WorldLII Home | Databases | WorldLII | Search | Feedback

EPIC Alert

You are here:  WorldLII >> Databases >> EPIC Alert >> 1998 >> [1998] EPICAlert 10

Database Search | Name Search | Recent Articles | Noteup | LawCite | Help

EPIC Alert 5.10 [1998] EPICAlert 10


Volume 5.10 July 20, 1998

Published by the Electronic Privacy Information Center (EPIC)
Washington, D.C.

Table of Contents

[1] Groups Write Senate on Pending Net Censorship Bills
[2] FBI Asks Congress to Enhance Wiretap Powers
[3] Proposed Rules Issued for National Identity Card
[4] HHS Proposes New Health Care Identifier
[5] House Committee Approves Copyright Bill
[6] Encryption Policy Update
[7] New Bills and Action in Congress
[8] Upcoming Conferences and Events

[1] Groups Write Senate on Pending Net Censorship Bills

EPIC joined with a dozen other free speech and civil liberties groups onJuly 14 in a letter sent to the U.S. Senate concerning two pendingInternet censorship bills, saying they violate the First Amendment. Thegroups contend that the bills -- one requiring Internet content filtersand the other setting criminal penalties for providing "inappropriate"
online material to minors) -- would severely restrict free expression onthe Internet.

The Senate may soon vote on both bills. Sen. John McCain's "InternetSchool Filtering Act" (S. 1619) would require schools and librariesreceiving federal Internet subsidies to install filtering softwaredesigned to prevent children from accessing "inappropriate" material. Sen.
Dan Coats' bill (S. 1482) would criminalize the "commercial" distributionon websites of material that is "harmful to minors." The Coats bill, inadopting a criminalization approach to online content, is similar to theCommunications Decency Act (CDA) struck down last year by the SupremeCourt. The bill, which has been dubbed "CDA II," could come to the Senatefloor as early as this week.

"One year ago, the Supreme Court unanimously ruled that the CommunicationsDecency Act of 1996, which made it a crime to transmit 'indecent'
materials on the Internet, violated the First Amendment," the coalitionletter states. "The two pending bills ignore the central holding of theCourt; expression on the Internet is entitled to the highest degree ofFirst Amendment protection.

"We share the concern of Sens. McCain and Coats that the Internet remain asafe and rewarding medium for young people," the letter continues.
"However, we strongly believe that these bills embrace approaches --
filtering and criminalization -- that are both constitutionally suspectand ultimately ineffective in providing our children with positive onlineexperiences."

EPIC is supporting an online campaign to raise Congressional awareness ofthe implications of these Internet censorship bills. Faxes can be sent --
free of charge -- to your Senators by visiting the EPIC Free Speech Actionpage:

If you sent faxes to the Senate earlier, you helped keep these bills offthe floor. Please reiterate your concerns once again and let yourSenators know that these measures remain controversial.

The text of the coalition letter to the Senate is available at theInternet Free Expression Alliance website:

[2] FBI Asks Congress to Enhance Wiretap Powers

Last week, the FBI sought support from the Senate Appropriations Committeefor an amendment to the FY 1999 Justice Department funding bill that wouldsubstantially amend the Communications Assistance for Law Enforcement Actof 1994 (CALEA). The provision would grant the Bureau new powers toconduct wiretaps and demand changes to the nation's telephone system.

The amendment would limit the role of the Federal CommunicationsCommission (FCC) in mediating the current dispute between the FBI,
industry and public interest groups over the technical standardsimplementing CALEA. It would require the FCC to adopt the current draftstandard and approve the controversial "punch list" of additional featuressurveillance demanded by the FBI. Industry and public interest groupswould be precluded from commenting on the standard.

The FBI proposal also would require phone companies to discloseinformation on the "exact physical location" of cell phone subscribers ifa court finds that "there is a reason to believe that the locationinformation is relevant to a legitimate law enforcement objective." Underthis standard, no crime would be necessary for judicial authorization. Theproposal would also permit law enforcement to obtain location informationwithout a warrant for any felony offense if they apply for a court orderwithin 48 hours.

