WorldLII Home | Databases | WorldLII | Search | Feedback

EPIC Alert

You are here:  WorldLII >> Databases >> EPIC Alert >> 1999 >> [1999] EPICAlert 1

Database Search | Name Search | Recent Articles | Noteup | LawCite | Help

EPIC Alert 6.01 [1999] EPICAlert 1


Volume 6.01 January 20, 1999

Published by the Electronic Privacy Information Center (EPIC)
Washington, D.C.

Table of Contents

[1] Internet Censorship Goes on Trial (Again)

[2] Crypto Update: US Issues New Export Rules, French Drop Restrictions
[3] Supreme Court Rules on Anonymity
[4] EU Releases Report on Privacy Adequacy
[5] GAO Finds IRS Security Lacking
[6] EPIC Bookstore
[7] EPIC Bill-Track: New Bills in Congress
[8] Upcoming Conferences and Events

[1] Internet Censorship Goes on Trial (Again)

In the second challenge to a federal Internet censorship law, athree-day hearing began today in United States DistrictCourt in Philadelphia. At issue is the constitutionality of the ChildOnline Protection Act (COPA), the statutory successor to theCommunications Decency Act (CDA), which the Supreme Court struck downin June 1997. The lawsuit was filed by the American Civil LibertiesUnion, the Electronic Privacy Information Center and the ElectronicFrontier Foundation as co-counsel on behalf of 17 individuals andorganizations.

During the hearing, the plaintiffs will present the testimony of sevenwitnesses, including Vanderbilt University Prof. Donna Hoffman; DanFarmer, network security director for Earthlink online service; CNETVice President Christopher Barr (representing the Internet ContentCoalition); and Los Angeles Times columnist Larry Magid.

On November 19, a U.S. District Judge Lowell A. Reed issued atemporary restraining order (TRO) against enforcement of COPA, whichimposes criminal penalties against any "commercial" website that makesmaterial that is "harmful to minors" available to anyone under 17years of age. The TRO remains in effect until February 1, by whichtime the court will decide whether to issue a preliminary injunctionagainst the law.

The COPA lawsuit -- ACLU v. Reno II -- is the latest legal challengeto Internet censorship laws. In June 1996, the same federal court inPhiladelphia struck down the CDA, a decision unanimously upheld by theU.S. Supreme Court. In enacting COPA, Congressional supportersclaimed that the new law corrected the constitutional defects of theCDA. Several federal courts have also found state laws seeking toregulate online content unconstitutional.

Complete information on the legal challenge, including daily updatesfrom the courthouse in Philadelphia, will be available at:

[2] Crypto Update: US Issues New Export Rules, French Drop Restrictions

* US Revises Export Controls *

The US Department of Commerce issued new interim regulations onon encryption export controls on December 31, 1998. The new regulations,
which were announced in September, are targeted towardslarge corporations. Restrictions on the exports of strong encryptionused for private, non-commerical reasons is still strictly limited.
The new rules:

Allow export of software-based 56-bits encryption programs including DES. On January 19, a cracking contest sponsored by RSA broke DES in 21 hours.

Allow exports of products of any key length to insurance companies,
medical end-users, and online merchants (only for buying and selling goods) under the current exception available for banks.

Allows export to US subsidiaries for "internal company proprietary use" and provides for favorable rules for exporting to partners of American companies.

Removes some of the licensing requirements on export of key escrow/key recovery systems.

Comments on the rules are due March 1, 1998. An copy of the rules isavailable at:

* France Announces Major Crypto Liberalization *

French Prime Minister Lionel Jospin announced on January 19 that theFrench government is relaxing its current restrictive policy onencryption. Under the new policy, a key escrow system of "Trusted ThirdParties" will no longer be required for domestic use. The 1996 lawrequiring TTPs will not be implemented. Users will be able to use up to128-bit encryption without restrictions until a new law whicheliminates all restrictions is enacted. However, technical capabilitiesfor investigations will be expanded.

