WorldLII Home | Databases | WorldLII | Search | Feedback

EPIC Alert

You are here:  WorldLII >> Databases >> EPIC Alert >> 2001 >> [2001] EPICAlert 13

Database Search | Name Search | Recent Articles | Noteup | LawCite | Help

EPIC Alert 8.13 [2001] EPICAlert 13


Volume 8.13 July 18, 2001

Published by the Electronic Privacy Information Center (EPIC)
Washington, D.C.

Table of Contents

[1] Appeals Court Decision Protects Anonymous Online Speech
[2] Consumer and Privacy Groups Outline FTC Priorities
[3] HHS Clarifies Privacy Rule, May Change Minors' Rights
[4] EPIC Testifies before Congress on Internet Privacy
[5] Florida Court Blocks Access to Autopsy Photos
[6] EPIC Bill-Track: New Bills in Congress
[7] EPIC Bookstore - Dmitri Sklyarov Reading List
[8] Upcoming Conferences and Events

[1] Appeals Court Decision Protects Anonymous Online Speech

In the first appellate court decision to consider the issue, a NewJersey court on July 11 rejected a company's attempt to obtain theidentities of anonymous Internet critics. A three-judge panel of theNew Jersey Superior Court, Appellate Division, ruled that the company,
Dendrite International, failed to meet the stringent legal standardsrequired to obtain subpoenas for the disclosure of the identities ofpeople who post comments on Internet message boards. The decisionaffirms a lower court ruling issued last November (see EPIC Alert7.21).

Dendrite had sued four people who anonymously posted messages criticalof the company on a Yahoo! message board, alleging that the postershad made false statements, had violated employment agreements, and/orhad published secret information. Noting that "[i]t is well-
established that rights afforded by the First Amendment remainprotected even when engaged in anonymously," the appeals court adopteda four-part test to ensure that the right to speak anonymously can belost only if the plaintiff can show that it has a valid case againstthe speakers that could not be pursued without identifying thespeakers.

Under this standard, a court should first require the plaintiff toattempt to notify the anonymous posters that their identities arebeing sought and give the "John Doe" defendants an opportunity tooppose the request. Second, the plaintiffs must identify the exactstatements alleged to be unlawful. Third, the court must thendetermine both whether the complaint states a valid claim for reliefand whether the plaintiff has enough evidence to support its claim.
Finally, if the first three criteria are met, the court must balancethe defendant's First Amendment right of anonymous free speech againstthe strength of the case and the necessity for identifying the poster.
The appeals court upheld the lower court ruling that Dendrite had notmet this standard, because there was no proof that the messages hadcaused its stock price to fall or had otherwise caused it harm.

The procedures adopted by the court had been proposed in an amicusbrief filed by Public Citizen Litigation Group and the American CivilLiberties Union of New Jersey Foundation. The decision is likely tobe influential in other cases, which are growing in frequency; Yahoo!
recently told a judge in another case that it has received thousandsof subpoenas like Dendrite's.

The appeals court decision is available at:
The Public Citizen/ACLUNJF amicus brief is available at

[2] Consumer and Privacy Groups Outline FTC Priorities

On July 17, members of the Privacy Coalition, a non-partisan coalitionof consumer, civil liberties, educational, library, labor, andfamily-based groups, met with Federal Trade Commission (FTC) ChairmanTimothy Muris. The Coalition presented a letter to the Chairman withrecommendations for future FTC action on privacy issues. This is thesecond meeting that the Privacy Coalition has had with the Chairman.
Chairman Muris says that he has devoted more time to privacy than anyother issue since taking over at the FTC.

In the meeting, Coalition members stressed that a top priority forthe Commission should be to develop a better complaint handling systemthat would make it easier to receive, process and respond to privacycomplaints from individual members of the public. They alsorecommended that the resulting statistics be published in an annualreport similar to that submitted by the Administrative Office of theU.S. Courts each year on federal and state applications for wiretaps.

