WorldLII Home | Databases | WorldLII | Search | Feedback

EPIC Alert

You are here:  WorldLII >> Databases >> EPIC Alert >> 1998 >> [1998] EPICAlert 16

Database Search | Name Search | Recent Articles | Noteup | LawCite | Help

EPIC Alert 5.16 [1998] EPICAlert 16


Volume 5.16 November 10, 1998

Published by the Electronic Privacy Information Center (EPIC)
Washington, D.C.

Table of Contents

[1] ACTION: Comment on U.S. Privacy Policy
[2] Congress Approves Identity Theft Legislation
[3] Appeals Court Limits Copyright of Legal Documents
[4] Encryption Policy Update
[5] Final Actions in 105th Congress
[6] Nominations Sought for PEN First Amendment Award
[7] Updated and Expanded EPIC Bookstore
[8] Upcoming Conferences and Events

[1] ACTION: Comment on U.S. Privacy Policy

The Department of Commerce has posted a draft policy on privacy. Thepolicy proposes the establishment of a "Safe Harbor" regime that wouldallow U.S. firms to self-certify compliance with principlesestablished by the Commerce Department. The proposal is intended toaddress European concerns that privacy protection in the United Statesis not "adequate." But the plan falls short of standard fairinformation practices and leaves open the question of when actualprivacy safeguards will be adopted in the United States.

While it remains unclear whether the Commerce Department is genuinelyinterested in the views of the American public -- the draft isaddressed to "Industry Representatives" -- EPIC is urging individualsconcerned about privacy to submit comments to the Department. Webelieve that the position espoused by the U.S. government on privacyissues should reflect more than the trade concerns of U.S. companies.

Here are the points that EPIC will emphasize to the Department ofCommerce:

- The Safe Harbor proposal falls short of the 1980 OECD Privacy Principles that the United States endorsed almost twenty years ago and recently pledged to continue to support.

- The Safe Harbor principles undermine key elements of data protection. "Consent" is redefined as "choice." There is no reference to "use limitation" or "purpose specification," even though both principles are found in the 1980 OECD Privacy Guidelines
- There is no real means of enforcement for the Safe Harbor Principles. Enforcement by self-regulation has not worked.
For example, Geocities received a certification from Truste even while under investigation for violating the privacy of its users.

- The Safe Harbor principles discriminate against small and medium sized companies operating on the Internet that may not be able to self-certify.

- The Safe Harbor principles do not address the need to fix U.S.
policies on encryption and other privacy enhancing technologies.

- The U.S. still lacks privacy protection in critical areas, such as medical records, and the American public supports legislation to protect privacy online.

- The Safe Harbor principles do not address the need to create a permanent privacy agency to represent the interests on privacy protection.

Comments are due by November 19.

The text of the Department of Commerce letter on "Safe Harbor" isavailable at:

Submit comments ("U.S. Privacy Policy") to Eric Fredell, Task Force onElectronic Commerce, International Trade Administration, Department ofCommerce, 14th and Constitution Ave., Washington, DC 20230 or by (email).

[2] Congress Approves Identity Theft Legislation

In the last days of the legislative session, Congress approved a newlaw providing limited legal protections against identity theft.
Support for the Identity Theft and Assumption Deterrence Act of 1998(H.R. 4151) was led by Rep. John Shadegg (R-AZ).

The law imposes criminal penalties on any person who "knowinglytransfers or uses, without lawful authority, a means of identificationof another person with the intent to commit, or to aid or abet, anyunlawful activity that constitutes a violation of Federal law, or thatconstitutes a felony under any applicable State or local law." The lawpenalizes persons who assume others' identities and use them to obtaincar loans, credit cards and other financial obligations. Violators canbe imprisoned for up to three years and fined a maximum of $250,000.
The bill also directs the Federal Trade Commission to establish aclearinghouse for receiving complaints about identity theft andproviding information and referrals to identity theft victims. Effortsto place limits of the dissemination of personal information that makesidentity theft possible were strongly opposed by businesses and werenot included in the bill.

President Clinton signed the bill into law on October 30. At thesigning ceremony, Clinton said, "As we enter the Information Age, it iscritical that our newest technologies support our oldest values."

[3] Appeals Court Limits Copyright of Legal Documents

In two cases decided on November 3, the U.S. Court of Appeals for the2nd Circuit limited the ability of legal publisher West Publishing tocopyright legal decisions. In the first case, the court ruled thatWest does not obtain copyrights to the text of judicial decisions whenit makes minor grammatical and formatting changes to them. In thesecond case, the court ruled that page numbers in West's law books arenot protected by copyright law.

