WorldLII Home | Databases | WorldLII | Search | Feedback

EPIC Alert

You are here:  WorldLII >> Databases >> EPIC Alert >> 2001 >> [2001] EPICAlert 11

Database Search | Name Search | Recent Articles | Noteup | LawCite | Help

EPIC Alert 8.11 [2001] EPICAlert 11


Volume 8.11 June 15, 2001

Published by the Electronic Privacy Information Center (EPIC)
Washington, D.C.

Table of Contents

[1] Supreme Court Rules on Thermal Imaging Case
[2] Court of Appeals Asks: Is Computer Code Speech?

[3] ICANN Conducts Survey on Whois Policy
[4] Experts Discuss Internet Issues at National Press Club
[5] Groups Urge FTC to Pursue Privacy Protection
[6] EPIC Bill-Track: New Bills in Congress
[7] EPIC Bookstore - Invasion of Privacy
[8] Upcoming Conferences and Events

[1] Supreme Court Rules on Thermal Imaging Case

In a 5-4 opinion written by Justice Scalia, the U.S. Supreme Courtheld in Kyllo v. United States that the warrantless use of a thermalimaging device to detect heat emanating from a person's residenceconstituted an illegal search under the Fourth Amendment.

In 1992, Danny Lee Kyllo was arrested after Oregon police searched hishome and found more than 100 marijuana plants growing inside. Thesearch warrant was obtained after the police scanned the roofs andwalls of Kyllo's home with a thermal imager to detect the infraredrays radiating from the halide lamps typically used to grow marijuana.
Kyllo pleaded guilty to the charges, conditioned on his ability tochallenge the constitutionality of the search. Although the DistrictCourt and Ninth Circuit rejected his Fourth Amendment claim, theSupreme Court reversed, stating that "[w]here, as here, the governmentuses a device that is not in general public use, to explore details ofthe home that would previously have been unknowable without physicalintrusion, the surveillance is a 'search' and is presumptivelyunreasonable without a warrant."

In an unusual, ideologically diverse faction, Justices Thomas, Souter,
Ginsburg and Breyer joined Scalia's opinion. Upholding classic FourthAmendment jurisprudence, the majority found that the Fourth Amendmentprotects that over which an individual has a subjective expectation ofprivacy that society would deem reasonable. Rejecting the dissent'sproposition that the scan was not a search because the device did notpenetrate the walls of the home but instead merely read "off thewall," Scalia asserted that any and all details about one's home -
including so mundane a detail as the infrared rays emitted from within- are intimate not because they are important but because they areprivate, and thus are protected by the Fourth Amendment.

Chief Justice Rehnquist and Justices O'Connor and Kennedy joinedJustice Stevens's dissent, which characterized the majority opinion asboth too narrow and too broad. Making the traditional distinctionbetween information kept within the home and that which escapes thehome and is exposed to "plain view," over which there is no furtherexpectation of privacy, the dissent found Kyllo's privacy interest tobe "trivial," especially given that he made no attempt to prevent theheat from escaping his home. Further, Stevens found the majority'semphasis on protection of the home to be a misconstruction of FourthAmendment jurisprudence, in which the protection is generally grantedmore broadly to "people, not places."

On June 14, House Majority Leader Dick Armey (R-TX) sent a letter toAttorney General John Ashcroft drawing a parallel between the SupremeCourt's majority opinion in Kyllo v. United States and the FBI'scontroversial continued use of the Carnivore Internet surveillancesystem. In the letter, Rep. Armey asks whether, similar to thermalimaging, Carnivore "undermines the minimum expectation thatindividuals have that their personal electronic communications willnot be examined by law enforcement devices unless a specific courtwarrant has been issued." According to news reports, Attorney GeneralAshcroft is reviewing the FBI's use of Carnivore and will soon respondto Rep. Armey directly.

Kyllo v. United States, Certiorari to the United States Court ofAppeals for the Ninth Circuit, No. 99-8508:
June 14 Letter from House Majority Leader Armey to Attorney GeneralAshcroft regarding Carnivore (DCS-1000):
For more information about thermal imaging devices, visit the websiteof FLIR Systems, Inc.:

[2] Court of Appeals Asks: Is Computer Code Speech?

