WorldLII Home | Databases | WorldLII | Search | Feedback

EPIC Alert

You are here:  WorldLII >> Databases >> EPIC Alert >> 1999 >> [1999] EPICAlert 11

Database Search | Name Search | Recent Articles | Noteup | LawCite | Help

EPIC Alert 6.11 [1999] EPICAlert 11


Volume 6.11 July 15, 1999

Published by the Electronic Privacy Information Center (EPIC)
Washington, D.C.

Table of Contents

[1] FTC Releases Incomplete Privacy Report
[2] EPIC Files Brief in Drivers' Privacy Case
[3] International Relations Committee Approves SAFE Crypto Bill
[4] Settlement Ends Litigation Over Anonymous Internet Messages
[5] House Extends Deadline for Wiretap Law Compliance
[6] New York Court Okays Warrantless Pen Register Surveillance
[7] 1999 Privacy Law Sourcebook Now Available
[8] Upcoming Conferences and Events

[1] FTC Releases Incomplete Privacy Report

This week the Federal Trade Commission released a new report onprivacy. "Self-Regulation and Privacy Online: FTC Report to Congress"
outlines an agenda to address online privacy issues that includes anumber of public workshops, task forces and an online survey, designedto reassess progress in Web sites' implementation of fair informationpractices.

The FTC report was noteworthy because the Agency recommended thatCongress not take steps at this point to regulate privacy on theInternet. According to the report, "the Commission believes thatlegislation to address online privacy is not appropriate at this time.
We also believe that industry faces some substantial challenges.
Specifically, the present challenge is to educate those companieswhich still do not understand the importance of consumer privacy andto create incentives for further progress toward effective, widespreadimplementation."

The Commission put great weight on a recent study which found thattwo-thirds of web sites posted a notice concerning privacy. It didn'tseem to interest the Commission that these notices typically tellpeople that personal information is collected without restriction, andprovide no limitation on use, no rights of access, no redress forharm, nor any of the other basic elements of Fair InformationPractices.

Privacy advocates and consumer organizations were uniformlydisappointed by the FTC report. Jason Catlett, president ofJunkbusters, said "Consumers must be given the power to enforce theirprivacy rights against those who would violate them." However, groupsdid express support for a concurring opinion by Commissioner SheilaAnthony who wrote that "the time may be right for federal legislationto establish at least baseline minimum standards."

The FTC, unlike privacy agencies around the world, also has no formalmechanisms for reporting on the receipt and disposition of privacyconcerns submitted by consumers. Thus, the FTC "Report to Congress"
contained no actual data about how the agency is responding to privacyconcerns.

The following relevant materials are available online:

FTC Report "Self-Regulation and Privacy Online"
FTC Press Release on "Self-Regulation and Privacy Online"
Opinion of Commissioner Sheila Anthony
Statement of Privacy and Consumer Organizations
EPIC Report "Surfer Beware: Personal Privacy and the Internet"

[2] EPIC Files Brief in Drivers' Privacy Case

The Electronic Privacy Information Center today filed an amicuscuriae, or "friend of the court," brief in the U.S. Supreme Court,
arguing that the 1994 Driver's Privacy Protection Act (DPPA) is aconstitutional exercise of Congressional authority. The dataprotected against disclosure by the DPPA includes "information thatidentifies an individual, including an individual's photograph, socialsecurity number, driver identification number, name, address (but notthe 5-digit zip code), telephone number, and medical or disabilityinformation, but does not include information on vehicular accidents,
driving violations, and driver's status."

EPIC urged the high court to reverse Condon v. Reno, a lower courtopinion which held that the DPPA violated the Tenth Amendment. EPIC'sbrief focused on the vital privacy interests that DPPA addresses,
rather than on the federalism concerns raised by the statute. EPICargued that the state interest in collecting personal information forinternal use does not justify public availability of such data. EPICalso noted that unregulated public access to motor vehicle recordsburdens the right to travel: "Without adequate protection of personalinformation maintained by state DMVs, citizens must essentially choosebetween privacy and the right to travel."