Considerable discussion was devoted to the enforcement of existingprivacy laws in the offline sector, such as the Fair Credit ReportingAct and the Telemarketing Sales Rule, as well as the need for reformsand increased oversight in the online sector. The Coalition urged theFTC to promote the principles of Fair Information Practices, ratherthan simply "notice and choice," when investigating companies thatroutinely change their privacy policies or when endorsing industryguidelines such as last year's agreement with the Network AdvertisingInitiative on online profiling.

Finally, the Coalition encouraged the Commission to continue to holdpublic workshops on privacy and security related issues and toestablish contact with the national data protection commissions thathave been established in many other countries around the world.

A copy of the letter presented to the Chairman is available at:
For more information on the Privacy Coalition, see:

[3] HHS Clarifies Privacy Rule, May Change Minors' Rights

The Department of Health and Human Services (HHS) has releasedguidelines clarifying the Privacy Rule, a framework of new protectionsfor patient information developed pursuant to the Health InsurancePortability and Accountability Act of 1996 (HIPAA). The Privacy Rulesets the first federal standards for protection of individuallyidentifiable health information. The new HHS guidelines on thePrivacy Rule indicate that HHS will "reassess" the rights of parentsto access the medical records of their minor children. The agencywill also change certain rules to accommodate common practices in thehealth care industry.

Generally, the Privacy Rule assumes that parents are the "personalrepresentatives" of their minor children, and that they can receiveprotected health information without consent of the child. ThePrivacy Rule contains two exemptions to this assumption. The firstallows a parent to permit a direct confidential relationship betweenthe care provider and child for treatment. The second permits theprovider to withhold information from the parent where the child maybe endangered as a result of the disclosure. The guidelines specifythat HHS Secretary Thompson will reassess these exemptions.

HHS has indicated that the Privacy Rule will be changed to accommodatecertain common practices in delivery of health care. For instance,
HHS will modify provisions to allow pharmacists to accept phoned-inprescription orders without first obtaining written consent from thepatient. In addition, contrary to arguments made by opponents of thePrivacy Rule, hospitals and other medical facilities will not have tobuild soundproof rooms to prevent others from overhearing patientinformation. The HHS clarification specifies that reasonablesafeguards, such as lowering the volume of one's voice, can be used toprevent inappropriate disclosure of patient information.

Before HHS is able to change aspects of the Privacy Rule, the agencymust first publish a notice in the Federal Register and acceptcomments from the public. EPIC will track these developments as theyoccur.

Standards for Privacy of Individually Identifiable Health Information:
HHS Fact Sheet describing the Privacy Rule protections:

[4] EPIC Testifies before Congress on Internet Privacy

On July 11, 2001, the Senate Committee on Commerce, Science, andTransportation held a hearing on the need for privacy legislation.
During the hearing, the Committee examined existing laws protectingprivacy, in the U.S. and abroad, to determine what kind of privacylegislation might be appropriate for the Internet.

The hearing consisted of two panels. The first panel included EPICExecutive Director Marc Rotenberg, Indiana University School of LawProfessor Fred Cate, and Brooklyn Law School Professor Paul Schwartz,
Ph.D. The second panel included Vice President of GlobalPublic Policy, Paul Misener, author Hans Peter Brondmo, VP and ChiefPrivacy Officer of Earthlink Inc., Les Seagraves, Associate GeneralCounsel for Microsoft Corporation, Ira Rubinstein, and Jason Catlett,
President of Junkbusters.

Marc Rotenberg of EPIC testified that legislation to protect privacyon the Internet is necessary for many reasons. For one, it has beenthe legal tradition to introduce new legislation when new electronicservices are provided, whereas privacy on the Internet has heretoforebeen self-regulated. Legislation to protect Internet privacy wouldhelp users bypass the various problems encountered with self-
regulation. Rotenberg stated that good Internet privacy legislationwould include provisions on such issues as openness and accountability,
meaningful consent, and private right of action, and that weaklegislation that failed to properly safeguard personal informationwould merely increase public backlash.

