WorldLII Home | Databases | WorldLII | Search | Feedback

EPIC Alert

You are here:  WorldLII >> Databases >> EPIC Alert >> 1995 >> [1995] EPICAlert 3

Database Search | Name Search | Recent Alerts | Noteup | LawCite | Help

EPIC Alert 2.03 [1995] EPICAlert 3 (24 February 1995)


EPIC ALERT




Volume 2.03 February 24, 1995

Published by the Electronic Privacy Information Center (EPIC)
Washington, DC infoepic.org

Table of Contents



[1] EPIC Calls for Crypto Reform at G-7 Meeting
[2] USA Privacy Position at G-7 (and EPIC Proposal)

[3] House Votes to Allow Illegal Evidence
[4] Network Censorship Bill Introduced
[5] Court Rules National Security Council Not Exempt from FOIA
[6] Activist Files Suit To Overturn Crypto Export Controls
[7] Wiretap Watch: Freeh on Crypto
[8] Privacy Legislation in the 104th Congress
[9] Upcoming Conferences and Events


[1] EPIC Calls for Crypto Reform at G-7 Meeting


PRESS RELEASE
For Release: Saturday, February 25, 1995, 1300 GMT+1 (Brussels)

Contact: Marc Rotenberg, +32 2 542 42 42, rotenbergepic.org (Brussels)
Dave Banisar, +1 202 544 9240, banisarepic.org
(Washington, DC)
Simon Davies, +44 81 402 0737, daviesprivint.demon.co.uk (London)

EPIC Calls for Change in USA Crypto Policy at G-7 Meeting in Brussels
BRUSSELS
-- The widely publicized Internet break-in last weekunderscores the need for the United States to revise current policieson cryptography and privacy, according to a leading USA privacyorganization. The group contends that as long as computer users arediscouraged from using robust methods for privacy and security, therisks to future travelers on the information highway will continue togrow.

The Electronic Privacy Information Center (EPIC), based inWashington, DC, urged the United States to change policies thatrestrict the open exchange of scientific and technical information.
These policies inhibit the development of new techniques for privacyprotection. In a statement released today at the G-7 meeting here inBrussels, EPIC recommended that the USA:

o Relax export controls and permit the free flow of encryptiontechnology across national borders. The Export Administration Actunnecessarily inhibits the exchange of techniques for privacy andslows development of important tools for network users.

o Withdraw the Escrow Encryption Standard popularly known as"Clipper." Private industry, the technical community, and the publicoppose the adoption of Clipper. The deployment of Clipper-basedschemes in the federal government should be halted.

o Remove "cryptology" from the items that may be classifiedunder USA Executive Order. The classification of cryptology hasfrustrated open government, permitted the development of sub-optimalstandards, and slowed technological innovation.

o Not fund the USA National Wiretap Plan. The ill-consideredproposal to mandate the development and use of technologies for thesurveillance of the nation's telecommunications systems calls for theexpenditure of $500 million over the next four years. Given thelikelihood that this program will increase Internet vulnerabilities,
all funding should be terminated.

According to EPIC, unless the United States acts quickly tocorrect these policies, the Global Information Infrastructure willremain vulnerable to future attacks. EPIC also recommended theestablishment of a privacy agency to address growing public concernabout the inadequacy of privacy protection in the United States.

Simon Davies, Director General of Privacy Internationalspeaking from London, said "We endorse the EPIC recommendations. Usersof the Global Information Infrastructure must be allowed to use themost secure privacy technologies available."



[2] USA Privacy Position at G-7 (and EPIC Proposal)


The following recommended actions for privacy are taken from the WhiteHouse document "Global Information Infrastructure: Agenda forCooperation" (version 1.0). The US government will distribute thisreport at the G-7 meeting in Brussels.

EPIC's recommended actions on GII privacy follow.



PRIVACY PROTECTION [USA GII document]

In order to foster consumer confidence in the GII and to encourage thegrowth of interconnected global networks, users must feel that theyare afforded adequate privacy protection. To this end, the UnitedStates will join with other governments to:

o Identify key privacy issues that need to be addressed in relation to the development of national and global information infrastructures;

o Work with both the public and private sectors to achieve consensus on a set of fair information principles for the collection, transfer, storage, and subsequent use of data over national and global information infrastructures;

o Ensure that privacy protection does not unduly impede the free flow of information across national borders;

o Share information on new privacy protection policy developments and on new technologies and standards for privacy protection; and
o Encourage the use of voluntary guidelines developed by international bodies, such as the OECD, as the best means of ensuring the protection of privacy on an international basis.



