WorldLII Home | Databases | WorldLII | Search | Feedback

EPIC Alert

You are here:  WorldLII >> Databases >> EPIC Alert >> 1999 >> [1999] EPICAlert 17

Database Search | Name Search | Recent Articles | Noteup | LawCite | Help

EPIC Alert 6.17 [1999] EPICAlert 17


Volume 6.17 October 25, 1999

Published by the Electronic Privacy Information Center (EPIC)
Washington, D.C.

Table of Contents

[1] EPIC Joins Amicus on FCC Petition for Rehearing
[2] FTC Issues Rules on Child Online Privacy Protection
[3] EPIC Submits Comments for Online Profiling Workshop
[4] State of First Amendment -- First Amendment Center Survey
[5] Model State Public Health Privacy Act Now Available
[6] Privacy International's Big Brother Awards
[7] EPIC Bookstore - Compilation of State and Federal Privacy Laws
[8] Upcoming Conferences and Events

[1] EPIC Joins Amicus on FCC Petition for Rehearing

Today, EPIC joined an amicus, "friend of the court", brief -- alongwith more than a dozen consumer and privacy organizations and twentylegal scholars -- defending the privacy of telephone records againsttelephone companies who want to distribute information aboutcustomers' calling habits to marketing companies.

The amicus brief was filed in support of a petition from the FederalCommunications Commission (FCC). The "friend of the court" brief asksthe Tenth Circuit Court of Appeals, based in Denver, Colorado, touphold a privacy provision that was enacted by Congress in 1996 andimplemented by the FCC. In US West v. FCC, the federal appeals courtsaid that the "opt-in" privacy safeguard recommended by the FCCviolated the First Amendment rights of the telephone company to marketproducts and services.

In the brief, the organizations and scholars said that the case is ofgreat importance to telephone consumers across the United States. Theinformation that would be disclosed "consists of customer callingrecords that would not exist but for the private activities oftelephone customers. These records, which are not publicly available,
include such sensitive and personal information as who an individualcalls, when, for how long, and how often." They described thealternative opt-out approach as burdensome and said it "would haverequired telephone customers to contact their carrier to prevent thedisclosure of their personal calling records."

They concluded that an "opt-in approach is consistent with the FirstAmendment and is the most reasonable fit with the Congress's intent toprotect the privacy of telephone subscribers' personal information."

A wide range of privacy and consumer organizations joined the brief,
including EPIC, the ACLU, the Consumer Federation of America, and theUS Public Interest Research Group. The brief was also endorsed bymany leading legal scholars. The Washington law firm of Covington &
Burling filed the brief on behalf of the coalition.

Information about US West v. FCC:

Brief of Amicus Curiae in Support of Respondent's Petition forRehearing:

[2] FTC Issues Rules on Child Online Privacy Protection

Last Wednesday, the Federal Trade Commission released new standards toprotect childrens' online privacy. The rules, scheduled to takeeffect in April, require Web sites to gain parental consent for theirchild's disclosure of personal information and specify procedures forthe posting of privacy policies. The standards were written incompliance with the Children's Online Privacy Protection Act (COPPA),
passed by Congress last year. The FTC voted 4-0 in favor of the newregulations, which apply to children under the age of thirteen.

The FTC's rules will set the methods used by Web site operators obtainparental permission based on a "sliding scale" -- varying according tothe type of information collected and how it is used. Before childrencan participate in chat rooms or provide information that will bedisclosed to third parties, Web sites will have to gain permissionthrough more secure means, such as postal mail, fax, credit card ordigital signatures. If the Web site will use the information onlyinternally, the company can receive consent via e-mail, provided thatthe company takes further steps to confirm the parent's identity, suchas a follow-up telephone call or e-mail. The FTC plans to allow thesliding scale standard to expire after two years in exchange for morereliable electronic forms of consent.