Rotenberg also argued that current public opinion shows the majorityof Internet users want the ability to control the collection and useof personal data and users would like data collection and usage to beregulated by legislation. In a recent Gallup Poll, 66% of e-mailusers said that the federal government should pass laws to protectprivacy online. The poll found that support for legislation increasedas the level of experience increased. Frequent Internet users (thosewho spend 15 hours or more online each week) are more likely to favorthe passage of new laws (75%) than infrequent users (63%).

In related news, on July 12, the House Subcommittee on Courts, theInternet, and Intellectual Property held a hearing on "The WhoisDatabase: Privacy and Intellectual Property Issues." At the hearing,
the Electronic Privacy Information Center (EPIC) issued a letter tothe Subcommittee outlining the free speech and anonymity arguments forsupporting only voluntary submission of information to the Whoisdatabase. The Internet Corporation for Assigned Names and Numbers(ICANN) is currently conducting a survey of the Internet community'sattitudes on proper requirements and uses of the Whois database (seeEPIC Alert 8.11). ICANN will be accepting responses until the end ofJuly.

EPIC's Testimony on Internet Privacy is available at:
Written testimony from the witnesses is available at:
EPIC Letter to the House Subcommittee on Courts, the Internet, andIntellectual Property on the Whois database:

[5] Florida Court Blocks Access to Autopsy Photos

Applying a recently-enacted state law sealing autopsy photographsabsent judicial authorization, a Florida judge has blocked mediaaccess to autopsy images of racecar driver Dale Earnhardt, who waskilled in a last-lap crash during the Daytona 500 in February. Citingthe family's privacy interest, Earnhardt's widow filed a lawsuitseeking to block access to the autopsy records on February 22, justfour days after the racing legend died. Initially, access was soughtby the Orlando Sentinel to confirm NASCAR statements that a brokenseatbelt contributed to Earnhardt's death, an assertion hotlycontested by both paramedics on the scene and the seatbelt'smanufacturer. These allegations were ultimately refuted after asettlement between Teresa Earnhardt and the Sentinel, in which anindependent medical examiner was appointed to examine the autopsyphotographs and issue a report as to the cause of death.

However, in the subsequent four-month legal battle, attorneys for theIndependent Florida Alligator, a student-run newspaper at theUniversity of Florida, and (neither parties to thesettlement) argued that public review of the photographs was necessaryto prevent future racing fatalities and to ensure that the countycoroner did an adequate job assessing the cause of death. TeresaEarnhardt urged the judge to personally examine the photographs, sothat he could better understand their graphic nature. She vehementlyopposed access to the pictures, stating that the photographs were"humiliating, disgusting, and negative," and that dissemination wouldcause the family extreme emotional distress.

In a final order issued July 9, following months of heated argumentsbetween attorneys for all parties, Circuit Judge Joseph Will ruledthat the new statute is constitutional. Although Judge Will did notrule, as urged by the family's attorney, that Teresa Earnhardt had aprotected constitutional right to privacy in the photographs under theU.S. Constitution, his opinion contains language defending such aright. "Modern times have witnessed an erosion of the individualexpectation of privacy to a pathetic point . . . Nosiness has becomethe order of the day -- so long as it is amusing or entertaining."
Judge Will's opinion states that he was tempted to expand his rulingbeyond the state law, but felt that this would overreach his judicialauthority.

The constitutionality of the law is currently under challenge by newsmedia organizations in a separate case. In a related development, anopinion issued by Florida Attorney General Bob Butterworth on July 11says that medical examiners can use autopsy photographs in trainingfor public agencies but cannot show them to private parties without acourt order.

The court opinion denying access to the Earnhardt autopsyphotographs is available at:
The Florida Attorney General's opinion is available at:

[6] EPIC Bill-Track: New Bills in Congress


H.R.2336 To make permanent the authority to redact financialdisclosure statements of judicial employees and judicial officers.
Sponsor: Rep Coble, Howard (R-NC). Latest Major Action: 6/27/2001Referred to House committee: House Judiciary.

