WorldLII Home | Databases | WorldLII | Search | Feedback

EPIC Alert

You are here:  WorldLII >> Databases >> EPIC Alert >> 1996 >> [1996] EPICAlert 13

Database Search | Name Search | Recent Alerts | Noteup | LawCite | Help

EPIC Alert 3.13 [1996] EPICAlert 13 (10 July 1996)







EPIC ALERT



Volume 3.13 July 10, 1996




Published by the

Electronic Privacy Information Center

Washington, D.C.


http://www.epic.org/



Table of Contents



[1] Clipper Returns ... Again


[2] Commerce Notice for Key Escrow Panel


[3] Supreme Court Rules on Cable Censorship


[4] Justice Department Appeals CDA Decision


[5] FBI File Controversy Continues to Grow


[6] Crypto Hearings Update


[7] EU Committee Approves Telecom Privacy Directive


[8] Upcoming Conferences and Eventss




[1] Key Escrow Returns ... Again



Marking the fourth time that the Clinton Administration has tried topush though a proposal for key escrow encryption, the Department ofCommerce announced this week that the Secretary of Commerce willappoint a panel to advise on the implementation of a "key managementinfrastructure." The KMI proposal was first put forward by the WhiteHouse in May. The proposal called for the creation of a key managementinfrastructure which would require users to disclosure their privatekeys to a government certified escrow agent. It was quickly dubbed"Clipper III," and widely criticized by the public and members ofCongress. (See EPIC Alert 3.10
[1])

The new proposal also flies in the face of the recent findings of anextensive report from the National Research Council which concludedthat it would be a mistake to continue "aggressive promotion" of keyescrow encryption. The NRC found that there was insufficientexperience to support large scale deployment of key escrow; key escrowwould not solve the most serious law enforcement problems; key escrowwill have "a significant negative impact" on the development of newinformation services and technologies; and key escrow will skew marketdevelopment of encryption applications.

The KMI proposal also contradicts a recent recommendation by theDepartment of Commerce's own Computer System Security and PrivacyAdvisory Board which endorsed the conclusions of the NRC report. (SeeEPIC Alert 3.11
[6])

More information is available at http://www.epic.org/crypto/key_escrow/



[2] Commerce Notice for Key Escrow Panel



[Federal Register: July 8, 1996 (Volume 61, Number 131)]
[Notices]
[Page 35710]
From the Federal Register Online via GPO Access [wais.access.gpo.gov]

DEPARTMENT OF COMMERCE
Technical Advisory Committee To Develop a Federal InformationProcessing Standard for the Federal Key Management Infrastructure;
Notice of Establishment
In accordance with the provisions of the Federal Advisory CommitteeAct, 5 U.S.C. App. 2, and the General Services Administration (GSA)
rule on Federal Advisory Committee Management, 41 CFR Part 101-6, andafter consultation with GSA, the Secretary of Commerce has determinedthat the establishment of the Technical Advisory Committee to Develop aFederal Information Processing Standard for the Federal Key ManagementInfrastructure is in the public interest in connection with theperformance of duties imposed on the Department by law.

The Committee will advise the Secretary on the development of adraft Federal Information Processing Standard for the Federal KeyManagement Infrastructure.

The Committee will consist of no more than twenty-four members tobe appointed by the Secretary to assure a balanced representation amongindividuals with established expertise in cryptography and theimplementation and use of cryptographic systems.

The Committee will function solely as an advisory body, and incompliance with provisions of the Federal Advisory Committee Act. Thecharter will be filed under the Act, fifteen days from the date ofpublication of this notice.

Interested persons are invited to submit comments regarding theestablishment of this committee to Edward Roback, Computer Security,
National Institute of Standards and Technology, Gaithersburg, MD 20899,
telephone: 301-975-3696.

Dated: June 27, 1996.
Mark Bohannon,
Chief Counsel for the Technology Administration.



[3] Supreme Court Rules on Cable Censorship



In a precursor to the impending review of the Communications DecencyAct, the Supreme Court on June 28 struck down two provisions and upheldone of a law on regulating "indecent" programming on cable television.
The Court splintered on the case, generating a total of five opinions,
with most of the decision lacking a solid majority. The effects on theCDA case are unclear.

In the first part of the decision, Denver Area Education versus FCC,
No. 95-124 and 95-227, a plurality of four judges upheld section 10(a)
of the cable legislation, which allows cable companies to restrict"patently offensive" programming on "leased access" channels. Leasedaccess channels are channels set aside for use by third partycommercial entities for programming such as infomercials and shoppingchannels. The decision creates a new standard for review described byadvocates as "fuzzy scrutiny" that looks at an "extremely importantproblem . . . without imposing an unnecessarily great restriction onspeech."

In the only part of the decision that garnered a majority, the Courtstruck down Section 10(b) of the act which required that all "patentlyoffensive" material on leased access channels be placed on a specialchannel and that subscribers who wished to view the channel send awritten request to the cable company thirty days in advance of theprogramming.

