You are here:
EPIC Alert >>
 EPICAlert 9
EPIC Alert 3.09  EPICAlert 9 (7 May 1996)
Volume 3.09 May 7, 1996
Published by the
Electronic Privacy Information Center
Table of Contents
 Sen. Burns Introduces New Crypto Bill
 New Report Finds U.S. Workplace Privacy Lacking
 Federal Eavesdropping Increases
 Counter-Terrorism Bill Signed into Law
 FAA Infringes on Travelers' Right to Privacy
 Senate Passes Immigration Bill
 DOD Key Escrow System Problems Surface
 Upcoming Conferences and Eventss
Sen. Conrad Burns (R-MT) has introduced legislation designed to relaxexport controls on privacy-enhancing encryption technology.
The"Promotion of Commerce On-Line in the Digital Era (Pro-CODE) Act" wouldplace export control authority in the Commerce Department,
rather thanthe State Department and the National Security Agency (NSA) -- theagencies currently charged with that responsibility.
The bill alsocontains a "prohibition on mandatory key escrow" and would restrict theDepartment of Commerce's ability to impose government-mandatedencryption
standards (such as the Clipper Chip) on non-governmentalentities. As Sen. Burns explained in a "Dear Colleague" lettercirculated
to other members of the Senate:
This Act will allow businesses and individuals worldwide to choose the strong security features that they need to protect
information being communicated in electronic commerce by: 1) prohibiting the government from imposing government-designed
encryption standards on the private sector; 2) prohibiting "Big Brother" from mandating a back door into people's computer
systems; and 3) updating U.S. export controls on the sale of encryption products in foreign commerce, and placing U.S. businesses
on a level playing field with their foreign competitors.
Co-sponsors of the Pro-CODE Act include Sens. Robert Dole (R-KS),
Patrick Leahy (D-VT), Nancy Murray (D-WA), Larry Pressler (R-SD) andRon Wyden (D-OR). Sen. Dole's co-sponsorship is particularlysignificant,
as it places him squarely at odds with the Clintonadministration on an issue of paramount importance to Silicon Valleyand the nation's
The proposed legislation comes in the midst of an ongoing debateconcerning U.S. encryption policy and at a time when the need forsecure
electronic communications is becoming widely recognized. Theexplosive growth of the Internet underscores the need for policies thatencourage
the development and use of robust security technologies toprotect sensitive personal and commercial information in the digitalenvironment.
As Sen. Burns noted upon introduction of his bill,
"Computer users will not be willing to transmit creative content,
business plans or even send letters without assurances of datasecurity."
EPIC recently joined with more than two dozen other organizations tocreate the Internet Privacy Coalition (IPC). The mission of the
IPC isto promote privacy and security on the Internet through widespreadpublic availability of strong encryption and the relaxation
of exportcontrols on cryptography. The IPC has launched the "Golden KeyCampaign" to raise public awareness of these issues.
Additional information is available at the IPC website:
The text of the Pro-CODE legislation, and Sen. Burns' floor statementon the bill, are available at:
A new report by David Linowes, the former chair of the United StatesPrivacy Protection Study Commission, finds that too many of thenation's
largest industrial corporations still don't have adequatepolicies to protect sensitive confidential employee data from possibleabuse.
Linowes found that 38 percent do not inform employees of the types ofrecords maintained on them; 44 percent do not tell personnel
howrecords are used; nearly 60 percent don't inform employees aboutdisclosure practices to government; and 18 percent don't tell
personnelwhich records the firms can access.
He also found that 70 percent of the companies surveyed disclosedpersonal information to non-government credit grantors, 47 percent
gaveinformation to landlords, and 19 percent gave information to charitableorganizations. "If this kind of liberal cooperation with
creditgrantors is to prevail, the subject individual at least should beinformed. More than one-half are not," Linowes said.
Professor Linowes concludes it would be necessary for Congress and thePresident to consider legislation to address the problem. "It
isapparent that adequate universal information privacy safeguards canonly be achieved by the enactment of public policy legislation
byCongress and the President," Linowes said. "Further, such legislationwould serve to help bring our nation up to the standards alreadyadopted
by practically all other industrialized nations."
Copies of the survey report, including an executive summary ofhighlights, are available by contacting Helen Brighton or Ray Spencerat
(217) 333-0670 or by e-mailing rspenceux1.cso.uiuc.edu.
Copies of the complete press release are available at:
Federal eavesdropping in criminal and national security investigationsincreased nine percent in 1995 from 1994 levels. Since the
last yearof the Bush Administration, federal eavesdropping has increased 49percent.
There were a total of 697 orders issued under the Foreign IntelligenceSurveillance Act in 1995, an increase of 21 percent over 1994.
