You are here:
WorldLII >>
Databases >>
EPIC Alert >>
2000 >>
[2000] EPICAlert 9
Database Search
| Name Search
| Recent Articles
| Noteup
| LawCite
| Help
EPIC Alert 7.09 [2000] EPICAlert 9
EPIC ALERT
Volume 7.09 May 15, 2000
Published by the Electronic Privacy Information Center (EPIC)
Washington, D.C.
http://www.epic.org
Table of Contents
[1] FTC Completes Internet Privacy Sweep and Advisory Committee Report
[2] Anonymous Message Board Poster Sues Yahoo! for Disclosures
[3] Court to Hear Challenge to Proposed FBI Wiretap Standards
[4] Privacy Groups Oppose Financial Privacy Delay
[5] EPIC Testifies on Use of Social Security Numbers
[6] New Survey Details Experiences of Identity Theft Victims
[7] Press Freedom Survey Finds Extensive Censorship
[8] Upcoming Conferences and Events
[1] FTC Completes Internet Privacy Sweep and Advisory Committee Report
As reported in the Wall Street Journal on May 11, the Federal TradeCommission's sweep of Internet privacy policies found that theoverwhelming
majority of websites fail to meet standards for privacyprotection. According to the coverage, the Federal Trade Commission(FTC)
found that while almost 90 percent of websites surveyed hadprivacy policies, only roughly 20 percent satisfied the FTC's versionof
Fair Information Practices -- notice, consent, access, andsecurity. The report also includes a staff recommendation that theFTC
ask Congress for the authority to issue rules over Internetprivacy.
The results of the FTC's sweep are not surprising considering otherrecent surveys. EPIC's last survey conducted in December 1999,
"Surfer Beware 3: Privacy Policies Without Privacy Protection," foundthat none of the top 100 e-commerce sites met the standard set
out bya more robust set of Fair Information Practices. An industry-fundedsurvey conducted by Georgetown University in January 1999
found thatless than 10 percent of websites visited met the FTC's standards.
Tommorrow, the FTC Advisory Committee on Online Access and Securitywill release its final report. The report brought togetherrepresentatives
from industry, academia and privacy groups torecommend implementation options for access and security. The reportdiscusses access,
the ability of the consumer to view and edit theirpersonal information, and security, the prevention of unauthorizedaccess or use
of data. The final version of the report contains aconsensus recommendation for security and four options for access.
EPIC Policy Analyst Andrew Shen was a member of the AdvisoryCommittee.
The security recommendation is that Web sites maintain a securityprogram detailing their procedures and should be evaluated on thebasis
of whether or not it is "appropriate under the circumstances."
The access implementation options are "total access" in which aconsumer to access all their personal information; "default toconsumer
access" in which access would be provided in accordance withthe "ordinary course of business"; "case-by-case" in which theprovision
of access is not presumed but depends on the types ofinformation and costs; "access for correction" in which a limitedscope of information
would be subject to access and available only forminor editing.
The final report of the FTC Advisory Committee, transcripts of publicmeetings, and public comments are available at:
http://www.ftc.gov/acoas/
"Surfer Beware 3: Privacy Policies Without Privacy Protection" isavailable at:
http://www.epic.org/reports/surfer-beware3.html
[2] Anonymous Message Board Poster Sues Yahoo! for Disclosures
A federal lawsuit filed in California on May 11 could establishimportant protections for Internet privacy, anonymity and freeexpression.
The suit, filed against Yahoo! by a user of the service'spopular financial message boards, challenges the company's practice ofdisclosing
a user's personal information to third parties withoutprior notice to the user. It accuses the online portal of violatingthe "constitutional
and contractual rights to privacy" of the user,
who lost his job after posting remarks about his employer on a Yahoo!
message board.
Over the past year, Yahoo! has been inundated with subpoenas issued bycompanies seeking the identities of individuals anonymously
postinginformation critical of the firms and their executives. Withoutnotifying the targeted users, and without assessing the validity
ofthe legal claims underlying the subpoenas, Yahoo! has systematicallydisclosed identifying information such as users' names, e-mailaddresses
and Internet protocol addresses. Yahoo! has been uniqueamong major online companies in its refusal to notify its users ofsuch subpoenas
and provide them with an opportunity to challenge theinformation requests. (Since the filing of the lawsuit, Yahoo! hasclaimed that
it changed its policy in April and does now notify users.
