You are here:
WorldLII >>
Databases >>
EPIC Alert >>
1997 >>
[1997] EPICAlert 9
Database Search
| Name Search
| Recent Articles
| Noteup
| LawCite
| Help
EPIC Alert 4.09 [1997] EPICAlert 9
EPIC ALERT
Volume 4.09 June 18, 1997
Published by the Electronic Privacy Information Center (EPIC)
Washington, D.C.
http://www.epic.org/
Table of Contents
[1] EPIC Files Suit For Crypto Czar Records
[2] McCain/Kerrey Introduce Crypto Restrictions Bill
[3] Computer Security Act Revisions Proposed in House
[4] First Amendment Pledge Campaign Launched On Eve of CDA Decision
[5] Georgia Tech Releases New Online Privacy Survey
[6] Torricelli Introduces New Spam Bill
[7] GILC to Meet at INET in Malaysia
[8] Upcoming Conferences and Events
[1] EPIC Files Suit For Crypto Czar Records
EPIC today filed a lawsuit seeking public disclosure of the travelrecords of Ambassador David Aaron, who has spent the past yearpromoting
the Clinton Administration's controversial encryptionpolicies in foreign countries. Through the suit, filed in U.S.
District Court in Washington, EPIC is seeking to open U.S. encryptionpolicy to public scrutiny by requesting release of the trip reports
ofthe Administration's "crypto czar."
The significance of the Administration's overseas lobbying on thecontroversial encryption issue is underscored by the upcoming "Group
ofSeven" (or G-7) summit that convenes on June 20 in Denver. At therequest of the Administration, encryption policy is on the G-7
agenda.
The summit meeting is the most recent example of the Administration'sstrategy to pre-empt the ongoing domestic debate on encryption
byenlisting support for "key-escrow" encryption from foreign governments.
Ambassador Aaron sought an endorsement of the Administration's policyduring the Organization for Economic Cooperation and Development'sdeliberations
on encryption policy earlier this year. But the29-member international organization rejected the key escrow proposaland recommended
instead that national policies be based on openmarkets, voluntary choice, and privacy safeguards.
In a letter sent to key members of Congress on the eve of the G-7Summit, EPIC urged a Congressional inquiry into the Administration'scampaign
to sell "key-escrow" policy overseas. EPIC said that, "Withseveral encryption bills now pending and an important national debateensuing,
the Administration is seeking to accomplish throughinternational understandings what it cannot accomplish through thedomestic policy-making
process." According to EPIC Director MarcRotenberg, "The White House should stop trying to export a bad cryptopolicy and instead
allow the export of good crypto products."
[2] McCain/Kerrey Introduce Crypto Restrictions Bill
Senators John McCain (R-AZ) and Bob Kerrey (D-NE) have introduced abill that is designed to promote key escrow for domestic use in
theUnited States. The Secure Public Networks Act, S. 909, contains anumber of coercive measures that would force widespread domesticadoption
of key escrow encryption techniques.
The bill promotes key escrow technology by requiring that all federalfunds spent directly or indirectly for communications networks
andsecurity products that incorporate encryption must support key escrow.
This would include schools, states receiving federal grants, the newInternet II and other projects. This would also likely includetelephone
companies that are required under the CommunicationAssistance for Law Enforcement Act (CALEA) to ensure that theirnetworks are secure
and will receive $500 million dollars of federalfunds to retrofit their systems.
The bill would also require that entities wishing to become registeredas certificate authorities must hold an individual's private
encryptionkey before they can issue the person a certificate. Certificateauthorities who issue certificates without obtaining such
private keyswould be subject to criminal and civil penalties.
Access to keys would be broadly permitted and warrants would not berequired in all cases. "Authorized" government officials could
obtainaccess to keys using only a subpoena or a certification from theAttorney General that foreign intelligence is involved. Furthermore,
the definition of Key Recovery Agent "includes any person who hold theperson's own recovery information." In other words, under the
bill,
individuals could be compelled to release their own keys.
Another provision would make it a criminal offense to use cryptographyin the furtherance of any crime that has a one year jail sentence.
This would in effect criminalize many minor state crimes including theuse of a digital cell phone to place a bet with a bookmaker.
To gain the support of industry, the bill offers to relax cryptoexports up to 56 bit DES. However, it would provide broad discretionto
the Secretary of Commerce to prohibit any export without judicialreview of the decision.
Sen. McCain (as Chairman of the Commerce Committee) has ordered thatthe bill be rapidly heard. A mark-up on the bill is scheduled
forThursday, June 19. It is also being supported by Sens. Jay Rockefeller(D-WV), Ernest Hollings (D-SC), and John Kerry (D-MA).
