You are here:
WorldLII >>
Databases >>
EPIC Alert >>
2001 >>
[2001] EPICAlert 12
Database Search
| Name Search
| Recent Articles
| Noteup
| LawCite
| Help
EPIC Alert 8.12 [2001] EPICAlert 12
EPIC ALERT
Volume 8.12 June 29, 2001
Published by the Electronic Privacy Information Center (EPIC)
Washington, D.C.
http://www.epic.org/alert/EPIC_Alert_8.12.html
Table of Contents
[1] Privacy Rights Now: Take Action on Financial Privacy
[2] Report Examines Interactive TV and Privacy
[3] EPIC Testifies before Congress on Privacy and Technology
[4] Hague Convention Deadlocks, Future Unclear
[5] President Calls for Genetic Non-Discrimination Legislation
[6] EPIC Bill-Track: New Bills in Congress
[7] EPIC Bookstore - Online Dispute Resolution
[8] Upcoming Conferences and Events
[1] Privacy Rights Now: Take Action on Financial Privacy
A coalition of consumer and privacy advocacy groups are urgingconsumers to take action to protect financial privacy. EPIC, alongwith
other coalition groups, advised consumers to opt-out of financialinformation sharing and to support comprehensive legislation that
willprotect individuals' privacy rights effectively. To aid in opting-outand voicing support for effective legislation, the coalition
launcheda new web site - Privacyrightsnow.org.
Under provisions of the Financial Services Modernization Act of 1999(Gramm-Leach-Bliley), financial and insurance companies must mail
aprivacy and opt-out notice to consumers by July 1, 2001. The statuteenables consumers to opt-out from a limited amount of nonpublicpersonal
information sharing. However, even if individuals opt-out,
the statute allows financial and insurance institutions to shareinformation with their affiliates and other entities that are underthe
same corporate umbrella. Also, loopholes in the statute permitcompanies to create an affiliation with another institution by simplyentering
into a joint marketing agreement.
The coalition condemned the law as both defective and deceptive. Thenotices received under the law typically describe information
sharingpractices only vaguely. In addition, many consumers simply throw awaythe notices. To aid consumers in exercising their rights,
thecoalition posted online sample opt-out letters that can be sent to anyfinancial or insurance institution along with a list of
addresses ofmajor financial and insurance institutions. The coalition also soughtto raise awareness that individuals can still opt-out
after the July1, 2001 deadline.
The coalition urged individuals to call on Congress in support ofcomprehensive privacy protection. Effective legislation would embodyFair
Information Practices, including use and collection limitations,
individual affirmative consent, and a right to review and correctrecords. Through the new web site, individuals can download a sampleletter
to send to Congress in support of comprehensive privacyprotection.
Privacy Rights Now website:
http://www.privacyrightsnow.org/
[2] Report Examines Interactive TV and Privacy
On June 26, the Center for Digital Democracy (CDD) released "TV ThatWatches You: The Prying Eyes of Interactive Television," a reportexamining
companies' plans to roll out interactive television andtheir impacts on privacy. The report found that many of the plansinvolve
"reshaping American television, transforming it into a vastdata collection and interactive direct marketing machine."
Interactive television (ITV) is the next generation of broadcastingand brings the interactivity of the web to television. ITV willsupplement
television programs with new features, allowing viewers toaccess additional information or purchase items related to aparticular
broadcast. Some ITV systems will also allow web surfing,
e-mail and chat to take place through the home television. Many mediaand cable companies, such as AOL-TW and AT&T, are currently
investingmoney in this new sector.
However, plans for the new technology carry over many of the profilingtechniques that have been common on the Internet. For example,
according to its own promotional material, the Microsoft TV serversoftware "[e]nables faster and better decision-making through
aninnovative data warehouse that aggregates and stores information onall user activity" and provides "rich personalization and targeting
ofcontent and ads to consumers based on their television viewing and Websurfing histories and preferences." The report quotes technicalmaterial,
SEC filings and company spokesmen to highlight the privacypractices of ITV providers.