However, that change is not yet reflected at the Yahoo! website.)
Privacy and free speech advocates, including EPIC, have criticizedYahoo!'s policy on the ground that Internet users have a right tocommunicate
anonymously and usually do so for valid reasons.
According to David L. Sobel, EPIC's General Counsel, "online anonymityplays a critical role in fostering free expression on the Internet,
and has clearly contributed to the popularity of the medium." Hesaid, "The U.S. Supreme Court has ruled that anonymity is aconstitutional
right, but the failure to inform users when subpoenasare issued may make that right illusory online."
The lawsuit was filed in United States District Court in Los Angelesby "Aquacool_2000," a pseudonymous Yahoo! user whose personalinformation
was disclosed to AnswerThink Consulting Group, Inc., apublicly held company. A copy of the lawsuit (in PDF) is availableat:
http://www.epic.org/anonymity/aquacool_complaint.pdf
[3] Court to Hear Challenge to Proposed FBI Wiretap Standards
This week, EPIC and other Internet privacy advocacy groups will ask afederal appeals court to block new rules that would enable the
FBI todictate the design of the nation's communication infrastructure. Thechallenged rules would, among other capabilities, enable
the Bureau totrack the physical locations of cellular phone users and potentiallymonitor Internet traffic.
In an oral argument to be heard by the U.S. Court of Appeals for theDistrict of Columbia Circuit on May 17, EPIC, the American CivilLiberties
Union (ACLU) and the Electronic Frontier Foundation (EFF)
will argue that the rules -- contained in a Federal CommunicationsCommission (FCC) decision issued last August -- could result in
asignificant increase in government interception of digitalcommunications. Also arguing against the proposed technical standardswill
be another group of challengers, comprised of telecommunicationsindustry trade associations and the Center for Democracy andTechnology.
The court challenge involves the Communications Assistance for LawEnforcement Act (CALEA), a controversial law enacted by Congress
in1994, which requires the telecommunications industry to design itssystems in compliance with FBI technical requirements to facilitateelectronic
surveillance. In negotiations over the last few years, theFBI and industry representatives were unable to agree upon thosestandards,
resulting in last year's FCC ruling. EPIC, ACLU and EFFparticipated as parties in the FCC proceeding and argued that theprivacy
rights of Americans must be protected.
The groups' court briefs asserted that the FCC ruling exceeds therequirements of CALEA and frustrates the privacy interests protectedby
federal statutes and the Fourth Amendment. Among other things, theCommission order would require telecommunications providers todetermine
the physical locations of cellular phone users and deliver"packet-mode communications" -- such as those that carry Internettraffic
-- to law enforcement agencies.
Proposed architectural changes to communications networks are alsobeing considered this week in Paris, where a Group of Eight (G-8)
conference is considering "cybercrime" issues. The process, whichbegan several years ago at the behest of the United States, may
bemoving toward concrete proposals that could impact online anonymity.
During the G-8 ministerial conference in Moscow last October, thecountries committed their experts to organize a dialogue betweenindustry
and governments about "identifying and locatingcybercriminals." During the scheduled Okinawa summit in July, theresults of the discussion
will be considered by the Heads of State ofthe G-8.
Background materials on CALEA, including the briefs filed by EPIC,
ACLU and EFF, are available at EPIC's website:
http://www.epic.org/privacy/wiretap/
Information on the G-8 conference is available at:
http://www.g8parishightech.org/en_txt/index.htm
[4] Privacy Groups Oppose Financial Privacy Delay
Despite widespread public support for the protection of personalfinancial information, government agencies have decided to delay theeffective
date of financial privacy protections until July 2001.
Upon rumors that the agencies in charge of issuing rules protectingfinancial privacy were planning to delay their effective date,
acoalition of privacy groups issued a joint letter on May 9 insistingthat the rules goes into effect as planned. The open letter
to theagencies stated that while the privacy guidelines provided by theGramm-Leach-Bliley Act were inadequate, they still offered
more thanthe current lack of protections. Despite these concerns, on May 11,
the Federal Reserve, the Federal Deposit Insurance Corporation, theOffice of the Comptroller of the Currency, and the Office of ThriftSupervision
issued their final financial privacy rules but delayed theeffective date until July 1 of next year. In a separate announcementreleased
today, the Federal Trade Commission also issued its finalrules with the same delayed effective date.
