WorldLII Home | Databases | WorldLII | Search | Feedback

EPIC Alert

You are here:  WorldLII >> Databases >> EPIC Alert >> 1999 >> [1999] EPICAlert 7

Database Search | Name Search | Recent Articles | Noteup | LawCite | Help

EPIC Alert 6.07 [1999] EPICAlert 7


Volume 6.07 May 12, 1999

Published by the Electronic Privacy Information Center (EPIC)
Washington, D.C.

Table of Contents

[1] Appeals Court Strikes Down Crypto Controls
[2] Top U.S. Officials Tout Internet Filters
[3] Study Finds More Sites Posting Privacy Policies
[4] Commerce Department Seeks Comments on "Safe Harbor"

[5] Clinton Addresses Financial and Medical Privacy
[6] Electronic Surveillance Increased in 1998
[7] EPIC Bill-Track: New Bills in Congress
[8] Upcoming Conferences and Events

[1] Appeals Court Strikes Down Crypto Controls

In an eagerly-awaited decision, the U.S. Court of Appeals for theNinth Circuit ruled on May 6 that federal regulations that prohibitthe dissemination of encryption source code violate the FirstAmendment. The court found that the regulations are anunconstitutional prior restraint on speech because they "grantboundless discretion to government officials" and have "effectivelychilled [cryptographers] from engaging in valuable scientificexpression." The case was initiated by researcher Daniel Bernstein,
who sought government permission to export source code he had written.
EPIC was both co-counsel and coordinator of a "friend-of-the-court"
(amicus) brief in the case, arguing against the government controls onprivacy-enhancing technology.

Civil liberties and privacy organizations have consistently opposedrestrictions on the dissemination of encryption technology, andwelcomed the Bernstein decision as a major breakthrough. MarcRotenberg, Executive Director of EPIC, said, "This is aforward-looking judgment that touches on many of the issues ofgreatest concern to Internet users, including the right to speakanonymously and the right of informational privacy." David L. Sobel,
EPIC's General Counsel, called the opinion "one of the mostsignificant Internet decisions yet issued, one that establishesimportant precedents for both free speech and privacy online."

The opinion was notably for its recognition of the threats to privacythat citizens face today and the role of encryption in protectinginformation. The Ninth Circuit wrote:

Whether we are surveilled by our government, by criminals,
or by our neighbors, it is fair to say that never has our ability to shield our affairs from prying eyes been at such a low ebb. The availability and use of secure encryption may offer an opportunity to reclaim some portion of the privacy we have lost. Government efforts to control encryption thus may well implicate not only the First Amendment rights of cryptographers intent on pushing the boundaries of their science, but also the constitutional rights of each of us as potential recipients of encryption's bounty. . . . [I]t is important to point out that Bernstein's is a suit not merely concerning a small group of scientists laboring in an esoteric field, but also touches on the public interest broadly defined.

Information on encryption export controls, including the text of theBernstein decision and the EPIC amicus brief, is available at the EPICCryptography Archive:

[2] Top U.S. Officials Tout Internet Filters

In the wake of the high school shootings in Colorado, the ClintonAdministration's two leading voices on communications policy recentlypromoted Internet filtering software. Despite the tenuous connectionbetween the Internet and the tragedy in Littleton, Vice President AlGore and Federal Communications Commission Chair William Kennard bothused the incident as a backdrop for a new federal effort to encouragethe use of filters.

In a speech at the Annenberg Public Policy Center "Conference onInternet and the Family" on May 4, Kennard said, "we need filteringsoftware for families to use on their PC's. . . . Today, the FCC isdoing what it can to help parents. I am pleased to announce that wehave added a 'Parents, Kids, and Communications' information page tothe FCC website." Although Kennard described the resource as a placewhere "parents will be able to learn about [filtering] products, howthey work, and how much they cost," the FCC page currently contains noinformation on the demonstrated drawbacks of filtering software. TheCommission does not explain, for instance, that these programs tend toblock access to some valuable and non-objectionable content.

