You are here:
EPIC Alert >>
 EPICAlert 7
EPIC Alert 3.07  EPICAlert 7 (28 March 1996)
Volume 3.07 March 28, 1996
Published by the
Electronic Privacy Information Center
Table of Contents
 CDA Trial Begins in Federal Court
 House Approves Immigration Bill, Rejects National ID Card
 Court Dismisses Case Challenging Export Controls
 Medical Privacy Coalition Releases Draft Medical Privacy Bill
 California PUC Files Supreme Court Appeal on Caller Id Decision
 Administration's FY 1997 Budget - 100 million for Digital Telephony
 CFP Begins in Cambridge
 Upcoming Conferences and Eventss
An evidentiary hearing opened in U.S. District Court in Philadelphia onMarch 21 in the constitutional challenge to the Communications
DecencyAct. During two days of testimony, the plaintiffs explained theworkings of the Internet to the special three-judge panel
anddemonstrated the potential adverse impact of the statutory ban on thetransmission of "indecent" material. "We succeeded in presentingstrong
evidence on all the major reasons why this law isunconstitutional," said Christopher Hansen, lead counsel for theAmerican Civil Liberties
Union. The censorship law, he said, "istechnically and economically infeasible to enforce, it blocks speechthat has value to a great
many people, and it ignores effectivealternatives available both to protect children and to protect freespeech."
The three-judge panel was clearly interested in the workings of theInternet and engaged in extended dialogue with the witnesses called
bythe plaintiffs. The witnesses included:
Scott O. Bradner, senior technical consultant, Information Technology Services, Harvard University
Ann W. Duvall, president, SurfWatch Inc.
Patricia Nell Warren, author and publisher, WildCat Press
Kiyoshi Kuromiya, director, Critical Path AIDS Project
Reverend William R. Stayton, psychologist and Baptist minister
Donna Hoffman, associate professor of management, Owen Graduate
School of Management at Vanderbilt University
Robert B. Croneberger, director, Carnegie Library of Pittsburgh
The proceedings will resume on April 1, when the plaintiffs willconclude the presentation of their case. The government will presentits
evidence on April 12 and 15, with plaintiffs' rebuttal scheduledfor April 26.
The litigation was initiated by the ACLU, EPIC and a coalition of otherorganizations on February 8, shortly after the CDA was signed
A second case, which has been consolidated with the ACLU/EPICchallenge, was subsequently filed by a coalition led by the AmericanLibrary
Association. Additional information on the case, includinglinks to media coverage of the trial, is available at:
The House of Representatives rejected proposals for a national ID cardand a mandatory national database of all workers in the United
The vote came on March 22 when the House approved a far reachingimmigration reform bill.
A manager's amendment submitted by Rep. Lamar Smith (R-TX) made theemployment verification provisions voluntary in at least five of
theseven states with the highest levels of illegal immigration. Toencourage companies to use the voluntary system, firms would beprovided
By a vote of 221 to 191, the House rejected a proposal from Rep. BillMcCollum (R-FL) to create a "tamperproof social security account
Previous proposals by McCollum would have required that all individualsover the age of 16 obtain such a card, which would include
the person'sphotograph, name, address, social security number, and some form ofbiometric identification such as a fingerprint or
An amendment by Rep. Steve Chabot (R-OH) to eliminate allidentification provisions was defeated by a vote of 260 to 159. Thefinal
bill passed on a vote of 333 to 87. The Senate is expected totake up the Immigration bill starting this week.
A federal district court in Washington, D.C. on March 22 dismissed acase brought by privacy activist Phil Karn challenging theconstitutionality
of export controls on cryptography. In February1994, Karn applied for a license to export cryptographer BruceSchneier's book "Applied
Cryptography." The State Department approvedthe license, but shortly thereafter, denied Karn's request for alicense to export a disk
set which contained text files of differentcryptographic algorithms that were printed in the book. Karn filedsuit, claiming that
the denial violated the Administrative ProceduresAct and the First and Fifth Amendments to the Constitution.
The court rejected all of Karn's claims, stating that the casepresented a "political question for the two elected branches" todecide.
It found that the Arms Export Control Act precluded judicialreview of administrative decisions concerning the applicability the"Munitions
List," a regulatory listing of items that may not beexported.
On the First Amendment claim, the court held that the restrictions were"content neutral" because the government is "not regulating
the exportbecause of the expressive content of the comments and or source code,
but instead [is] regulating because of the belief that the combinationof encryption source code on machine readable media will make
it easierfor foreign governments to encode their communications."
