adopted at aCouncil meeting next week."
More news as it happens.
 Overview of New Congressional Privacy Legislation Available
EPIC has produced an overview of current privacy legislation in the104th Congress. Bills that improve privacy protections or negativelyaffect
privacy are summarized. The summary will be updated regularlyas new legislation is introduced or pending bills are revised. Asummary
will appear in the next issue of the EPIC Alert.
Copies of the new bills are available for retrieval from the EPICArchive at cpsr.org. Also included are floor statements on thelegislation
when available and updates on the status of the bills.
To obtain the overview and copies of the house and Senate bills,
ftp/gopher/wais to cpsr.org /cpsr/privacy/epic/104th_congress_bills/
 Upcoming Privacy Related Conferences and Events
AAAS Annual Meeting & Science Innovation Expo. Atlanta. Feb 16-21. Aspecial full-day session on cryptography and privacy will take
placeon Tuesday, Feb. 21. Contact: Alex Fowler 202/326-7016 orafowleraaas.org
Cryptography: Technology, Law and Economics. New York City. Mar. 3,
1995. Sponsored by CITI, Columbia University. Contact:
Towards an Electronic Patient Record '95. Orlando, FL. Mar. 14-19,
1995. Sponsored by Medical Records Institute. Contact: 617-964-3926(fax).
Access, Privacy, and Commercialism: When States Gather PersonalInformation. College of William and Mary, Williamsburg, VA, March
Contact: Trotter Hardy 804 221-3826.
Computers, Freedom and Privacy '95. Palo Alto, Ca. Mar. 28-31, 1995.
Sponsored by ACM. Contact: cfp95forsythe.stanford.edu.
ETHICOMP95: An international conference on the ethical issues ofusing Information Technology. DeMontfort University, Leicester,
ENGLAND, March 28-30, 1995. Contact: Simon Rogerson srogdmu.ac.uk44 533 577475 (phone) 44 533 541891 (Fax).
"Quality of Life in the Electronic Village," March 30, 1995. Liveteleconference, broadcast nationally from Virginia Tech, featuringeminent
presenters from the fields of ethics, law, education,
anthropology, medicine, and government. Contact 703/231-6476 orchoicesvt.edu.
National Net '95: Reaching Everyone. Washington, DC. Apr. 5-7, 1995.
Sponsored by EDUCOM. Contact: net95educom.edu or call 202/872-4200.
Information Security and Privacy in the Public Sector. Herndon, VA.
Apr. 19-20, 1995. Sponsored by AIC Conferences. Contact:
1995 IEEE Symposium on Security and Privacy. Oakland, CA, May 8-10.
INET '95. Honolulu, HI. June 28-30, 1995. Sponsored by the InternetSociety. Contact inet95isoc.org.
Key Players in the Introduction of Information Technology: TheirSocial Responsibility and Professional Training. July 5-6-7, 1995.
Namur, Belgium. Sponsored by CREIS. Contact: nolodccr.jussieu.fr.
Advanced Surveillance Technologies. Sept. 4-5, 1995. Copenhagen,
Denmark. Sponsored by Privacy International and EPIC. Contactpiepic.org.
(Send calendar submissions to Alertepic.org)
The EPIC Alert is a free biweekly publication of the ElectronicPrivacy Information Center. To subscribe, send the message:
SUBSCRIBE CPSR-ANNOUNCE Firstname Lastname
to listservcpsr.org. You may also receive the Alert by reading theUSENET newsgroup comp.org.cpsr.announce.
Back issues are available via FTP/WAIS/Gopher/HTTP from cpsr.org/cpsr/alert and on Compuserve (Go NCSA), Library 2 (EPIC/Ethics).
AnHTML version of the current issue is available fromepic.digicash.com/epic
The Electronic Privacy Information Center is a public interestresearch center in Washington, DC. It was established in 1994 tofocus
public attention on emerging privacy issues relating to theNational Information Infrastructure, such as the Clipper Chip, theDigital
Telephony proposal, medical record privacy, and the sale ofconsumer data. EPIC is sponsored by the Fund for ConstitutionalGovernment
and Computer Professionals for Social Responsibility.
EPIC publishes the EPIC Alert and EPIC Reports, pursues Freedom ofInformation Act litigation, and conducts policy research on emergingprivacy
issues. For more information, email infoepic.org, WWW atHTTP://epic.digicash.com /epic or write EPIC, 666 Pennsylvania Ave.,
SE, Suite 301, Washington, DC 20003. (202) 544-9240 (tel), (202)
The Fund for Constitutional Government is a non-profit organizationestablished in 1974 to protect civil liberties and constitutionalrights.
Computer Professionals for Social Responsibility is anational membership organization of people concerned about the impactof technology
on society. For information contact:
If you'd like to support the work of the Electronic PrivacyInformation Center, contributions are welcome and fullytax-deductible.
Checks should be made out to "The Fund forConstitutional Government" and sent to EPIC, 666 Pennsylvania Ave.,
SE, Suite 301, Washington DC 20003.
Your contributions will help support Freedom of Information Actlitigation, strong and effective advocacy for the right of privacyand
efforts to oppose Clipper and Digital Telephony wiretappingproposals.
END EPIC Alert 2.02