The Second Circuit Court of Appeals is considering the question ofwhether computer code is protected speech under the First Amendment.
At issue is a case brought by eight motion picture companies against2600 Magazine to enjoin it from publishing or linking to DeCSS, acomputer program used to circumvent the encryption used in DVDs.
The movie studios contend that DeCSS is an unlawful circumventiondevice and that, as such, the defendants are prohibited by theanti-trafficking provisions of the Digital Millennium Copyright Act(DMCA) from distributing it.

The Court heard oral arguments in Universal City Studios, Inc. v.
Reimerdes on May 1. A week later it sent written requests to bothparties for further clarification on the question of whether DeCSS isitself a form of speech. This question will determine the level ofscrutiny the Court will apply when examining the DMCA's restrictionson its dissemination and use.

In its reply brief, the Electronic Frontier Foundation, on behalf ofthe defendant, argues that "DeCSS itself has no non-speech elements"
and similarly that its "dissemination .. by a member of the mediacovering an issue of public concern is pure speech." They liken thecomputer program to "blueprints and instructions for a photocopier,
recipes, books about fixing cars, and videos on baby care" and arguethat just because somebody "might use [it] to do something" does notmean that it is any less protected as speech.

The movie studios, on the other hand, deny that DeCSS involves anyform of speech referring to it as a "digital crowbar" designed todeliberately circumvent copyright protection technologies. Theycontinue that the prohibition on its distribution is just the same asmeasures prohibiting "the provision of gambling devices, traffickingin satellite theft devices, and trafficking in cable signal theftdevices" and is not a content based restriction on speech.

Courts have previously ruled that computer source code can beconsidered speech. Last year, in the case of Junger v. Daley, theSixth Circuit Court of Appeals held that encryption source code wasprotected by the Constitution as "an expressive means for the exchangeof information and ideas about computer programming" (see EPIC Alert7.07).

The movie studios' brief is available at:
The Electronic Frontier Foundation (EFF) brief is available at:
The Sixth Circuit decision in Junger v. Daley is available at:

[3] ICANN Conducts Survey on Whois Policy

The Internet Corporation for Assigned Names and Numbers (ICANN) iscurrently conducting a survey of the Internet community's views onthe Whois database and related data protection issues. ICANN is theinternational organization charged with the management of the DomainName System (DNS) and other technical functions related to Internetinfrastructure.

The Whois database provides contact information, through publicly-
accessible websites, for all Internet users who have registered domainnames. The contact information required for the domain nameregistration process includes names, mailing addresses, emailaddresses, fax numbers and telephone numbers. The original and mostimportant purpose of the Whois database is to provide contactinformation for Internet users in case of network or securityproblems.

Earlier this year, EPIC sent a letter to Congress urging members toclosely examine the privacy issues implicated in the Whois databaseand other privacy practices of registrars, companies that registerdomain names for individuals and companies. The letter highlightsthree privacy issues affected by registrar data handling practices.
The first is the Whois database that makes contact informationpublicly available for all domain name registrants. The letter pointsout that many people who now register domain names do so for personaluse or for use in a small business setting and thus may reveal homeaddresses and phone numbers. The second privacy issue is the currentability of registrars to sell bulk access to domain name registrantdata for a fee; thus resulting in the aggressive marketing of suchinformation by registrars like Network Solutions, Inc. (NSI). Thethird privacy issue is that requirements to provide contactinformation eliminate the possibility of anonymous registration ofdomain names. As the letter discusses, anonymous speech is animportant element of free expression and should be fostered on theInternet.

The letter concludes by urging ICANN and registrars to limit theamount of information required and displayed through domain nameregistration, to end the sale of domain name registrant data and topromote anonymous registration of domain names.

The survey distributed by ICANN is open to the entire Internetcommunity and provides an opportunity to establish a higher level ofprivacy protection than currently available. The survey is currentlyonly available in English and Spanish but more translations should beforthcoming. Responses will be accepted until July 31st.

ICANN Whois Survey:
EPIC Letter on Privacy of Domain Name Registration Data:

[4] Experts Discuss Internet Issues at National Press Club

On June 4, EPIC and the Harvard Information Infrastructure Project(HIIP) held an event at the National Press Club titled "PolicyBriefing: Emerging Cyberspace Issues." Bringing together legal andtechnical experts, the event examined Internet Jurisdiction and GlobalPrivacy Protection.