Vice President Gore weighed in on the issue on May 5, announcing thecreation of the "Parents' Protection Page, which will appear onvirtually every Internet starting point automatically by this July."
According to Gore, by using the page, "parents will find easy steps toblock out inappropriate content. Parents will be told in simplelanguage how they can filter out the good content from content whichthey, as parents, decide their children are not ready to handle."
Some observers noted there was not much that is new in thisinitiative, with the White House having aligned itself with Internet"protection" as early as June 1997. While endorsing the use offiltering software, the Administration has not yet made a significantcommitment to developing Internet education programs for young people.

More information on filtering and blocking is available at theInternet Free Expression Alliance website:

[3] Study Finds More Sites Posting Privacy Policies

An industry-funded survey released on May 12 indicates that nearlytwo-thirds of commercial Web sites display warnings that they collectpersonal information from visitors, such as names, postal and e-mailaddresses and consumer preferences. Some sites admit that they sellthe information to third-party advertisers and others.

The new study, which was commissioned by the Online Privacy Alliance
-- an industry group that opposes new legal protections for onlineprivacy -- examined 364 commercial Internet sites. It found thatalmost 66 percent now post some sort of privacy notice. Moresignificantly, less than 10 percent of the surveyed sites hadcomprehensive privacy policies that give users the chance not to havetheir personal information collected, allow them to review theirinformation, promise to keep the information confidential or explainhow to contact the site operator to make inquiries.

Federal Trade Commission Chairman Robert Pitofsky said that onlinecompanies "deserve considerable credit for making progress over thelast year. There is a remarkable increase in the number of Web sitesposting information about their privacy practices." An FTC surveylast year found that only 14 percent of sites posted policy statementsexplaining how they collect and use information about visitors.

EPIC has long maintained that the Internet privacy issue is not merelya question of posting privacy policies. EPIC has conducted twosurveys -- "Surfer Beware: Personal Privacy and the Internet" in June1997, and "Surfer Beware II: Notice Is Not Enough" in June 1998 --
showing that most sites have not yet made a serious effort to addressprivacy concerns in a meaningful way.

More information on online privacy, including links to EPIC's reports,
is available at:

[4] Commerce Department Seeks Comments on "Safe Harbor"

The Department of Commerce is seeking comments on the "Safe Harbor"
proposal, a procedure that will allow firms to self-certify privacypolicies in lieu of the United States adopting stronger legalsafeguards for Americans. The Safe Harbor proposal has come about inresponse to the entry into force of the European Union Data Directive,
a comprehensive legal framework that establishes that essentialprivacy safeguards for consumers across the European Union.

Many governments, including Canada, Australia, Japan and nations inEastern Europe have adopted or in the process of adopting laws thatprovide privacy protection comparable to that which will be offered bythe EU Data Directive. The United Sates government has chosen insteadto rely on industry-developed self-regulatory approach that lacksbasic privacy safeguards and fails to provide trust and assurance forusers of new network services.

The Trans Atlantic Consumer Dialogue, a coalition of sixty consumerorganizations in the United States and Europe, recently urged theEuropean Commission and the Members of the European Council to rejectthe Safe Harbor proposal. TACD said:

The Safe Harbor Proposal . . . fails to provide adequate privacy protection for consumers in the United States and Europe. It lacks effective means of enforcement and redress for privacy violations. It places unreasonable burdens on consumers and unfairly requires European citizens to sacrifice their legal rights to pursue privacy complaints through their national authorities. The proposal also fails to ensure that individual consumers will be able to access personal information obtained by business.

TACD has recommended instead the development and adoption ofInternational Convention on Privacy Protection that will helpsafeguard privacy interests of consumers and citizens in thetwenty-first century. U.S.-based privacy and consumer organizationshave also criticized the Safe Harbor approach for providing higherlevels of protection to European consumers that will be provided forAmerican Consumers. They favor a comprehensive legal framework toprotect the interests of consumers in the United States.

