WorldLII Home | Databases | WorldLII | Search | Feedback

EPIC Alert

You are here:  WorldLII >> Databases >> EPIC Alert >> 2000 >> [2000] EPICAlert 12

Database Search | Name Search | Recent Articles | Noteup | LawCite | Help

EPIC Alert 7.12 [2000] EPICAlert 12


Volume 7.12 June 27, 2000

Published by the Electronic Privacy Information Center (EPIC)
Washington, D.C.

Table of Contents

[1] Is NSA Watching Jimmy Carter and Hillary Clinton?

[2] Appeals Court Strikes Another Blow Against Internet Censorship
[3] House Subcommittee Considers "Cyber Security" FOIA Exemption
[4] EPIC, Junkbusters Release Report on P3P
[5] Privacy Advocates Call for Investigation of "Cookiegate"

[6] European Parliament Committee Presents Safe Harbor Resolution
[7] EPIC Bookstore - Democracy in the Digital Age
[8] Upcoming Conferences and Events

[1] Is NSA Watching Jimmy Carter and Hillary Clinton?

As reported by USA Today, recently released National Security Agency(NSA) documents obtained by EPIC indicate that the agency draftedpolicies for handling communications intercepted from or about formerPresident Jimmy Carter, First Lady Hillary Rodham Clinton andcandidates who ran for national office in 1996. The memos, whichcontain guidance for the writing of reports regarding interceptedcommunications, make clear the necessity of keeping the identities ofthe individuals confidential. Currently, the NSA is prohibited by lawfrom conducting surveillance on American citizens.

The NSA documents were obtained through a Freedom of Information Actlawsuit brought by EPIC and raise many concerns about privacy andgovernment accountability. The lawsuit originally sought to examinethe extent of the NSA's compliance with domestic surveilance laws, andis also a response to growing concern about the NSA's rumored globalobservation network, commonly called Echelon. However, the NSAcontinues to deny any allegations of impropriety, and claims tooperate "in strict accordance with U.S. laws and regulation inprotecting privacy rights".

The NSA and similar agencies have previously spied on U.S. citizens inthe interests of national security and, for many years, operatedalmost entirely outside of the public eye. However, in 1975, growingconcerns about the NSA's role in monitoring the communications andactivities of prominent anti-war activists resulted in greater publicscrutiny of the agency. Until recently there has been little evidenceto suggest that the NSA still utilized or analyzed informationobtained about American citizens not involved in foreign intelligence.
However, recent protests by civil libertarians and an investigationinto the NSA's activities by Rep. Bob Barr (R-GA), have brought theissue of supposed privacy invasions to the forefront.

Scanned images of NSA documents discussing Former President JimmyCarter and First Lady Hillary Rodham Clinton are available at:
EPIC's Former Secrets Page containing other documents released underthe Freedom of Information Act:

[2] Appeals Court Strikes Another Blow Against Internet Censorship

Internet free speech advocates scored the latest in a string of legalvictories on June 22, when the U.S. Court of Appeals for the ThirdCircuit in Philadelphia upheld a lower court ruling barringenforcement of the Child Online Protection Act (COPA). In afar-reaching opinion, the unanimous three-judge panel expressed itsbelief that the 1998 law is fatally flawed. The ruling, which upholdsa decision issued by U.S. District Judge Lowell Reed in February 1999(see EPIC Alert 6.02), came in a legal challenge to COPA beinglitigated by EPIC, the American Civil Liberties Union and a coalitionof online publishers.

COPA was introduced in Congress after an earlier effort to regulatechildren's access to "indecent" material, the Communications DecencyAct (CDA), was held unconstitutional by a unanimous U.S. Supreme Courtin 1997. To date, every federal judge to consider the legality ofeither CDA or COPA has found that the Internet content regulation lawsviolate the First Amendment.

