WorldLII Home | Databases | WorldLII | Search | Feedback

EPIC Alert

You are here:  WorldLII >> Databases >> EPIC Alert >> 1996 >> [1996] EPICAlert 8

Database Search | Name Search | Recent Articles | Noteup | LawCite | Help

EPIC Alert 3.08 [1996] EPICAlert 8


Volume 3.08 April 11, 1996

Published by the

Electronic Privacy Information Center

Washington, D.C.

Table of Contents

[1] CDA Trial Update -- DoJ to Present Testimony

[2] House Passes Health Care Bill

[3] Congress to Vote on Terrorism Bill Next Week

[4] Insiders Sell Info on 11,000 people from SSA Computers

[5] California, Minnesota Debate Comprehensive Privacy Bills

[6] Illinois to Stop Selling DMV Records

[7] DOD Key Escrow System Problems Surface

[8] Upcoming Conferences and Eventss

[1] CDA Trial Update -- DoJ to Present Testimony

The Justice Department will begin its defense of the CommunicationsDecency Act (CDA) in federal court in Philadelphia on Friday, April12. Somewhat surprisingly, the government plans to call only twowitnesses. The first, Special Agent Howard A. Schmidt of the AirForce Office of Special Investigations, is (according to DOJ)
"expected to present a demonstration and testify concerning access toinformation, including sexually explicit material, that is availableonline." The second witness will be Dr. Dan R. Olsen, Jr., Professorof Computer Science at Brigham Young University, who is expected totestify "concerning technical issues related to the 'safe harbor'
defenses" under the CDA.

Both government witnesses were examined by ACLU, EPIC and ALA attorneysin depositions conducted earlier this week. Agent Schmidt's testimonycentered on his use of various Internet "search engines" to locatematerial he characterized as "sexually explicit." The downloadedimages will be introduced as evidence on April 12. During hisdeposition, Schmidt declined to offer his opinion as to what kinds ofinformation could be deemed "indecent" or "patently offensive" withinthe meaning of the CDA. Dr. Olsen of BYU described various approachesthat could be employed to tag online material as inappropriate forminors, as well as technical means for restricting access toparticular Internet sites through the use of "age verification"
systems. Olsen asserted that these techniques would enable contentproviders to comply with the CDA, although he acknowledged that theyare not widely available at the present time.

Presentation of the government's case is expected to continue onMonday, April 15. If plaintiffs elect to present rebuttal testimony,
it will be heard on April 26. The three-judge court has scheduledfinal legal arguments in the case for June 3.

Additional information on the CDA constitutional challenge initiatedby the ACLU, EPIC and a coalition of other organizations, is availableat:

[2] House Passes Health Care Bill

On March 28, the House of Representatives approved HR 3103, the HealthCoverage Availability and Affordability Act of 1996. The bill includesprovisions on "Administrative Simplification" that affect the privacyof medical records.

The provisions delegate all authority for the setting of privacy andsecurity standards to the Secretary of Health and Human Services. TheSecretary is given 18 months to issue regulations protecting thesecurity and confidentiality of electronic medical records. Todetermine security, the regulations must take into account a number offactors which water down the security guidelines, while not examiningthe effect on health care of having insecure systems. The standardsfor privacy are similarly weak and leave HHS with nearly unfettereddiscretion to determine authorized and unauthorized uses.

Another controversial area is the choice of the identification number.
The bill requires that HHS choose the ID number and that "the Secretaryshall take into account multiple uses for identifiers." There have beenseveral indications that the HHS plans to use the Social SecurityNumber (SSN) as the medical identification number since the SocialSecurity Administration is part of HHS.

However, unlike the Bennett bill (S. 1360), the House bill does notprevent states from enacting stronger medical privacy laws. While itdoes preempt states from enacting laws that require information to bemaintained in written rather than electronic form, it allows states toadopt laws that "are more stringent than the requirements, standards,
or implementation specifications under this part with respect to theprivacy of individually identifiable health information."

The Senate is also working on a health care bill introduced bySenators Kassebaum and Kennedy. That bill does not contain theadministrative simplification provisions of the House bill.

More information is available at:

[3] Congress to Vote on Terrorism Bill Next Week

A House-Senate conference committee is expected to vote next week onthe controversial counter-terrorism bill. Earlier this week, theRepublican members of the committee met behind closed doors to finishamending the bill. The full committee is scheduled to vote and approvethe Republican changes on Monday. On Tuesday, the full Senate isexpected to vote on the conference committee draft. The House isexpected to vote on Wednesday or Thursday. Friday is the anniversaryof the bombing of the Oklahoma City federal building and politicalpressure is on to have a bill completed by then.