The Court, with a majority of six judges, ruled that the provision wasnot narrowly tailored. It recognized that there are other alternativesincluding lockboxes and the V-chip (without ruling on itsconstitutionality) that could also have been used. The Court alsorecognized the privacy interest in the list created by the provisionand its chilling effect on free speech:

the "written notice" requirement will further restrict viewing by subscribers who fear for their reputations should the operator, advertently or inadvertently, disclose the list of those who wish to watch the "patently offensive" channel.
Cf. Lamont v. Postmaster General, 381 U.S. 301, 307 (1965)
(finding unconstitutional a requirement that recipients of Communist literature notify the Post Office that they wish to receive it).

Finally, a plurality of four judges struck down section 10(c) whichallowed cable operators to restrict "patently offensive" programming onpublic access channels. It noted that cable TV companies have nothistorically had editorial control over these channels and that thereis already an infrastructure of boards and managers that set policy forthe channels. It found no examples of the channels being used for thekind of programming banned, but noted the fears of programmers whobelieved that the cable companies would use the new powers abusively torestrict other "borderline" programming.



[4] Justice Department Appeals CDA Decision



On July 1, 1996, the Justice Department filed a notice with the USDistrict Court in Philadelphia noting its appeal to the US SupremeCourt of the lower court's decision striking down provisions of theCommunications Decency Act.

The CDA contains provisions allowing for a direct appeal to the SupremeCourt. Section 561 allows for expedited review of the decision directlyto the Court instead of the usual appeal to the Court of Appeals:

(b) Appellate Review. -- Notwithstanding any other provision of law, an interlocutory or final judgment, decree, or order of the
court of 3 judges in an action under subsection (a) holding this
title or an amendment made by this title, or any provision thereof,
unconstitutional shall be reviewable as a matter of right by direct appeal to the Supreme Court. Any such appeal shall be filed not more than 20 days after entry of such judgment, decree, or order.

More information on the CDA decision is available at:

http://www.epic.org/cda/



[5] The FBI Files Scandal and the Privacy Act of 1974



In early June, the House Government Reform and Oversight Committeerevealed that the White House had requested the FBI file on formerTravel Office employee Billy Dale. Soon after, it was also revealedthat the White House had obtained hundreds other individuals' FBIfiles. Some of the files requested by the White House were those ofmembers of previous Republican administrations. So far, 481 files areknown to have been sent to the White House and there are unconfirmedreports of hundreds more. The White House is claiming that the fileswere obtained as part of a bureaucratic mistake.

The White House and the FBI quickly apologized for their action. WhiteHouse Chief of Staff Leon Panetta said, "A mistake has been made here.
It is inexcusable and I think an apology is owed to those that wereinvolved." FBI Director Louis J. Freeh described the disclosure offiles as an "egregious violations of privacy" and noted that "the FBIgave inadequate protection to the privacy interests of persons in FBIfiles."

Despite these apologies, the FBI maintains that its release ofconfidential information to the White House was not against the law.
The Privacy Act of 1974, which does not apply to the White House,
requires that record-holding agencies, such as the FBI, get thepermission of an individual before disclosing their record. Althoughthe FBI did not have the appropriate permissions, they claim they didnot violate the Privacy Act because their actions fall under the"routine use" exception in the Act. A report by Howard Shapiro, FBIGeneral Counsel, states that the routine use "to assist the recipientagency in the performance of any authorized function where access torecords in this system is declared by the recipient agency to berelevant to that function" is applicable because the White Houserequests appeared to be legitimate requests.

Legal scholars note that if the FBI's claim of "routine use" survivesjudicial scrutiny, the Privacy Act's safeguards will have littlemeaning. Even revised internal policies designed to prevent similarincidents from happening in the future could be relaxed in the future.
A Senate oversight committee may soon hold hearings to consider whetheramendments to the Privacy Act are necessary to ensure protection ofpersonal information held in federal agencies.

More information on the FBI files issue is available from:

http://www.epic.org/privacy/filegate/



[6] Crypto Hearings



On June 26, Senator Conrad Burns chaired the second hearing on S. 1726,
the "Pro-CODE" bill. The hearings examined civil liberties issuesraised by encryption policy and encryption techniques. Witnessesincluded Phil Zimmermann of Pretty Good Privacy, Whit Diffie of SunMicrosystems, Phil Karn of Qualcomm, Barbara Simons of USACM and MarcRotenberg of EPIC.

The hearing took place in the wake of revelations of the FBI filesabuses. Both Committee members and witnesses spoke to the need toprotect citizens' communications from overzealous government action.
Senator John Ashcroft emphasized protecting individuals' privacy: "Theevents this last week or two bring into sharp focus the need . . . tohave private items that are not abused, and to think that somehow wewould have to register with a government agency some way for them toparticipate in the most private of our understandings, your thoughts,
unless we chose not to record them, is a very troubling thought."