The new rules will also require Web sites to post a conspicuous linkto a notice of their information collection practices on their homepage, as well as every other page where information is collected. Thenotice must reveal the name and contact information of the Web siteoperators, the type of information that is collected, how it is used,
and whether it is provided to third parties. In addition, the noticemust declare that children will not be excluded from particularactivities if they do not provide certain information. The noticemust also explain that parents have a right to review and delete theirchild's information as well as prohibit additional collection ofinformation about their child.

Congress passed COPPA after an FTC survey released in March 1998revealed that 89% of Web sites collected personal information aboutchildren, yet only 24% posted privacy policies and merely 1% requestedthat children receive parental consent before disclosing theirinformation.

The FTC's press release about its children online privacy regulationsis available at:
The FTC's rules (PDF) governing children online privacy are availableat:

[3] EPIC Submits Comments for Online Profiling Workshop

EPIC has submitted comments and a formal request for participation tothe Federal Trade Commission (FTC) and the U.S. Department of CommerceNational Telecommunications and Information Administration (NTIA) foran upcoming public workshop on "online profiling".

On November 8, the FTC and NTIA will hold a public workshop on onlineprofiling -- "the practice of aggregating information about consumers'
preferences and interests, gathered primarily by tracking theirmovements online, and using the resulting consumer profiles to createtargeted advertising on Web sites." The workshop will consist ofthree panels encompassing: (1) the development of technology thatfacilitates online profiling, (2) the implications of online profilingfor consumer privacy, and (3) the consequences of industryself-regulation on protection of data obtained through onlineprofiling. The workshop is open to the public although the NTIA doesencourage voluntary registration. Over the past couple of weeks, theFTC and NTIA have also been accepting and posting public comment onthese issues.

EPIC has requested participation in the third panel -- industryself-regulation and its impact on privacy concerns about onlineprofiling. In the comments, EPIC argues that online profiling givescompanies an unprecedented ability to record and track consumerbehavior at a detailed and personal level. Furthermore, onlineprofiling is an industry practice that occurs without the knowledge orconsent of most consumers. Considering the invasive quality of theinformation collected, the secrecy under which the practice operates,
and the lack of adequate legal protection of personal data in thehands of private businesses -- self-regulation will ultimately givecompanies valuable personal information with no ability on the part ofindividuals to control the ultimate use of that data.

For more information about the online profiling workshop and to viewcomments, including those submitted by EPIC: or
EPIC's comments (PDF) are also available at:

[4] State of First Amendment -- First Amendment Center Survey

A survey released by the First Amendment Center reveals that supportfor Internet free speech has increased over the past two years,
although a majority of Americans favor restrictions on online content.
The findings are part of an annual survey sponsored by the FirstAmendment Center at Vanderbilt University that measures publicattitudes toward freedom of speech, press and religion, and the rightsof assembly and petition.

Sixty-four percent of survey respondents said that the Internet shouldenjoy the same protection as printed speech, a rise in 8 percentagepoints from the 56% who answered similarly in the 1997 survey.
Overall, public attitude still remains uncomfortable about free speechonline. Only 24% of respondents agreed that sexually explicitmaterial should be permitted on the Internet. Fifty-eight percent ofrespondents responded that libraries should restrict access to certainInternet sites that might offend some people. Fifty-eight percentalso said that the government should play a role in developing asystem to rate online content.

In general, survey respondents expressed support for freedom ofspeech. The percentage who declared that Americans have too littlefree speech rose from 18% in 1997 to 26% in 1999. Exactly half of therespondents said they believe speech freedom is the most importantfreedom -- the same result was obtained in the 1997 survey.

The Center for Survey Research and Analysis at the University ofConnecticut conducted the survey through telephone interviews of 1,001adults, ages 18 or older, between February 26 and March 24, 1999. Themargin of error is plus or minus 3 percentage points.

Additional information about the survey is available at:

[5] Model State Public Health Privacy Act Now Available

The Model State Public Health Privacy Project (MSPHPP) has completed afinal draft of its model state law for the protection of public healthinformation.

