WorldLII Home | Databases | WorldLII | Search | Feedback

EPIC Alert

You are here:  WorldLII >> Databases >> EPIC Alert >> 2000 >> [2000] EPICAlert 10

Database Search | Name Search | Recent Articles | Noteup | LawCite | Help

EPIC Alert 7.10 [2000] EPICAlert 10


Volume 7.10 May 24, 2000

Published by the Electronic Privacy Information Center (EPIC)
Washington, D.C.

Table of Contents

[1] FTC Calls for Privacy Legislation to Protect Internet Users
[2] Requirement for Cable Scrambling Violates First Amendment
[3] International Law Enforcement and Industry Discuss Cyber-Crime
[4] EU Holds Off on Removing Barriers to Export of Crypto
[5] New Financial Privacy Rules Protect Credit Header Info
[6] Annenberg Research Reveals Teens Will Share Family Info
[7] EPIC Bookstore - From Gutenberg to the GII
[8] Upcoming Conferences and Events

[1] FTC Calls for Privacy Legislation to Protect Internet Users

On May 22, the Federal Trade Commission (FTC) released its thirdreport on the state of online privacy protection. In a major shiftin policy, a majority of the FTC Commissioners concurred with thereport's finding that legislation is necessary to adequately protectconsumer privacy online. On May 25, all five Commissioners willpresent the report and their conclusions to the Senate CommerceCommittee. Also speaking at the hearing will be representativesfrom the privacy community and industry groups.

The report, "Privacy Online: Fair Information Practices in theElectronic Marketplace", was the FTC's first in-house survey of howwell privacy policies are addressing Fair Information Practices. Thesurvey found that in a random sample of over 300 websites that collectpersonal information, only 20 percent discussed all four elements ofthe FTC's version of Fair Information Practices - notice, consent,
access and security. In a sample of more popular websites, only 42percent covered all four elements of privacy protection. Incomparison to the FTC report, EPIC's last survey of privacy policies,
"Surfer Beware 3: Privacy Policies without Privacy Protection", foundthat none of the top 100 e-commerce websites adequately provided allelements of Fair Information Practices.

Based on these results and those of past studies, three of the fiveCommissioners agreed with the conclusion of the report thatself-regulation alone would not provide adequate privacy protection.
The report finds that legislation would also be needed, and theCommission is expected to present a proposal at the upcoming CommerceCommittee hearing.

The day after the FTC report was made public, Sen. Ernest Hollings(D-SC) introduced his bill protecting online privacy, the ConsumerPrivacy Protection Act. The bill has already garnered the support ofother Democratic members of Congress and is expected to cover many ofthe legislative recommendations of the FTC. In addition, many surveysand reports continue to show strong public support for online privacylegislation. For example, the March 20 issue of BusinessWeek includeda poll in which 57 percent of people surveyed supported laws governingthe collection and use of personal information online while only 15percent supported letting industry groups develop voluntary standards.

The FTC's report, appendices and individual statements issued by theCommissioners are available at:
"Surfer Beware 3: Privacy Policies without Privacy Protection":
The BusinessWeek Harris Interactive poll on the public's attitudes ononline privacy is available at:

[2] Requirement for Cable Scrambling Violates First Amendment

On May 21, the U.S. Supreme Court ruled in United States v. PlayboyEntertainment Inc. that a federal requirement for cable operatorstransmitting sexually-explicit channels was an unconstitutionalcontent-based restriction on free speech. The law in question,
enacted as part of the Communications Decency Act in 1996, requiredall cable operators providing channels "primarily dedicated tosexually-oriented programming" to either fully scramble those channelsor to restrict their transmission to the hours when children would beunlikely to watch television. Due to high costs associated withscrambling technology, most cable operators chose to comply with thestatute by limiting transmission of the programming to late nighthours.

The scrambling requirement was intended to protect children fromhearing or seeing portions of scrambled cable programs resulting from"signal bleed" to non-subscribers. While the Supreme Court agreedthat exposure to harmful and indecent materials was a legitimateproblem for Congress to address, it concluded that it could have doneso by less restrictive means. It continued that an alternativeprocedure set out in another section of the Act, by which subscriberscould request a cable operator to fully scramble or otherwise fullyblock any channel they did not wish to receive, provided adequatecontent-neutral protection for subscribers without violating the FirstAmendment.