The last part of the report examines the current level of privacyprotection for ITV. The most directly applicable law is the CableCommunications
Policy Act of 1984, one of the strongest privacy lawsthat currently exists. Despite providing the full range of FairInformation
Practices, the law only applies to cable televisionsubscribers and thus would not affect ITV broadcast through othermeans such as
satellite or DSL. One of the primary recommendationsof the report is to extend the protections contained in the Cable Actto cover
all methods of transmission. The report also recommendsstronger enforcement over existing law, calls for industryrepresentatives
to support strong privacy laws and supports buildingin privacy-protecting standards into these new technologies.
"TV That Watches You: The Prying Eyes of Interactive Television":
http://www.democraticmedia.org/
[3] EPIC Testifies before Congress on Privacy and Technology
On June 21, 2001, the House Subcommittee on Commerce, Trade, andConsumer Protection held a hearing on Information Privacy: IndustryBest
Practices and Technological Solutions. It was the fifth in aseries of hearings on privacy that Subcommittee Chairman Stearns(R-FL)
had held. Stearns plans to hold another hearing on privacy inJuly.
The hearing consisted of two panels. The first panel of witnessesrepresented Internet companies that had created software solutionsaimed
at securing Internet privacy. These witnesses included SafeWebChairman-CEO Stephen Hsu, Reciprocal CEO John Schwartz, MicrosoftProduct
Manager for Internet Explorer Michael Wallent, and WebwasherVP-Business Development and Marketing Frances Schlosstein. All fourwitnesses
agreed that legislation would be needed to ensure "a minimumfloor of privacy protection." However, SafeWeb CEO Stephen Hsuadvised
that now was not the time to enact a privacy law. Both JohnSchwartz of Reciprocal and Michael Wallent of Microsoft echoed similarsentiments
with Schwartz adding, "we don't know enough to passlegislation now."
The second panel of witnesses included EPIC Executive Director MarcRotenberg, DMA Senior VP Jerry Cerasale, Privacy Engage DirectorTrevor
Hughes, BBBOnline Senior VP Steven Cole, and Ernst & YoungNational Leader of Innovative Assurance Solutions Jerry DeVault. Thetwo
witnesses representing online and offline advertising companies,
Jerry Cerasale and Trevor Hughes, testified that their companies hadsuccessfully implemented industry best practices. Steven Cole
ofBBBOnline explained that their seal program increased online privacyby ensuring users that commercial websites displaying these
seals weremeeting BBBOnline standards. Jerry DeVault of Ernst & Young testifiedthat independent verification is needed to safeguard
Internet privacy.
Marc Rotenberg of EPIC presented a different view concerning the needfor privacy legislation. Rotenberg pointed out that, "we have
lawsto protect the privacy of telephone calls, video rental records,
automated health records." However, where the Internet is concerned,
Rotenberg added, "privacy is being redefined from a set of basicrights to a series of warning notices." While acknowledging that"technology
plays a critical role in safeguarding privacy," heasserted, "we will need good technology and good legislation tosafeguard privacy
in the years ahead." When asked by Ranking MemberEdolphus Towns (D-NY) whether we knew enough to enact legislation,
Rotenberg responded: "We know enough. I don't see the benefit ofwaiting. We need to have a rule that will apply to everybody."
Several news reports noted that Chairman Stearns expressed support forEPIC's position.
Written testimony from the witnesses and an archived recording of theSubcommittee hearing:
http://energycommerce.house.gov/107/hearings/06212001Hearing292/
hearing.htm
EPIC Online Guide to Practical Privacy Tools:
http://www.epic.org/privacy/tools.html
[4] Hague Convention Deadlocks, Future Unclear
On June 22, the Hague Conference on Private International Law complet-
ed its first Diplomatic Conference on the future Hague Convention onJurisdiction and Enforcement of Foreign Judgments. This convention,
which has been under negotiation since 1996, will potentially affectall civil and commercial cross-border lawsuits. Rather than determinespecific
laws to govern these cases, the proposed convention seeks toharmonize rules of jurisdiction and enforcement among signatorycountries.
This could essentially require each member country toenforce the laws of every other member country even where those lawsdiffer
greatly and involve controversial issues such as free speech,
intellectual property and consumer rights.
