WorldLII Home | Databases | WorldLII | Search | Feedback

EPIC Alert

You are here:  WorldLII >> Databases >> EPIC Alert >> 1997 >> [1997] EPICAlert 11

Database Search | Name Search | Recent Articles | Noteup | LawCite | Help

EPIC Alert 4.11 [1997] EPICAlert 11


Volume 4.11 July 23, 1997

Published by the Electronic Privacy Information Center (EPIC)
Washington, D.C.

Table of Contents

[1] AOL to Sell Subscriber Telephone Numbers
[2] Search Engine Rating Scheme Touted at White House
[3] Another House Committee Approves SAFE Crypto Bill
[4] FTC Acts on Kids' Privacy
[5] Cellular Phone Group Asks FCC to Set Wiretap Standards
[6] New Bills in Congress
[7] New at the EPIC Bookstore
[8] Upcoming Conferences and Events

[1] AOL to Sell Subscriber Telephone Numbers

In a quiet change to its privacy policy, America Online will soon beadding subscriber phone numbers to the list of personal information thatit sells to direct marketers. The company may also match member listsagainst "publicly available third-party data" to develop lists foroutside direct mail opportunities. Previously, AOL's privacy policyprevented the disclosure of subscriber telephone numbers, while allowingthe company to sell member names and addresses.

The new policy, which is to take effect on July 31, can be found in therelatively obscure "Terms of Service" area of the online service. Nonotice of the new policy has been provided on the "Welcome" screen wherenew AOL features are typically announced. The revised policy states that
We make our mailing list (name and address) available to select independent companies that offer products and information we think may interest you. Additionally, we may make the list with telephone numbers available to companies with which AOL,
Inc. has contractual marketing and online relationships for the purpose of permitting such companies to offer products and services over the telephone. AOL, Inc. may also match the Member lists against publicly available third-party data (demographic information, areas of interest, etc.) to develop lists for use by these companies.

The new policy, which is to take effect on July 31, also points out thatAOL discloses individual information in an aggregated form in order todescribe its services to prospective partners, advertisers and otherthird parties. AOL may also use publicly available third-party data suchas demographic information and areas of interest to assist AOL in their"programming, editorial research and to offer special opportunities toour Members."

While AOL will generally not disclose "navigational" or "transactional"
information (such as where you go or what you buy through AOL) to thirdparties, it may use such information to develop member lists forcompanies with which AOL has a contractual marketing relationship.

For years (and most recently before the Federal Trade Commission),
industry has argued that self-regulation and not legislation is the onlyway to ensure that businesses protect individual privacy in electronicmedia. If AOL's new privacy policy is representative of industry'svision of what self regulation entails, users may have real cause forconcern.

More information on online privacy is available at:

[2] Search Engine Rating Scheme Touted at White House

Leading industry groups suggested on July 16 that they may excludematerial from widely used search engines unless the authors agree toattach subjective rating labels to all web pages and other onlineinformation. Less than three weeks after the Supreme Court struck downthe Communications Decency Act, a far more sweeping proposal to restrictinformation available on the Internet -- "filtering," "blocking" andrating online content -- was touted at a White House summit meeting.

Announcing the Administration's "Strategy for a Family FriendlyInternet," President Clinton described the private sector initiative thatwill presumably preclude the need for new content-control legislation:

For ["family-friendly"] controls to work to their full potential, we also need to encourage every Internet site,
whether or not it has material harmful for young people, to label its own content as the Vice President described just a few moments ago. To help to speed the labeling process along,
several Internet search engines -- the Yellow Pages of cyberspace, if you will -- will begin to ask that all Web sites label content when applying for a spot in their directories.

I want to thank Yahoo, Excite and Lycos for this important commitment. You're helping greatly to assure that self-
labeling will become the standard practice. And that must be our objective.

While such an approach might seem preferable to CDA-type legislation atfirst glance, it raises the specter of an Internet where only theequivalent of "PG" rated content could be found through the searchengines users have come to depend on. EPIC is encouraging users tocontact the search services and oppose such rating requirements asfundamentally at odds with free speech principles.

More information on filtering/blocking/rating, and contact informationfor the major search engines, is available at:

[3] Another House Committee Approves SAFE Crypto Bill

The House International Relations Committee approved the SAFE encryptionbill on July 22. The legislation, which had already been approved by theHouse Judiciary Committee, would substantially relax U.S. export controlson encryption. By a vote of 22-13, the committee rejected an amendmentoffered by Chairman Benjamin Gilman (R-NY) that would have permitted thePresident to maintain strict controls on the technology upon a findingthat "the export of such items would adversely affect the nationalsecurity."

