You are here:
EPIC Alert >>
 EPICAlert 11
EPIC Alert 3.11  EPICAlert 11 (29 May 1996)
Volume 3.11 May 29, 1996
Published by the
Electronic Privacy Information Center
Table of Contents
 Children's Privacy Bill Introduced
 Recent Problems in Direct Marketing Industry
 New Medical Privacy Bill Introduced
 Canadian NII Panel Calls for Privacy Law
 Supreme Court Rejects California Caller ID Case
 NRC to Release Crypto Report
 FTC To Examine Privacy Issues
 Upcoming Conferences and Events
On May 22, 1996, Representative Bob Franks (R-NJ) and Senator DianneFeinstein (D-CA) introduced the Children's Privacy Protection
andParental Empowerment Act (HR 3508, S. not yet available). The billestablishes fair information practices for personal information
aboutkids and is intended to curb recent abuses by the direct marketingindustry.
At a Capitol Hill press conference, Representative Franks said"commercial list companies are using that information to develop anelaborate
data base on virtually every child in America. They'regathering children's complete names, ages, addresses and phone numbers
-- and often even their personal likes and dislikes."
As with other privacy laws in the United States, the CPPPEA focuses ona particular industry sector, in this case list brokers who
collectand sell personal information on children. The Children's PrivacyProtection and Parental Empowerment Act would:
-- Prohibit the sale or purchase of personal information about children without parental consent;
-- Require list brokers and solicitors to disclose to parents,
upon request, the source and content of personal information on file about their children;
-- Require list brokers to disclose to parents, upon request, the names of persons or entities to whom they have distributed
personal information on that parent's child;
-- Prohibit prisoners and convicted sex criminals from processing the personal information of children;
-- Prohibit any exchange of children's personal information that one has a reason to believe will be used to harm or abuse a
-- Preserve all common law privileges, and statutory and Constitutional privacy rights; and
-- Establish civil remedies and criminal penalties for violations of the Act.
More information about the CPPPEA is available at:
The Children's Privacy bill grows out of reports on recent abuses inthe marketing industry. In one case, a news reporter for KCBS-TV
inLos Angeles ordered a list of the names, addresses and phone numbersof 5,000 Los Angeles children from the nation's largest distributor
oflists, Metromail. It placed the order in the name of Richard AllenDavis, the man currently on trial for kidnapping 12-year-old
PollyKlaas from her Sausalito home and murdering her. After providing afake name, mailing address and a disconnected phone number,
the listarrived the next day. The cost -- just $277, cash on delivery.
In another case, the direct marketing firm Metromail faces a classaction suit in Texas where the company used prison inmates to processpersonal
data gathered from consumers. Beverly Dennis, a 47-year-oldOhio woman, received threatening and highly offensive telephone callsfrom
a convicted sex offender. Dennis v. Metromail Corporation, TexasDistrict Court, No. 96-04451, April 18, 1996).
A report from the Center for Media Education also found that onedata-gathering company adds 67,000 children's names each week. Otherfirms
sell segmented lists on grade school children and pre-schoolchildren.
Opinion polls also reveal strong public opposition to the unregulatedsale of personal data:
-- A 1991 Time/CNN poll found that 93% of American consumers believe "companies that sell information to others should be required
by law to ask permission from individuals before making the information available;"
-- In the same poll, 90% said that "companies that collect and sell personal information should be prohibited by law from selling
information about household income," and 68% said that companies "should be prohibited by law from selling information about
It is not hard to guess what the poll numbers would say about the saleof data on children.
In a related matter, Ram Avrahami's case is scheduled to be heard by aVirginia judge on June 6. For more information on the case,
On May 16, 1996, Rep. Jim McDermott (D-WA) introduced the "MedicalPrivacy in the Age of New Technology Act of 1996." The bill isdesigned
to "ensure strong protections for the confidentiality ofpatient health care information and take into account the threats toprivacy
created by emerging technologies and the computerization ofmedical records."
The new bill covers all types of medical information including geneticinformation. It requires informed consent before a patient's
personalinformation can be transferred to any other party, except in verylimited circumstances. Patients would be allowed to examine
andcorrect their records. Guidelines are set to ensure the security ofrecords. Unlike previously introduced legislation, S. 1360,
under thenew bill states are not prevented from enacting stronger laws.
The bill was introduced after the House of Representatives approved abill providing for "administrative simplification" of medical
(See EPIC Alert 3.08, "House Passes Health Care Bill") and the Senatedebated S. 1360, introduced by Senator Bennett. The new bill
providesfor a much higher level of privacy protection than either of those twomeasures.