The Treaty has been the subject of much criticism from public interestand business groups alike. Free speech and free software advocatesargue
that it could have a disastrous effect on freedom and creativityon the Internet if individuals may be sued by "rights holders" inother
countries with far more restrictive laws on, for example, breachof copyright or libel. Meanwhile, businesses and consumer groups
areengaged in a protracted discussion on how to approach jurisdictionalissues in business to consumer transactions. Should, for
example,
consumers be allowed to sue foreign businesses in their homecountries? Or should businesses be free to shield themselves fromthis
kind of liability by including "choice of court" clauses inconsumer contacts? Little progress was made on any of these issuesduring
the recent meetings. Although informal negotiations on theTreaty will continue throughout the year, the next DiplomaticConference
will not be held until 2002.
For more information on the negotiations see the Consumer Project onTechnology's page on the Hague Treaty:
http://www.cptech.org/ecom/jurisdiction/hague.html
See also the Trans Atlantic Consumer Dialogue's January 2001Resolution on the Treaty and June 2001 Open Letter to the HagueConference
at:
http://www.tacd.org/cgi-bin/db.cgi?page=view&config=admin/
docs.cfg&id=94
http://www.tacd.org/cgi-bin/db.cgi?page=view&config=admin/
docs.cfg&id=102
[5] President Calls for Genetic Non-Discrimination Legislation
In his June 23 radio address to the nation, President Bush called onCongress to pass legislation to prevent genetic discrimination.
Inthe statement, the President noted that the recently completed mappingof the human genome could allow hiring decisions and provision
ofinsurance coverage to be based on genetic information. He also notedthat, in many instances, genetic predispositions may not lead
toactual development of disease and "[t]o deny employment or insuranceto a healthy person based only on a predisposition
violates ourcountry's belief in equal treatment and individual merit."
A Clinton Administration Executive Order, EO 13145, prohibits the useof genetic information within the federal government in hiring
andpromotion decisions. Former President Clinton also supportedproposals by Sen. Tom Daschle (D-ND) and Rep. Louise Slaughter (D-NY)
to extend similar protections to the private sector (see EPIC Alert7.03). Those bills and another introduced by Sen. Olympia Snowe(R-ME)
are awaiting action in Congress.
June 23 Radio Address by the President to the Nation:
http://www.whitehouse.gov/news/releases/2001/06/20010623.html
Executive Order 13145 - To Prohibit Discrimination in FederalEmployment Based on Genetic Information:
http://www.nara.gov/fedreg/eo2000.html#13145
[6] EPIC Bill-Track: New Bills in Congress
*House*
H.R.2135 Consumer Privacy Protection Act. To protect consumer privacy.
Sponsor: Rep Sawyer, Tom (D-OH). Latest Major Action: 6/18/2001Referred to House subcommittee: House Energy and Commerce.
H.R.2136 Confidential Information Protection Act. To protect theconfidentiality of information acquired from the public forstatistical
purposes. Sponsor: Rep Sawyer, Tom (D-OH). Latest MajorAction: 6/12/2001 Referred to House committee: House GovernmentReform.
*Senate*
S.995 A bill to amend chapter 23 of title 5, United States Code.
To clarify the disclosures of information protected from prohibitedpersonnel practices, require a statement in non-disclosure policies,
forms, and agreements that such policies, forms and agreements conformwith certain disclosure protections, provide certain authority
for theSpecial Counsel, and for other purposes. Sponsor: Sen Akaka, Daniel K.
(D-HI). Latest Major Action: 6/7/2001 Referred to Senate committee:
Senate Governmental Affairs.
S.1055 Privacy Act of 2001 A bill to require the consent of anindividual prior to the sale and marketing of such individual'spersonally
identifiable information, and for other purposes. Sponsor:
Sen Feinstein, Dianne (D-CA). Latest Major Action: 6/14/2001 Referredto Senate committee: Senate Judiciary.
