You are here:
EPIC Alert >>
 EPICAlert 19
| Name Search
| Recent Alerts
EPIC Alert 3.19  EPICAlert 19 (21 November 1996)
Volume 3.19 November 21, 1996
Published by the
Electronic Privacy Information Center
Table of Contents
 New Executive Order on Cryptography
 CDA Plaintiffs Ask Supreme Court to Affirm Decision
 Court Rules AOL Not Subject to First Amendment in Junk Mail Case
 EPIC Files Brief in Support of Crypto Rights
 FTC to Investigate Online Privacy
 NY Censorship Law Goes Into Effect
 Senators and Congress Criticize Clipper 4 Proposal
 Upcoming Conferences and Events
The White House announced on November 15 a new Executive Order oncryptography. The Executive Order on the Administration of Controls
onEncryption Products directs the issuance of new regulations governingexport controls on cryptography. The provisions of the Order
will takeeffect upon the promulgation of final regulations implementing the changesin the export regime.
The new regulations will likely retain many of the restrictions onexporting cryptographic devices. The order finds that: "the export
ofencryption products described in this section could harm national securityand foreign policy interests even where comparable products
are or appearto be available from sources outside the United States."
Under the Executive Order, control over exports of encryption products willbe transferred from the Department of State to the Department
At the same time, the Department of Justice will be given an expanded rolein determining whether encryption products can be exported.
A JusticeDepartment representative will sit on all relevant review bodies and willbe a voting member of the Export Administration
Review Board. Exportcontrols lawyers believe that this could result in fewer export approvalsgiven the previous positions of the
Justice Department on the publicavailability of strong encryption. Public disclosure or judicial review ofdecisions to grant an
export license is precluded because it wouldpurpertedely "reveal or implicate classified information that could harmUnited States
national security and foreign policy interests."
An accompanying memorandum also indicates that under the final implementingregulations, source code will be controlled in the same
manner as finishedproducts. Such restrictions may apply to books such as EPIC advisory boardmember Bruce Schneier's "Applied Cryptography."
The final regulations will also require that any person who makesencryption software available by means of "electronic bulletin boards
andInternet file transfer protocol sites" must "take precautions adequate toprevent the unauthorized transfer of such code outside
the United States."
This langauge is broader than the current provision in the InternationalTrafficing in Arms Regulations and may leave Online Service
bulletin board operators, and others subject to prosecution.
In a separate announcement, Vice President Gore announced that David Aaron,
the US Permanent Representative to the OECD, would be appointed SpecialEnvoy for Cryptography Policy. It is anticipated that Mr. Aaron
willattempt to promote key escrow encryption through bilateral andmultilaterial negotation. The United States has beenpressuring
the OECD toaccept key escrow as an international standard. Previously, US lobbyingefforts have been led by the Justice Department
and the NSA.
A detailed analysis by EPIC and more information on the Executive Order isavailable at:
On October 31, the plaintiffs in ACLU v. Reno filed a motionasking the Supreme Court to affirm a lower court decisionthat rejected
as unconstitutional a law that allowed the governmentto censor the Internet. The motion urged the Court to issue a"summary affirmance"
-- a finding that the lower court decisionissued in Philadelphia on June 12 was correct and thereforedoes not merit further examination.
EPIC is participating as botha plaintiff and co-counsel in the landmark litigation.
The Communications Decency Act (CDA) was enacted as part of thetelecommunications reform legislation signed into law in February.
It makes it a crime, punishable by up to two years in jail and/ora $250,000 fine, for anyone to engage in speech that is "indecent"
or "patently offensive" on computer networks if the speech can beaccessed or viewed by a minor. The plaintiffs argued -- and thethree-judge
lower court panel agreed -- that because there is noway to shield minors alone from online "indecency," the CDAamounts to a criminal
ban on constitutionally protectedcommunication among adults.
The text of the plaintiffs' motion to affirm, and other materialrelevant to the litigation, is available at:
In an effort to provide some relief to subscribers besieged byunsolicited commercial e-mail (or "spam"), America Onlineblocked incoming
mail originating from one of the biggestcommercial spammers, Cyber Promotions, Inc. Cyberpromotionsclaimed that it had a right to
provide information to AOLsubscribers. Not surprisingly, the dispute ended up in court, with
the mass-mailer arguing that AOL was violating its First Amendment
right to free speech.
A federal judge in Philadelphia issued a decision on November 4,
upholding AOL's right to block unsolicited commercial e-mailaddressed to its subscribers. Noting that the First Amendment'sfree speech
protections apply only to governmental entities, thecourt examined AOL's activities and concluded that:
Although AOL has technically opened its e-mail system to the public by connecting with the Internet, AOL has not opened
its property to the public by performing any municipal power or essential public service and, therefore,
does not stand in the shoes of the State.
In other words, AOL operates a private forum and is thus subjectto the First Amendment. Unlike the government, said the court,
the online service can restrict speech within its borders. Whilemany AOL subscribers will likely welcome the immediate effect ofthe
decision -- relief from unwanted junk e-mail -- its long-termconsequences could include increased censorship by AOL and otheronline
The text of the decision in Cyber Promotions, Inc. v. AmericaOnline is available at:
EPIC has filed a friend-of-the-court brief in support of computer securityexpert Philip Karn's case against the State Department challenging
cryptoexport controls. Karn is testing the constitutionality of exportregulations that require a license before cryptographic source
code can besent out of the country.