Ambassador David Aaron leads the Safe Harbor negotiation. AmbassadorAaron was also responsible for the latest round of negotiations forthe Wassenaar Arrangement, in which he urged European governments toadopt new controls on the use and export of encryption.

EPIC's view of all of this is that the United States foreign policy onprivacy is exactly backward: instead of discouraging the adoption ofstrong privacy laws to protect consumers, we should be promoting them.
And instead of promoting new surveillance techniques, such as keyescrow encryption, we should be opposing them.

Let the Commerce Department know what you think. Comments are due atthe Commerce Department by Friday, May 14 and may be submittedelectronically in an HTML format to the following email address:

The Safe Harbor Proposal is available at:
The Trans Atlantic Consumer Dialogue resolution is available at:

[5] Clinton Addresses Financial and Medical Privacy

At a White House ceremony on May 4, President Clinton announced theAdministration's "plan for financial privacy and consumer protectionin the 21st century." Noting that current law "to put it mildly, isoutdated and should be changed," Clinton endorsed new legislation thatwould restrict the ability of banks, brokerage firms and insurancecompanies to share with "affiliated" firms information on whatconsumers buy with checks and credit cards.

The President also discussed the need for greater legal protection ofmedical records:

To enhance financial privacy, we must also protect the sanctity of medical records. With the growing number of mergers between insurance companies and banks, lenders potentially can gain access to the private medical information contained in insurance forms. So we propose to severely restrict the sharing of medical information within financial services conglomerates.

You should not have to worry that the results of your latest physical exam will be used to deny you a home mortgage or a credit card. There are many other important protections for medical records that ought to be put in place. Because Congress has given me the authority to act if it does not do so by August, one way or another, we will protect the privacy of medical records this year.

Additional information on financial and medical privacy, including thetext of President Clinton's recent announcement, is available at:

[6] Electronic Surveillance Increased in 1998

Fueled by a 24 percent jump in state requests, the number of courtorders for wiretaps and other forms of electronic eavesdropping rosetwelve percent in 1998, to a total of 1,327. Only two surveillancerequests were denied by judges during the year. There was also alarge increase in the interception of electronic communications androving wiretaps. The statistics are contained in a new report by theAdministrative Office of the U.S. Courts.

In 1998, federal requests declined slightly from 569 in 1997 to 566 in1998. This still represents over a 500 percent increase insurveillance requests since 1980.

For the first time, the number of interceptions of wireless phones andpagers exceeded traditional phone calls. In 1998, 576 of the orderswere for intercepting "electronic" communications, including computer,
cellular, and digital pagers. Five of the cases involved interceptionof computer communications. In 1997, only 206 of the interceptionorders involved electronic communications. There were also 23"roving" wiretaps in 1998, nearly doubling the twelve reported in1997.

Most requests involved drug investigations. Seventy-two percent ofthe requests (955 total) were made in drug cases. Twelve percentlisted racketeering, and seven percent listed gambling as therationale for the taps. Since 1980, the number of non-drug relatedwiretaps has remained fairly constant, at between 300-400 cases eachyear, while the number of taps for drug cases has increased nearly 400percent.

More information on wiretapping, including the text of the new report,
is available at:

[7] EPIC Bill-Track: New Bills in Congress


H.R.1657. Children's Environmental Protection and Right to Know Act of1999. A bill to disclose environmental risks to children's health andexpand the public's right to know about toxic chemical use andrelease, and for other purposes. Sponsored by Rep. Henry A. Waxman,
referred to the House Committee on Commerce.


S. 854. Electronic Rights for the 21st Century Act. A bill to protectthe privacy and constitutional rights of Americans, to establishstandards and procedures regarding law enforcement access to locationinformation, decryption assistance for encrypted communications andstored electronic information, and other private information, toaffirm the rights of Americans to use and sell encryption products asa tool for protecting their online privacy, and for other purposes.
Sponsored by Sen. Patrick J. Leahy, referred to the Committee onJudiciary.

