WorldLII Home | Databases | WorldLII | Search | Feedback

EPIC Alert

You are here:  WorldLII >> Databases >> EPIC Alert >> 1998 >> [1998] EPICAlert 12

Database Search | Name Search | Recent Articles | Noteup | LawCite | Help

EPIC Alert 5.12 [1998] EPICAlert 12


Volume 5.12 September 16, 1998

Published by the Electronic Privacy Information Center (EPIC)
Washington, D.C.

Table of Contents

[1] House Committee Holds Ironic Censorship Hearing
[2] Global Groups Urge Removal of Crypto Controls;
More Minor Changes in U.S. Policy Announced
[3] FCC Extends Deadline for Wiretap Law Compliance
[4] Federal Trade Commission Acts on Privacy
[5] Global Conference on Internet Policy - Ottawa, October 7
[6] EPIC Publishes Privacy Law Sourcebook
[7] New Bills and Action in Congress
[8] Upcoming Conferences and Events

[1] House Committee Holds Ironic Censorship Hearing

A House subcommittee held a hearing on September 11 to consider"legislative proposals to protect children from inappropriate materialson the Internet." The timing of the hearing proved to be ironic;
several lawmakers and witnesses noted that the House of Representativeswould, within hours, post on its website Independent Counsel KennethStarr's sexually explicit report on President Clinton's relationshipwith Monica Lewinsky. The coincidence underscores the fact thatdistinguishing between "inappropriate" material and that which deserveswide distribution requires difficult -- and subjective -- judgments.

Before the subcommittee are a half dozen bills intended to limitchildren's access to online materials. The "Safe Schools Internet Act"
(H.R. 3177) would require that all public libraries and schools thatreceive federal funds for Internet access install blocking software torestrict minors' access to "inappropriate" material. The "E-RatePolicy and Child Protection Act" (H.R. 3442) would require schools andlibraries to adopt policies "with respect to access to material that isinappropriate for children." The "Child Online Protection Act" (H.R.
3783) would punish commercial online distributors of material deemed"harmful to minors" with up to six months in jail and a $50,000 fine.
Three pending bills (H.R. 774, H.R. 1180 and H.R. 1964) would requireInternet access providers to offer customers "screening" softwaredesigned to block access to material that might be "unsuitable" or"inappropriate" for children. The Senate has already approved its ownversions of H.R. 3177 and H.R. 3783 and a requirement that ISPs makescreening software available.

In a joint statement submitted at the hearing, 24 organizations urgedCongress "to oppose any measure that would dilute the potential" of theInternet. The groups expressed their view that "community-basededucational approaches, as opposed to federally-mandated filteringrequirements and new criminal laws, are the best ways to address theissue of how our children use the Internet." The statement wascoordinated by the Internet Free Expression Alliance (IFEA).

The House Subcommittee on Telecommunications, Trade and ConsumerProtection has scheduled a markup of H.R. 3783, the Child OnlineProtection Act, for September 17.

Additional information on pending Internet censorship legislation,
including the full text of the joint statement, is available at theIFEA website:

[2] Global Groups Urge Removal of Crypto Controls:
More Minor Changes in U.S. Policy Announced

Members of the Global Internet Liberty Campaign (GILC) -- a coalitionof nearly 50 non-governmental human rights, civil liberties, consumer,
and computer user groups from around the world -- issued an openstatement on September 14 calling for the removal of cryptographycontrols from the Wassenaar Arrangement, an international agreementthat governs the proliferation of offensive military technology. Thestatement was sent to the technical expert representatives of the 33nations who are signatories to the Wassenaar Arrangement and who aredue to begin a review of the arrangement this Fall.

The statement argues that continued efforts to impose controls on theuse of encryption based on outdated Cold War policies run contrary tothe growing trend among national government to promote the availabilityof strong encryption to encourage electronic commerce and protectpersonal privacy. Earlier this year, GILC released a report that foundthat few countries impose controls on the use, manufacture, ordistribution of encryption products. The report cited thedisproportionate influence of state security agencies in the UnitedStates to explain that country's efforts to expand law enforcementauthority in the development of encryption policy.

EPIC serves as the U.S. coordinator of the international campaign toremove encryption from the Wassenaar Arrangement.

