WorldLII Home | Databases | WorldLII | Search | Feedback

EPIC Alert

You are here:  WorldLII >> Databases >> EPIC Alert >> 2000 >> [2000] EPICAlert 11

Database Search | Name Search | Recent Articles | Noteup | LawCite | Help

EPIC Alert 7.11 [2000] EPICAlert 11


Volume 7.11 June 14, 2000

Published by the Electronic Privacy Information Center (EPIC)
Washington, D.C.

Table of Contents

[1] Gore Offers Protections for Social Security Numbers, Genetic Data
[2] EPIC Renews Call for Baseline Privacy Standards Legislation
[3] EPIC Urges Rejection of Online Age Verification Systems
[4] Terrorism Commission Recommendations Could Threaten Privacy
[5] Commerce Committee Hears from FTC on Internet Privacy
[6] EPIC Event Addresses Privacy and the Free Software Movement
[7] EPIC Bookstore - New Publications on Privacy
[8] Upcoming Conferences and Events

[1] Gore Offers Protections for Social Security Numbers, Genetic Data

Responding to widespread public support for privacy protection, VicePresident Al Gore recently presented two proposals governing the useof Social Security numbers and genetic data. The policy initiativessuggest that privacy could emerge as a major issue in this fall'spresidential campaign.

Last week, the Vice President introduced his proposal to protectSocial Security numbers (SSNs), the Social Security Protection Act of2000. Gore's proposal is sponsored by Sen. Dianne Feinstein (D-CA)
and Rep. Ed Markey (D-MA). The proposal would limit the sale orpurchase of SSNs to instances in which an individual has voluntarilyand affirmatively given his or her consent to that disclosure.
Currently, SSNs -- often an important identifier for financial, creditand health records -- can simply be bought from "lookup services"
without an individual's permission. The proposal would require theFederal Trade Commission and state attorneys general to jointlyenforce the protections.

The proposal is an important first step in responding to the growingproblems with the misuse of the Social Security number. However,
other issues could be addressed as the proposal goes forward. Forexample, outlawing the sale and purchase of the Social Security numberhas been previously proposed in studies of SSNs. In addition,
consumers should be assured that they would not lose the opportunityto receive a benefit or conduct business if a private company unjustlyrequires a SSN. Many individuals can be compelled to provide a SSNthat they might otherwise not want to disclose. Also, while consentis a key step before dislosing a SSN, it is preferable that the datacollector specify and limit future uses of that data. Lastly, theproposal could include provisions so that the individual would have anindependent ability to pursue what he or she thinks are infractions ofthe law and seek the appropriate remedies.

As reported in the press, the Vice President is also formulatingrestrictions on the use of genetic data. Following up on PresidentClinton's executive order barring government agencies from usinggenetic data in hiring and promotion decisions (see EPIC Alert 7.03),
Vice President Gore would seek to extend such protections to workersin the private sector. The issue at hand in both proposals is thepossibility of discrimination against employees who may have geneticpredispositions for cancer or other diseases.

For more information about Social Security numbers is available at:

EPIC's recent testimony on the "Use and Misuse of the Social SecurityNumber" before the House Committee on Ways and Means:

[2] EPIC Renews Call for Baseline Privacy Standards Legislation

EPIC director Marc Rotenberg testified before the Senate CommerceCommittee on June 13, arguing that there is a current need forlegislation to establish baseline privacy standards for electroniccommerce. The committee hearing focused on online data collectionpractices and profiling by third party advertising companies such asDoubleClick. EPIC renewed the warning that self-regulation would failto protect privacy, citing pending litigation and a Federal TradeCommission (FTC) inquiry growing out of DoubleClick's practices.
Rotenberg told the committee, "We think the lesson is clear thatlegislation is necessary. Even good models for online advertising canquickly change without baseline privacy rules."

Richard Smith, an Internet consultant who examines privacy issues,
told the committee that "The data collection systems that the Internetad companies are currently running are getting personal and sensitiveinformation that almost everyone will agree is none of the business ofthese companies." He said that, "It's almost like they have puthidden microphones in our homes and our offices and they are listeningto what we do all day long."

The New York Times reported that all six senators who participated inthe hearing hearing said legislation is needed to ensure thatAmericans are protected from unwittingly disclosing privateinformation. "Absent legislation, meaningful enforcement and airtightcoverage, online profiling will eviscerate personal privacy," saidCommerce Committee Chairman John McCain (R-AZ). Privacy advocateshave long maintained that industry "self-regulation" is inadequate toprevent invasions of privacy, especially in the online advertisingbusiness.