PRIVACY PROTECTION [EPIC GII proposal]

The GII cannot achieve its promise if users, citizens, and consumersare not guaranteed adequate protection of their personal privacyrights. To achieve this protection, the United States will join withother governments to:

o Cooperate in national, bilateral, regional and international fora to achieve high levels of privacy protection and technical protection in order to guarantee to individuals the technical and legal means to control the use of their personal data over the GII;

o Ensure that Fair Information Practices provide users and potential users of the GII maximum protection in the use of personal information, and eliminate compelled disclosure of personal data;

o Provide effective enforcement against the unauthorized use of personal information (misuse), including severe legal penalties and vigilant monitoring. Enforcement is particularly critical as technological innovations jeopardize the existing ability of individuals to protect their personal information;

o Encourage the development and use of technological capabilities and safeguards, such as digital cash, anonymous servers, electronic debit cards, and encryption methods to complement existing privacy management techniques and prevent misuse at all levels. Cooperative efforts to develop testbeds, define standards, and construct infrastructure components for these safeguards should be encouraged, as should measures to prevent or render illegal the use of devices to overcome these safeguards; and
o Work in collaboration with privacy organizations, technical
experts, and others towards greater efforts to educate GII users
about the importance of privacy protection.



[3] House Votes to Allow Illegal Evidence


The House of Representatives voted on Feb. 8 to allow evidenceobtained in violation of the 4th Amendment or federal law to beadmissible in court if it was the product of an "objectivelyreasonable search or seizure." This revision in the law places alarge loophole in the "exclusionary rule," which currently providesthe only workable sanction for violations of the law by policeinvestigators.

At hearings on the legislation, the American Bar Association,
represented by a Wisconsin state prosecutor strongly opposed to thebill, argued that it will increase illegal warrentless searches anddecrease police professionalism.

An effort by Rep. Melvin Watt (D-NC) to replace the text of the billwith the text of the 4th Amendment was defeated. The bill was amendedto prohibit illegal evidence obtained by the BATF and the IRS frombeing used, but other federal agencies such as the FBI and SecretService would be granted unprecedented leeway in the conduct of theirinvestigations. The final bill passed 289-142.

The bill has now been sent to the Senate Judiciary Committee. S. 3,
the Senate Republican crime bill, also contains a similar provision. Acopy of the bill and the Congressional Record debate is available atcpsr.org /cpsr/privacy/epic/104th_congress_bills/



[4] Network Censorship Bill Introduced


Senator James Exon (D-NE) has introduced the "Communications DecencyAct of 1995" intending to regulate a variety of communications on theInternet. The bill has met with fierce opposition from Internet usersacross the country.

The bill attempts to restrict all sexually oriented communications onelectronic networks. Many commentators believe the proposal willinfringe on free speech and privacy rights and will be unworkable.

The legislation would penalize anyone who "makes, transmits, orotherwise makes available any comment, request, suggestion, proposal,
image, or other communication" that is "obscene, lewd, lascivious,
filthy, or indecent." If the bill is enacted, anyone who providescommunications service will be liable for the content of thetransmissions of all of its users. This could include the entireUSENET system, email routing systems, long distance carriers, localarea network providers, PBX operators and more. The ElectronicMessaging Association suggests that the only way to ensure that noliability will result is to have system operators monitor allcommunications. The bill may also discourage encrypted communicationsby forcing providers who are concerned about liability to prohibitcommunications that they cannot decode.

The legislation would also make it a federal crime to transmit anyanonymous communications with the intent to harass. This could havethe effect of forcing telecommunication providers (including onlineservices and universities) to prohibit anonymous postings because ofthe chance that a harassing message may be posted.

The bill was introduced last year by Senator Exon and added to thetelecommunications reform legislation that died in the waning days ofthe 103rd Congress. Senator Exon has said that he would like toattach the bill to this year's telecomm reform bill in the next fewmonths.

EPIC director Marc Rotenberg debated Senator Exon about the proposallast week on CNN. The Senator conceded that there were problems withthe bill and said that he would meet with Mr. Rotenberg and others tosee if these problems could be fixed.