The announcement is available in French at:

[3] Supreme Court Rules on Anonymity

On January 12, 1999 the Supreme Court held that Colorado's ballotaccess regulations unjustifiably inhibited the circulation ofballot-initiative petitions. Of particular interest to those followingprivacy issues, the Supreme Court upheld the ruling of the TenthCircuit that the requirement of petition circulators to display theirnames on a badge violated the First Amendment.

A lower court had found that compelling circulators to wearidentification badges inhibited participation in the petition process.
The Supreme Court agreed. Writing for the majority, Justice Ginsburgsaid "The injury to speech is heightened for the petition circulatorbecause the badge requirement compels personal identification at theprecise moment when the circulators interest in anonymity is greatest."

The Supreme Court said that the availability of a signed affidavitsatisfied the state's interest in enabling the public to identify andthe state to apprehend petition circulators who engage in misconduct.

The Court's opinion in Buckley v. American Constitutional LawFoundation follows the 1995 decision in McIntyre v. Ohio ElectionCommission in which the Supreme Court held that the state of Ohio couldnot ban the distribution of anonymous campaign literature.

Justice Ginsburg delivered the opinion of the Court. Justice Thomasconcurred in the judgement. Justice O'Connor, joined by Justice Breyer,
concurred in part and dissented in part. Justice Rehnquist dissented.


Web-accessible at:

[4] EU Releases Report on Privacy Adequacy

The European Union has released a new report on transborder data flowsof personal information and the adequacy of protections in non-EUcountries. The report "Application of a methodology designed to assessthe adequacy of the level of protection of individuals with regard toprocessing personal data: test of the method of several categories oftransfer" was written by four international experts in privacy law:
Charles Raab, Colin Bennett, Robert Gellman, and Nigel Waters. Itreviews the flow of information relating to human resources, airlinereservation systems, medical and epidemiological data, electroniccommerce and sub-contracted data processing in six countries -
Australia, Canada, Hong Kong, Japan, New Zealand and the UnitedStates.

The report found that the US companies in most of those industries donot meet fair information practices. There is almost no applicablelaws in the US that govern privacy protections in those areas.
What few protections are generally available are based oninternal practices of companies or industry guidelines based onself-regulation which may not be fully applied. Enforcement is also amajor problem, because the US lacks any official body which can provideoversight.

The report highlights the problems US residents continue to have inprotecting their privacy. While the US Department of Commercecontinues to lobby the EU not to enforce its Privacy Directiverequirements, privacy protection in the US languishes. The EU is likelyto take this is consideration in its talks with the US.

The full report in PDF format (218 pages) is available at:

[5] GAO Finds IRS Security Lacking

The General Accounting Office (GAO) issued a report on January 14finding that the IRS has made progress but has not yet fullyimplemented effective security controls on its systems that containsensitive taxpayer information.

The GAO report on IRS Systems Security was sent on December 141998 to Senator Fred Thompson, chairman of the Senate GovernmentAffairs Committee. The watchdog congressional agency concluded thatsecurity weaknesses at the "expose taxpayers to an increased risk ofloss and damages due to identity theft and other financial crimesresulting from the unauthorized disclosure and use of information theyprovide to IRS." The GAO audit of the IRS was prompted by revelationsthat the tax collection agency failed to protect sensitive personaltax information from the prying eyes of private investigators,
unscrupulous IRS employees, and plain curiosity seekers.

The GAO cited cases in which unauthorized IRS employees could change,
alter, or delete taxpayer data. Also, tapes and diskettes containingsensitive taxpayer information were not overwritten prior to reuse ordisposal and several hundred are missing. This weakness could allowunauthorized access to information remaining on the magnetic media. TheGAO also hit IRS for failing to encrypt links transmitting sensitivetaxpayer information. This has been a common problem for tax payerswishing to electronically file tax data with the IRS but have beenstymied by government attempts to mandate the use of unpopular keyescrow/recovery programs within civilian agencies like the IRS.