The FTC recently released a report on the results of its latest surveyof website privacy policies. The survey documented that only 20percent of a random sample of websites addressed basic elements ofFair Information Practices. Based on the findings of the survey, amajority of the FTC Commissioners have recommended that legislation isneeded to protect privacy on the Internet (see item 5 below).

The text of EPIC's testimony is available at:
The FTC report on Fair Information Practices on Electronic Commerce isavailable at:

[3] EPIC Urges Rejection of Online Age Verification Systems

In testimony before the Commission on Child Online Protection on June9, EPIC General Counsel David Sobel urged the rejection of ageverification requirements as a condition of access to Internetcontent, noting that the privacy implications of such requirements areinseparable from the free speech implications. He told the Commissionthat rather than focusing on approaches that seek to block access toinformation and compromise privacy, it should emphasis and supporteducational initiatives that will help young people learn toresponsibly and safely navigate the Internet.

The Commission is seeking to "identify technological or other methodsthat . . . will help reduce access by minors to material that isharmful to minors on the Internet," including the deployment of "ageverification" systems. Given the inherent subjectivity of terms suchas "harmful to minors" or "indecent," Sobel first told the Commissionthat EPIC believes efforts to mandate restrictions on access to suchmaterial are prohibited by the First Amendment, particularly in amedium like the Internet, which makes content available in everycommunity in the nation. He noted that First Amendmentconsiderations, as well as privacy issues, are an important aspect ofthe Commission's inquiry, because "any requirement that Internet usersidentify themselves in some way as a condition of access to onlinecontent necessarily chills free speech."

Sobel said that a new regime for the collection of personal data inthe name of "child online protection" would impose yet another burdenon the privacy of Internet users. The American people, when they goonline, are already acutely aware of the fact that they are beingover-monitored and over-profiled. For that reason, he said, suchrequirements would introduce a troubling new component into theInternets architecture, one that would hasten the demise of bothpersonal privacy and freedom of expression.

The Commission on Child Online Protection was established by Congressin the Child Online Protection Act (COPA). The criminal provisions ofCOPA have been enjoined by a federal judge in a constitutionalchallenge brought by EPIC and the ACLU. A decision on thegovernment's appeal of that ruling is pending from the U.S. Court ofAppeals for the Third Circuit.

EPIC's testimony on Internet age verification is available at:
Information on Internet content controls is available at the InternetFree Expression Alliance website:

[4] Terrorism Commission Recommendations Could Threaten Privacy

The National Commission on Terrorism recently released its report,
"Countering the Changing Threat of International Terrorism." TheCommission was established shortly after U.S. embassies were attackedin 1998. The report puts forth several proposals that could threatenthe legal rights and privacy of Americans.

One of the more troubling proposals would be the streamlining ofprocedures required before law enforcement agencies can beginsurveillance as set by the Foreign Intelligence Surveillance Act(FISA). Despite claims that "under ordinary circumstances, the FISAprocess can be slow and burdensome," USA Today recently reported thatthe number of wiretaps used in spying and terrorism investigationslast year hit an all-time of 880. The process for authorizing thiscategory of wiretap requests proceeds through a secret court withlittle public accountability.

Many of the other proposals in the report may also impact personalprivacy. The Commission recommended the formation of a joint taskforce composed of representatives from all government agenciespossessing information or authority relevant to possible fundraisingfor terrorist groups. The list of agencies that would fall under thisbroad recommendation include the National Security Agency, CentralIntelligence Agency, Federal Bureau of Investigation, Financial CrimesEnforcement Network, Department of State, U.S. Customs Service, Officeof Foreign Assets Control and Internal Revenue Service. Otherrecommendations include closer monitoring of foreign students studyingin the United States, new laws and international agreements to prevent"cyber crime" and the development of new sensors and detection devicesto be used at entry points into the country.

The National Commission on Terrorism's report is available online at:
More information on FISA and wiretaps is available at:

[5] Commerce Committee Hears from FTC on Internet Privacy

The Senate Commerce Committee convened on May 25 to hear testimonyregarding the Federal Trade Commission's report on Internet privacy(see EPIC Alert 7.10). According to the Commission's surveys,
approximately 42 percent of the busiest Web sites and only 20 percentof the random sample have privacy policies which address FairInformation Practices. The report, approved by a 3-2 vote from theCommissioners, also recommended legislation in order to protectconsumer privacy on the Internet.

