WorldLII Home | Databases | WorldLII | Search | Feedback

EPIC Alert

You are here:  WorldLII >> Databases >> EPIC Alert >> 2000 >> [2000] EPICAlert 9

Database Search | Name Search | Recent Articles | Noteup | LawCite | Help

EPIC Alert 7.09 [2000] EPICAlert 9


Volume 7.09 May 15, 2000

Published by the Electronic Privacy Information Center (EPIC)
Washington, D.C.

Table of Contents

[1] FTC Completes Internet Privacy Sweep and Advisory Committee Report
[2] Anonymous Message Board Poster Sues Yahoo! for Disclosures
[3] Court to Hear Challenge to Proposed FBI Wiretap Standards
[4] Privacy Groups Oppose Financial Privacy Delay
[5] EPIC Testifies on Use of Social Security Numbers
[6] New Survey Details Experiences of Identity Theft Victims

[7] Press Freedom Survey Finds Extensive Censorship
[8] Upcoming Conferences and Events

[1] FTC Completes Internet Privacy Sweep and Advisory Committee Report

As reported in the Wall Street Journal on May 11, the Federal TradeCommission's sweep of Internet privacy policies found that theoverwhelming majority of websites fail to meet standards for privacyprotection. According to the coverage, the Federal Trade Commission(FTC) found that while almost 90 percent of websites surveyed hadprivacy policies, only roughly 20 percent satisfied the FTC's versionof Fair Information Practices -- notice, consent, access, andsecurity. The report also includes a staff recommendation that theFTC ask Congress for the authority to issue rules over Internetprivacy.

The results of the FTC's sweep are not surprising considering otherrecent surveys. EPIC's last survey conducted in December 1999,
"Surfer Beware 3: Privacy Policies Without Privacy Protection," foundthat none of the top 100 e-commerce sites met the standard set out bya more robust set of Fair Information Practices. An industry-fundedsurvey conducted by Georgetown University in January 1999 found thatless than 10 percent of websites visited met the FTC's standards.

Tommorrow, the FTC Advisory Committee on Online Access and Securitywill release its final report. The report brought togetherrepresentatives from industry, academia and privacy groups torecommend implementation options for access and security. The reportdiscusses access, the ability of the consumer to view and edit theirpersonal information, and security, the prevention of unauthorizedaccess or use of data. The final version of the report contains aconsensus recommendation for security and four options for access.
EPIC Policy Analyst Andrew Shen was a member of the AdvisoryCommittee.

The security recommendation is that Web sites maintain a securityprogram detailing their procedures and should be evaluated on thebasis of whether or not it is "appropriate under the circumstances."
The access implementation options are "total access" in which aconsumer to access all their personal information; "default toconsumer access" in which access would be provided in accordance withthe "ordinary course of business"; "case-by-case" in which theprovision of access is not presumed but depends on the types ofinformation and costs; "access for correction" in which a limitedscope of information would be subject to access and available only forminor editing.

The final report of the FTC Advisory Committee, transcripts of publicmeetings, and public comments are available at:

"Surfer Beware 3: Privacy Policies Without Privacy Protection" isavailable at:

[2] Anonymous Message Board Poster Sues Yahoo! for Disclosures

A federal lawsuit filed in California on May 11 could establishimportant protections for Internet privacy, anonymity and freeexpression. The suit, filed against Yahoo! by a user of the service'spopular financial message boards, challenges the company's practice ofdisclosing a user's personal information to third parties withoutprior notice to the user. It accuses the online portal of violatingthe "constitutional and contractual rights to privacy" of the user,
who lost his job after posting remarks about his employer on a Yahoo!
message board.

