WorldLII Home | Databases | WorldLII | Search | Feedback

EPIC Alert

You are here:  WorldLII >> Databases >> EPIC Alert >> 1998 >> [1998] EPICAlert 20

Database Search | Name Search | Recent Articles | Noteup | LawCite | Help

EPIC Alert 5.20 [1998] EPICAlert 20


Volume 5.20 December 17, 1998

Published by the Electronic Privacy Information Center (EPIC)
Washington, D.C.

Table of Contents

[1] EPIC Urges FCC to Reject FBI Surveillance Proposal
[2] Free Speech Groups Say "No" to Library Filters
[3] Appeals Court Upholds Drivers Privacy Protection Act
[4] FDIC Proposes New "Spy on Your Customer" Regulations
[5] CDC Issues Guidelines on HIV Tracking
[6] Australia Announces Privacy Law for Businesses
[7] EPIC Bookstore
[8] Upcoming Conferences and Events

[1] EPIC Urges FCC to Reject FBI Surveillance Proposal

EPIC, joined by the Electronic Frontier Foundation and the AmericanCivil Liberties Union, filed formal comments with the FederalCommunications Commission on December 14 urging the rejectionFBI-proposed technical requirements for wiretapping. The FBI proposals would -- among other things -- enable law enforcement to determine thelocation of individuals using cellular telephones. Also at issue is thesurveillance of "packet-mode" communications such as those that formthe core of the Internet. The comments were filed as part of the FCC'sproceeding on implementation of the controversial CommunicationsAssistance for Law Enforcement Act (CALEA).

In a "Further Notice of Proposed Rulemaking" released on November 5,
the Commission expressed its initial opinion that an interimFBI/industry technical standard (J-STD-025) on cellular phone"tracking" complies with CALEA. The FCC withheld judgment on thepacket-mode issue, but sided with the FBI on the so-called "punchlist"
issues of conference call wiretaps, the capture of signalinginformation and "post-cut-through digits," and other surveillancecapabilities.

The EPIC/EFF/ACLU comments note that "as advancing technology increasesthe ability of government agents to intercept private communications,
the potential threat to individual liberties grows." The groups alsourged the FCC to recognize that advanced telecommunications servicesdramatically multiply the number of private encounters that take placeelectronically and thus create the potential for pervasive governmentsurveillance of private activities that were never previously subjectto government monitoring. The law firm of Covington & Burling isproviding pro bono assistance in this case.

Excerpts from the comments:

Groups dedicated to the protection of privacy expressed grave reservations in 1994 about the potential for CALEA to be used improperly by law enforcement to expand the scope of electronic surveillance; with the filing of the DoJ/FBI Petition, these concerns were realized. Now, with the release of the Commission's Further Notice of Proposed Rulemaking, the privacy of our Nation's communications is seriously at risk. . . . In explaining its tentative conclusions, the Commission offers virtually no discussion of privacy interests. The Commission fails to explain how its tentative conclusions are consistent with the privacy protections embodied in CALEA, the Fourth Amendment and Title III of the 1968 Wiretap Act.

Privacy interests had no voice in drafting or adoption of the interim standard. Having been excluded from these earlier proceedings, it is imperative that privacy interests,
as directed by Congress, be given full consideration by the Commission. Accordingly, the Commission must confront the privacy issues raised by the interim standard and the "punchlist" items. . . . [T]he Commission should find that the industry's interim standard and the DoJ/FBI Petition, if granted, would frustrate the privacy interests of federal statutes and of the Fourth Amendment. The DoJ/FBI Petition seeks surveillance capabilities that far exceed the capabilities law enforcement has had in the past and is entitled to under the law.

Additional information on CALEA, including the full text of EPIC'scomments, is available at:

[2] Free Speech Groups Say "No" to Library Filters

Members of the Internet Free Expression Alliance (IFEA) submitted ajoint statement to the National Commission on Library and InformationScience (NCLIS) on December 14, urging the Library Commission to opposethe use of Internet filters in public libraries when it issues itsforthcoming report on "Kids and the Internet." EPIC joined with nineother organizations in recommending a "user education" approach to theissue of objectionable online content, rather than relying on clumsyand often ineffective filtering systems.

