WorldLII Home | Databases | WorldLII | Search | Feedback

EPIC Alert

You are here:  WorldLII >> Databases >> EPIC Alert >> 1998 >> [1998] EPICAlert 2

Database Search | Name Search | Recent Articles | Noteup | LawCite | Help

EPIC Alert 5.02 [1998] EPICAlert 2


Volume 5.02 February 10, 1998

Published by the Electronic Privacy Information Center (EPIC)
Washington, D.C.

Table of Contents

[1] New World Survey Finds Few Crypto Controls
[2] McCain Introduces Internet School Filtering Act
[3] U.S. Appeals Court Rules Secret Genetic Tests Violate Privacy
[4] State Department Releases World Human Rights Report
[5] Canada Proposes Comprehensive Privacy Law
[6] Fingerprinting is on the Rise
[7] New Congressional Bills and Upcoming Hearings
[8] Upcoming Conferences and Events

[1] New World Survey Finds Few Crypto Controls

The Global Internet Liberty Campaign (GILC) has released the firstcomprehensive review of cryptography policies around the globe.
"Cryptography and Liberty: An International Survey of EncryptionPolicy" is based on a survey of more than two hundred countries andregions. The purpose of the survey was to determine whether countriesare limiting the availability of new technologies that are used byInternet users and others to protect personal privacy.

According to the GILC report, most countries in the world do not havecontrols on the use of cryptography. "In the vast majority ofcountries, cryptography may be freely used, manufactured and soldwithout restriction." The report says that recent trends incryptography policy suggest greater liberalization in the use of thistechnology, which was originally controlled during the Cold War forreasons of national security.

A rough breakdown of the countries into five categories -- from "Red"
through "Yellow" to "Green" -- indicating how restrictive the policiestoward encryption are, found that most countries are grouped towardthe "Green" end of the spectrum, while a handful of countries fall inthe "Red" category. Those countries are Belarus, China, Israel,
Pakistan, Russia and Singapore.

The GILC report notes the "surprising" policies of the United States,
given that "virtually all of the other democratic, industrial nationshave few if any controls on the use of cryptography." The reportsuggest that the U.S. position may be explained by "the dominant rolethat state security agencies in the United States hold in thedevelopment of encryption policy."

But the report warns that law enforcement agencies in the U.S. andelsewhere will continue to push for an encryption "key managementinfrastructure" that would expand electronic surveillance of privatecommunications. The report concludes by urging the development of apublic education campaign to inform various political, labor andsocial groups on the benefits of and techniques for using encryption.

The GILC encryption survey is available on the Internet at:

[2] McCain Introduces Internet School Filtering Act

On February 9, Senator John McCain (R-AZ) introduced "The InternetSchool Filtering Act." The proposed legislation would require schoolsand libraries receiving federal Internet subsidies to install systems"to filter or block matter deemed to be inappropriate for minors."
The bill is co-sponsored by Senators Ernest Hollings (D-SC), Dan Coats(R-IN) and Patty Murray (D-WA).

Libraries would be required to certify that at least one computer usesa filtering system so that "it will be appropriate for minors' use."
A library would have to inform the Federal Communications Commissionwithin 10 days if it decided to change its filtering system or dropits use completely.

A number of surveys have shown that all current filtering and ratingsystems block out thousands, if not millions, of web pages that arenot obscene or indecent. A recent study of a popular filtered searchengine conducted by EPIC found that it filtered out 99 percent ofmaterial on non-controversial topics such as the American Red Cross,
the Boy Scouts, and pages created by elementary school students.

More information on the McCain bill and filters is available from theInternet Free Express Alliance web page at:

[3] U.S. Appeals Court Rules Secret Genetic Tests Violate Privacy

A federal appeals court ruled on February 3 that a government researchlaboratory that secretly tested employees for various genetic andmedical conditions had violated their privacy. The U.S. Court ofAppeals for the Ninth Circuit ruled that the testing of administrativeand clerical workers for syphilis, sickle cell trait and pregnancywithout their consent was a violation of Federal and Stateconstitutional rights to privacy and the Civil Rights Act of 1964.

The employees had consented to a general medical exam as a conditionof being hired and filled out questionnaires. The court found thegenetic tests were intrusive and that completing the questionnaire wasnot sufficient grounds to justify the intrusion:

[I]t is not reasonable to infer that a person who answers a questionnaire upon personal knowledge is put on notice that his employer will take intrusive means to verify the accuracy of his answers. There is a significant difference between answering on the basis of what you know about your health and consenting to let someone else investigate the most intimate aspects of your life . . .

That one has consented to a general medical examination does not abolish one's privacy right not to be tested for intimate, personal matters involving one's health --
nor does consenting to giving blood or urine samples, or filling out a questionnaire. As we have made clear, revealing one's personal knowledge as to whether one has a particular medical condition has nothing to do with one's expectations about actually being tested for that condition.

The court also found that the state constitutional right to privacywas violated. In the matter of black and female employees who weregiven additional tests, the court found that those tests violated theCivil Rights Act of 1964. A claim based on the Americans withDisabilities Act was rejected. The appeals court directed the lowercourt to make additions findings on the adequacy of the notice givento the employees.

