You are here:
WorldLII >>
Databases >>
EPIC Alert >>
2000 >>
[2000] EPICAlert 15
Database Search
| Name Search
| Recent Articles
| Noteup
| LawCite
| Help
EPIC Alert 7.15 [2000] EPICAlert 15
EPIC ALERT
Volume 7.15 August 3, 2000
Published by the Electronic Privacy Information Center (EPIC)
Washington, D.C.
http://www.epic.org/alert/EPIC_Alert_7.15.html
Table of Contents
[1] Federal Judge Orders Fast FBI Action on Carnivore Material
[2] Flashback: It's the Clipper Chip All Over Again
[3] Report on Online Profiling Analyzes Recent FTC Agreement
[4] NGOs to Hold Public Voice Meeting on Emerging Privacy Issues
[5] Study Examines Children's Privacy and "Free" Internet Access
[6] Administration Seeks Public Comment on Privacy and Bankruptcy
[7] EPIC Bookstore - Privacy in the Information Age
[8] Upcoming Conferences and Events
[1] Federal Judge Orders Fast FBI Action on Carnivore Material
In response to a lawsuit filed by EPIC, a federal judge in Washingtonhas ordered the Federal Bureau of Investigation to establish
atimetable for the expedited release of information about the"Carnivore" system no later than August 16. The ruling came during
anemergency hearing convened by U.S. District Judge James Robertson onAugust 2, only hours after EPIC filed an application for the
immediatepublic disclosure of information concerning the FBI's controversialsurveillance system. EPIC's lawsuit charges that the
Department ofJustice and the FBI have violated the law by failing to act on arequest to expedite the processing of a Freedom of Information
Actrequest EPIC submitted to the FBI on July 12.
The Carnivore system monitors traffic at the facilities of Internetservice providers (ISPs) in order to intercept information containedin
the electronic mail of criminal suspects. Carnivore can reportedlyscan millions of e-mails each second and is capable of providing
lawenforcement agents the ability to intercept all of an ISP's customers'
digital communications. Serious questions have been raised inCongress, in the media and in the privacy community concerning thelegality
of Carnivore and its potential for abuse.
In response to the public uproar over Carnivore, Attorney GeneralJanet Reno announced on July 27 that the technical specifications
ofthe system would be disclosed to a "group of experts" to allay publicconcerns. But according to EPIC General Counsel David L.
Sobel,
"There is no substitute for a full and open public review of theCarnivore system. The only way that the privacy questions can beresolved
is for the FBI to release all relevant information, bothlegal and technical." EPIC's FOIA request, which is the subject ofthe federal
court order, seeks the disclosure of "all records"
concerning Carnivore, including the underlying software and legalanalyses addressing the limitations, if any, that have been placed
onthe use of the system. A similar request for access to Carnivorematerial was filed by the American Civil Liberties Union.
In a detailed submission to the Justice Department shortly after ittransmitted its request to the FBI, EPIC asserted that its Carnivorerequest
concerns "a matter of widespread and exceptional mediainterest in which there exist possible questions about thegovernment's integrity
which affect public confidence" -- one of thelegal standards that qualifies a request for "expedited processing."
Despite a ten-day time limit to answer requests for acceleratedprocessing, the Department failed to respond to EPIC's request until
alittle more than an hour before the emergency court hearing. In a faxsent to EPIC, the FBI finally conceded that the Carnivore
requestrequires expedited treatment.
EPIC is a frequent FOIA requester and litigant, and previously soughtthe disclosure of information from the FBI on the CommunicationsAssistance
to Law Enforcement Act (CALEA) and from the NationalSecurity Agency on the Clipper Chip (see below) and U.S. encryptionpolicy, among
other subjects.
The legal memorandum in support of EPIC's motion for a temporaryrestraining order is available in HTML at:
http://www.techlawjournal.com/courts/epicvdoj/20000802mem.asp
and in PDF at:
http://www.epic.org/privacy/litigation/carnivore_TRO.pdf
[2] Flashback: It's the Clipper Chip All Over Again
Longtime readers of the EPIC Alert might feel a sense of deja vu whenthey read about the current controversy over the FBI's Carnivoresurveillance
system. That's probably because official statements onthe matter bear a striking resemblance to statements made in the earlydays
of the Clipper Chip controversy. The Clipper Chip usedclassified technology developed by the National Security Agency that,
according to the initial White House announcement on April 16, 1993,
"preserves the ability of federal, state and local law enforcementagencies to intercept lawfully the phone conversations of criminals."
Clipper was an encryption system that deposited a spare decryption keywith the federal government. Not surprisingly, the proposal
was metwith a great deal of public mistrust and concern about potentialabuse.