More information is available at:
http://www.epic.org/crypto/legislation/
[3] Computer Security Act Revisions Proposed in House
Rep. James Sensenbrenner (R-WI) introduced HR 1903, the "ComputerSecurity Enhancement Act on June 17. The bill is designed to enhancethe
security of unclassified information on federal computer systems,
to promote private sector input in the development of computer securitytechnology used to protect these federal computer systems,
and toprovide for evaluations of cryptographic technology originating outsidethe United States.
The bill would reinforce of the role of the National Institute ofStandards and Technology (NIST) and its Computer System Security
andPrivacy Advisory Board in the development of computer security systems,
and includes an explicit proviso that NIST develop encryption standardsand policies only for use in Federal Government computer systems.
The bill would authorize the Secretary of Commerce to commission theNational Research Council to study public key infrastructures
for useby individuals, businesses and government. HR 1903 also establishes afellowship program to support students at institutions
of higherlearning in computer security.
A hearing is scheduled on the bill for June 19. More information onthe bill and the Computer Security Act is available at:
http://www.epic.org/crypto/csa/
[4] Georgia Tech Releases New Net Survey
The Graphic, Visualization and Usability Center (GVU) of the GeorgiaInstitute of Technology has released its 7th WWW user survey.
Theissues listed as the most important by respondents were censorship(34%), privacy (26%), and navigation (13%). Among women, privacy
wasthe top concern.
Anonymity continued to play an important role. Nearly 40% of therespondents reported that they had provided false information whenregistering
at a web site. Fifteen percent said that they falsifiedinformation over 25% of the time. When questioned on why they providefalse
information, 69% reported that the uses of the information werenot clearly explained, 64% reported that accessing the site was notworth
providing information, and 62% stated that they do not trust thesites. Only one of five users thought that devices such as cookies,
which allow identification of users across sessions at a site, shouldbe used.
On ranking users' views towards these issues on a one to five scale,
the survey found that there was strong support (4.7) for privatecommunications on the net and anonymity (4.46). There was alsosignificant
support for anonymous payment systems (3.93) and newprivacy laws (3.79).
The survey results are available at:
http://www.gvu.gatech.edu/user_surveys/survey-1997-04/
[5] First Amendment Pledge Campaign Launched On Eve of CDA Decision
As the nation awaits a Supreme Court decision on the future of freespeech on the Internet, EPIC and the American Civil Liberties Unionhave
launched "firstamendment.org," a website dedicated to upholdingthe First Amendment in cyberspace. The groups are calling on PresidentClinton
and members of Congress to be among the first to "Take theFirst Amendment Pledge" and cease any further attempts to draftlegislation
to censor the Internet in the event the Supreme Courtupholds a lower court decision striking down government regulation ofthe Internet
as unconstitutional.
The launch of the website comes as Clinton Administration officialshave begun publicly discussing a shift in policy on Internetregulation,
saying that "industry self-regulation" -- not lawscriminalizing certain Internet communications -- is the solution toshielding minors
from online "indecency." The Supreme Court isexpected to issue a ruling soon in Reno v. ACLU, which challenges thecensorship provisions
of the Communications Decency Act aimed atprotecting minors by criminalizing so-called "indecency" on theInternet. EPIC, along with
the ACLU and 18 other plaintiffs, filed achallenge to the law the day it was enacted.
Online users can capture the "First Amendment Pledge" GIF (graphicimage file) for placement on their own website. Other features
plannedfor the site include an "action alert" that informs users oflegislative threats to the First Amendment and allows them to
instantlye-mail or fax their member of Congress, and an online "postcard" thatcan be e-mailed to friends, relatives and elected officials,
urgingthem to "Take the Pledge."
Take the pledge at:
http://www.firstamendment.org
[6] Torricelli Introduces New Spam Bill
On June 11, Sen. Robert Torricelli (D-NJ) introduced the ElectronicMailbox Protection Act of 1997. The bill, like the efforts of
Sen.
Frank Murkowski (R-AK) and Rep. Chris Smith (R-NJ), addresses the issueof unsolicited commercial e-mail (or spam). However, Torricelli's
billtakes a different perspective on solutions to the problem.
The most noticeable difference between Torricelli's bill and the othersis that it regulates all unsolicited e-mail, not just unsolicitedcommercial
e-mail. This means that, according to the bill's definitionof unsolicited e-mail, anyone sending e-mail to another with whom theydo
not have a pre-existing personal or business relationship would becovered by the bill. For example, a student e-mailing a question
to aprofessor with whom the student has no pre-existing relationship couldconceivably fall within the provisions of the bill.
Torricelli also takes a fundamentally different approach to regulatingunsolicited e-mail. While the Murkowski and Smith bills attempt
tolimit spam through labeling or banning the spam itself, the Torricellibill attacks the harvesting and distribution of e-mail addresses
aswell as some attempts by spammers to circumvent blocking systems andavoid responses.
Other provisions attempt to stop spammers from circumventing responsesor filters. One provision creates a violation for using fictitious
orunregistered domains or e-mail accounts to avoid responses or messagesof non-delivery. Another provision creates a violation for
using anymechanism to avoid filtering tools.
