WorldLII Home | Databases | WorldLII | Search | Feedback

EPIC Alert

You are here:  WorldLII >> Databases >> EPIC Alert >> 2000 >> [2000] EPICAlert 18

Database Search | Name Search | Recent Articles | Noteup | LawCite | Help

EPIC Alert 7.18 [2000] EPICAlert 18


Volume 7.18 October 12, 2000

Published by the Electronic Privacy Information Center (EPIC)
Washington, D.C.

Table of Contents

[1] EPIC Obtains First Set of FBI Carnivore Documents
[2] Congressional Office Seeks Access to Census and IRS Data
[3] Capitol Hill Hearings Focus on Internet Consumer Privacy
[4] New At-Large Members Elected to ICANN Board
[5] NIST Selects New Advanced Encryption Standard
[6] Supreme Court to Hear Thermal Imaging Case
[7] EPIC Bookstore - Think UNIX
[8] Upcoming Conferences and Events

[1] EPIC Obtains First Set of FBI Carnivore Documents

The Federal Bureau of Investigation released the first set ofdocuments concerning its Carnivore Internet surveillance system onOctober 2. The documents were released as a result of EPIC's Freedomof Information Act lawsuit against the FBI and Department of Justice(see EPIC Alert 7.15). Of the 729 pages of material processed, nearly200 were withheld in full and another 400 were released withdeletions. The documents reveal the surveillance system's origins,
contain discussions of interception of voice over IP, and describevarious testing procedures.

The newly-released documents confirm that Carnivore grew out of anearlier FBI project called "Omnivore" and reveal for the first timethat Omnivore itself replaced an older surveillance tool. The name ofthat earlier project has been blacked out of the documents, andremains classified. In September 1998, the FBI's Data InterceptTechnology Unit in Quantico, Virginia launched a project to migrateOmnivore from Sun's Solaris operating system to a Windows NT platform.
"This will facilitate the miniaturization of the system and support awide range of personal computer (PC) equipment," according to theproject's Statement of Need. The project was called "Phiple Troenix"
and the resulting system was named "Carnivore."

Phiple Troenix's estimated price tag of $800,000 included training forpersonnel at the Bureau's National Infrastructure Protection Center(NIPC). The Omnivore project was formally closed down in June 1999,
at a final cost of $900,000.

Carnivore version 1.2 was released in September 1999; as of May2000, it was in version 1.3.4. At that time it was subjected to anexhaustive series of carefully prescribed tests under variableconditions. The results, according to an internal memo, werepositive. "Carnivore is remarkably tolerant of network aberration,
such as speed change, data corruption and targeted smurf typeattacks."

An "Enhanced Carnivore" project began in November 1999 and isscheduled to conclude in January of next year, at a total cost of$650,000. Some of the documents indicate that the Bureau plans to addmore features to versions 2.0 and 3.0 of Carnivore, but the detailshave been mostly redacted.

The next installment of Carnivore documents is scheduled to bereleased to EPIC in mid-November.

EPIC has posted scanned images of selected documents at:

[2] Congressional Office Seeks Access to Census and IRS Data

In a secretive assault on Americans' privacy, the Congressional BudgetOffice (CBO) is seeking access to confidential Census Bureau records,
as well as confidential financial data collected by the InternalRevenue Service. Congressional supporters of the CBO's data grab areattempting to insert into any of several pending appropriations billslanguage that would authorize the unprecedented disclosure of Censusand IRS information.

The CBO proposal seeks the data, which is currently kept strictlyconfidential under federal law, in order to make long-term projectionsabout the viability of the Social Security and Medicare programs. Theinitiative is being opposed and publicized by Rep. Carolyn Maloney(D-NY), who has accused the CBO of trying to sneak its proposalthrough the complex appropriations process currently ongoing asCongress rushes toward adjournment.

In a letter sent to leaders of the House Appropriations Committee onOctober 11, Rep. Maloney said that "changing the law that protects theconfidentiality of census data in the middle of the 2000 Census,
behind closed doors and with no public debate, sends the wrong signalto the American public." She cited widespread privacy concerns thatwere expressed earlier this year after the Census Bureau's long-formquestionnaire sought answers to a number of intrusive personalquestions (see EPIC Alert 7.06).

The attempted disclosure is also opposed by Commerce Secretary NormanMineta, who told Congressional leaders that the proposal would weaken"the most important legal structure protecting the privacy andconfidentiality of all Americans, with regard to the privateinformation they provide the Census Bureau." Saying that he is"adamantly opposed" to the proposal, Mineta noted that CBO'sinitiative "would threaten public confidence in the confidentialityof all information collected by the Census Bureau and other datacollecting agencies."