In an effort to address the public concerns over the Clipper Chip, theWhite House announced that "respected experts from outside thegovernment
will be offered access to the confidential details of thealgorithm to assess its capabilities and publicly report theirfindings."
Although the reviewers eventually stated theirsatisfaction with the technical specifications, the secrecysurrounding the Clipper
Chip was never lifted. In fact, EPIC went tocourt seeking the release of the underlying SKIPJACK algorithm, andlost.
Today, the FBI steadfastly refuses to disclose the source code ortechnical specifications of Carnivore. Attorney General Renoaddressed
the issue on July 27 and announced the Justice Department'splan:
The first step will be to have an individual expert or a group of experts, probably from an academic community,
conduct a detailed review of the source code. Those experts will report their findings to a panel of interested parties,
people from the telecommunications and computer industries, as well as privacy experts. . . .
I think it's a matter of explaining and trying to bring in experts that will give people additional confidence . . .
The Clipper Chip experience suggests that there's no real substitutefor full public disclosure. While keeping the actual details
underwraps, various agencies posted reassuring statements and "FrequentlyAsked Questions" files. After several years of unsuccessfully
tryingto promote the technology, the government eventually dropped theinitiative. Today, a search for "Clipper Chip" at the JusticeDepartment's
website yields a "no records" response.
For more background information on the Clipper Chip see:
http://www.epic.org/crypto/clipper/
[3] Report on Online Profiling Analyzes Recent FTC Agreement
On July 28, EPIC, in conjunction with Junkbusters, released a reporton the recent agreement between the Federal Trade Commission (FTC)
andthe Network Advertising Initiative (NAI) on a set of self-regulatoryguidelines. The NAI is a consortium of Internet advertising
companiesrepresenting roughly ninety percent of the growing industry andincludes companies such as DoubleClick and Engage. Entitled
"NetworkAdvertising Initiative: Principles not Privacy," the report examinesthe year-long controversy of online profiling, the shortcomings
of theNAI guidelines, and proposes principles that would offer an adequatelevel of privacy protection.
Online profiling, currently a common practice of Internet advertisers,
entails the collection of information about Internet behavior for thecreation of a profile or a representation about an Internet user'sinterests
and preferences. Recent controversies have erupted aroundnot only the practice of online profiling, but also the linkingof these
profiles to personal data.
The report argues that the self-regulatory guidelines endorsed by theFTC and negotiated without significant involvement from consumer
andprivacy groups, do not provide an adequate level of privacyprotection. The guidelines will allow companies to collect onlineprofiling
data on the basis of notice and opt-out, which provides noassurances that consumers will know that their behavior is beingtracked
and recorded. The principles will also permit companies tolink online profiling data with personal data on the basis of a"robust"
notice and opt-out with little guidance as to what "robust"
procedures will be. Similarly, provisions about access, the abilityto view and edit information collected, and the transfer of personaldata
to third parties are vague and indeterminate.
In light of the inadequacy of the FTC-NAI agreement, the reportrecommends that legislation built on Fair Information Practices willbetter
protect privacy and conform to the standards that consumersprefer. Such legal standards would also spur the development of moreinnovative
Internet advertising practices that do not rely on thetracking of Internet users.
"Network Advertising Initiative: Principles not Privacy":
http://www.epic.org/privacy/internet/NAI_analysis.html
The recommendation of the Federal Trade Commission and materialsrelated to the Network Advertising Initiative guidelines:
http://www.ftc.gov/opa/2000/07/onlineprofiling.htm
[4] NGOs to Hold Public Voice Meeting on Emerging Privacy Issues
On September 27, EPIC and Privacy International will host aconference, "The Public Voice in Privacy Policy," in Venice, Italy.
The meeting will be held in conjunction with the annual meeting of theData Protection and Privacy Commissioners to take place on September28.
The conference will bring together leading academic experts, NGOleaders, and privacy officials from around the world to explorecurrent
issues in privacy protection. Panel discussions will focus onthe globalization of surveillance; copyright protection and privacy;
the EU-US negotiations on transborder data flows (Safe Harbor); andthe need for an international convention on data protection.
The first of these conferences was organized by Privacy Internationaland held in Sydney in 1992. Subsequent meetings have taken place
inManchester (1993), The Hague (1994), Copenhagen (1995), Ottawa (1996),
Brussels (1997), and Hong Kong (1999).