Voters Telecom Watch is coordinating a campaign to oppose the Exonbill. The ACLU and EFF are also actively opposing this bill.

For more information URL: gopher://gopher.panix.com/11/vtw/exon oremail vtwvtw.org. Also try gopher://aclu.org:6601 or emailinfoacluaclu.org.



[5] Court Rules National Security Council Not Exempt from FOIA


U.S. District Judge Charles Richey ruled on February 14 that theNational Security Council (NSC) is an "agency" and therefore subjectto the public disclosure provisions of the Freedom of Information Act(FOIA). The decision came in a long-pending lawsuit concerning thestatus of White House e-mail messages dating back to the Reaganadministration. For many years, the NSC had acknowledged its "agency"
status and responded to requests submitted under the FOIA. The Clintonadministration ended that practice and argued in several lawsuits thatthe NSC was not subject to the Act.

In a lengthy opinion, Judge Richey rejected the administration'sposition, finding that the National Security Council "exercisesauthority independently of the President" (the legal test for "agency"
status). The Judge noted that, among other things, "the NSC plays arole in Telecommunications independent of the President. ... By virtueof a 1990 Directive, an NSC committee is responsible for federalpolicies with respect to the security of telecommunications systems."
The cited directive (NSD 42) was released to EPIC staff throughlitigation against the NSC in 1992.

The recent decision clears the way for resumed proceedings in ComputerProfessionals for Social Responsibility v. National Security Agency,
et al., in which EPIC staff is challenging the withholding of keydocuments concerning the Clipper Chip. Proceedings in the case weresuspended pending resolution of the National Security Council's status
-- the NSC is a co-defendant in the Clipper case and played a leadingrole in the development of the government's key-escrow encryptioninitiative. According to EPIC Legal Counsel David Sobel, "NSCdocuments are crucial to public understanding of government encryptionpolicy. The court's rejection of the administration's position isextremely significant and will greatly enhance oversight in thisarea."



[6] Activist Files Suit to Overturn Export Controls


A graduate student in mathematics at the University of California atBerkeley has filed suit in federal court seeking to invalidategovernment restrictions on the export of encryption technology. Theplaintiff, Daniel Bernstein, developed "The Snuffle Encryption System"
and was subsequently advised by the State Department that an exportlicense was required under the International Traffic in ArmsRegulations (ITAR). In September 1993, Bernstein appealed thatdetermination and, to date, has not received a response from the StateDepartment. Critics have long maintained that the ITAR processinhibits the development and dissemination of privacy-enhancingencryption technology.

Bernstein alleges in his lawsuit that his "scientific paper, algorithmand computer program are speech protected by the First Amendment tothe United States Constitution." The suit further alleges that "Thestatutes, regulations, policies and conduct of Defendants cause achilling effect on the exercise of First Amendment rights to speak, topublish, to engage in academic inquiry and study and to receive itemsfrom Plaintiff and other persons similarly situated, preventingimportant matters of concern to mathematicians, scientists, thecommercial community, and the public from being openly discussed."
Named as defendants are the State Department, Defense Department,
Commerce Department, National Security Agency and several officials ofthose agencies. A San Mateo attorney has taken the case on a pro bonobasis. The Electronic Frontier Foundation is paying for somelitigation-related expenses.



[7] Wiretap Watch: Freeh Sets Stage for Future Restrictions


"Powerful encryption threatens to make worthless the access assured bythe new digital [telephony] law."

-- FBI Director Louis Freeh, February 14,
1995, before the Senate Judiciary Committee.

EXCERPT FROM THE BUDGET OF THE UNITED STATES, FY 1996:

-- Federal Bureau of Investigation (p. 642)

Telephone Carrier Compliance
"The Communications Assistance for Law Enforcement Act of 1994authorizes the Attorney General to pay telecommunications carriers forcosts directly associated with modifying equipment to performcourt-authorized wiretap. Activities eligible for reimbursementinclude modifications performed by carriers in connection withequipment, facilities, and services installed or deployed to complywith the Act. In particular, telecommunications carriers are requiredto expeditiously isolate and enable intercept of all wire andelectronic communications, provide access to call-identifyinginformation that is reasonably available to the carrier, deliver theintercepts and call-identifying information to the government, andprovide these services unobtrusively so as to minimize interference tosubscriber services."