Onepossible explanation of the increase is a 1994 bill that expanded thejurisdiction of the Foreign Intelligence Surveillance Court
toauthorize break-ins in national security cases. No requests for orderswere denied in 1995. There have been no denials since the
enactment ofthe FISA in 1977.
Federal requests for criminal eavesdropping orders declined slightly in1995, from 554 to 532. State requests dropped by 12 percent.
Eighty-four percent of all state orders were in New York (267),
Pennsylvania (105) New Jersey (38) and Florida (37).
For the seventh straight year, no surveillance requests were denied bya federal or state judge. Only 27 requests have been denied
The vast majority of requests for criminal orders continued to come innarcotics investigations. Sixty-nine percent of all orders
were fordrug investigations, a decline of 16 percent from the previous year.
Investigations of gambling and racketeering accounted for another 9percent each.
The surveillance continued to catch many non-relevant conversations.
Each order intercepted an average of 2,028 conversations, of whichinvestigators labeled only 459 as "incriminating" (22.6%). Federalprosecutors
reported that only 15 percent of conversations theyintercepted were relevant. Each surveillance lasted an average of 49days.
More information on wiretapping, including charts and graphs on usage,
is available at:
On April 23, President Clinton signed S. 735, the Anti-Terrorism andEffective Death Penalty Act of 1996. The signing followed more
than ayear of contentious debate in the Congress over the proper role offederal law enforcement and whether or not to give the FBI
When the first bills were introduced, even before Oklahoma City, theywere a wish list of new intrusive powers demanded by FBI Director
LouisFreeh. The early bills greatly expanded wiretapping powers, allowedfor easy access to consumer information and granted a variety
Many of the wiretap provisions including those allowing use of illegalwiretaps in court and roving wiretaps were rejected due to theobjections
of conservative Republicans in the House. The controversialprovisions, which were contained in the Senate bill, were removed byRepublican
members of the Conference Committee even after a massiveblitz by the White House. The final bill was approved by the Senate91-8
and by the House 293-133.
The bill, however, makes two substantive changes to current wiretaplaws which are characterized as "Exclusion of Certain Types ofInformation
from Definitions." One provision eliminates currentrequirements to obtain a warrant to intercept wireless transmissions ofdata (e.g.,
from a computer attached to a cellular telephone or awireless LAN). This was a provision included in the Digital Telephonybill of
1993 at the recommendation of the Department of Justice. Theother provision removes the requirement to obtain a warrant tointercept
information related to an "electronic funds transfer."
More information on the counter-terrorism bill is available from:
In a series of letters to the Federal Aviation Administration, PrivacyJournal editor and EPIC board member Robert Ellis Smith has
challengedthe FAA's requirement that travelers must show photo ID before they canboard a plane. Smith challenged the constitutionality
of therequirement and has demanded that the FAA drop the requirement and makeinformation concerning its policy public.
In a response letter to Smith, the FAA's Association Administrator forCivil Aviation Security admitted that while the secret directiverequires
the airlines to ask for ID, it does not require the passengerto provide it: "While an airline is required to request identification,
the actual presentation of identification by the passenger is notabsolutely required, and there is currently no prohibition againstallowing
someone on an aircraft without such identification." The FAArefused to release the regulation, citing security reasons.
EPIC has filed a Freedom of Information Act Request with the FAA for acopy of the regulation.
On May 2, by a vote of 97-3, the Senate approved S. 1664, theImmigration Control and Financial Responsibility Act of 1995.
In a key procedural vote, the Senate, led by Sens. Simpson, Kennedy andSimon, voted 54 to 46 not to consider an amendment by Sen.
SpencerAbraham that would have struck out provisions of the bill relating tothe national verifications systems. The amendment also
included aprovision sponsored by Sens. Michael Dewine and Russell Feingold thatwould have removed provisions that required standardized
tamper-proofbirth certificates and drivers licenses.
The House passed its version of the bill two weeks ago. The bill nowgoes to a conference committee to iron out the differences in
According to reports in several trade magazines, the Defense MessagingSystem (DMS) is nearly ready for implementation, but prospective
usersare threatening to shun the universal e-mail platform unless Pentagonofficials eliminate cumbersome security procedures designed
by the NSA.
DOD designed DMS a decade ago to replace the aging AUTODIN messagesystem and to serve as the armed services' global e-mailinfrastructure.
Officials familiar with DMS' security features, whichrely on the National Security Agency's Fortezza encryption card, saidthe system's
slowness is likely to alienate users who send mostlyunclassified messages over commercial e-mail systems. Users ofwireless systems
are also complaining about the high overhead.