For program and registration details see:
http://www.epic.org/events/publicvoice_venice/
For details on the Data Protection Commissioner's conference visit thehomepage of the Italian Data Protection Commission:
http://www.dataprotection.org/
[5] Study Examines Children's Privacy and "Free" Internet Access
The Center for Advanced Technology at the University of Oregon hasproduced a study, "Capturing the Eyeballs and E-Wallets of CaptiveKids
in School: Dot.com Invades Dot.edu," examining companies thatoffer "free" Internet access to schools in exchange for thecollection
of marketing information from their students. Schoolsfaced with an increasing amount of pressure to provide Internet accessto students
are being lured into these deals by companies like Zapme!
and HiFusion.
Companies looking for an opportunity to reach younger audiences havefound that by offering free or reduced prices for computer equipmentor
Internet access, they can start creating online profiles -
information about their interests and preferences - of children whilethey are at school. Some of these companies collect personalinformation
as well as information about Internet surfing behavior.
The study goes on to say that far too often, school administratorsapprove partnerships with such companies without being fully aware
ofthe invasive practices of these companies. In addition, parents whotrust the judgment of school officials are easily persuaded
to consentthese practices.
Most importantly, the study argues that allowing online profilingcompanies to begin collecting information on younger kids will likelymold
the expectation of privacy they may have as they become older. Ifthis practice becomes widespread, in the future, many children mayhave
a diminished sense of the proper boundaries of personal privacy.
"Capturing the Eyeballs and E-Wallets of Captive Kids in School:
Dot.com Invades Dot.edu" is available at:
http://netizen.uoregon.edu/documents/eyeballs.html
[6] Administration Seeks Public Comment on Privacy and Bankruptcy
Following up on a proposal made earlier this year by the ClintonAdministration, the Department of Justice, the Department of theTreasury
and the Office of Management and Budget, in conjunction withthe Administrative Office of U.S. Courts, will be conducting a study
onthe privacy of financial information disclosed to the public throughbankruptcy filings. The agencies are currently soliciting
publiccomments on the issue.
The study will also discuss other controversial issues such as theability to sell personal information or customer lists as assets
whencompanies go bankrupt. Recently, bankrupt online retailerToysmart.com has drawn criticism for attempting to sell its customerlists
to the highest bidder (see EPIC Alert 7.13).
The public comment period will end on September 8, 2000.
For more information on the study or to submit comments:
http://www.usdoj.gov/ust/privacy/privacy-study.htm
[7] EPIC Bookstore - Privacy in the Information Age
Privacy in the Information Age (Library in a Book) by Harry Henderson
http://www.amazon.com/exec/obidos/ISBN=0816038708/electronicprivacA
Privacy in the Information Age examines the growing controversy ofdiminishing privacy as advancements in computer technology facilitatethe
monitoring and collection of information from people's dailylives. Everything from medical records to e-mail correspondence andfinancial
statements can be reviewed by other people without theknowledge or consent of those whose information it is. These recordscan also
be stored in database files. Eventually, all aspects of anindividual's life may be gathered in a single computer file. Whilethis
could be a powerful and useful tool, it raises many questions.
Who has the right to this information? How can one control what sortof information is being collected and whether or not that informationis
accurate? Author Harry Henderson examines the history of howtechnology has created this dilemma and discusses the current statusof
privacy laws.
EPIC Publications:
"Cryptography and Liberty 2000: An International Survey of EncryptionPolicy," Wayne Madsen and David Banisar, editors, (EPIC 2000).
Price: $20. http://www.epic.org/crypto&/
EPIC's third survey of encryption policies around the world. Theresults indicate that the efforts to reduce export controls on strongencryption
products have largely succeeded, although severalgovernments are gaining new powers to combat the perceived threats ofencryption
to law enforcement.
"The Privacy Law Sourcebook: United States Law, International Law, andRecent Developments," Marc Rotenberg, editor (EPIC 1999). Price:
$50.
http://www.epic.org/pls/
The "Physicians Desk Reference of the privacy world." An invaluableresource for students, attorneys, researchers and journalists who
needan up-to-date collection of U.S. and International privacy law, as wellas a comprehensive listing of privacy resources.
"Filters and Freedom - Free Speech Perspectives on Internet ContentControls," David Sobel, editor (EPIC 1999). Price: $20.
http://www.epic.org/filters&freedom/
A collection of essays, studies, and critiques of Internet contentfiltering. These papers are instrumental in explaining why filteringthreatens
free expression.
"Privacy and Human Rights 1999: An International Survey of Privacy Lawsand Developments," David Banisar, Simon Davies, editors, (EPIC
1999).
Price: $15. http://www.epic.org/privacy&humanrights99/
An international survey of the privacy and data protection laws foundin 50 countries around the globe. This report outlines theconstitutional
and legal conditions of privacy protection, andsummarizes important issues and events relating to privacy andsurveillance.