The joint statement cites the recent federal court decision in theLoudoun County case, which found that placing filters on all librarycomputers violated the First Amendment rights of adult patrons (seeEPIC Alert 5.18). The judge in that case (a former librarian) heldthat a government body like a library "cannot avoid its constitutionalobligation by contracting out its decisionmaking to a private entity"
such as a software vendor." The decision was issued two weeks afterNCLIS held a public hearing to discuss the use of Internet filteringsystems in libraries. The Library Commission has said the purpose ofits November hearing was "to hear firsthand from experts on theproblems and complex issues arising from what NCLIS Vice Chair MarthaGould described as the 'dark side of the Internet.'"

The NCLIS report on "Kids and the Internet: The Promise and the Perils"
is expected to be released as early as the first week of January.

The full text of the IFEA members' statement is available at:
More information on IFEA is available from:

[3] Appeals Court Upholds Drivers Privacy Protection Act

The Tenth Circuit Court of Appeals ruled on December 3 that the DriversPrivacy Protection Act of 1994, a law that requires states to limit thedisclosure of motor vehicle records, does not violate the TenthAmendment.

The state of Oklahoma had challenged the DPPA as an unconstitutionalinfringement on state sovereignty. The state relied on two priordecisions of the Supreme Court that invalidated federal legislationwhich "commandeers" state legislative and administrative processes. Thestate also cited a Fourth Circuit decision that held that the DPPA wasunconstitutional because it regulated only the activity of the statesand was not a law of "general application" that also covered privateparties.

In an opinion by Judge Bobby R. Baldock, the Tenth Circuit found that,
"the arguments against the DPPA are much less compelling than thearguments against the statutes at issue" in the two earlier cases. Thecourt said:

[T]he DPPA does not commandeer the state legislative process by requiring states to enact legislation regulating the disclosure of personal information from motor vehicle records.
Rather, the DPPA directly regulates the disclosure of such information and preempts contrary state law. If states do not wish to comply with those regulations, they may stop disseminating information in their motor vehicle records to the public.

The court further said:

In enacting the DPPA, Congress obviously curtailed states'
prerogative to make choices respecting the release of motor vehicle information. No one claims that Congress exceeded the scope of its power under the Commerce Clause in so doing. Nor has the Supreme Court ever suggested that Congress impermissibly invades areas reserved to the states under the Tenth Amendment because it exercises its preemptive authority under the Commerce Clause in a manner that displaces state law and policy to some extent. The DPPA simply requires states to make a choice, i.e. stop releasing personal information from state motor vehicle records to the public, or release such information consistent with the dictates of the DPPA.

The split between the Tenth Circuit and the Fourth Circuit now raisesthe prospect that the Supreme Court will be asked to decide theconstitutionality of the Drivers Privacy Protection Act.

Oklahoma v. United States, No 97-6389 (CA10, Dec. 3, 1998)
Condon v. Reno, [1998] USCA4 188; 155 F.3d 453 (CA4 1998)

[4] FDIC Proposes New "Spy on Your Customer" Regulations


The Federal Deposit Insurance Corporation (FDIC), Federal ReserveBoard, Office of the Comptroller of the Currency, and Office of ThriftSupervision, issued a proposed rule on December 7 to require banks toexpand monitoring of their customers activities and require banks toreport "suspicious" activities.

The new "Know Your Customer" rules are intended to require banks toverify the identity of their customers, determine the source of theirfunds, determine "normal and expected transactions," and reportsuspicious activities. Banks will require identification fromprospective customers which will include a document containing aphotograph and signature.

The new rules have already generated significant protests. Nearly 3,000comments from individuals opposing the new rules on privacy groundswere submitted after the proposed regulation was published. Manybankers are also concerned with the proposal: "We think the regulationis by its very nature, at odds with attempts to protect customerprivacy," said Paul Stock of the North Carolina Bankers Association.

The proposal raises numerous issues: lack of accountability, lack ofrecourse for customers -- no provision for customer review andcorrection of data; no restrictions on secondary use of the data.
Furthermore, the cost of establishing this program and monitoringaccounts are also likely to be passed on to the customer in new fees.

