WorldLII Home | Databases | WorldLII | Search | Feedback

EPIC Alert

You are here:  WorldLII >> Databases >> EPIC Alert >> 2000 >> [2000] EPICAlert 21

Database Search | Name Search | Recent Alerts | Noteup | LawCite | Help

EPIC Alert 7.21 [2000] EPICAlert 21 (30 November 2000)


 





EPIC ALERT




Volume 7.21 November 30, 2000

Published by the Electronic Privacy Information Center (EPIC)
Washington, D.C.

http://www.epic.org/alert/EPIC_Alert_7.21.html

Table of Contents



[1] Senate Judiciary Committee Presses FBI on Carnivore
[2] Court Protects Anonymity of "John Doe" Posters
[3] Council of Europe Releases Revised Cyber-Crime Proposal
[4] Supreme Court Issues Decision on Indiana Police Roadblocks
[5] ICANN Selects Seven New Top-Level Domains
[6] U.S. Courts Seek Comment on Privacy of Court Documents
[7] EPIC Bookstore - The Consumer Law Sourcebook 2000
[8] Upcoming Conferences and Events


[1] Senate Judiciary Committee Presses FBI on Carnivore


Citing an internal FBI document released to EPIC through a Freedom ofInformation Act (FOIA) lawsuit, the Senate Judiciary Committee hasasked the Bureau to provide additional information on the capabilitiesof the Carnivore Internet surveillance system. The document, obtainedby EPIC on November 16, reports the results of an FBI test showingthat Carnivore "could reliably capture and archive all unfilteredtraffic" transmitted through an Internet service provider and storethe communications on a hard drive or removable disks.

In a November 21 letter to FBI Director Louis Freeh, CommitteeChairman Orrin Hatch (R-UT) and ranking member Patrick Leahy (D-VT)
ask the Bureau to "explain why Carnivore was tested to determine if itwas capable of intercepting and archiving unfiltered traffic throughan ISP, whether Carnivore in fact has that capability, and under whatcircumstances it could ever be legitimately used to draw on thatcapability." They also request "complete and unredacted copies of thedocuments produced thus far in response to the FOIA lawsuit togetherwith any other documents related to Carnivore's capability tointercept and archive unfiltered traffic." The FBI's public defenseof Carnivore has centered on the claim that the system only capturestraffic that has been isolated by a software filter that "minimizes"
collection and limits it to the particular information authorized forseizure in a court order.

Hatch and Leahy told Freeh that "[s]kepticism about Carnivore is basedprecisely on concerns about this program's capability and whether thiscapability would be exploited to do more than just intercept narrowlytargeted pieces of information."

In other developments, an independent technical review of Carnivorereleased on November 21 found that FBI agents operating the system caninadvertently collect more private communications than permitted bylaw, underscoring the potential dangers of the invasive technology.
The reviewers also reported that they "did not find adequateprovisions (e.g. audit trails) for establishing individualaccountability for actions taken during use of Carnivore." The reportwas produced by a review team from the Illinois Institute ofTechnology and was sanitized for release by Justice Departmentofficials. The Department has set a deadline of December 1 for thesubmission of public comments on the technical review.

Selected Carnivore documents released as part of EPIC's FOIA lawsuitare available at:

http://www.epic.org/privacy/carnivore/foia_documents.html
The Carnivore review report is available at:

http://www.usdoj.gov/jmd/publications/carniv_entry.htm


[2] Court Protects Anonymity of "John Doe" Posters


In a significant decision concerning anonymity on the Internet, a NewJersey state court judge has ruled that a software company is notentitled to learn the identities of two "John Doe" defendants whoanonymously posted critical comments on a Yahoo message board. It isthe first known judicial decision denying the identification of suchdefendants.

In a 22-page opinion released on November 28, Judge Kenneth MacKenzieupheld the anonymity of the two posters but ruled that DendriteInternational can subpoena Yahoo for the identities of two otherposters who did not challenge the subpoenas. Dendrite had allegedthat some of the messages posted by the four "John Does" containedproprietary and confidential information, and that some of thestatements were defamatory. Judge MacKenzie found that the companyfailed to provide adequate evidence that two of the posters madedefamatory statements or did anything unlawful.

"The Internet has become a forum for vast discussion reaching manyindividuals with diverse backgrounds and opinions," the judge wrote.
"These four individuals were utilizing that forum to voice theiropinions and engage in discussion regarding issues important to them.
They were doing so under the protection of anonymity, which . . .
encourages the free flow of ideas. Allowing this protection to bestripped away would stifle that free discussion." The judge foundthat the right of companies to sue for alleged wrongful behavior "mustbe balanced against the legitimate and valuable right to participatein online forums anonymously or pseudonymously."

