You are here:
WorldLII >>
Databases >>
EPIC Alert >>
2000 >>
[2000] EPICAlert 20
Database Search
| Name Search
| Recent Articles
| Noteup
| LawCite
| Help
EPIC Alert 7.20 [2000] EPICAlert 20
EPIC ALERT
Volume 7.20 November 14, 2000
Published by the Electronic Privacy Information Center (EPIC)
Washington, D.C.
http://www.epic.org/alert/EPIC_Alert_7.20.html
Table of Contents
[1] President Vetoes "Official Secrets Act" Legislation
[2] California Enacts New Privacy Laws
[3] IRS Gains Access to Overseas Credit Card Accounts
[4] Information Brokers Challenge Financial Privacy Rules
[5] Poll Finds Strong Majority Concerned About Online Privacy
[6] "Safe Harbor" Arrangement Begins
[7] EPIC Bookstore - Rethinking PKI and Digital Certificates
[8] Upcoming Conferences and Events
[1] President Vetoes "Official Secrets Act" Legislation
President Clinton on November 4 vetoed legislation that would have madeleaking of government secrets a criminal act (see EPIC Alert
7.19).
The president, in his veto message, said he agreed that some leaks "canbe extraordinarily harmful" to national security. But he agreed
withcritics of the provision who argued that the new penalties couldsilence whistle-blowers: "We must never forget that the free
flow ofinformation is essential to a democratic society." The provision, whichwas contained in an intelligence spending bill (H.R.
5630), would haveextended penalties that now exist for leaking classified, nationaldefense information, to the leaking of other classified,
but nondefensedata that could harm the United States if made public or given toforeign governments.
A broad coalition of public interest groups -- including EPIC -- saidthat the legislation was likely to stifle public debate on importantpolicy
matters. Several of the nation's largest news organization --
including CNN, The Washington Post, The New York Times and theNewspaper Association of America -- also appealed to Clinton to vetothe
bill. The legislation's opponents said it amounted to thenation's first "Official Secrets Act," and noted that even members ofCongress
would be subject to criminal charges for leaking classifiedinformation.
In his veto statement, Clinton said, "As president ... it is myresponsibility to protect not only our government's vital informationfrom
improper disclosure but also to protect the rights of citizens toreceive the information necessary for democracy to work." He addedthat
it requires a careful balance to reconcile the goals of protectingnational security and the public's right to know. "This legislationdoes
not achieve the proper balance."
On November 13, the House voted to again pass the intelligenceauthorization bill, without the controversial secrecy provision.
President Clinton's veto statement is available at:
http://www.epic.org/open_gov/WH_pr_110400.html
[2] California Enacts New Privacy Laws
In October, California Governor Gray Davis signed into law six newprivacy measures aimed at protecting consumers' privacy and protectingagainst
identity theft. One of the new laws establishes the firstdedicated U.S. privacy protection agency within the Department ofConsumer
Affairs. The new Office of Privacy Protection will operate asa central clearinghouse for privacy complaints and will provideinformation,
advice and referrals to consumers to help resolve privacydisputes and concerns.
Another law requires businesses to destroy customer records containingpersonal information by shredding them, erasing them or otherwisemaking
them unreadable. Two of the laws specifically address thegrowing problem of identify theft. The first allows victims ofidentity
theft to seek the assistance of the courts in clearing theirnames and restoring their identities. The second allows those victimsto
join law enforcement in accessing a statewide database documentingidentity theft crimes. Under the fifth law, credit card companies
willhave to give consumers an opportunity to "opt-out" annually of havingtheir personal information shared. The final law prohibits
consumercredit reporting agencies from including medical information, providedfor insurance purposes, in consumer credit reports.
This new package of laws, coupled with the state's strongconstitutional right to privacy, clearly establishes California as theleading
U.S. state in the protection of individual privacy.
Press release from the California Department of Consumer Affairsdiscussing the new legislation:
http://www.dca.ca.gov/press_releases/20001030.htm
[3] IRS Gains Access to Overseas Credit Card Accounts
A federal judge on October 30 granted the Internal Revenue Service(IRS) access to thousands of MasterCard and American Express creditcard
accounts held by U.S. taxpayers in several offshore bankinghavens. U.S. District Judge Adalberto Jordan's order allows the IRS toissue
summonses for information concerning charge, debit and creditcards issued by banks in the Cayman Islands, Bahamas and Antigua andBarbuda
in 1998 and 1999. Banks in the targeted jurisdictions requirecustomers to open bank accounts before obtaining credit cards, soobtaining
the names of cardholders produces the names of bank accountholders as well.