The GILC member statement, which was signed by 25 non-governmentalorganizations from around the world, can be found at:

The White House announced on September 16 more changes to U.S. exportcontrol laws on cryptography. The announcement reflects minor changesin existing controls and the bulk of controls on strong encryptionstill remain, especially for end users who are not major corporations.

Under the new changes, strong crypto would be available to a limitednumber of non-us companies - insurance, health care and onlinemerchants in the 45 countries with money laundering laws. US Companieswould be able to export to their subsidiaries in nearly all countries.

Following the announcement by the Electronic Frontier Foundation of thecreation of a DES-cracker, restrictions on 56-bit products would berelaxed to most countries.

Regulations on export of key recover products would be reduced andexport of products such as Cisco Systems' "Private Doorbell" would beexportable with minimum review.

A "Technology Support Center" would be created to assist lawenforcement agencies with encryption problems. The White House iscalling on Congress to fund the center and the private sector will workin partnership with the effort.

Additional information on the new U.S. encryption control policy willsoon be available at:

[3] FCC Extends Deadline for Wiretap Law Compliance

In an order issued on September 11, the Federal CommunicationsCommission extended until June 30, 2000, the deadline for industrycompliance with the Communications Assistance for Law Enforcement Act(CALEA). At issue is the feasibility of implementing the controversial1994 law, which requires the telecommunications industry to ensure thatnew digital technologies do not hamper traditional law enforcementwiretapping capabilities. Had the Commission not acted, compliancewould have been required by October 25 of this year.

The current FCC proceedings on CALEA began after negotiations betweenthe FBI and the telecommunications industry broke down over FBI demandsfor enhanced access to the communications network. Disputed issuesinclude: whether wireless service providers must provide locationtracking capabilities; increased abilities to monitor conference calls;
proposed access to the full content of customer communications fromcarriers using packet switching; and the scope of "call-identifyinginformation" that must be provided to law enforcement agencies. TheFCC proceeding is the culmination of a controversy that began in theearly 1990's when the FBI first sought a "digital telephony" law toaddress new communications technology.

The Commission expressly rejected "the FBI's assertion that anextension of the compliance date would interfere with law enforcement'sability to protect the public from criminal activity," noting that "Allcarriers currently provide technical assistance to law enforcement toconduct lawfully authorized wiretaps, and nothing in this Order shouldbe construed as relieving carriers of their pre-CALEA responsibilitiesto assist law enforcement authorities in conducting authorizedsurveillance."

The Senate Judiciary Committee is scheduled to debate and approve H.R.
3303, the Justice Department authorization bill already approved by theHouse, on September 17. The bill includes a two-year delay in CALEAimplementation and a change in the law extending the deadlines fortelephone companies to be reimbursed for equipment required under thelaw.

Additional information on CALEA is available at:

[4] Federal Trade Commission Acts on Privacy

An FTC Administrative Law Judge ruled on July 31 that Trans Union, oneof the nation's largest credit agencies, violated the Fair CreditReporting Act by selling information from individuals' credit recordsto direct marketing firms. The Judge ordered the company to stop thepractice, finding that "Trans Union invades consumers' privacy when itsells consumers' credit histories to third-party marketers withoutconsumers' knowledge or consent." The judge was also critical ofopt-out approaches, citing evidence that most consumers are unaware oftheir ability to be removed from marketing lists. He found that "thereis no direct credible evidence of the success rate of the opt-outactually stopping direct mail and telemarketing calls."

On August 13, the FTC agreed to a settlement with GeoCities, a majorInternet site. GeoCities was charged with collecting personalinformation from users and disclosing it to other companies anddeceptively collecting information from children. Under thesettlement, GeoCities agreed to post on its site a privacy noticetelling consumers what information is being collected and for whatpurpose; to whom it will be disclosed; and how consumers can access andremove the information. To ensure parental control, GeoCities alsowill need to obtain parental consent before collecting information fromchildren 12 and under. However, the agreement is limited because thesettlement does not set standards for GeoCities's privacy policy andthere will be compensation for people affected by the deceptivepractices.