The full report "IRS System Security: Although SignificantImprovements Made, Tax Processing Operations and Data Still atSerious Risk" is available at:

[6] EPIC Bookstore

In light of the COPA hearing in Philadelphia this week, in this Alert,
the EPIC Bookstore focuses on free speech. Browse our cyber shelvesfor the titles below, and many other great books on free speech,
privacy, and civil liberties at the Internet's only bookstore devotedto online freedom. Shipping, discounts, and gift-wrapping provided.

** Books **

The Irony of Free Speech by Owen M. Fiss
While lawmakers, both liberal and conservative, argue that the state'sattempts to limit everything from hate speech to indecency on theInternet and contributions to political campaigns confines individualfreedom, Owen M. Fiss, a Sterling Professor at Yale Law Schoolbelieves that censorship, to some degree, enhances freedom bybroadening "the terms of public discussion." Victims of hate speechand pornography, he contends, are often silenced out of fear or lowself-worth, inhibiting their full participation not only indeliberation but also in life. Silencing the voices of some in orderto hear the voices of others, he maintains, is often the only way toreinforce public debate.

Fighting Words: Individuals, Communities, and Liberties of Speech byKent Greenawalt
Should "hate speech" be made a criminal offense, or does the FirstAmendment oblige Americans to permit the use of epithets directedagainst a person's race, religion, ethnic origin, gender, or sexualpreference? Does a campus speech code enhance or degrade democraticvalues? When the American flag is burned in protest, what rights offree speech are involved? In a lucid and balanced analysis ofcontemporary court cases dealing with these problems, as well as thoseof obscenity and workplace harassment, acclaimed First Amendmentscholar Kent Greenawalt now addresses a broad general audience ofreaders interested in the most current free speech issues.

These and other titles are available for purchase online at the EPICBookstore:

[7] EPIC Bill-Track: New Bills in Congress

H.R.10. Financial Services Act of 1999. Major bank, securities etc.
merger bill. Requires FTC to issue interim reports on consumerprivacy. Sponsor: Leach (R-IO). Referred to the Committee on Bankingand Financial Services, and in addition to the Committee on Commerce.

H.R.30. Financial Information Privacy Act of 1999. To protectconsumers and financial institutions by preventing personal financialinformation from being obtained from financial institutions underfalse pretenses. Sponsor: Leach (R-IO). Referred to the Committee onBanking and Financial Services.

H.R.97. Personal Privacy Protection Act. Stalkerazzi bill. Prohibitsphysical intrusion into privacy for commercial purposes (aka press).
Exempts law enforcement. Sponsor: Rep Conyers, John, Jr. (D-MI)
(introduced 01/06/99). Referred to the Committee on the Judiciary.

H.R.180. Integrity in Voter Registration Act of 1999. A bill to amendthe National Voter Registration Act of 1993 to require each individualregistering to vote in elections for Federal office to provide theindividual's Social Security number. Sponsor: Rep McCollum, Bill .
(R-FL). Referred to the Committee on House Administration
H.R.191. Creates tamperproof Social Security Card (aka National IDCard) used for employment verification. Sponsor: Rep McCollum, Bill .
(R-FL). Referred to the Committee on the Judiciary, and in addition tothe Committee on Ways and Means.

H.R.279. Federal Employment Applicant Drug Testing Act. Requires drugtesting of all applicants for federal jobs. Sponsor: Rep Sweeney, JohnE. Referred to the Committee on Government Reform.

H.R.306. Genetic Information Nondiscrimination in Health Insurance Actof 1999. A bill to prohibit discrimination against individuals andtheir family members on the basis of genetic information or a requestfor genetic services. Referred to the Committee on Commerce, and inaddition to the Committees on Ways and Means, and Education and theWorkforce.