After receiving opposing briefs, the Court will schedule oral argumentin the case, probably for late 1999 or early 2000.

The text of the EPIC brief, in PDF format, is available at:

[3] International Relations Committee Approves SAFE Crypto Bill

Despite attempts by the Clinton administration and its congressionalallies in both parties to gut the encryption export liberalizationfeatures of Rep. Bob Goodlatte's (R-VA) Security and Freedom throughEncryption (SAFE) Act, the House International Relations Committee(HIRC) voted on July 13 to approve the bill, with some minoramendments, in a 33-to-5 vote. During a four-hour legislative"mark-up" session, several "killer" amendments to SAFE were introducedby Democratic and Republican legislators seeking to maintain theadministration's ability to block or significantly delay exports ofencryption for a variety of reasons. The committee's actions followeda morning classified briefing by Deputy Defense John Hamr#233#, in whichhe tried to persuade the committee to defeat SAFE in its present formor approve it with the administration's amendments. At the same timeHamr#233# was lobbying against SAFE before the International RelationsCommittee, Attorney General Janet Reno and FBI Director Louis Freehwere testifying before the House Armed Services Committee, arguingthat SAFE would severely impact national security and public safety.

Rep. Sam Gejdenson (D-CT), the ranking Democratic member of theInternational Relations Committee, derided Hamr#233#'s closed secretsession, saying "most of the information could and should have beendiscussed in public." Rep. Howard Berman (D-CA) rejected Gejdenson'sbrush-off of the Department of Defense by suggesting that all membersof Congress should be briefed on the dangers of encryption exportrelief by the National Security Agency (NSA). He suggested that theNSA could not "brutalize -- whatever -- do a mass assault" on 128-bitencryption. Rep. Dana Rohrabacher (R-CA) said, "my NSA briefing wasthe same old 'gobbledy-gook' I heard from them when I was a member ofthe Reagan administration."

Rep. Berman succeeded in amending SAFE to require a 30-day technicalreview period by the Secretary of Commerce for encryption exports.
But his amendment to allow the Administration to continue to restrictencryption exports under provisions of the Wassenaar Arrangementfailed. Reps. Gejdenson and Manzullo criticized Wassenaar asineffective since countries like India and Israel are not bound by it.

The SAFE Act has now been approved, largely intact, by the Judiciaryand International Relations Committees -- the two panels with primaryjurisdiction over the legislation. The House Rules Committee willsoon decide whether to send those committees' versions of the bill tothe House floor rather than weakened versions approved by othercommittees.

Additional information on encryption policy is available at:

[4] Settlement Ends Litigation Over Anonymous Internet Messages

A California lawsuit that had the potential to provide the firstjudicial guidance on the rights of anonymous Internet posters has beensettled. The case, which was filed by modem manufacturer Xircom, Inc.
against a "John Doe" defendant who had posted information critical ofthe company on a Yahoo! message board, was the first known case inwhich an anonymous poster sought to quash a subpoena seeking hisidentity. Xircom alleged that the anonymous poster was a current orformer employee who had violated a confidentiality agreement. Thesettlement of the lawsuit came before the court could address theprivacy and First Amendment issues raised by "John Doe."

Under the terms of the settlement agreement, the identity of theposter was revealed by his counsel to selected senior executives ofXircom under strict confidentiality requirements. "John Doe"
confirmed that he is not now, nor was he at the time of his Yahoo!
postings, a Xircom employee. He stated his belief that his postingswere expressions of his opinion, and said he did not intend that anyreader should understand his posts to be anything more than hisopinion.

The Xircom settlement comes in the midst of a flurry of "John Doe"
litigation around the country. A closely-watched case involvingonline anonymity ended abruptly in May after the plaintiff corporationlearned the identities of 21 "John Doe" defendants. Raytheon Co.
dismissed its lawsuit against a group of people it claimed werespreading company secrets on an Internet message board after thedefense contractor succeeded in obtaining the individuals' names.
The dismissal suggested that it may have been the Raytheon's soleobjective to identify the anonymous individuals, without any intentionof litigating the merits of its claims (see EPIC Alert 6.08).