H.R.2360 Campaign Reform and Citizen Participation Act of 2001. Toamend the Federal Election Campaign Act of 1971 to restrict the use ofnon-Federal funds by national political parties, to revise thelimitations on the amount of certain contributions which may be madeunder such Act, to promote the availability of information oncommunications made with respect to campaigns for Federal elections,
and for other purposes. Sponsor: Rep Ney, Robert W. (R-OH). LatestMajor Action: 6/28/2001 House committee/subcommittee actionsCommittees: House Administration.

H.R.2417 Dot Kids Domain Name Act of 2001. To facilitate the creationof a new global top-level Internet domain that will be a haven formaterial that will promote positive experiences of children andfamilies using the Internet, to provide a safe online environment forchildren, and to help prevent children from being exposed to harmfulmaterial on the Internet, and for other purposes. Sponsor: RepShimkus, John (R-IL). Latest Major Action: 6/28/2001 Referred to Housecommittee: House Energy and Commerce.

H.R.2435 Cyber Security Information Act. To encourage the securedisclosure and protected exchange of information about cyber securityproblems, solutions, test practices and test results, and relatedmatters in connection with critical infrastructure protection.
Sponsor: Rep Davis, Tom (R-VA). Latest Major Action: 7/10/2001Referred to House committee: House Government Reform; House Judiciary.

H.R.2458 E-Government Act of 2001 . To enhance the management andpromotion of electronic Government services and processes byestablishing a Federal Chief Information Officer within the Office ofManagement and Budget, and by establishing a broad framework ofmeasures that require using Internet-based information technology toenhance citizen access to Government information and services, and forother purposes. Sponsor: Rep Turner, Jim (D-TX). Latest Major Action:
7/11/2001 Referred to House committee: House Government Reform.

H.R.2472 Protect Children From E-Mail Smut Act of 2001. To protectchildren from unsolicited e-mail smut containing sexually orientedadvertisements offensive to minors. Sponsor: Rep Lofgren, Zoe (D-CA).
Latest Major Action: 7/11/2001 Referred to House committee: HouseEnergy and Commerce; House Judiciary; House Science.

H.R.2500 Making appropriations for the Departments of Commerce,
Justice, and State, the Judiciary, and related agencies for the fiscalyear ending September 30, 2002, and for other purposes. Sponsor: RepWolf, Frank R. (R-VA). Latest Major Action: 7/16/2001 Housepreparation for floor Committees: House Appropriations Departments ofCommerce, Justice, and State, the Judiciary, and Related AgenciesAppropriations Act, 2002 (Reported in the House).


S.1014 Social Security Number Privacy and Identity Theft PreventionAct of 2001. A bill to amend the Social Security Act to enhanceprivacy protections for individuals, to prevent fraudulent misuse ofthe Social Security account number, and for other purposes. Sponsor:
Sen Bunning, Jim (R-KY). Latest Major Action: 6/12/2001 Referred toSenate committee: Senate Finance.

S.1065 Inspector General for the Federal Bureau of Investigation Actof 2001. A bill to amend the Inspector General Act of 1978 (5 U.S.C.
App.) to establish an Inspector General for the Federal Bureau ofInvestigation, and for other purposes. Sponsor: Sen Durbin, Richard J.
(D-IL). Latest Major Action: 6/20/2001 Referred to Senate committee:
Senate Judiciary.

S.1074 FBI Reform Commission Act of 2001. A bill to establish acommission to review the Federal Bureau of Investigation. Sponsor: SenSchumer, Charles E. (D-NY). Latest Major Action: 6/20/2001 Referred toSenate committee: Senate Judiciary.

S.1164 Location Privacy Protection Act of 2001. A bill to provide forthe enhanced protection of the privacy of location information ofusers of location-based services and applications, and for otherpurposes. Sponsor: Sen Edwards, John (D-NC). Latest Major Action:
7/11/2001 Referred to Senate committee: Senate Commerce, Science, andTransportation.