Paul Levy, who filed a "friend of the court" brief in the case forPublic Citizen, said, "By setting forth strict evidentiary standardsfor compelled identification, and then showing that these standardscan produce real protection for anonymity, this decision is atremendous victory for free speech." He predicted that for thisreason, as well as the court's thorough analysis of the constitutionalrights involved, the decision is likely to be especially influentialin future cases.

The court's decision is available at:

http://www.citizen.org/litigation/briefs/dendrite.pdf


[3] Council of Europe Releases Revised Cyber-Crime Proposal


On November 19, the European Committee on Crime Problems and theCommittee of Experts on Crime in Cyberspace released the 24th draft ofthe controversial cyber-crime convention. Although some changes havebeen made, the revised treaty still retains provisions on access toencryption keys, banning the use of security tools and ISP logging ofuser activity. It also includes provisions on wiretapping andinterception of traffic data. When finalized, the treaty will be opento countries around the world for signature.

Dozens of human rights, civil liberties, free speech and journalists'
groups wrote to the Council of Europe in October expressing oppositionto the proposal. Industry groups in the United States and Europe havealso expressed concern.

It is expected that the committee of experts will conclude its work bythe end of this year. Afterward the proposal will be considered bythe Committee of Ministers. It will then be open for signature byMember States. It is likely that the United States will seek to havenon-COE countries (including Canada, Australia, Japan, and the U.S.)
also ratify the treaty.

The Council of Europe has made available contact information fornational representatives participating in the COE Cyber Crime treatydiscussion (see below). EPIC urges readers to contact their nationalrepresentatives and ask them to give careful consideration to theprivacy and human rights concerns expressed by NGOs.

Council of Europe Convention on Cyber-Crime, draft of Nov. 19, 2000:

http://conventions.coe.int/treaty/EN/projets/cybercrime24.htm
Global Internet Liberty Campaign Letter on COE Cyber-Crime Convention:

http://www.gilc.org/privacy/coe-letter-1000.html
Privacy International Cyber-Crime Page:

http://www.privacyinternational.org/issues/cybercrime/

Council of Europe National Contacts:

http://conventions.coe.int/treaty/EN/projets/contactCyber.htm


[4] Supreme Court Issues Decision on Indiana Police Roadblocks


In a six-to-three decision authored by Justice O'Connor, the U.S.
Supreme Court on November 28 held that suspicionless vehiclecheckpoints for the discovery and interdiction of illegal narcoticsviolate the Fourth Amendment. In City of Indianapolis v. Edmond (No.
99-1030), officers randomly stopped drivers to detect and arrest drugoffenders. At the checkpoint, officers examined license andregistration materials, performed an "open-view" examination ofvehicle contents, and led a drug-sniffing dog along the outside of thevehicle. The officers had no discretion in choosing which drivers tostop, and were only supposed to delay a driver for less than fiveminutes.

In holding the Indianapolis procedure invalid, the Court distinguishedprior cases where suspicionless checkpoints were upheld. The Courthas held that brief, suspicionless seizures at fixed checkpoints arepermissible where the purpose was to detect undocumented citizens orintoxicated drivers. The use of checkpoints for these purposesclosely serve interests related to policing borders and ensuringroadway safety. Checkpoints for drug interdiction, however, do notserve purposes closely related to stemming the flow and use of illegalnarcotics. Allowing checkpoints for ordinary criminal wrongdoingcould result in a system where "the Fourth Amendment would do littleto prevent such intrusions from becoming a routine part of Americanlife."

Chief Justice Rehnquist and Justices Thomas and Scalia dissented,
reasoning that drug checkpoints serve important state interests, andthat the seizures in question were brief and non-intrusive.

Importantly, a separate dissent authored by Justice Thomas questionedthe practice of suspicionless police searches in general: "I ratherdoubt that the Framers of the Fourth Amendment would have considered'reasonable' a program of indiscriminate stops of individuals notsuspected of wrongdoing."

The decision is available at:

http://www.supremecourtus.gov/opinions/99pdf/99-1030.pdf


[5] ICANN Selects Seven New Top-Level Domains


At its annual meeting in Los Angeles, the Internet Corporation ofAssigned Names and Numbers (ICANN) completed its first selection ofnew global top-level domains (gTLDs). Only seven gTLDs -- .biz, .pro,
.aero, .museum, .coop, .info, and .name -- were chosen from 44applications. One of the new gTLDs, .info, will be an unrestrictedgTLD in which any individual or organization can register a domainname. The rest of the gTLDs are restricted insofar as the registryestablishes certain rules over which individuals or organizations canregister in the domain. For example, the .museum registry will onlyallow registration of domain names by museums.