EPIC and five other privacy groups wrote to Senator Ted Stevens (R-AZ),
Chairman of the Senate Appropriations Committee, on July 17 urging him toreject the FBI proposal.

More information on the letter and CALEA is available at:

[3] Proposed Rules Issued for National Identity Card

The U.S. Department of Transportation (DOT) issued a notice on June 17that would effectively turn state drivers' licenses into national identitycards. The proposed rule would require that all states modify theirdrivers' licenses to create a uniform national drivers' license. It wouldprohibit government agencies from accepting any identification besides theauthorized identity card.

The proposed rule would also encourage states to include the persons'
Social Security Number either in written form on the face of the licenseor in electronic form of all drivers' licenses. If a state does not wishto include the SSN on the license, it must minimally require every licenseapplicant to provide the number. State agencies would be required to sendevery such SSN to the Social Security Administration for review.

The DOT is basing its rule on provisions in the Illegal Immigration Reformand Immigrant Responsibility Act of 1996. Reps. Ron Paul (R-TX) and BobBarr (R-GA) have introduced H. R. 4217, the Freedom and PrivacyRestoration Act of 1998, which would repeal the immigration act'sprovisions on identification. It would also prohibit federal agenciesfrom "accept[ing] for any identification-related purpose anidentification document, if any other Federal agency accepts such documentfor any such purpose."

More information on the proposed rule is available at:

[4] HHS Proposes New Health Care Identifier

The U.S. Department of Health and Human Services (HHS) issued a whitepaper on July 2 to discuss the development of a single nationalidentification number for every person in the United States for healthcare purposes.

The identifier is designed to facilitate the sharing of medicalinformation. Under the 1996 Health Insurance Portability andAccountability Act (commonly known as the Kennedy-Kassebaum Act), theSecretary of HHS is required to adopt standards for an identificationnumber for all patients to be used for every health care encounter. Anadvisory committee to the Department recommended that no identificationnumber be chosen before the enactment of a medical privacy law.

The white paper examines possible identity systems, including the SocialSecurity Number (in its existing form or in a modified form), a newnumber, a system based on a master patient index, cryptography, biometricidentification, and other possibilities. The paper proposes that allsystems be analyzed against a set of 30 criteria developed by the AmericanSociety for Testing and Materials that include the requirement that thenumber be: public, accessible, linkable, unique, universal, focused andgoverned.

The adoption of the number is considered to be politically sensitive. Anyuniversal number would facilitate the sharing and abuse of medicalinformation. A number based on the SSN could be used to link medicalrecords with other information such as employment and financialinformation currently indexed with the SSN. A new number that is deployedwithout any additional privacy protections could be universally adopted byother agencies and private businesses and become a new de facto nationalidentity number.

HHS is holding a series of hearings on the choice of identificationnumbers. The text of the proposal and more information on medical privacyis available at:

[5] House Committee Approves Copyright Bill

On July 17, the House Commerce Committee approved H.R. 2281, the DigitalMillennium Copyright Act, by a unanimous vote. Intended to protectcopyrighted works from piracy, the bill would outlaw devices used tocircumvent technological protection measures, such as encryption, whichcould be used to protect copyrighted works. Additionally, opponents ofthe legislation are concerned that the blanket prohibition on the simpleact of circumventing such technologies could stifle fair use rights forcopyrighted works, resulting in a pay-per-use world.

Of the eight amendments introduced in the Commerce Committee, six wereadopted and two were withdrawn. The first amendment adopted permitted thecircumvention of technological protection measures in the course of an actof "good faith encryption research." Good faith in this case means thatthe person lawfully obtained the encrypted work, the act of circumventionwas necessary to conduct the research, and the person made a good faitheffort to obtain authorization before the circumvention. Another adoptedamendment focused on the privacy rights of the consumer. This privacyamendment permits the circumvention of technological protection measuresfor the purposes of preventing the collection or dissemination ofpersonally identifying information.

