Home | Databases | WorldLII | Search | Feedback EPIC Alert

EPIC Alert 6.12 [1999] EPICAlert 12

Volume 6.12 July 28, 1999

The Electronic Privacy Information Center (EPIC) today reiterated its concerns that governmental efforts to protect the "critical infrastructure" pose serious threats to the privacy and civil liberties of American citizens. EPIC repeated its warning in the wake of new indications that the Federal Bureau of Investigation (FBI) is about to embark upon a comprehensive program of monitoring non-military Government computer networks and communications networks used by crucial industries like banking, telecommunications and transportation.

The National Plan for Information Systems Protection reveals that the FBI and National Security Agency are planning to establish a massive domestic and international Internet monitoring system. One of the plan's proposals calls for the creation of a Federal Intrusion Detection Network (FIDNET) to monitor all network activity involving civilian government departments and agencies. FIDNET is to be linked to a similar system in the Defense Department known as the Joint Task Force-Computer Network Defense (JTF-CND) that monitors all Defense Department networks. FIDNET and JTF-CND are to be linked to private sector Information Sharing and Assessment Centers (ISACs) networks. ISACs will monitor network activity in the telecommunications, banking, transportation, and other sectors.

The plan is an outgrowth of recommendations made in the October 1997 report of the President's Commission on Critical Infrastructure Protection (PCCIP) and in Presidential Decision Directive 63 (PDD 63) on Critical Infrastructure Protection issued in May 1998.

In its report "Critical Infrastructure Protection and the Endangerment of Civil Liberties," released in October 1998, EPIC noted that the PCCIP had proposed

the development of a large-scale monitoring strategy for communications networks. Borrowing techniques that have been applied to hostile governments and foreign agents, the PCCIP brings the Cold War home with an open-ended proposal to conduct ongoing surveillance on the communications of American citizens.

EPIC noted in its report that "these proposals are more of a threat to our system of ordered liberty than any single attack on our infrastructure could ever be." Earlier this year, EPIC filed a series of Freedom of Information Act requests seeking the details of these initiatives.

"Critical Infrastructure Protection and the Endangerment of Civil Liberties" is available at:

http://www.epic.org/security/infowar/epic-cip.html

Excerpts from the National Plan for Information Systems Protection are available at:

http://www.epic.org/security/infowar/nat_plan.html

EPIC director Marc Rotenberg testified before the Senate Commerce Subcommittee on Communications on July 27, arguing that there is a current need for legislation to protect Internet users' privacy. A recent Federal Trade Commission report suggested that self-regulation would suffice until lawmakers had a better idea of the status of Internet privacy protection (see EPIC Alert 6.11).

Subcommittee chairman Conrad Burns (R-MT), along with Senator Ron Wyden (D-OR), are the sponsors of S. 809, the Online Privacy Protection Act. The legislation would assure that websites post privacy policies and allow users to control the disclosure of their private information. Rotenberg, describing S. 809 as "a good starting point for real privacy protection on the Internet," was critical of the FTC report, which concluded that privacy legislation may be premature. Describing it as "one of the oddest reports on privacy" ever produced by a government agency, Rotenberg told the committee that the report "doesn't actually discuss any of the specific threats to privacy and it doesn't evaluate any of the recommendations put forward." He concluded that "privacy policy is not the same as privacy protection."

Also testifying were FTC Chairman Robert Pitofsky and FTC Commissioners Sheila Anthony, Orson Swindle and Mozelle Thompson. Anthony, who dissented from the FTC's opinion that legislation was not immediately necessary, indicated that only ten percent of the 7500 "well-traveled sites" cited in the FTC report met all of the Commission's suggested criteria, and that the number would not increase significantly without legislation.

Other witnesses were Center for Democracy and Technology staff counsel Deirdre Mulligan, AOL's Congressional Liaison Jill Lesser, and Christine Varney, senior partner at Hogan and Hartson.

The text of EPIC's testimony is available at:

http://www.epic.org/privacy/internet/EPIC_testimony_799.pdf

The FTC report on Internet privacy is available at:

http://www.ftc.gov/reports/privacy3/index.htm

Privacy, consumer and children's advocacy organizations have released a new report that warns that many commercial web sites continue to collect information on young children without parental permission. The Center for Media Education, the Consumer Federation of America and Junkbusters urged the Federal Trade Commission to adopt clear and effective safeguards for children's online privacy.

The Center for Media Education (CME) conducted two separate analyses over two weeks: one a random sample of children's Web sites; the other an examination of the 80 most popular sites for children. The survey showed that while 95 percent of sites in the random sample collect personally-identifiable information from children, nearly three-quarters of those that collect personal information (73 percent) post no privacy policies. Less than six percent attempt to get any permission from parents at all; less than three percent use methods for obtaining verifiable, prior parental consent that are consistent with the Children's Online Privacy Protection Act (COPPA).