The first panel on Internet Jurisdiction included: Professor Julie E.
Cohen of Georgetown University Law Center, Professor James Boyle ofthe Duke University School of Law, Professor David J. Farber of theUniversity of Pennsylvania Computer and Information ScienceDepartment, Professor Michael Geist of the University of Ottawa LawSchool, Professor Pamela Samuelson of the University of California atBerkeley School of Information Management and Systems and School ofLaw, and Dr. Barbara Simons, Fellow of the American Association forthe Advancement of Science.

Many of the speakers on the first panel challenged the notion thatjurisdiction does not apply to the Internet and said that existinglegal standards have not kept up with changes in technology.
Professor Geist argued that other factors (such as the use ofcontracts, geographic-identifying technology and knowledge of partiesinvolved in a dispute that their actions would impact people in acertain forum) should be considered when establishing jurisdiction.
Professor Farber added that policy makers should consider the entirecommunications system rather than just focusing on the Internet. Dr.
Simons urged more policy makers to examine the impact and implicationsof new technology.

The second panel on Global Privacy Protection included: Simon Daviesof Privacy International, Dr. Whitfield Diffie of Sun Microsystems,
Professor Oscar H. Gandy Jr. of the Annenberg School of Communicationsat the University of Pennsylvania, Austin Hill of Zero-KnowledgeSystems, Professor Paul M. Schwartz of Brooklyn Law School and RobertEllis Smith, publisher of Privacy Journal.

Many speakers on the second panel agreed that U.S. privacy laws wouldhave to be strengthened in order to meet the standards set by othercountries around the world. Mr. Davies provided an overview of newemerging technologies, such as biometrics and smart cards, that wouldlikely impact privacy in the future. Professor Schwartz discussedrecent developments in the Safe Harbor arrangement that provides aframework for data transfers between the European Union and the UnitedStates.

More information about the event and speakers is available at:

[5] Groups Urge FTC to Pursue Privacy Protection

Privacy Coalition members have called upon Federal Trade Commissionto make privacy protection a top priority for the agency in the BushAdministration. In a letter addressed to the new FTC Chairman,
Timothy Muris, Privacy Coalition members wrote that the FTC failed totake action in cases where major companies either unilaterallychanged their privacy policies or engaged in improper collection ofindividuals' data. In light of these lapses, the FTC should takeaffirmative steps to strengthen privacy protection. Specific stepsoutlined by Privacy Coalition members include: improving theprocessing of privacy complaints, submitting an annual FTC report toCongress on the number and nature of privacy complaints received bythe agency, entering complaints in the Consumer Sentinel database,
reevaluating the protection of consumer privacy under the "unfair anddeceptive trade practices" regime, meeting regularly with privacygroups on policy issues, and encouraging the development of PrivacyEnhancing Technologies.

In recent years, former FTC Chairman Robert Pitofsky increased theagency's involvement in privacy protection. Under Pitofsky'sdirection, FTC held several public workshops on privacy but has onlypursued a handful of privacy cases under its authority to prosecuteunfair and deceptive trade practices. These efforts culminated in aMay 2000 report to Congress where a majority of FTC Commissionersrecommended the adoption of legislation to protect individuals'

In related privacy news, on June 12, Sen. Tom Harkin (D-IA) and Sen.
Jim Bunning (R-KY) introduced the Social Security Number Privacy andIdentity Theft Prevention Act "to ban the sale or unauthorizedpublication of an individual's Social Security number." The pressrelease accompanying the introduction of the bill cites the need forprotections given the growing incidence of identity theft and promisesfuture hearings on Social Security number privacy.

Privacy Coalition Letter to FTC Chair Muris:
EPIC's May 2001 Testimony before the House Subcommittee on SocialSecurity on privacy issues:
EPIC Social Security Numbers and Privacy Page:

[6] EPIC Bill-Track: New Bills in Congress


H.R.1971 Voting Rights Protection Act of 2001. To amend the NationalVoter Registration Act of 1993 to require States to give notice and anopportunity for review prior to removing individuals from the officiallist of eligible voters in elections for Federal office by reason ofcriminal conviction, and for other purposes. Sponsor: Rep Meek, CarrieP. (D-FL). Latest Major Action: 5/23/2001 Referred to House committee:
House Administration.

H.R.2031 Consumer Credit Report Accuracy and Privacy Act of 2001. Toamend the Fair Credit Reporting Act to allow any consumer to receive afree credit report annually from any consumer reporting agency.
Sponsor: Rep Roybal-Allard, Lucille (D-CA). Latest Major Action:
5/25/2001 Referred to House committee: House Financial Services.