The MSPHPP brought together the Center for Disease Control (CDC), theCouncil of State and Territorial Epidemiologists (CSTE), theAssociation of State and Territorial Health Officials (ASTHO), theNational Conference of State Legislatures (NCSL), and the GeorgetownUniversity Law Center (GULC) for the purpose of developing a modelstate law addressing privacy and confidentiality issues arising fromthe collection, use, and dissemination of health information by publichealth departments with special attention paid to records aboutHIV/AIDS status. The protection of records about HIV/AIDS status areparticularly important given that all states require reporting of AIDSstatus and thirty-one require some reporting about HIV status.

Now that the model state law has been completed, the MSPHPP seeks tocirculate it among legislators and public health agencies at thelocal, state, and federal levels.

State medical privacy laws play an increasingly important role givenrecent inability of the federal government to draft federal protectionfor health records. By missing the self-imposed deadline of August 21to draft a medical privacy law, Congress triggered a previously passedmandate requiring the Department of Health and Human Services to startwork on federal regulations -- which do not have the same legal weightas legislation.

More information about MSPHPP and the draft of the model state law areavailable at:
EPIC's archive on medical privacy can be viewed at:

[6] Privacy International's Big Brother Awards

The Second Annual Big Brother Awards were presented in London onOctober 18. The awards, annually distributed by the UK-basedPrivacy International, are given to those individuals or parties that"have done the most to destroy personal privacy in Britain." The"winners" of the Big Brother Award receive a trophy in the shape of aboot stamping on a human head. On the same night, the ceremony givesout "Winstons," in honor of Winston Smith -- hero of George Orwell's1984, to those have done the most to protect privacy.

The winners of the Big Brother Awards include the Home Office for the"Lifetime Menace Award", Jack Straw as the "Worst Public Servant",
Experian for "Most Invasive Company", the Borders Police as the "MostHeinous Goverment Organisation", and RACAL for the "Most AppallingProject." Recipients of the Winston include Duncan Campbell, TonyBunyan, Clive Norris and Gary Armstrong, David Burke, and FleurFisher.

For more information about the awards see:

Also, for more information about Privacy International:

[7] EPIC Bookstore - Compilation of State and Federal Privacy Laws

Compilation of State and Federal Privacy Laws by Robert Ellis Smith.
$31) is an indispensable reference book describing and citing morethan 600 laws affecting confidentiality, grouped by state in severalcategories, including credit, medical, financial, electronicsurveillance, telephones, Social Security numbers, and much more.
Canada's federal and provincial laws are also described. INCLUDESCURRENT 1999 SUPPLEMENT.

The full texts of major U.S. laws - including laws on telephonesolicitation, electronic surveillance, and credit bureaus - arereprinted in full in the appendix.

"Recommended for all public libraries," says LIBRARY JOURNAL

EPIC Publications:

"The Privacy Law Sourcebook: United States Law, International Law, andRecent Developments," Marc Rotenberg, editor (EPIC 1999). Price: $50.

The "Physicians Desk Reference of the privacy world." An invaluableresource for students, attorneys, researchers and journalists who needan up-to-date collection of US and International privacy law, as wellas a comprehensive listing of privacy resources.

"Filters and Freedom - Free Speech Perspectives on Internet ContentControls," David Sobel, editor (EPIC 1999). Price: $20.

A collection of essays, studies, and critiques of Internet contentfiltering. These papers are instrumental in explaining why filteringthreatens free expression.

"Cryptography and Liberty: An International Survey of CryptographyPolicy" Wayne Madsen and David Banisar, editors, (EPIC 1999). Price:

An international survey of encryption policies around the world. Surveyresults show that in the vast majority of countries, cryptography maybe freely used, manufactured, and sold without restriction, with theU.S. being a notable exception.

"Privacy and Human Rights 1999: An International Survey of Privacy Lawsand Developments" David Banisar, Simon Davies, editors, (EPIC 1999).
Price: $15.

An international survey of the privacy and data protection laws foundin 50 countries around the globe. This report outlines theconstitutional and legal conditions of privacy protection, andsummarizes important issues and events relating to privacy andsurveillance.

