WorldLII Home | Databases | WorldLII | Search | Feedback

EPIC Alert

You are here:  WorldLII >> Databases >> EPIC Alert >> 1996 >> [1996] EPICAlert 5

Database Search | Name Search | Recent Articles | Noteup | LawCite | Help

EPIC Alert 3.05 [1996] EPICAlert 5


Volume 3.05 February 29, 1996

Published by the

Electronic Privacy Information Center

Washington, D.C.

Table of Contents

[1] ACLU/EPIC Lawsuit Puts CDA Enforcement on Hold

[2] Draft Crypto Bill Circulating

[3] Personal Crypto Export Allowed

[4] Court Rules Against Email Privacy

[5] Calls Pour into PacBell Over Caller ID

[6] State Legislatures Examine Privacy Issues

[7] Digital Telephony Funding Update

[8] Upcoming Conferences and Events

[1] ACLU/EPIC Lawsuit Puts CDA Enforcement on Hold

In a stipulation signed on February 23, the Justice Department hasagreed not to initiate investigations or prosecutions under the"indecency" or "patently offensive" censorship provisions of theCommunications Decency Act (CDA) while a three-judge panel inPhiladelphia considers the case. The plaintiffs' attorneys, led byChris Hansen of the American Civil Liberties Union (ACLU), considerthe agreement to be a significant victory because it expandsprotections for Internet users beyond the temporary restraining orderon the "indecency" provision granted by U.S. District Judge RonaldBuckwalter on February 15. Under the stipulated agreement, whichprotects all Internet users, no one will be investigated or prosecutedfor the transmission of "patently offensive" speech. If the law isultimately upheld, the government has reserved the right to prosecutelater for such speech dating from the passage of the CDA.

At a scheduling conference held on February 20, the three-judge courtset five dates for the hearing on the plaintiffs' preliminaryinjunction motion in Philadelphia. The plaintiffs, including EPIC andthe ACLU, will present their case on March 21 and 22, with April 1reserved if necessary. The government's case will be presented onApril 11 and 12. The complete trial is scheduled to last five days.

In a related development, the American Library Association and acoalition of publishers, content providers and commercial accessproviders have filed a separate lawsuit in Philadelphia challengingthe CDA. The new case has been consolidated with the pendinglitigation. "Things are moving very, very fast and we need to make
certain that our society doesn't destroy the potential of our technology
even before it comes into its full potential," said Judy Krug, director
of the Office of Intellectual Freedom for the American Library
Association and a member of the EPIC Advisory Board.

Comprehensive information on the CDA lawsuit, including the text ofthe stipulation signed on February 23, is available at:

[2] Draft Crypto Bill Circulating

Senator Patrick Leahy (D-VT) is expected to introduce the EncryptedCommunications Privacy Act of 1996 within the next week. The billattempts to answer a number of unresolved issues concerning the use ofencryption technology. Among the key features, the bill:

- Creates a legal framework for key escrow agents including the
obligations to disclose keys and assist law enforcement, and sets
penalties for improper disclosure;

- Criminalizes the use of encryption which may have the effect of
obstructing a felony investigation;

- Affirms the freedom to use encryption; and
- Relaxes export controls by transferring authority for export
decisions to the Secretary of Commerce.

The bill reflects a number of the recommendations made by EPIC, EFF,
the USACM and various industry and trade groups to relax export controllaw and affirm the freedom to use all forms of encryption. However, thebill does little to roll back the deployment of Clipper-inspiredencryption in the federal government or remove the classificationrestrictions on encryption policy that currently block public scrutinyof government policy.

The bill also brings into sharp focus the problems with key escrowencryption. The bill makes clear that escrow agents could facestaggering liability -- criminal prosecution if they fail to complywith what are currently ill-defined obligations to assist lawenforcement and civil liability if keys are improperly disclosed ortrade secrets improperly released. There is also no indication thatCongress has yet considered the risks to network vulnerability orrecord integrity if key escrow is widely deployed.