"The program, administered by the Federal Bureau ofInvestigation, is funded through a surcharge of approximately 30%
imposed on civil monetary penalties and criminal fines. For 1996, theFederal Bureau of Investigation will use $100 million in increasedfines and penalties to finances the telephone carrier compliance."



[8] Privacy Legislation in the 104th Congress


-- Compiled by the Electronic Privacy Information Center --

An updated version of this document, the text of the bills, and otherlegislative materials are available from cpsr.org/cpsr/privacy/epic/104th_congress_bills/

-- House Bills --

Taking Back Our Streets Act of 1995 (HR 3). Introduced by Rep.
McCollum. Republician Crime Bill. Includes provision tosubstantially limit judicial sanctions for illegal searches(exclusionary rule). Referred to Committee on the Judiciary. Split into seperate bills (see HR 666).

FBI Counterintelligence Act of 1995 (HR 68). Introduced by Rep.
Bereuter. Authorizes easier access to credit reports by FBI for"national security purposes." Referred to Committee on Banking andFinancial Services.

Quality Assurance in Drug Testing Act (HR 153). Introduced by Rep.
Solomon. Prohibits random drug tests, requires that employers haveexplicit written policies and education and use certified labratories.
Referred to Committee on Commerce.

Individual Privacy Protection Act of 1995 (HR 184). Introduced by Rep.
Collins. Creates national Privacy Commission with authority tooversee enforcement of Privacy Act. Referred to Committee onGovernment Reform and Oversight.

Interstate Child Support Enforcement Act (HR 195). Introduced by Rep.
Roukema. Extends access to federal, state, local and commericaldatabases for purposes of enforcing child support. Increases use ofSocial Security Numbers. Creates database of new hires. Referred toCommittee on Ways and Means and three other committees.

Antitrust Reform Act of 1995 (HR 411). Introduced by Rep. Dingell.
Telecommunications reform bill. Includes section ordering FCC toconduct privacy survey of new technologies and places limits on use ofCustomer Propriety Number Information (CPNI). Referred to Committeeon Commerce.

Postal Privacy Act of 1995 (HR 434). Introduced by Rep. Condit.
Prohibits Post Office from selling personal information to directmarketers. Referred to Committee on Government Reform and Oversight.

Fair Health Information Practices Act of 1995 (HR 435). Introduced byRep. Condit. Health care privacy bill. Sets limits on access, useand dissemination of personal medical information. Referred toCommittee on Commerce and two other committees.

Social Security Account Number Anti-Fraud Act (HR 502). Introduced byRep. Calvert. Amends the Social Security Act to require the Secretaryof Health and Human Services to establish a program to verify employeesocial security information, and to require employers to use theprogram using an 800 number to verify employees. Referred toCommittee on Ways and Means.

Immigration Reform Act of 1995 (HR 560). Introduced by Rep. Gallegly.
Requires introduction of new tamperproof ID cards for immigrants.
Referred to the Committee on the Judiciary.

Consumer Reporting Reform Act of 1995 (HR 561). Introduced by Rep.
Gonzales. Updates 1970 Fair Credit Reporting Act to require betteraccuracy, less expensive credit reports, limit use of credit recordsfor direct marketing and prohibit most uses of reports by employers.
Referred to the Committee on Banking and Financial Services.

Act to Enforce Employer Sanctions Law (HR 570). Introduced by Rep.
Beilenson. Requires issuance of new Social Security card which is"counterfeit-resistant ... contains fingerprint identification,
barcode validation, a photograph, or some other identifiable feature."
Card will be sole identification allowed for work authorization.
Referred to Committee on Ways and Means and Judiciary Committee.

Exclusionary Rule Reform Act of 1995 (HR 666). Introduced by Rep.
McCollum. Allows introduction of evidence obtained by illegal searchor seizure that violates 4th Amendment, statute or rule of procedureif "objective belief" that search or seizure legal. Does not apply toIRS or BATF. Rejected amendment by Rep. Watt (D-NC) to replacelanguage with that of 4th Amendment. Passed by House Feb. 8, 1995.

Criminal Alien Deportation Improvements Act of 1995 (HR 668).
Introduced by Rep. Smith. Authorizes wiretaps for investigations ofllegal immigration. Passed by House Feb 10. Referred to SenateJudiciary Committee.