COPA makes it a federal crime to "knowingly" communicate "forcommercial purposes" material considered "harmful to minors" to anyoneunder the age of 17. Penalties include fines of up to $50,000 foreach day of violation and up to six months in prison. Compliance withthe Act would require websites to obtain identification and ageverification from visitors, a feature of the law that EPIC has arguedthreatens online privacy and anonymity.

The appellate judges (Leonard I. Garth, Theodore A. McKee and RichardLowell Nygaard) directed most of their analysis to the concept of"community standards" in defining "harmful to minors" and noted thevirtual impossibility of a web site meeting the standards of variouslocalities at the same time:

Because no technology currently exists by which Web publishers may avoid liability, such publishers would necessarily be compelled to abide by the "standards of the community most likely to be offended by the message," even if the same material would not have been deemed harmful to minors in all other communities. Moreover, by restricting their publications to meet the more stringent standards of less liberal communities,
adults whose constitutional rights permit them to view such materials would be unconstitutionally deprived of those rights.
Thus, this result imposes an overreaching burden and restriction on constitutionally protected speech.

Complete information on the COPA litigation, including the text of theThird Circuit decision, is available at:

[3] House Subcommittee Considers "Cyber Security" FOIA Exemption

Responding to concerns about critical infrastructure security, theHouse Committee on Government Reform's Subcommittee on GovernmentManagement, Information and Technology recently heard testimony onH.R. 4246, the Cyber Security Information Act.

On June 22, witnesses from industry, government agencies, and publicinterest groups testified regarding proposed legislation which wouldexpand the Freedom of Information Act's (FOIA) current exemptions toinclude any technical information voluntarily provided by privatecompanies for the purposes of increasing infrastructure security. Thelegislation was largely a response to government pressure to shore upcritical infrastructure, such as power, sanitation, transportation andtelecommunications, 80 percent of which is controlled by the privatesector and outside of government control. The proposed amendment wouldalso prevent information obtained by the government for purposes ofcritical infrastructure security, such as private sector networkbreaches or hacker attacks, from being obtained for civil actions.

In his testimony before the Subcommittee, EPIC General Counsel DavidSobel questioned the necessity of such legislation. According toSobel, existing FOIA exemptions prevent the disclosure of the kind ofinformation the private sector is most concerned about. Instead ofhaving to explain why the act shouldn't be passed, Sobel stated "Theburden should be on the people who are saying the current law isinadequate."

The bill, which is likely to be approved by the subcommittee, is notexpected to reach the House floor before Congress breaks for summerrecess.

For background information and testimony submitted for the hearing,
see EPIC's page on Critical Infrastructure Protection:

Testimony of the other witnesses appearing before the Subcommittee:
The text and status of H.R. 4246, the Cyber Security Information Act:

[4] EPIC, Junkbusters Release Report on P3P

On June 21, EPIC and Junkbusters released a report on the Platform forPrivacy Preferences (P3P) developed by the World Wide Web Consortium(W3C). "Pretty Poor Privacy: An Assessment of P3P and InternetPrivacy" examines whether P3P is an effective solution to onlineprivacy protection.

P3P allows consumers to set up privacy preferences regarding theirpersonal information and automatically compares those settings to Websites' stated practices. P3P proposes the development of an elaboraterange of privacy "choices" that require individual Internet users tomake selections about the collection and use of personal data, evenfor online activities that would not normally require the disclosureof personal information, such as simply visiting a web site.

The report surveys earlier experience with cookie technology and notessimilarities to the situation surrounding P3P. The report goes on toargue that P3P fails to comply with Fair Information Practices, theinternationally accepted baseline standard for privacy protection. Thereport also concludes that there is little evidence to support theindustry claim that P3P will improve user privacy. Instead of P3P,
the report concludes with a recommendation for the adoption of privacystandards built on Fair Information Practices and genuine PrivacyEnhancing Techniques that minimize or eliminate the collection ofpersonally identifiable information.