EPIC Bill Track: Tracking Privacy, Speech, and Cyber-Liberties Billsin the 107th Congress, is available at:
http://www.epic.org/privacy/bill_track.html
[7] EPIC Bookstore - Online Dispute Resolution
Online Dispute Resolution: Resolving Conflicts in Cyberspace by EthanKatsh, Janet Rifkin
http://www.powells.com/cgi-bin/partner?partner_id=24075&cgi=search/
search&searchtype=isbn&searchfor=0787956767
An essential tool for dispute resolution professionals as well as foranyone considering using dispute resolution in their lives and
work,
Online Dispute Resolution explains the many diverse and uniqueapplications of doing conflict resolution online. The expert authorsexamine
the tremendous growth of online dispute resolution - includingits use by eBay and other e-commerce companies - and reveal theenormous
possibilities to come, along with the many employmentopportunities for practitioners in the field. They show how theonline environment
will affect the role of those who are concernedwith dispute resolution just as it has brought changes to those whopractice law, sell
stocks, or run for office. For those who see thevalue of technology as a critical building block in the future ofdispute resolution,
Online Dispute Resolution will be an indispensableresource.
EPIC Publications:
"Filters and Freedom 2.0: Free Speech Perspectives on Internet ContentControls," (EPIC 2001). Price: $20.
http://www.epic.org/bookstore/filters2.0/
A collection of essays, studies, and critiques of Internet contentfiltering. These papers are instrumental in explaining why filteringthreatens
free expression.
"The Consumer Law Sourcebook 2000: Electronic Commerce and the GlobalEconomy," Sarah Andrews, editor (EPIC 2000). Price: $40.
http://www.epic.org/cls/
The Consumer Law Sourcebook provides a basic set of materials forconsumers, policy makers, practitioners and researchers who areinterested
in the emerging field of electronic commerce. The focus ison framework legislation that articulates basic rights for consumersand
the basic responsibilities for businesses in the online economy.
"Privacy & Human Rights 2000: An International Survey of Privacy Lawsand Developments," David Banisar, author (EPIC 2000).
Price: $20. http://www.epic.org/phr/
This survey, by EPIC and Privacy International, reviews the state ofprivacy in over fifty countries around the world. The survey
examinesa wide range of privacy issues including, data protection, telephonetapping, genetic databases, ID systems and freedom of
informationlaws.
"The Privacy Law Sourcebook 2000: United States Law, InternationalLaw, and Recent Developments," Marc Rotenberg, editor (EPIC 2000).
Price: $40. http://www.epic.org/pls/
The "Physicians Desk Reference of the privacy world." An invaluableresource for students, attorneys, researchers and journalists who
needan up-to-date collection of U.S. and International privacy law, aswell as a comprehensive listing of privacy resources.
"Cryptography and Liberty 2000: An International Survey of EncryptionPolicy," Wayne Madsen and David Banisar, authors (EPIC 2000).
Price: $20. http://www.epic.org/crypto&/
EPIC's third survey of encryption policies around the world. Theresults indicate that the efforts to reduce export controls on strongencryption
products have largely succeeded, although severalgovernments are gaining new powers to combat the perceived threats ofencryption
to law enforcement.
Additional titles on privacy, open government, free expression,
computer security, and crypto, as well as films and DVDs can beordered through the EPIC Bookstore: http://www.epic.org/bookstore/
[8] Upcoming Conferences and Events
Call for Papers - June 30, 2001. CEPE2001: Computer Ethics,
Philosophical Enquiries. Lancaster University (UK). Centre for Studyof Technology in Organizations, Institute for Environment, Philosophyand
Public Policy. December 14-16, 2001. For more information:
http://www.lancs.ac.uk/depts/philosophy/conferences/
Re-shaping the Culture of Research: People, Participation,
Partnerships & Practical Tools - Fourth Annual Community ResearchNetwork Conference. The Loka Institute. July 6-8, 2001. Austin,
TX.
For more information: http://www.loka.org/
The Online Privacy Conference: Integrating Security and Privacy forData Protection. MIS Training Institute. July 17-18, 2001, OptionalWorkshops
July 16, 2001. Chicago, IL. For more information:
http://www.misti.com/conference_show.asp?id=MP1
Privacy: The New Management Imperative - Chief Privacy OfficerTraining Program. Southern Methodist University and Privacy Council.