The Committee's rejection of Gilman's amendment was particularlysignificant, given that top officials from the FBI, National SecurityCouncil and the Drug Enforcement Agency took the unusual step ofappearing before the panel to warn that use of encryption by criminalswould hamper their ability to fight crime. Secretary of Defense WilliamCohen also transmitted a written appeal to the Committee members in whichhe urged rejection of the SAFE bill.

While encryption reform efforts have moved forward in the House,
prospects in the Senate are less promising. On June 18, the SenateCommerce Committee approved the Secure Public Networks Act (S. 909),
which was introduced by Sens. Bob Kerrey (D-NE) and John McCain (R-AZ).
That bill contains a number of coercive measures that would forcewidespread domestic adoption of key escrow encryption techniques
The SAFE bill will now be considered by the Commerce, National Security,
and Intelligence committees in the House, which are expected to vote onthe legislation by early September.

More information on the SAFE bill is available at:

[4] FTC Acts on Kids' Privacy

The Federal Trade Commission has found that a web site which collectsdata from kids and then sells it without notice is engaging in adeceptive business practice in violation of the Federal Trade CommissionAct.

The Center for Media Education brought the complaint against KidsCom onMay 13, 1996, charging that the popular children's Web site was usingdeceptive and unfair practices to market to children. CME filed thepetition in an effort to address the growing problem of deceptive andunfair marketing practices targeting children on the Web.

The Commission's action marks the first formal articulation of policy bythe agency's Bureau of Consumer Protection regarding what is permissiblewhen marketing to children online. The FTC letter sets out broadprinciples that apply generally to online information collection fromchildren. The FTC stated that:

A practice is unfair under Section 5 if it causes, or is likely to cause, substantial injury to consumers which is not reasonably avoidable and is not outweighed by countervailing benefits to consumers or competition.(11) We believe that it would likely be an unfair practice in violation of Section 5 to collect personally identifiable information, such as name, e-mail address, home address or phone number, from children and sell or otherwise disclose such identifiable information to third parties without providing parents with adequate notice,
as described above, and an opportunity to control the collection and use of the information.

Because KidsCom changed the operation of its website after the CMEcomplaint was filed, the FTC said that it would take no enforcementaction. The FTC letter concluded:

We will continue to monitor KidsCom, as well as other commercial Web site operators, to ascertain whether they may be engaged in deceptive or unfair practices. Hereafter, staff may recommend law enforcement proceedings against marketers who engage in deceptive information practices, or who unfairly use personally identifiable information collected from children.

FTC Letter Ruling is available at:
CME Statement is available at:

[5] Cellular Phone Group Asks FCC to Set Wiretap Standards

The Cellular Telephone Industry Association (CTIA) on July 16 asked theFederal Communications Commission to step in to help develop thestandards for wiretapping under the Communications Assistance for LawEnforcement Act (CALEA). The telephone industry and the FBI have beenquietly meeting for two years to develop the new standards required bythe law. The CTIA is objecting to additional FBI demands not included inthe law such as that cellular phones function as tracking devices.

In a July 15 letter to FBI Director Louis Freeh, the head of CTIA, ThomasWheeler, called the FBI position "intractable" and detailed how FBI andlaw enforcement objections prevent an industry-sponsored standard frombeing adopted. In response, the Bureau called the CTIA action a "shortcircuit" of the standards process and denied that it was seekingadditional powers. Both the industry position and the FBI demands areproblematic from a privacy perspective, as both would facilitate easierwiretapping and the collection of transactional information.

CALEA requires that all telecommunications providers redesign theirsystems by October 1998 to make wiretapping of new communicationstechnologies easier. Phone companies are eligible to receive $500million from the FBI to implement the new systems.

More information on CALEA and wiretapping is available from:

[6] New Bills in Congress

H.R. 2180. On-Line Copyright Liability Limitation Act. Would limitliability for online service providers that are not aware thatcopyrighted materials are going over their networks. Introduced by Rep.
Coble (R-NC) on July 16. Referred to the Committee on the Judiciary.