Additional titles on privacy, open government, free expression,
computer security, and crypto, as well as films and DVDs can beordered through the EPIC Bookstore:

[8] Upcoming Conferences and Events

Network for People Conference. Department of CommerceTelecommunications and Information Infrastructure Assistance Program(TIIAP). November 1-2, 1999. Key Bridge Marriott Hotel. Arlington, VA.
For more information:
Washington, D.C., USA Internet Engineering Task Force (IETF) Meeting.
November 7-12, 1999. Omni Shoreham Hotel. Washington, D.C. For moreinformation:
Public Workshop on "Online Profiling" -- November 8, 1999. NationalTelecommunications and Information Administration, Commerce and FederalTrade Commission. For more information:
Consumer Privacy in the Next Decade: New Trends, Forces and Directionsand The All New Practitioner's Privacy Policy Workshop. Privacy &
American Business' Sixth Annual National Conference. November 8-10,
1999. Hyatt Regency Hotel. Arlington, VA. For more information:
The Government's Role in Computer Surveillance and the FederalIntrusion Detection Network (FIDNet). Association for ComputingMachinery and Stanford University. November 9, 1999. Kresge Auditorium,
Stanford University. For more information:
The 1999 BNA Public Policy Forum: E-Commerce and Internet Regulation.
November 15, 1999. Mayflower Hotel. Washington, D.C. For moreinformation:

Call for Papers -- Impacts of Economic Liberalization on IT Productionand Use. The Information Society. Manuscripts due November 15, 1999.
For more information:
Annual Computer Security Applications Conference: Practical Solutionsto Real Security Problems. December 6-10, 1999. Radisson ResortScottsdale. Phoenix, Arizona. For more information:

Integrating Government with New Technologies '99 Policy vs Technology:
Service Integration in the New Environments - A two-day Seminar andTraining Session. December 13-14, 1999. Government Conference Center.
Ottawa, Canada. For more information:
Surveillance Expo '99. December 13-15, 1999. Doubletree Hotel. CrystalCity, Virginia. For more information:
PEN/Newman's Own Eighth Annual First Amendment Award. Nominations dueDecember 31, 1999. For more information:
RSA 2000. The ninth annual RSA Data Security Conference and Expo.
January 16-20, 2000. San Jose McEnery Convention Center. San Jose, CA.
For more information:

Subscription Information

The EPIC Alert is a free biweekly publication of the ElectronicPrivacy Information Center. A Web-based form is available forsubscribing or unsubscribing at:
To subscribe or unsubscribe using email, send email with the subject: "subscribe" (no quotes) or"unsubscribe".

Back issues are available at:

About EPIC

The Electronic Privacy Information Center is a public interestresearch center in Washington, DC. It was established in 1994 to focuspublic attention on emerging privacy issues such as the Clipper Chip,
the Digital Telephony proposal, national ID cards, medical recordprivacy, and the collection and sale of personal information. EPIC issponsored by the Fund for Constitutional Government, a non-profitorganization established in 1974 to protect civil liberties andconstitutional rights. EPIC publishes the EPIC Alert, pursues Freedomof Information Act litigation, and conducts policy research. For moreinformation, e-mail, or write EPIC,
666 Pennsylvania Ave., SE, Suite 301, Washington, DC 20003. +1 202 5449240 (tel), +1 202 547 5482 (fax).

If you'd like to support the work of the Electronic Privacy InformationCenter, contributions are welcome and fully tax-deductible. Checksshould be made out to "The Fund for Constitutional Government" and sentto EPIC, 666 Pennsylvania Ave., SE, Suite 301, Washington, DC 20003.

Your contributions will help support Freedom of Information Act andFirst Amendment litigation, strong and effective advocacy for the rightof privacy and efforts to oppose government regulation of encryptionand expanding wiretapping powers.

Thank you for your support.

END EPIC Alert 6.17


WorldLII: Copyright Policy | Disclaimers | Privacy Policy | Feedback