More information on medical privacy is available at:

[4] State Department Releases World Human Rights Report

The U.S. State Department released its annual Human Rights Guide onJanuary 29, finding that privacy rights around the world were againwidely violated. The report covers a wide range of issues, fromdisappearances to children's rights -- including free speech andprivacy.

Wiretaps continued to be abused around the world. The StateDepartment reports that abuses of wiretapping occurred in 90countries. The worst regions were Africa, the Middle East, Asia andmany of the countries that made up the former Soviet Union. On apositive note, the situation in Latin America has improved markedlyover the last few years. The report has some notable omissions. Thereis no mention of the European Court of Human Rights' finding thatpolice in the United Kingdom had illegally wiretapped a policeconstable who had alleged sexual harassment. The report also omits amajor decision by the Indian Supreme Court on illegal tapping inIndia.

A number of countries limit use of the Internet. In Burma, a 1996 lawrequires government permission before accessing the Internet. InEritrea, the government has prohibited online access outright.
Singapore and China were also mentioned for their Internet controls.
Many counties in the Middle East also limited access for variousreasons.

Other technologies are also limited. In many countries in the MiddleEast and Asia, the legality of satellite dishes is unclear. Iraqi andBurmese laws impose imprisonment for possession of the devices withoutgovernment permission. Some countries, such as Bahrain, reportedlykeep tight controls on dishes while others, such as Saudi Arabia andSyria, have regulations but do not seem to enforce them.

Privacy and communications related excerpts from the State Departmentreports are available from the Privacy International Page at:

[5] Canada Proposes Comprehensive Privacy Law

A Canadian task force has recommended that comprehensive privacy lawsbe enacted in Canada. The Task Force on Electronic Commerce made upof Industry Canada and Justice Canada found that for electroniccommerce to succeed, "consumers, business and government ... need tofeel confident about how our personal information is gathered, stored,
and used." This can be achieved "by setting clear and predictablerules governing the protection of personal information."

A major impetus for the effort is the European directive on privacy,
which goes into effect in October 1998. The EU directive requires allcounties in the European Union to enact strict privacy laws and tolimit transfers to countries -- such as the U.S. and Canada -- whichdo not provide the same level of protection. In Canada, the federalPrivacy Act only applies to government agencies. Only the Province ofQuebec has adopted laws that protect the privacy of information heldby private corporations. Outside of Quebec, the report found thatprotections, as in the U.S., are "sporadic and uneven."

The task force recommended that a starting point for protectionsshould be the Canadian Standards Association's Model Code for theProtection of Personal Information, which was adopted last year.
However, the model code is only voluntary, so legislation is requiredto ensure that it is implemented widely and to provide for redress ifit is violated.

The paper seeks comments on a number of issues, including obligationsof information holders, the power of agencies to investigate andenforce protections, who will have jurisdiction, and the cooperationbetween federal and provincial officials. Comments are due on March27.

A copy of the task force report is available at:

[6] Fingerprinting is on the Rise

Fingerprinting -- once reserved for suspected criminals -- is becominga national plague. The FBI estimated that it will process 14 millionrequests for fingerprints. In January 1998, Michigan parents wereoutraged when administrators of the state's standardized educationtests apparently broke the law by requiring 122,000 public schoolfifth-graders to submit their fingerprints without parentalpermission. The fingerprints were collected as part of a sciencesegment in this year's Michigan Educational Assessment Program test.
The 1985 Child Identification and Protection Act requires writtenpermission for children to be fingerprinted unless the child is adelinquent or otherwise ordered to be fingerprinted by a judge.

Many states are now using fingerprints for drivers licenses. This isin part being pushed by the American Association of Motor VehicleAdministrators (AAMVA). The AAMVA wants to develop standards so thatinformation can be exchanged between agencies and jurisdictions.

Banks in 27 states, under pressure from national and state bankingassociations, have instituted policies which require fingerprintingfor some people who cash checks. In a recent survey, the CaliforniaPublic Interest Research Group (CALPIRG) found that only one yearafter the practice first began, nearly every large bank in Californianow requires a fingerprint to cash a non-account holder's check and atleast one bank also requires all customers opening new accounts toprovide fingerprints. The group warned that, if left unchecked, thetrend will spread to all bank account holders and to other industries.

Fingerprinting on driver's licenses has become increasinglycontroversial. In Georgia, a campaign to repeal the fingerprintingrequirement for licenses is under way. A bill to repeal the lawallowing the practice passed the State Senate last year. In Alabama,
the Department of Public Safety scuttled a plan to fingerprint alldriver's license applicants in 1997 after protests. In WashingtonState, a bill that would have required fingerprints on all driver'slicenses was also rejected by the State Senate last year.

[7] New Congressional Bills and Upcoming Hearings

Upcoming Hearings
* Senate *

February 10, 1998. Commerce, Science and Transportation. To holdhearings to examine incidents of indecency on the Internet. SR-253.
9:30 a.m.

