WorldLII Home | Databases | WorldLII | Search | Feedback

EPIC Alert

You are here:  WorldLII >> Databases >> EPIC Alert >> 1998 >> [1998] EPICAlert 9

Database Search | Name Search | Recent Articles | Noteup | LawCite | Help

EPIC Alert 5.09 [1998] EPICAlert 9


Volume 5.09 June 25, 1998

Published by the Electronic Privacy Information Center (EPIC)
Washington, D.C.

Table of Contents

[1] EPIC Releases New Report on Online Privacy
[2] House Subcommittee Approves Mandatory Filtering Bill
[3] Copyright Legislation Vote Delayed
[4] House Approves Delay for Digital Wiretap Law
[5] Self-Regulation Gets Low Marks at Privacy Summit
[6] EPIC/PI Launches New Privacy Page
[7] Encryption Update
[8] Upcoming Conferences and Events

[1] EPIC Releases New Report on Online Privacy

On June 22, EPIC released its new report, "Surfer Beware II: Noticeis Not Enough." The new study shows that the Direct MarketingAssociation's (DMA) commitment to the protection of consumer privacyhas not filtered down to its own members. The report was released inadvance of the Commerce Department's privacy conference (see item 5,

As a staunch supporter of self-regulation, the DMA had announced inOctober 1997 a promise to require its members to comply with the tradegroup's privacy guidelines. However, nearly a year later, the EPICreport shows that little, if any, progress has been made. EPICsurveyed the new members of the DMA, since the DMA refuses to releasea full list of its members. Of the new members listed on the DMA website, all 40 that maintained web sites collected personal information.
Only eight had any semblance of a privacy notice. Furthermore, onlythree of those eight sites had adequate policies which satisfied theDMA's own requirements.

An earlier University of Massachusetts study, commissioned by the DMA,
found that only 38 percent of surveyed DMA members inform consumersthat they are collecting information about them, only 33 percent seekpermission to use this information, and only 26 percent tell consumershow this information is going to be used.

A March 1998 Businessweek/Harris poll found that 53 percent ofrespondents favor legislation to protect privacy on the Internet. Theresult is consistent with other polls that show support for privacylegislation.

EPIC's report can be found at:

[2] House Subcommittee Approves Mandatory Filtering Bill

The move toward mandatory Internet filtering continues in Congress.
Earlier this week, a House Appropriations subcommittee approved anamendment to the Health and Human Services budget that would requireall public libraries and public or private schools that receivefederal funds "for the acquisition of any computer that is accessibleto minors and that has access to the Internet" to install filters. Tocomply, schools and libraries would need to use software that is"designed to prevent minors from obtaining access to any obsceneinformation." The adequacy of such software would be determined bythe governor of each state.

The filtering amendment, introduced by Rep. Ernest Istook (R-OK), hasa broader application than the "Internet School Filtering Act" nowpending in the Senate. That bill, which the Commerce Committeeapproved on March 12, would require the use of filtering software as acondition of receiving federal "e-rate" Internet subsidies. TheIstook amendment would apply to the recipients of any federal fundsused for the acquisition of computers.

EPIC is supporting an online campaign to raise Congressional awarenessof the implications of Internet filtering, which a current emphasis onthe Senate. We are continuing to monitor developments in the House.
Faxes can be sent -- free of charge -- to your Senators by visitingthe EPIC Free Speech Action page:

Additional information on Internet filtering is also available at theInternet Free Expression Alliance website:

[3] Copyright Legislation Vote Delayed

The House Commerce Committee vote on copyright legislation scheduledfor June 24 has been postponed until mid-July due to remainingcontroversy over fair use and privacy. The Subcommittee onTelecommunications approved the legislation on June 18. Thelegislation had previously been approved by the Senate and the HouseJudiciary Committee without amendments.

One of the more controversial provisions is a complete ban on anyattempt to circumvent a technological protection measure that protectscopyrighted material. During the subcommittee vote, Rep. Ed Markey(D-MA) introduced an amendment that allows for circumvention toprotect personal privacy. The subcommittee approved that amendment.
Also, an exception was included to allow cryptographers to circumventso they may continue to pursue research and develop encryption tools.

Language that would preserve the right of fair use in the digital ageremains controversial. Rep. Thomas Bliley (R-VA), Chair of theCommerce Committee, has urged all parties to find a solution that bothprotects the rights of authors to protect their work and the rights ofusers to fair uses of the work.

