You are here:
EPIC Alert >>
 EPICAlert 5
EPIC Alert 3.05  EPICAlert 5 (29 February 1996)
Volume 3.05 February 29, 1996
Published by the
Electronic Privacy Information Center
Table of Contents
 ACLU/EPIC Lawsuit Puts CDA Enforcement on Hold
 Draft Crypto Bill Circulating
 Personal Crypto Export Allowed
 Court Rules Against Email Privacy
 Calls Pour into PacBell Over Caller ID
 State Legislatures Examine Privacy Issues
 Digital Telephony Funding Update
 Upcoming Conferences and Events
In a stipulation signed on February 23, the Justice Department hasagreed not to initiate investigations or prosecutions under the"indecency"
or "patently offensive" censorship provisions of theCommunications Decency Act (CDA) while a three-judge panel inPhiladelphia considers
the case. The plaintiffs' attorneys, led byChris Hansen of the American Civil Liberties Union (ACLU), considerthe agreement to be
a significant victory because it expandsprotections for Internet users beyond the temporary restraining orderon the "indecency" provision
granted by U.S. District Judge RonaldBuckwalter on February 15. Under the stipulated agreement, whichprotects all Internet users,
no one will be investigated or prosecutedfor the transmission of "patently offensive" speech. If the law isultimately upheld, the
government has reserved the right to prosecutelater for such speech dating from the passage of the CDA.
At a scheduling conference held on February 20, the three-judge courtset five dates for the hearing on the plaintiffs' preliminaryinjunction
motion in Philadelphia. The plaintiffs, including EPIC andthe ACLU, will present their case on March 21 and 22, with April 1reserved
if necessary. The government's case will be presented onApril 11 and 12. The complete trial is scheduled to last five days.
In a related development, the American Library Association and acoalition of publishers, content providers and commercial accessproviders
have filed a separate lawsuit in Philadelphia challengingthe CDA. The new case has been consolidated with the pendinglitigation.
"Things are moving very, very fast and we need to make
certain that our society doesn't destroy the potential of our technology
even before it comes into its full potential," said Judy Krug, director
of the Office of Intellectual Freedom for the American Library
Association and a member of the EPIC Advisory Board.
Comprehensive information on the CDA lawsuit, including the text ofthe stipulation signed on February 23, is available at:
Senator Patrick Leahy (D-VT) is expected to introduce the EncryptedCommunications Privacy Act of 1996 within the next week. The billattempts
to answer a number of unresolved issues concerning the use ofencryption technology. Among the key features, the bill:
- Creates a legal framework for key escrow agents including the
obligations to disclose keys and assist law enforcement, and sets
penalties for improper disclosure;
- Criminalizes the use of encryption which may have the effect of
obstructing a felony investigation;
- Affirms the freedom to use encryption; and
- Relaxes export controls by transferring authority for export
decisions to the Secretary of Commerce.
The bill reflects a number of the recommendations made by EPIC, EFF,
the USACM and various industry and trade groups to relax export controllaw and affirm the freedom to use all forms of encryption.
However, thebill does little to roll back the deployment of Clipper-inspiredencryption in the federal government or remove the classificationrestrictions
on encryption policy that currently block public scrutinyof government policy.
The bill also brings into sharp focus the problems with key escrowencryption. The bill makes clear that escrow agents could facestaggering
liability -- criminal prosecution if they fail to complywith what are currently ill-defined obligations to assist lawenforcement
and civil liability if keys are improperly disclosed ortrade secrets improperly released. There is also no indication thatCongress
has yet considered the risks to network vulnerability orrecord integrity if key escrow is widely deployed.
EPIC will provide a copy of the bill online as soon as it is formallyintroduced. Check the EPIC crypto page for this and other developmentsrelating
to encryption policy:
After more than two years of delay, the U.S. State Department hasfinally released new regulations allowing for limited export ofcryptography.
The new regulations allow American citizens to takeencryption software or hardware on overseas trips if they keep maintainof the
devices at all times. They are also required to keep records ofthe trip for five years.