Over the past year, Yahoo! has been inundated with subpoenas issued bycompanies seeking the identities of individuals anonymously postinginformation critical of the firms and their executives. Withoutnotifying the targeted users, and without assessing the validity ofthe legal claims underlying the subpoenas, Yahoo! has systematicallydisclosed identifying information such as users' names, e-mailaddresses and Internet protocol addresses. Yahoo! has been uniqueamong major online companies in its refusal to notify its users ofsuch subpoenas and provide them with an opportunity to challenge theinformation requests. (Since the filing of the lawsuit, Yahoo! hasclaimed that it changed its policy in April and does now notify users.
However, that change is not yet reflected at the Yahoo! website.)

Privacy and free speech advocates, including EPIC, have criticizedYahoo!'s policy on the ground that Internet users have a right tocommunicate anonymously and usually do so for valid reasons.
According to David L. Sobel, EPIC's General Counsel, "online anonymityplays a critical role in fostering free expression on the Internet,
and has clearly contributed to the popularity of the medium." Hesaid, "The U.S. Supreme Court has ruled that anonymity is aconstitutional right, but the failure to inform users when subpoenasare issued may make that right illusory online."

The lawsuit was filed in United States District Court in Los Angelesby "Aquacool_2000," a pseudonymous Yahoo! user whose personalinformation was disclosed to AnswerThink Consulting Group, Inc., apublicly held company. A copy of the lawsuit (in PDF) is availableat:

[3] Court to Hear Challenge to Proposed FBI Wiretap Standards

This week, EPIC and other Internet privacy advocacy groups will ask afederal appeals court to block new rules that would enable the FBI todictate the design of the nation's communication infrastructure. Thechallenged rules would, among other capabilities, enable the Bureau totrack the physical locations of cellular phone users and potentiallymonitor Internet traffic.

In an oral argument to be heard by the U.S. Court of Appeals for theDistrict of Columbia Circuit on May 17, EPIC, the American CivilLiberties Union (ACLU) and the Electronic Frontier Foundation (EFF)
will argue that the rules -- contained in a Federal CommunicationsCommission (FCC) decision issued last August -- could result in asignificant increase in government interception of digitalcommunications. Also arguing against the proposed technical standardswill be another group of challengers, comprised of telecommunicationsindustry trade associations and the Center for Democracy andTechnology.

The court challenge involves the Communications Assistance for LawEnforcement Act (CALEA), a controversial law enacted by Congress in1994, which requires the telecommunications industry to design itssystems in compliance with FBI technical requirements to facilitateelectronic surveillance. In negotiations over the last few years, theFBI and industry representatives were unable to agree upon thosestandards, resulting in last year's FCC ruling. EPIC, ACLU and EFFparticipated as parties in the FCC proceeding and argued that theprivacy rights of Americans must be protected.

The groups' court briefs asserted that the FCC ruling exceeds therequirements of CALEA and frustrates the privacy interests protectedby federal statutes and the Fourth Amendment. Among other things, theCommission order would require telecommunications providers todetermine the physical locations of cellular phone users and deliver"packet-mode communications" -- such as those that carry Internettraffic -- to law enforcement agencies.

Proposed architectural changes to communications networks are alsobeing considered this week in Paris, where a Group of Eight (G-8)
conference is considering "cybercrime" issues. The process, whichbegan several years ago at the behest of the United States, may bemoving toward concrete proposals that could impact online anonymity.
During the G-8 ministerial conference in Moscow last October, thecountries committed their experts to organize a dialogue betweenindustry and governments about "identifying and locatingcybercriminals." During the scheduled Okinawa summit in July, theresults of the discussion will be considered by the Heads of State ofthe G-8.

Background materials on CALEA, including the briefs filed by EPIC,
ACLU and EFF, are available at EPIC's website:

Information on the G-8 conference is available at:

[4] Privacy Groups Oppose Financial Privacy Delay

Despite widespread public support for the protection of personalfinancial information, government agencies have decided to delay theeffective date of financial privacy protections until July 2001.

