WorldLII Home | Databases | WorldLII | Search | Feedback

EPIC Alert

You are here:  WorldLII >> Databases >> EPIC Alert >> 2000 >> [2000] EPICAlert 15

Database Search | Name Search | Recent Articles | Noteup | LawCite | Help

EPIC Alert 7.15 [2000] EPICAlert 15


Volume 7.15 August 3, 2000

Published by the Electronic Privacy Information Center (EPIC)
Washington, D.C.

Table of Contents

[1] Federal Judge Orders Fast FBI Action on Carnivore Material
[2] Flashback: It's the Clipper Chip All Over Again
[3] Report on Online Profiling Analyzes Recent FTC Agreement
[4] NGOs to Hold Public Voice Meeting on Emerging Privacy Issues
[5] Study Examines Children's Privacy and "Free" Internet Access
[6] Administration Seeks Public Comment on Privacy and Bankruptcy
[7] EPIC Bookstore - Privacy in the Information Age
[8] Upcoming Conferences and Events

[1] Federal Judge Orders Fast FBI Action on Carnivore Material

In response to a lawsuit filed by EPIC, a federal judge in Washingtonhas ordered the Federal Bureau of Investigation to establish atimetable for the expedited release of information about the"Carnivore" system no later than August 16. The ruling came during anemergency hearing convened by U.S. District Judge James Robertson onAugust 2, only hours after EPIC filed an application for the immediatepublic disclosure of information concerning the FBI's controversialsurveillance system. EPIC's lawsuit charges that the Department ofJustice and the FBI have violated the law by failing to act on arequest to expedite the processing of a Freedom of Information Actrequest EPIC submitted to the FBI on July 12.

The Carnivore system monitors traffic at the facilities of Internetservice providers (ISPs) in order to intercept information containedin the electronic mail of criminal suspects. Carnivore can reportedlyscan millions of e-mails each second and is capable of providing lawenforcement agents the ability to intercept all of an ISP's customers'
digital communications. Serious questions have been raised inCongress, in the media and in the privacy community concerning thelegality of Carnivore and its potential for abuse.

In response to the public uproar over Carnivore, Attorney GeneralJanet Reno announced on July 27 that the technical specifications ofthe system would be disclosed to a "group of experts" to allay publicconcerns. But according to EPIC General Counsel David L. Sobel,
"There is no substitute for a full and open public review of theCarnivore system. The only way that the privacy questions can beresolved is for the FBI to release all relevant information, bothlegal and technical." EPIC's FOIA request, which is the subject ofthe federal court order, seeks the disclosure of "all records"
concerning Carnivore, including the underlying software and legalanalyses addressing the limitations, if any, that have been placed onthe use of the system. A similar request for access to Carnivorematerial was filed by the American Civil Liberties Union.

In a detailed submission to the Justice Department shortly after ittransmitted its request to the FBI, EPIC asserted that its Carnivorerequest concerns "a matter of widespread and exceptional mediainterest in which there exist possible questions about thegovernment's integrity which affect public confidence" -- one of thelegal standards that qualifies a request for "expedited processing."
Despite a ten-day time limit to answer requests for acceleratedprocessing, the Department failed to respond to EPIC's request until alittle more than an hour before the emergency court hearing. In a faxsent to EPIC, the FBI finally conceded that the Carnivore requestrequires expedited treatment.

EPIC is a frequent FOIA requester and litigant, and previously soughtthe disclosure of information from the FBI on the CommunicationsAssistance to Law Enforcement Act (CALEA) and from the NationalSecurity Agency on the Clipper Chip (see below) and U.S. encryptionpolicy, among other subjects.

The legal memorandum in support of EPIC's motion for a temporaryrestraining order is available in HTML at:
and in PDF at:

[2] Flashback: It's the Clipper Chip All Over Again

Longtime readers of the EPIC Alert might feel a sense of deja vu whenthey read about the current controversy over the FBI's Carnivoresurveillance system. That's probably because official statements onthe matter bear a striking resemblance to statements made in the earlydays of the Clipper Chip controversy. The Clipper Chip usedclassified technology developed by the National Security Agency that,
according to the initial White House announcement on April 16, 1993,
"preserves the ability of federal, state and local law enforcementagencies to intercept lawfully the phone conversations of criminals."
Clipper was an encryption system that deposited a spare decryption keywith the federal government. Not surprisingly, the proposal was metwith a great deal of public mistrust and concern about potentialabuse.