More information on the FTC is available at:

[5] Global Internet Policy Conference in Ottawa, October 7

The Global Liberty Internet Campaign (GILC) will sponsor "The PublicVoice in the Development of Internet Policy" in Ottawa, Canada onWednesday, October 7, 1998. The meeting is scheduled to coincide withthe Ministerial meeting of the Organization for Economic Cooperationand Development that begins in Ottawa on October 8.

The Public Voice conference is a public meeting on the role of thecitizen in the development of the information society. The meetingwill hear from consumer groups, human rights organizations and civilliberties advocates on such issues as privacy, access, consumerprotection and human rights in the 21st century.

The featured speakers include M. David Johnston, the former chairman ofthe Canadian Information Highway Advisory Council (IHAC) and StephenLau, the Privacy Commissioner for Personal Data in Hong Kong.

The GILC meeting is being organized by EPIC in cooperation withFederation Nationale des Associations de Consommateurs du Quebec(Montreal), the Public Interest Advocacy Center (Ottawa), andElectronic Frontiers Canada.

More information about the GILC Public Voice conference, includingregistration information, is available at:

[6] EPIC Publishes Privacy Law Sourcebook

New from EPIC: "The Privacy Law Sourcebook: United States Law,
International Law, and Recent Developments" by EPIC's Director MarcRotenberg, is the most-current single-volume collection of majorprivacy laws from around the globe. This essential resource containsall of the major U.S. privacy laws, including the Privacy Act of 1974,
the Electronic Communications Privacy Act of 1986 and the TelephoneConsumer Protection Act of 1991, as well as the text of the OECDCryptography Guidelines and the European Union Data Directive, whichgoes into force in the fall of 1998.

The Sourcebook also includes the complete text of the 1980 OECD PrivacyGuidelines, the international privacy framework that is the basis formany privacy laws around the globe. Recent working papers from theEuropean Commission on the critical issue of determining "adequacy" ofdata protection in third party countries are also covered.

The detailed Table of Contents makes it easy to find and identify thestatutory provisions that you are looking for, while a PrivacyResources page provides you with the online addresses to severalexcellent sites dealing with privacy laws and policies.

Total length of the soft cover book is approximately 435 pages. Toorder, send a check or money order along with your delivery address to:
EPIC Publications, 666 Pennsylvania Avenue S.E., Suite 301, Washington,
D.C. 20003. Within the U.S., cost is $54 per copy, $29 for lawstudents, non-government organizations and non-profits. Outside of theU.S., the Sourcebook is $60 per copy, $35 for law students,
non-government organizations and non-profits. All prices includeshipping and handling and are in U.S. funds.

For many other great titles on privacy, free speech and encryption,
visit the EPIC Bookstore at:

[7] New Bills and Action in Congress

H.R. 4281. Patient Privacy Act of 1998. Repeals requirement fornational patient ID number. Introduced by Paul (R-TX) on July 21.
Referred to the Committee on Ways and Means.

H.R. 4312. Medical Privacy Protection Act of 1998. Repeals national IDnumber for patients. Introduced by Barr (R-GA) on July 22. Referred tothe Committee on Ways and Means, and in addition to the Committee onGovernment Reform and Oversight.

H.R. 4321. Financial Information Privacy Act of 1998. To protectconsumers and financial institutions by preventing personal financialinformation from being obtained from financial institutions under falsepretenses. Introduced by Leach (R-IA) on July 23. Referred to theCommittee on Banking and Financial Services. Approved by HouseCommittee on Banking and Financial Service on August 21. Referredsequentially to the House Committee on the Judiciary and HouseCommittee on Commerce until Sept 25.

H.R. 4388. Consumer Financial Privacy Protection Act of 1998. Amendsthe Consumer Credit Protection Act to require consumer privacyprotections. Introduced by LaFalce (D-NY) on August 4. Referred to theCommittee on Banking and Financial Services.

H.R. 4395. Real Estate Transaction Privacy Promotion Act. Prohibit alender from requiring a borrower in a residential mortgage transactionto provide the lender with unlimited access to the borrower's taxreturn information. Introduced by Rivers (D-MI) on August 4. Referredto the Committee on Banking and Financial Services.

H.R. 4425. Personal Privacy Protection Act. Anti-Paparazzi bill.
Introduced by Conyers (D-MI) on August 6. Referred to the Committee onthe Judiciary.