Upon rumors that the agencies in charge of issuing rules protectingfinancial privacy were planning to delay their effective date, acoalition of privacy groups issued a joint letter on May 9 insistingthat the rules goes into effect as planned. The open letter to theagencies stated that while the privacy guidelines provided by theGramm-Leach-Bliley Act were inadequate, they still offered more thanthe current lack of protections. Despite these concerns, on May 11,
the Federal Reserve, the Federal Deposit Insurance Corporation, theOffice of the Comptroller of the Currency, and the Office of ThriftSupervision issued their final financial privacy rules but delayed theeffective date until July 1 of next year. In a separate announcementreleased today, the Federal Trade Commission also issued its finalrules with the same delayed effective date.

Public support for financial privacy continues to grow despite theslow response from the federal government. A recent poll published bythe National Journal found that 14 percent of registered voters citedthe protection of financial records as their top priority for Congressthis year. In comparison, 16 percent of those polled picked toughergun restrictions and seven percent selected the passage of a patients'
bill of rights as high priority issues.

The letter opposing the delay of financial privacy protections:
Press release announcing the delay of the effective date for financialprivacy rules:
Separate press release from the Federal Trade Commission also delayingthe implementation of financial privacy protections:

[5] EPIC Testifies on Use of Social Security Numbers

On May 11, EPIC Executive Director Marc Rotenberg testified before theHouse Subcommittee on Social Security on the "Use and Misuse of SocialSecurity Numbers." The subcommittee convened the hearing to examinethe need for legislation to curb the growing misuse of Social SecurityNumbers (SSNs) such as in cases of identity theft.

EPIC's testimony argues that legislation to limit the collection anduse of the SSN is appropriate, necessary and fully consistent withU.S. law. The history of the SSN demonstrates that it was neverintended to be used widely as a unique identifier and that there isclear judicial and legislative support for further legal restrictionson its use. The testimony concluded that strong privacy laws andother safeguards are necessary to ensure that the problems associatedwith misuse of the SSN, such as profiling and identity theft, do notincrease in the future.

Also testifying on the panel were several members of Congressproposing legislation to curb the use of SSNs, the Consumer ProgramDirector of U.S. PIRG, and representatives of industries andgovernment agencies that regularly use Social Security Numbers in thecourse of their work.

EPIC's testimony is available at:
The testimony of other panel members is also online at:

[6] New Survey Details Experiences of Identity Theft Victims

On May 1, the California Public Interest Research Group (CALPIRG) andthe Privacy Rights Clearinghouse (PRC), released a new reporthighlighting the difficulties that victims of identity theft face inclearing their names. The report, entitled "Nowhere to Turn: VictimsSpeak out on Identity Theft", surveys the experiences of identitytheft victims. The survey found that the victims had spent betweentwo and four years removing an average of $18,000 in fraudulentcharges.

The report argues that law enforcement, government and credit industryprocedures fail to address the growing problem of identity theft andmake it difficult for victims to resolve their cases. The reportacknowledges that the 1998 law passed by Congress to criminalizeidentity theft is an important "first step" in combating identitytheft but argues that much more needs to be done. It recommends theintroduction of state and federal laws to protect consumers andforcing bodies such as banks, department stores and credit bureaus totake a more responsible approach to the growing problem of identitytheft.

"Nowhere to Turn: Victims Speak out on Identity Theft" is at:

[7] Press Freedom Survey Finds Extensive Censorship

In its 22nd annual survey of international press freedom, FreedomHouse recently found that nearly two-thirds of the 186 countriesreviewed restrict the content of print and electronic news media.
According to the report, sixty-nine countries (37 percent) have a freepress, while 51 have a partly free news media and 66 do not providepress freedom. Those governments that restrict press freedom oftenclaim to do so in the interest of preserving public morality andprotecting national security.

Governments employ various tactics to limit Internet access, such asmandating special licensing and regulation of Internet use, channelingtraffic through filtered government servers, and banning access toparticular Web pages. For example, the official Internet ServiceProvider (ISP) in China restricts access to particular news reportsgenerated abroad. The Chinese government also monitors Web sites toensure that no sensitive government information is disclosed and hasimprisoned dissidents who have posted such material. In Russia, oneof the successors to the KGB has required ISPs to install surveillancedevices that allow direct monitoring of Internet activity.