More information on the new regulations and other information on exportcontrols is available at:
A U.S. District Court in Pennsylvania ruled on January 18 that even ifan employer promises not to intercept email on a company system,
thereis not an expectation of privacy in the email. The case underscores thequestion of whether the court system has an adequate
the underlying technology.
According to the court, the employer repeatedly told its employees that"all email communications would remain confidential and privileged"
and that "e-mail communications could not be used by [the company]
against its employees as grounds for termination." Even with that
promise, the employer intercepted the communications of Michael Smithand fired him. The court held that:
We do not find a reasonable expectation of privacy in e-mail communications voluntarily made by an employee to his supervisor
over the company e-mail system notwithstanding any assurances by management. Once plaintiff communicated the alleged unprofessional
comments to a second person over an e-mail system which was apparently utilized by the entire company, any reasonable expectation
of privacy was lost .... we find no privacy interests in such communications.
We do not find that a reasonable person would consider the
defendant's interception of these communications to be a substantial
and highly offensive invasion of his privacy"
A copy of the decision is available at:
Following the 9th Circuit Court of Appeals' decision on Caller ID (seeAlert 3.03), California telephone companies have began a publiceducation
campaign concerning the service. The companies were requiredto provide customer education by the state Public Utilities Commission(PUC)
before the June 1 introduction of the service. The PUC rejectedthe companies' first attempt to turn the education effort into anadvertising
campaign selling the service.
According to news reports, over 100,000 people called the informationlines in the first week that the advertisements ran in Californianewspapers.
This included 22,000 people on the first day. Of thatgroup, 13,000 requested that the companies set up permanent (per-line)
blocking on their phones. The companies needed to hire more staff tofield the calls after the first day.
The California PUC has announced that it will appeal the 9th Circuitdecision to the U.S. Supreme Court.
While Congress has failed to review privacy issues in recent sessions,
many state legislatures are considering enacting bills to enhancepersonal privacy. These include:
Video Surveillance - After several controversial cases, Maryland (HB273) and California (AB2051) are considering bills that would
prohibitvideotaping in private places without the consent of the subject.
Motor Vehicle Records - In response to the Federal DMV Privacy Actpassed in 1993, Maryland (SB 538) and West Virginia are consideringbills
to limit access to motor vehicle records without the permissionof the driver.
Personal Information -- In the wake of the Avrahami case, California isconsidering a bill (SB1659) to prevent companies from using
ordistributing personal information without the consent of theindividual.
Email Privacy -- Colorado is considering a bill that would requireprivate employers to notify employees about their privacy policies
forelectronic mail. It would also limit the availability of email that can
be obtained under the state open records law (HB1199).
Medical Privacy -- Maryland is considering a bill that would limit thestate government's ability to collect and maintain in a single
databaseinformation concerning all medical treatment in Maryland.
The House of Representatives will consider an amendment by Rep.
Charles Schumer (D-NY) as it takes up H.R. 1710, the ComprehensiveAnti-Terrorism Act of 1996. The vote on the bill is expected to
takeplace during the week of March 11.
The amendment would create a "Department of Justice TelecommunicationsCarrier Compliance Fund" to be used to reimburse telephone companiesand
manufacturers for the cost of modifying their equipment tofacilitate wiretapping. Such changes are mandated by the Commun-
ications Assistance for Law Enforcement Act (also known as the"digital telephony bill") enacted by Congress in late 1994. The fundwould
be created by imposing a 40 percent surcharge on all civilmonetary penalties (except for those imposed in cases involving theIRS)
assessed after the enactment of the bill. Thus, any individual,
small business or corporation fined for violating any federalregulation or law (from environmental to banking to health and safetyrules)
would automatically have their fines increased by 40 percent.
The funds would be disbursed as follows: $100 million in FY 1996; $305million in FY1997; and $80 million in FY 1998.