The FDIC acknowledges that information gathered, if misused, could"result in an invasion of a customer's privacy." While suggesting thatthe banks should "integrate comprehensive privacy practices" into theseprograms, they do not set out any privacy procedures or limitations onits use.

Comments on the proposed rule are due on March 8, 1998. The FDICproposal is available at:

[5] CDC Issues Guidelines on HIV Tracking

The Center for Disease Control and Prevention (CDC) issued newguidelines on December 10, 1998 recommending that health-care providersreport the names of individuals testing positive for the HIV virus.

The proposed rule recommends that all states begin tracking HIV casesand submit that information to the CDC. The proposed rule does notrequire using the names of individuals with HIV but does stronglyrecommend their use over a coded-name system. Many AIDS groups whosupport coded systems believe that the CDC will use the federal grantsto encourage name-based systems and that such systems discourage peoplefrom getting tested because of fears over discrimination. The proposedfederal guidelines would still permit anonymous HIV testing at clinicsthat do not provide treatment and the CDC "strongly recommends" thatstates that do not allow anonymous testing change their policies.

The CDC is also recommending additional security and confidentialitypractices. The CDC requires that information sent to the CDC isencrypted during transfer, kept in physically secure locations, thatthe information is limited and only used for HIV surveillance, thatidentifying information is not used for other purposes, that statesaudit usage and investigate breaches of confidentiality and punishviolations. CDC is also working with other groups to develop a modelstate law on confidentiality.

Comments on the proposed guidelines must be submitted by January 11,
1999. Comments can be submitted electronically to
More information on the guidelines can be found at:

[6] Australia Announces Privacy Law for Businesses

The Australian government announced on December 16 that it is planningto introduce new legislation to protect the privacy of individuals'
information held by companies. The Attorney-General, Daryl Williams,
and the Minister for Communications, Information Technology and theArts, Senator Richard Alston, announced that the law will be based oncreating enforceable industry codes.

The new legislation will be based on eight privacy principles developedby the Privacy Commissioner and roughly modeled after the 1980 OECDPrivacy Guidelines. The principles are Collection, Use and Disclosure,
Data Quality, Data Security, Openness, Access and Correction,
Identifiers, Anonymity, Transborder Data Flows, and SensitiveInformation. Industry will then create codes that will be legallyenforceable. Exceptions for employee records and journalists will beincluded.

The announcement marks another turnabout for the Australian governmenton privacy policy. In 1996, following the party's campaign promise, theAttorney General recommended adopting privacy laws for the privatesector but was overruled by the Prime Minister after heavy lobbying bythe banking industry. Since then, consumer and privacy advocates havebeen effective in keeping the issue alive and have been successful inadvancing state-level laws on privacy. Groups such as the AustralianChamber of Commerce and Industry and the Smart Card Forum expressedsupport for national legislation because of concerns about the EuropeanUnion's privacy directive limiting flows of data and the recentannouncement by the State of Victoria that if the federal governmentdid not adopt a law covering the private sector, it would enact oneitself.

Australia joins a growing number of non-EU countries that have movedrecently to develop comprehensive privacy legislation.

The Privacy Principles are available at:
More information on Australian privacy is available at:

[7] EPIC Bookstore

Browse the cyber shelves of good books on privacy, free speech, andcivil liberties at the Internet's only bookstore devoted to onlinefreedom. Shipping, discounts, and gift wrapping provided. And there'sstill time to purchase a gift for that special someone (or yourself!)
in time for Christmas. Here are some last minute gift ideas from EPIC:

** Books **

Private Matters: In Defense of the Personal Life by Janna Malamud Smith(Perseus Press, 1997)

"... both a personal rumination and a gorgeously written anecdotalcultural history of the emergence and the fragile sanctity of themodern creative self, and of the development of the right to close thedoor, pull the shade and shut out the gaze of the community." (The NewYork Times Book Review, Richard A. Shweder)

Speech Stories: How Free Can Speech Be? by Randall P. Bezanson (NewYork University Press, 232 pages 1998)

This book brings to life seven of the most significant free speechcases of the past twenty-five years. In each case, the Supreme Courtwas asked to consider the appropriate scope of the First Amendment. Butthe story behind the story is the story here. And before the footnotesand headnotes appeared in legal opinions, there were slogans onjackets, flags on fire, and names missing from pamphlets.