July 17-19 and October 15-17, 2001. Dallas, TX. For more information:
http://execdev.cox.smu.edu/
Healthcare Transactions and Code Sets, Privacy, Data Security andHIPAA/GLB Compliance: The Future of Technology, the Internet and
EDIin Healthcare. The Health Colloquium at Harvard and the HIPAA SummitConference Series. August 19-22, 2001. Cambridge, MA. For
moreinformation: http://www.ehc-info.com/
Health Information Privacy: Dialogue with the Stakeholders. RileyInformation Services, Inc. September 28, 2001. Ottawa, Canada. Formore
information: http://www.rileyis.com/seminars/
Call For Submissions - August 3, 2001. Workshop on Security andPrivacy in Digital Rights Management 2001. Eighth Association forComputing
Machinery (ACM) Conference on Computer and CommunicationsSecurity. November 5, 2001. Philadelphia, PA. For more information:
http://www.star-lab.com/sander/spdrm/
ICSC 2001: International Conference on Social Computing. University ofBremen. October 1-3, 2001. Bremen, Germany. For more information:
http://icsc2001.informatik.uni-bremen.de/
Privacy2001: Information, Security & Ethics for the New Century.
Technology Policy Group. October 3-4, 2001. Cleveland, OH. For moreinformation: http://www.privacy2000.org/
Nurturing the Cybercommons, 1981-2001. Computer Professionals forSocial Responsibility (CPSR) 20th Annual Meeting. October 19-21,
2001.
Ann Arbor, MI. For more information:
http://www.cpsr.org/conferences/annmtg01/
The Third National HIPAA Summit: From Theory to Practice - FromPlanning to Implementation. October 24-26, 2001. Washington, DC. Formore
information: http://www.hipaasummit.com/
The 29th Research Conference on Communication, Information andInternet Policy. Telecommunications Policy Research Conference.
October 27-29, 2001. Alexandria, VA. For more information:
http://www.tprc.org
Privacy: The New Management Imperative - Chief Privacy OfficerTraining Program. Cambridge University and Privacy Council.
November 5-8, 2001. Cambridge, England. For more information:
kturnerprivacycouncil.com
Learning for the Future. Business for Social Responsibility's NinthAnnual Conference. November 7-9, 2001. Seattle, WA. For moreinformation:
http://www.bsr.org/events/2001.asp
Subscription Information
The EPIC Alert is a free biweekly publication of the ElectronicPrivacy Information Center. A Web-based form is available forsubscribing
or unsubscribing at:
http://www.epic.org/alert/subscribe.html
To subscribe or unsubscribe using email, send email toepic-newsepic.org with the subject: "subscribe" (no quotes) or"unsubscribe".
Back issues are available at:
http://www.epic.org/alert/
Privacy Policy
The EPIC Alert mailing list is used only to mail the EPIC Alert and tosend notices about EPIC activities. We do not sell, rent or
share ourmailing list. We also intend to challenge any subpoena or other legalprocess seeking access to our mailing list. We do
not enhance (linkto other databases) our mailing list or require your actual name.
In the event you wish to subscribe or unsubscribe your email addressfrom this list, please follow the above instructions under"subscription
information". Please contact infoepic.org if you haveany other questions.
About EPIC
The Electronic Privacy Information Center is a public interestresearch center in Washington, DC. It was established in 1994 tofocus
public attention on emerging privacy issues such as the ClipperChip, the Digital Telephony proposal, national ID cards, medicalrecord
privacy, and the collection and sale of personal information.
EPIC publishes the EPIC Alert, pursues Freedom of Information Actlitigation, and conducts policy research. For more information,
e-mail infoepic.org, http://www.epic.org or write EPIC, 1718Connecticut Ave., NW, Suite 200, Washington, DC 20009.
+1 202 483 1140 (tel), +1 202 483 1248 (fax).
If you'd like to support the work of the Electronic PrivacyInformation Center, contributions are welcome and fullytax-deductible.
Checks should be made out to "EPIC" and sent to1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009.
Or you can contribute online athttp://www.guidestar.org/aol/search/report/report.adp?ein=52-2225921
Your contributions will help support Freedom of Information Act andFirst Amendment litigation, strong and effective advocacy for theright of privacy and efforts to oppose government regulation
ofencryption and expanding wiretapping powers.
Thank you for your support.
END EPIC Alert 8.12
.
WorldLII:
Copyright Policy
|
Disclaimers
|
Privacy Policy
|
Feedback
URL: http://www.worldlii.org/int/journals/EPICAlert/2001/12.html