For more information see the USACM Copyright page at:

[4] House Approves Delay for Digital Wiretap Law

The House of Representatives approved an amendment to the JusticeDepartment Authorization bill on June 22 that delays the implement-
ation of the controversial Communications Assistance for LawEnforcement Act (CALEA) for two more years. The amendment wasintroduced by Rep. Zoe Lofgren (D-CA) and garnered bipartisan support.

Section 204 of H.R. 3303 delays the deadline by which telecommuni-
cations companies must make their equipment compliant under CALEA fromOctober 1998 until October 2000. Several Representatives spoke on theHouse floor, recognizing that delays in developing the wiretapstandards would make it impossible for telecommunications companies tocomply with CALEA by the October deadline.

The bill also modifies CALEA to allow telecommunications companies toreceive reimbursement for modifying existing equipment to be CALEAcompliant. Previously, to be eligible for reimbursement, theequipment had to be in place before 1995. The bill moves the deadlineforward until 2000.

More information on wiretapping and CALEA is available at:

[5] Self-Regulation Gets Low Marks at Privacy Summit

On June 23 and 24, the U.S. Department of Commerce held a publicmeeting on Internet Privacy in Washington, D.C. The two dayconference was designed to assess the effectiveness of the privatesector's implementation of the Clinton Administration's call forself-regulation of privacy on the Internet. Academics, industryrepresentatives, privacy advocates, public interest groups, andWashington policymakers were invited to demonstrate and to debate theefficacy of self-regulation. Over the two days various methods wereexamined for privacy protection, such as certification programs,
technological aids, and public education.

In an effort to stave off government regulation, industry groupsunveiled their own eleventh-hour privacy plans. On June 22, acoalition of some 50 companies and business associations introducedthe Online Privacy Alliance, whereby member companies pledge to adoptprivacy policies according to the Alliance's guidelines. On the sameday, the Better Business Bureau announced its own plans to launch aprivacy certification program that would allow web sites to displaythe BBB's seal of approval. These groups and others were invited tostrut their stuff before a panel of privacy experts, including MarcRotenberg of EPIC. Under questioning from the panel, it was shownthat none of the proposals had any means of effecting compliance, norany means for redressing consumer grievances. Each of the privacyprograms received low grades from the panel for adequate protection ofprivacy. The most glaring omission of each was lack of enforcementmechanisms or of any method for consumers to access their own data.

Many of the solutions offered put the onus of privacy protection uponthe consumer and not businesses. Various technological tools weredemonstrated that would help the consumer to protect their privacywhile browsing, such as P3P, filters and anonymizers. But thetechnology panel admitted that technology could not be a replacementfor privacy policies, but merely an aid for promoting such policies.
Self-regulation advocates by and large favored consumer education andthe conference was rife with consumer-targeted self-help brochures.

What was clear from the conference is that a patchwork of "evolving"
self-regulatory programs, with little or no means for enforcement fellshort of the Department of Commerce's hopes for an industry basedsolution. Consumer groups and privacy advocates pointed out that themarket fails to provide incentives for online industries to adapteffective privacy policies, and that proposing guidelines alone doesnot provide the safeguards that legislation would provide. CommerceSecretary William M. Daley expressed his disappointment at the poorshowing of effective self-regulation: "Articulating principles isn'tadequate. There has to a way to enforce this [self-regulation] thatthe consumer can trust, or this won't work -- there has to be somemeaningful consequences to companies that don't comply with privacyrules." Consumer and privacy groups believe it is clear that industrycannot be relied upon to regulate itself, and that the time has comefor the government to step in and protect privacy online.

More information on privacy policy is available at:

[6] Encryption Update

* The month of June has been busy for encryption policy. Supportersof the SAFE and E-PRIVACY bills are renewing their efforts to pass themeasures. However, there are less than 30 working days left in theCongressional session this year, so its appears unlikely that anylegislative efforts will succeed.

* Nearly three hundred people attended the 1998 EPIC Cryptography andPrivacy Conference on June 6. The Conference was keynoted by SenatorConrad Burns (R-MT) and Congressman Bob Goodlatte (R-VA) and includedUndersecretary of Commerce for Export Administration William Reinschand Principal Associate Attorney General Robert Litt. Speakers alsoincluded representatives from the governments of Canada, the UnitedKingdom and Germany.