Delivering the majority 5-4 opinion, Justice Anthony Kennedy statedthat the "the objective of shielding children does not suffice tosupport a blanket ban if the protection can be accomplished by a lessrestrictive alternative". He expressed continued support for freespeech concluding that "it is through speech that our personalitiesare formed and expressed" and that all citizens are entitled "to seekout or reject certain ideas or influences without Governmentinterference or control".

Supreme Court's opinion in U.S. v. Playboy Entertainment Group (PDF)
is available at:

[3] International Law Enforcement and Industry Discuss Cyber-Crime

Top law enforcement and industry officials from major industrializedcountries met in Paris last week to discuss responses to cyber-crime.
The meeting is a lead-up to a meeting of the Presidents and PrimeMinisters of the countries in Okinawa, Japan this July.

One of the primary controversies discussed at the event was a proposalthat Internet Service Providers (ISPs) be required to keep logs of allof their users' activities online. Under proposals suggested at themeeting, ISPs would be required to maintain user logs for up to oneyear. Many industry participants were critical of this suggestion,
noting the costs of maintaining the logs and the difficulty in keepingthe logs secure and tamperproof for law enforcement purposes. TheCouncil of Europe (COE) "Draft Convention on Cyber-crime" (See EPICAlert 7.08) was also discussed. At the meeting, the French Governmentrecommended allowing non-COE countries to sign the Convention butopposed the creation of an international cyber-force to fightcyber-crime.

This conference was the first meeting held by the G-8 on the issuethat included participants from outside the governments. However,
only one representative from a consumer group was invited and nomembers of privacy or cyber-rights groups were invited. The G-8 ismade up of senior government officials from France, Germany, Japan,
United Kingdom, United States, Italy, Canada and Russia. A subgroupon High Tech Crime chaired by the U.S. Department of Justice has beenmeeting since 1997.

In the end, only a weak resolution calling for more discussion andcooperation was issued. A second closed meeting of government expertswas held in Tokyo this week to work on the text of a resolution thatwill be issued by the heads of state of the G-8 at their July meeting.

More information on the G-8 and COE is available at:

[4] EU Holds Off on Removing Barriers to Export of Crypto

In a surprising turn of events, European Union officials decided notto vote on a measure which would have removed all controls on theexport of cryptographic technologies from European countries. TheEuropean Ministers of Foreign Affairs, meeting on May 22, withdrew theproposal from their agenda at the last minute despite widespreadreports in the media that the decision to decontrol had been made andthat the vote was a mere formality.

If passed, the measure would have removed cryptographic technologiesfrom the current export regime set out in the Dual Use Regulation of1994. Under this regulation, most encryption products can only beexported to countries outside the EU upon the issuance of a speciallicense from national authorities. European industry has always beenstrongly critical of this procedure, saying that it restricts theiraccess to the global market for encryption products. There is alsowidespread consensus that consumers need a wider array of encryptionproducts because of concerns that U.S. technologies may be weakenedduring the "technical review" stage of the current export regime, aprocess largely overseen by the U.S. National Security Agency.

No reason for this change of heart by European ministers was given.
French and British authorities expressed early reservations about themeasure and officials have confirmed that the U.S. also pressured theEuropean Union to block the decision. However, no official statementhas been made.

For more information about the availability of cryptography worldwide,
"Cryptography & Liberty 2000: An International Survey of EncryptionPolicy":

[5] New Financial Privacy Rules Protect Credit Header Info

Two recent actions by the Federal Trade Commission (FTC) will providegreater protections for personal information contained in creditreports.

In a recent decision concerning credit reporting agency Trans Union,
the FTC found that the company was violating the Fair Credit ReportingAct (FCRA) by using personal information to construct targeted mailinglists. As part of that decision, the FTC also concluded that dates ofbirth -- often used as an element in determining credit-worthiness --
should also be considered as information which can be used only asspecifically set out in FCRA.

