You are here:
WorldLII >>
Databases >>
EPIC Alert >>
1998 >>
[1998] EPICAlert 16
Database Search
| Name Search
| Recent Articles
| Noteup
| LawCite
| Help
EPIC Alert 5.16 [1998] EPICAlert 16
EPIC ALERT
Volume 5.16 November 10, 1998
Published by the Electronic Privacy Information Center (EPIC)
Washington, D.C.
http://www.epic.org
Table of Contents
[1] ACTION: Comment on U.S. Privacy Policy
[2] Congress Approves Identity Theft Legislation
[3] Appeals Court Limits Copyright of Legal Documents
[4] Encryption Policy Update
[5] Final Actions in 105th Congress
[6] Nominations Sought for PEN First Amendment Award
[7] Updated and Expanded EPIC Bookstore
[8] Upcoming Conferences and Events
[1] ACTION: Comment on U.S. Privacy Policy
The Department of Commerce has posted a draft policy on privacy. Thepolicy proposes the establishment of a "Safe Harbor" regime that
wouldallow U.S. firms to self-certify compliance with principlesestablished by the Commerce Department. The proposal is intended
toaddress European concerns that privacy protection in the United Statesis not "adequate." But the plan falls short of standard
fairinformation practices and leaves open the question of when actualprivacy safeguards will be adopted in the United States.
While it remains unclear whether the Commerce Department is genuinelyinterested in the views of the American public -- the draft isaddressed
to "Industry Representatives" -- EPIC is urging individualsconcerned about privacy to submit comments to the Department. Webelieve
that the position espoused by the U.S. government on privacyissues should reflect more than the trade concerns of U.S. companies.
Here are the points that EPIC will emphasize to the Department ofCommerce:
- The Safe Harbor proposal falls short of the 1980 OECD Privacy Principles that the United States endorsed almost twenty years
ago and recently pledged to continue to support.
- The Safe Harbor principles undermine key elements of data protection. "Consent" is redefined as "choice." There is no reference
to "use limitation" or "purpose specification," even though both principles are found in the 1980 OECD Privacy Guidelines
- There is no real means of enforcement for the Safe Harbor Principles. Enforcement by self-regulation has not worked.
For example, Geocities received a certification from Truste even while under investigation for violating the privacy of its
users.
- The Safe Harbor principles discriminate against small and medium sized companies operating on the Internet that may not be
able to self-certify.
- The Safe Harbor principles do not address the need to fix U.S.
policies on encryption and other privacy enhancing technologies.
- The U.S. still lacks privacy protection in critical areas, such as medical records, and the American public supports legislation
to protect privacy online.
- The Safe Harbor principles do not address the need to create a permanent privacy agency to represent the interests on privacy
protection.
Comments are due by November 19.
The text of the Department of Commerce letter on "Safe Harbor" isavailable at:
http://www.ita.doc.gov/ecom/menu.htm
Submit comments ("U.S. Privacy Policy") to Eric Fredell, Task Force onElectronic Commerce, International Trade Administration, Department
ofCommerce, 14th and Constitution Ave., Washington, DC 20230 or by emailecommerceita.doc.gov (email).
[2] Congress Approves Identity Theft Legislation
In the last days of the legislative session, Congress approved a newlaw providing limited legal protections against identity theft.
Support for the Identity Theft and Assumption Deterrence Act of 1998(H.R. 4151) was led by Rep. John Shadegg (R-AZ).
The law imposes criminal penalties on any person who "knowinglytransfers or uses, without lawful authority, a means of identificationof
another person with the intent to commit, or to aid or abet, anyunlawful activity that constitutes a violation of Federal law, or
thatconstitutes a felony under any applicable State or local law." The lawpenalizes persons who assume others' identities and use
them to obtaincar loans, credit cards and other financial obligations. Violators canbe imprisoned for up to three years and fined
a maximum of $250,000.
The bill also directs the Federal Trade Commission to establish aclearinghouse for receiving complaints about identity theft andproviding
information and referrals to identity theft victims. Effortsto place limits of the dissemination of personal information that makesidentity
theft possible were strongly opposed by businesses and werenot included in the bill.
President Clinton signed the bill into law on October 30. At thesigning ceremony, Clinton said, "As we enter the Information Age,
it iscritical that our newest technologies support our oldest values."
[3] Appeals Court Limits Copyright of Legal Documents
In two cases decided on November 3, the U.S. Court of Appeals for the2nd Circuit limited the ability of legal publisher West Publishing
tocopyright legal decisions. In the first case, the court ruled thatWest does not obtain copyrights to the text of judicial decisions
whenit makes minor grammatical and formatting changes to them. In thesecond case, the court ruled that page numbers in West's law
books arenot protected by copyright law.
The court ruled in Matthew Bender v. West Publishing that minoreditorial changes made by West are not sufficiently original to warrantadditional
legal protection:
All of West's alterations to judicial opinions involve the addition and arrangement of facts, or the rearrangement of data
already included in the opinions, and therefore any creativity in these elements of West's case reports lies in West's selection
and arrangement of this information. In light of accepted legal conventions and other external constraining factors, West's
choices on selection and arrangement can reasonably be viewed as obvious, typical, and lacking even minimal creativity.