S.1165 Juvenile Crime Prevention and Control Act of 2001. A bill toprevent juvenile crime, promote accountability by and rehabilitationof juvenile crime, punish and deter violent gang crime, and for otherpurposes. Sponsor: Sen Biden Jr., Joseph R. (D-DE) Latest MajorAction: 7/11/2001 Referred to Senate committee: Senate Judiciary.

EPIC Bill Track: Tracking Privacy, Speech, and Cyber-Liberties Billsin the 107th Congress, is available at:

[7] EPIC Bookstore - Dmitri Sklyarov Reading List

On July 17, Dmitri Sklyarov, a Russian graduate student, was arrestedby the U.S. Attorney's Office of Northern California after presentinga paper on encryption, as used in electronic books, at the DefConconference in Las Vegas. He was charged with trafficking in softwarethat circumvents copyright protection and aiding and abetting suchtrafficking. The charges are being brought under the criminalprovisions of the Digital Millenium Copyright Act (DMCA) and couldresult in up to five years in jail and a $500,000 fine. DmitriSklyarov is twenty-seven years old and has two children.

The First Amendment by Peter H. Irons
This sequel to the bestselling "May it Please the Court" focuses onsixteen key First Amendment cases illustrating the most controversialdebates over issues of free speech, freedom of the press, and theright to assemble. Includes actual oral arguments made before theSupreme Court by well-known attorneys, along with transcripts placingspeakers and cases in context.

Digital Copyright by Jessica Litman
In this enlightening book, law professor Litman questions whethercopyright laws really make sense for the majority of people. Shouldevery interaction between consumers and copyright-protected works berestricted by law? Here she argues for reforms that reflect commonsense and the way people behave in their daily digital interactions.

Crypto by Steven Levy
>From the author who made "hacker" a household word comes a ground-
breaking book about the most hotly debated subject of the digital age.
"Crypto" concerns privacy in the information age and about the nerdsand visionaries who, nearly 20 years ago, predicted that theInternet's greatest virtue - free access to information - was also itsmost perilous drawback: a possible end to privacy.

EPIC Publications:

"Filters and Freedom 2.0: Free Speech Perspectives on Internet ContentControls," (EPIC 2001). Price: $20.

A collection of essays, studies, and critiques of Internet contentfiltering. These papers are instrumental in explaining why filteringthreatens free expression.

"The Consumer Law Sourcebook 2000: Electronic Commerce and the GlobalEconomy," Sarah Andrews, editor (EPIC 2000). Price: $40.

The Consumer Law Sourcebook provides a basic set of materials forconsumers, policy makers, practitioners and researchers who areinterested in the emerging field of electronic commerce. The focus ison framework legislation that articulates basic rights for consumersand the basic responsibilities for businesses in the online economy.

"Privacy & Human Rights 2000: An International Survey of Privacy Lawsand Developments," David Banisar, author (EPIC 2000).
Price: $20.

This survey, by EPIC and Privacy International, reviews the state ofprivacy in over fifty countries around the world. The survey examinesa wide range of privacy issues including, data protection, telephonetapping, genetic databases, ID systems and freedom of informationlaws.

"The Privacy Law Sourcebook 2000: United States Law, InternationalLaw, and Recent Developments," Marc Rotenberg, editor (EPIC 2000).
Price: $40.

The "Physicians Desk Reference of the privacy world." An invaluableresource for students, attorneys, researchers and journalists who needan up-to-date collection of U.S. and International privacy law, aswell as a comprehensive listing of privacy resources.

"Cryptography and Liberty 2000: An International Survey of EncryptionPolicy," Wayne Madsen and David Banisar, authors (EPIC 2000).
Price: $20.

EPIC's third survey of encryption policies around the world. Theresults indicate that the efforts to reduce export controls on strongencryption products have largely succeeded, although severalgovernments are gaining new powers to combat the perceived threats ofencryption to law enforcement.