The court ruled in Matthew Bender v. West Publishing that minoreditorial changes made by West are not sufficiently original to warrantadditional legal protection:

All of West's alterations to judicial opinions involve the addition and arrangement of facts, or the rearrangement of data already included in the opinions, and therefore any creativity in these elements of West's case reports lies in West's selection and arrangement of this information. In light of accepted legal conventions and other external constraining factors, West's choices on selection and arrangement can reasonably be viewed as obvious, typical, and lacking even minimal creativity.

In the second case, the court ruled that CD-ROM publishers couldinclude in the text of decisions the page numbers used by West in itprinted volumes. This is important since West holds a de factomonopoly over printed legal decisions and competing publishers need torefer to West page numbers to ensure that courts and attorneys canlocate cited cases.

The case may have important implications when the 106th Congressconvenes next year. Several members of the Senate have announced plansto seek adoption of a bill to provide legal protections for databasesof non-copyrighted facts.

Additional information is available at:

[4] Encryption Policy Update

- The Finnish government announced a new encryption policy on November9. It calls for no domestic restrictions on the development and useof encryption products and relaxed policies on exports: "Finlandsupports free trade and use of cryptographic products. In Finland,
the use of strong encryption should not be restricted by legislationor international agreements ... Finland's aims are to examine therestrictions on cryptographic products so that control listscorrespond to technical development, and to ensure that the necessaryrestrictions will not unreasonably impede normal foreign trade ofindustry and businesses."

The text of the Finnish policy is available at:

- The 6th Circuit U.S. Court of Appeals has indicated that it willdelay consideration of a closely followed encryption case. The court
will delay proceedings in Junger v. Daley for at least 45 days, possiblyanticipating that the 9th Circuit will soon announce a ruling in theBernstein case, which raises similar issues. On July 7, Judge JamesGwin of the U.S. District Court for the Northern District of Ohio ruledthat law professor Peter Junger cannot challenge encryption exportrestrictions on the ground that they abridge his right to free speechon the Internet. In his decision, Judge Gwin stated that "...
exporting source code is conduct that can occasionally havecommunicative elements. Nevertheless, merely because conduct isoccasionally expressive does not necessarily extend First Amendmentprotection to it." Professor Junger appealed that decision to the 6thCircuit.

- The Bureau of Export Administration (BXA) has approved PrivateDoorbell, a product proposal presented by a coalition of 10 U.S.
technology companies lead by Cisco Systems, Inc. The system consistsof secure routers which would allow interception of plaintext beforethe router encrypts the communication. The system doesn't account forend-to-end encryption systems; if internet users encrypt e-mail attheir PCs, the system does not help law enforcement recover theplaintext of the message.

Additional information on encryption policy is available at:

[5] Final Actions in 105th Congress

The following measures were enacted in the closing days of the 105thCongress:

Digital Millennium Copyright Act (Public Law 105-304). Expandscopyrights for electronic media. Criminalizes possession and use oftools that remove copyright protection. Limited exceptions for privacyprotection, security and encryption research. Does not includeprovisions providing legal protections for databases.

Consumer Reporting Employment Clarification Act of 1998 (Public Law105-347). Amends Fair Credit Report Act to allow oral consent foremployers in trucking industry to obtain credit report. Expandsexemptions of FCRA in use for national security investigations.

The Omnibus Consolidated and Emergency Supplemental Appropriations Act,
1999 (H.R. 4328). Included the Child Online Protection Act (see EPICAlert 5.15) and the following provisions:

Children's Online Privacy Protection Act (Title XIII). Limitscollection and dissemination of personal information about childrenunder age of 13. Allows access by parents to information collected.
Gives Federal Trade Commission and states enforcement power.

Identity Cards (Sec. 362). Prohibits Department of Transportation fromspending money in the current fiscal year to issue final standards onDOT's national ID card proposal.

Government Paperwork Elimination Act (Title XVII). Requires agenciesto disclose electronic records instead of physical records and use andaccept digital signatures within five years. Requires OMB and NTIA toconduct study of digital signatures.

Drug Free Workplace Act of 1998 (Title IX). Encourages smallbusinesses to test for drug use. Creates pilot program withincentives. Requires privacy protections for drug testing program.

Prison guard privacy (Sec. 127). Prohibits disclosure of financial orpersonal information of a person employed by a state or federal prisonwithout a court order or consent.

The text of all laws enacted in the 105th Congress is available at:

[6] Nominations Sought for PEN First Amendment Award

Nominations are encouraged for the PEN/Newman's Own First AmendmentAward. The award, $25,000 and a limited-edition artwork, is presentedeach spring to a U.S. resident who has fought courageously, despiteadversity, to safeguard the First Amendment right to freedom ofexpression as it applies to the written word.

Previous winners have included a journalist, playwright, bookstoreowner and school teachers.