The bill has been embraced by consumer groups such as the Coalitionfor Patient Rights, which describes it as the strongest medicalprivacy
bill introduced to date. It was referred to the CommerceCommittee for review.
More information on the McDermott bill and medical privacy isavailable at:
A report from the Canadian Information Highway Advisory Counsel (IHAC)
calls for the establishment of legal standards to protect privacy onthe information highway. The report, "Building the InformationSociety:
Moving Canada into the 21st Century," states that "the rightto privacy must be recognized in law, especially in an electronicworld
of private databases where it is all too easy to collect andexploit information about individual citizens."
The report follows a lengthy consultation process that began in 1994with the early policy development for the Canadian InformationInfrastructure
(See EPIC Alert 1.07, "Canadian Gov't ReleasesDiscussion Paper on NII Privacy").
The IHAC recommends building on a standard developed by the CanadianStandards Association that has won praise from privacy advocates,
consumer groups, business and the health care industry. The CSA ModelCode is based on ten principles that could apply to all technologiesand
types of businesses.
Canadian Privacy Commissioner Bruce Phillips commended the report andsaid that national standards would protect the privacy rights
ofCanadians, give clear guidance to business, and promote commerce withtrading partners that have also established strong privacy
The report of the Canadian Information Highway Advisory Counsel isavailable at:
The Office of the Privacy Commissioner of Canada has a web page at:
The Supreme Court has declined to review an appeals court ruling thatheld that lax FCC Caller ID privacy safeguards could preempt
strongerstate protections. (See EPIC Alert 3.07, "California PUC FilesSupreme Court Appeal on Caller ID Decision"). But Pacific
Bell andthe California Public Utility Commission both report that millions ofCalifornia telephone subscribers are taking matters
into their ownhands, and selecting permanent call blocking for their lines.
According to Pacific Bell, at least three million customers haveselected the complete blocking option and that number is expected
torise. California has the highest percentage of unlisted phonesubscribers in the country. (See EPIC Alert 3.05, "Calls Pour intoPacBell
Over Caller ID").
It will be interesting to see if the blocking technology works aspromised. Several states encountered serious problems when Caller
IDwas first introduced. (See EPIC Alert 2.04, "Caller ID PrivacyProtection Fails in Two More States", EPIC Alert 2.05, "Caller IDSnafus
Continue: FCC Delays Implementation").
The FCC Caller ID rule is available at:
The long-awaited report of the National Research Council on encryptionpolicy is expected to be released tomorrow. "Cryptography's
Role inSecuring the Information Society" will be released at a publicbriefing at the National Press Club, 14th and F Streets, N.W.,
Washington, D.C., at 1:00 pm, on Thursday, May 30. Committee memberswill respond to questions from attendees, and a limited number
ofpre-publication copies of the report will be available at that time.
The committee also intends to conduct a second public briefing on thereport in Menlo Park, California at SRI International. The briefingwill
be held in the Auditorium of the International Building from10:00 to 11:00 am on Wednesday, June 5. The address is 333Ravenswood
Avenue, Menlo Park, California, 94025. For moreinformation about the briefing at SRI, contact Alice Galloway at415-859-2711.
EPIC commends the NRC for its efforts to make the report widelyavailable to the public. We hope the report will offer a newdirection
for national cryptography policy.
More information about the NRC report is available at:
The Federal Trade Commission's Bureau of Consumer Protection will holda public workshop on Consumer Privacy on the Global InformationInfrastructure
on June 4-5, 1996. Topics to be discussed include:
-- The Use of Consumer Information -- Electronic Regimes for Protecting Consumer Privacy Online -- Consumer and Business
Education in Online Privacy Issues -- The Use of Medical and Financial Information Online -- The Impact of the European Commission's
Council Directive on the Protection of Personal Data -- The Collection and Use of Information about Children
The workshop will be held on June 4, 1996, from 9:00 am to 5:00 pm(Room 432) and on June 5, 1996, from 9:00 am to 12:30 pm (Room 332),
at the Federal Trade Commission, Sixth Street and Pennsylvania Avenue,
N.W., Washington, DC 20580. Requests to participate in the workshopshould be mailed, on or before May 26, 1996, to Martha Landesberg.