According to a coalition of consumer and privacy groups, anotherlast-minute amendment could detrimentally affect personal privacy.
Sen. Judd Gregg (R-NH) has attached his Social Security numberproposal, S. 2554, to the Commerce-Justice-State Appropriations Bill.
The amendment would not effectively increase protections over SocialSecurity numbers, but would pre-empt the ability of states to providestronger protections on their own.

A letter from consumer and privacy groups opposing the amendment tothe Commerce-Justice-State appropriations bill is available at:

[3] Capitol Hill Hearings Focus on Internet Consumer Privacy

On October 2, EPIC testified before the Senate Commerce Committee ona trio of Internet privacy bills introduced by Committee members:
S. 809, the "Online Privacy Protection Act"; S. 2606, the "ConsumerPrivacy Protection Act"; and S. 2928, the "Consumer Internet PrivacyEnhancement Act." In testimony before the full Committee, EPIC arguedthat there is widespread public support for privacy legislation, asubstantive privacy law will require more than the posting of privacypolicies, and protections should provide multiple enforcementmechanisms. In its conclusion, EPIC argued that among the threebills, S. 2606 provides the most robust legal framework for privacyprotection.

More recently, on October 11, EPIC testified before the House CommerceSubcommittee on Telecommunications Trade and Consumer Protection. Thehearing on "Recent Developments in Privacy Protections for Consumers"
touched on the privacy practices of both government and commercialwebsites. In its testimony, EPIC pointed to both online profiling andthe recent trend of companies claiming customer data as assets inbankruptcy proceedings as evidence of the need for baseline privacystandards. The testimony went on to argue that strong laws would giveconsumer long-needed privacy rights in the online world and wouldprovide necessary support for developing privacy enhancingtechnologies.

In a related development, a recent survey conducted by HarrisInteractive and commissioned by the National Consumers League foundthat more Americans are "very concerned" about loss of personalprivacy than they are about health care, crime, or taxes. Seventy-onepercent of respondents also believed that it is absolutely essentialthat companies ask permission before using personal information, and34 percent incorrectly believed that it is illegal for companies toshare or sell personal data.

EPIC's testimony before the Senate Commerce Committee on October 2:
EPIC's testimony before the House Commerce Committee on October 11:
Results of the National Consumers League survey:

[4] New At-Large Members Elected to ICANN Board

Five new members have been elected to the Internet Corporation forAssigned Names and Numbers (ICANN) Board of Directors. The five newmembers are the first publicly elected members of the Board and willtake their posts following ICANN's November meeting in Los Angeles.

Nii Quaynor, an employee of Network Computer Systems and administratorfor the .gh domain (Ghana), was the winner in the Africa region.
Masanobu Katoh, an employee of Fujitsu living in the United States,
placed first in the Asia/Australia/Pacific region. In the Europeanregion Andy Mueller-Maguhn of the Chaos Computer Club was selected.
Ivan Moura Campos, the chief executive of Akwan InformationTechnologies, is the representative for the Latin America andCaribbean region. Cisco engineer and outspoken ICANN critic KarlAuerbach placed first in the North America region. The views of allfive members on civil society issues can be found at the website ofthe Internet Democracy Project.

Earlier this month, the Internet Democracy Project co-sponsored twoevents on the ICANN elections. The "ICANN Candidates Forum" was heldon October 2 at the Harvard Law School in cooperation with the BerkmanCenter for Internet and Society. Another event -- "ICANN and InternetPrivatization: Technical Coordination or Cyberspace Governance?" --
was held on October 4 in cooperation with the Technology & CultureForum at MIT. Cybercasts of both events are available online.

ICANN will meet next in Los Angeles on November 13-17, 2000.
Participants are expected to discuss the introduction of new top-leveldomains. The following ICANN meeting will be held in Melbourne,
Australia on March 10-13, 2001.

Results of the 2000 At-Large Membership Vote:
Homepage of the Internet Democracy Project:

Information on the upcoming ICANN Meeting in Marina del Rey, November13-17, 2000:

[5] NIST Selects New Advanced Encryption Standard

On October 2, the National Institute of Standards and Technology(NIST) selected a new algorithm to be used as the government'sofficial encryption standard for the 21st century. Rijndael, namedafter its Belgian creators Joan Daemen and Vincent Rijmen, willreplace the Data Encryption Standard (DES), adopted by the federalgovernment as the Federal Information Processing Standard (FIPS) since1977.