In an effort to address the public concerns over the Clipper Chip, theWhite House announced that "respected experts from outside thegovernment will be offered access to the confidential details of thealgorithm to assess its capabilities and publicly report theirfindings." Although the reviewers eventually stated theirsatisfaction with the technical specifications, the secrecysurrounding the Clipper Chip was never lifted. In fact, EPIC went tocourt seeking the release of the underlying SKIPJACK algorithm, andlost.

Today, the FBI steadfastly refuses to disclose the source code ortechnical specifications of Carnivore. Attorney General Renoaddressed the issue on July 27 and announced the Justice Department'splan:

The first step will be to have an individual expert or a group of experts, probably from an academic community,
conduct a detailed review of the source code. Those experts will report their findings to a panel of interested parties, people from the telecommunications and computer industries, as well as privacy experts. . . .

I think it's a matter of explaining and trying to bring in experts that will give people additional confidence . . .

The Clipper Chip experience suggests that there's no real substitutefor full public disclosure. While keeping the actual details underwraps, various agencies posted reassuring statements and "FrequentlyAsked Questions" files. After several years of unsuccessfully tryingto promote the technology, the government eventually dropped theinitiative. Today, a search for "Clipper Chip" at the JusticeDepartment's website yields a "no records" response.

For more background information on the Clipper Chip see:

[3] Report on Online Profiling Analyzes Recent FTC Agreement

On July 28, EPIC, in conjunction with Junkbusters, released a reporton the recent agreement between the Federal Trade Commission (FTC) andthe Network Advertising Initiative (NAI) on a set of self-regulatoryguidelines. The NAI is a consortium of Internet advertising companiesrepresenting roughly ninety percent of the growing industry andincludes companies such as DoubleClick and Engage. Entitled "NetworkAdvertising Initiative: Principles not Privacy," the report examinesthe year-long controversy of online profiling, the shortcomings of theNAI guidelines, and proposes principles that would offer an adequatelevel of privacy protection.

Online profiling, currently a common practice of Internet advertisers,
entails the collection of information about Internet behavior for thecreation of a profile or a representation about an Internet user'sinterests and preferences. Recent controversies have erupted aroundnot only the practice of online profiling, but also the linkingof these profiles to personal data.

The report argues that the self-regulatory guidelines endorsed by theFTC and negotiated without significant involvement from consumer andprivacy groups, do not provide an adequate level of privacyprotection. The guidelines will allow companies to collect onlineprofiling data on the basis of notice and opt-out, which provides noassurances that consumers will know that their behavior is beingtracked and recorded. The principles will also permit companies tolink online profiling data with personal data on the basis of a"robust" notice and opt-out with little guidance as to what "robust"
procedures will be. Similarly, provisions about access, the abilityto view and edit information collected, and the transfer of personaldata to third parties are vague and indeterminate.

In light of the inadequacy of the FTC-NAI agreement, the reportrecommends that legislation built on Fair Information Practices willbetter protect privacy and conform to the standards that consumersprefer. Such legal standards would also spur the development of moreinnovative Internet advertising practices that do not rely on thetracking of Internet users.

"Network Advertising Initiative: Principles not Privacy":
The recommendation of the Federal Trade Commission and materialsrelated to the Network Advertising Initiative guidelines:

[4] NGOs to Hold Public Voice Meeting on Emerging Privacy Issues

On September 27, EPIC and Privacy International will host aconference, "The Public Voice in Privacy Policy," in Venice, Italy.
The meeting will be held in conjunction with the annual meeting of theData Protection and Privacy Commissioners to take place on September28.

The conference will bring together leading academic experts, NGOleaders, and privacy officials from around the world to explorecurrent issues in privacy protection. Panel discussions will focus onthe globalization of surveillance; copyright protection and privacy;
the EU-US negotiations on transborder data flows (Safe Harbor); andthe need for an international convention on data protection.