An analysis of the 80 most popular children's commercial Web sites revealed that while 88 percent of them collect personal information from kids, more than a quarter of the sites that collect information post no privacy policies. Less than 26 percent attempt to get any kind of parental permission; not quite 13 percent use methods for obtaining verifiable, prior parental consent.

"These findings underscore the urgent need for clear and effective rules to protect children's privacy online," said Kathryn Montgomery, Ph.D., President of the Center for Media Education.

More information on the report is available at:

Center for Media Education http://www.cme.org/

Junkbusters http://www.junkbusters.com

Two House Committees have completely overhauled the Security and Freedom Through Encryption (SAFE) bill, which would relax export controls on encryption. The House Armed Services Committee and the House Intelligence Committee approved revisions that gut the original bill to the House Rules Committee on July 23. The panels emphasized their belief that encryption reform would have "devastating" effects on law enforcement capabilities. Five House committees have now completed work on the SAFE bill. The various committee versions of the bill will now go to the Rules Committee, which will decide which language will be presented to the full House. Final consideration on SAFE is expected in September.

In its report on the legislation, the Armed Services Committee cited increased terrorism and drug smuggling as effects of relaxed export restrictions. Additionally, the Committee wrote that "much of the U.S. military's battlefield advantage relies on information dominance and the ability to decipher the communications of the enemy. Capabilities that make it more difficult for the United States to detect the plans and activities of hostile military forces could significantly degrade the technological advantage presently held by U.S. combat forces."

In a related development, further conflict has erupted over the liberal export policies of some European countries. The United States is urging Germany to make changes to its crypto policies at the next round of Wassenaar negotiations, scheduled for late 2000. In late May, Janet Reno wrote to German Federal Secretary of Justice Herta Daubler-Gmelin, asking him to control the burgeoning distribution of encryption software over the Internet. Arguing that the current pace of online distribution of coding products "will render Wassenaar's controls immaterial," Reno is apparently seeking to influence all thirty-three Wassenaar member states before the talks resume. The text of Reno's letter is available at:

http://www.heise.de/tp/deutsch/inhalt/te/5117/2.html

The texts of the reports issued by the House Armed Services Committee and the House Intelligence Committee are available at:

http://www.epic.org/crypto

Earlier this month, the First Amendment Center released "State of the First Amendment: 1999," the second in a series of reports on the attitudes of American adults regarding First Amendment liberties. The timing of the poll was interesting, as the opening remarks note: "The sampling was conducted after 13 months of the Monica Lewinsky scandal, but before the shooting tragedy in Littleton, Colorado." The results of the survey were less than encouraging, especially on issues of press freedom, Internet speech, and flag-burning.

Although most Americans believe that "news organizations should be allowed to report or publish what they think is appropriate," public support for source confidentiality and reporting of government secrets has waned since the Center's 1997 survey. Furthermore, 53 percent of respondents said the press has too much freedom, up from 38 percent in the earlier survey. The report warns that the data "indicate that the news media is in deep trouble with the American public."

The responses to Internet-related questions suggest a lingering unease with the openness of the digital medium. Although 64 percent of respondents agreed that Internet speech should enjoy the same protection as printed speech (a rise from 56 percent in 1997), that support withered in the face of specific policy proposals. Only 24 percent thought that sexually explicit material should be allowed on the Internet. Furthermore, 58 percent said that public libraries should block access to certain Internet sites that might offend people. Finally, 58 percent also agreed that the government should have a role in developing a rating system for online content.

The vast majority of Americans disagreed that people should be allowed to burn or deface the American flag as a political statement. Half of those polled supported a constitutional amendment specifically prohibiting such behavior. The Supreme Court has twice ruled that flag burning is constitutionally protected.

The report also addresses a number of other First Amendment issues, including curfew laws, advertising restrictions, and school prayer.

The full report is available at:

http://www.freedomforum.org/first/sofa/1999/welcome.asp

A committee of the National Commission on the Future of DNA Evidence has concluded that conducting DNA tests on everyone arrested and charged with a crime probably is permitted under the Constitution. If the finding is adopted by the full Commission, it will be forwarded to Attorney General Janet Reno, who has said she will rely on the groups recommendations to set Justice Department policy and provide suggested guidelines to state law enforcement officials.

State agencies are already are dealing with a backlog of DNA samples collected from 1.4 million individuals who have been convicted of serious crimes. Those samples will eventually be added to a federal DNA database. Testing all people arrested -- more than 15 million people a year according to FBI estimates -- would greatly increase that existing backlog.