An amendment defining a "technological protection measure" was vigorouslydebated, but ultimately withdrawn. Supporters of the amendment arguedthat it was necessary to preserve the constitutionality of the bill.
Without a clear definition of a "technological protection measure," courtsmay be more likely to invalidate the law due to the vague term. Whileopponents of the amendment conceded that a precise definition wasnecessary, they argued that the amendment as drafted provided a poordefinition. Ultimately, the amendment was withdrawn with the provisionthat members would work together to perfect the definition in thelegislative history.

As a result of the Commerce Committee action, there are now two Houseversions of the bill; one approved by the Commerce Committee and anotherby the Judiciary Committee. The two versions are inconsistent and mustultimately be reconciled before the bill can be considered on the Housefloor.

EPIC Director Marc Rotenberg testified before the Commerce Committee onJune 5 in support of changes to H.R. 2281 that would protect consumerprivacy and limit the anti-circumvention provision. The testimony isavailable at:
More information on the WIPO bill is available from the Digital FuturesCoalition page at:

[6] Encryption Policy Update

High-powered DES Cracker Developed
The Electronic Frontier Foundation announced on July 17 that it hasproduced a DES cracking supercomputer, capable of brute forcing a 56-bitDES key in four days or less. John Gilmore, leader of the project, haspublished the source code, hardware diagrams, and schematics in a book toencourage others to duplicate his work. The Data Encryption Standard,
developed in 1974 by IBM and the NSA, is possibly the most widelyimplemented encryption algorithm in the world. The U.S. government haslong maintained that 56-bit DES offers adequate protection for sensitivedata.

Junger Decision
On July 7, a federal judge ruled in a closely followed encryption casethat source code does not enjoy First Amendment free speech protection.
Judge James Gwin of the U.S. District Court for the Northern District ofOhio ruled that law professor Peter Junger can not challenge encryptionexport restrictions on the ground that they abridge his right to freespeech on the Internet. In his decision, Judge Gwin stated that "...
exporting source code is conduct that can occasionally have communicativeelements. Nevertheless, merely because conduct is occasionally expressivedoes not necessarily extend First Amendment protection to it." ProfessorJunger is expected to appeal the decision.

"ClearZone" Proposal
A group of 13 companies lead by Cisco Systems announced on July 13 thatthey would develop a product called ClearZone, which would enable routersto capture e-mail, URLs, and other data before they are encrypted and sentover the network that could then be given to law enforcement agencies.
The proposal has serious implications for personal privacy on theInternet, and many are skeptical of Cisco's assertion that it will meetlaw enforcement's demands and gain export approval.

New Crypto Export Guidelines
Secretary of Commerce William Daley announced on July 7 a new set ofguidelines for crypto exports for financial institutions such as banks andcredit card companies. U.S.-manufactured encryption systems of any keylength may be exported to a specified set of 45 countries by the financialfirms once the products have been subjected to a one-time examination bythe Bureau of Export Administration (BXA).

More information on encryption policy is available at:

[7] New Congressional Bills and Upcoming Hearings

H.R. 4124. E-Mail User Protection Act of 1998. Anti-Spam bill. Introducedby Cook (R-UT) on June 24, 1998. Referred to the Committee on Commerce.

H.R. 4151. Identity Theft and Assumption Deterrence Act of 1998. Createsnew federal law against ID theft. Creates central bureau for victims of idtheft. Introduced by Shadegg (R-AZ).Referred to the Committee onJudiciary.

H.R. 4176. Digital Jamming Act of 1998. Anti-spam bill. Introduced byMarkey (D-MA) on June 25, 1998. Referred to the Committee on Commerce.

H.R. 4217. Freedom and Privacy Restoration Act of 1998. Repealsimmigration law requirements on national id. Introduced by Paul (R-TX) onJuly 15, 1998. Referred to the Committee on Government Reform andOversight.

S.2291. Collections of Information Antipiracy Act. Creates new form ofintellectual property for databases. Introduced by Grams (R-MN). Referredto the Committee on the Judiciary.