EPIC wrote to the FTC in December 1995 and urged the Commission toinvestigate the misuse of personal data by the direct marketingindustry,
particularly the sale of data about children. EPICrecommended that the FTC examine several issues including:
-- The collection and sale of personal data within the marketing industry and whether current trade practices violate federal
or state law;
-- Whether the Mail Preference Service actually protects the privacy interests of consumers or whether there are there better
and simpler methods for consumers to control personal data;
-- The sale of direct marketing lists to federal and state investigative agencies and whether these practices violate
privacy rights and should be regulated or prohibited; and
-- Whether new technologies for anonymous and pseudo-anonymous payment schemes coupled with enforceable legal rights could
help ensure the development of on-line commerce that promotes business opportunity and protects personal privacy.
The Federal Register Notice Announcing the Workshop Agenda isavailable at:
The complete EPIC letter to the FTC is available at:
Consumer Privacy on the Global Information Infrastructure. June 4-5,
1996. Washington, DC. The Federal Trade Commission's Bureau ofConsumer Protection. Contact Martha Landesberg (202) 326-2825 ormlandesbergftc.gov.
Privacy Issues Forum 1996. June 13, 1996. Privacy Commissioner of NewZealand. Christchurch, New Zealand. Email privacyconventionmgmt.co.nz
Practicing Law Institute's 16th Annual Institute on Computer Law:
Understanding the Business and Legal Aspects of the Internet, June17-18, 1996, San Francisco. infopli.edu for info
or call 800/4770300.
Personal Information - Security, Engineering and Ethics. June 21-22 ,
1996. Isaac Newton Institute, Cambridge. Sponsored by CambridgeUniversity and British Medical Association. Paper submission due 10May
1996. Contact: Ross Anderson (rja14newton.cam.ac.uk).
Australasian Conference on Information Security and Privacy. June24-26, 1996. New South Wales, Australia. Sponsored by AustralasianSociety
for Electronic Security and University of Wollongong. Contact:
Jennifer Seberry (jenniecs.uow.edu.au).
The Internet: Transforming our Society Now. June 25-28, 1996. MontrealConvention Center, Montreal (Quebec), Canada. The Internet Society.
Privacy Laws & Business 9th Annual Conference. July 1-3, 1996. St.
John's College, Cambridge, England. Contact: Ms. Gill Ehrlich +44 181423 1300 (tel), +44 181 423 4536 (fax).
DEF CON IV. July 26-28. Los Vegas, NV. Annual Hacker Convention.
Contact: dtangentdefcon.org or http://www.defcon.org/.
Surveillance Expo 96. August 19-21. McLean, Virginia. Sponsored byRoss Associates. Contact: Marilyn Roseberry 703-450-2200.
Fifth International Information Warfare Conference, "Dominating theBattlefields of Business and War", September 5-6, 1996. Washington,
DC. Sponsored by Interpact, NCSA, OSS. Contact: infowar96ncsa.com
Advanced Surveillance Technologies II. Sponsored by EPIC and PrivacyInternational. September 16, 1996. Ottawa, Canada. Contact:
http://www.privacy.org/pi/conference/ottawa/ or email piprivacy.org.
18th International Conference of Data Protection and PrivacyCommissioners. September 18-20, 1996. Ottawa, Canada. Sponsored bythe
Privacy Commissioner of Canada
(Send calendar submissions to Alertepic.org)
The EPIC Alert is a free biweekly publication of the ElectronicPrivacy Information Center. To subscribe, send email toepic-newsepic.org with the subject: "subscribe" (no quotes).
Back issues are available via http://www.epic.org/alert/
The Electronic Privacy Information Center is a public interestresearch center in Washington, DC. It was established in 1994 to focuspublic
attention on emerging privacy issues relating to the NationalInformation Infrastructure, such as the Clipper Chip, the DigitalTelephony
proposal, medical record privacy, and the sale of consumerdata. EPIC is sponsored by the Fund for Constitutional Government, anon-profit
organization established in 1974 to protect civil libertiesand constitutional rights. EPIC publishes the EPIC Alert, pursuesFreedom
of Information Act litigation, and conducts policy research.
For more information, email infoepic.org, HTTP://www.epic.org orwrite EPIC, 666 Pennsylvania Ave., SE, Suite 301, Washington, DC20003. +1 202 544 9240 (tel), +1 202 547 5482 (fax).
If you'd like to support the work of the Electronic Privacy Information
Center, contributions are welcome and fully tax-deductible. Checks should
be made out to "The Fund for Constitutional Government" and sent to EPIC,
666 Pennsylvania Ave., SE, Suite 301, Washington DC 20003.
Your contributions will help support Freedom of Information Act and First
Amendment litigation, strong and effective advocacy for the right of
privacy and efforts to oppose government regulation of encryption and
funding of the National Wiretap Plan.
Thank you for your support.