More recently, the FTC's portion of the new federal financial privacyrules will increase protections over credit header information.
Currently, the data in the credit header (including name, mailingaddress, telephone number, Social Security number, and age) can besold freely by credit reporting agencies to individual referenceservices and direct marketers. Under the rules, credit reportingagencies would only be able to distribute that information if thefinancial institution that transfers data to the agency has providedthe customer with notice and the opportunity to opt-out.

The FTC's opinion in Trans Union (PDF):
The FTC's final financial privacy rules (PDF):

[6] Annenberg Research Reveals Teens Will Share Family Info

Children are more likely than their parents to reveal personal familyinformation online, according to a study by the Annenberg PublicPolicy Center of the University of Pennsylvania.

While 89 percent of parents believe that the Internet is beneficialto their kids' schoolwork and 85 percent say that children findfascinating and useful information on the Internet, 74 percent ofparents surveyed cited concerns about their children divulgingpersonal information on the Web. The report showed that childrencould be enticed into providing information in exchange for a freegift. For example, 65 percent of the children said they would revealthe name of their favorite stores and 54 percent said they wouldprovide the name of their parents' favorite stores in order to receivea free gift. Forty-one percent of parents and 36 percent of childrensaid they have had tension in the home over children's release ofpersonal information.

The study also found that older kids (ages 13-17) are more likely thanyounger kids (ages 10-12) and boys are more likely than girls toprovide sensitive family information. For example, 53 percent of boysand 37 percent of girls said it would be fine to disclose the type ofcar their family owns. Forty-five percent of older kids and 27percent of younger kids responded that it would be acceptable toreveal how much allowance they receive. Thirty-nine percent of 13-17year-old children said they have provided personal family information,
and 16 percent of children ages 10-12 said they have done so.

The researchers surveyed 1001 parents and 304 children between theages of 10 and 17 during January and February 2000.

The Annenberg report is available (in PDF) at:

[7] EPIC Bookstore - From Gutenberg to the GII

From Gutenberg to the Global Information Infrastructure: Access toInformation in the Networked World by Christine L. Borgman
Will the emerging global information infrastructure (GII) create arevolution in communication equivalent to that wrought by Gutenberg,
or will the result be simply the evolutionary adaptation of existingbehavior and institutions to new media? Will the GII improve accessto information for all? Will it replace libraries and publishers?
How can computers and information systems be made easier to use?
What are the trade-offs between tailoring information systems to usercommunities and standardizing them to interconnect with systemsdesigned for other communities, cultures, and languages?

This book takes a close look at these and other questions oftechnology, behavior, and policy surrounding the GII. Topics coveredinclude the design and use of digital libraries; behavioral andinstitutional aspects of electronic publishing; the evolving role oflibraries; the life cycle of creating, using, and seeking information;
and the adoption and adaptation of information technologies. The booktakes a human-centered perspective, focusing on how well the GII fitsinto the daily lives of the people it is supposed to benefit.

Taking a unique holistic approach to information access, the bookdraws on research and practice in computer science, communications,
library and information science, information policy, business,
economics, law, political science, sociology, history, education, andarchival and museum studies. It explores both domestic andinternational issues. The author's own empirical research iscomplemented by extensive literature reviews and analyses.

EPIC Publications:

"Cryptography and Liberty 2000: An International Survey of EncryptionPolicy," Wayne Madsen and David Banisar, editors, (EPIC 2000).
Price: $20.

EPIC's third survey of encryption policies around the world. Theresults indicate that the efforts to reduce export controls on strongencryption products have largely succeeded, although severalgovernments are gaining new powers to combat the perceived threats ofencryption to law enforcement.

"The Privacy Law Sourcebook: United States Law, International Law, andRecent Developments," Marc Rotenberg, editor (EPIC 1999). Price: $50.

The "Physicians Desk Reference of the privacy world." An invaluableresource for students, attorneys, researchers and journalists who needan up-to-date collection of U.S. and International privacy law, as wellas a comprehensive listing of privacy resources.

"Filters and Freedom - Free Speech Perspectives on Internet ContentControls," David Sobel, editor (EPIC 1999). Price: $20.

A collection of essays, studies, and critiques of Internet contentfiltering. These papers are instrumental in explaining why filteringthreatens free expression.

"Privacy and Human Rights 1999: An International Survey of Privacy Lawsand Developments," David Banisar, Simon Davies, editors, (EPIC 1999).
Price: $15.