"Pretty Poor Privacy: An Assessment of P3P and Internet Privacy" isavailable at:
For more information about the W3C's work on P3P:

[5] Privacy Advocates Call for Investigation of "Cookiegate"

On June 22, EPIC and Junkbusters sent a letter to Congressionalleaders asking for an immediate investigation into the White HouseOffice of National Drug Control Policy's use of cookies on itswebsite. The use of cookies on a government website was particularlyalarming since banner advertisements leading to the freevibe.comwebsite were being served by controversial Internet advertiserDoubleClick.

White House officials said that they were not receiving any personallyidentifiable information from DoubleClick. If the government was infact doing so, it would have likely done so in violation of thePrivacy Act of 1974 which prohibits wholesale collection of personalinformation of citizens. With regards to information that could havebeen collected by DoubleClick, the groups demanded that the companydestroy any information collected from users visiting the site.

The joint letter to Congressional leaders can be found at:

[6] European Parliament Committee Presents Safe Harbor Resolution

The European Parliament Committee on Citizens Freedoms and Rights,
Justice and Home Affairs has adopted a report questioning thepreliminary decision of the European Commission to accept the proposedSafe Harbor arrangement. The European Commission adopted the decisionon June 5 following a unanimous vote by the European Union MemberStates in favor of the latest version of the U.S. proposal.

In its report, the Citizen's Rights Committee criticizes the Americansystem of self-regulation and holds that transborder dataflow shouldnot be authorized until the Safe Harbor principles are revised furtherand fully operational. The Committee is particlarly concerned that anindividual's ultimate redress for violations of the principles lieswith the Federal Trade Commission (FTC) noting that "intervention bythe FTC is purely discretionary and in practice is exercised onlyoccasionally." The Committee recommends that the Safe Harborprinciples should include an individual right to appeal and concludesthat the Commission should issue a revised decision.

The report is expected to go before the full European Parliament inJuly when it will decide whether the European Commissison exceeded itsimplementing powers under the EU Data Protection Directive in issuingits decision.

The press release on the report from the Citizen's Rights Committee isavailable at:
The European Commission draft decision is available at:
The latest U.S. proposed Safe Harbor Principles and FAQ's are availableat:

[7] EPIC Bookstore - Democracy in the Digital Age

Democracy in the Digital Age: Challenges to Political Life inCyberspace by Anthony G. Wilhelm
Excerpt from a description by the author:

Much of the writings on the prospects of a digital democracy are onlyimpassioned pleas from Internet doomsayers or Silicon Valleyfaithfuls, sorely lacking a critical eye.

In my book I try to get beyond these claims with well-reasonedarguments for why we should be concerned about treating the Internetas a magic bullet in increasing the civic engagement of Americans.

First, I suggest that the digital divide is an enormous problem thatneeds to be solved before we can rely on the Internet, say, for onlinevoting. Second, I look at what it takes to make decisions --
deliberation, respecting and negotiating difference -- and suggestthat the Internet has so far not been the best medium for realizingthese actions. Finally, I canvass several of the background factorsthat are necessary to consider that prevent many people fromparticipating in public life. Americans who have problems withliteracy, for example, are unlikely to engage in civic activity andwill have trouble navigating a text-based medium, such as theInternet.

Ultimately, the question is, will the Internet bring people into theprocess who have been on the margins of political engagement? I hopeover time we will answer this question in the affirmative. However,
currently there are severe challenges outlined in my book outlinesthat we need to wrestle with now.

EPIC Publications:

"Cryptography and Liberty 2000: An International Survey of EncryptionPolicy," Wayne Madsen and David Banisar, editors, (EPIC 2000).
Price: $20.

EPIC's third survey of encryption policies around the world. Theresults indicate that the efforts to reduce export controls on strongencryption products have largely succeeded, although severalgovernments are gaining new powers to combat the perceived threats ofencryption to law enforcement.

"The Privacy Law Sourcebook: United States Law, International Law, andRecent Developments," Marc Rotenberg, editor (EPIC 1999). Price: $50.

