WorldLII Home | Databases | WorldLII | Search | Feedback

EPIC Alert

You are here:  WorldLII >> Databases >> EPIC Alert >> 1998 >> [1998] EPICAlert 15

Database Search | Name Search | Recent Articles | Noteup | LawCite | Help

EPIC Alert 5.15 [1998] EPICAlert 15


Volume 5.15 October 28, 1998

Published by the Electronic Privacy Information Center (EPIC)
Washington, D.C.

Table of Contents

[1] Lawsuit Filed Against New Censorship Law
[2] European Privacy Law Goes Forward
[3] FCC Gives Tentative Approval to FBI Wiretap Standards
[4] EPIC Releases New Report on Endangered Civil Liberties
[5] 10th GVU WWW Survey Underway
[6] Report on NSA's Echelon Network Goes to Congress
[7] New at the EPIC Bookstore
[8] Upcoming Conferences and Events

[1] Lawsuit Filed Against New Censorship Law

EPIC has joined other online civil liberties groups in a courtchallenge to the new federal Internet censorship bill signed byPresident Clinton as part of the omnibus budget package. The lawsuit,
filed in Philadelphia on October 22, asserts that the "Child OnlineProtection Act" will violate both the free speech and privacy rightsof Internet users. The case is being litigated by EPIC, the AmericanCivil Liberties Union and the Electronic Frontier Foundation.
Demonstrating the range of speech affected, the list of plaintiffsincludes the Internet Content Coalition, a member group including TimeInc., Warner Bros., C/NET and The New York Times Online; OBGYN.Net, awomen's health website; Philadelphia Gay News; and Salon Magazine.

In February 1996, EPIC, ACLU and EFF filed a challenge to theill-fated Communications Decency Act. A three-judge federal panel inPhiladelphia struck down the law in June 1996, a ruling that wasupheld by a unanimous Supreme Court one year later.

The "Child Online Protection Act" makes it a federal crime to"knowingly" communicate "for commercial purposes" material considered"harmful to minors." Penalties include fines of up to $50,000 foreach day of violation, and up to six months in prison if convicted ofa crime. The government also has the option of bringing a civil suitagainst individuals under a lower standard of proof, with the samefinancial penalty of up to $50,000 per violation. Compliance with theAct would require websites to obtain identification and ageverification from visitors, a feature of the law that threatens onlineprivacy and anonymity.

In a seven-page analysis of the bill sent to Congress on October 5,
the Justice Department said that the bill had "serious constitutionalproblems" and would likely draw resources away from more important lawenforcement efforts such as tracking down hard-core childpornographers and child predators. The Justice Department also notedthat the new law is ineffective because minors would still be able toaccess news groups or Internet relay chat channels, as well as anywebsite generated from outside of the United States.

The text of the complaint is available at:

[2] European Privacy Law Goes Forward

The European Union Data Directive goes into force this week. The newlaw provides basic privacy rights for consumers and should encouragethe development of privacy enhancing technologies. The data directivegrew out of specific circumstances related to the integration of theEuropean economies and the need to harmonize national privacy laws. Italso reflects a widely held belief that privacy is a fundamental humanright, entitled to full protection in law.

Under the EU rules, European citizens have a right to:

See any information about them and know how the information will be used;

access the information and make corrections;

be notified before the information is sold or shared elsewhere and choose who else can have access to the information; and
sue if a company is in violation of these conditions.

The EU Data Directive has been endorsed strongly by BEUC, the leadingEuropean Consumers Organization. In a letter this month to EuropeanCommission Member Mario Monti, BEUC Director Jim Murray wrote, "Ourconcern is with the personal data of European consumers which may beexported to the U.S. European consumers must not lose their specificprotections when that data is exported. If the U.S. cannot giveeffective guarantees on this point, personal data should not beexported from the EU to the U.S."

Other countries are following Europe's lead. Canada is the most recentof several governments that have announced plans to adopt comprehensiveprivacy legislation to promote consumer confidence and encourage thedevelopment of new commercial services. The EU Data Directive has alsobeen cited several times as contributing to the decision of EU membercountries not to endorse the U.S.-promoted key escrow/key recoveryencryption scheme.

Simon Davies, Director of Privacy International, has indicated that PIwill begin enforcement actions against firms that fail to comply withthe requirements of the EU Directive as early as this year. LouiseSylvan, Vice President of Consumer International, has said that theinternational consumer organization will begin an evaluation this yearof the adequacy of consumer privacy protection around the globe. Inthe United States opinion polls show public support for new privacylegislation.

