WorldLII Home | Databases | WorldLII | Search | Feedback

EPIC Alert

You are here:  WorldLII >> Databases >> EPIC Alert >> 1996 >> [1996] EPICAlert 19

Database Search | Name Search | Recent Articles | Noteup | LawCite | Help

EPIC Alert 3.19 [1996] EPICAlert 19


Volume 3.19 November 21, 1996

Published by the

Electronic Privacy Information Center

Washington, D.C.

Table of Contents

[1] New Executive Order on Cryptography

[2] CDA Plaintiffs Ask Supreme Court to Affirm Decision

[3] Court Rules AOL Not Subject to First Amendment in Junk Mail Case

[4] EPIC Files Brief in Support of Crypto Rights

[5] FTC to Investigate Online Privacy

[6] NY Censorship Law Goes Into Effect

[7] Senators and Congress Criticize Clipper 4 Proposal

[8] Upcoming Conferences and Events

[1] New Executive Order on Cryptography

The White House announced on November 15 a new Executive Order oncryptography. The Executive Order on the Administration of Controls onEncryption Products directs the issuance of new regulations governingexport controls on cryptography. The provisions of the Order will takeeffect upon the promulgation of final regulations implementing the changesin the export regime.

The new regulations will likely retain many of the restrictions onexporting cryptographic devices. The order finds that: "the export ofencryption products described in this section could harm national securityand foreign policy interests even where comparable products are or appearto be available from sources outside the United States."

Under the Executive Order, control over exports of encryption products willbe transferred from the Department of State to the Department of Commerce.
At the same time, the Department of Justice will be given an expanded rolein determining whether encryption products can be exported. A JusticeDepartment representative will sit on all relevant review bodies and willbe a voting member of the Export Administration Review Board. Exportcontrols lawyers believe that this could result in fewer export approvalsgiven the previous positions of the Justice Department on the publicavailability of strong encryption. Public disclosure or judicial review ofdecisions to grant an export license is precluded because it wouldpurpertedely "reveal or implicate classified information that could harmUnited States national security and foreign policy interests."

An accompanying memorandum also indicates that under the final implementingregulations, source code will be controlled in the same manner as finishedproducts. Such restrictions may apply to books such as EPIC advisory boardmember Bruce Schneier's "Applied Cryptography."

The final regulations will also require that any person who makesencryption software available by means of "electronic bulletin boards andInternet file transfer protocol sites" must "take precautions adequate toprevent the unauthorized transfer of such code outside the United States."
This langauge is broader than the current provision in the InternationalTrafficing in Arms Regulations and may leave Online Service Providers,
bulletin board operators, and others subject to prosecution.

In a separate announcement, Vice President Gore announced that David Aaron,
the US Permanent Representative to the OECD, would be appointed SpecialEnvoy for Cryptography Policy. It is anticipated that Mr. Aaron willattempt to promote key escrow encryption through bilateral andmultilaterial negotation. The United States has beenpressuring the OECD toaccept key escrow as an international standard. Previously, US lobbyingefforts have been led by the Justice Department and the NSA.

A detailed analysis by EPIC and more information on the Executive Order isavailable at:

[2] CDA Plaintiffs Ask Supreme Court to Affirm Decision

On October 31, the plaintiffs in ACLU v. Reno filed a motionasking the Supreme Court to affirm a lower court decisionthat rejected as unconstitutional a law that allowed the governmentto censor the Internet. The motion urged the Court to issue a"summary affirmance" -- a finding that the lower court decisionissued in Philadelphia on June 12 was correct and thereforedoes not merit further examination. EPIC is participating as botha plaintiff and co-counsel in the landmark litigation.

The Communications Decency Act (CDA) was enacted as part of thetelecommunications reform legislation signed into law in February.
It makes it a crime, punishable by up to two years in jail and/ora $250,000 fine, for anyone to engage in speech that is "indecent"
or "patently offensive" on computer networks if the speech can beaccessed or viewed by a minor. The plaintiffs argued -- and thethree-judge lower court panel agreed -- that because there is noway to shield minors alone from online "indecency," the CDAamounts to a criminal ban on constitutionally protectedcommunication among adults.

The text of the plaintiffs' motion to affirm, and other materialrelevant to the litigation, is available at:

[3] Court Rules AOL Not Subject to First Amendment in Junk Mail Case

In an effort to provide some relief to subscribers besieged byunsolicited commercial e-mail (or "spam"), America Onlineblocked incoming mail originating from one of the biggestcommercial spammers, Cyber Promotions, Inc. Cyberpromotionsclaimed that it had a right to provide information to AOLsubscribers. Not surprisingly, the dispute ended up in court, with
the mass-mailer arguing that AOL was violating its First Amendment
right to free speech.

A federal judge in Philadelphia issued a decision on November 4,
upholding AOL's right to block unsolicited commercial e-mailaddressed to its subscribers. Noting that the First Amendment'sfree speech protections apply only to governmental entities, thecourt examined AOL's activities and concluded that:

Although AOL has technically opened its e-mail system to the public by connecting with the Internet, AOL has not opened its property to the public by performing any municipal power or essential public service and, therefore,
does not stand in the shoes of the State.

In other words, AOL operates a private forum and is thus subjectto the First Amendment. Unlike the government, said the court,
the online service can restrict speech within its borders. Whilemany AOL subscribers will likely welcome the immediate effect ofthe decision -- relief from unwanted junk e-mail -- its long-termconsequences could include increased censorship by AOL and otheronline services.