The brief argues that cryptographic source code is speech protected bythe First Amendment. Secondly, it argues that the current system
oflicenses constitutes a prior restraint of speech prohibited by theFirst Amendment.
The brief was also endorsed by the ACLU, the Internet Society andthe U.S. Public Policy Committee of the Association for Computing
(USACM). Oral Arguments in the case are scheduled to be heard on January
10, 1997, before the U.S. Court of Appeals for the District of Columbia Circuit.
A copy of the brief and additional information is available at:
The Federal Trade Commission has been asked by three U.S. Senators toinvestigate online privacy and report back to Congress withrecommendations.
The senators, Richard Bryan (D-NV), LarryPressler (R-SD) and Fritz Hollings (D-SC), who sit on the SenateCommerce Committee, sent
the letter on October 8.
The letter asks the FTC to conduct research into online privacyissues in the wake of the controversy over the LEXIS P-TRAK database.
The FTC had originally requested legislation to address the issue.
The letter requests that the FTC "investigate the compilation, sale,
and usage of electronically transmitted data bases that includeidentifiable personal information of private citizens without theirknowledge."
The FTC will focus on the rights of users and possibleabuses in online databases; its report is due in six months.
A copy of the letter to the FTC and more information on P-TRAK isavailable at:
A new law in New York State on Internet censorship went into effect onNovember 1. The new law bans the distribution of "indecent"
speechthat is "harmful to minors" if the person "intentionally uses anycomputer communications system allowing the input, output,
examinationor transfer, of computer data or computer programs from one computer toanother, to initiate or engage in such communications
with a person whois a minor."
The law provides defenses if the recipient or audience to an allegedlyobscene performance, consisted of persons or institutions havingscientific,
educational, governmental or other similar justificationfor possessing, disseminating or viewing the same." It also createsdefenses
for using filtering software and identification of users toverify their age.
The law is similar to the Communications Decency Act that was struckdown by two federal courts. New York Governor George Pataki signed
intolaw on September 4. The ACLU is currently gathering information for acourt challenge.
More information on Internet censorship is available from:
A bi-partisan group of twenty-one Senators and Congressmen wrote theWhite House on October 15 criticizing the administration's Clipper
4proposal. The group, led by Sen. Conrad Burns (R-MT) and Sen. Ron Wyden
(D-OR) called the proposal "flawed" and stated, "We fear these defects willcontinue to leave U.S. companies at a disadvantage in the
The letter calls on the White House to work with Congress and publicinterest groups and states that oversight hearings on crypto policywill
be held when Congress returns.
A copy of the letter and more information on the administration'skey escrow policy is available at:
"1997 RSA Data Security Conference." January 28-31, 1997. San Francisco,
CA. Contact: http://www.rsa.com
"Financial Cryptography 1997 (FC97)." February 24-28, 1997. Anguilla, BWI.
Sponsored by International Association for Cryptologic Research.
"CFP97: Commerce & Community." March 11-14, 1997. Burlingame,
California. Sponsored by the Association for Computing Machinery.
Contact: cfp97cfp.org or http://www.cfp.org
"Eurosec'97: the Seventh Annual Forum on Information Systems Qualityand Security. "March 17-19. 1997. Paris, France. Sponsored by
XPConseil. Contact: http://ourworld.compuserve.com/homepages/eurosec/
"Ethics in the Computer Society" The Second Annual Ethics and TechnologyConference. June 6-7, 1997. Chicago, Ill. Sponsored byLoyola
University Chicago. http://www.math.luc.edu/ethics97
INET 97 -- "The Internet: The Global Frontiers." June 24-27, 1997.
Kuala Lumpur, Malaysia. Sponsored by the Internet Society. Contact:
inet97isoc.org or http://www.isoc.org/inet97
"AST3: Cryptography and Privacy." September 15, 1997. Brussels, Belgium.
Sponsored by Privacy International and EPIC. Contact: piprivacy.org.
"International Conference on Privacy." September 23-26, 1997.
Montreal, Canada. Sponsored by the Commission d'Acces a l'informationdu Quebec.
(Send calendar submissions to Alertepic.org)
The EPIC Alert is a free biweekly publication of the ElectronicPrivacy Information Center. To subscribe, send email toepic-newsepic.org with the subject: "subscribe" (no quotes).
Back issues are available via http://www.epic.org/alert/
The Electronic Privacy Information Center is a public interestresearch center in Washington, DC. It was established in 1994 to focuspublic
attention on emerging privacy issues relating to the NationalInformation Infrastructure, such as the Clipper Chip, the DigitalTelephony
proposal, medical record privacy, and the sale of consumerdata. EPIC is sponsored by the Fund for Constitutional Government, anon-profit
organization established in 1974 to protect civil libertiesand constitutional rights. EPIC publishes the EPIC Alert, pursuesFreedom
of Information Act litigation, and conducts policy research.
For more information, email infoepic.org, HTTP://www.epic.org orwrite EPIC, 666 Pennsylvania Ave., SE, Suite 301, Washington, DC20003. +1 202 544 9240 (tel), +1 202 547 5482 (fax).
If you'd like to support the work of the Electronic Privacy Information
Center, contributions are welcome and fully tax-deductible. Checks should
be made out to "The Fund for Constitutional Government" and sent to EPIC,
666 Pennsylvania Ave., SE, Suite 301, Washington DC 20003.
Your contributions will help support Freedom of Information Act and First
Amendment litigation, strong and effective advocacy for the right of
privacy and efforts to oppose government regulation of encryption and
funding of the National Wiretap Plan.
Thank you for your support.