The following resources are available online:

European Union Directive
Privacy International

Consumers International

EPIC Congressional Testimony on the EU Data Directive and Privacy

[3] FCC Gives Tentative Approval to FBI Wiretap Standards

In a statement released on October 22, the Federal CommunicationsCommission expressed its tentative approval of FBI-proposed technicalrequirements that would enable law enforcement to determine thelocation of individuals using cellular telephones. The Commissiontentatively approved some other capabilities requested by the Bureau,
rejected several, and deferred decisions on other issues, includingsurveillance of Internet "packet" communications. The initial decisioncame in a proceeding under the controversial Communications Assistanceto Law Enforcement Act (CALEA). EPIC previously filed formal commentswith the FCC urging the protection of communications privacy.

In its "Further Notice of Proposed Rulemaking," the FCC proposes toadopt the "uncontested" elements of an interim technical standard forCALEA compliance developed by the FBI and the telecommunicationsindustry. Despite the Commission's characterization, EPIC and otherparties had urged the rejection of the interim standard. With respectto nine capabilities the Bureau and industry were unable to agree on,
the FCC tentatively endorsed five, rejected three and expressed noopinion on one. "Location information" -- the ability to determinethe physical location of a cellular phone user -- was the mostcontroversial issue before the Commission and is likely to receive themost attention in further proceedings.

The FCC action of October 22 is not final. The Commission emphasizedthat
while the [Notice] proposes only initial threshold judgments on each of the above issues, the Commission in this proceeding -- as directed by Congress -- will also take into account five factors that must be considered under [CALEA]. Those factors are:
(1) meeting the assistance capability requirements of section 103 by cost-effective methods; (2) protecting the privacy and security of communications not authorized to be intercepted; (3) minimizing the cost of CALEA compliance on residential ratepayers; (4) serving the policy of the United States to encourage the provision of new technologies and services to the public; and (5)
providing a reasonable time and conditions for CALEA compliance.

Additional information on CALEA is available at:

[4] EPIC Releases New Report on Endangered Civil Liberties

On October 26, EPIC released a new report -- "Critical InfrastructureProtection and the Endangerment of Civil Liberties." The reportfinds that several Administration recommendations and proposals --
including two Presidential Decision Directives (62 and 63) -- mayseverely impact the privacy and civil liberties of Americans.

Notably, the report calls into question the increased nationalpolicing powers of the FBI and the Defense Department in monitoringpotential attacks on the nation's critical infrastructure, includingthe Internet. These activities are being facilitated by several newfederal agencies with significant powers to conduct monitoring ofnetwork activity, including the FBI's National Infrastructure ThreatCenter, the White House's Critical Infrastructure Assurance Office(CIAO), and the President's National Coordinator for Security,
Infrastructure Protection, and Counter-Terrorism.

Several proposals contained in last year's report by the President'sCommission on Critical Infrastructure Protection (the "Marsh Report")
could significantly weaken such important legislation as the PrivacyAct of 1974, the Electronic Communications Privacy Act, the ComputerSecurity Act, Posse Comitatus, the Freedom of Information Act, theEmployee Polygraph Protection Act, the Federal Advisory Committee Act,
and various state privacy and freedom of information laws.

The EPIC report was released at a press briefing at the National PressClub. Proposals to virtually "deputize" private sector informationsystem and network security personnel by requiring them to besubjected to polygraph examinations were criticized as "absurd" bynoted computer security expert Bill Murray, who spoke as a panelist onbehalf of the International Information System Security CertificationConsortium (ISC2),

Resource materials on critical infrastructure protection, includingthe EPIC report (in PDF format), are available at:

[5] 10th GVU WWW Survey Underway

The Graphics, Visualization & Usability Center, an academic researchcenter affiliated with Georgia Tech's College of Computing, is nowconducting the 10th WWW Survey. The survey will focus on web andInternet usage habits; consumer preferences and behaviors; consumeronline privacy; attitudes and opinions on social issues and electroniccommerce; webmastering and more.

Web users are encouraged to visit the survey site and answer a seriesof questions. Privacy and anonymity will be protected. The surveyruns from October 10 to November 10, 1998. Results should be availablearound January 25, 1999.

The GVU would also like you to know that "numerous $100 (US) cashprizes will be awarded to randomly selected respondents (you have amuch better chance of winning than the lottery)."

The 10th GVU WWW Survey:

For more information about public attitudes toward privacy, visit theEPIC Privacy Surveys Archive at:

[6] Report on NSA's Echelon Network Goes to Congress

A new report on the National Security Agency's top-secret spyingnetwork will soon be sent to members of Congress. The report --
"Echelon: America's Spy in the Sky" was produced by the Free CongressFoundation and details the history and workings of the NSA's globalelectronic surveillance system. The system is reportedly capable ofintercepting, recording and translating any electronic communicationsent anywhere in the world.