Additional titles on privacy, open government, free expression,
computer security, and crypto, as well as films and DVDs can beordered through the EPIC Bookstore: http://www.epic.org/bookstore/
[8] Upcoming Conferences and Events
CPSR Meeting on Privacy & Security. August 15, 2000. TorontoCypherpunks/Webgrrls. Toronto, Canada. For more information:
http://toronto.cypherpunks.ca/
First International Hackers Forum. The Green Planet. August 18-20,
2000. Zaporozhye, Ukraine. For more information:
http://www.geocities.com/hack_forum
Surveillance Expo 2000. August 28-30, 2000. Arlington, VA. For moreinformation: http://www.surveillance-expo.com
Financial Privacy: Guaranteeing the Integrity of Your CustomersInformation. International Communications for Management. September7-8,
2000. New York, NY. For more information:
http://www.icmworldwide.com/EventIndex.asp?EventID=973
Health Information Privacy: A Dialogue with the Stakeholders.
September 21, 2000. Westin Hotel. Ottawa, Canada. For moreinformation: http://www.rileyis.com/seminars
KnowRight 2000 - InfoEthics Europe. Austrian Computer Society andUNESCO. September 26-29, 2000. Vienna, Austria. For more information:
http://www.ocg.at/KR-IE2000.html
The Public Voice in Privacy Policy. EPIC and Privacy International.
September 27, 2000. Venice, Italy. For more information:
http://www.epic.org/events/publicvoice_venice/
One World, One Privacy: 22nd Annual International Conference onPrivacy and Personal Data Protection. September 28-30, 2000. Venice,
Italy. For more information: http://www.dataprotection.org/
Drawing the Blinds: Reconstructing Privacy in the Information Age.
CPSR's Annual Conference and Wiener Award Dinner. October 14, 2000.
Philadelphia, PA. For more information: http://www.cpsr.org.
Privacy: A Social Research Conference. New School University. October5-7, 2000. New York, NY. For more information:
http://www.newschool.edu/centers/socres/privacy/
Privacy2000: Information and Security in the Digital Age. October 31-
November 1, 2000. Columbus, Ohio. Adam's Mark Hotel. For moreinformation: http://www.privacy2000.org
Subscription Information
The EPIC Alert is a free biweekly publication of the ElectronicPrivacy Information Center. A Web-based form is available forsubscribing
or unsubscribing at:
http://www.epic.org/alert/subscribe.html
To subscribe or unsubscribe using email, send email toepic-newsepic.org with the subject: "subscribe" (no quotes) or"unsubscribe".
Back issues are available at:
http://www.epic.org/alert/
About EPIC
The Electronic Privacy Information Center is a public interestresearch center in Washington, DC. It was established in 1994 tofocus
public attention on emerging privacy issues such as the ClipperChip, the Digital Telephony proposal, national ID cards, medicalrecord
privacy, and the collection and sale of personal information.
EPIC is sponsored by the Fund for Constitutional Government, anon-profit organization established in 1974 to protect civil libertiesand
constitutional rights. EPIC publishes the EPIC Alert, pursuesFreedom of Information Act litigation, and conducts policy research.
For more information, e-mail infoepic.org, http://www.epic.org orwrite EPIC, 1718 Connecticut Ave., NW, Suite 200, Washington, DC20009.
+1 202 483 1140 (tel), +1 202 483 1248 (fax).
If you'd like to support the work of the Electronic PrivacyInformation Center, contributions are welcome and fullytax-deductible.
Checks should be made out to "The Fund forConstitutional Government" and sent to EPIC, 1718 ConnecticutAve., NW, Suite 200, Washington,
DC 20009.
Your contributions will help support Freedom of Information Act andFirst Amendment litigation, strong and effective advocacy for theright of privacy and efforts to oppose government regulation
ofencryption and expanding wiretapping powers.
Thank you for your support.
Privacy Policy
The EPIC Alert mailing list is used only to mail the EPIC Alert and tosend notices about EPIC activities. We do not sell, rent or
share ourmailing list. We also intend to challenge any subpoena or other legalprocess seeking access to our mailing list. We do
not enhance (linkto other databases) our mailing list or require your actual name.
In the event you wish to subscribe or unsubscribe your email addressfrom this list, please follow the above instructions under"subscription
information". Please contact infoepic.org if you haveany other questions.
END EPIC Alert 7.15
.
WorldLII:
Copyright Policy
|
Disclaimers
|
Privacy Policy
|
Feedback
URL: http://www.worldlii.org/int/journals/EPICAlert/2000/15.html
