WorldLII Home | Databases | WorldLII | Search | Feedback

EPIC Alert

You are here:  WorldLII >> Databases >> EPIC Alert >> 1997 >> [1997] EPICAlert 9

Database Search | Name Search | Recent Articles | Noteup | LawCite | Help

EPIC Alert 4.09 [1997] EPICAlert 9


Volume 4.09 June 18, 1997

Published by the Electronic Privacy Information Center (EPIC)
Washington, D.C.

Table of Contents

[1] EPIC Files Suit For Crypto Czar Records
[2] McCain/Kerrey Introduce Crypto Restrictions Bill
[3] Computer Security Act Revisions Proposed in House
[4] First Amendment Pledge Campaign Launched On Eve of CDA Decision
[5] Georgia Tech Releases New Online Privacy Survey
[6] Torricelli Introduces New Spam Bill
[7] GILC to Meet at INET in Malaysia
[8] Upcoming Conferences and Events

[1] EPIC Files Suit For Crypto Czar Records

EPIC today filed a lawsuit seeking public disclosure of the travelrecords of Ambassador David Aaron, who has spent the past yearpromoting the Clinton Administration's controversial encryptionpolicies in foreign countries. Through the suit, filed in U.S.
District Court in Washington, EPIC is seeking to open U.S. encryptionpolicy to public scrutiny by requesting release of the trip reports ofthe Administration's "crypto czar."

The significance of the Administration's overseas lobbying on thecontroversial encryption issue is underscored by the upcoming "Group ofSeven" (or G-7) summit that convenes on June 20 in Denver. At therequest of the Administration, encryption policy is on the G-7 agenda.
The summit meeting is the most recent example of the Administration'sstrategy to pre-empt the ongoing domestic debate on encryption byenlisting support for "key-escrow" encryption from foreign governments.
Ambassador Aaron sought an endorsement of the Administration's policyduring the Organization for Economic Cooperation and Development'sdeliberations on encryption policy earlier this year. But the29-member international organization rejected the key escrow proposaland recommended instead that national policies be based on openmarkets, voluntary choice, and privacy safeguards.

In a letter sent to key members of Congress on the eve of the G-7Summit, EPIC urged a Congressional inquiry into the Administration'scampaign to sell "key-escrow" policy overseas. EPIC said that, "Withseveral encryption bills now pending and an important national debateensuing, the Administration is seeking to accomplish throughinternational understandings what it cannot accomplish through thedomestic policy-making process." According to EPIC Director MarcRotenberg, "The White House should stop trying to export a bad cryptopolicy and instead allow the export of good crypto products."

[2] McCain/Kerrey Introduce Crypto Restrictions Bill

Senators John McCain (R-AZ) and Bob Kerrey (D-NE) have introduced abill that is designed to promote key escrow for domestic use in theUnited States. The Secure Public Networks Act, S. 909, contains anumber of coercive measures that would force widespread domesticadoption of key escrow encryption techniques.

The bill promotes key escrow technology by requiring that all federalfunds spent directly or indirectly for communications networks andsecurity products that incorporate encryption must support key escrow.
This would include schools, states receiving federal grants, the newInternet II and other projects. This would also likely includetelephone companies that are required under the CommunicationAssistance for Law Enforcement Act (CALEA) to ensure that theirnetworks are secure and will receive $500 million dollars of federalfunds to retrofit their systems.

The bill would also require that entities wishing to become registeredas certificate authorities must hold an individual's private encryptionkey before they can issue the person a certificate. Certificateauthorities who issue certificates without obtaining such private keyswould be subject to criminal and civil penalties.

Access to keys would be broadly permitted and warrants would not berequired in all cases. "Authorized" government officials could obtainaccess to keys using only a subpoena or a certification from theAttorney General that foreign intelligence is involved. Furthermore,
the definition of Key Recovery Agent "includes any person who hold theperson's own recovery information." In other words, under the bill,
individuals could be compelled to release their own keys.

Another provision would make it a criminal offense to use cryptographyin the furtherance of any crime that has a one year jail sentence.
This would in effect criminalize many minor state crimes including theuse of a digital cell phone to place a bet with a bookmaker.

To gain the support of industry, the bill offers to relax cryptoexports up to 56 bit DES. However, it would provide broad discretionto the Secretary of Commerce to prohibit any export without judicialreview of the decision.

Sen. McCain (as Chairman of the Commerce Committee) has ordered thatthe bill be rapidly heard. A mark-up on the bill is scheduled forThursday, June 19. It is also being supported by Sens. Jay Rockefeller(D-WV), Ernest Hollings (D-SC), and John Kerry (D-MA).