H.R.2198. Genetic Privacy and Nondiscrimination Act of 1997. Wouldlimit use and disclosure of genetic information by health insurancecompanies; prohibit employers from attempting to acquire, or to use,
genetic information, or "to require a genetic test of an employee orapplicant for employment" or to disclose the information. Introduced byRep. Stearns (R-FL) on July 17. Referred to the Committee on Commerce,
and in addition to the Committees on Government Reform and Oversight,
Education and the Workforce, and Veterans' Affairs.

An up-to-date list of pending legislation is available at:

[7] New at the EPIC Bookstore

The EPIC Bookstore includes a wide range of books on privacy,
cryptography and free speech that can be ordered online. Many of thebooks are available at up to 40 percent off list price.

New titles include:

"Protect Your Privacy on the Internet" by Bryan Pfaffenberger
"Digital Cash" by Peter Wayner
"Contested Commodities" by Margaret Jane Radin
Other popular titles:

"The Right to Privacy" by Ellen Alderman & Caroline Kennedy
"Who Knows: Safeguarding Your Privacy in a Networked World"
by Ann Cavoukian & Don Tapscott
"Applied Cryptography, 2nd Edition" by Bruce Schneier
We are also now featuring _The Tin Drum_ by Gunther Grass. The novel, abizarre but extraordinary diary of a young boy who refuses to grow upduring the rise and fall of Nazi Germany, is considered by some thegreatest German novel written since WWII. In 1979, the film version ofthe Tin Drum received an Academy Award for Best Foreign Film. However,
in recent months, groups that oppose "pornography" have persuaded theOklahoma City Library to remove copies of the film from the publiclibrary. For this reason, we are now making the book available at theEPIC Bookstore.

Support the Freedom to Read.

Check out the EPIC Bookstore at:

[8] Upcoming Conferences and Events

Hacking In Progress. August 8-10, 1997. Almere, Netherlands. Sponsored byHac-Tic. Contact:

Beyond HOPE. August 8-10, New York City. Sponsored by 2600. Contact:

TELECOM Interactive 97. September 8-14, 1997. Geneva, Switzerland.
Sponsored by the International Telecommunications Union. Contact: or

AST3: Cryptography and Internet Privacy. September 15, 1997. Brussels,
Belgium. Sponsored by Privacy International. Contact:

19th Annual International Privacy and Data Protection Conference.
September 17-18, 1997. Brussels, Belgium. Sponsored by Belgium DataProtection and Privacy Commission. Email
International Conference on Privacy. September 23-26, 1997. Montreal,
Canada. Sponsored by the Commission d'Acces a l'information du Quebec.

Managing the Privacy Revolution '97. October 21-23, 1997. Washington, DC.
Sponsored by Privacy and American Business. Contact:
RSA'98 -- The 1998 RSA Data Security Conference. January 12-16, 1998.
San Francisco, CA. Contact or

(Send calendar submissions to

The EPIC Alert is a free biweekly publication of the Electronic PrivacyInformation Center. To subscribe, send email to wihthe subject: "subscribe" (no quotes) or use the subscription form at:
Back issues are available at:

The Electronic Privacy Information Center is a public interest researchcenter in Washington, DC. It was established in 1994 to focus publicattention on emerging privacy issues such as the Clipper Chip, theDigital Telephony proposal, national ID cards, medical record privacy,
and the collection and sale of personal information. EPIC is sponsoredby the Fund for Constitutional Government, a non-profit organizationestablished in 1974 to protect civil liberties and constitutionalrights. EPIC publishes the EPIC Alert, pursues Freedom of InformationAct litigation, and conducts policy research. For more information,
e-mail, or write EPIC, 666Pennsylvania Ave., SE, Suite 301, Washington, DC 20003. +1 202 544 9240(tel), +1 202 547 5482 (fax).

If you'd like to support the work of the Electronic Privacy InformationCenter, contributions are welcome and fully tax-deductible. Checksshould be made out to "The Fund for Constitutional Government" and sentto EPIC, 666 Pennsylvania Ave., SE, Suite 301, Washington DC 20003.
Individuals with First Virtual accounts can donate at
Your contributions will help support Freedom of Information Act andFirst Amendment litigation, strong and effective advocacy for the rightof privacy and efforts to oppose government regulation of encryption andfunding of the National Wiretap Plan.

Thank you for your support.

END EPIC Alert 4.11

WorldLII: Copyright Policy | Disclaimers | Privacy Policy | Feedback