The first of these conferences was organized by Privacy Internationaland held in Sydney in 1992. Subsequent meetings have taken place inManchester (1993), The Hague (1994), Copenhagen (1995), Ottawa (1996),
Brussels (1997), and Hong Kong (1999).

For program and registration details see:

For details on the Data Protection Commissioner's conference visit thehomepage of the Italian Data Protection Commission:

[5] Study Examines Children's Privacy and "Free" Internet Access

The Center for Advanced Technology at the University of Oregon hasproduced a study, "Capturing the Eyeballs and E-Wallets of CaptiveKids in School: Invades," examining companies thatoffer "free" Internet access to schools in exchange for thecollection of marketing information from their students. Schoolsfaced with an increasing amount of pressure to provide Internet accessto students are being lured into these deals by companies like Zapme!
and HiFusion.

Companies looking for an opportunity to reach younger audiences havefound that by offering free or reduced prices for computer equipmentor Internet access, they can start creating online profiles -
information about their interests and preferences - of children whilethey are at school. Some of these companies collect personalinformation as well as information about Internet surfing behavior.

The study goes on to say that far too often, school administratorsapprove partnerships with such companies without being fully aware ofthe invasive practices of these companies. In addition, parents whotrust the judgment of school officials are easily persuaded to consentthese practices.

Most importantly, the study argues that allowing online profilingcompanies to begin collecting information on younger kids will likelymold the expectation of privacy they may have as they become older. Ifthis practice becomes widespread, in the future, many children mayhave a diminished sense of the proper boundaries of personal privacy.

"Capturing the Eyeballs and E-Wallets of Captive Kids in School: Invades" is available at:

[6] Administration Seeks Public Comment on Privacy and Bankruptcy

Following up on a proposal made earlier this year by the ClintonAdministration, the Department of Justice, the Department of theTreasury and the Office of Management and Budget, in conjunction withthe Administrative Office of U.S. Courts, will be conducting a study onthe privacy of financial information disclosed to the public throughbankruptcy filings. The agencies are currently soliciting publiccomments on the issue.

The study will also discuss other controversial issues such as theability to sell personal information or customer lists as assets whencompanies go bankrupt. Recently, bankrupt online has drawn criticism for attempting to sell its customerlists to the highest bidder (see EPIC Alert 7.13).

The public comment period will end on September 8, 2000.

For more information on the study or to submit comments:

[7] EPIC Bookstore - Privacy in the Information Age

Privacy in the Information Age (Library in a Book) by Harry Henderson
Privacy in the Information Age examines the growing controversy ofdiminishing privacy as advancements in computer technology facilitatethe monitoring and collection of information from people's dailylives. Everything from medical records to e-mail correspondence andfinancial statements can be reviewed by other people without theknowledge or consent of those whose information it is. These recordscan also be stored in database files. Eventually, all aspects of anindividual's life may be gathered in a single computer file. Whilethis could be a powerful and useful tool, it raises many questions.
Who has the right to this information? How can one control what sortof information is being collected and whether or not that informationis accurate? Author Harry Henderson examines the history of howtechnology has created this dilemma and discusses the current statusof privacy laws.

EPIC Publications:

"Cryptography and Liberty 2000: An International Survey of EncryptionPolicy," Wayne Madsen and David Banisar, editors, (EPIC 2000).
Price: $20.

EPIC's third survey of encryption policies around the world. Theresults indicate that the efforts to reduce export controls on strongencryption products have largely succeeded, although severalgovernments are gaining new powers to combat the perceived threats ofencryption to law enforcement.

"The Privacy Law Sourcebook: United States Law, International Law, andRecent Developments," Marc Rotenberg, editor (EPIC 1999). Price: $50.

The "Physicians Desk Reference of the privacy world." An invaluableresource for students, attorneys, researchers and journalists who needan up-to-date collection of U.S. and International privacy law, as wellas a comprehensive listing of privacy resources.

"Filters and Freedom - Free Speech Perspectives on Internet ContentControls," David Sobel, editor (EPIC 1999). Price: $20.

A collection of essays, studies, and critiques of Internet contentfiltering. These papers are instrumental in explaining why filteringthreatens free expression.