S.898. Taxpayer Privacy Protection Improvement Act of 1999. A bill toamend the Internal Revenue Code of 1986 to provide taxpayers withgreater notice of any unlawful inspection or disclosure of theirreturn or return information. Sponsored by Sen. Paul Coverdell,
referred to the Committee on Finance.

S.899. 21st Century Justice Act of 1999. A bill to reduce crime andprotect the public in the 21st Century by strengthening Federalassistance to State and local law enforcement, combating illegal drugsand preventing drug use, attacking the criminal use of guns, promotingaccountability and rehabilitation of juvenile criminals, protectingthe rights of victims in the criminal justice system, and improvingcriminal justice rules and procedures, and for other purposes.
Section 1303 requires the DNA samples of violent offenders. Sponsoredby Sen. Orrin G. Hatch, referred to the Committee on Judiciary.

S.900. Financial Services Modernization Act of 1999. An original billto enhance competition in the financial services industry by providinga prudential framework for the affiliation of banks, securities firms,
insurance companies, and other financial service providers, and forother purposes. Title X deals with Financial Information PrivacyProtection. Sponsored by Sen. Phil Gramm, passed Senate withamendments by vote of 54-44.

S.903. Violent Offender DNA Identification Act of 1999. A bill tofacilitate the exchange by law enforcement agencies of DNAidentification information relating to violent offenders, and forother purposes. Sponsored by Sen. Herb Kohl, referred to theCommittee on Judiciary.

[8] Upcoming Conferences and Events

Encryption Controls Workshop. May 13, 1999. Raleigh, NC. Sponsored bythe U.S. Dep't of Commerce. Contact: (202) 482-6031
INET 99. San Jose, Calif., June 22-25, 1999. Sponsored by theInternet Society. Contact:

Privacy Laws & Business 12th Annual International Conference -- "NewData Protection Law: Issues, Solutions, Action." June 28-30th 1999,
St John's College, Cambridge, United Kingdom. Contact: Privacy Laws &
Business, Tel: + 44 (0) 181 423 1300, Fax: + 44 (0) 181 423 4536,
e-mail:, or

Subscription Information

The EPIC Alert is a free biweekly publication of the Electronic PrivacyInformation Center. A Web-based form is available for subscribing orunsubscribing at:
To subscribe or unsubscribe using email, send email with the subject: "subscribe" (no quotes) or"unsubscribe".

Back issues are available at:

About EPIC

The Electronic Privacy Information Center is a public interest researchcenter in Washington, DC. It was established in 1994 to focus publicattention on emerging privacy issues such as the Clipper Chip, theDigital Telephony proposal, national ID cards, medical record privacy,
and the collection and sale of personal information. EPIC is sponsoredby the Fund for Constitutional Government, a non-profit organizationestablished in 1974 to protect civil liberties and constitutionalrights. EPIC publishes the EPIC Alert, pursues Freedom of InformationAct litigation, and conducts policy research. For more information,
e-mail, or write EPIC, 666Pennsylvania Ave., SE, Suite 301, Washington, DC 20003. +1 202 544 9240(tel), +1 202 547 5482 (fax).

If you'd like to support the work of the Electronic Privacy InformationCenter, contributions are welcome and fully tax-deductible. Checksshould be made out to "The Fund for Constitutional Government" and sentto EPIC, 666 Pennsylvania Ave., SE, Suite 301, Washington, DC 20003.

Your contributions will help support Freedom of Information Act andFirst Amendment litigation, strong and effective advocacy for the rightof privacy and efforts to oppose government regulation of encryption andexpanding wiretapping powers.

Thank you for your support.

END EPIC Alert 6.07


WorldLII: Copyright Policy | Disclaimers | Privacy Policy | Feedback