WorldLII Home | Databases | WorldLII | Search | Feedback

EPIC Alert

You are here:  WorldLII >> Databases >> EPIC Alert >> 2001 >> [2001] EPICAlert 16

Database Search | Name Search | Recent Alerts | Noteup | LawCite | Help

EPIC Alert 8.16 [2001] EPICAlert 16 (6 September 2001)




EPIC ALERT




Volume 8.16 September 6, 2001

Published by the Electronic Privacy Information Center (EPIC)
Washington, D.C.

http://www.epic.org/alert/EPIC_Alert_8.16.html

Table of Contents



[1] Government Says Details of Keystroke Monitor are "Classified"

[2] EPIC Urges Federal Judiciary to End Workplace Monitoring
[3] Friday, September 7 - Day of Action Against Video Surveillance
[4] Subpoenaed Bookstores Defend Customer Privacy
[5] New Privacy Reports by PRI and Privacy Foundation
[6] Privacytown: Online Guide to Protecting Consumer Privacy
[7] EPIC Bookstore - Privacy Law Sourcebook 2001
[8] Upcoming Conferences and Events


[1] Government Says Details of Keystroke Monitor are "Classified"


Attempting to conceal the details of keystroke monitoring technologyused in a criminal investigation, the U.S. government has invoked theClassified Information Procedures Act (CIPA) in a high-profile casepending in federal court in New Jersey. The invocation of CIPA camein response to an order issued on August 7 by U.S. District JudgeNicholas Politan, directing the government to produce a report"detailing how the key logger device functions." To date, thetechnique has only been described publicly as "specialized computersoftware, firmware and/or hardware." The FBI surreptitiouslyinstalled the keystroke monitor on the computer of defendant NicodemoScarfo and used it to capture his PGP encryption passphrase during thecourse of a gambling investigation.

In a motion filed on August 23, the government asserts that"information concerning the underlying functionality of the FBI's KeyLogger System is classified" and that, even if Scarfo can show thatthe information would be helpful to his defense, "overriding nationalsecurity concerns may trump the defendant's need for the information."
The defense has argued that the Fourth Amendment implications of thetechnique cannot be assessed unless its details are disclosed. In hisAugust 7 decision, Judge Politan agreed, noting that "the court cannotmake a determination as to the lawfulness of the government's search... without knowing specifically how the search was effectuated. Thisrequires an understanding of how the key logger device functions."

A hearing on the government's CIPA motion is scheduled for September 7in federal court in Newark, New Jersey.

In a related development, the U.S. Court of Appeals for the ThirdCircuit on August 27 reversed a gag order Judge Politan imposed onattorneys in the Scarfo case last December. Noting that there is "animportant legal issue about to be raised before the court," theappeals court said that counsels' "comments on an interesting legalissue did not pose a threat to the fairness of the trial or to thejury pool ... [nor has there been any] identifiable prejudice or riskof prejudice."

Selected court documents on the Scarfo case, including thegovernment's motion to invoke CIPA, are available at:

http://www.epic.org/crypto/scarfo.html


[2] EPIC Urges Federal Judiciary to End Workplace Monitoring


EPIC Executive Director Marc Rotenberg today wrote to the JudicialConference of the United States urging the body to end the practice ofmonitoring computer terminals of employees of the federal judiciary.
The Judicial Conference is a 27-member board of judges that sets policyfor the federal courts. The judges will meet on September 11 toapprove policies affecting workplace monitoring and the privacyimplications of providing electronic access to court files.

Rotenberg argued that monitoring of Web sites visited by judges andtheir staff without notice could constitute a violation of theElectronic Communications Privacy Act of 1986 (ECPA). ECPA prohibitsthe intentional interception of electronic communications, and it isthe primary statute relied upon by employees to challenge invasiveworkplace monitoring.

Furthermore, merely providing notice would not address the underlyingFourth Amendment issues raised by monitoring of judicial networks.
As Professor Anthony Amsterdam wrote in 1974, "each person'ssubjective expectation [could be rendered meaningless if thegovernment were to announce] half-hourly on television that 1984 wasbeing advanced by a decade and that we were all forthwith beingplaced under comprehensive electronic surveillance."