A Senate bill passed last year with several provisions increasing thecollection of personal information and expanding wiretapping,
including funding for the Digital Telephony bill. The House bill,
stripped of those provisions, passed last month in a close floor vote.
President Clinton has been pushing the conferees to include the Senateprovisions in the final bill.

The House members of the conference committee are Representatives Hyde(R-IL), McCollum (R-FL), Schiff (R-NM), Buyer (R-ID), Barr (R-GA),
Conyers (D-MI), Schumer (D-NY), and Berman (D-CA). The Senate membersare Hatch (R-UT), Thurmond (R-SC), Simpson (R-WY), Biden (D-DE), andKennedy (D-MA).

More information and the texts of the House and Senate bills isavailable at:


[4] Insiders Sell Info on 11,000 people from SSA Computers

According the NY Times, several employees of the New York offices ofthe Social Security Administration are being investigated for leakingthousands of sensitive files from SSA to groups engaged in creditfraud. According to reports, several employees illegally examinedover 11,000 records of individuals and disclosed Social SecurityNumbers and mothers' maiden names to fraudsters. One SSA employeeexamined 10,000 files since January 1995. Another ten employeespulled the records of over 1,200 other individuals.

The records were then used to set up charge accounts in the victims'
names. The SSA did not detect the illegal practices until Citibankinformed the agency of a large amount of fraud involving stolen cards.
A New York City public employee has been charged with fraud. Noemployees of the SSA have yet been arrested.

[5] California, Minnesota Debate Comprehensive Privacy Bills

In Minnesota, the state House of Representatives has passed HB 2816, anonline privacy bill that would restrict service providers fromdisclosing consumers' information without their consent. It requiresonline providers to display pages setting forth their privacy policiesand to ask subscribers to select the extent to which they authorizesecondary uses of personal information. Individuals can sue for $500and damages for each violation.

The Minnesota House overwhelmingly passed the bill in early March, butthe state Senate passed a bill that would only create a privacy studycommission. The House rejected the Senate amendment and the billcurrently is in a conference committee.

A copy of the Minnesota House bill is available at:

In California, a hearing is scheduled for the first week of May onSB 1659, which would prohibit the use or distribution of personalinformation without the permission of the individual. The bill wasintroduced by State Senator Steve Peace of San Diego, who noted thatcurrent laws and self-help are not adequate: "so many files are kept onus without our knowledge that it would be a full-time job just tryingto find out who has them."

The bill includes findings on the California Constitution's right toprivacy. It states:

"No person or corporation may use or distribute for profit any personal information concerning a person without that person's written consent. Such information includes, but is not limited to, an individual's credit history, finances, medical history,
purchases, and travel patterns."

More information on efforts to stem the collection of personalinformation is available at:

[6] Illinois to Stop Selling DMV Records

Illinois Secretary of State George Ryan announced on April 2 that thestate would stop its 30-year practice of selling records from theDepartment of Motor Vehicles (DMV) to direct marketers startingJanuary 1, 1997.

The Illinois DMV currently sells information from driver's licenseapplications and automobile registrations including the names,
addresses, weights, and heights of individuals. More than 14,000people had already asked to be removed from the DMV lists under a1993 law. Ryan said that the change was being made at the request ofthousands of citizens who were not aware of their ability to beremoved from the lists. The lists will still be available forpolitical and research purposes and to other government agencies andinsurance companies. The state has earned an average of $600,000 peryear on the sales.

[7] New Electronic Resources

The EPIC Privacy Archives have been expanded to include documentson 17 different areas of privacy. New information is available onID cards, welfare reform, educational privacy, Cable TV records andCaller ID:

The EPIC Online Guide to Privacy Resources has been updated to includenew sites and conferences:

[8] Upcoming Conferences and Events

Information Leakage by World Wide Web Browsers: How to BlackmailSomeone With Their Own Web Surfing Habits with Shabbir J. Safdar ofVoters Telecommunications Watch. April 16, 1996. Washington, DC.
Sponsored by the Institute for Computer and TelecommunicationsSystems Policy, George Washington University. Contact

Colloque: Big Brother Quebec inc. April 17, 1996. Montreal,
Canada. Sponsored by Association securite informatique de Quebec.
Contact: A. Bayle (514) 395-8689 or email

Conference on Technological Assaults on Privacy, April 18-20, 1996.
Rochester Institute of Technology, Rochester, New York. Contact: WadeRobison,, by FAX at (716) 475-7120, or by phone at(716) 475-6643.

