WorldLII Home | Databases | WorldLII | Search | Feedback

EPIC Alert

You are here:  WorldLII >> Databases >> EPIC Alert >> 1998 >> [1998] EPICAlert 11

Database Search | Name Search | Recent Articles | Noteup | LawCite | Help

EPIC Alert 5.11 [1998] EPICAlert 11


Volume 5.11 July 29, 1998

Published by the Electronic Privacy Information Center (EPIC)
Washington, D.C.

Table of Contents

[1] Senate Makes Stealth Assault on Internet Free Speech
[2] House Approves "Patients Rights Act," Undermines Privacy
[3] New Report on Congress, Money and Privacy
[4] FTC Proposes Privacy Legislation
[5] Wiretap and Surveillance Update
[6] Encryption Policy Update
[7] New Bills and Action in Congress
[8] Upcoming Conferences and Events

[1] Senate Makes Stealth Assault on Internet Free Speech

Without advance notice or public discussion, the U.S. Senate last weekapproved three controversial measures that could adversely impact freeexpression on the Internet. By offering the provisions on the Senatefloor as amendments to the $33 billion appropriations bill for theCommerce, State and Justice departments (S. 2260), the sponsors avoideddebate and apparently reneged on an agreement to consider alternativeapproaches to the complex issue of children's access to "inappropriate"

The Senate's stealth action involved the following measures:

- The so-called "CDA 2" bill sponsored by Sen. Dan Coats (R-IN). Thebill creates criminal penalties for anyone who "through the World WideWeb is engaged in the business of the commercial distribution ofmaterial that is harmful to minors" and fails to "restrict access tosuch material by persons under 17 years of age." Opponents of the billcontend that it, like the unconstitutional Communications Decency Act,
would restrict the ability of adults to receive online informationbecause speakers on the Internet are unable to determine the age ofpotential recipients.

- The "Internet School Filtering Act" sponsored by Sen. John McCain(R-AZ). The bill requires schools and libraries receiving federalInternet subsidies to install software "to filter or block matterdeemed to be inappropriate for minors." Senate opponents of thefiltering bill, led by Sen. Conrad Burns (R-MT) had been assured thatthe Senate would consider an alternative measure requiring schools andlibraries to adopt Internet "acceptable use policies." That agreementwas not honored.

- An amendment offered by Sen. Christopher Dodd (D-CT) requiringInternet access providers to, "at the time of entering into anagreement with a customer for the provision of Internet accessservices, offer such customer (either for a fee or at no charge)
screening software that is designed to permit the customer to limitaccess to material on the Internet that is harmful to minors."

The Internet provisions of the appropriations bill must now beconsidered by a House-Senate conference committee that will reconcilediscrepancies between the two chambers' versions of the spending bill.
The Coats and McCain provisions are likely to be challenged in court ifthey emerge from the conference committee and are signed into law.

The text of the Internet-related amendments to S. 2260 (including aprohibition on Internet gambling) are available at:

[2] House Approves "Patients Rights Act," Undermines Privacy

The House of Representatives on July 24 approved a far-reaching bill onhealth care that seriously undermines the privacy of medical records.
The Patients Rights Act -- the official Republican health care plan --
was approved by a partisan vote of 216-210. President Clinton hadindicated that he would veto the bill.

Among the problems with the bill:

- The act permits very broad use of medical information. Under theversion passed by the House, information can be disclosed or used "forthe purpose of permitting the provider or plan to conduct health careoperations." Health care operations is broadly defined and includesresearch, "health promotion," underwriting and auditing.

- The bill preempts states from enacting stronger acts in most areas.
There are currently efforts in 16 states to approve laws on geneticprivacy and several states have approved comprehensive state medicalprivacy laws. The weaker federal law would override these efforts.

- The bill is silent on law enforcement access to general medicalrecords.

- The bill only provides weak penalties for disclosure and misuse.
Fines can be as low as $500 and there are no criminal penalties forwillful abuses. At most, a company that has a pattern of willfullyabusing the privacy of its clients can be fined $100,000. There wouldalso be no independent oversight body to enforce the act.

- While the bill prohibits the sale or barter of medical records, itdoes nothing about the cases where pharmaceutical companies purchasepharmacies to obtain information about their customers.

One positive aspect is a provision introduced by Rep. Ron Paul (R-TX)
that prohibits promulgation or final adoption of the national patienthealth identifier (See EPIC Alert 5.10) without prior Congressionalenactment of legislation specifically approving the standard. SenatorsAshcroft, Leahy and Burns have introduced a bill in the Senate thatwould strip those provisions from federal law altogether.