H.R.2036 Social Security Number Privacy and Identity Theft PreventionAct of 2001. To amend the Social Security Act to enhance privacyprotections for individuals, to prevent fraudulent misuse of theSocial Security account number, and for other purposes. Sponsor: RepShaw, E. Clay, Jr. R-FL). Latest Major Action: 5/25/2001 Referred toHouse committee: House Financial Services; House Energy and Commerce;
House Ways and Means.

H.RES.159. Expressing the sense of the House of Representatives thatmachine-readable privacy policies and the Platform for PrivacyPreferences Project specification, commonly known as the P3Pspecification, are important tools in protecting the privacy ofInternet users, and for other purposes. Sponsor: Rep Smith, Adam(D-WA). Latest Major Action: 6/7/2001 Referred to House committee:
House Government Reform; House Administration; House Energy andCommerce.


S.918 Child Support Distribution Act of 2001. A bill to provide morechild support money to families leaving welfare, to simplify the rulesgoverning the assignment and distribution of child support collectedby States on behalf of children, to improve the collection of childsupport, and for other purposes. Sponsor: Sen Snowe, Olympia J.
(R-ME). Latest Major Action: 5/21/2001 Referred to Senate committee:
Senate Finance.

S.1014 Social Security Number Privacy and Identity Theft PreventionAct of 2001. A bill to amend the Social Security Act to enhanceprivacy protections for individuals, to prevent fraudulent misuse ofthe Social Security account number, and for other purposes. Sponsor:
Sen Bunning, Jim (R-KY). Latest Major Action: 6/12/2001 Referred toSenate committee: Senate Finance.

EPIC Bill Track: Tracking Privacy, Speech, and Cyber-Liberties Billsin the 107th Congress, is available at:

[7] EPIC Bookstore - Invasion of Privacy

Invasion of Privacy: How to Protect Yourself in the Computer Age byMichael Hyatt
From best-selling author and leading consumer advocate Michael Hyattcomes a startling report of how the government, industry, individuals,
and interest groups have access to personal information about you.
Fortunately, "Invasion of Privacy: How to Protect Yourself in theDigital Age" contains valuable information about what you can do toprotect yourself.

For other books recommended by EPIC, browse the EPIC Bookshelf at:

EPIC Publications:

"Filters and Freedom 2.0: Free Speech Perspectives on Internet ContentControls," (EPIC 2001). Price: $20.

A collection of essays, studies, and critiques of Internet contentfiltering. These papers are instrumental in explaining why filteringthreatens free expression.

"The Consumer Law Sourcebook 2000: Electronic Commerce and the GlobalEconomy," Sarah Andrews, editor (EPIC 2000). Price: $40.

The Consumer Law Sourcebook provides a basic set of materials forconsumers, policy makers, practitioners and researchers who areinterested in the emerging field of electronic commerce. The focus ison framework legislation that articulates basic rights for consumersand the basic responsibilities for businesses in the online economy.

"Privacy & Human Rights 2000: An International Survey of Privacy Lawsand Developments," David Banisar, author (EPIC 2000).
Price: $20.

This survey, by EPIC and Privacy International, reviews the state ofprivacy in over fifty countries around the world. The survey examinesa wide range of privacy issues including, data protection, telephonetapping, genetic databases, ID systems and freedom of informationlaws.

"The Privacy Law Sourcebook 2000: United States Law, InternationalLaw, and Recent Developments," Marc Rotenberg, editor (EPIC 2000).
Price: $40.

The "Physicians Desk Reference of the privacy world." An invaluableresource for students, attorneys, researchers and journalists who needan up-to-date collection of U.S. and International privacy law, aswell as a comprehensive listing of privacy resources.

"Cryptography and Liberty 2000: An International Survey of EncryptionPolicy," Wayne Madsen and David Banisar, authors (EPIC 2000).
Price: $20.

EPIC's third survey of encryption policies around the world. Theresults indicate that the efforts to reduce export controls on strongencryption products have largely succeeded, although severalgovernments are gaining new powers to combat the perceived threats ofencryption to law enforcement.