February 10, 1998. Permanent Subcommittee on Investigations. To holdoversight hearings on fraud on the Internet. SD-342. 9:30 a.m.

February 10, 1998. Commerce, Science and Transportation -- Science,
Technology, and Space Subcommittee. To hold hearings to examinecurrent computer security vulnerabilities within civilian Federalagencies and current activities to prevent unauthorized computeraccess. SR-253. 2:30 p.m.

February 26, 1998. Labor and Human Resources. To resume hearings toexamine the confidentiality of medical information. SD-430. 10 a.m.

March 11, 1998. Judiciary Committee. Hearings on encryption policy.
Sponsored by Senator Ashcroft and Leahy.

* New Bills *

H.R.3131. Makes reports written by the Congressional Research Serviceavailable to the public via the Internet. Introduced by Rep. Shays onJanuary 28, 1998. Referred to the Committee on House Oversight.

H. R. 3174. Requires electronic preservation and filing of reportsfiled with the Federal Election Commission by certain persons; torequire such reports to be made available through the Internet; andfor other purposes. Introduced by Rep. White (R-WA) on February 5,
1998. Referred to the Committee on House Oversight.

S 1578. Makes reports written by the Congressional Research Serviceavailable to the public via the Internet. Introduced by Sen. McCain(R-AZ) on January 28, 1998. Referred to the Committee on Rules andAdministration.

S.1594. Digital Signature and Electronic Authentication Law (SEAL) of1998. Facilitates the use of electronic authentication techniques byfinancial institutions. Introduced by Senator Bennett (R-UT) onFebruary 2, 1998. Referred to the Committee on Banking, Housing, andUrban Affairs.

[8] Upcoming Conferences and Events

Cyber-Labels: For Better or For Worse? Jim Miller, World Wide WebConsortium, and Barry Steinhardt, Electronic Frontier Foundation.
February 17, 1998. Sponsored by the Cyberspace Policy Institute.

The Eighth Conference on Computers, Freedom & Privacy. February,
18-20, 1998. Austin, TX. Contact:

"Building Trust in Electronic Commerce" ICX London Conference -
Digital Signatures and Trusted Third Parties One Whitehall Place,
19th February 1998. Westminster, London. Sponsored by InternationalCommerce Exchange. Contact:
Financial Cryptography '98. February 23-26, 1998. Anguilla, BWI.
Workshop on Societal, Ethical, and Policy Dimensions of InformationTechnology, Computer Science Dept, Princeton University, Feb. 28 -Mar1. Contact:

ETHICOMP98 March 25-27,1998. Erasmus University The Netherlands.
Sponsored by the Centre for Computing and Social ReponsibilityContact:
1998 IEEE Symposium on IEEE Computer Society, Oakland, CA, May 3-6.
Sponsored by IEEE and IACR. Contact:
ACM Policy98. May 10-12, 1998. Washington, DC. Sponsored by ACM andUSACM.

1998 EPIC Cryptography and Privacy Conference. June 8, 1998.
Washington, DC. Sponsored by EPIC, Harvard University and LondonSchool of Economics. Contact:
INET'98, July 21-24, 1998, Geneva, Switzerland. Sponsored by InternetSociety.

Advances in Social Informatics and Information Systems, Baltimore, MD,
Aug. 14-16, 1998. Sponsored by the Association for InformationSystems Contact:
CPSR Annual Conference - Internet Governance. Boston, Mass, Oct.
10-11. Sponsored by CPSR. contact:
(Send calendar submissions to

Subscription Information

The EPIC Alert is a free biweekly publication of the ElectronicPrivacy Information Center. To subscribe or unsubscribe, send emailto with the subject: "subscribe" (no quotes) or"unsubscribe". A Web-based form is available at:
Back issues are available at:

About EPIC

The Electronic Privacy Information Center is a public interestresearch center in Washington, DC. It was established in 1994 tofocus public attention on emerging privacy issues such as the ClipperChip, the Digital Telephony proposal, national ID cards, medicalrecord privacy, and the collection and sale of personal information.
EPIC is sponsored by the Fund for Constitutional Government, anon-profit organization established in 1974 to protect civil libertiesand constitutional rights. EPIC publishes the EPIC Alert, pursuesFreedom of Information Act litigation, and conducts policy research.
For more information, e-mail, orwrite EPIC, 666 Pennsylvania Ave., SE, Suite 301, Washington, DC20003. +1 202 544 9240 (tel), +1 202 547 5482 (fax).

If you'd like to support the work of the Electronic PrivacyInformation Center, contributions are welcome and fullytax-deductible. Checks should be made out to "The Fund forConstitutional Government" and sent to EPIC, 666 Pennsylvania Ave.,
SE, Suite 301, Washington DC 20003. Individuals with First Virtualaccounts can donate at
Your contributions will help support Freedom of Information Act andFirst Amendment litigation, strong and effective advocacy for theright of privacy and efforts to oppose government regulation ofencryption and funding of the National Wiretap Plan.

Thank you for your support.

END EPIC Alert 5.02

WorldLII: Copyright Policy | Disclaimers | Privacy Policy | Feedback