The DMS adopted the Fortezza card and is expected to implement over450,000 cards in the next few years. Inside sources note that
the NSAis using the DMS as a justification for paying companies such asMicrosoft and Netscape to adopt the Fortezza card as a standard
fortheir products. NSA has pushed agencies such as the CIA, NASA, IRS andthe Federal Reserve to adopt Fortezza without success.
Cost is also a major factor. Fortezza's PCMCIA cards cost nearly $100each and all computers must be equipped with a card reader that
costsan additional $150.
Workshop on Medical Records Privacy. May 10, 1996. Washington, DC.
Sponsored by the Consumer Project on Technology. Contact Manon Ress(202) 387-8030 or email mressessential.org.
Visions of Privacy for the 21st Century: A Search for Solutions. May9-11, 1996. Victoria, British Columbia. Sponsored by The Office
ofInformation and Privacy Commissioner for the Province of BritishColumbia and the University of Victoria. Program athttp://www.cafe.net/gvc/foi
Internet Privacy and Security Workshop. May 20-21, 1996. HaystackObservatory, MA. Sponsored by Federal Networking Council andMIT.
InfoWarCon (Europe) '96, Defining the European Perspective. May 23-24,
1996. Brussels, Belgium. Sponsored by the National Computer SecurityAssociation. Contact: euroinfowarncsa.com.
Practicing Law Institute's 16th Annual Institute on Computer Law:
Understanding the Business and Legal Aspects of the Internet, June17-18, 1996, San Francisco. infopli.edu for info
or call 800/4770300.
Australasian Conference on Information Security and Privacy. June24-26, 1996. New South Wales, Australia. Sponsored by AustralasianSociety
for Electronic Security and University of Wollongong.
Contact: Jennifer Seberry (jenniecs.uow.edu.au).
Personal Information - Security, Engineering and Ethics. 21-22 June,
1996. Isaac Newton Institute, Cambridge. Sponsored by CambridgeUniversity and British Medical Association. Paper submission due 10
May1996. Contact: Ross Anderson (rja14newton.cam.ac.uk).
Privacy Laws & Business 9th Annual Conference. July 1-3, 1996. St.
John's College, Cambridge, England. Contact: Ms. Gill Ehrlich +44 181423 1300 (tel), +44 181 423 4536 (fax).
DEF CON IV. July 26-28. Los Vegas, NV. Annual Hacker Convention.
Contact: dtangentdefcon.org or http://www.defcon.org/.
Surveillance Expo 96. August 19-21. McLean, Virginia. Sponsored byRoss Associates. Contact: Marilyn Roseberry 703-450-2200.
Fifth International Information Warfare Conference, "Dominating theBattlefields of Business and War", September 5-6, 1996.
Washington, DC. Sponsored by Interpact, NCSA, OSS. Contact:
Advanced Surveillance Technologies II. Sponsored by EPIC and PrivacyInternational. September 16, 1996. Ottawa, Canada. Contact:
http://www.privacy.org/pi/conference/ottawa/ or email piprivacy.org.
18th International Conference of Data Protection and PrivacyCommissioners. September 18-20, 1996. Ottawa, Canada. Sponsored bythe
Privacy Commissioner of Canada.
(Send calendar submissions to Alertepic.org)
The EPIC Alert is a free biweekly publication of the ElectronicPrivacy Information Center. To subscribe, send email toepic-newsepic.org with the subject: "subscribe" (no quotes).
Back issues are available via http://www.epic.org/alert/
The Electronic Privacy Information Center is a public interestresearch center in Washington, DC. It was established in 1994 to focuspublic
attention on emerging privacy issues relating to the NationalInformation Infrastructure, such as the Clipper Chip, the DigitalTelephony
proposal, medical record privacy, and the sale of consumerdata. EPIC is sponsored by the Fund for Constitutional Government, anon-profit
organization established in 1974 to protect civil libertiesand constitutional rights. EPIC publishes the EPIC Alert, pursuesFreedom
of Information Act litigation, and conducts policy research.
For more information, email infoepic.org, HTTP://www.epic.org orwrite EPIC, 666 Pennsylvania Ave., SE, Suite 301, Washington, DC20003. +1 202 544 9240 (tel), +1 202 547 5482 (fax).
If you'd like to support the work of the Electronic Privacy Information
Center, contributions are welcome and fully tax-deductible. Checks should
be made out to "The Fund for Constitutional Government" and sent to EPIC,
666 Pennsylvania Ave., SE, Suite 301, Washington DC 20003.
Your contributions will help support Freedom of Information Act and First
Amendment litigation, strong and effective advocacy for the right of
privacy and efforts to oppose government regulation of encryption and
funding of the National Wiretap Plan.
Thank you for your support.