WorldLII Home | Databases | WorldLII | Search | Feedback

EPIC Alert

You are here:  WorldLII >> Databases >> EPIC Alert >> 1998 >> [1998] EPICAlert 1

Database Search | Name Search | Recent Articles | Noteup | LawCite | Help

EPIC Alert 5.01 [1998] EPICAlert 1


Volume 5.01 January 26, 1998

Published by the Electronic Privacy Information Center (EPIC)
Washington, D.C.

Table of Contents

[1] Court Blocks Discharge in Navy/AOL Privacy Case
[2] Excerpts From Court Decision in Navy/AOL Privacy Case
[3] EPIC Obtains U.S. Crypto Czar's Travel Records
[4] McCain Announces New Net Censorship Plan
[5] Gore Calls for Genetic Discrimination Ban
[6] Encryption Policy Update
[7] EPIC Bookstore
[8] Upcoming Conferences and Events

[1] Court Blocks Discharge in Navy/AOL Privacy Case

A federal judge has enjoined the dismissal of a highly decorated sailorafter finding that the proposed discharge was based upon information theNavy obtained from America Online in apparent violation of federalprivacy law. The decision, issued today by U.S. District Judge StanleySporkin, concludes that Naval investigators "likely" violated the federalElectronic Communications Privacy Act (ECPA) when they requested andreceived confidential subscriber information from AOL, the nation'slargest online service. (Excerpts from the decision are included below).

Navy officials had ordered the discharge of the sailor, Timothy R.
McVeigh (no relation to the convicted Oklahoma City bomber), on theground that McVeigh violated the military's "Don't Ask, Don't Tell"
policy on homosexuality. The Navy's proposed action is based entirelyupon information obtained from AOL linking the sailor to a "screen name"
on the system in which the user's marital status was listed as "gay."

The information was received from AOL in violation of ECPA, whichprohibits the government from obtaining "information pertaining to asubscriber" without a court order or subpoena. In addition to theprivacy protections contained in ECPA, AOL's contractual "Terms ofService" prohibit the company from disclosing such information to *any*
third party "unless required to do so by law or legal process."

McVeigh's lawsuit is the first case to challenge governmental access tosensitive subscriber information maintained by an online service. In astatement issued when the suit was filed last week, EPIC said, "It is animportant test of federal privacy law that will determine whethergovernment agents can violate the law with impunity, or whether they willbe held accountable for illegal conduct in cyberspace." EPIC noted thatthe incident also raises serious questions concerning the adequacy ofcontractual privacy protections like those contained in the AOLsubscriber agreement.

In a letter sent to Navy Secretary John Dalton on January 14, EPIC urgeda postponement of McVeigh's discharge pending an investigation of theNavy's conduct. EPIC noted that, "Any other result would make a mockeryof federal privacy law and subject the American people to intrusive andunlawful governmental surveillance."

More information on the case, including a form for sending faxes to theWhite House and the Pentagon, is available at:

[2] Excerpts From Court Decision in Navy/AOL Privacy Case

From the Memorandum Opinion of U.S. District Judge Stanley Sporkin inMcVeigh v. Cohen, et al. (Civil Action 98-116, D.D.C.):

The [investigative] steps taken by the Navy in its "pursuit" of the Plaintiff were not only unauthorized under its [Don't Ask, Don't Tell]
policy, but likely illegal under the Electronic Communications Privacy Act of 1986 (ECPA). . . .

The government knew, or should have known, that by turning over the information without a warrant, AOL was breaking the law. Yet the Navy,
in this case, directly solicited the information anyway. What is most telling is that the Naval investigator did not identify himself when he made his request. . . .

In these days of "big brother," where through technology and otherwise the privacy interests of individuals from all walks of life are being ignored or marginalized, it is imperative that statutes explicitly protecting these rights be strictly observed. . . .

Certainly, the public has an inherent interest in the preservation of privacy rights as advanced by the Plaintiff in this case. With literally the entire world on the world-wide web, enforcement of the ECPA is of great concern to those who bare the most personal information about their lives in private accounts through the Internet.
In this case in particular, where the government may well have violated a federal statute in its zeal to brand the Plaintiff a homosexual, the actions of the Navy must be more closely scrutinized by the Court.