The text of the decision in Cyber Promotions, Inc. v. AmericaOnline is available at:

[4] EPIC Files Brief in Support of Crypto Rights

EPIC has filed a friend-of-the-court brief in support of computer securityexpert Philip Karn's case against the State Department challenging cryptoexport controls. Karn is testing the constitutionality of exportregulations that require a license before cryptographic source code can besent out of the country.

The brief argues that cryptographic source code is speech protected bythe First Amendment. Secondly, it argues that the current system oflicenses constitutes a prior restraint of speech prohibited by theFirst Amendment.

The brief was also endorsed by the ACLU, the Internet Society andthe U.S. Public Policy Committee of the Association for Computing
(USACM). Oral Arguments in the case are scheduled to be heard on January
10, 1997, before the U.S. Court of Appeals for the District of Columbia Circuit.

A copy of the brief and additional information is available at:

[5] FTC to Investigate Online Privacy

The Federal Trade Commission has been asked by three U.S. Senators toinvestigate online privacy and report back to Congress withrecommendations. The senators, Richard Bryan (D-NV), LarryPressler (R-SD) and Fritz Hollings (D-SC), who sit on the SenateCommerce Committee, sent the letter on October 8.

The letter asks the FTC to conduct research into online privacyissues in the wake of the controversy over the LEXIS P-TRAK database.
The FTC had originally requested legislation to address the issue.

The letter requests that the FTC "investigate the compilation, sale,
and usage of electronically transmitted data bases that includeidentifiable personal information of private citizens without theirknowledge." The FTC will focus on the rights of users and possibleabuses in online databases; its report is due in six months.

A copy of the letter to the FTC and more information on P-TRAK isavailable at:

[6] NY Censorship Law Goes Into Effect

A new law in New York State on Internet censorship went into effect onNovember 1. The new law bans the distribution of "indecent" speechthat is "harmful to minors" if the person "intentionally uses anycomputer communications system allowing the input, output, examinationor transfer, of computer data or computer programs from one computer toanother, to initiate or engage in such communications with a person whois a minor."

The law provides defenses if the recipient or audience to an allegedlyobscene performance, consisted of persons or institutions havingscientific, educational, governmental or other similar justificationfor possessing, disseminating or viewing the same." It also createsdefenses for using filtering software and identification of users toverify their age.

The law is similar to the Communications Decency Act that was struckdown by two federal courts. New York Governor George Pataki signed intolaw on September 4. The ACLU is currently gathering information for acourt challenge.

More information on Internet censorship is available from:

[7] Senators and Congress Criticize Clipper 4 Proposal

A bi-partisan group of twenty-one Senators and Congressmen wrote theWhite House on October 15 criticizing the administration's Clipper 4proposal. The group, led by Sen. Conrad Burns (R-MT) and Sen. Ron Wyden
(D-OR) called the proposal "flawed" and stated, "We fear these defects willcontinue to leave U.S. companies at a disadvantage in the world market".

The letter calls on the White House to work with Congress and publicinterest groups and states that oversight hearings on crypto policywill be held when Congress returns.

A copy of the letter and more information on the administration'skey escrow policy is available at:

[8] Upcoming Conferences and Events

"1997 RSA Data Security Conference." January 28-31, 1997. San Francisco,
CA. Contact:

"Financial Cryptography 1997 (FC97)." February 24-28, 1997. Anguilla, BWI.
Sponsored by International Association for Cryptologic Research.

"CFP97: Commerce & Community." March 11-14, 1997. Burlingame,
California. Sponsored by the Association for Computing Machinery.
Contact: or

"Eurosec'97: the Seventh Annual Forum on Information Systems Qualityand Security. "March 17-19. 1997. Paris, France. Sponsored by XPConseil. Contact:

"Ethics in the Computer Society" The Second Annual Ethics and TechnologyConference. June 6-7, 1997. Chicago, Ill. Sponsored byLoyola University Chicago.

INET 97 -- "The Internet: The Global Frontiers." June 24-27, 1997.
Kuala Lumpur, Malaysia. Sponsored by the Internet Society. Contact: or

"AST3: Cryptography and Privacy." September 15, 1997. Brussels, Belgium.
Sponsored by Privacy International and EPIC. Contact:

"International Conference on Privacy." September 23-26, 1997.
Montreal, Canada. Sponsored by the Commission d'Acces a l'informationdu Quebec.
(Send calendar submissions to

The EPIC Alert is a free biweekly publication of the ElectronicPrivacy Information Center. To subscribe, send email with the subject: "subscribe" (no quotes).

Back issues are available via

The Electronic Privacy Information Center is a public interestresearch center in Washington, DC. It was established in 1994 to focuspublic attention on emerging privacy issues relating to the NationalInformation Infrastructure, such as the Clipper Chip, the DigitalTelephony proposal, medical record privacy, and the sale of consumerdata. EPIC is sponsored by the Fund for Constitutional Government, anon-profit organization established in 1974 to protect civil libertiesand constitutional rights. EPIC publishes the EPIC Alert, pursuesFreedom of Information Act litigation, and conducts policy research.
For more information, email, HTTP:// orwrite EPIC, 666 Pennsylvania Ave., SE, Suite 301, Washington, DC20003. +1 202 544 9240 (tel), +1 202 547 5482 (fax).

If you'd like to support the work of the Electronic Privacy Information
Center, contributions are welcome and fully tax-deductible. Checks should
be made out to "The Fund for Constitutional Government" and sent to EPIC,
666 Pennsylvania Ave., SE, Suite 301, Washington DC 20003.

Your contributions will help support Freedom of Information Act and First
Amendment litigation, strong and effective advocacy for the right of
privacy and efforts to oppose government regulation of encryption and
funding of the National Wiretap Plan.

Thank you for your support.

WorldLII: Copyright Policy | Disclaimers | Privacy Policy | Feedback