Prior to the formal ICANN meeting, a group of ICANN At-Large membersheld a forum to organize future At-Large activities. Several currentAt-Large elected members of the ICANN board, as well as a number ofAt-Large nominated candidates, participated in the meeting. Oneoutcome of the event was the formation of an Interim CoordinatingCommittee (ICC). The ICC seeks to promote and facilitate theparticipation of Internet users around the world in ICANN proceedings.
One of the first projects for the ICC will concern the "Clean Sheet"
study proposed by the ICANN Board in its July 1999 Yokohama meeting.
The "Clean Sheet" study will look at the concept and structure of theICANN At-Large membership. Comments on the ICANN StaffRecommendations for the At-Large study are due by December 27.

Information about the new gTLDs selected by ICANN is available at:

http://www.icann.org/tlds/

Background on the Interim Coordinating Committee and information aboutthe At-Large study:

http://www.icannmembers.org/



[6] U.S. Courts Seek Comment on Privacy of Court Documents


The federal judiciary is seeking comment on the privacy and securityimplications of providing electronic public access to court casefiles. These files currently contain financial and tax information,
arrest and plea bargain agreements, medical records, employment files,
and other sensitive personal information.

Access to this sensitive information has become more convenient ascourts increasingly accept electronic files and convert their paperfiles into electronic documents. In the past, interested parties hadto inspect records at the courthouse. In the near future, anyone maybe able to access this information from any location over theInternet. Accordingly, the federal judiciary seeks comments toimplement a consistent policy that recognizes both the public accessand privacy interests involved in providing access to court casefiles.

The request for comments is available at:

http://www.privacy.uscourts.gov/RFC.htm


[7] EPIC Bookstore - The Consumer Law Sourcebook 2000


The Consumer Law Sourcebook 2000: Electronic Commerce and the GlobalEconomy, edited by Sarah Andrews
http://www.epic.org/bookstore/cls/

The Consumer Law Sourcebook provides a basic set of materials forconsumers, policy makers, practitioners and researchers who areinterested in the emerging field of electronic commerce. The focus ison framework legislation that articulates basic rights for consumersand the basic responsibilities for businesses in the online economy.
The Sourcebook includes the text of many of the major consumer lawsand directives such as the Anticybersquatting Consumer Protection Act,
the Electronic Signatures Act, the Electronic Fund Transfer Act, theFederal Trade Commission Act, OECD Consumer Protection Guidelines,
European Union Directives on Electronic Commerce, ElectronicSignatures and Distance Contracts, and more. Also included is a listof consumer resources with contact information for consumer agenciesand organizations and links to useful publications and reports.



EPIC Publications:


"Privacy & Human Rights 2000: An International Survey of Privacy Lawsand Developments," David Banisar, author (EPIC 2000).
Price: $20. http://www.epic.org/phr/

This survey, by EPIC and Privacy International, reviews the state ofprivacy in over fifty countries around the world. The survey examinesa wide range of privacy issues including, data protection, telephonetapping, genetic databases, ID systems and freedom of informationlaws.



"The Privacy Law Sourcebook 2000: United States Law, InternationalLaw, and Recent Developments," Marc Rotenberg, editor (EPIC 2000).
Price: $40. http://www.epic.org/pls/

The "Physicians Desk Reference of the privacy world." An invaluableresource for students, attorneys, researchers and journalists who needan up-to-date collection of U.S. and International privacy law, aswell as a comprehensive listing of privacy resources.



"Cryptography and Liberty 2000: An International Survey of EncryptionPolicy," Wayne Madsen and David Banisar, editors (EPIC 2000).
Price: $20. http://www.epic.org/crypto&/

EPIC's third survey of encryption policies around the world. Theresults indicate that the efforts to reduce export controls on strongencryption products have largely succeeded, although severalgovernments are gaining new powers to combat the perceived threats ofencryption to law enforcement.



"Filters and Freedom - Free Speech Perspectives on Internet ContentControls," David Sobel, editor (EPIC 1999). Price: $20.
http://www.epic.org/filters&freedom/

A collection of essays, studies, and critiques of Internet contentfiltering. These papers are instrumental in explaining why filteringthreatens free expression.