The search for a new Advanced Encryption Standard (AES) was announcedby the NIST in 1997. By March 1999, the pool of candidates wasnarrowed to five finalists: MARS, RC6, Rijndael, Serpent, and Twofish.
Rijndael was chosen for its combination of "security, performance,
efficiency, ease of implementation and flexibility."

Rijndael will now be the official scrambling standard for all U.S.
federal government agencies. As it will be available for useroyalty-free worldwide, it is also likely to be widely adopted for useby private sector companies both nationally and internationally.

The weakness of the Data Encryption Standard, which relied on 56 bitencryption keys, was demonstrated in a series of DES Cracker Projectssponsored by RSA Laboratories in 1997, 1998 and 1999. Relying onspecialized "DES Cracker" machines, code breakers were eventually ableto recover DES keys in a matter of hours. The AES will use three keysizes: 128, 192 and 256 bits. It is estimated that it would takelonger than the life of the universe to crack the AES (!!).

For complete AES-related information visit the AES home page at:
For more information on the RSA's DES Challenges visit:

[6] Supreme Court to Hear Thermal Imaging Case

On September 26, the U.S. Supreme Court agreed to hear a case thatpresents the question whether the use of a device that detects heatemanating from a home constitutes a search under the Fourth Amendment.

The petitioner, Danny Lee Kyllo, was arrested in 1992 by Oregonofficials for growing marijuana in his home. To obtain the evidencefor the arrest, the police used (without a warrant) a thermal imagingdevice that detects heat emanations inside a home. After discoveringKyllo's home was warmer than neighboring buildings, police thenobtained a warrant and searched Kyllo's home and found evidence ofcriminal conduct. Kyllo pleaded guilty to charges of growingmarijuana but challenged the constitutionality of the use of thethermal imaging device absent a warrant.

The case is on appeal from the U.S. Court of Appeals for the NinthCircuit which held in a 2-1 decision that the use of thermal imagingtechnology did not constitute a search. Writing for the majority,
Judge Hawkins said the use of the device was not a search since itsuse did not reveal any intimate details. Further, use of the devicedid not violate any reasonable expectation of privacy since Kyllo madeno attempt to conceal heat emissions, thus "demonstrating a lack ofconcern with the heat emitted and a lack of a subjective privacyexpectation in the heat." In his dissent, Judge Noonan responded that
It is strange to focus on the homeowner's non-existent expectation as to emissions. The homeowner's expectation is directed to the privacy of the interior of his home. It is that expectation which the Fourth Amendment is intended to protect.

While several federal Courts of Appeals have agreed with the NinthCircuit's decision that use of thermal imaging devices does notconstitute a search, other District and State Supreme Courts have heldthat a warrant requirement should apply.

More information about Kyllo v. U.S. (No. 99-8508) is available at:

[7] EPIC Bookstore - Think UNIX

Think UNIX by Jon Lasser
Unix has a reputation for being cryptic and difficult to learn, but itdoesn't need to be that way. Think Unix takes an analogous approachto that of a grammar book. Rather than teaching individual words orphrases like most books, Think Unix teaches the set of logicalstructures to be learned. Myriad examples help you learn individualcommands, and practice problems at the end of difficult sections helpyou learn the practical side of Unix. Strong attention is paid tolearning how to read "man pages," the standard documentation on allUnix systems, including Linux. While most books simply tell you thatman pages exist and spend some time teaching how to use the mancommand, none spend any significant amount of space teaching how touse the content of the man pages. Even if you are lost at the Unixcommand prompt, you can learn subsystems that are specific to the Unixflavor. Teaches how to use Unix effectively for everyday tasks byteaching the design model
A succinct introduction to Unix for advanced computer users thatteaches the basics but also provides a framework for additionallearning.

EPIC Publications:

"Privacy & Human Rights 2000: An International Survey of Privacy Lawsand Developments," David Banisar, author (EPIC 2000).
Price: $20.

This survey, by EPIC and Privacy International, reviews the state ofprivacy in over fifty countries around the world. The survey examinesa wide range of privacy issues including, data protection, telephonetapping, genetic databases, ID systems and freedom of informationlaws.

"The Privacy Law Sourcebook 2000: United States Law, InternationalLaw, and Recent Developments," Marc Rotenberg, editor (EPIC 2000).
Price: $40.