[3] EPIC Obtains U.S. Crypto Czar's Travel Records

Following a year-long legal battle, EPIC has obtained over 500 pages ofmaterials from the U.S. State Department on the international travels ofDavid Aaron, the former U.S. Envoy for Cryptography. Aaron also servedas U.S. Ambassador to the Organization for Economic Cooperation andDevelopment when the OECD was developing its encryption policyguidelines.

The released documents show Ambassador Aaron made frequent trips aroundthe world lobbying for international adoption of key escrow encryption.
He visited Australia, Belgium (both the European Union & Belgiangovernments), Canada, France, Germany, Japan, Switzerland and the UnitedKingdom. The documents also indicate that he went to South Africa, andmet with the counselor of the Latvian embassy in Paris and with RussianFinance Ministry officials.

Even before Aaron was appointed as President Clinton's "Special Envoy forCryptography," U.S. State Department messages indicate that the UnitedStates was making overtures to various countries via American embassiesaround the world. These include the diplomatic posts in Canberra,
London, Tokyo, Ottawa, Tel Aviv, Paris, Bonn, The Hague and Moscow. Onemessage to these foreign posts announced the revised U.S. cryptographyexport policy (the key recovery within two years or "no export" rule).
The public announcement of that policy was made on October 1, 1996.

Aaron apparently was not always greeted warmly in his travels. In Japan,
the government requested that the meetings be kept secret and that thepress not be informed. Even the U.S. Embassy in Japan was less thanenthusiastic -- the embassy suggested that Aaron and his delegation couldtake the airport bus to their hotel rather than be picked up by anembassy driver.

[4] McCain Announces New Net Censorship Plan

Sen. John McCain (R-AZ), Chairman of the Senate Commerce Committee,
announced on January 20 that he is planning to introduce a new billregulating access to speech on the Internet. He announced that he willintroduce legislation to link FCC subsidies for public schools' Internetconnections to a requirement that schools "limit students' access toindecent Internet material in the classroom."

Many observers believe that such a provision would require theinstallation of software filters. As EPIC and other groups have found,
filters can restrict access to broad categories of protected speech. Assuch, mandating their use could violate the First Amendment's free speechguarantees. McCain later clarified his intent and now says that theproposed legislation would only require that filters be installed, notnecessarily used. McCain told the Arizona Star, "I believe they willturn the filters on once they've seen what's out on the Internet, but Idon't think my judgment is better than theirs."

McCain announced that he would introduce the bill on February 10.

[5] Gore Calls for Genetic Discrimination Ban

Vice President Al Gore announced on January 20 that the White House issupporting legislation that would bar employers from discriminatingagainst employees on the basis of genetic information.

Gore said, "We want legislation that will prevent employers fromrequesting or requiring genetic information for hiring or for settingsalaries; that will stop employers from using this genetic information todiscriminate or segregate the workplace; and that will ensure thatgenetic information is not disclosed without the explicit permission ofthe individual."

The Vice President also announced the release of a new report, "GeneticInformation and the Workplace," produced by the Departments of Labor,
Justice and HHS and the EEOC. The report describes cases of geneticdiscrimination and reviews previous surveys of the intended use ofgenetic information by employers and insurers.

The report reviews state and federal protections and finds that they arenot sufficient to provide Americans with adequate protection againstgenetic discrimination in the workplace. "Federal leadership isnecessary to ensure that all workers are protected against discriminationbased on genetic information."

More information on genetic and medical privacy is available at:

[6] Encryption Policy Update

Sen. John Ashcroft (R-MO) announced at the RSA Data Security Conferenceon January 13 that he plans to hold hearings in late February onencryption legislation. Sen. John McCain (R-AZ) has also indicated thathe would continue to push his controversial Secure Public Networks Act.
Rep. Bob Goodlatte (R-VA) also indicated that he is continuing to pushfor adoption of the SAFE Act (HR 695).