More information on the case and on export controls is available at:
The Medical Privacy Coalition, an ad hoc group of privacy, medical,
consumer and patient rights groups has prepared a draft medicalprivacy bill. Dr. Denise Nagel, chair of the Privacy Coalition and
the head of the Coalition for Patient's Rights, said that the draft billaddresses privacy concerns that have been raised about Senate
measure S. 1360. (The American Medical Association recently wrote toSenator Kassebaum to express concern about S. 1360. See EPIC Alert
The new draft bill is based on a patient-centered view of medical recordprivacy and strictly limits disclosure of medical information
for otherpurposes. It is based on five principles:
o Individuals posses a right to privacy with respect to their personally identifiable health information;
o This right to privacy may not be waived in the absence of
meaningful notice and informed (not coerced) consent;
o In the absence of an express waiver, the right to privacy
may not be eliminated or limited, except as expressly provided under this legislation;
o The private patient/physician relationship must be facilitated
and protected; and
o Information that is disclosed must be limited in amount,
duration, and use, thus prohibiting secondary, unauthorized
uses or disclosures, as well as fishing expeditions.
The proposed bill gives each patient the right to access, copy andcorrect health information, limits third party access, prohibits
theuse of the SSN as a health care identifier, and prohibits the creationof longitudinal health records without the consent of the
Activity in Washington on medical privacy is likely to accelerate in thenext few months. The Consumer Project on Technology is expected
tohost a workshop in Washington, DC in early May on medical recordprivacy.
A copy of the Medical Privacy Coalition's draft bill and more
information on medical privacy is available at:
The California Public Utility Commission has filed a Petition with theU.S. Supreme Court, asking the Court to overturn the 9th Circuit
Courtof Appeals' recent decision upholding FCC preemption of Californiarules on Caller ID.
The CPUC petition is based on two grounds: (1) federalism; and (2) theimportant individual interests in freedom of speech and privacyinvolved
in the issue. The Commission argues that the purpose of itsCaller ID regulation was to protect individuals who have nonpublishednumbers
and who may not be reached by the education campaign currentlybeing conducted by the telephone companies.
The petition asserts that "the compelled nondisclosure of privatetelephone numbers identifying the speaker 'burdens protected speech'
and is subject to exacting First Amendment scrutiny." It also arguesthat because the individuals already have nonpublished numbers,
theyhave a greater expectation of privacy.
The CPUC submission ends with a plea to protect privacy:
As we enter the "Information Age" of relentless telemarketing,
of readily available databases containing universal directories,
customer credit profiles and other current virtual biographies,
with cross referencing software, and of the unencumbered dissemination of information on the Internet, California's authority
to adopt a mechanism to preserve its citizen's control over personal information such as their nonpublished telephone numbers
should be protected by this Court.
A copy of the Ninth Circuit opinion may be viewed at:
Additional materials on Caller ID will soon be available at the EPICweb site.
The Clinton Administration is asking for $100 million for Fiscal Year1997 to fund the FBI's Digital Telephony proposal. In addition
to themoney that will go to telephone companies under the "Telephone CarrierCompliance Program," the FBI is also seeking funds to
develop its ownwiretap tools. An undefined amount of additional funding from the $133million Violent Crime Reduction Program will
be used to "financecontinued research and development efforts to produce the equipment toperform court ordered wiretaps within a
digital telephony environment."
A substantial sum of money is being requested to enhance the FBI'sdatabases. The Bureau is also asking for $84.4 million for anautomated
fingerprint identification system (AFIS) and $5.5 million forDNA testing and "establishing an index to facilitate law enforcementexchange
of DNA identification information" -- the Combined DNA IndexSystem (CODIS). Other funds will be used for a nation name/backgroundcheck
for handgun purchases and to establish new databases for "violentgangs/terrorists" and "hostage/barricade." DOJ's Office of Justice
isasking for another $60 million to fund states to computerize theircriminal records systems so that they can be incorporated in
According to the Administration's budget document, there were over 574million transactions on the National Crime Information Computer
in 1995, and it is estimated that in 1996, it will be accessed 631million times.
The new budget also seeks $20 million for the Immigration andNaturalization Service to improve its computer records and to fundpilot
programs for employment verification. According to a budgetoverview, the Administration estimates that 1,000 employers will beusing
the program by the end of 1996. The INS is also asking for $7.8million to fund the IDENT system, which would use biometrics toidentify
individuals crossing the border.
The sixth annual conference on Computers, Freedom and Privacy beginsthis week in Cambridge Massachusetts. The conference brings togetherindividuals
from across the cyberspace community to explore newchallenges to on-line freedom. Featured panels include a moot courtcase involving
a federal law that restricts the use of encryption,
limitations on on-line speech on campus, new proposals on copyright,
and Internet policies in China.
More information about CFP, including daily updates, may be obtainedfrom the CFP home page:
Computers Freedom and Privacy '96. March 27-30, 1996. Cambridge, Mass.
Sponsored by MIT, ACM and WWW Consortium. Contact cfp96mit.edu orhttp://web.mit.edu/cfp96/
Information Leakage by World Wide Web Browsers: How to BlackmailSomeone With Their Own Web Surfing Habits with Shabbir J. Safdar of
Voters Telecommunications Watch. April 16, 1995. Washington, DC.