The "Physicians Desk Reference of the privacy world." An invaluableresource for students, attorneys, researchers and journalists who needan up-to-date collection of U.S. and International privacy law, aswell as a comprehensive listing of privacy resources.

"Cryptography and Liberty 2000: An International Survey of EncryptionPolicy," Wayne Madsen and David Banisar, editors (EPIC 2000).
Price: $20.

EPIC's third survey of encryption policies around the world. Theresults indicate that the efforts to reduce export controls on strongencryption products have largely succeeded, although severalgovernments are gaining new powers to combat the perceived threats ofencryption to law enforcement.

"Filters and Freedom - Free Speech Perspectives on Internet ContentControls," David Sobel, editor (EPIC 1999). Price: $20.

A collection of essays, studies, and critiques of Internet contentfiltering. These papers are instrumental in explaining why filteringthreatens free expression.

Additional titles on privacy, open government, free expression,
computer security, and crypto, as well as films and DVDs can beordered through the EPIC Bookstore:

[8] Upcoming Conferences and Events

Drawing the Blinds: Reconstructing Privacy in the Information Age.
CPSR's Annual Conference and Wiener Award Dinner. October 14, 2000.
Philadelphia, PA. For more information:
Gore/Bush Forum on Privacy. Institute for Communitarian Policy Studies,
George Washington University. Rep. Markey will be presenting the viewsof Vice President Gore and Senior Advisor Stephen Goldsmith theapproach of Governor Bush. October 16, 2000. Washington, DC. For moreinformation:
Identity Theft Victim Assistance Workshop. Federal Trade Commission.
October 23-24, 2000. Washington, DC. For more information:
Identity Theft Prevention Workshop. Social Security Administration.
October 25, 2000. Washington, DC. For more information:
Privacy2000: Information and Security in the Digital Age. October 31-
November 1, 2000. Columbus, Ohio. For more information:
Mealey's Internet Law 101 Conference. November 1-2, 2000. TysonsCorner, VA. For more information:
2000 BNA Public Policy Forum: e-commerce and internet regulation.
November 15-16, 2000. Tysons Corner, VA. For more information:
16th Annual Computer Security Applications Conference (ACSAC).
December 11-15, 2000. New Orleans, Louisiana. For more information:
Network and Distributed System Security Symposium (NDSS '01). InternetSociety. February 7-9, 2001. San Diego, CA. For more information:

Online, Offshore and Cross-Border: Regulating Global E-Commerce.
Washington College of Law, American University. March 30, 2001.
Washington, DC. For more information:

Subscription Information

The EPIC Alert is a free biweekly publication of the ElectronicPrivacy Information Center. A Web-based form is available forsubscribing or unsubscribing at:
To subscribe or unsubscribe using email, send email with the subject: "subscribe" (no quotes) or"unsubscribe".

Back issues are available at:

Privacy Policy

The EPIC Alert mailing list is used only to mail the EPIC Alert and tosend notices about EPIC activities. We do not sell, rent or share ourmailing list. We also intend to challenge any subpoena or other legalprocess seeking access to our mailing list. We do not enhance (linkto other databases) our mailing list or require your actual name.

In the event you wish to subscribe or unsubscribe your email addressfrom this list, please follow the above instructions under"subscription information". Please contact if you haveany other questions.

About EPIC

The Electronic Privacy Information Center is a public interestresearch center in Washington, DC. It was established in 1994 tofocus public attention on emerging privacy issues such as the ClipperChip, the Digital Telephony proposal, national ID cards, medicalrecord privacy, and the collection and sale of personal information.
EPIC is sponsored by the Fund for Constitutional Government, anon-profit organization established in 1974 to protect civil libertiesand constitutional rights. EPIC publishes the EPIC Alert, pursuesFreedom of Information Act litigation, and conducts policy research.
For more information, e-mail, orwrite EPIC, 1718 Connecticut Ave., NW, Suite 200, Washington, DC20009. +1 202 483 1140 (tel), +1 202 483 1248 (fax).

If you'd like to support the work of the Electronic PrivacyInformation Center, contributions are welcome and fullytax-deductible. Checks should be made out to "The Fund forConstitutional Government" and sent to EPIC, 1718 ConnecticutAve., NW, Suite 200, Washington, DC 20009.

Your contributions will help support Freedom of Information Act andFirst Amendment litigation, strong and effective advocacy for theright of privacy and efforts to oppose government regulation ofencryption and expanding wiretapping powers.

Thank you for your support.

END EPIC Alert 7.18


WorldLII: Copyright Policy | Disclaimers | Privacy Policy | Feedback