At the Commerce Committee hearing, all five FTC Commissionerspresented testimony and spoke about the recent report. Also speakingwere Jason Catlett, President of Junkbusters; Christine Varney, SeniorPartner at Hogan and Hartson; Jerry Berman, Executive Director of theCenter for Democracy and Technology; Jill Lesser, Vice-President ofDomestic Public Policy at America Online; Daniel Weitzner, Technologyand Society Domain Leader of the World Wide Web Consortium.

The full hearing is available over the web for the next few weeks at:

The testimony of the FTC Commissioners is available at:
The testimony of Jason Catlett, President of Junkbusters is availableat:

[6] EPIC Event Addresses Privacy and the Free Software Movement

On June 5, EPIC held a symposium at the National Press Club on thefuture of the Internet, and in particular the state of privacyprotection and the rise of the free software movement.

Exploring the future of privacy were Deborah Hurley, ExecutiveDirector, Harvard Information Infrastructure Project, Kennedy Schoolof Government; Professor Anita Allen-Castellito, University ofPennsylvania Law School; Professor David Flaherty, former Informationand Privacy Commissioner, British Columbia; Professor Gary Marx,
Massachusetts Institute of Technology; Professor Jeffrey Rosen, GeorgeWashington University Law School, author "The Unwanted Gaze: TheDestruction of Privacy in America"; and Robert Ellis Smith, publisher,
Privacy Journal, author "Ben Franklin's Web Site: Privacy andCuriousity from Plymouth Rock to the Internet".

Speaking about the rise of the free software movement were ProfessorJames Boyle, American University Law School; Professor Julie Cohen,
Georgetown University Law Center; Whitfield Diffie, DistinguishedEngineer, Sun Microsystems; Austin Hill, President, Zero KnowledgeSystems; Barbara Simons, President, Association for ComputingMachinery; and Peter Wayner, author "Free For All: How Linux and theSoftware Movement Undercut the High-Tech Titans".

Video coverage of the symposium is archived at:
More information about the three new books highlighted at the eventand EPIC publications is available at:

[7] EPIC Bookstore - New Publications on Privacy

The Unwanted Gaze : The Destruction of Privacy in America by JeffreyRosen
As thinking, writing, and gossip increasingly take place incyberspace, the part of our life that can be monitored and searchedhas vastly expanded. E-mail, even after it is deleted, becomes apermanent record that can be resurrected by employers or prosecutorsat any point in the future. On the Internet, every website we visit,
every store we browse in, every magazine we skim
and the amount oftime we skim it
create electronic footprints that can be traced backto us, revealing detailed patterns about our tastes, preferences, andintimate thoughts. In this pathbreaking book, Jeffrey Rosen exploresthe legal, technological, and cultural changes that have underminedour ability to control how much personal information about ourselvesis communicated to others, and he proposes ways of reconstructing someof the zones of privacy that law and technology have been allowed toinvade.

Ben Franklin's Web Site: Privacy and Curiosity from Plymouth Rock tothe Internet by Robert Ellis Smith
This new book explores the hidden niches of American history todiscover the tug between Americans' yearning for privacy and theirinsatiable curiosity. The book describes Puritan monitoring inColonial New England, then shows how the attitudes of the foundersplaced the concept of privacy in the Constitution. This panoramicview continues with the coming of tabloid journalism in the NineteenthCentury, and the reaction to it in the form of a new right - the rightto privacy. The book includes histories of wiretapping, of creditreporting, of sexual practices, of Social Security numbers and IDcards, of modern principles of privacy protection, and of the comingof the Internet and the new challenges to personal privacy it brings.

"Robert Ellis Smith's expose of privacy invasion will be one of thesleeper best-selling books in the year 2000," wrote columnist WilliamSafire in The New York Times, December 1999. "His numerous books arerequired reading for anyone concerned about the ongoing threats," saidSimson Garfinkel in Database Nation.

EPIC Publications:

"Cryptography and Liberty 2000: An International Survey of EncryptionPolicy," Wayne Madsen and David Banisar, editors, (EPIC 2000).
Price: $20.

EPIC's third survey of encryption policies around the world. Theresults indicate that the efforts to reduce export controls on strongencryption products have largely succeeded, although severalgovernments are gaining new powers to combat the perceived threats ofencryption to law enforcement.