Sponsored by the Institute for Computer and Telecommunications
Systems Policy, George Washington University. Contact
Conference on Technological Assaults on Privacy, April 18-20, 1996.
Rochester Institute of Technology, Rochester, New York. Contact: Wade
Robison, privacyrit.edu, by FAX at (716) 475-7120, or by phone at (716)
Electronic Democracy. April 24-25, 1996. Ottawa, Ontario. Sponsoredby Riley Information Services. Contact: 76470.336compuserve.com
RSA Day in Washington. April 25, 1996. Washington, D.C. Sponsored byRSA Data Security. Contact: Layne Kaplan Events (415) 340-9300
Computerizing Medical Records and Health Information: The SocietalBenefits and Privacy Issues with Professor Alan Westin and EPIC'sMarc
Rotenberg. April 26, 1995. Washington, DC. Sponsored by theInstitute for Computer and Telecommunications Systems Policy, George
Washington University. Contact http://www.seas.gwu.edu/seas/ictsp/
IEEE Symposium on Security and Privacy, May 6-8, 1996. Oakland, CA.
Sponsored by IEEE. Contact: sp96cs.pdx.edu orhttp://www.cs.pdx.edu/SP96.
Visions of Privacy for the 21st Century: A Search for Solutions. May9-11, 1996. Victoria, British Columbia. Sponsored by The Office
ofInformation and Privacy Commissioner for the Province of BritishColumbia and the University of Victoria. Program athttp://www.cafe.net/gvc/foi
Internet Privacy and Security Workshop. May 20-21, 1996. Haystack
Observatory, MA. Sponsored by Federal Networking Council andMIT. Contact: papersrpcp.mit.edu.
InfoWarCon (Europe) '96, Defining the European Perspective. May 23-24,
1996. Brussels, Belgium. Sponsored by the National Computer SecurityAssociation. Contact: euroinfowarncsa.com.
Australasian Conference on Information Security and Privacy. June24-26, 1996. New South Wales, Australia. Sponsored by AustralasianSociety
for Electronic Security and University of Wollongong.
Contact: Jennifer Seberry (jenniecs.uow.edu.au).
Personal Information - Security, Engineering and Ethics. 21-22 June,
1996. Isaac Newton Institute, Cambridge. Sponsored by CambridgeUniversity and British Medical Association. Paper submission due 10
May1996. Contact: Ross Anderson (rja14newton.cam.ac.uk).
Privacy Laws & Business 9th Annual Conference. July 1-3, 1996. St.
John's College, Cambridge, England. Contact: Ms. Gill Ehrlich +44 181423 1300 (tel), +44 181 423 4536 (fax).
Surveillance Expo 96. August 19-21. McLean, Virginia. Sponsored byRoss Associates. Contact: Marilyn Roseberry 703-450-2200.
Fifth International Information Warfare Conference, "Dominating the
Battlefields of Business and War", September 5-6, 1996.
Washington, DC. Sponsored by Interpact, NCSA, OSS. Contact:
Advanced Surveillance Technologies II. Sponsored by EPIC and PrivacyInternational. September 16, 1996. Ottawa, Canada. Contact:
piprivacy.org or http://www.privacy.org/pi/conference/
18th International Conference of Data Protection and PrivacyCommissioners. September 18-20, 1996. Ottawa, Canada. Sponsored bythe
Privacy Commissioner of Canada.
(Send calendar submissions to Alertepic.org)
The EPIC Alert is a free biweekly publication of the ElectronicPrivacy Information Center. To subscribe, send email toepic-newsepic.org with the subject: "subscribe" (no quotes).
Back issues are available via http://www.epic.org/alert/
The Electronic Privacy Information Center is a public interestresearch center in Washington, DC. It was established in 1994 to focuspublic
attention on emerging privacy issues relating to the NationalInformation Infrastructure, such as the Clipper Chip, the DigitalTelephony
proposal, medical record privacy, and the sale of consumerdata. EPIC is sponsored by the Fund for Constitutional Government, anon-profit
organization established in 1974 to protect civil libertiesand constitutional rights. EPIC publishes the EPIC Alert, pursuesFreedom
of Information Act litigation, and conducts policy research.
For more information, email infoepic.org, HTTP://www.epic.org orwrite EPIC, 666 Pennsylvania Ave., SE, Suite 301, Washington, DC20003. +1 202 544 9240 (tel), +1 202 547 5482 (fax).
If you'd like to support the work of the Electronic Privacy Information
Center, contributions are welcome and fully tax-deductible. Checks should
be made out to "The Fund for Constitutional Government" and sent to EPIC,
666 Pennsylvania Ave., SE, Suite 301, Washington DC 20003.
Your contributions will help support Freedom of Information Act and First
Amendment litigation, strong and effective advocacy for the right of
privacy and efforts to oppose government regulation of encryption and
funding of the National Wiretap Plan.
Thank you for your support.