WorldLII Home | Databases | WorldLII | Search | Feedback

EPIC Alert

You are here:  WorldLII >> Databases >> EPIC Alert >> 1998 >> [1998] EPICAlert 4

Database Search | Name Search | Recent Articles | Noteup | LawCite | Help

EPIC Alert 5.04 [1998] EPICAlert 4


Volume 5.04 March 30, 1998

Published by the Electronic Privacy Information Center (EPIC)
Washington, D.C.

Table of Contents

[1] Congress Holds Internet Privacy Hearing
[2] U.S. Official Concedes Flaws in Key Recovery Crypto
[3] Wiretapping Law Hits Impasse, FBI Calls for New Powers
[4] Senate Committee Approves Net Censorship Bills
[5] Starr's Bookstore Subpoena Incites Controversy
[6] New Report Finds Credit Errors Common
[7] Congressional Actions, New Bills and Upcoming Hearings
[8] Upcoming Conferences and Events

[1] Congress Holds Internet Privacy Hearing

A Subcommittee of the House Judiciary Committee held a hearing onMarch 26 to examine issues relating to communications privacy and theInternet.

Commerce Undersecretary David Aaron testified about recent effortswithin the Administration to develop privacy safeguards for theInternet. The Administration has come under fire from both itstrading partners in Europe and from American consumers for failing topropose new privacy standards. Aaron told the subcommittee that theU.S. is looking at a combination of ways to protect privacy, includinglaws, codes, technical means, and self-regulation. He avoideddiscussion of the encryption issue, until he was asked a series ofquestions by Rep. Bob Goodlatte (R-VA), sponsor of legislation thatwould revise current export controls on encryption.

EPIC Executive Director Marc Rotenberg told the subcommittee thatcurrent U.S. privacy policy is backward -- "We place restrictions onthe development of new technologies to protect privacy, where freemarket solutions would be preferable. And we leave privacy problems tothe market, where government involvement is required."

Rep. Goodlatte engaged in a lengthy exchange with Rotenberg about theproblems with current controls on encryption. Rotenberg challenged anearlier statement of former Ambassador Aaron that encryption is notvery important for the Internet. "Today millions of Internet usersrely on encryption to protect the privacy of their electronictransactions. Ambassador Aaron is simply wrong," said Rotenberg.

Also testifying were Federal Trade Commission official David Medine,
Indiana Law School professor Fred Cate and Center for Democracy andTechnology staff counsel Deidre Mulligan. Medine discussed currentFTC efforts to evaluate privacy policies on the Internet. Cate saidthat legislation was not necessary at this time. Mulligan said thatthe United States needs a privacy agency.

Chairman Howard Coble (R-NC) suggested at the end of the hearing thatit was unlikely the subcommittee would produce legislation before theend of the session. But he indicated that some Congressional actionwould be necessary and that future hearing would be held. Reps. BarneyFrank (D-MA) and William Delahunt (D-MA) also expressed interest infurther hearings.

Information on Internet privacy, including testimony from the hearing,
is available at:

[2] U.S. Official Concedes Flaws in Key Recovery Crypto

A high-level government document obtained by EPIC shows that a topU.S. official acknowledged more than a year ago that the Internetprivacy technique championed by the Clinton Administration is "morecostly and less efficient" than alternative methods that thegovernment seeks to suppress. In a November 1996 memorandum to othergovernment officials, William A. Reinsch, the Commerce Department'sUnder Secretary for Export Administration, discussed theAdministration's efforts to promote "escrowed" or "recoverable"
encryption techniques in overseas markets. Such techniques enablegovernment agents to unscramble encrypted information and they formthe cornerstone of current U.S. encryption policy.

After noting that government regulations permit the export of non-
escrowed encryption products only to "safe end-users" such as foreignpolice and security agencies, Reinsch recognized the inferiority ofthe Administration's favored technology:

Police forces are reluctant to use "escrowed" encryption products (such as radios in patrol cars). They are more costly and less efficient than non-escrowed products.
There can be long gaps in reception due to the escrow features -- sometimes as long as a ten second pause. Our own police do not use recoverable encryption products;
they buy the same non-escrowable products used by their counterparts in Europe and Japan.

