You are here:
WorldLII >>
Databases >>
EPIC Alert >>
1999 >>
[1999] EPICAlert 1
Database Search
| Name Search
| Recent Articles
| Noteup
| LawCite
| Help
EPIC Alert 6.01 [1999] EPICAlert 1
EPIC ALERT
Volume 6.01 January 20, 1999
Published by the Electronic Privacy Information Center (EPIC)
Washington, D.C.
http://www.epic.org
Table of Contents
[1] Internet Censorship Goes on Trial (Again)
[2] Crypto Update: US Issues New Export Rules, French Drop Restrictions
[3] Supreme Court Rules on Anonymity
[4] EU Releases Report on Privacy Adequacy
[5] GAO Finds IRS Security Lacking
[6] EPIC Bookstore
[7] EPIC Bill-Track: New Bills in Congress
[8] Upcoming Conferences and Events
[1] Internet Censorship Goes on Trial (Again)
In the second challenge to a federal Internet censorship law, athree-day hearing began today in United States DistrictCourt in Philadelphia.
At issue is the constitutionality of the ChildOnline Protection Act (COPA), the statutory successor to theCommunications Decency
Act (CDA), which the Supreme Court struck downin June 1997. The lawsuit was filed by the American Civil LibertiesUnion, the Electronic
Privacy Information Center and the ElectronicFrontier Foundation as co-counsel on behalf of 17 individuals andorganizations.
During the hearing, the plaintiffs will present the testimony of sevenwitnesses, including Vanderbilt University Prof. Donna Hoffman;
DanFarmer, network security director for Earthlink online service; CNETVice President Christopher Barr (representing the Internet
ContentCoalition); and Los Angeles Times columnist Larry Magid.
On November 19, a U.S. District Judge Lowell A. Reed issued atemporary restraining order (TRO) against enforcement of COPA, whichimposes
criminal penalties against any "commercial" website that makesmaterial that is "harmful to minors" available to anyone under 17years
of age. The TRO remains in effect until February 1, by whichtime the court will decide whether to issue a preliminary injunctionagainst
the law.
The COPA lawsuit -- ACLU v. Reno II -- is the latest legal challengeto Internet censorship laws. In June 1996, the same federal court
inPhiladelphia struck down the CDA, a decision unanimously upheld by theU.S. Supreme Court. In enacting COPA, Congressional supportersclaimed
that the new law corrected the constitutional defects of theCDA. Several federal courts have also found state laws seeking toregulate
online content unconstitutional.
Complete information on the legal challenge, including daily updatesfrom the courthouse in Philadelphia, will be available at:
http://www.epic.org/free_speech/copa/
[2] Crypto Update: US Issues New Export Rules, French Drop Restrictions
* US Revises Export Controls *
The US Department of Commerce issued new interim regulations onon encryption export controls on December 31, 1998. The new regulations,
which were announced in September, are targeted towardslarge corporations. Restrictions on the exports of strong encryptionused for
private, non-commerical reasons is still strictly limited.
The new rules:
Allow export of software-based 56-bits encryption programs including DES. On January 19, a cracking contest sponsored by RSA
broke DES in 21 hours.
Allow exports of products of any key length to insurance companies,
medical end-users, and online merchants (only for buying and selling goods) under the current exception available for banks.
Allows export to US subsidiaries for "internal company proprietary use" and provides for favorable rules for exporting to partners
of American companies.
Removes some of the licensing requirements on export of key escrow/key recovery systems.
Comments on the rules are due March 1, 1998. An copy of the rules isavailable at:
http://www.epic.org/crypto/export_controls/bxa-regs-1298.html
* France Announces Major Crypto Liberalization *
French Prime Minister Lionel Jospin announced on January 19 that theFrench government is relaxing its current restrictive policy onencryption.
Under the new policy, a key escrow system of "Trusted ThirdParties" will no longer be required for domestic use. The 1996 lawrequiring
TTPs will not be implemented. Users will be able to use up to128-bit encryption without restrictions until a new law whicheliminates
all restrictions is enacted. However, technical capabilitiesfor investigations will be expanded.