EPIC will provide a copy of the bill online as soon as it is formallyintroduced. Check the EPIC crypto page for this and other developmentsrelating to encryption policy:

[3] Personal Crypto Export Allowed

After more than two years of delay, the U.S. State Department hasfinally released new regulations allowing for limited export ofcryptography. The new regulations allow American citizens to takeencryption software or hardware on overseas trips if they keep maintainof the devices at all times. They are also required to keep records ofthe trip for five years.

More information on the new regulations and other information on exportcontrols is available at:

[4] Court Rules Against Email Privacy

A U.S. District Court in Pennsylvania ruled on January 18 that even ifan employer promises not to intercept email on a company system, thereis not an expectation of privacy in the email. The case underscores thequestion of whether the court system has an adequate understanding of
the underlying technology.

According to the court, the employer repeatedly told its employees that"all email communications would remain confidential and privileged"
and that "e-mail communications could not be used by [the company]
against its employees as grounds for termination." Even with that
promise, the employer intercepted the communications of Michael Smithand fired him. The court held that:

We do not find a reasonable expectation of privacy in e-mail communications voluntarily made by an employee to his supervisor over the company e-mail system notwithstanding any assurances by management. Once plaintiff communicated the alleged unprofessional comments to a second person over an e-mail system which was apparently utilized by the entire company, any reasonable expectation of privacy was lost .... we find no privacy interests in such communications.

We do not find that a reasonable person would consider the
defendant's interception of these communications to be a substantial
and highly offensive invasion of his privacy"

A copy of the decision is available at:

[5] Calls Pour into PacBell Over Caller ID

Following the 9th Circuit Court of Appeals' decision on Caller ID (seeAlert 3.03), California telephone companies have began a publiceducation campaign concerning the service. The companies were requiredto provide customer education by the state Public Utilities Commission(PUC) before the June 1 introduction of the service. The PUC rejectedthe companies' first attempt to turn the education effort into anadvertising campaign selling the service.

According to news reports, over 100,000 people called the informationlines in the first week that the advertisements ran in Californianewspapers. This included 22,000 people on the first day. Of thatgroup, 13,000 requested that the companies set up permanent (per-line)
blocking on their phones. The companies needed to hire more staff tofield the calls after the first day.

The California PUC has announced that it will appeal the 9th Circuitdecision to the U.S. Supreme Court.

[6] State Legislatures Examine Privacy Issues

While Congress has failed to review privacy issues in recent sessions,
many state legislatures are considering enacting bills to enhancepersonal privacy. These include:

Video Surveillance - After several controversial cases, Maryland (HB273) and California (AB2051) are considering bills that would prohibitvideotaping in private places without the consent of the subject.

Motor Vehicle Records - In response to the Federal DMV Privacy Actpassed in 1993, Maryland (SB 538) and West Virginia are consideringbills to limit access to motor vehicle records without the permissionof the driver.

Personal Information -- In the wake of the Avrahami case, California isconsidering a bill (SB1659) to prevent companies from using ordistributing personal information without the consent of theindividual.

Email Privacy -- Colorado is considering a bill that would requireprivate employers to notify employees about their privacy policies forelectronic mail. It would also limit the availability of email that can
be obtained under the state open records law (HB1199).

Medical Privacy -- Maryland is considering a bill that would limit thestate government's ability to collect and maintain in a single databaseinformation concerning all medical treatment in Maryland.

[7] Digital Telephony Funding Update

The House of Representatives will consider an amendment by Rep.
Charles Schumer (D-NY) as it takes up H.R. 1710, the ComprehensiveAnti-Terrorism Act of 1996. The vote on the bill is expected to takeplace during the week of March 11.

The amendment would create a "Department of Justice TelecommunicationsCarrier Compliance Fund" to be used to reimburse telephone companiesand manufacturers for the cost of modifying their equipment tofacilitate wiretapping. Such changes are mandated by the Commun-
ications Assistance for Law Enforcement Act (also known as the"digital telephony bill") enacted by Congress in late 1994. The fundwould be created by imposing a 40 percent surcharge on all civilmonetary penalties (except for those imposed in cases involving theIRS) assessed after the enactment of the bill. Thus, any individual,
small business or corporation fined for violating any federalregulation or law (from environmental to banking to health and safetyrules) would automatically have their fines increased by 40 percent.