Ironically, Reinsch's concession is contained in a memorandum thatdiscusses the Administration's strategy to "help the market transitionfrom non-recoverable products to recoverable products." EPIC and othercritics of current U.S. encryption policy have long maintained that"key escrow" and "key recovery" approaches compromise the security ofprivate information by providing "backdoor" access to encrypted data.

The Reinsch memo was released in response to a Freedom of InformationAct request EPIC submitted to the Department of State concerning theinternational activities of former U.S. "crypto czar" David Aaron.
That request is the subject of a pending federal lawsuit EPICinitiated last year.

The Reinsch memorandum is available at:

[3] Wiretapping Law Hits Impasse, FBI Calls for New Powers

The Federal Bureau of Investigation on March 27 asked the FederalCommunications Commission (FCC) to step in and forcetelecommunications carriers and equipment manufacturers to adoptFBI-proposed standards for implementing the Communications Assistancefor Law Enforcement Act of 1994 (CALEA). The FBI request followsseveral weeks of closed meetings with industry officials which failedto produce an agreement after four years of controversy. The industryhas been resisting Bureau demands to include additional surveillancecapabilities in new technical standards developed under CALEA.

On March 12, the FBI issued its "final" rules on capacity requirementsfor CALEA. In its public notice, the Bureau is demanding that it havethe ability to monitor over 50,000 phone lines simultaneously. Inmany areas of the country, the FBI is seeking increases in capacity ofnearly 300 percent. Under CALEA, the capacity notice was due inOctober 1995. Two previous notices were widely criticized forincreasing the number of lines that would be subject to surveillance(See EPIC Alert 4.02). The final draft retains the controversialincreases and rejects industry criticisms of the methodology used toarrive at the final requirements.

More information on wiretapping and CALEA is available at:

[4] Senate Committee Approves Net Censorship Bills

The Senate Commerce Committee approved two Internet censorship billson March 12. The "Internet School Filtering Act" (S. 1619), sponsoredby Sen. John McCain (R-AZ), would require schools and librariesreceiving federal "e-rate" Internet subsidies to certify that they areusing filtering software designed to prevent minors from accessing"inappropriate" material. The Committee deferred action on anamendment by Sen. Conrad Burns (R-MT) that would require schools andlibraries to implement an "acceptable use policy" for Internet accessbut not necessarily mandate filters.

The McCain filtering bill has been criticized by EPIC and othermembers of the Internet Free Expression Alliance (IFEA). The AmericanLibrary Association and the National Education Association also opposethe legislation. In a statement submitted to the Commerce Committee,
NEA noted that "various studies have shown that blocking software andfiltering software have serious technical limitations and provide afalse sense of security." The teachers' organization cited EPIC's"Faulty Filters" report as demonstrating the flaws in the filteringapproach.

The Commerce Committee also approved S. 1482, sponsored by Sen. DanCoats (R-IN). The Coats bill -- which has been dubbed "CDA II" --
would criminalize the "commercial" distribution on websites ofmaterial that is "harmful to minors."

Full Senate consideration of the two bills has not yet been scheduled.

More information on Internet censorship legislation is available atthe IFEA website:

[5] Starr's Bookstore Subpoena Incites Controversy

Independent Counsel Kenneth Starr last week issued a subpoena for therecords of book purchases made by former White House intern MonicaLewinsky from a Washington bookstore. Although the store's policy isnot to reveal information about individual customers' purchases, itapparently will produce records of a few of Lewinsky's transactionsthat were specifically identified by the Office of IndependentCounsel.

The New York Times quoted the bookstore's attorney as saying that therecords of "fewer than six" check or credit card transactions datingfrom November 1995 will be provided. The original subpoena called forthe production of "all documents and things referring or relating toany purchase by Monica Lewinsky," according to the attorney.