The bill creates a violation for directing unsolicited e-mail throughanother entity's server knowing that such action is in contravention
ofthat entity's policy. The penalty would be $5,000 per violation.
More information on spam is available at:
http://www.epic.org/privacy/junk_mail/spam/
[7] GILC to Meet at INET in Malaysia
The Global Internet Liberty Campaign (GILC) will hold an informationalmeeting at the INET 97 conference in Kuala Lumpur, Malaysia
on June 25.
Topics to be addressed include protection of free speech on theInternet; access to Internet services in SE Asia; crypto policy aroundthe
globe; and development of privacy standards. Special guestsaddressing the meeting will include Ira Magaziner, U.S. PresidentialAdvisor,
and Don Heath, President of the Internet Society.
Additional information on activities at INET is available at:
http://www.epic.org/events/inet_malaysia/
[7] Upcoming Conferences and Events
Cyberpayments 97. June 19-20, 1997. Washington, DC. Sponsored by NACHA.
Contact: http://www.nacha.org
INET 97 -- The Internet: The Global Frontiers. June 24-27, 1997. KualaLumpur, Malaysia. Sponsored by the Internet Society. Contact:
inet97isoc.org or http://www.isoc.org/inet97
Informational Meeting of the Global Internet Liberty Campaign (GILC).
June 25, 1997. INET 97, Putra World Trade Center, Kuala Lumpur,
Malaysia. Contact: rotenbergepic.org.
Privacy Laws & Business 10th Anniversary Conference. July 1-3, 1997.
St. John's College, Cambridge, England. Contact:
infoprivacylaws.co.uk.
4th Annual Privacy Issues Forum., July 10-11, 1997. Auckland, NewZealand. Sponsored by NZ Privacy Commissioner. Contact: Terry Debenham,
Fax +649-302 2305 or email privacyiprolink.co.nz.
Hacking In Progress. August 8-10, 1997, Almere, Netherlands. Sponsoredby Hac-Tic. Contact: http://www.hip97.nl/
AST3: Cryptography and Internet Privacy. Sept. 15, 1997. Brussels,
Belgium. Sponsored by Privacy International. Contact: piprivacy.org.
http://www.privacy.org/pi/conference/brussels/
19th Annual International Privacy and Data Protection Conference. Sept.
17-18, 1997. Brussels, Belgium. Sponsored by Belgium Data Protectionand Privacy Commission.
International Conference on Privacy. September 23-26, 1997. Montreal,
Canada. Sponsored by the Commission d'Acces a l'information du Quebec.
http://www.confpriv.qc.ca/
Managing the Privacy Revolution '97. October 21-23, 1997. Washington,
DC. Sponsored by Privacy and American Business. Contact:
http://shell.idt.net/~pab/conf97.html
RSA'98 -- The 1998 RSA Data Security Conference. January 12-16, 1998.
San Francisco, CA. Contact kurtrsa.com or http://www.rsa.com/conf98/
(Send calendar submissions to alertepic.org)
The EPIC Alert is a free biweekly publication of the Electronic PrivacyInformation Center. To subscribe, send email to epic-newsepic.orgwih
the subject: "subscribe" (no quotes) or use the subscription format:
http://www.epic.org/alert/subscribe.html
Back issues are available at:
http://www.epic.org/alert/
The Electronic Privacy Information Center is a public interest researchcenter in Washington, DC. It was established in 1994 to focus
publicattention on emerging privacy issues such as the Clipper Chip, theDigital Telephony proposal, national ID cards, medical record
privacy,
and the collection and sale of personal information. EPIC is sponsoredby the Fund for Constitutional Government, a non-profit organizationestablished
in 1974 to protect civil liberties and constitutionalrights. EPIC publishes the EPIC Alert, pursues Freedom of InformationAct litigation,
and conducts policy research. For more information,
e-mail infoepic.org, http://www.epic.org or write EPIC, 666Pennsylvania Ave., SE, Suite 301, Washington, DC 20003. +1 202 544 9240(tel),
+1 202 547 5482 (fax).
If you'd like to support the work of the Electronic Privacy InformationCenter, contributions are welcome and fully tax-deductible.
Checksshould be made out to "The Fund for Constitutional Government" and sentto EPIC, 666 Pennsylvania Ave., SE, Suite 301, Washington
DC 20003.
Individuals with First Virtual accounts can donate athttp://www.epic.org/epic/support.html
Your contributions will help support Freedom of Information Act andFirst Amendment litigation, strong and effective advocacy for the rightof privacy and efforts to oppose government regulation
of encryptionand funding of the National Wiretap Plan.
Thank you for your support.
END EPIC Alert 4.09
WorldLII:
Copyright Policy
|
Disclaimers
|
Privacy Policy
|
Feedback
URL: http://www.worldlii.org/int/journals/EPICAlert/1997/9.html