The funds would be disbursed as follows: $100 million in FY 1996; $305million in FY1997; and $80 million in FY 1998.

More information on digital telephony and the terrorism bill isavailable at:

[8] Upcoming Conferences and Events

Technologies of Freedom: Blueprints for Action, Feb. 29-March 2,
1996. Washington, DC. Sponsored by the Alliance for Public Technology.
Contact: Ruth Holder, or

The Impact of Cybercommunication on Telecommunications, March 8, 1996.
New York, NY. Sponsored Columbia University Institute forTele-Information. Contact: or
C|NET's Electronic Commerce Conference, March 20-22, 1996. FourSeasons Hotel, Newport Beach, California. Contact: (415) 395-7805 x.
165; or

Computers Freedom and Privacy '96. March 27-30, 1996. Cambridge, Mass.
Sponsored by MIT, ACM and WWW Consortium. Contact or

Conference on Technological Assaults on Privacy, April 18-20, 1996.
Rochester Institute of Technology, Rochester, New York. Papers shouldbe submitted by February 1, 1996. Contact: Wade Robison,, by FAX at (716) 475-7120, or by phone at (716)

IEEE Symposium on Security and Privacy, May 6-8, 1996. Oakland, CA.
Sponsored by IEEE. Contact: or

Visions of Privacy for the 21st Century: A Search for Solutions. May9-11, 1996. Victoria, British Columbia. Sponsored by The Office ofInformation and Privacy Commissioner for the Province of BritishColumbia and the University of Victoria. Program at
Australasian Conference on Information Security and Privacy June24-26, 1996. New South Wales, Australia. Sponsored by AustralasianSociety for Electronic Security and University of Wollongong.
Contact: Jennifer Seberry (

Privacy Laws & Business 9th Annual Conference. July 1-3, 1996. St.
John's College, Cambridge, England. Contact: Ms. Gill Ehrlich +44 181423 1300 (tel), +44 181 423 4536 (fax).

Advanced Surveillance Technologies II. Sponsored by EPIC and PrivacyInternational. September 16, 1996. Ottawa, Canada. Contact: or

18th International Conference of Data Protection and PrivacyCommissioners. September 18-20, 1996. Ottawa, Canada. Sponsored bythe Privacy Commissioner of Canada.

(Send calendar submissions to

The EPIC Alert is a free biweekly publication of the ElectronicPrivacy Information Center. To subscribe, send email with the subject: "subscribe" (no quotes).

Back issues are available via

The Electronic Privacy Information Center is a public interestresearch center in Washington, DC. It was established in 1994 to focuspublic attention on emerging privacy issues relating to the NationalInformation Infrastructure, such as the Clipper Chip, the DigitalTelephony proposal, medical record privacy, and the sale of consumerdata. EPIC is sponsored by the Fund for Constitutional Government, anon-profit organization established in 1974 to protect civil libertiesand constitutional rights. EPIC publishes the EPIC Alert, pursuesFreedom of Information Act litigation, and conducts policy research.
For more information, email, HTTP:// orwrite EPIC, 666 Pennsylvania Ave., SE, Suite 301, Washington, DC20003. +1 202 544 9240 (tel), +1 202 547 5482 (fax).

If you'd like to support the work of the Electronic Privacy Information
Center, contributions are welcome and fully tax-deductible. Checks should
be made out to "The Fund for Constitutional Government" and sent to EPIC,
666 Pennsylvania Ave., SE, Suite 301, Washington DC 20003.

Your contributions will help support Freedom of Information Act and First
Amendment litigation, strong and effective advocacy for the right of
privacy and efforts to oppose government regulation of encryption and
funding of the National Wiretap Plan.

Thank you for your support.

WorldLII: Copyright Policy | Disclaimers | Privacy Policy | Feedback