More information is available at:

[3] Computer Security Act Revisions Proposed in House

Rep. James Sensenbrenner (R-WI) introduced HR 1903, the "ComputerSecurity Enhancement Act on June 17. The bill is designed to enhancethe security of unclassified information on federal computer systems,
to promote private sector input in the development of computer securitytechnology used to protect these federal computer systems, and toprovide for evaluations of cryptographic technology originating outsidethe United States.

The bill would reinforce of the role of the National Institute ofStandards and Technology (NIST) and its Computer System Security andPrivacy Advisory Board in the development of computer security systems,
and includes an explicit proviso that NIST develop encryption standardsand policies only for use in Federal Government computer systems.

The bill would authorize the Secretary of Commerce to commission theNational Research Council to study public key infrastructures for useby individuals, businesses and government. HR 1903 also establishes afellowship program to support students at institutions of higherlearning in computer security.

A hearing is scheduled on the bill for June 19. More information onthe bill and the Computer Security Act is available at:

[4] Georgia Tech Releases New Net Survey

The Graphic, Visualization and Usability Center (GVU) of the GeorgiaInstitute of Technology has released its 7th WWW user survey. Theissues listed as the most important by respondents were censorship(34%), privacy (26%), and navigation (13%). Among women, privacy wasthe top concern.

Anonymity continued to play an important role. Nearly 40% of therespondents reported that they had provided false information whenregistering at a web site. Fifteen percent said that they falsifiedinformation over 25% of the time. When questioned on why they providefalse information, 69% reported that the uses of the information werenot clearly explained, 64% reported that accessing the site was notworth providing information, and 62% stated that they do not trust thesites. Only one of five users thought that devices such as cookies,
which allow identification of users across sessions at a site, shouldbe used.

On ranking users' views towards these issues on a one to five scale,
the survey found that there was strong support (4.7) for privatecommunications on the net and anonymity (4.46). There was alsosignificant support for anonymous payment systems (3.93) and newprivacy laws (3.79).

The survey results are available at:

[5] First Amendment Pledge Campaign Launched On Eve of CDA Decision

As the nation awaits a Supreme Court decision on the future of freespeech on the Internet, EPIC and the American Civil Liberties Unionhave launched "," a website dedicated to upholdingthe First Amendment in cyberspace. The groups are calling on PresidentClinton and members of Congress to be among the first to "Take theFirst Amendment Pledge" and cease any further attempts to draftlegislation to censor the Internet in the event the Supreme Courtupholds a lower court decision striking down government regulation ofthe Internet as unconstitutional.

The launch of the website comes as Clinton Administration officialshave begun publicly discussing a shift in policy on Internetregulation, saying that "industry self-regulation" -- not lawscriminalizing certain Internet communications -- is the solution toshielding minors from online "indecency." The Supreme Court isexpected to issue a ruling soon in Reno v. ACLU, which challenges thecensorship provisions of the Communications Decency Act aimed atprotecting minors by criminalizing so-called "indecency" on theInternet. EPIC, along with the ACLU and 18 other plaintiffs, filed achallenge to the law the day it was enacted.

Online users can capture the "First Amendment Pledge" GIF (graphicimage file) for placement on their own website. Other features plannedfor the site include an "action alert" that informs users oflegislative threats to the First Amendment and allows them to instantlye-mail or fax their member of Congress, and an online "postcard" thatcan be e-mailed to friends, relatives and elected officials, urgingthem to "Take the Pledge."

Take the pledge at:

[6] Torricelli Introduces New Spam Bill

On June 11, Sen. Robert Torricelli (D-NJ) introduced the ElectronicMailbox Protection Act of 1997. The bill, like the efforts of Sen.
Frank Murkowski (R-AK) and Rep. Chris Smith (R-NJ), addresses the issueof unsolicited commercial e-mail (or spam). However, Torricelli's billtakes a different perspective on solutions to the problem.

The most noticeable difference between Torricelli's bill and the othersis that it regulates all unsolicited e-mail, not just unsolicitedcommercial e-mail. This means that, according to the bill's definitionof unsolicited e-mail, anyone sending e-mail to another with whom theydo not have a pre-existing personal or business relationship would becovered by the bill. For example, a student e-mailing a question to aprofessor with whom the student has no pre-existing relationship couldconceivably fall within the provisions of the bill.