The announcement is available in French at:
http://www.premier-ministre.gouv.fr/PM/D190199.HTM
[3] Supreme Court Rules on Anonymity
On January 12, 1999 the Supreme Court held that Colorado's ballotaccess regulations unjustifiably inhibited the circulation ofballot-initiative
petitions. Of particular interest to those followingprivacy issues, the Supreme Court upheld the ruling of the TenthCircuit that
the requirement of petition circulators to display theirnames on a badge violated the First Amendment.
A lower court had found that compelling circulators to wearidentification badges inhibited participation in the petition process.
The Supreme Court agreed. Writing for the majority, Justice Ginsburgsaid "The injury to speech is heightened for the petition circulatorbecause
the badge requirement compels personal identification at theprecise moment when the circulators interest in anonymity is greatest."
The Supreme Court said that the availability of a signed affidavitsatisfied the state's interest in enabling the public to identify
andthe state to apprehend petition circulators who engage in misconduct.
The Court's opinion in Buckley v. American Constitutional LawFoundation follows the 1995 decision in McIntyre v. Ohio ElectionCommission
in which the Supreme Court held that the state of Ohio couldnot ban the distribution of anonymous campaign literature.
Justice Ginsburg delivered the opinion of the Court. Justice Thomasconcurred in the judgement. Justice O'Connor, joined by Justice
Breyer,
concurred in part and dissented in part. Justice Rehnquist dissented.
BUCKLEY v. AMERICAN CONSTITUTIONAL LAW FOUNDATION, INC. (97-930)
Web-accessible at:
http://supct.law.cornell.edu/supct/html/97-930.ZS.html
[4] EU Releases Report on Privacy Adequacy
The European Union has released a new report on transborder data flowsof personal information and the adequacy of protections in non-EUcountries.
The report "Application of a methodology designed to assessthe adequacy of the level of protection of individuals with regard toprocessing
personal data: test of the method of several categories oftransfer" was written by four international experts in privacy law:
Charles Raab, Colin Bennett, Robert Gellman, and Nigel Waters. Itreviews the flow of information relating to human resources, airlinereservation
systems, medical and epidemiological data, electroniccommerce and sub-contracted data processing in six countries -
Australia, Canada, Hong Kong, Japan, New Zealand and the UnitedStates.
The report found that the US companies in most of those industries donot meet fair information practices. There is almost no applicablelaws
in the US that govern privacy protections in those areas.
What few protections are generally available are based oninternal practices of companies or industry guidelines based onself-regulation
which may not be fully applied. Enforcement is also amajor problem, because the US lacks any official body which can provideoversight.
The report highlights the problems US residents continue to have inprotecting their privacy. While the US Department of Commercecontinues
to lobby the EU not to enforce its Privacy Directiverequirements, privacy protection in the US languishes. The EU is likelyto take
this is consideration in its talks with the US.
The full report in PDF format (218 pages) is available at:
http://europa.eu.int/comm/dg15/en/media/dataprot/studies/adequat.htm
[5] GAO Finds IRS Security Lacking
The General Accounting Office (GAO) issued a report on January 14finding that the IRS has made progress but has not yet fullyimplemented
effective security controls on its systems that containsensitive taxpayer information.
The GAO report on IRS Systems Security was sent on December 141998 to Senator Fred Thompson, chairman of the Senate GovernmentAffairs
Committee. The watchdog congressional agency concluded thatsecurity weaknesses at the "expose taxpayers to an increased risk ofloss
and damages due to identity theft and other financial crimesresulting from the unauthorized disclosure and use of information theyprovide
to IRS." The GAO audit of the IRS was prompted by revelationsthat the tax collection agency failed to protect sensitive personaltax
information from the prying eyes of private investigators,
unscrupulous IRS employees, and plain curiosity seekers.
The GAO cited cases in which unauthorized IRS employees could change,
alter, or delete taxpayer data. Also, tapes and diskettes containingsensitive taxpayer information were not overwritten prior to reuse
ordisposal and several hundred are missing. This weakness could allowunauthorized access to information remaining on the magnetic
media. TheGAO also hit IRS for failing to encrypt links transmitting sensitivetaxpayer information. This has been a common problem
for tax payerswishing to electronically file tax data with the IRS but have beenstymied by government attempts to mandate the use
of unpopular keyescrow/recovery programs within civilian agencies like the IRS.