"The Privacy Law Sourcebook: United States Law, International Law, andRecent Developments," Marc Rotenberg, editor (EPIC 1999). Price: $50.

The "Physicians Desk Reference of the privacy world." An invaluableresource for students, attorneys, researchers and journalists who needan up-to-date collection of U.S. and International privacy law, as wellas a comprehensive listing of privacy resources.

"Filters and Freedom - Free Speech Perspectives on Internet ContentControls," David Sobel, editor (EPIC 1999). Price: $20.

A collection of essays, studies, and critiques of Internet contentfiltering. These papers are instrumental in explaining why filteringthreatens free expression.

"Privacy and Human Rights 1999: An International Survey of PrivacyLaws and Developments," David Banisar, Simon Davies, editors, (EPIC1999). Price: $15.

An international survey of the privacy and data protection laws foundin 50 countries around the globe. This report outlines theconstitutional and legal conditions of privacy protection, andsummarizes important issues and events relating to privacy andsurveillance.

Additional titles on privacy, open government, free expression,
computer security, and crypto, as well as films and DVDs can beordered through the EPIC Bookstore:

[8] Upcoming Conferences and Events

First Annual Institute on Privacy Law: Strategies for Legal Compliancein a High Tech and Changing Regulatory Environment. Practicing LawInstitute. June 22-23, 2000. New York, NY. PLI Conference Center.
For more information:
Telecommunications: The Bridge to Globalization in the InformationSociety. Biennial Conference of the International TelecommunicationsSociety. July 2-5, 2000. For more information:
Successfully Managing the New Data Protection Laws. Privacy Laws &
Business. July 3-5, 2000. Cambridge, England. For more information:

INET 2000: Internet Global Summit. Internet Society. July 18-20, 2000.
Yokohama, Japan. For more information:
Infomediaries: Leveraging Consumer Profile Data on the Web. Institutefor International Research. July 20-21, 2000. San Francisco, CA. HyattRegency Embarcadero Center. For more information:
First International Hackers Forum. The Green Planet. August 18-20,
2000. Zaporozhye, Ukraine. For more information:
Surveillance Expo 2000. August 28-30, 2000. Arlington, VA. For moreinformation:
KnowRight 2000 - InfoEthics Europe. Austrian Computer Society andUNESCO. September 26-29, 2000. Vienna, Austria. For more information:
One World, One Privacy: 22nd Annual International Conference onPrivacy and Personal Data Protection. September 28-30, 2000. Venice,
Italy. For more information:

Privacy: A Social Research Conference. New School University. October5-7, 2000. New York, NY. For more information:

Privacy2000: Information and Security in the Digital Age. October 31-
November 1, 2000. Columbus, Ohio. Adam's Mark Hotel. For moreinformation:

Subscription Information

The EPIC Alert is a free biweekly publication of the ElectronicPrivacy Information Center. A Web-based form is available forsubscribing or unsubscribing at:
To subscribe or unsubscribe using email, send email with the subject: "subscribe" (no quotes) or"unsubscribe".

Back issues are available at:

About EPIC

The Electronic Privacy Information Center is a public interestresearch center in Washington, DC. It was established in 1994 tofocus public attention on emerging privacy issues such as the ClipperChip, the Digital Telephony proposal, national ID cards, medicalrecord privacy, and the collection and sale of personal information.
EPIC is sponsored by the Fund for Constitutional Government, anon-profit organization established in 1974 to protect civil libertiesand constitutional rights. EPIC publishes the EPIC Alert, pursuesFreedom of Information Act litigation, and conducts policy research.
For more information, e-mail, orwrite EPIC, 1718 Connecticut Ave., NW, Suite 200, Washington, DC20009. +1 202 483 1140 (tel), +1 202 483 1248 (fax).

If you'd like to support the work of the Electronic PrivacyInformation Center, contributions are welcome and fullytax-deductible. Checks should be made out to "The Fund forConstitutional Government" and sent to EPIC, 1718 ConnecticutAve., NW, Suite 200, Washington, DC 20009.

Your contributions will help support Freedom of Information Act andFirst Amendment litigation, strong and effective advocacy for theright of privacy and efforts to oppose government regulation ofencryption and expanding wiretapping powers.

Thank you for your support.

END EPIC Alert 7.11



WorldLII: Copyright Policy | Disclaimers | Privacy Policy | Feedback