H.R. 4431. HIV Partner Protection Act. AIDS partner notification bill.
Introduced by Ackerman (D-NY). Referred to the Committee on Commerce.

H.R. 4470. Personal Data Privacy Act of 1998. To prohibit Federal,
State, and local agencies and private entities from transferring,
selling, or disclosing personal data with respect to an individual toother agencies or entities without the express consent of theindividual except in limited circumstances, and to require suchagencies and entities to provide individuals with personal datamaintained with respect to such individuals. Introduced by Hinchey(D-NY) on August 6. Referred to the Committee on Government Reform andOversight.

H.R. 4478. Depository Institution Customers Financial PrivacyEnhancement Act of 1998. To require insured depository institutions,
depository institution holding companies, and insured credit unions toprotect the confidentiality of financial information obtainedconcerning their customers, and for other purposes. Introduced byMarkey (D-MA) on August 6. Referred to the Committee on Banking andFinancial Services.

H.R. 4479. Securities Investors Privacy Enhancement Act of 1998. Torequire brokers, dealers, investment companies, and investment advisersto protect the confidentiality of financial information obtainedconcerning their customers, and for other purposes. Introduced byMarkey (D-MA) on August 6. Referred to the Committee on Committee onCommerce.

S. 2433. To protect consumers and financial institutions by preventingpersonal financial information from being obtained from financialinstitutions under false pretenses. Introduced on September 2 byD'Amato (R-NY).

[8] Upcoming Conferences and Events

Telecommunications Policy Research Conference. October 3-5, 1998Alexandria, Virginia. Contact:

The Public Voice in the Development of Internet Policy. Ottawa, Canada.
October 7, 1998. Sponsored by GILC. Contact:

One Planet, One Net: Governing the Internet Symposium. Boston, Mass,
Oct. 10-11. Sponsored by CPSR. Contact:

PDC 98 - the Participatory Design Conference, "BroadeningParticipation" November 12-14, 1998. Seattle, Washington. Sponsored byComputer Professionals for Social Responsibility in cooperation withACM and CSCW 98. Contact:
Computer Ethics. Philosophical Enquiry 98 (CEPE'98). 14-15 December1998 London, UK. Sponsored by ACMSIGCAS and London School of Economics.
1999 RSA Data Security Conference. January 18-21, 1999. San Jose,
California. Sponsored by RSA. Contact:

FC '99 Third Annual Conference on Financial Cryptography. February22-25 1999 Anguilla, B.W.I., (submissions due: September 25, 1998).

Computers, Freedom and Privacy (CFP) '99. April 6-8. Washington, DC.
Sponsored by ACM. Contact:

(Send calendar submissions to

Subscription Information

The EPIC Alert is a free biweekly publication of the ElectronicPrivacy Information Center. To subscribe or unsubscribe, send emailto with the subject: "subscribe" (no quotes) or"unsubscribe". A Web-based form is available at:
Back issues are available at:

About EPIC

The Electronic Privacy Information Center is a public interestresearch center in Washington, DC. It was established in 1994 tofocus public attention on emerging privacy issues such as the ClipperChip, the Digital Telephony proposal, national ID cards, medicalrecord privacy, and the collection and sale of personal information.
EPIC is sponsored by the Fund for Constitutional Government, anon-profit organization established in 1974 to protect civil libertiesand constitutional rights. EPIC publishes the EPIC Alert, pursuesFreedom of Information Act litigation, and conducts policy research.
For more information, e-mail, orwrite EPIC, 666 Pennsylvania Ave., SE, Suite 301, Washington, DC20003. +1 202 544 9240 (tel), +1 202 547 5482 (fax).

If you'd like to support the work of the Electronic PrivacyInformation Center, contributions are welcome and fully tax-
deductible. Checks should be made out to "The Fund forConstitutional Government" and sent to EPIC, 666 Pennsylvania Ave.,
SE, Suite 301, Washington DC 20003. Individuals with First Virtualaccounts can donate at
Your contributions will help support Freedom of Information Act andFirst Amendment litigation, strong and effective advocacy for theright of privacy and efforts to oppose government regulation ofencryption and funding of the digital wiretap law.

Thank you for your support.

END EPIC Alert 5.12

WorldLII: Copyright Policy | Disclaimers | Privacy Policy | Feedback