The Senate is planning to vote on its version of the bill, S. 2330 (thePatients' Bill of Rights Act) as soon as this week. S. 2230 is alsoweak on privacy. Observers believe that there may be an attempt toattach Senator Jeffords' S. 1921 (Health Care PIN Act) to S. 2230.
Medical privacy experts consider that bill to be an assault on medicalprivacy.

More information on the Republican health care bills will be availableshortly at a new site on medical privacy set up by the NationalCoalition for Patients' Rights at:
More information on medical privacy is also available from EPIC at:

[3] New Report on Congress, Money and Privacy

The Center for Public Integrity, a Washington-based public interestresearch organization, has released a new report -- "Nothing Sacred:
The Politics of Privacy" -- which shows that Congress has often putcorporate interests ahead of the basic privacy interests of theAmerican people. The report documents the efforts of various industrygroups to block privacy legislation on Capitol Hill.

Chuck Lewis, the executive director of the Center, described theresults at a press conference held earlier this week at the NationalPress Club. According to Lewis, when it comes to privacy "the agendain Congress seems to be set mostly by commercial interests." Lewisemphasized that the Center took no position on particular privacylegislation, but did say that Congress had an important role to helppreserve, protect and defend what little privacy we have left.

The Center report cites numerous examples where bills were bottled upand effectively killed in Congressional committees when industry groupsweighed in. According to the Center, in 1991 and 1993 at the behest ofvarious corporate interests, Congress killed legislation that wouldhave regulated the clandestine videotaping and wiretapping of workerson their jobs. In 1996, after lobbying by the direct-marketingindustry, Congress killed a bill that would have restricted companies'
gathering of information about children without their parents' consent.

Many of the most interesting findings in "Nothing Sacred" concernefforts by the insurance industry and the medical industry to opposemedical privacy legislation, a topic that is now pending on CapitolHill (see above).

"Nothing Sacred: The Politics of Privacy" is available from the Centerfor Public Integrity, 1634 I Street, NW, Suite 902, Washington, DC20006; 202-783-3900 (tel); 202-783-3906 (fax); and on the Internet at:

[4] FTC Proposes Privacy Legislation

Testifying before a House Commerce Subcommittee on July 21, FederalTrade Commission Chairman Robert Pitofsky outlined model privacylegislation for commercial transactions on the Internet. Under the FTCproposal, all commercial Web sites that collect personal identifyinginformation from or about consumers online would be required to complywith four basic information practices: Notice, Choice, Security andAccess. Pitofsky was joined by Commissioners Sheila F. Anthony,
Mozelle W. Thompson, and Orson Swindle.

In June the FTC released a report on Internet privacy, "Privacy Online:
A Report to Congress," modeled after the 1997 EPIC report, "SurferBeware: Personal Privacy and the Internet." The FTC report, base on ananalysis of the effectiveness of self-regulation as a means ofprotecting consumer privacy, found that industry's efforts to encouragevoluntary adoption of the most basic fair information practices havefallen short of what is needed to protect consumers. Also in June, theCommission released legislative recommendations for protectingchildren's privacy online.

Pitofsky said the implementation of the proposed practices will vary byindustry and with technological developments. For this reason, theCommission recommends that any legislation be phrased in general termsand be technologically neutral.

Pitofsky also said that the FTC wished to create an incentive forcontinued participation by industry. The legislative model wouldprovide a means by which industries could develop their own guidelinesfor protecting consumers' privacy, and that those guidelines couldreceive governmental approval. Industries also would be required toensure that they comply with and enforce their guidelines.

In addition, the proposal calls for the granting of rule-makingauthority to the government agency charged with implementing thestatute. Rule-making would allow for the promulgation of specific rulesand procedures for the approval of industry guidelines.

The following materials are available online:

FTC Testimony, "Consumer Privacy on the World Wide Web"
FTC Report, "Privacy Online: A Report to Congress"
EPIC Report, "Surfer Beware: Personal Privacy and the Internet"

[5] Wiretap and Surveillance Update

Just Kidding ...

The U.S. Department of Justice is now saying that it does not supportthe proposed amendments to the Communications Assistance for LawEnforcement Act (CALEA) that the FBI had provided to Senators a fewweeks ago (See EPIC Alert 5.10). Assistant Attorney General StevenColgate characterizes the amendment as a "staff document" and describesthe language on emergency access to cell phone location informationwithout a warrant as "boneheaded." However, Senate staff reportsreceiving calls from a senior FBI lobbyist pushing for the amendmenteven after the New York Times reported on the Bureau proposal.

Judge Dismisses Wiretap Suit
A federal judge has dismissed the civil lawsuit by Rep. John A. Boehner(R-OH) against Rep. Jim McDermott (D-WA) for McDermott's disclosure ofBoehner's cell phone conversations with Speaker Newt Gingrich. Thecourt ruled that, "Although protection of privacy is certainly asubstantial government interest, it is not clear that it is an interest'of the highest order,' such that it can trump defendant's FirstAmendment rights." The judge was critical of both Congressmen for thepolitical nature of the case.