[8] Upcoming Conferences and Events

INET'98, July 21-24, 1998, Geneva, Switzerland. Sponsored by InternetSociety. Contact:

Online Privacy: The Role of Government and Industry in Ensuring IndividualPrivacy on the Internet. Friday, July 24,1998, 12:00-1:30 p.m. Room 902Hart Senate Building. Washington, DC. Sponsored by the CongressionalInternet Caucus.

"Law Enforcement and the March of Technology: The Erosion of Privacy inthe Information Age," American Bar Association Annual Meeting. SundayAugust 2, 1998, from 2:00 pm to 3:15 pm, Toronto, Canada. Sponsored by theABA. Contact: Andrew Grosso

Advances in Social Informatics and Information Systems, Baltimore, MD,
Aug. 14-16, 1998. Sponsored by the Association for Information SystemsContact:
Fifth Annual Privacy Issues Forum. 2 - 3 September 1998, Wellington, NewZealand. Sponsored by the NZ Privacy Commissioner. Contact:
The Outlook for Freedom, Privacy and Civil Society on the Internet inCentral and Eastern Europe. Budapest, Hungary. 4-6 September 1998.
Sponsored by Global Internet Liberty Campaign. Contact:

Telecommunications Policy Research Conference. October 3-5, 1998Alexandria, Virginia. Contact:

The Public Voice in the Development of Internet Policy. Ottawa, Canada.
October 7, 1998. Sponsored by GILC and Privacy International. Contact:
CPSR Annual Conference - Internet Governance. Boston, Mass, Oct. 10-11.
Sponsored by CPSR. contact:
PDC 98 - the Participatory Design Conference, "Broadening Participation"
November 12-14, 1998. Seattle, Washington. Sponsored by ComputerProfessionals for Social Responsibility in cooperation with ACM and CSCW98. Contact:
Computer Ethics. Philosophical Enquiry 98 (CEPE'98). 14-15 December 1998London, UK. Sponsored by ACMSIGCAS and London School of Economics.
1999 RSA Data Security Conference. San Jose, California, January 18-21,
1999. Sponsored by RSA. Contact:

FC '99 Third Annual Conference on Financial Cryptography, Anguilla,
B.W.I., February 22-25 1999 (submissions due: September 25, 1998).

(Send calendar submissions to

Subscription Information

The EPIC Alert is a free biweekly publication of the ElectronicPrivacy Information Center. To subscribe or unsubscribe, send emailto with the subject: "subscribe" (no quotes) or"unsubscribe". A Web-based form is available at:
Back issues are available at:

About EPIC

The Electronic Privacy Information Center is a public interestresearch center in Washington, DC. It was established in 1994 tofocus public attention on emerging privacy issues such as the ClipperChip, the Digital Telephony proposal, national ID cards, medicalrecord privacy, and the collection and sale of personal information.
EPIC is sponsored by the Fund for Constitutional Government, anon-profit organization established in 1974 to protect civil libertiesand constitutional rights. EPIC publishes the EPIC Alert, pursuesFreedom of Information Act litigation, and conducts policy research.
For more information, e-mail, orwrite EPIC, 666 Pennsylvania Ave., SE, Suite 301, Washington, DC20003. +1 202 544 9240 (tel), +1 202 547 5482 (fax).

If you'd like to support the work of the Electronic PrivacyInformation Center, contributions are welcome and fully tax-
deductible. Checks should be made out to "The Fund forConstitutional Government" and sent to EPIC, 666 Pennsylvania Ave.,
SE, Suite 301, Washington DC 20003. Individuals with First Virtualaccounts can donate at
Your contributions will help support Freedom of Information Act andFirst Amendment litigation, strong and effective advocacy for theright of privacy and efforts to oppose government regulation ofencryption and funding of the digital wiretap law.

Thank you for your support.

END EPIC Alert 5.10

WorldLII: Copyright Policy | Disclaimers | Privacy Policy | Feedback