[5] House Extends Deadline for Wiretap Law Compliance

The House of Representatives approved legislation on July 13 that willmake it easier for telecommunications companies to comply with theCommunications Assistance to Law Enforcement Act (CALEA). Thecontroversial 1994 "digital telephony" law requires the companies todesign their systems to more easily facilitate electronic sur-
veillance. The new legislation (H.R. 916) would allow companies torecoup more of the expenses that they incur to make their networkscompliant with law enforcement requirements. CALEA authorizes $500million in federal funds to reimburse telecommunications firms makethe required changes.

The bill approved by the House would change the compliance date forcompanies to be in compliance with the CALEA requirements to June 30,
2000. It would also set June 30, 2000, as the date after which thecompanies cannot submit expenses to the government for requiredinfrastructure changes. The original cut-off date was Jan. 1, 1995.
Senate Judiciary Committee Chairman Orrin Hatch (R-UT) has introducedsimilar language in the Senate.

The Federal Bureau of Investigation, the telecommunications industryand privacy advocates (including EPIC) are involved in a pendingproceeding before the Federal Communications Commission which willfinalize the technical requirements for CALEA compliance. The FCC islikely to announce its decision soon.

Additional information on CALEA is available at:

[6] New York Court Okays Warrantless Pen Register Surveillance

A unanimous opinion issued by the New York Court of Appeals on July 6marks a significant shift in the wiretapping jurisprudence of NewYork's highest court. Following the decision in People v. Martello,
police may install pen registers -- devices that monitor numbersdialed from a telephone line -- without obtaining a warrant based onprobable cause. A "reasonable suspicion" is now sufficient for penregister surveillance to be initiated.

Most pen registers include a regular wiretapping feature to supplementthe number recording feature. It was the potential for abuse of these"dual-feature" pen registers that prompted the New York court's 1993decision in People v. Bialostok, requiring police to obtainwiretapping warrants for their use. The Bialostok decision noted that"it is the warrant requirement, interposing the magistrate'soversight, that provides to citizens appropriate protection againstunlawful intrusion."

In its latest ruling, the Court of Appeals drastically limitedBialostok, holding that it did not apply to investigations conductedunder Article 705 of the state Criminal Procedure Law, a 1988amendment that allows police to obtain a court order authorizing penregister surveillance upon a showing of reasonable suspicion. TheCourt also held that Bialostok does not apply retroactively toinvestigations completed prior to 1993. Consequently, the Courtrefused to suppress pen register evidence against Martello gathered bypolice from 1990 to 1992.

Additional information on electronic surveillance is available at:

[7] 1999 Privacy Law Sourcebook Now Available

The Privacy Law Sourcebook 1999: United States Law, InternationalLaw, and Recent Developments. Marc Rotenberg, Editor (EPIC 1999).

The Privacy Law Sourcebook is the first one-volume resource forstudents, attorneys, researchers and journalists who need acomprehensive collection of both U.S. and International privacy law,
as well as a fully up-to-date section on recent developments.
Includes the full texts of most major privacy laws and directivesincluding the FCRA, the Privacy Act, FOIA, Family Educational RightsAct, Right to Financial Privacy Act, Privacy Protection Act, CableCommunications Policy Act, ECPA, Video Privacy Protection Act, OECDPrivacy Guidelines, OECD Cryptography Guidelines, European UnionDirectives for both Data Protection and Telecommunications, and more.
The Privacy Law Sourcebook is updated and expanded for 1999 to includethe Children's Online Privacy Protection Act, materials on the "SafeHarbor" proposal, and new legislation introduced to comply with the EUData Directive. Also included is an extensive new section on privacyresources with useful web sites and contact information for privacyagencies, organizations, and publications. 572 pages, paper, $50.00,
ISBN 1-893044-04-1.