Public support for financial privacy continues to grow despite theslow response from the federal government. A recent poll published
bythe National Journal found that 14 percent of registered voters citedthe protection of financial records as their top priority
for Congressthis year. In comparison, 16 percent of those polled picked toughergun restrictions and seven percent selected the passage
of a patients'
bill of rights as high priority issues.
The letter opposing the delay of financial privacy protections:
http://www.pirg.org/consumer/glbdelay.htm
Press release announcing the delay of the effective date for financialprivacy rules:
http://www.bog.frb.fed.us/boarddocs/press/BoardActs/2000/
20000510/default.htm
Separate press release from the Federal Trade Commission also delayingthe implementation of financial privacy protections:
http://www.ftc.gov/opa/2000/05/glbpress1.htm
[5] EPIC Testifies on Use of Social Security Numbers
On May 11, EPIC Executive Director Marc Rotenberg testified before theHouse Subcommittee on Social Security on the "Use and Misuse
of SocialSecurity Numbers." The subcommittee convened the hearing to examinethe need for legislation to curb the growing misuse
of Social SecurityNumbers (SSNs) such as in cases of identity theft.
EPIC's testimony argues that legislation to limit the collection anduse of the SSN is appropriate, necessary and fully consistent
withU.S. law. The history of the SSN demonstrates that it was neverintended to be used widely as a unique identifier and that there
isclear judicial and legislative support for further legal restrictionson its use. The testimony concluded that strong privacy laws
andother safeguards are necessary to ensure that the problems associatedwith misuse of the SSN, such as profiling and identity theft,
do notincrease in the future.
Also testifying on the panel were several members of Congressproposing legislation to curb the use of SSNs, the Consumer ProgramDirector
of U.S. PIRG, and representatives of industries andgovernment agencies that regularly use Social Security Numbers in thecourse of
their work.
EPIC's testimony is available at:
http://www.epic.org/privacy/ssn/testimony_0500.html
The testimony of other panel members is also online at:
http://www.house.gov/ways_means/socsec/106cong/ss-17awi.htm
[6] New Survey Details Experiences of Identity Theft Victims
On May 1, the California Public Interest Research Group (CALPIRG) andthe Privacy Rights Clearinghouse (PRC), released a new reporthighlighting
the difficulties that victims of identity theft face inclearing their names. The report, entitled "Nowhere to Turn: VictimsSpeak
out on Identity Theft", surveys the experiences of identitytheft victims. The survey found that the victims had spent betweentwo
and four years removing an average of $18,000 in fraudulentcharges.
The report argues that law enforcement, government and credit industryprocedures fail to address the growing problem of identity theft
andmake it difficult for victims to resolve their cases. The reportacknowledges that the 1998 law passed by Congress to criminalizeidentity
theft is an important "first step" in combating identitytheft but argues that much more needs to be done. It recommends theintroduction
of state and federal laws to protect consumers andforcing bodies such as banks, department stores and credit bureaus totake a more
responsible approach to the growing problem of identitytheft.
"Nowhere to Turn: Victims Speak out on Identity Theft" is at:
http://www.pirg.org/calpirg/consumer/privacy/idtheft2000/
[7] Press Freedom Survey Finds Extensive Censorship
In its 22nd annual survey of international press freedom, FreedomHouse recently found that nearly two-thirds of the 186 countriesreviewed
restrict the content of print and electronic news media.
According to the report, sixty-nine countries (37 percent) have a freepress, while 51 have a partly free news media and 66 do not
providepress freedom. Those governments that restrict press freedom oftenclaim to do so in the interest of preserving public morality
andprotecting national security.
Governments employ various tactics to limit Internet access, such asmandating special licensing and regulation of Internet use, channelingtraffic
through filtered government servers, and banning access toparticular Web pages. For example, the official Internet ServiceProvider
(ISP) in China restricts access to particular news reportsgenerated abroad. The Chinese government also monitors Web sites toensure
that no sensitive government information is disclosed and hasimprisoned dissidents who have posted such material. In Russia, oneof
the successors to the KGB has required ISPs to install surveillancedevices that allow direct monitoring of Internet activity.