** Videos **

Brazil (DVD VHS)

A wildly imaginative Orwellian comedy about a future society in which acentral bureaucracy regulates everything via endless airducts, tubesand plumbing. A typographical error plunges an average man into aKafkaesque nightmare of bureaucracy and brainwashing. DeNiro plays aheroic non-union plumber unplugging the stopped-up pipes. Academy AwardNominations: Best (Original) Screenplay, Best Art Direction-SetDecoration. (Amazon review)

(United Artists, 1985) R
Gattaca (DVD)

In the 21st century, genetic engineering makes possible the creation ofbiologically superior human specimens ("valids"), who then grow topositions of power and prestige. Would-be astronaut Vincent, born theold-fashioned way, can only hope for a janitorial position at the eliteGattaca Corporation
until he buys the blood, urine, and identity of aperfect but paralyzed athlete. But a murder in the company's ranksattracts the attention of a detective who threatens to sniff Vincentout. A slick futuristic thriller. Academy Award Nominations
Best ArtDirection. Stars Ethan Hawke, Uma Thurman.

(Columbia/Tristar Studios, 1997) PG
These and other titles are available for purchase online at the EPICBookstore:

[8] Upcoming Conferences and Events

1999 RSA Data Security Conference. January 18-21, 1999. San Jose, CA.
Sponsored by RSA. Contact:

FC '99 Third Annual Conference on Financial Cryptography. February22-25, 1999. Anguilla, B.W.I. Contact:

Electronic Commerce and Privacy Legislation -- Building Trust andConfidence. February 23, 1999. Ottawa, Canada. Sponsored by RileyInformation Services.

Communitarian Summit. February 27-28, 1999. Arlington, Virginia.
1999 ASAP Western Regional Training Conference. February 28 - March 3,
1999. Portland, Oregon. Contact:

"CYBERSPACE 1999: Crime, Criminal Justice and the Internet". 29 & 30March 1999. York, UK. Sponsored by the British and Irish LegalEducation Technology Association (BILETA).

Computers, Freedom and Privacy (CFP) '99. April 6-8, 1999. Washington,
DC. Sponsored by ACM. Call for proposals available. Contact:

1999 EPIC Cryptography and Privacy Conference. June 7, 1999.
Washington, DC. Sponsored by EPIC. Contact:
Cryptography & International Protection of Human Rights (CIPHR'99).
9-13 August 1999. Lake Balaton, Hungary. Contact:

Subscription Information

The EPIC Alert is a free biweekly publication of the ElectronicPrivacy Information Center. To subscribe or unsubscribe, send emailto with the subject: "subscribe" (no quotes) or"unsubscribe". A Web-based form is available at:
Back issues are available at:

About EPIC

The Electronic Privacy Information Center is a public interest researchcenter in Washington, DC. It was established in 1994 to focus publicattention on emerging privacy issues such as the Clipper Chip, theDigital Telephony proposal, national ID cards, medical record privacy,
and the collection and sale of personal information. EPIC is sponsoredby the Fund for Constitutional Government, a non-profit organizationestablished in 1974 to protect civil liberties and constitutionalrights. EPIC publishes the EPIC Alert, pursues Freedom of InformationAct litigation, and conducts policy research. For more information,
e-mail, or write EPIC, 666Pennsylvania Ave., SE, Suite 301, Washington, DC 20003. +1 202 544 9240(tel), +1 202 547 5482 (fax).

If you'd like to support the work of the Electronic Privacy InformationCenter, contributions are welcome and fully tax-deductible. Checksshould be made out to "The Fund for Constitutional Government" and sentto EPIC, 666 Pennsylvania Ave., SE, Suite 301, Washington DC 20003.

Your contributions will help support Freedom of Information Act andFirst Amendment litigation, strong and effective advocacy for the rightof privacy and efforts to oppose government regulation of encryptionand expanding wiretapping powers.

Thank you for your support.

END EPIC Alert 5.20


WorldLII: Copyright Policy | Disclaimers | Privacy Policy | Feedback