IRS investigators are reportedly interested in reviewing things likecar, boat and airline ticket purchases and hotel and car rentals
todetermine whether credit card account holders are living beyond theirreported means. Offshore credit accounts are legal for U.S.
taxpayers,
but they are required to file forms with the IRS disclosing them. Thethree nations targeted by the IRS have long been identified by
U.S.
authorities as offshore tax havens and centers of money launderering.
An affidavit filed by the IRS with the summons request claimed the U.S.
Treasury loses an estimated $70 billion yearly from individualtaxpayers who use offshore accounts to evade taxes.
Promoters of offshore accounts often claim that they can be used toshelter income because the U.S. government cannot penetrate someforeign
banking secrecy laws. But the IRS believed it could avoidthose laws by getting records through the Miami headquarters of thecompanies'
Caribbean operations, an approach that Judge Jordanaccepted.
MasterCard International issued a brief statement saying it has "alwayscooperated with, and will continue to cooperate with, investigations
bygovernmental agencies." The company added that it is "mindful ofcustomers' privacy concerns."
[4] Information Brokers Challenge Financial Privacy Rules
An industry association representing information brokers -- theIndividual Reference Services Group (IRSG) -- has challenged theFederal
Trade Commission's (FTC) newly-enacted financial privacy rules.
As one of the federal agencies promulgating privacy rules under theFinancial Services Modernization Act (Gramm-Leach-Bliley), the
FTCdesignated credit headers as a type of personal financial informationsubject to opt-out privacy protections (see EPIC Alert 7.10).
Creditheaders, so-called because they are at the top of credit reports,
contain information such as names, addresses, phone numbers, and SocialSecurity numbers. IRSG companies sell credit header information
todirect marketers, private investigators, and other information brokers.
The IRSG complaint, filed in the U.S. District Court for the Districtof Columbia, alleges that the FTC credit header rule unlawfully
expandsthe definition of non-public personal information contained in thelegislation, and that it improperly supersedes the Fair
CreditReporting Act, which has not traditionally protected credit headerinformation. The FTC contends that its rulemaking follows
the law'slegislative intent.
In related privacy news, the Social Security number provisionscontained in the Commerce-Justice-State appropriations bill weresingled
out in a veto threat letter sent by President Clinton toCongress before the election recess. The Social Security numberprovisions
are opposed by consumer and privacy groups (see EPIC Alert7.18). The provisions are still included in the appropriations billwhich
has yet to pass and is pending before the current lame duckCongress.
The FTC's final financial privacy rules (PDF) are available at:
http://www.ftc.gov/os/2000/05/glb000512.pdf
See President Clinton's letter threatening to veto the Commerce-
Justice-State Appropriations bill:
http://www.epic.org/privacy/ssn/WH_pr_102600.html
[5] Poll Finds Strong Majority Concerned About Online Privacy
A newly released Gallup poll finds that a majority of Americans areconcerned about their privacy on the Internet. The Gallup survey,
which was commissioned by the MedicAlert Foundation, an emergencymedical information service, questioned individuals' willingness
totransmit personal health information over the Internet.
As a result of privacy concerns, only seven percent of all respondentssaid that they would be willing to store or transmit personal
healthinformation on the Internet. Seventy-seven percent of respondentsconsidered the privacy of their health and medical information
to bevery important, and 84 percent said that they would be concerned ifthat information was made available to others without their
consent.
Whereas 90 percent of respondents said that they trust their own doctorto keep their personal health information private and secure,
onlyeight percent would trust an Internet website to do the same. Thirtypercent said that they would be more willing to disclose
thisinformation on the Internet if they could be assured of its privacy andsecurity.
A summary of the results of the Gallup survey is available at:
http://www.medicalert.org/Releaselatest.html
[6] "Safe Harbor" Arrangement Begins
On November 1, the long-negotiated Safe Harbor agreement formally wentinto effect. Safe Harbor allows U.S. companies to voluntarilysubscribe
to a set of principles and procedures for the handling ofdata originating in the European Union. The EU Data ProtectionDirective
requires that an adequate level of privacy protection existbefore any personal information can be transferred to a third country.