The "Physicians Desk Reference of the privacy world." An invaluableresource for students, attorneys, researchers and journalists who needan up-to-date collection of U.S. and International privacy law, as wellas a comprehensive listing of privacy resources.

"Filters and Freedom - Free Speech Perspectives on Internet ContentControls," David Sobel, editor (EPIC 1999). Price: $20.

A collection of essays, studies, and critiques of Internet contentfiltering. These papers are instrumental in explaining why filteringthreatens free expression.

"Privacy and Human Rights 1999: An International Survey of Privacy Lawsand Developments," David Banisar, Simon Davies, editors, (EPIC 1999).
Price: $15.

An international survey of the privacy and data protection laws foundin 50 countries around the globe. This report outlines theconstitutional and legal conditions of privacy protection, andsummarizes important issues and events relating to privacy andsurveillance.

Additional titles on privacy, open government, free expression,
computer security, and crypto, as well as films and DVDs can beordered through the EPIC Bookstore:

[8] Upcoming Conferences and Events

Telecommunications: The Bridge to Globalization in the InformationSociety. Biennial Conference of the International TelecommunicationsSociety. July 2-5, 2000. For more information:
Successfully Managing the New Data Protection Laws. Privacy Laws &
Business. July 3-5, 2000. Cambridge, England. For more information:

INET 2000: Internet Global Summit. Internet Society. July 18-20, 2000.
Yokohama, Japan. For more information:
Infomediaries: Leveraging Consumer Profile Data on the Web. Institutefor International Research. July 20-21, 2000. San Francisco, CA. HyattRegency Embarcadero Center. For more information:
First International Hackers Forum. The Green Planet. August 18-20,
2000. Zaporozhye, Ukraine. For more information:
Surveillance Expo 2000. August 28-30, 2000. Arlington, VA. For moreinformation:
KnowRight 2000 - InfoEthics Europe. Austrian Computer Society andUNESCO. September 26-29, 2000. Vienna, Austria. For more information:
One World, One Privacy: 22nd Annual International Conference onPrivacy and Personal Data Protection. September 28-30, 2000. Venice,
Italy. For more information:

Privacy: A Social Research Conference. New School University. October5-7, 2000. New York, NY. For more information:

Privacy2000: Information and Security in the Digital Age. October 31-
November 1, 2000. Columbus, Ohio. Adam's Mark Hotel. For moreinformation:

Subscription Information

The EPIC Alert is a free biweekly publication of the ElectronicPrivacy Information Center. A Web-based form is available forsubscribing or unsubscribing at:
To subscribe or unsubscribe using email, send email with the subject: "subscribe" (no quotes) or"unsubscribe".

Back issues are available at:

About EPIC

The Electronic Privacy Information Center is a public interestresearch center in Washington, DC. It was established in 1994 tofocus public attention on emerging privacy issues such as the ClipperChip, the Digital Telephony proposal, national ID cards, medicalrecord privacy, and the collection and sale of personal information.
EPIC is sponsored by the Fund for Constitutional Government, anon-profit organization established in 1974 to protect civil libertiesand constitutional rights. EPIC publishes the EPIC Alert, pursuesFreedom of Information Act litigation, and conducts policy research.
For more information, e-mail, orwrite EPIC, 1718 Connecticut Ave., NW, Suite 200, Washington, DC20009. +1 202 483 1140 (tel), +1 202 483 1248 (fax).

If you'd like to support the work of the Electronic PrivacyInformation Center, contributions are welcome and fullytax-deductible. Checks should be made out to "The Fund forConstitutional Government" and sent to EPIC, 1718 ConnecticutAve., NW, Suite 200, Washington, DC 20009.

Your contributions will help support Freedom of Information Act andFirst Amendment litigation, strong and effective advocacy for theright of privacy and efforts to oppose government regulation ofencryption and expanding wiretapping powers.

Thank you for your support.

END EPIC Alert 7.12


WorldLII: Copyright Policy | Disclaimers | Privacy Policy | Feedback