The Freedom House survey is available at:
http://www.freedomhouse.org/pfs2000/
[8] Upcoming Conferences and Events
Electronic Government: New Challenges for Public Administration andLaw. May 18, 2000. Center for Law, Public Administration, andInformatization
of Tilburg University, Netherlands. For moreinformation: http://schoordijk.kub.nl/crbi/egov/
Securing Linux or BSD Novice Users' Personal Computers. GNU/Linux
Beginners SIG. May 19, 2000. New School Computer Instruction Center.
New York, NY. For more information: drscloud9.net
Shaping the Network: The Future of the Public Sphere in Cyberspace.
Computer Professionals for Social Responsibility (CPSR). May 20-23,
2000. Seattle, WA. For more information:
http://www.scn.org/cpsr/diac-00
New Millennium, New Horizons: Marketing and Public Policy Conference2000. American Marketing Association. June 1-3, 2000. Marriott
MetroCenter. Washington, DC. For more information:
http://www.ama.org/events/
Data Sharing: Initiatives and Challenges Among Benefit and Loan
Programs. United States General Accounting Office. June 7-8, 2000.
Library of Congress, Jefferson Building. Washington, DC. For moreinformation: morehousec.hehsgao.gov
First Annual Institute on Privacy Law: Strategies for Legal Compliancein a High Tech and Changing Regulatory Environment. Practicing
LawInstitute. June 22-23, 2000. PLI Conference Center. New York, NY.
For more information: http://www.pli.edu
Telecommunications: The Bridge to Globalization in the InformationSociety. Biennial Conference of the International TelecommunicationsSociety.
July 2-5, 2000. For more information:
http://www.its2000.org.ar
INET 2000: Internet Global Summit. Internet Society. July 18-20, 2000.
Yokohama, Japan. For more information: http://www.isoc.org/inet2000
First International Hackers Forum. The Green Planet. August 18-20,
2000. Zaporozhye, Ukraine. For more information:
http://www.geocities.com/hack_forum
Surveillance Expo 2000. August 28-30, 2000. Arlington, VA. For moreinformation: http://www.surveillance-expo.com
KnowRight 2000 - InfoEthics Europe. Austrian Computer Society andUNESCO. September 26-29, 2000. Vienna, Austria. For more information:
http://www.ocg.at/KR-IE2000.html
Privacy: A Social Research Conference. New School University. October5-7, 2000. New York, NY. For more information:
http://www.newschool.edu/centers/socres/privacy/
Privacy2000: Information and Security in the Digital Age. October 31-
November 1, 2000. Adam's Mark Hotel. Columbus, Ohio. For more
information: http://www.privacy2000.org
Subscription Information
The EPIC Alert is a free biweekly publication of the ElectronicPrivacy Information Center. A Web-based form is available forsubscribing
or unsubscribing at:
http://www.epic.org/alert/subscribe.html
To subscribe or unsubscribe using email, send email toepic-newsepic.org with the subject: "subscribe" (no quotes) or"unsubscribe".
Back issues are available at:
http://www.epic.org/alert/
About EPIC
The Electronic Privacy Information Center is a public interestresearch center in Washington, DC. It was established in 1994 tofocus
public attention on emerging privacy issues such as the ClipperChip, the Digital Telephony proposal, national ID cards, medicalrecord
privacy, and the collection and sale of personal information.
EPIC is sponsored by the Fund for Constitutional Government, anon-profit organization established in 1974 to protect civil libertiesand
constitutional rights. EPIC publishes the EPIC Alert, pursuesFreedom of Information Act litigation, and conducts policy research.
For more information, e-mail infoepic.org, http://www.epic.org orwrite EPIC, 1718 Connecticut Ave., NW, Suite 200, Washington, DC20009.
+1 202 483 1140 (tel), +1 202 483 1248 (fax).
If you'd like to support the work of the Electronic PrivacyInformation Center, contributions are welcome and fullytax-deductible.
Checks should be made out to "The Fund forConstitutional Government" and sent to EPIC, 1718 ConnecticutAve., NW, Suite 200, Washington,
DC 20009.
Your contributions will help support Freedom of Information Act andFirst Amendment litigation, strong and effective advocacy for theright of privacy and efforts to oppose government regulation
ofencryption and expanding wiretapping powers.
Thank you for your support.
END EPIC Alert 7.09
.
WorldLII:
Copyright Policy
|
Disclaimers
|
Privacy Policy
|
Feedback
URL: http://www.worldlii.org/int/journals/EPICAlert/2000/9.html