More information on digital telephony and the terrorism bill isavailable at:
Technologies of Freedom: Blueprints for Action, Feb. 29-March 2,
1996. Washington, DC. Sponsored by the Alliance for Public Technology.
Contact: Ruth Holder, holderapt.org or http://apt.org/apt/
The Impact of Cybercommunication on Telecommunications, March 8, 1996.
New York, NY. Sponsored Columbia University Institute forTele-Information. Contact: citiresearch.gsb.columbia.edu orhttp://www.ctr.columbia.edu/citi/register.html
C|NET's Electronic Commerce Conference, March 20-22, 1996. FourSeasons Hotel, Newport Beach, California. Contact: (415) 395-7805
165; conferencecnet.com or http://www.cnet.com/Community/Econference/
Computers Freedom and Privacy '96. March 27-30, 1996. Cambridge, Mass.
Sponsored by MIT, ACM and WWW Consortium. Contact cfp96mit.edu orhttp://web.mit.edu/cfp96/
Conference on Technological Assaults on Privacy, April 18-20, 1996.
Rochester Institute of Technology, Rochester, New York. Papers shouldbe submitted by February 1, 1996. Contact: Wade Robison,
privacyrit.edu, by FAX at (716) 475-7120, or by phone at (716)
IEEE Symposium on Security and Privacy, May 6-8, 1996. Oakland, CA.
Sponsored by IEEE. Contact: sp96cs.pdx.edu orhttp://www.cs.pdx.edu/SP96.
Visions of Privacy for the 21st Century: A Search for Solutions. May9-11, 1996. Victoria, British Columbia. Sponsored by The Office
ofInformation and Privacy Commissioner for the Province of BritishColumbia and the University of Victoria. Program athttp://www.cafe.net/gvc/foi
Australasian Conference on Information Security and Privacy June24-26, 1996. New South Wales, Australia. Sponsored by AustralasianSociety
for Electronic Security and University of Wollongong.
Contact: Jennifer Seberry (jenniecs.uow.edu.au).
Privacy Laws & Business 9th Annual Conference. July 1-3, 1996. St.
John's College, Cambridge, England. Contact: Ms. Gill Ehrlich +44 181423 1300 (tel), +44 181 423 4536 (fax).
Advanced Surveillance Technologies II. Sponsored by EPIC and PrivacyInternational. September 16, 1996. Ottawa, Canada. Contact:
piprivacy.org or http://www.privacy.org/pi/conference/
18th International Conference of Data Protection and PrivacyCommissioners. September 18-20, 1996. Ottawa, Canada. Sponsored bythe
Privacy Commissioner of Canada.
(Send calendar submissions to Alertepic.org)
The EPIC Alert is a free biweekly publication of the ElectronicPrivacy Information Center. To subscribe, send email toepic-newsepic.org with the subject: "subscribe" (no quotes).
Back issues are available via http://www.epic.org/alert/
The Electronic Privacy Information Center is a public interestresearch center in Washington, DC. It was established in 1994 to focuspublic
attention on emerging privacy issues relating to the NationalInformation Infrastructure, such as the Clipper Chip, the DigitalTelephony
proposal, medical record privacy, and the sale of consumerdata. EPIC is sponsored by the Fund for Constitutional Government, anon-profit
organization established in 1974 to protect civil libertiesand constitutional rights. EPIC publishes the EPIC Alert, pursuesFreedom
of Information Act litigation, and conducts policy research.
For more information, email infoepic.org, HTTP://www.epic.org orwrite EPIC, 666 Pennsylvania Ave., SE, Suite 301, Washington, DC20003. +1 202 544 9240 (tel), +1 202 547 5482 (fax).
If you'd like to support the work of the Electronic Privacy Information
Center, contributions are welcome and fully tax-deductible. Checks should
be made out to "The Fund for Constitutional Government" and sent to EPIC,
666 Pennsylvania Ave., SE, Suite 301, Washington DC 20003.
Your contributions will help support Freedom of Information Act and First
Amendment litigation, strong and effective advocacy for the right of
privacy and efforts to oppose government regulation of encryption and
funding of the National Wiretap Plan.
Thank you for your support.