The Commerce Department published new regulations for implementing theWassenaar Arrangement on January 15. Wassenaar is a 1996 multi-lateralagreement of 33 countries to impose export controls on arms and"dual-use" technologies such as computers. It is intended to replace theCold War era CoComm regulations. For encryption technologies, controlson some automated teller and virus protection devices are relaxed, butgenerally restrictions on encryption devices will remain in effect.

An unofficial transcript of the U.S. Court of Appeals argument in theBernstein v. Department of State challenge to export control regulationsis now available from the Electronic Frontier Foundation at:

More information on encryption policy is available at:

[7] EPIC Bookstore

The EPIC Bookstore now features "Privacy on the Line: The Politics ofWiretapping and Encryption," by Whitfield Diffie and Susan Landau.
Diffie and Landau argue that if we are to retain the privacy thatcharacterized face-to-face relationships in the past, we must build themeans of protecting that privacy into our communication systems. Theystrip away the hype surrounding the policy debate to examine the nationalsecurity, law enforcement, commercial, and civil liberties issues. Theydiscuss the social function of privacy, how it underlies a democraticsociety, and what happens when it is lost.

Other popular titles at the EPIC Bookstore include:

- "Technology and Privacy: The New Landscape," edited by Philip E. Agre and Marc Rotenberg.

- "The Electronic Privacy Papers," by Bruce Schneier and David Banisar.

- "The Privacy Rights Handbook: How to Take Control of Your Personal Information," by Beth Givens.

- "Who Knows: Safeguarding Your Privacy in a Networked World,"
by Ann Cavoukian & Don Tapscott.

- "Digital Cash," by Peter Wayner.

- "Shamans, Software, and Spleens: Law and the Construction of the Information Society," by James Boyle.

Visit the EPIC Bookstore at:

[8] Upcoming Conferences and Events

Financial Cryptography '98. February 23-26, 1998. Anguilla, BWI.
7th USENIX Security Symposium. January 26-29, 1998. San Antonio, TXSponsored by USENIX & CERT.
The Eighth Conference on Computers, Freedom & Privacy. February,
18-20, 1998. Austin, TX. Contact:

ETHICOMP98 March 25-27,1998. Erasmus University The Netherlands.
Sponsored by the Centre for Computing and Social ReponsibilityContact:
ACM Policy98. May 10-12, 1998. Washington, DC. Sponsored by ACM andUSACM.

INET'98, July 21-24, 1998, Geneva, Switzerland. Sponsored by InternetSociety.

(Send calendar submissions to

Subscription Information

The EPIC Alert is a free biweekly publication of the ElectronicPrivacy Information Center. To subscribe or unsubscribe, send emailto with the subject: "subscribe" (no quotes) or"unsubscribe". A Web-based form is available at:
Back issues are available at:

About EPIC

The Electronic Privacy Information Center is a public interestresearch center in Washington, DC. It was established in 1994 tofocus public attention on emerging privacy issues such as the ClipperChip, the Digital Telephony proposal, national ID cards, medicalrecord privacy, and the collection and sale of personal information.
EPIC is sponsored by the Fund for Constitutional Government, anon-profit organization established in 1974 to protect civil libertiesand constitutional rights. EPIC publishes the EPIC Alert, pursuesFreedom of Information Act litigation, and conducts policy research.
For more information, e-mail, orwrite EPIC, 666 Pennsylvania Ave., SE, Suite 301, Washington, DC20003. +1 202 544 9240 (tel), +1 202 547 5482 (fax).

If you'd like to support the work of the Electronic PrivacyInformation Center, contributions are welcome and fullytax-deductible. Checks should be made out to "The Fund forConstitutional Government" and sent to EPIC, 666 Pennsylvania Ave.,
SE, Suite 301, Washington DC 20003. Individuals with First Virtualaccounts can donate at
Your contributions will help support Freedom of Information Act andFirst Amendment litigation, strong and effective advocacy for theright of privacy and efforts to oppose government regulation ofencryption and funding of the National Wiretap Plan.

Thank you for your support.

END EPIC Alert 5.01

WorldLII: Copyright Policy | Disclaimers | Privacy Policy | Feedback