The full report "IRS System Security: Although SignificantImprovements Made, Tax Processing Operations and Data Still atSerious Risk"
is available at:
http://www.epic.org/privacy/govt/irs/gao-irs-security-1298.pdf
[6] EPIC Bookstore
In light of the COPA hearing in Philadelphia this week, in this Alert,
the EPIC Bookstore focuses on free speech. Browse our cyber shelvesfor the titles below, and many other great books on free speech,
privacy, and civil liberties at the Internet's only bookstore devotedto online freedom. Shipping, discounts, and gift-wrapping provided.
** Books **
The Irony of Free Speech by Owen M. Fiss
While lawmakers, both liberal and conservative, argue that the state'sattempts to limit everything from hate speech to indecency on
theInternet and contributions to political campaigns confines individualfreedom, Owen M. Fiss, a Sterling Professor at Yale Law Schoolbelieves
that censorship, to some degree, enhances freedom bybroadening "the terms of public discussion." Victims of hate speechand pornography,
he contends, are often silenced out of fear or lowself-worth, inhibiting their full participation not only indeliberation but also
in life. Silencing the voices of some in orderto hear the voices of others, he maintains, is often the only way toreinforce public
debate.
Fighting Words: Individuals, Communities, and Liberties of Speech byKent Greenawalt
Should "hate speech" be made a criminal offense, or does the FirstAmendment oblige Americans to permit the use of epithets directedagainst
a person's race, religion, ethnic origin, gender, or sexualpreference? Does a campus speech code enhance or degrade democraticvalues?
When the American flag is burned in protest, what rights offree speech are involved? In a lucid and balanced analysis ofcontemporary
court cases dealing with these problems, as well as thoseof obscenity and workplace harassment, acclaimed First Amendmentscholar
Kent Greenawalt now addresses a broad general audience ofreaders interested in the most current free speech issues.
These and other titles are available for purchase online at the EPICBookstore:
http://www.epic.org/bookstore/
[7] EPIC Bill-Track: New Bills in Congress
H.R.10. Financial Services Act of 1999. Major bank, securities etc.
merger bill. Requires FTC to issue interim reports on consumerprivacy. Sponsor: Leach (R-IO). Referred to the Committee on Bankingand
Financial Services, and in addition to the Committee on Commerce.
H.R.30. Financial Information Privacy Act of 1999. To protectconsumers and financial institutions by preventing personal financialinformation
from being obtained from financial institutions underfalse pretenses. Sponsor: Leach (R-IO). Referred to the Committee onBanking
and Financial Services.
H.R.97. Personal Privacy Protection Act. Stalkerazzi bill. Prohibitsphysical intrusion into privacy for commercial purposes (aka press).
Exempts law enforcement. Sponsor: Rep Conyers, John, Jr. (D-MI)
(introduced 01/06/99). Referred to the Committee on the Judiciary.
H.R.180. Integrity in Voter Registration Act of 1999. A bill to amendthe National Voter Registration Act of 1993 to require each individualregistering to vote in elections for Federal office to provide theindividual's Social Security
number. Sponsor: Rep McCollum, Bill .
(R-FL). Referred to the Committee on House Administration
H.R.191. Creates tamperproof Social Security Card (aka National IDCard) used for employment verification. Sponsor: Rep McCollum,
Bill .
(R-FL). Referred to the Committee on the Judiciary, and in addition tothe Committee on Ways and Means.
H.R.279. Federal Employment Applicant Drug Testing Act. Requires drugtesting of all applicants for federal jobs. Sponsor: Rep Sweeney,
JohnE. Referred to the Committee on Government Reform.
H.R.306. Genetic Information Nondiscrimination in Health Insurance Actof 1999. A bill to prohibit discrimination against individuals
andtheir family members on the basis of genetic information or a requestfor genetic services. Referred to the Committee on Commerce,
and inaddition to the Committees on Ways and Means, and Education and theWorkforce.
H.R.307. A bill to amend section 552a of title 5, United States Code,
to provide for the maintenance of certain health information in caseswhere a health care facility has closed or a health benefit plansponsor
has ceases to do business. Sponsor: Rep Towns, Edolphus.