Additional titles on privacy, open government, free expression,
computer security, and crypto, as well as films and DVDs can beordered through the EPIC Bookstore:

[8] Upcoming Conferences and Events

ETHICOMP 2001: Systems of the Information Society. Telecommunicationsand Informatics Technical University of Gdansk, Poland. June 18-20,
2001. Gdansk, Poland. For more information:

Computer System Security and Privacy Advisory Board (CSSPAB) PublicMeeting. John Marshall Law School. June 19-21, 2001. Chicago, IL.
For more information:

ACS/IEEE International Conference on Computer Systems and Applications2001: Taking Stock of Existing Technology, Charting Future Trends.
Lebanese American University. June 25-29, 2001. Beirut, Lebanon. Formore information:
Democracy Forum 2001: Democracy and the Information Revolution.
International Institute for Democracy and Electoral Assistance. June27-29, 2001. Stockholm, Sweden. For more information:
Call for Papers - June 30, 20001. CEPE2001: Computer Ethics,
Philosophical Enquiries. Lancaster University (UK). Centre for Studyof Technology in Organizations, Institute for Environment, Philosophyand Public Policy. December 14-16, 2001. For more information:

Re-shaping the Culture of Research: People, Participation,
Partnerships & Practical Tools - Fourth Annual Community ResearchNetwork Conference. The Loka Institute. July 6-8, 2001. Austin, TX.
For more information:

The Online Privacy Conference: Integrating Security and Privacy forData Protection. MIS Training Institute. July 17-18, 2001, OptionalWorkshops July 16, 2001. Chicago, IL. For more information:
Privacy: The New Management Imperative - Chief Privacy OfficerTraining Program. Southern Methodist University and Privacy Council.
July 17-19 and October 15-17, 2001. Dallas, TX. For more information:

Health Information Privacy: Dialogue with the Stakeholders. RileyInformation Services, Inc. September 28, 2001. Ottawa, Canada. Formore information:

Call For Submissions - August 3, 2001. Workshop on Security andPrivacy in Digital Rights Management 2001. Eighth Association forComputing Machinery (ACM) Conference on Computer and CommunicationsSecurity. November 5, 2001. For more information:

ICSC 2001: International Conference on Social Computing. University ofBremen. October 1-3, 2001. Bremen, Germany. For more information:

Privacy2001: Information, Security & Ethics for the New Century.
Technology Policy Group. October 3-4, 2001. Cleveland, Ohio. For moreinformation:

Nurturing the Cybercommons, 1981-2001. Computer Professionals forSocial Responsibility (CPSR) 20th Annual Meeting. October 19-21, 2001.
Ann Arbor, MI. For more information:

Privacy: The New Management Imperative - Chief Privacy OfficerTraining Program. Cambridge University and Privacy Council.
November 5-8, 2001. Cambridge, England. For more information:
Learning for the Future. Business for Social Responsibility's NinthAnnual Conference. November 7-9, 2001. Seattle, WA. For moreinformation:

Subscription Information

The EPIC Alert is a free biweekly publication of the ElectronicPrivacy Information Center. A Web-based form is available forsubscribing or unsubscribing at:
To subscribe or unsubscribe using email, send email with the subject: "subscribe" (no quotes) or"unsubscribe".

Back issues are available at:

Privacy Policy

The EPIC Alert mailing list is used only to mail the EPIC Alert and tosend notices about EPIC activities. We do not sell, rent or share ourmailing list. We also intend to challenge any subpoena or other legalprocess seeking access to our mailing list. We do not enhance (linkto other databases) our mailing list or require your actual name.

In the event you wish to subscribe or unsubscribe your email addressfrom this list, please follow the above instructions under"subscription information". Please contact if you haveany other questions.

About EPIC

The Electronic Privacy Information Center is a public interestresearch center in Washington, DC. It was established in 1994 tofocus public attention on emerging privacy issues such as the ClipperChip, the Digital Telephony proposal, national ID cards, medicalrecord privacy, and the collection and sale of personal information.
EPIC publishes the EPIC Alert, pursues Freedom of Information Actlitigation, and conducts policy research. For more information,
e-mail, or write EPIC, 1718Connecticut Ave., NW, Suite 200, Washington, DC 20009.
+1 202 483 1140 (tel), +1 202 483 1248 (fax).

If you'd like to support the work of the Electronic PrivacyInformation Center, contributions are welcome and fullytax-deductible. Checks should be made out to "EPIC" and sent to1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009.
Or you can contribute online at
Your contributions will help support Freedom of Information Act andFirst Amendment litigation, strong and effective advocacy for theright of privacy and efforts to oppose government regulation ofencryption and expanding wiretapping powers.

Thank you for your support.

END EPIC Alert 8.11


WorldLII: Copyright Policy | Disclaimers | Privacy Policy | Feedback