* On June 7, the CEOs of several computer companies sat down with FBIDirector Louis Freeh and Attorney General Janet Reno to discussencryption policy. Following the meeting, the participants declinedto discuss what had been said but it appears that no major deals weremade. "What has happened is that the ability to keep informationprivate has increased," Microsoft chief Bill Gates said. "Lawenforcement has to accept that. Can the genie be put back in thebottle? The answer is no."

* Forty-three House Democrats, including House Democratic LeaderRichard Gephardt, Democratic Whip David Bonior and Rep. Zoe Lofgrensent a letter on June 24 asking Speaker Newt Gingrich to scheduleaction on encryption export relief legislation prior to the July 4recess. Gephardt said, "We ask the Republican leaders to makeresolution of this issue a top priority. We are willing to work withall sides for workable export policies that prevent crime, promoteexports and national security and secure the future of the informationage."

* Only two years after describing the Skipjack encryption algorithm ashighly classified and stating that its release would pose a seriousdanger to national security, the National Security Agency has changedcourse. NSA publicly released the algorithm --
the heart of theinfamous Clipper Chip and Fortezza Card -- on June 23.

More information on encryption policy is available at:

[7] EPIC/PI Launch New Privacy Web Site

EPIC and Privacy International have launched The Privacy Page, acompletely redesigned online privacy resource located In addition to a regularly updated news archive onprivacy issues, the site features links to privacy tools, privacyresources, international privacy sites, consumer information, kids andprivacy, and the EPIC privacy bookstore. StraightScoop, anotherweekly feature, presents an opinionated summary of the main issues inthe current online privacy debate.

The Privacy Page is available at:

[8] Upcoming Conferences and Events

INET'98, July 21-24, 1998, Geneva, Switzerland. Sponsored by InternetSociety. Contact:

Advances in Social Informatics and Information Systems, Baltimore, MD,
Aug. 14-16, 1998. Sponsored by the Association for InformationSystems Contact:
Telecommunications Policy Research Conference. October 3-5, 1998Alexandria, Virginia. Contact:

CPSR Annual Conference - Internet Governance. Boston, Mass, Oct.
10-11. Sponsored by CPSR. contact:
PDC 98 - the Participatory Design Conference, "BroadeningParticipation" November 12-14, 1998. Seattle, Washington. Sponsoredby Computer Professionals for Social Responsibility in cooperationwith ACM and CSCW 98. Contact:
Computer Ethics. Philosophical Enquiry 98 (CEPE'98). 14-15 December1998 London, UK. Sponsored by ACMSIGCAS and London School ofEconomics.
1999 RSA Data Security Conference. San Jose, California, January18-21, 1999. Sponsored by RSA. Contact:

FC '99 Third Annual Conference on Financial Cryptography, Anguilla,
B.W.I., February 22-25 1999 (submissions due: September 25, 1998).

(Send calendar submissions to

Subscription Information

The EPIC Alert is a free biweekly publication of the ElectronicPrivacy Information Center. To subscribe or unsubscribe, send emailto with the subject: "subscribe" (no quotes) or"unsubscribe". A Web-based form is available at:
Back issues are available at:

About EPIC

The Electronic Privacy Information Center is a public interestresearch center in Washington, DC. It was established in 1994 tofocus public attention on emerging privacy issues such as the ClipperChip, the Digital Telephony proposal, national ID cards, medicalrecord privacy, and the collection and sale of personal information.
EPIC is sponsored by the Fund for Constitutional Government, anon-profit organization established in 1974 to protect civil libertiesand constitutional rights. EPIC publishes the EPIC Alert, pursuesFreedom of Information Act litigation, and conducts policy research.
For more information, e-mail, orwrite EPIC, 666 Pennsylvania Ave., SE, Suite 301, Washington, DC20003. +1 202 544 9240 (tel), +1 202 547 5482 (fax).

If you'd like to support the work of the Electronic PrivacyInformation Center, contributions are welcome and fullytax-deductible. Checks should be made out to "The Fund forConstitutional Government" and sent to EPIC, 666 Pennsylvania Ave.,
SE, Suite 301, Washington DC 20003. Individuals with First Virtualaccounts can donate at
Your contributions will help support Freedom of Information Act andFirst Amendment litigation, strong and effective advocacy for theright of privacy and efforts to oppose government regulation ofencryption and funding of the digital wiretap law.

Thank you for your support.

END EPIC Alert 5.09

WorldLII: Copyright Policy | Disclaimers | Privacy Policy | Feedback