Electronic Democracy. April 24-25, 1996. Ottawa, Ontario. Sponsoredby Riley Information Services. Contact: or

RSA Day in Washington. April 25, 1996. Washington, D.C. Sponsored byRSA Data Security. Contact: Layne Kaplan Events (415) 340-9300 or

Computerizing Medical Records and Health Information: The SocietalBenefits and Privacy Issues with Professor Alan Westin and EPIC'sMarc Rotenberg. April 26, 1995. Washington, DC. Sponsored by theInstitute for Computer and Telecommunications Systems Policy, GeorgeWashington University. Contact

IEEE Symposium on Security and Privacy. May 6-8, 1996. Oakland, CA.
Sponsored by IEEE. Contact: or

Workshop on Medical Records Privacy. May 10, 1996. Washington, DC.
Sponsored by the Consumer Project on Technology. Contact Manon Ress(202) 387-8030 or email

Visions of Privacy for the 21st Century: A Search for Solutions. May9-11, 1996. Victoria, British Columbia. Sponsored by The Office ofInformation and Privacy Commissioner for the Province of BritishColumbia and the University of Victoria. Program at
Internet Privacy and Security Workshop. May 20-21, 1996. HaystackObservatory, MA. Sponsored by Federal Networking Council andMIT. Contact:

InfoWarCon (Europe) '96, Defining the European Perspective. May 23-24,
1996. Brussels, Belgium. Sponsored by the National Computer SecurityAssociation. Contact:

Practicing Law Institute's 16th Annual Institute on Computer Law:
Understanding the Business and Legal Aspects of the Internet, June17-18, 1996, San Francisco. for info
or call 800/4770300.

Australasian Conference on Information Security and Privacy. June24-26, 1996. New South Wales, Australia. Sponsored by AustralasianSociety for Electronic Security and University of Wollongong.
Contact: Jennifer Seberry (

Personal Information - Security, Engineering and Ethics. 21-22 June,
1996. Isaac Newton Institute, Cambridge. Sponsored by CambridgeUniversity and British Medical Association. Paper submission due 10 May1996. Contact: Ross Anderson (

Privacy Laws & Business 9th Annual Conference. July 1-3, 1996. St.
John's College, Cambridge, England. Contact: Ms. Gill Ehrlich +44 181423 1300 (tel), +44 181 423 4536 (fax).

Surveillance Expo 96. August 19-21. McLean, Virginia. Sponsored byRoss Associates. Contact: Marilyn Roseberry 703-450-2200.

Fifth International Information Warfare Conference, "Dominating theBattlefields of Business and War", September 5-6, 1996.
Washington, DC. Sponsored by Interpact, NCSA, OSS. Contact:
Advanced Surveillance Technologies II. Sponsored by EPIC and PrivacyInternational. September 16, 1996. Ottawa, Canada. Contact: or

18th International Conference of Data Protection and PrivacyCommissioners. September 18-20, 1996. Ottawa, Canada. Sponsored bythe Privacy Commissioner of Canada.

(Send calendar submissions to

The EPIC Alert is a free biweekly publication of the ElectronicPrivacy Information Center. To subscribe, send email with the subject: "subscribe" (no quotes).

Back issues are available via

The Electronic Privacy Information Center is a public interestresearch center in Washington, DC. It was established in 1994 to focuspublic attention on emerging privacy issues relating to the NationalInformation Infrastructure, such as the Clipper Chip, the DigitalTelephony proposal, medical record privacy, and the sale of consumerdata. EPIC is sponsored by the Fund for Constitutional Government, anon-profit organization established in 1974 to protect civil libertiesand constitutional rights. EPIC publishes the EPIC Alert, pursuesFreedom of Information Act litigation, and conducts policy research.
For more information, email, HTTP:// orwrite EPIC, 666 Pennsylvania Ave., SE, Suite 301, Washington, DC20003. +1 202 544 9240 (tel), +1 202 547 5482 (fax).

If you'd like to support the work of the Electronic Privacy Information
Center, contributions are welcome and fully tax-deductible. Checks should
be made out to "The Fund for Constitutional Government" and sent to EPIC,
666 Pennsylvania Ave., SE, Suite 301, Washington DC 20003.

Your contributions will help support Freedom of Information Act and First
Amendment litigation, strong and effective advocacy for the right of
privacy and efforts to oppose government regulation of encryption and
funding of the National Wiretap Plan.

Thank you for your support.

WorldLII: Copyright Policy | Disclaimers | Privacy Policy | Feedback