The American Booksellers Foundation for Free Expression condemnedStarr's action, saying the "subpoena of the records of an individual'sbook purchases has serious First Amendment consequences." Accordingto Christopher Finan, president of the Foundation, "If the governmentcan find out what books we are buying, we will no longer feel free tobuy the books we want. That would be the death of free speech."

A similar controversy over the rental records of video store customerssurfaced during the confirmation hearing for Supreme Court nomineeRobert Bork. In the wake of the Bork video disclosures, Congressenacted the Video Privacy Act of 1988, which protects theconfidentiality of video rental records.

[6] New Report Finds Credit Errors Common

The U.S. Public Interest Research Group (PIRG) has released a reportfinding that nearly a third of credit reports contain serious errors.
The report, "Mistakes Do Happen: Credit Report Errors Mean ConsumersLose," was released on March 12.

Major Findings of the Report:

Twenty-nine percent (29%) of the credit reports contained seriouserrors -- false delinquencies or accounts that did not belong to theconsumer -- that could result in the denial of credit;

Forty-one percent (41%) of the credit reports contained personaldemographic identifying information that was misspelled,
long-outdated, belonged to a stranger, or was otherwise incorrect;

Twenty percent (20%) of the credit reports were missing majorcredit, loan, mortgage, or other consumer accounts that demonstratethe creditworthiness of the consumer;

Twenty-six percent (26%) of the credit reports contained creditaccounts that had been closed by the consumer but incorrectly remainedlisted as open;

Altogether, 70% of the credit reports contained either seriouserrors or other mistakes of some kind.

The report also found that it was difficult for consumers to obtaintheir reports. Fourteen percent of consumers were forced to call atleast four times after receiving busy signals or had to write a letterin order to receive their report; twelve percent of the consumerswaited two weeks or longer to receive their report once they finishedrequesting it. Overall, fifteen percent of consumers who attempted toparticipate in the survey either made at least three phone calls andnever got through or requested their reports but never received them.

The report is available at:

[7] New Congressional Bills and Upcoming Hearings


* House of Representatives *

March 31, 1998. Subcommittee on Basic Research and Subcommittee onTechnology (Joint Hearing) (Oversight) . Domain Names Systems: WhereDo We Go From Here? 2318 Rayburn HOB. 2:00 P.M.

April 1, 1998. Committee on Banking. General Oversight Subcommittee,
Hearing on the Operations of the Department of the Treasury's,
Financial Crimes Enforcement Network ("FinCEN"). 2128 Rayburn. 1:00PM
* Senate *

April 1, 1998. Banking, Housing, and Urban Affairs. FinancialServices and Technology Subcommittee. Hearings to examine how identitytheft contributes to electronic crime. SD-538. 10:00 a.m.


H.R. 3321. CALEA Implementation Amendments of 1998. Extends deadlineof Communications Assistance for Law Enforcement Act for telephonecompanies to make wiretapping easier until 2000. Introduced by Barr(R-GA) on March 4, 1998. Referred to the Committee on the Judiciary.

H.R. 3442. E-Rate Policy and Child Protection Act of 1998. Requiresschools and libraries that receive universal service support fordiscounted telecommunications services to establish policies governingaccess to material that is inappropriate for children. Introduced byMarkey (D-MA) on March 11, 1998. Referred to the Committee onCommerce.

H.R. 3472. Digital Signature and Electronic Authentication Law (SEAL)
of 1998. Allows financial institutions to use digital signatures.
Introduced by Cook (R-UT) on March 17. Referred to the Committee onBanking and Financial Services.

H.R. 3494. Child Protection and Sexual Predator Punishment Act of1998. Introduced by McCollum (R-FL). Criminalizes sending sexualmaterial to a minor. Minimum prison term for using computer is 3years. Allows use of subpoenas to obtain evidence instead of warrants.