In the second case, the court ruled that CD-ROM publishers couldinclude in the text of decisions the page numbers used by West in
itprinted volumes. This is important since West holds a de factomonopoly over printed legal decisions and competing publishers need
torefer to West page numbers to ensure that courts and attorneys canlocate cited cases.
The case may have important implications when the 106th Congressconvenes next year. Several members of the Senate have announced
plansto seek adoption of a bill to provide legal protections for databasesof non-copyrighted facts.
Additional information is available at:
http://www.hyperlaw.com/hlvwest.htm
[4] Encryption Policy Update
- The Finnish government announced a new encryption policy on November9. It calls for no domestic restrictions on the development
and useof encryption products and relaxed policies on exports: "Finlandsupports free trade and use of cryptographic products. In
Finland,
the use of strong encryption should not be restricted by legislationor international agreements ... Finland's aims are to examine
therestrictions on cryptographic products so that control listscorrespond to technical development, and to ensure that the necessaryrestrictions
will not unreasonably impede normal foreign trade ofindustry and businesses."
The text of the Finnish policy is available at:
http://www.vn.fi/lm/telecom.htm.
- The 6th Circuit U.S. Court of Appeals has indicated that it willdelay consideration of a closely followed encryption case. The court
will delay proceedings in Junger v. Daley for at least 45 days, possiblyanticipating that the 9th Circuit will soon announce a ruling
in theBernstein case, which raises similar issues. On July 7, Judge JamesGwin of the U.S. District Court for the Northern District
of Ohio ruledthat law professor Peter Junger cannot challenge encryption exportrestrictions on the ground that they abridge his right
to free speechon the Internet. In his decision, Judge Gwin stated that "...
exporting source code is conduct that can occasionally havecommunicative elements. Nevertheless, merely because conduct isoccasionally
expressive does not necessarily extend First Amendmentprotection to it." Professor Junger appealed that decision to the 6thCircuit.
- The Bureau of Export Administration (BXA) has approved PrivateDoorbell, a product proposal presented by a coalition of 10 U.S.
technology companies lead by Cisco Systems, Inc. The system consistsof secure routers which would allow interception of plaintext
beforethe router encrypts the communication. The system doesn't account forend-to-end encryption systems; if internet users encrypt
e-mail attheir PCs, the system does not help law enforcement recover theplaintext of the message.
Additional information on encryption policy is available at:
http://www.crypto.org
[5] Final Actions in 105th Congress
The following measures were enacted in the closing days of the 105thCongress:
Digital Millennium Copyright Act (Public Law 105-304). Expandscopyrights for electronic media. Criminalizes possession and use oftools
that remove copyright protection. Limited exceptions for privacyprotection, security and encryption research. Does not includeprovisions
providing legal protections for databases.
Consumer Reporting Employment Clarification Act of 1998 (Public Law105-347). Amends Fair Credit Report Act to allow oral consent
foremployers in trucking industry to obtain credit report. Expandsexemptions of FCRA in use for national security investigations.
The Omnibus Consolidated and Emergency Supplemental Appropriations Act,
1999 (H.R. 4328). Included the Child Online Protection Act (see EPICAlert 5.15) and the following provisions:
Children's Online Privacy Protection Act (Title XIII). Limitscollection and dissemination of personal information about childrenunder
age of 13. Allows access by parents to information collected.
Gives Federal Trade Commission and states enforcement power.
Identity Cards (Sec. 362). Prohibits Department of Transportation fromspending money in the current fiscal year to issue final standards
onDOT's national ID card proposal.
Government Paperwork Elimination Act (Title XVII). Requires agenciesto disclose electronic records instead of physical records and
use andaccept digital signatures within five years. Requires OMB and NTIA toconduct study of digital signatures.
Drug Free Workplace Act of 1998 (Title IX). Encourages smallbusinesses to test for drug use. Creates pilot program withincentives.
Requires privacy protections for drug testing program.
Prison guard privacy (Sec. 127). Prohibits disclosure of financial orpersonal information of a person employed by a state or federal
prisonwithout a court order or consent.
The text of all laws enacted in the 105th Congress is available at:
http://thomas.loc.gov/bss/d105/d105laws.html
[6] Nominations Sought for PEN First Amendment Award
Nominations are encouraged for the PEN/Newman's Own First AmendmentAward. The award, $25,000 and a limited-edition artwork, is presentedeach
spring to a U.S. resident who has fought courageously, despiteadversity, to safeguard the First Amendment right to freedom ofexpression
as it applies to the written word.
Previous winners have included a journalist, playwright, bookstoreowner and school teachers.
The judges for last year's award were PEN members Bette Bao Lord, KurtVonnegut and Sean Wilentz and First Amendment experts Joan E.
Bertinand Leon Friedman.