Privacy advocates have long maintained that testing arrestees would violate constitutional protections against unreasonable searches and would give law enforcement and other government agencies access to personal genetic information.

The End of Money And the Struggle for Financial Privacy Richard W. Rahn Jostens Graphics, North Carolina, 1999

What will be the future of financial institutions when "digital dollars" become the norm? Richard W. Rahn envisions a future where money is issued privately and digitally rather than through governments, and large amounts of money may be moved either with a record or anonymously.

Advocating legal financial privacy and a change in tax, trade and financial laws, Rahn calls for an abandonment of government regulation on financial transactions. Rahn writes that this overhaul of our financial infrastructure will "reduce transaction costs and monetary instability, thus leading to greater economic efficiency and higher standards of living."

Hardcover; U.S. $25.00

Critical Infrastructure Protection and the Endangerment of Civil Liberties: an assessment of the President's Commission on Critical Infrastructure Protection [PCCIP].

Report published by EPIC, October 1998.

An article in today's New York Times revisits a good deal of the analysis provided in this comprehensive report on the PCCIP effort. This proposal to extend the reach of law enforcement, to limit the means of government accountability, and to transfer more authority to the world of classification and secrecy would sacrifice network security to ensure greater surveillance capability.

These and many more timely titles are available from the EPIC Bookstore at:

http://www.epic.org/bookstore

ABA Annual Conference, Section of International Law and Practice. "Privacy Issues in Electronic Commerce." August 9, 1999. Atlanta, Georgia. Contact http://www.abanet.org/annual/99/home.html

The 21st International Conference on Privacy and Personal Data Protection. Hong Kong, September 13-14, 1999. A distinguished group of over 50 speakers/panelists from overseas and Hong Kong will explore the theme of "Privacy of Personal Data, Information Technology & Global Business in the Next Millennium."" Sponsored by the Office of the Privacy Commissioner for Personal Data in Hong Kong. Contact: icc@asiaonline.net

"A Privacy Agenda for the 21st Century." September 15, 1999. Hong Kong Convention and Exhibition Centre, Hong Kong PRC. Contact: rotenberg@epic.org.

"Certified Wide Area Road Use Monitoring." September 21-23, 1999. Albuquerque, New Mexico. Sponsored by the New Mexico State Highway and Transportation Department Research Bureau in cooperation with the University of New Mexico Alliance for Transportation Research Institute An intensive 2 1/2 day educational and developmental symposium on a single rapidly evolving concept in Intelligent Transportation Systems (ITS). For more information: http://www.unm.edu/~nmtrans/CWARUM-1.html

Information Security Solutions Europe 1999. October 4-6, 1999. Maritim proArte Hotel, Berlin, Germany. contact http://www.eema.org/isse/

RSA 2000. The ninth annual RSA Data Security Conference and Expo. San Jose McEnery Convention Center. San Jose, CA. January 16-20, 2000, Contact: http://www.rsa.com/rsa2000/

The EPIC Alert is a free biweekly publication of the Electronic Privacy Information Center. A Web-based form is available for subscribing or unsubscribing at:

http://www.epic.org/alert/subscribe.html

To subscribe or unsubscribe using email, send email to epic-news@epic.org with the subject: "subscribe" (no quotes) or "unsubscribe".

Back issues are available at:

http://www.epic.org/alert/

The Electronic Privacy Information Center is a public interest research center in Washington, DC. It was established in 1994 to focus public attention on emerging privacy issues such as the Clipper Chip, the Digital Telephony proposal, national ID cards, medical record privacy, and the collection and sale of personal information. EPIC is sponsored by the Fund for Constitutional Government, a non-profit organization established in 1974 to protect civil liberties and constitutional rights. EPIC publishes the EPIC Alert, pursues Freedom of Information Act litigation, and conducts policy research. For more information, e-mail info@epic.org, http://www.epic.org or write EPIC, 666 Pennsylvania Ave., SE, Suite 301, Washington, DC 20003. +1 202 544 9240 (tel), +1 202 547 5482 (fax).

If you'd like to support the work of the Electronic Privacy Information Center, contributions are welcome and fully tax-deductible. Checks should be made out to "The Fund for Constitutional Government" and sent to EPIC, 666 Pennsylvania Ave., SE, Suite 301, Washington, DC 20003.

Your contributions will help support Freedom of Information Act and First Amendment litigation, strong and effective advocacy for the right of privacy and efforts to oppose government regulation of encryption and expanding wiretapping powers.

Thank you for your support.

.

Return to:

Alert Home Page | EPIC Home Page