The European Commission has agreed that any U.S. company thatsubscribes to Safe Harbor should be deemed to be providing an adequatelevel
of privacy protection for such data.
The U.S. Department of Commerce maintains the official list of U.S.
companies that join the arrangement. Both the European Commission andU.S. government officials are expected to monitor the number
ofcompanies that join over the next few months. Due to earlieropposition from the European Parliament to the agreement, the EuropeanCommission
is expected to review the arrangement by the middle of nextyear.
Since the beginning of the month, only one U.S. entity -- TRUSTe -- hasjoined the system.
To see the Safe Harbor list, as well as related materials:
http://www.export.gov/safeharbor/
Past comments on Safe Harbor are available from the TransAtlanticConsumer Dialogue:
http://www.tacd.org/meeting2/electronic.html
[7] EPIC Bookstore - Rethinking PKI and Digital Certificates
Rethinking Public Key Infrastructures and Digital Certificates:
Building in Privacy by Stefan A. Brands
http://www.powells.com/cgi-bin/partner?partner_id=24075&cgi=search/
search&searchtype=isbn&searchfor=0262024918
As paper-based communication and transaction mechanisms are replacedby automated ones, traditional forms of security such as photographsand
handwritten signatures are becoming outdated. Most securityexperts believe that digital certificates offer the best technologyfor
safeguarding electronic communications. They are already widelyused for authenticating and encrypting email and software, andeventually
will be built into any device or piece of software thatmust be able to communicate securely. There is a serious problem,
however, with this unavoidable trend: unless drastic measures aretaken, everyone will be forced to communicate via what will be themost
pervasive electronic surveillance tool ever built. There willalso be abundant opportunity for misuse of digital certificates byhackers,
unscrupulous employees, government agencies, financialinstitutions, insurance companies, and so on.
In this book Stefan Brands proposes cryptographic building blocksfor the design of digital certificates that preserve privacy withoutsacrificing
security. Such certificates function in much the sameway as cinema tickets or subway tokens: anyone can establish theirvalidity
and the data they specify, but no more than that.
Furthermore, different actions by the same person cannot be linked.
Certificate holders have control over what information is disclosed,
and to whom. Subsets of the proposed cryptographic building blockscan be used in combination, allowing a cookbook approach to the
designof public key infrastructures. Potential applications includeelectronic cash, electronic postage, digital rights management,
pseudonyms for online chat rooms, health care information storage,
electronic voting, and even electronic gambling.
EPIC Publications:
"Privacy & Human Rights 2000: An International Survey of Privacy Lawsand Developments," David Banisar, author (EPIC 2000).
Price: $20. http://www.epic.org/phr/
This survey, by EPIC and Privacy International, reviews the state ofprivacy in over fifty countries around the world. The survey
examinesa wide range of privacy issues including, data protection, telephonetapping, genetic databases, ID systems and freedom of
informationlaws.
"The Privacy Law Sourcebook 2000: United States Law, InternationalLaw, and Recent Developments," Marc Rotenberg, editor (EPIC 2000).
Price: $40. http://www.epic.org/pls/
The "Physicians Desk Reference of the privacy world." An invaluableresource for students, attorneys, researchers and journalists who
needan up-to-date collection of U.S. and International privacy law, aswell as a comprehensive listing of privacy resources.
"Cryptography and Liberty 2000: An International Survey of EncryptionPolicy," Wayne Madsen and David Banisar, editors (EPIC 2000).
Price: $20. http://www.epic.org/crypto&/
EPIC's third survey of encryption policies around the world. Theresults indicate that the efforts to reduce export controls on strongencryption
products have largely succeeded, although severalgovernments are gaining new powers to combat the perceived threats ofencryption
to law enforcement.
"Filters and Freedom - Free Speech Perspectives on Internet ContentControls," David Sobel, editor (EPIC 1999). Price: $20.
http://www.epic.org/filters&freedom/
A collection of essays, studies, and critiques of Internet contentfiltering. These papers are instrumental in explaining why filteringthreatens
free expression.