For further information and an application form, please write: ElhamKalantar, PEN/Newman's Own First Amendment Award, PEN American
Center,
568 Broadway, Suite 401, New York, NY 10012
Deadline for application: December 31, 1998
Additional information, including the application form, is availableat:
http://www.pen.org/freedom/nomination.html
Information on Internet censorship is available at the Internet FreeExpression Alliance website:
http://www.ifea.net
[7] Updated and Expanded EPIC Bookstore
EPIC is pleased to announce its newly updated and expanded onlinebookstore. This month, the following books are among those featured
atthe site:
The Shadow University: The Betrayal of Liberty on America's Campuses byAlan Charles Kors and Harvey A. Silverglate (Free Press, 320
pages,
1998).
The authors "deliver the unexpected. Refreshingly, they seem to believe that even if professors teach what they wish,
Western civilization will survive.... The abuses they describe need fixing, and this cogent book should help." - The New
York Times Book Review
Secrecy : The American Experience by Daniel Patrick Moynihan, RichardGid Powers (Introduction) (Hardcover, 320 pages, Yale University
Press,
1998).
A Senator and historian looks at the history of secrecy in America and weighs its costs for democratic government,
national security, and agency accountability. His conclusion:
more secrecy not less is the key to protecting the nation.
The Privacy Law Sourcebook: United States Law, International Law, andRecent Developments. Marc Rotenberg, Editor (EPIC 1998).
The Privacy Law Sourcebook is the first one-volume resource for students, attorneys, researchers and journalists who need
a comprehensive collection of both US and International privacy law, as well as a fully up-to-date section on recent developments.
Includes the full texts of most major privacy laws and directives including the FCRA, the Privacy Act, FOIA, Family Educational
Rights Act, Right to FInancial Privacy Act, Privacy Protection Act, Cable Communications Policy Act, ECPA, Video Privacy
Protection Act, OECD Privacy Guidelines, OECD Cryptography Guidelines, European Union Directives for both Data Protection
and Telecommunications, and more.
Order these and other titles at the EPIC Bookstore:
http://www.epic.org/bookstore/
[8] Upcoming Conferences and Events
PDC 98 - the Participatory Design Conference, "BroadeningParticipation." November 12-14. Seattle, WA. Sponsored by ComputerProfessionals
for Social Responsibility in cooperation with ACM andCSCW 98. Contact: http://www.cpsr.org/conferences/pdc98
Data Privacy in the Global Age. November 13. Milwaukee, WI.
Sponsored by ACLU of Wisconsin Data Privacy Project. Contact: CaroleDoeppers <acluwicmdaol.com>.
Computer Ethics. Philosophical Enquiry 98 (CEPE'98). December 14-15.
London, UK. Sponsored by ACMSIGCAS and London School of Economics.
http://is.lse.ac.uk/lucas/cepe98.htm
1999 RSA Data Security Conference. January 18-21, 1999. San Jose, CA.
Sponsored by RSA. Contact: http://www.rsa.com/conf99/
FC '99 Third Annual Conference on Financial Cryptography. February22-25, 1999 Anguilla, B.W.I. Contact: http://fc99.ai.
Computers, Freedom and Privacy (CFP) '99. April 6-8, 1999. Washington,
DC. Sponsored by ACM. Contact: infocfp99.org.
1999 EPIC Cryptography and Privacy Conference. June 7, 1999.
Washington, DC. Sponsored by EPIC. Contact: infoepic.org.
Subscription Information
The EPIC Alert is a free biweekly publication of the ElectronicPrivacy Information Center. To subscribe or unsubscribe, send emailto
epic-newsepic.org with the subject: "subscribe" (no quotes) or"unsubscribe". A Web-based form is available at:
http://www.epic.org/alert/subscribe.html
Back issues are available at:
http://www.epic.org/alert/
About EPIC
The Electronic Privacy Information Center is a public interestresearch center in Washington, DC. It was established in 1994 tofocus
public attention on emerging privacy issues such as the ClipperChip, the Digital Telephony proposal, national ID cards, medicalrecord
privacy, and the collection and sale of personal information.
EPIC is sponsored by the Fund for Constitutional Government, anon-profit organization established in 1974 to protect civil libertiesand
constitutional rights. EPIC publishes the EPIC Alert, pursuesFreedom of Information Act litigation, and conducts policy research.
For more information, e-mail infoepic.org, http://www.epic.org orwrite EPIC, 666 Pennsylvania Ave., SE, Suite 301, Washington, DC20003.
+1 202 544 9240 (tel), +1 202 547 5482 (fax).
If you'd like to support the work of the Electronic PrivacyInformation Center, contributions are welcome and fully tax-
deductible. Checks should be made out to "The Fund for ConstitutionalGovernment" and sent to EPIC, 666 Pennsylvania Ave., SE, Suite
301,
Washington DC 20003.
Your contributions will help support Freedom of Information Act andFirst Amendment litigation, strong and effective advocacy for theright of privacy and efforts to oppose government regulation
ofencryption and funding of the digital wiretap law.
Thank you for your support.
END EPIC Alert 5.16
.
WorldLII:
Copyright Policy
|
Disclaimers
|
Privacy Policy
|
Feedback
URL: http://www.worldlii.org/int/journals/EPICAlert/1998/16.html