Illegal Immigration Control Act of 1995 (HR 756). Introduced by Rep.
Hunter. Authorizes Wiretaps for investigations of illegal immigrationand false identification. Requires issuance of "enhanced," machinereadable Social Security cards to all citizens and resident aliens byyear 2000 that will include photo and SSN. Orders Attorney General tocreate databases for verification. Referred to Committee on Judiciary.

Child Support Responsibility Act of 1995 (HR 785). Introduced by Rep.
Johnson. Makes SSN of parents public record by requiring their use onbirth cirtificates and marriage liscenses. Referred to Committee onWays and Means.

Paperwork Reducation Act of 1995 (HR 830). See S. 244 below.
Controversal provision to benefit West Publishing limiting access topublic records removed after Internet campaign by TAP. Passed byHouse Feb. 22 (418-0). House Report 104-37.

Communications Decency Act of 1995 (HR 1004). Introduced by Rep.
Johnson. Same as Exon bill (see S. 314 below). Referred to Commerceand Judiciary Committees.

-- Senate Bills --

Violent Crime Control and Law Enforcement Improvement Act of 1995 (S.
3). Senate Republician Crime Bill. Introduced by Sen. Dole. Includesprovision to substantially limit judicial sanctions for illegalsearches (exclusionary rule). Allows wiretapping for immigration anduse of false documents, allows participation of foreign governments indomestic wiretapping and disclosure of info to foreign law enforcementagencies. Referred to Committee on the Judiciary.

Family Health Insurance Protection Act (S. 7). Introduced by Sen.
Daschle. Democratic health care bill. Sets national standards fortransfer and privacy of medical records. Referred to Committee onFinance.

Exclusionary Rule Limitation Act of 1995 (S. 54). Introduced by Sen.
Thurmond. (See HR 666 above).

Paperwork Reduction Act of 1995 (S. 244). Introduced by Sen. Nunn.
Renews 1980 Paperwork Reduction Act. Establishes OMB as controller ofinformation policy in government. Sets standards for collection, useand protection of statistical information. Referred to Committee onGovernment Affairs. Approved by committee Feb. 14.

Immigrant Control and Financial Responsibility Act of 1995 (S. 269).
Introduced by Sens. Dole and Simpson. Creates national registry forworkplace verification. Increases use of wiretaps for immigrationpurposes. Referred to the Committee on the Judiciary.

Communications Decency Act of 1995 (S. 314). Introduced by Sen. Exon.
Revises Communications Act to make transmittal of sexually orientedcommunications a crime. Makes anonymous communications that are"annoying" a crime. Referred to Committee on Commerce, Science andTransportation.

Interstate Child Support Responsibility Act of 1995 (S. 456).
Introduced by Sen. Bradley. Creates databank of new hires. Allowsdatamatching with SSA for verification. Increases use of SSN.
Referred to Committee on Finance.



[9] Upcoming Privacy Related Conferences and Events


Cryptography: Technology, Law and Economics. New York City. March 3,
1995. Sponsored by CITI, Columbia University. Speakers include StuartHaber (Surety), Matt Blaze (Bell Labs), John Kasden (Columbia LawSchool), Stewart Baker (Steptoe and Johnson) and David Sobel (EPIC).
Contact: citiresearch.gsb.columbia.edu
Towards an Electronic Patient Record '95. Orlando, FL. Mar. 14-19,
1995. Sponsored by Medical Records Institute. Contact: 617/964-3926(fax).

Access, Privacy, and Commercialism: When States Gather PersonalInformation. College of William and Mary, Williamsburg, VA, March 17.
Contact: Trotter Hardy 804/221-3826.

The Digital Libraries in Our Future. Washington, DC. March 17, 1995.
Sponsored by the Annenberg Washington Program. Speakers include ToniCarbo Bearman (Pittsburgh University), Cynthia Braddon (McGraw-Hill),
and Paul Peters (CNI). Contact: Michael R. Beschloss 202/393-7100.

Computers, Freedom and Privacy '95. Burlingame, CA. Mar. 28-31, 1995.
Sponsored by Stanford and ACM. Speakers include John Morgridge(Cisco), Esther Dyson (Rel 1.0), Roger Wilkins (George MasonUniversity), Margaret Jane Radin (Stanford Law School), and Willis H.
Ware (Rand). Contact: cfp95forsythe.stanford.edu.