Additional titles on privacy, open government, free expression,
computer security, and crypto, as well as films and DVDs can beordered through the EPIC Bookstore:

[8] Upcoming Conferences and Events

Healthcare Transactions and Code Sets, Privacy, Data Security andHIPAA/GLB Compliance: The Future of Technology, the Internet and EDIin Healthcare. The Health Colloquium at Harvard and the HIPAA SummitConference Series. August 19-22, 2001. Cambridge, MA. For moreinformation:

Health Information Privacy: Dialogue with the Stakeholders. RileyInformation Services, Inc. September 28, 2001. Ottawa, Canada. Formore information:

Call For Submissions - August 3, 2001. Workshop on Security andPrivacy in Digital Rights Management 2001. Eighth Association forComputing Machinery (ACM) Conference on Computer and CommunicationsSecurity. November 5, 2001. Philadelphia, PA. For more information:

Privacy2001: Information, Security & Ethics for the New Century.
Technology Policy Group. October 3-4, 2001. Cleveland, OH. For moreinformation:

Privacy: The New Management Imperative - Chief Privacy OfficerTraining Program. Southern Methodist University and Privacy Council.
October 15-17, 2001. Dallas, TX. For more information:

Nurturing the Cybercommons, 1981-2001. Computer Professionals forSocial Responsibility (CPSR) 20th Annual Meeting. October 19-21, 2001.
Ann Arbor, MI. For more information:

The Third National HIPAA Summit: From Theory to Practice - FromPlanning to Implementation. October 24-26, 2001. Washington, DC. Formore information:

The 29th Research Conference on Communication, Information andInternet Policy. Telecommunications Policy Research Conference.
October 27-29, 2001. Alexandria, VA. For more information:
The 8th Annual Centre for Applied Cryptographic Research (CACR)
Information Security Workshop: The Human Face of Privacy Technology.
University of Waterloo and Information and Privacy Commission/Ontario.
November 1-2, 2001. Toronto, Ontario. For more information:

Privacy: The New Management Imperative - Chief Privacy OfficerTraining Program. Cambridge University and Privacy Council.
November 5-8, 2001. Cambridge, England. For more information:
Learning for the Future. Business for Social Responsibility's NinthAnnual Conference. November 7-9, 2001. Seattle, WA. For moreinformation:

Subscription Information

The EPIC Alert is a free biweekly publication of the ElectronicPrivacy Information Center. A Web-based form is available forsubscribing or unsubscribing at:
To subscribe or unsubscribe using email, send email with the subject: "subscribe" (no quotes) or"unsubscribe".

Back issues are available at:

Privacy Policy

The EPIC Alert mailing list is used only to mail the EPIC Alert and tosend notices about EPIC activities. We do not sell, rent or share ourmailing list. We also intend to challenge any subpoena or other legalprocess seeking access to our mailing list. We do not enhance (linkto other databases) our mailing list or require your actual name.

In the event you wish to subscribe or unsubscribe your email addressfrom this list, please follow the above instructions under"subscription information". Please contact if you haveany other questions.

About EPIC

The Electronic Privacy Information Center is a public interestresearch center in Washington, DC. It was established in 1994 tofocus public attention on emerging privacy issues such as the ClipperChip, the Digital Telephony proposal, national ID cards, medicalrecord privacy, and the collection and sale of personal information.
EPIC publishes the EPIC Alert, pursues Freedom of Information Actlitigation, and conducts policy research. For more information,
e-mail, or write EPIC, 1718Connecticut Ave., NW, Suite 200, Washington, DC 20009.
+1 202 483 1140 (tel), +1 202 483 1248 (fax).

If you'd like to support the work of the Electronic PrivacyInformation Center, contributions are welcome and fullytax-deductible. Checks should be made out to "EPIC" and sent to1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009.
Or you can contribute online at
Your contributions will help support Freedom of Information Act andFirst Amendment litigation, strong and effective advocacy for theright of privacy and efforts to oppose government regulation ofencryption and expanding wiretapping powers.

Thank you for your support.

END EPIC Alert 8.13


WorldLII: Copyright Policy | Disclaimers | Privacy Policy | Feedback