The surveillance system has recently been the focus of controversy.
The European Parliament will commission a full report into theworkings of Echelon. The parliamentary report is expected to focus onconcerns that the system has been expanded and is being directed atthe communications of European companies and elected officials. TheFree Congress Foundation is urging the U.S. Congress to examineEchelon as carefully as the European Parliament has.

The NSA refuses to confirm nor deny Echelon's existence, butinvestigative journalists and civil liberties activists have uncovereda number of the system's details in recent years.

The new report on Echelon is available at:

[7] New at the EPIC Bookstore

New and Available from the EPIC bookstore:

EPIC's latest publication, "Critical Infrastructure Protection and theEndangerment of Civil Liberties." This report, authored by EPICSenior Fellow Wayne Madsen, an expert in intelligence communityissues, was released October 26 at the National Press Club. The EPICreport responds to earlier recommendations of the President'sCommission on Critical Infrastructure Protection (PCCIP) that wouldextend government investigative authority and secrecy while limitingprivacy rights. The report warns that efforts to protect the nation'scritical infrastructures could result in sweeping new limitations onpersonal privacy and government accountability.

Hard copies of the 54 page report are available for $10 plus $3shipping and handling. To order, send a check or money order alongwith your delivery address to: EPIC Publications, 666 PennsylvaniaAvenue S.E., Suite 301, Washington, D.C. 20003.

For many other great titles on privacy, free speech and encryption,
visit the EPIC Bookstore at:

[8] Upcoming Conferences and Events

Encryption Controls Workshop. Bedford, MA. October 29. Sponsored byU.S. Department of Commerce. Contact: (202) 482-6031.

"Protecting Personal Privacy on the Internet: Risks, Laws, and'Self-Regulation.'" Washington, DC. November 4. Communication,
Culture and Technology Program, Georgetown University. Speakersinclude David Sobel of EPIC. Contact:
PDC 98 - the Participatory Design Conference, "BroadeningParticipation." November 12-14. Seattle, WA. Sponsored by ComputerProfessionals for Social Responsibility in cooperation with ACM andCSCW 98. Contact:
Data Privacy in the Global Age. November 13. Milwaukee, WI.
Sponsored by ACLU of Wisconsin Data Privacy Project. Contact: CaroleDoeppers <>.

Computer Ethics. Philosophical Enquiry 98 (CEPE'98). December 14-15.
London, UK. Sponsored by ACMSIGCAS and London School of Economics.
1999 RSA Data Security Conference. January 18-21, 1999. San Jose, CA.
Sponsored by RSA. Contact:

FC '99 Third Annual Conference on Financial Cryptography. February22-25, 1999 Anguilla, B.W.I. Contact:

Computers, Freedom and Privacy (CFP) '99. April 6-8, 1999. Washington,
DC. Sponsored by ACM. Contact:

1999 EPIC Cryptography and Privacy Conference. June 7, 1999.
Washington, DC. Sponsored by EPIC. Contact:

Subscription Information

The EPIC Alert is a free biweekly publication of the ElectronicPrivacy Information Center. To subscribe or unsubscribe, send emailto with the subject: "subscribe" (no quotes) or"unsubscribe". A Web-based form is available at:
Back issues are available at:

About EPIC

The Electronic Privacy Information Center is a public interestresearch center in Washington, DC. It was established in 1994 tofocus public attention on emerging privacy issues such as the ClipperChip, the Digital Telephony proposal, national ID cards, medicalrecord privacy, and the collection and sale of personal information.
EPIC is sponsored by the Fund for Constitutional Government, anon-profit organization established in 1974 to protect civil libertiesand constitutional rights. EPIC publishes the EPIC Alert, pursuesFreedom of Information Act litigation, and conducts policy research.
For more information, e-mail, orwrite EPIC, 666 Pennsylvania Ave., SE, Suite 301, Washington, DC20003. +1 202 544 9240 (tel), +1 202 547 5482 (fax).

If you'd like to support the work of the Electronic PrivacyInformation Center, contributions are welcome and fully tax-
deductible. Checks should be made out to "The Fund for ConstitutionalGovernment" and sent to EPIC, 666 Pennsylvania Ave., SE, Suite 301,
Washington DC 20003. Individuals with First Virtual accounts candonate at
Your contributions will help support Freedom of Information Act andFirst Amendment litigation, strong and effective advocacy for theright of privacy and efforts to oppose government regulation ofencryption and funding of the digital wiretap law.

Thank you for your support.

END EPIC Alert 5.15

WorldLII: Copyright Policy | Disclaimers | Privacy Policy | Feedback