The Freedom House survey is available at:

[8] Upcoming Conferences and Events

Electronic Government: New Challenges for Public Administration andLaw. May 18, 2000. Center for Law, Public Administration, andInformatization of Tilburg University, Netherlands. For moreinformation:

Securing Linux or BSD Novice Users' Personal Computers. GNU/Linux
Beginners SIG. May 19, 2000. New School Computer Instruction Center.
New York, NY. For more information:
Shaping the Network: The Future of the Public Sphere in Cyberspace.
Computer Professionals for Social Responsibility (CPSR). May 20-23,
2000. Seattle, WA. For more information:
New Millennium, New Horizons: Marketing and Public Policy Conference2000. American Marketing Association. June 1-3, 2000. Marriott MetroCenter. Washington, DC. For more information:

Data Sharing: Initiatives and Challenges Among Benefit and Loan
Programs. United States General Accounting Office. June 7-8, 2000.
Library of Congress, Jefferson Building. Washington, DC. For moreinformation:
First Annual Institute on Privacy Law: Strategies for Legal Compliancein a High Tech and Changing Regulatory Environment. Practicing LawInstitute. June 22-23, 2000. PLI Conference Center. New York, NY.
For more information:
Telecommunications: The Bridge to Globalization in the InformationSociety. Biennial Conference of the International TelecommunicationsSociety. July 2-5, 2000. For more information:
INET 2000: Internet Global Summit. Internet Society. July 18-20, 2000.
Yokohama, Japan. For more information:
First International Hackers Forum. The Green Planet. August 18-20,
2000. Zaporozhye, Ukraine. For more information:
Surveillance Expo 2000. August 28-30, 2000. Arlington, VA. For moreinformation:
KnowRight 2000 - InfoEthics Europe. Austrian Computer Society andUNESCO. September 26-29, 2000. Vienna, Austria. For more information:
Privacy: A Social Research Conference. New School University. October5-7, 2000. New York, NY. For more information:

Privacy2000: Information and Security in the Digital Age. October 31-
November 1, 2000. Adam's Mark Hotel. Columbus, Ohio. For more

Subscription Information

The EPIC Alert is a free biweekly publication of the ElectronicPrivacy Information Center. A Web-based form is available forsubscribing or unsubscribing at:
To subscribe or unsubscribe using email, send email with the subject: "subscribe" (no quotes) or"unsubscribe".

Back issues are available at:

About EPIC

The Electronic Privacy Information Center is a public interestresearch center in Washington, DC. It was established in 1994 tofocus public attention on emerging privacy issues such as the ClipperChip, the Digital Telephony proposal, national ID cards, medicalrecord privacy, and the collection and sale of personal information.
EPIC is sponsored by the Fund for Constitutional Government, anon-profit organization established in 1974 to protect civil libertiesand constitutional rights. EPIC publishes the EPIC Alert, pursuesFreedom of Information Act litigation, and conducts policy research.
For more information, e-mail, orwrite EPIC, 1718 Connecticut Ave., NW, Suite 200, Washington, DC20009. +1 202 483 1140 (tel), +1 202 483 1248 (fax).

If you'd like to support the work of the Electronic PrivacyInformation Center, contributions are welcome and fullytax-deductible. Checks should be made out to "The Fund forConstitutional Government" and sent to EPIC, 1718 ConnecticutAve., NW, Suite 200, Washington, DC 20009.

Your contributions will help support Freedom of Information Act andFirst Amendment litigation, strong and effective advocacy for theright of privacy and efforts to oppose government regulation ofencryption and expanding wiretapping powers.

Thank you for your support.

END EPIC Alert 7.09


WorldLII: Copyright Policy | Disclaimers | Privacy Policy | Feedback