H.R.307. A bill to amend section 552a of title 5, United States Code,
to provide for the maintenance of certain health information in caseswhere a health care facility has closed or a health benefit plansponsor has ceases to do business. Sponsor: Rep Towns, Edolphus.
Referred to the Committee on Government Reform.

H.R.313. Consumer Internet Privacy Protection Act of 1999. A bill toregulate the use by interactive computer services of personallyidentifiable information provided by subscribers to such services.
Sponsor: Rep Vento, Bruce F. (D-MN). Referred to the Committee onCommerce.

H.R.318. Drug-Free Ports Act. A bill to provide for access by Stateand local authorities to information of the Department of Justice forthe purpose of conducting criminal background checks on port employeesand prospective employees. Sponsor: Rep Shaw, E. Clay, Jr. Referred tothe Committee on the Judiciary.

More information is available at:

[8] Upcoming Conferences and Events

Encryption Controls Workshop. February 8, 1998. San Jose, CA.
Sponsored by the US Dept of Commerce. Contact: (202) 482-6031
FC '99 Third Annual Conference on Financial Cryptography. February22-25, 1999. Anguilla, B.W.I. Contact:

Electronic Commerce and Privacy Legislation -- Building Trust andConfidence. February 23, 1999. Ottawa, Canada. Sponsored by RileyInformation Services.

Communitarian Summit. February 27-28, 1999. Arlington, Virginia.
1999 ASAP Western Regional Training Conference. February 28 - March 3,
1999. Portland, Oregon. Contact:

"CYBERSPACE 1999: Crime, Criminal Justice and the Internet". 29 & 30March 1999. York, UK. Sponsored by the British and Irish LegalEducation Technology Association (BILETA).

Computers, Freedom and Privacy (CFP) '99. April 6-8, 1999. Washington,
DC. Sponsored by ACM. Call for proposals available. Contact:

Encryption Controls Workshop. May 13, 1998. Raleigh, NC.
Sponsored by the US Dept of Commerce. Contact: (202) 482-6031
1999 EPIC Cryptography and Privacy Conference. June 14, 1999.
Washington, DC. Sponsored by EPIC. Contact:
Cryptography & International Protection of Human Rights (CIPHR'99).
9-13 August 1999. Lake Balaton, Hungary. Contact:

Subscription Information

The EPIC Alert is a free biweekly publication of the ElectronicPrivacy Information Center. To subscribe or unsubscribe, send emailto with the subject: "subscribe" (no quotes) or"unsubscribe". A Web-based form is available at:
Back issues are available at:

About EPIC

The Electronic Privacy Information Center is a public interest researchcenter in Washington, DC. It was established in 1994 to focus publicattention on emerging privacy issues such as the Clipper Chip, theDigital Telephony proposal, national ID cards, medical record privacy,
and the collection and sale of personal information. EPIC is sponsoredby the Fund for Constitutional Government, a non-profit organizationestablished in 1974 to protect civil liberties and constitutionalrights. EPIC publishes the EPIC Alert, pursues Freedom of InformationAct litigation, and conducts policy research. For more information,
e-mail, or write EPIC, 666Pennsylvania Ave., SE, Suite 301, Washington, DC 20003. +1 202 544 9240(tel), +1 202 547 5482 (fax).

If you'd like to support the work of the Electronic Privacy InformationCenter, contributions are welcome and fully tax- deductible. Checksshould be made out to "The Fund for Constitutional Government" and sentto EPIC, 666 Pennsylvania Ave., SE, Suite 301, Washington DC 20003.

Your contributions will help support Freedom of Information Act andFirst Amendment litigation, strong and effective advocacy for the rightof privacy and efforts to oppose government regulation of encryptionand expanding wiretapping powers.

Thank you for your support.

END EPIC Alert 6.01

WorldLII: Copyright Policy | Disclaimers | Privacy Policy | Feedback