"The 'Physicians Desk Reference' of the privacy world."

- Evan Hendricks, Privacy Times
"This is a handy compilation of privacy law instruments and a 'must'
for anyone seeking guidance about the location and content of the keystatutes, treaties, and recent developments."

- American Society of International Law
"I recommend the book to anyone who has to deal with privacy issuesand needs a handy and complete resource. It is just wonderful tohave everything together in one place."

- Bob Gellman, Information and Privacy Consultant

The Privacy Law Sourcebook is available from at:
Check for other titles at the EPIC Bookstore:

[8] Upcoming Conferences and Events

Jurisdiction: Building Confidence in a Borderless Medium. QueenElizabeth Hotel, Montreal, Canada, July 26-27, 1999. Sponsored by theInternet Law and Policy Forum. Contact: Marilyn Malenfant+1.514.744.0408 or

ABA Annual Conference, Section of International Law and Practice.
"Privacy Issues in Electronic Commerce." August 9, 1999. Atlanta,
Georgia. Contact
The 21st International Conference on Privacy and Personal DataProtection. Hong Kong, September 13-14, 1999. A distinguished groupof over 50 speakers/panelists from overseas and Hong Kong will explorethe theme of "Privacy of Personal Data, Information Technology &
Global Business in the Next Millennium."" Sponsored by the Office ofthe Privacy Commissioner for Personal Data in Hong Kong. Contact:
"A Privacy Agenda for the 21st Century." September 15, 1999. Hong KongConvention and Exhibition Centre, Hong Kong PRC. Contact:

"Certified Wide Area Road Use Monitoring." September 21-23, 1999.
Albuquerque, New Mexico. Sponsored by the New Mexico State Highwayand Transportation Department Research Bureau in cooperation with theUniversity of New Mexico Alliance for Transportation ResearchInstitute An intensive 2 1/2 day educational and developmentalsymposium on a single rapidly evolving concept in IntelligentTransportation Systems (ITS). For more information:
Information Security Solutions Europe 1999. October 4-6, 1999. MaritimproArte Hotel, Berlin, Germany. contact

RSA 2000. The ninth annual RSA Data Security Conference and Expo. SanJose McEnery Convention Center. San Jose, CA. January 16-20, 2000,

Subscription Information

The EPIC Alert is a free biweekly publication of the Electronic PrivacyInformation Center. A Web-based form is available for subscribing orunsubscribing at:
To subscribe or unsubscribe using email, send email with the subject: "subscribe" (no quotes) or"unsubscribe".

Back issues are available at:

About EPIC

The Electronic Privacy Information Center is a public interest researchcenter in Washington, DC. It was established in 1994 to focus publicattention on emerging privacy issues such as the Clipper Chip, theDigital Telephony proposal, national ID cards, medical record privacy,
and the collection and sale of personal information. EPIC is sponsoredby the Fund for Constitutional Government, a non-profit organizationestablished in 1974 to protect civil liberties and constitutionalrights. EPIC publishes the EPIC Alert, pursues Freedom of InformationAct litigation, and conducts policy research. For more information,
e-mail, or write EPIC, 666Pennsylvania Ave., SE, Suite 301, Washington, DC 20003. +1 202 544 9240(tel), +1 202 547 5482 (fax).

If you'd like to support the work of the Electronic Privacy InformationCenter, contributions are welcome and fully tax-deductible. Checksshould be made out to "The Fund for Constitutional Government" and sentto EPIC, 666 Pennsylvania Ave., SE, Suite 301, Washington, DC 20003.

Your contributions will help support Freedom of Information Act andFirst Amendment litigation, strong and effective advocacy for the rightof privacy and efforts to oppose government regulation of encryption andexpanding wiretapping powers.

Thank you for your support.

END EPIC Alert 6.11


WorldLII: Copyright Policy | Disclaimers | Privacy Policy | Feedback