H.R. 3551. Identity Piracy Act of 1998. Creates new federal penaltyfor identity theft. Introduced by Delauro (D-CT) on March 25, 1998.
Referred to the Committee on the Judiciary, and in addition to theCommittee on Transportation and Infrastructure.

H.R. 3555. Driver Record Information Verification System Act. RequiresSecretary of transportation to conduct study of creation of NationalDrivers database. Examines use of SSN as identification number.
Introduced by Moran (D-VA) on March 25, 1998. Referred to theCommittee on Transportation and Infrastructure.

S. 1721. To provide for the Attorney General of the United States todevelop guidelines for Federal prosecutors to protect familial privacyand communications between parents and their children. Introduced byLeahy (D-VT) on March 6. Referred to the Committee on the Judiciary.

S. 1737. Taxpayer Confidentiality Act of 1998. Createsaccountant-client privilege. Introduced by Mack (R-FL) on March 10,
1998. Referred to the Committee on Finance.

S. 1865. Safeguard of New Employee Information Act of 1998. Createspenalties for abuse of information in New Hires Database. Requiresdata be deleted after 24 months. Introduced by Baucus (D-MT) on March26. Referred to the Committee on Finance.

[8] Upcoming Conferences and Events

The Internet Invasion? A Debate about the Pervasiveness of InternetSpeech Washington, DC. April 2, 1998. Sponsored by the Cato Institute.
1998 IEEE Symposium on Security. IEEE Computer Society, Oakland, CA,
May 3-6. Sponsored by IEEE and IACR. Contact:
ACM Policy98. May 10-12, 1998. Washington, DC. Sponsored by ACM andUSACM.

1998 EPIC Cryptography and Privacy Conference. June 8, 1998.
Washington, DC. Sponsored by EPIC, Harvard University and LondonSchool of Economics. Contact:

INET'98, July 21-24, 1998, Geneva, Switzerland. Sponsored by InternetSociety. Contact:

Advances in Social Informatics and Information Systems, Baltimore, MD,
Aug. 14-16, 1998. Sponsored by the Association for InformationSystems Contact:
CPSR Annual Conference - Internet Governance. Boston, Mass, Oct.
10-11. Sponsored by CPSR. contact:
1999 RSA Data Security Conference. San Jose, California, January 18-21,
1999. Sponsored by RSA. Contact:

(Send calendar submissions to

Subscription Information

The EPIC Alert is a free biweekly publication of the ElectronicPrivacy Information Center. To subscribe or unsubscribe, send emailto with the subject: "subscribe" (no quotes) or"unsubscribe". A Web-based form is available at:
Back issues are available at:

About EPIC

The Electronic Privacy Information Center is a public interestresearch center in Washington, DC. It was established in 1994 tofocus public attention on emerging privacy issues such as the ClipperChip, the Digital Telephony proposal, national ID cards, medicalrecord privacy, and the collection and sale of personal information.
EPIC is sponsored by the Fund for Constitutional Government, anon-profit organization established in 1974 to protect civil libertiesand constitutional rights. EPIC publishes the EPIC Alert, pursuesFreedom of Information Act litigation, and conducts policy research.
For more information, e-mail, orwrite EPIC, 666 Pennsylvania Ave., SE, Suite 301, Washington, DC20003. +1 202 544 9240 (tel), +1 202 547 5482 (fax).

If you'd like to support the work of the Electronic PrivacyInformation Center, contributions are welcome and fullytax-deductible. Checks should be made out to "The Fund forConstitutional Government" and sent to EPIC, 666 Pennsylvania Ave.,
SE, Suite 301, Washington DC 20003. Individuals with First Virtualaccounts can donate at
Your contributions will help support Freedom of Information Act andFirst Amendment litigation, strong and effective advocacy for theright of privacy and efforts to oppose government regulation ofencryption and funding of the National Wiretap Plan.

Thank you for your support.

END EPIC Alert 5.04

WorldLII: Copyright Policy | Disclaimers | Privacy Policy | Feedback