"Privacy and Human Rights 1999: An International Survey of Privacy Lawsand Developments," David Banisar, Simon Davies, editors, (EPIC 1999).
Price: $15.

An international survey of the privacy and data protection laws foundin 50 countries around the globe. This report outlines theconstitutional and legal conditions of privacy protection, andsummarizes important issues and events relating to privacy andsurveillance.

Additional titles on privacy, open government, free expression,
computer security, and crypto, as well as films and DVDs can beordered through the EPIC Bookstore:

[8] Upcoming Conferences and Events

CPSR Meeting on Privacy & Security. August 15, 2000. TorontoCypherpunks/Webgrrls. Toronto, Canada. For more information:

First International Hackers Forum. The Green Planet. August 18-20,
2000. Zaporozhye, Ukraine. For more information:
Surveillance Expo 2000. August 28-30, 2000. Arlington, VA. For moreinformation:
Financial Privacy: Guaranteeing the Integrity of Your CustomersInformation. International Communications for Management. September7-8, 2000. New York, NY. For more information:
Health Information Privacy: A Dialogue with the Stakeholders.
September 21, 2000. Westin Hotel. Ottawa, Canada. For moreinformation:
KnowRight 2000 - InfoEthics Europe. Austrian Computer Society andUNESCO. September 26-29, 2000. Vienna, Austria. For more information:
The Public Voice in Privacy Policy. EPIC and Privacy International.
September 27, 2000. Venice, Italy. For more information:

One World, One Privacy: 22nd Annual International Conference onPrivacy and Personal Data Protection. September 28-30, 2000. Venice,
Italy. For more information:

Drawing the Blinds: Reconstructing Privacy in the Information Age.
CPSR's Annual Conference and Wiener Award Dinner. October 14, 2000.
Philadelphia, PA. For more information:

Privacy: A Social Research Conference. New School University. October5-7, 2000. New York, NY. For more information:

Privacy2000: Information and Security in the Digital Age. October 31-
November 1, 2000. Columbus, Ohio. Adam's Mark Hotel. For moreinformation:

Subscription Information

The EPIC Alert is a free biweekly publication of the ElectronicPrivacy Information Center. A Web-based form is available forsubscribing or unsubscribing at:
To subscribe or unsubscribe using email, send email with the subject: "subscribe" (no quotes) or"unsubscribe".

Back issues are available at:

About EPIC

The Electronic Privacy Information Center is a public interestresearch center in Washington, DC. It was established in 1994 tofocus public attention on emerging privacy issues such as the ClipperChip, the Digital Telephony proposal, national ID cards, medicalrecord privacy, and the collection and sale of personal information.
EPIC is sponsored by the Fund for Constitutional Government, anon-profit organization established in 1974 to protect civil libertiesand constitutional rights. EPIC publishes the EPIC Alert, pursuesFreedom of Information Act litigation, and conducts policy research.
For more information, e-mail, orwrite EPIC, 1718 Connecticut Ave., NW, Suite 200, Washington, DC20009. +1 202 483 1140 (tel), +1 202 483 1248 (fax).

If you'd like to support the work of the Electronic PrivacyInformation Center, contributions are welcome and fullytax-deductible. Checks should be made out to "The Fund forConstitutional Government" and sent to EPIC, 1718 ConnecticutAve., NW, Suite 200, Washington, DC 20009.

Your contributions will help support Freedom of Information Act andFirst Amendment litigation, strong and effective advocacy for theright of privacy and efforts to oppose government regulation ofencryption and expanding wiretapping powers.

Thank you for your support.

Privacy Policy

The EPIC Alert mailing list is used only to mail the EPIC Alert and tosend notices about EPIC activities. We do not sell, rent or share ourmailing list. We also intend to challenge any subpoena or other legalprocess seeking access to our mailing list. We do not enhance (linkto other databases) our mailing list or require your actual name.

In the event you wish to subscribe or unsubscribe your email addressfrom this list, please follow the above instructions under"subscription information". Please contact if you haveany other questions.

END EPIC Alert 7.15


WorldLII: Copyright Policy | Disclaimers | Privacy Policy | Feedback