An international survey of the privacy and data protection laws foundin 50 countries around the globe. This report outlines theconstitutional and legal conditions of privacy protection, andsummarizes important issues and events relating to privacy andsurveillance.

Additional titles on privacy, open government, free expression,
computer security, and crypto, as well as films and DVDs can beordered through the EPIC Bookstore:

[8] Upcoming Conferences and Events

EPIC Event at the National Press Club. Panels on Privacy and the FreeSoftware Movement featuring new publications by Jeffrey Rosen, RobertEllis Smith and Peter Wayner. June 5, 2000. Washington, DC.

New Millennium, New Horizons: Marketing and Public Policy Conference2000. American Marketing Association. June 1-3, 2000. Marriott MetroCenter. Washington, DC. For more information:

Chief Privacy Officer 2000. Privacy & American Business. June 5, 2000.
Doyle Hotel. Washington, DC. For more information:

A New Intelligence System for a New Era: The Case for Reform. The Fundfor Constitutional Government and the Center for International Policy.
June 7, 2000. Dirksen Senate Office Building, Rm 628. Washington, DC.
For more information:
Data Sharing: Initiatives and Challenges Among Benefit and LoanPrograms. United States General Accounting Office. June 7-8, 2000.
Library of Congress, Jefferson Building. Washington, DC. For moreinformation:
First Annual Institute on Privacy Law: Strategies for Legal Compliancein a High Tech and Changing Regulatory Environment. Practicing LawInstitute. June 22-23, 2000. PLI Conference Center. New York, NY.
For more information:
Telecommunications: The Bridge to Globalization in the InformationSociety. Biennial Conference of the International TelecommunicationsSociety. July 2-5, 2000. For more information:
Successfully Managing the New Data Protection Laws. Privacy Laws &
Business. July 3-5, 2000. Cambridge, England. For more information:

INET 2000: Internet Global Summit. Internet Society. July 18-20, 2000.
Yokohama, Japan. For more information:
First International Hackers Forum. The Green Planet. August 18-20,
2000. Zaporozhye, Ukraine. For more information:
Surveillance Expo 2000. August 28-30, 2000. Arlington, VA. For moreinformation:
KnowRight 2000 - InfoEthics Europe. Austrian Computer Society andUNESCO. September 26-29, 2000. Vienna, Austria. For more information:
Privacy: A Social Research Conference. New School University. October5-7, 2000. New York, NY. For more information:

Privacy2000: Information and Security in the Digital Age. October 31-
November 1, 2000. Adam's Mark Hotel. Columbus, Ohio. For moreinformation:

Subscription Information

The EPIC Alert is a free biweekly publication of the ElectronicPrivacy Information Center. A Web-based form is available forsubscribing or unsubscribing at:
To subscribe or unsubscribe using email, send email with the subject: "subscribe" (no quotes) or"unsubscribe".

Back issues are available at:

About EPIC

The Electronic Privacy Information Center is a public interestresearch center in Washington, DC. It was established in 1994 tofocus public attention on emerging privacy issues such as the ClipperChip, the Digital Telephony proposal, national ID cards, medicalrecord privacy, and the collection and sale of personal information.
EPIC is sponsored by the Fund for Constitutional Government, anon-profit organization established in 1974 to protect civil libertiesand constitutional rights. EPIC publishes the EPIC Alert, pursuesFreedom of Information Act litigation, and conducts policy research.
For more information, e-mail, orwrite EPIC, 1718 Connecticut Ave., NW, Suite 200, Washington, DC20009. +1 202 483 1140 (tel), +1 202 483 1248 (fax).

If you'd like to support the work of the Electronic PrivacyInformation Center, contributions are welcome and fullytax-deductible. Checks should be made out to "The Fund forConstitutional Government" and sent to EPIC, 1718 ConnecticutAve., NW, Suite 200, Washington, DC 20009.

Your contributions will help support Freedom of Information Act andFirst Amendment litigation, strong and effective advocacy for theright of privacy and efforts to oppose government regulation ofencryption and expanding wiretapping powers.

Thank you for your support.

END EPIC Alert 7.10


WorldLII: Copyright Policy | Disclaimers | Privacy Policy | Feedback