Two Party Consent Nearly Adopted by the Senate.

The Senate barely rejected an amendment to S. 2260, the Commerce, Stateand Justice Appropriations Bill, by a vote to 50-50 that would haverequired both parties to a telephone conversation to consent beforephone calls can be recorded. The amendment was introduced by SenatorDale Bumpers (D-AR).

UK Taps Up 25 Percent in 1997.

Lord Nolan, the UK Interception of Communications Commissioner,
reported this week that wiretapping in the UK increased 25 percent in1997 over 1996. A total of 1647 taps were authorized under theInterception of Communications Act 1985. The report also said that thephones of several people who were not targets of investigations werebugged because operators got the wrong numbers. Another tribunal alsocriticized Foreign Minister Robin Cook for failing to read a warrant,
leading to an unlawful surveillance operation by the GCHQ spy agency.
Justice, the UK affiliate of the International Committee of Jurists,
released a report on July 28 critical of current UK law and calling forthe improvement of laws governing wiretapping, bugging and videosurveillance. More details are available at:
Russian Net Surveillance Plan
The UK Guardian Newspaper reports that the Russian Federal SecurityBureau (formerly the KGB) has a plan that would force all providers ofInternet services to install a "black box" snooping device in theirmain computers. Internet providers would be obliged to build ahigh-speed data link to the security service's Internet control room sothat FSB operators could access a vast amount of information about anyuser. Perhaps Cisco will have a market for the "Private Doorbell"
surveillance-friendly encryption system after all.

[6] Encryption Policy Update

A digital signature bill introduced by Senator Spencer Abraham (R-MI)
could pass in the Senate within the next week. The GovernmentPaperwork Elimination Act (S. 2107) would set the stage for a nationalcertificate authority infrastructure. Privacy advocates fear that asuch a government-sanctioned system could eliminate anonymity bycreating an ID for each user of the Internet.

In an announcement of one of Europe's most liberal encryption policies,
Ireland announced on July 1 that it would not restrict the use orimport of cryptographic tools or technology, and would regulatecryptographic exports only out of compliance with the Wassenaaragreement. Law enforcement needs would be accommodated by enactinglegislation that would "oblige users of encryption products to release,
in response to lawful authorization, either plaintext which verifiablyrelates to the encrypted data in question or the keys ... necessary toretrieve the plaintext."
The Department of Commerce Technical Advisory Committee on key escrowthat folded last month has been resurrected by the Department in orderto develop a standard for escrow to be used by federal computers andfoisted upon the public. The Committee plans to meeting in SanFrancisco and Orlando in September and October to attempt to come upwith a final standard by the end of the year.

Americans for Computer Privacy, an industry trade group organized torelax export controls on encryption, launched a multimedia advertisingcampaign including TV and print ads on export controls. The effortincludes an ad based on the infamous "Harry and Louise" campaignagainst the 1994 Health Care bill, in this case a "middle American"
couple sit around talking about crypto policy. See for additional information.

More information on encryption policy is available at:

[7] New Congressional Bills and Upcoming Hearings

H.R. 4243. Government Waste, Fraud, and Error Reduction Act of 1998.
Increases data sharing among federal agencies, proposes using NISTcrypto standards (aka key escrow) for systems, recommends using creditreports, National New Hires Data Bases for checking. Introduced by Horn(R-CA) on July 16. Referred to the Committee on Government Reform andOversight, and in addition to the Committees on the Judiciary, and Waysand Means.

H.R. 4250. Patient Protection Act of 1998. Republican Health Care bill.
Sets weak standards for privacy, prohibits states from passing strongerprotections. Approved by the House 216-210 on July 24.

H.R. 4276. Departments of Commerce, Justice, and State, and Judiciary,
and Related Agencies Appropriations Act, 1999. $2,965,971,000 for theFederal Bureau of Investigation, $35,929,000 above the appropriationfor the current year and $52,353,000 below the request. $6,120,000 and31 positions to establish three new Computer Investigative andInfrastructure Threat Assessment (CITAC) Teams. No funding for CALEA.
Approved by the House Committee on Appropriations, July 20. (H. Rept.

S. 2260. Departments of Commerce, Justice, and State, the Judiciary,
and Related Agencies Appropriations Act, 1999 (see Article 1 above).

S. 2294. National Criminal History Access and Child Protection Act. Tofacilitate the exchange of criminal history records for non criminaljustice purposes, to provide for the decentralized storage of criminalhistory records, to amend the National Child Protection Act of 1993 tofacilitate the fingerprint checks authorized by that Act, and for otherpurposes. Introduced by Hatch (R-UT) on July 13. Approved by Senate onJuly 13.