Referred to the Committee on Government Reform.
H.R.313. Consumer Internet Privacy Protection Act of 1999. A bill toregulate the use by interactive computer services of personallyidentifiable
information provided by subscribers to such services.
Sponsor: Rep Vento, Bruce F. (D-MN). Referred to the Committee onCommerce.
H.R.318. Drug-Free Ports Act. A bill to provide for access by Stateand local authorities to information of the Department of Justice forthe purpose of conducting
criminal background checks on port employeesand prospective employees. Sponsor: Rep Shaw, E. Clay, Jr. Referred tothe Committee on
the Judiciary.
More information is available at:
http://www.epic.org/privacy/bill_track.html
[8] Upcoming Conferences and Events
Encryption Controls Workshop. February 8, 1998. San Jose, CA.
Sponsored by the US Dept of Commerce. Contact: (202) 482-6031
FC '99 Third Annual Conference on Financial Cryptography. February22-25, 1999. Anguilla, B.W.I. Contact: http://fc99.ai/
Electronic Commerce and Privacy Legislation -- Building Trust andConfidence. February 23, 1999. Ottawa, Canada. Sponsored by RileyInformation
Services. http://www.rileyis.com/seminars/Feb99/
Communitarian Summit. February 27-28, 1999. Arlington, Virginia.
Contact: http://www.gwu.edu/~ccps
1999 ASAP Western Regional Training Conference. February 28 - March 3,
1999. Portland, Oregon. Contact: http://www.podi.com/asap/
"CYBERSPACE 1999: Crime, Criminal Justice and the Internet". 29 & 30March 1999. York, UK. Sponsored by the British and Irish LegalEducation
Technology Association (BILETA). http://www.bileta.ac.uk/
Computers, Freedom and Privacy (CFP) '99. April 6-8, 1999. Washington,
DC. Sponsored by ACM. Call for proposals available. Contact:
http://www.cfp99.org/
Encryption Controls Workshop. May 13, 1998. Raleigh, NC.
Sponsored by the US Dept of Commerce. Contact: (202) 482-6031
1999 EPIC Cryptography and Privacy Conference. June 14, 1999.
Washington, DC. Sponsored by EPIC. Contact: infoepic.org
Cryptography & International Protection of Human Rights (CIPHR'99).
9-13 August 1999. Lake Balaton, Hungary. Contact:
http://www.cryptorights.org/
Subscription Information
The EPIC Alert is a free biweekly publication of the ElectronicPrivacy Information Center. To subscribe or unsubscribe, send emailto
epic-newsepic.org with the subject: "subscribe" (no quotes) or"unsubscribe". A Web-based form is available at:
http://www.epic.org/alert/subscribe.html
Back issues are available at:
http://www.epic.org/alert/
About EPIC
The Electronic Privacy Information Center is a public interest researchcenter in Washington, DC. It was established in 1994 to focus
publicattention on emerging privacy issues such as the Clipper Chip, theDigital Telephony proposal, national ID cards, medical record
privacy,
and the collection and sale of personal information. EPIC is sponsoredby the Fund for Constitutional Government, a non-profit organizationestablished
in 1974 to protect civil liberties and constitutionalrights. EPIC publishes the EPIC Alert, pursues Freedom of InformationAct litigation,
and conducts policy research. For more information,
e-mail infoepic.org, http://www.epic.org or write EPIC, 666Pennsylvania Ave., SE, Suite 301, Washington, DC 20003. +1 202 544 9240(tel),
+1 202 547 5482 (fax).
If you'd like to support the work of the Electronic Privacy InformationCenter, contributions are welcome and fully tax- deductible.
Checksshould be made out to "The Fund for Constitutional Government" and sentto EPIC, 666 Pennsylvania Ave., SE, Suite 301, Washington
DC 20003.
Your contributions will help support Freedom of Information Act andFirst Amendment litigation, strong and effective advocacy for the rightof privacy and efforts to oppose government regulation
of encryptionand expanding wiretapping powers.
Thank you for your support.
END EPIC Alert 6.01
WorldLII:
Copyright Policy
|
Disclaimers
|
Privacy Policy
|
Feedback
URL: http://www.worldlii.org/int/journals/EPICAlert/1999/1.html