Marc Rotenberg, director of the Electronic Privacy Information Center,
said that "current encryption policies are destined for the historybooks," and stressed the point that the government should not dictatetechnical standards for encryption. "It is absolutely critical thatusers be able to choose from a wide range of good tools that aredesigned to protect privacy and security."

The Committee and the witnesses also discussed the implications ofstrong cryptography for law enforcement. There was general agreementthat cryptography would prevent many crimes of opportunity, although itcould make some investigations more difficult. Everyone recognizedthat the potential negative uses of cryptography are already possiblebut that good uses require encouragement. Whitfield Diffie noted: "Asmall number of people in a conspiracy can secure their communicationsrather readily. But the legitimate applications of cryptography requirea worldwide infrastructure . . . and as long as we delay thedevelopment of that infrastructure, we are giving the relativeadvantage to the bad guys rather than the good guys."

The final hearing on the Pro-CODE bill will take place on June 24.
Officials from law enforcement and intelligence agencies are expectedto testify.

More information about export control issues can be found at:

http://www.epic.org/crypto/export_controls/



[7] EU Committee Approves Telecom Privacy Directive



The EU Telecommunications Committee approved on June 27 a directive ontelecommunications privacy for digital networks. The new directiveestablishes several new privacy requirements and follows the recentlyenacted directive on privacy and data protection.

The directive requires free per-line and per-call blocking for CallerID services. In addition, automatic rejection of blocked calls must beoffered for free. These provisions can be overridden only in limitedcircumstances.

Other information collected for call placement can be kept only untilthe service is completed. Billing data can only be kept for thestatutory period in which it could be challenged. Member countriesmust also ensure that "the privacy of calling users and calledsubscribers is preserved" for itemized bills.

On telemarketing, automated calls with pre-recorded messages are bannedunless the individual has given affirmative consent. Member countriesare required "to ensure that unsolicited calls for promotional oradvertising/research purposes are not allowed in respect of subscriberswho do not wish to receive these calls."

On wiretapping, the directive prohibits any wiretaps that are notlegally authorized. It requires that for a "particular risk of a breachof the security of the network" such as mobile telephones, thatsubscribers be informed and that the service provider must offerencryption.



[8] Upcoming Conferences and Events



DEF CON IV. July 26-28. Las Vegas, NV. Annual hacker convention.
Contact: dtangentdefcon.org or http://www.defcon.org/.

Surveillance Expo 96. August 19-21. McLean, Virginia. Sponsored byRoss Associates. Contact: Marilyn Roseberry 703-450-2200.

Fifth International Information Warfare Conference, "Dominating theBattlefields of Business and War", September 5-6, 1996. Washington,
DC. Sponsored by Interpact, NCSA, OSS. Contact: infowar96ncsa.com
Advanced Surveillance Technologies II. September 16, 1996. Ottawa,
Canada. Sponsored by EPIC and Privacy International. Contact:
http://www.privacy.org/pi/conference/ottawa/ or email piprivacy.org.

"Privacy Beyond Borders", 18th International Privacy and DataProtection Conference. September 18-20, 1996. Ottawa, Canada.
Sponsored by the Privacy Commissioner of Canada. Contact:
jroyfox.nstn.ca
CPSR Annual Meeting. October 19-20. Washington DC. Contact: phylandaol.com.

(Send calendar submissions to Alertepic.org)




The EPIC Alert is a free biweekly publication of the ElectronicPrivacy Information Center. To subscribe, send email toepic-newsepic.org with the subject: "subscribe" (no quotes).

Back issues are available via http://www.epic.org/alert/




The Electronic Privacy Information Center is a public interestresearch center in Washington, DC. It was established in 1994 to focuspublic attention on emerging privacy issues relating to the NationalInformation Infrastructure, such as the Clipper Chip, the DigitalTelephony proposal, medical record privacy, and the sale of consumerdata. EPIC is sponsored by the Fund for Constitutional Government, anon-profit organization established in 1974 to protect civil libertiesand constitutional rights. EPIC publishes the EPIC Alert, pursuesFreedom of Information Act litigation, and conducts policy research.
For more information, email infoepic.org, HTTP://www.epic.org orwrite EPIC, 666 Pennsylvania Ave., SE, Suite 301, Washington, DC20003. +1 202 544 9240 (tel), +1 202 547 5482 (fax).

If you'd like to support the work of the Electronic Privacy Information
Center, contributions are welcome and fully tax-deductible. Checks should
be made out to "The Fund for Constitutional Government" and sent to EPIC,
666 Pennsylvania Ave., SE, Suite 301, Washington DC 20003.

Your contributions will help support Freedom of Information Act and First
Amendment litigation, strong and effective advocacy for the right of
privacy and efforts to oppose government regulation of encryption and
funding of the National Wiretap Plan.

Thank you for your support.




WorldLII: Copyright Policy | Disclaimers | Privacy Policy | Feedback
URL: http://www.worldlii.org/int/journals/EPICAlert/1996/13.html