S. 2330. Patients' Bill of Rights Act. Republican Health Care Bill.
Scheduled for vote this week (see Article 2 above).

S. 2352. The Patient Privacy Rights Act. Repeals the "unique medicalidentifiers" requirement of the Health Insurance Portability Law of1996 (HIPAA). Introduced by Leahy (D-VT) on June 24. Referred to theCommittee on Finance.

* Hearings Scheduled *

July 29. House Committee hearing on Electronic Commerce: The GlobalElectronic Marketplace. 10:30 a.m. in 2123 Rayburn House OfficeBuilding.

July 30. House Committee, Subcommittee on Telecommunications, Trade,
and Consumer Protection markup of H.R. 3888, the Anti-slammingAmendments Act. 2:00 p.m. in 2123 Rayburn House Office Building. Billalso relates to Spam.

[8] Upcoming Conferences and Events

"Law Enforcement and the March of Technology: The Erosion of Privacy inthe Information Age," American Bar Association Annual Meeting. SundayAugust 2, 1998, from 2:00 pm to 3:15 pm, Toronto, Canada. Sponsored bythe ABA. Contact: Andrew Grosso

Advances in Social Informatics and Information Systems, Baltimore, MD,
Aug. 14-16, 1998. Sponsored by the Association for Information SystemsContact:
Fifth Annual Privacy Issues Forum. 2 - 3 September 1998, Wellington,
New Zealand. Sponsored by the NZ Privacy Commissioner. Contact:
The Outlook for Freedom, Privacy and Civil Society on the Internet inCentral and Eastern Europe. Budapest, Hungary. 4-6 September 1998.
Sponsored by Global Internet Liberty Campaign. Contact:

Telecommunications Policy Research Conference. October 3-5, 1998Alexandria, Virginia. Contact:

The Public Voice in the Development of Internet Policy. Ottawa, Canada.
October 7, 1998. Sponsored by GILC and Privacy International. Contact:
One Planet, One Net: Governing the Internet Symposium. Boston, Mass,
Oct. 10-11. Sponsored by CPSR. Contact:

PDC 98 - the Participatory Design Conference, "BroadeningParticipation" November 12-14, 1998. Seattle, Washington. Sponsored byComputer Professionals for Social Responsibility in cooperation withACM and CSCW 98. Contact:
Computer Ethics. Philosophical Enquiry 98 (CEPE'98). 14-15 December1998 London, UK. Sponsored by ACMSIGCAS and London School of Economics.
1999 RSA Data Security Conference. January 18-21, 1999. San Jose,
California. Sponsored by RSA. Contact:

FC '99 Third Annual Conference on Financial Cryptography. February22-25 1999 Anguilla, B.W.I., (submissions due: September 25, 1998).

Computers, Freedom and Privacy (CFP) '99. April 6-8. Washington, DC.
Sponsored by ACM. Contact:

(Send calendar submissions to

Subscription Information

The EPIC Alert is a free biweekly publication of the ElectronicPrivacy Information Center. To subscribe or unsubscribe, send emailto with the subject: "subscribe" (no quotes) or"unsubscribe". A Web-based form is available at:
Back issues are available at:

About EPIC

The Electronic Privacy Information Center is a public interestresearch center in Washington, DC. It was established in 1994 tofocus public attention on emerging privacy issues such as the ClipperChip, the Digital Telephony proposal, national ID cards, medicalrecord privacy, and the collection and sale of personal information.
EPIC is sponsored by the Fund for Constitutional Government, anon-profit organization established in 1974 to protect civil libertiesand constitutional rights. EPIC publishes the EPIC Alert, pursuesFreedom of Information Act litigation, and conducts policy research.
For more information, e-mail, orwrite EPIC, 666 Pennsylvania Ave., SE, Suite 301, Washington, DC20003. +1 202 544 9240 (tel), +1 202 547 5482 (fax).

If you'd like to support the work of the Electronic PrivacyInformation Center, contributions are welcome and fully tax-
deductible. Checks should be made out to "The Fund forConstitutional Government" and sent to EPIC, 666 Pennsylvania Ave.,
SE, Suite 301, Washington DC 20003. Individuals with First Virtualaccounts can donate at
Your contributions will help support Freedom of Information Act andFirst Amendment litigation, strong and effective advocacy for theright of privacy and efforts to oppose government regulation ofencryption and funding of the digital wiretap law.

Thank you for your support.

END EPIC Alert 5.11

WorldLII: Copyright Policy | Disclaimers | Privacy Policy | Feedback