Additional titles on privacy, open government, free expression,
computer security, and crypto, as well as films and DVDs can beordered through the EPIC Bookstore: http://www.epic.org/bookstore/
[8] Upcoming Conferences and Events
Election 2000: Implications for Science & Technology. WashingtonScience Policy Alliance. November 15, 2000. Washington, DC. For
moreinformation: http://www.aaas.org/spp/dspp/rd/gwu.htm
2000 BNA Public Policy Forum: e-commerce and internet regulation.
November 15-16, 2000. Tysons Corner, VA. For more information:
http://internetconference.pf.com
Privacy by Design: The Future of Privacy Compliance and Business.
Zero-Knowledge Systems. November 19-21, 2000. Le Château Montebello,
Quebec. For more information:
http://www.zeroknowledge.com/conference/privacybydesign/
Managing the Privacy Revolution. Privacy and American Business'sSeventh Annual Conference. November 28-30, 2000. Washington, DC. Formore
information: http://www.pandab.org
Government Secrecy in a New Administration and a New Century.
Information Security Oversight Office and the James Madison Project.
December 5, 2000. Washington, DC. For more information:
http://www.fas.org/sgp/news/2000/11/symposium.pdf
16th Annual Computer Security Applications Conference (ACSAC).
December 11-15, 2000. New Orleans, Louisiana. For more information:
http://www.acsac.org
Network and Distributed System Security Symposium (NDSS '01). InternetSociety. February 7-9, 2001. San Diego, CA. For more information:
http://www.isoc.org/ndss01/
EUROSEC 2001: Forum sur la Sécurité des Systèmes d'Information. XPConseil. March 13-15, 2001. Paris, France.
For more information:
http://www.xpconseil.com/eurosec2001/
Online, Offshore and Cross-Border: Regulating Global E-Commerce.
Washington College of Law, American University. March 30, 2001.
Washington, DC. For more information: http://www.wcl.american.edu
First International Conference on Human Aspects of the InformationSociety. Information Management Research Institute, University ofNorthumbria
at Newcastle. April 9-11, 2001. Newcastle upon Tyne,
England. For more information: http://is.northumbria.ac.uk/imri
Subscription Information
The EPIC Alert is a free biweekly publication of the ElectronicPrivacy Information Center. A Web-based form is available forsubscribing
or unsubscribing at:
http://www.epic.org/alert/subscribe.html
To subscribe or unsubscribe using email, send email toepic-newsepic.org with the subject: "subscribe" (no quotes) or"unsubscribe".
Back issues are available at:
http://www.epic.org/alert/
Privacy Policy
The EPIC Alert mailing list is used only to mail the EPIC Alert and tosend notices about EPIC activities. We do not sell, rent or
share ourmailing list. We also intend to challenge any subpoena or other legalprocess seeking access to our mailing list. We do
not enhance (linkto other databases) our mailing list or require your actual name.
In the event you wish to subscribe or unsubscribe your email addressfrom this list, please follow the above instructions under"subscription
information". Please contact infoepic.org if you haveany other questions.
About EPIC
The Electronic Privacy Information Center is a public interestresearch center in Washington, DC. It was established in 1994 tofocus
public attention on emerging privacy issues such as the ClipperChip, the Digital Telephony proposal, national ID cards, medicalrecord
privacy, and the collection and sale of personal information.
EPIC publishes the EPIC Alert, pursues Freedom of Information Actlitigation, and conducts policy research. For more information,
e-mail infoepic.org, http://www.epic.org or write EPIC, 1718Connecticut Ave., NW, Suite 200, Washington, DC 20009.
+1 202 483 1140 (tel), +1 202 483 1248 (fax).
If you'd like to support the work of the Electronic PrivacyInformation Center, contributions are welcome and fullytax-deductible.
Checks should be made out to "EPIC" and sent to1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009.
Your contributions will help support Freedom of Information Act andFirst Amendment litigation, strong and effective advocacy for theright of privacy and efforts to oppose government regulation
ofencryption and expanding wiretapping powers.
Thank you for your support.
END EPIC Alert 7.20
.
WorldLII:
Copyright Policy
|
Disclaimers
|
Privacy Policy
|
Feedback
URL: http://www.worldlii.org/int/journals/EPICAlert/2000/20.html