The judges for last year's award were PEN members Bette Bao Lord, KurtVonnegut and Sean Wilentz and First Amendment experts Joan E. Bertinand Leon Friedman.

For further information and an application form, please write: ElhamKalantar, PEN/Newman's Own First Amendment Award, PEN American Center,
568 Broadway, Suite 401, New York, NY 10012
Deadline for application: December 31, 1998
Additional information, including the application form, is availableat:

Information on Internet censorship is available at the Internet FreeExpression Alliance website:

[7] Updated and Expanded EPIC Bookstore

EPIC is pleased to announce its newly updated and expanded onlinebookstore. This month, the following books are among those featured atthe site:

The Shadow University: The Betrayal of Liberty on America's Campuses byAlan Charles Kors and Harvey A. Silverglate (Free Press, 320 pages,

The authors "deliver the unexpected. Refreshingly, they seem to believe that even if professors teach what they wish, Western civilization will survive.... The abuses they describe need fixing, and this cogent book should help." - The New York Times Book Review
Secrecy : The American Experience by Daniel Patrick Moynihan, RichardGid Powers (Introduction) (Hardcover, 320 pages, Yale University Press,

A Senator and historian looks at the history of secrecy in America and weighs its costs for democratic government,
national security, and agency accountability. His conclusion:
more secrecy not less is the key to protecting the nation.

The Privacy Law Sourcebook: United States Law, International Law, andRecent Developments. Marc Rotenberg, Editor (EPIC 1998).

The Privacy Law Sourcebook is the first one-volume resource for students, attorneys, researchers and journalists who need a comprehensive collection of both US and International privacy law, as well as a fully up-to-date section on recent developments.
Includes the full texts of most major privacy laws and directives including the FCRA, the Privacy Act, FOIA, Family Educational Rights Act, Right to FInancial Privacy Act, Privacy Protection Act, Cable Communications Policy Act, ECPA, Video Privacy Protection Act, OECD Privacy Guidelines, OECD Cryptography Guidelines, European Union Directives for both Data Protection and Telecommunications, and more.

Order these and other titles at the EPIC Bookstore:

[8] Upcoming Conferences and Events

PDC 98 - the Participatory Design Conference, "BroadeningParticipation." November 12-14. Seattle, WA. Sponsored by ComputerProfessionals for Social Responsibility in cooperation with ACM andCSCW 98. Contact:
Data Privacy in the Global Age. November 13. Milwaukee, WI.
Sponsored by ACLU of Wisconsin Data Privacy Project. Contact: CaroleDoeppers <>.

Computer Ethics. Philosophical Enquiry 98 (CEPE'98). December 14-15.
London, UK. Sponsored by ACMSIGCAS and London School of Economics.
1999 RSA Data Security Conference. January 18-21, 1999. San Jose, CA.
Sponsored by RSA. Contact:

FC '99 Third Annual Conference on Financial Cryptography. February22-25, 1999 Anguilla, B.W.I. Contact:

Computers, Freedom and Privacy (CFP) '99. April 6-8, 1999. Washington,
DC. Sponsored by ACM. Contact:

1999 EPIC Cryptography and Privacy Conference. June 7, 1999.
Washington, DC. Sponsored by EPIC. Contact:

Subscription Information

The EPIC Alert is a free biweekly publication of the ElectronicPrivacy Information Center. To subscribe or unsubscribe, send emailto with the subject: "subscribe" (no quotes) or"unsubscribe". A Web-based form is available at:
Back issues are available at:

About EPIC

The Electronic Privacy Information Center is a public interestresearch center in Washington, DC. It was established in 1994 tofocus public attention on emerging privacy issues such as the ClipperChip, the Digital Telephony proposal, national ID cards, medicalrecord privacy, and the collection and sale of personal information.
EPIC is sponsored by the Fund for Constitutional Government, anon-profit organization established in 1974 to protect civil libertiesand constitutional rights. EPIC publishes the EPIC Alert, pursuesFreedom of Information Act litigation, and conducts policy research.
For more information, e-mail, orwrite EPIC, 666 Pennsylvania Ave., SE, Suite 301, Washington, DC20003. +1 202 544 9240 (tel), +1 202 547 5482 (fax).

If you'd like to support the work of the Electronic PrivacyInformation Center, contributions are welcome and fully tax-
deductible. Checks should be made out to "The Fund for ConstitutionalGovernment" and sent to EPIC, 666 Pennsylvania Ave., SE, Suite 301,
Washington DC 20003.

Your contributions will help support Freedom of Information Act andFirst Amendment litigation, strong and effective advocacy for theright of privacy and efforts to oppose government regulation ofencryption and funding of the digital wiretap law.

Thank you for your support.

END EPIC Alert 5.16

WorldLII: Copyright Policy | Disclaimers | Privacy Policy | Feedback