Additional titles on privacy, open government, free expression,
computer security, and crypto, as well as films and DVDs can beordered through the EPIC Bookstore: http://www.epic.org/bookstore/



[8] Upcoming Conferences and Events


National Computer System Security and Privacy Advisory Board Meeting.
Hosted by Microsoft. December 4-6, 2000. Redmond, WA. For moreinformation: http://csrc.nist.gov/csspab/

Government Secrecy in a New Administration and a New Century.
Information Security Oversight Office and the James Madison Project.
December 5, 2000. Washington, DC. For more information:
http://www.fas.org/sgp/news/2000/11/symposium.pdf
Public Workshop: The Mobile Wireless Web, Data Services and Beyond.
Federal Trade Commission (FTC). December 11-12, 2000. Washington, DC.
For more information: http://www.ftc.gov/opa/2000/11/wireless.htm
16th Annual Computer Security Applications Conference (ACSAC).
December 11-15, 2000. New Orleans, Louisiana. For more information:
http://www.acsac.org
Call for Content - December 15, 2000. INET 2001: A Net Odyssey.
The 11th Annual Internet Society Conference . For more information:
http://www.isoc.org/inet2001/cfc.shtml
Network and Distributed System Security Symposium (NDSS '01). InternetSociety. February 7-9, 2001. San Diego, CA. For more information:
http://www.isoc.org/ndss01/

Privacy in the New Environments: What the Personal InformationProtection and Electronic Documents Act Means to Your Organization.
Riley Information Services. February 19, 2001. Ottawa, Canada. Formore information: http://www.rileyis.com/seminars/

CFP 2001: the Eleventh Conference on Computers, Freedom and Privacy.
March 6-9, 2001. Cambridge, MA. For more information:
http://www.cfp2001.org/

EUROSEC 2001: Forum sur la Sécurité des Systèmes d'Information. XPConseil. March 13-15, 2001. Paris, France. For more information:
http://www.xpconseil.com/eurosec2001/

Online, Offshore and Cross-Border: Regulating Global E-Commerce.
Washington College of Law, American University. March 30, 2001.
Washington, DC. For more information: http://www.wcl.american.edu
First International Conference on Human Aspects of the InformationSociety. Information Management Research Institute, University ofNorthumbria at Newcastle. April 9-11, 2001. Newcastle upon Tyne,
England. For more information: http://is.northumbria.ac.uk/imri
The 26th Annual AAAS Colloquium on Science and Technology Policy.
American Association for the Advancement of Science. May 3-4, 2001.
Washington, DC. For more information:
http://www.aaas.org/spp/dspp/rd/colloqu.htm

Subscription Information


The EPIC Alert is a free biweekly publication of the ElectronicPrivacy Information Center. A Web-based form is available forsubscribing or unsubscribing at:

http://www.epic.org/alert/subscribe.html
To subscribe or unsubscribe using email, send email toepic-newsepic.org with the subject: "subscribe" (no quotes) or"unsubscribe".

Back issues are available at:

http://www.epic.org/alert/


Privacy Policy


The EPIC Alert mailing list is used only to mail the EPIC Alert and tosend notices about EPIC activities. We do not sell, rent or share ourmailing list. We also intend to challenge any subpoena or other legalprocess seeking access to our mailing list. We do not enhance (linkto other databases) our mailing list or require your actual name.

In the event you wish to subscribe or unsubscribe your email addressfrom this list, please follow the above instructions under"subscription information". Please contact infoepic.org if you haveany other questions.


About EPIC


The Electronic Privacy Information Center is a public interestresearch center in Washington, DC. It was established in 1994 tofocus public attention on emerging privacy issues such as the ClipperChip, the Digital Telephony proposal, national ID cards, medicalrecord privacy, and the collection and sale of personal information.
EPIC publishes the EPIC Alert, pursues Freedom of Information Actlitigation, and conducts policy research. For more information,
e-mail infoepic.org, http://www.epic.org or write EPIC, 1718Connecticut Ave., NW, Suite 200, Washington, DC 20009.
+1 202 483 1140 (tel), +1 202 483 1248 (fax).

If you'd like to support the work of the Electronic PrivacyInformation Center, contributions are welcome and fullytax-deductible. Checks should be made out to "EPIC" and sent to1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009.

Your contributions will help support Freedom of Information Act andFirst Amendment litigation, strong and effective advocacy for theright of privacy and efforts to oppose government regulation ofencryption and expanding wiretapping powers.

Thank you for your support.

END EPIC Alert 7.21


.


WorldLII: Copyright Policy | Disclaimers | Privacy Policy | Feedback
URL: http://www.worldlii.org/int/journals/EPICAlert/2000/21.html