Torricelli also takes a fundamentally different approach to regulatingunsolicited e-mail. While the Murkowski and Smith bills attempt tolimit spam through labeling or banning the spam itself, the Torricellibill attacks the harvesting and distribution of e-mail addresses aswell as some attempts by spammers to circumvent blocking systems andavoid responses.

Other provisions attempt to stop spammers from circumventing responsesor filters. One provision creates a violation for using fictitious orunregistered domains or e-mail accounts to avoid responses or messagesof non-delivery. Another provision creates a violation for using anymechanism to avoid filtering tools.

The bill creates a violation for directing unsolicited e-mail throughanother entity's server knowing that such action is in contravention ofthat entity's policy. The penalty would be $5,000 per violation.

More information on spam is available at:

[7] GILC to Meet at INET in Malaysia

The Global Internet Liberty Campaign (GILC) will hold an informationalmeeting at the INET 97 conference in Kuala Lumpur, Malaysia on June 25.
Topics to be addressed include protection of free speech on theInternet; access to Internet services in SE Asia; crypto policy aroundthe globe; and development of privacy standards. Special guestsaddressing the meeting will include Ira Magaziner, U.S. PresidentialAdvisor, and Don Heath, President of the Internet Society.

Additional information on activities at INET is available at:

[7] Upcoming Conferences and Events

Cyberpayments 97. June 19-20, 1997. Washington, DC. Sponsored by NACHA.
INET 97 -- The Internet: The Global Frontiers. June 24-27, 1997. KualaLumpur, Malaysia. Sponsored by the Internet Society. Contact: or
Informational Meeting of the Global Internet Liberty Campaign (GILC).
June 25, 1997. INET 97, Putra World Trade Center, Kuala Lumpur,
Malaysia. Contact:

Privacy Laws & Business 10th Anniversary Conference. July 1-3, 1997.
St. John's College, Cambridge, England. Contact:

4th Annual Privacy Issues Forum., July 10-11, 1997. Auckland, NewZealand. Sponsored by NZ Privacy Commissioner. Contact: Terry Debenham,
Fax +649-302 2305 or email

Hacking In Progress. August 8-10, 1997, Almere, Netherlands. Sponsoredby Hac-Tic. Contact:

AST3: Cryptography and Internet Privacy. Sept. 15, 1997. Brussels,
Belgium. Sponsored by Privacy International. Contact:

19th Annual International Privacy and Data Protection Conference. Sept.
17-18, 1997. Brussels, Belgium. Sponsored by Belgium Data Protectionand Privacy Commission.

International Conference on Privacy. September 23-26, 1997. Montreal,
Canada. Sponsored by the Commission d'Acces a l'information du Quebec.

Managing the Privacy Revolution '97. October 21-23, 1997. Washington,
DC. Sponsored by Privacy and American Business. Contact:
RSA'98 -- The 1998 RSA Data Security Conference. January 12-16, 1998.
San Francisco, CA. Contact or

(Send calendar submissions to

The EPIC Alert is a free biweekly publication of the Electronic PrivacyInformation Center. To subscribe, send email to epic-newsepic.orgwih the subject: "subscribe" (no quotes) or use the subscription format:
Back issues are available at:

The Electronic Privacy Information Center is a public interest researchcenter in Washington, DC. It was established in 1994 to focus publicattention on emerging privacy issues such as the Clipper Chip, theDigital Telephony proposal, national ID cards, medical record privacy,
and the collection and sale of personal information. EPIC is sponsoredby the Fund for Constitutional Government, a non-profit organizationestablished in 1974 to protect civil liberties and constitutionalrights. EPIC publishes the EPIC Alert, pursues Freedom of InformationAct litigation, and conducts policy research. For more information,
e-mail, or write EPIC, 666Pennsylvania Ave., SE, Suite 301, Washington, DC 20003. +1 202 544 9240(tel), +1 202 547 5482 (fax).

If you'd like to support the work of the Electronic Privacy InformationCenter, contributions are welcome and fully tax-deductible. Checksshould be made out to "The Fund for Constitutional Government" and sentto EPIC, 666 Pennsylvania Ave., SE, Suite 301, Washington DC 20003.
Individuals with First Virtual accounts can donate at
Your contributions will help support Freedom of Information Act andFirst Amendment litigation, strong and effective advocacy for the rightof privacy and efforts to oppose government regulation of encryptionand funding of the National Wiretap Plan.

Thank you for your support.

END EPIC Alert 4.09

WorldLII: Copyright Policy | Disclaimers | Privacy Policy | Feedback