ETHICOMP95: An international conference on the ethical issues ofusing Information Technology. DeMontfort University, Leicester,
ENGLAND, March 28-30, 1995. Speakers include Simon Davies (PrivacyInternational) Contact: Simon Rogerson srogdmu.ac.uk 44 533 577475(phone) 44 533 541891 (Fax).

"Quality of Life in the Electronic Village," March 30, 1995. Liveteleconference, broadcast nationally from Virginia Tech, featuringeminent presenters from the fields of ethics, law, education,
anthropology, medicine, and government. Contact 703/231-6476 orchoicesvt.edu.

National Net '95: Reaching Everyone. Washington, DC. Apr. 5-7, 1995.
Sponsored by EDUCOM. Contact: net95educom.edu or call 202/872-4200.

Information Security and Privacy in the Public Sector. Hyatt Dulles,
VA. Apr. 19-20, 1995. Sponsored by AIC Conferences. Speakers includeJoan Winston (OTA), Lynn McNulty (NIST), Marc Rotenberg (EPIC),
Dorothy Denning (George Washington University), David Banisar (EPIC)
and Jim Bidzos (RSA). Contact: Scott Kessler 212/952-1899 x308
1995 IEEE Symposium on Security and Privacy. Oakland, CA, May 8-10.
Contact: sp95itd.nrl.navy.mil.

INET '95. Honolulu, HI. June 28-30, 1995. Sponsored by the InternetSociety. Contact inet95isoc.org.

Key Players in the Introduction of Information Technology: TheirSocial Responsibility and Professional Training. July 5-6-7, 1995.
Namur, Belgium. Sponsored by CREIS. Contact: nolodccr.jussieu.fr.

Advanced Surveillance Technologies. Sept. 4-5, 1995. Copenhagen,
Denmark. Sponsored by Privacy International and EPIC. Contactpiepic.org.

(Send calendar submissions to Alertepic.org)



The EPIC Alert is a free biweekly publication of the ElectronicPrivacy Information Center. To subscribe, send the message:

SUBSCRIBE CPSR-ANNOUNCE Firstname Lastname
to listservcpsr.org. You may also receive the Alert by reading theUSENET newsgroup comp.org.cpsr.announce.

Back issues are available via FTP/WAIS/Gopher/HTTP from cpsr.org/cpsr/alert and on Compuserve (Go NCSA), Library 2 (EPIC/Ethics). AnHTML version of the current issue is available fromepic.digicash.com/epic


The Electronic Privacy Information Center is a public interestresearch center in Washington, DC. It was established in 1994 tofocus public attention on emerging privacy issues relating to theNational Information Infrastructure, such as the Clipper Chip, theDigital Telephony proposal, medical record privacy, national idsystems and the sale of consumer data. EPIC is sponsored by the Fundfor Constitutional Government and Computer Professionals for SocialResponsibility. EPIC publishes the EPIC Alert and EPIC Reports,
pursues Freedom of Information Act litigation, and conducts policyresearch on emerging privacy issues. For more information, emailinfoepic.org, WWW at HTTP://epic.digicash.com /epic or write EPIC,
666 Pennsylvania Ave., SE, Suite 301, Washington, DC 20003. (202)
544-9240 (tel), (202) 547-5482 (fax).

The Fund for Constitutional Government is a non-profit organizationestablished in 1974 to protect civil liberties and constitutionalrights. Computer Professionals for Social Responsibility is anational membership organization of people concerned about the impactof technology on society. For information contact: cpsr-infocpsr.org
If you'd like to support the work of the Electronic PrivacyInformation Center, contributions are welcome and fullytax-deductible. Checks should be made out to "The Fund forConstitutional Government" and sent to EPIC, 666 Pennsylvania Ave.,
SE, Suite 301, Washington DC 20003.

Your contributions will help support Freedom of Information Actlitigation, strong and effective advocacy for the right of privacy andefforts to oppose Clipper and Digital Telephony wiretapping proposals.

END EPIC Alert 2.03


WorldLII: Copyright Policy | Disclaimers | Privacy Policy | Feedback
URL: http://www.worldlii.org/int/journals/EPICAlert/1995/3.html