A series of commentators and judges have criticized monitoring ofjudicial networks in recent weeks. The issue attracted publicattention after judges from the Ninth Circuit disabled contentmonitoring systems on a judicial Internet gateway. In deciding todisable the monitoring system, the judges cited privacy,
confidentiality, and the risk that content monitoring may run afoulof ECPA. Officials from the Administrative Offices of the UnitedStates Courts have insisted that the monitoring continue.

EPIC Letter to the Judicial Conference:

http://www.epic.org/privacy/workplace/judicialmonitoring.html


[3] Friday, September 7 - Day of Action Against Video Surveillance


On Friday, September 7, a variety of groups are staging a day ofaction against surveillance cameras. The event is inspired by theSurveillance Camera Players, an international group of demonstratorswho have been "acting up" for surveillance cameras ever since theyfirst began to be installed around New York City.

The proposal for the day of action reads as follows:

"We propose --

1. that an international day of action against video surveillance -- specifically: the constant, indiscriminate and technologically sophisticated video surveillance of public places by both businesses and law enforcement agencies -- take place on Friday, 7 September 2001;

2. that people who wish to intensify the struggle to protect and strengthen the right to privacy (a fundamental human right) should undertake autonomous actions at the local level and in a completely de-centralized fashion;

3. that, if and when possible, at least some of these actions should be undertaken in front of webcams that have already been installed in public places by private companies that are insensitive or even hostile to privacy concerns (in addition to disrupting "business as usual" for these companies, the use of webcams will allow the entire world to see anti-video surveillance actions as they take place);

4. that all individuals and groups participating in the day of action keep in touch with at least one of the groups listed below and/or each other;

5. that at least one Web site links to or actually displays images from these actions as they take place;

6. that this proposal should be posted on-line and sent to as many people as possible and as soon as possible; and
7. that this proposal be translated into as many foreign languages as possible, but especially French, German, and Italian, for it is in France, Belgium, Germany and Italy that the anti-video surveillance struggle is the most visible at the moment."

Protests will take the form of short skits and plays enacted in frontof surveillance cameras around the world. Many of these skits will bebroadcast via the Internet so they can be watched worldwide.

On a related note: In late August, Borders was reportedly consideringinstalling face recognition cameras in two of its United Kingdombookstores, but decided not to do so until further examination ofhuman rights issues associated with such surveillance. This comes asno surprise, as public debate has recently opened up regarding the useof these cameras for law enforcement purposes, both in the UK and theUnited States.

To get involved in the day of action, visit the Surveillance CameraPlayers Web site:

http://www.surveillancecameraplayers.org/

For more information, see EPIC's Face Recognition Web page:

http://www.epic.org/privacy/facerecognition/



[4] Subpoenaed Bookstores Defend Customer Privacy


The federal government agreed this week to drop a production requestfor customer records contained within subpoenas issued to threebookstores in connection with a probe of New Jersey DemocraticSenator Robert G. Torricelli. The government's decision was madeafter local counsel representing the bookstores informed the JusticeDepartment that they would move to quash the subpoenas on FirstAmendment grounds. The American Booksellers Foundation for FreeExpression (ABFFE) agreed to assist the bookstores, Books & Books(Coral Gables, Florida), Olsson's Books and Records (Washington,
D.C.), and Arundel Books (Los Angeles, CA), after they receivedsubpoenas on August 16th seeking records dating back to January 1,
1995 for purchases made by Torricelli and 7 other customers.

The government probe has focused on Torricelli's $9 million 1996Senate campaign, particularly whether New Jersey businessman DavidChang gave Torricelli undisclosed gifts such as antiques, suits andcash in exchange for Torricelli's help in business dealings thatinvolved the North Korean and South Korean governments. Chang, now acooperating witness, pleaded guilty to charges that he made $53,700 inillegal contributions to Torricelli's campaign. Torricelli stated henever accepted any illegal gifts from Chang, and that any help he gavehim was routine constituent service.

ABFFE president Chris Finan stated that complying with the subpoenas,
which would require turning over personal information such as thetitles of all books purchased, would have a chilling effect on theFirst Amendment rights of all customers. This is the fourth recentattempt by law enforcement authorities to gain access to titles ofworks purchased by bookstore customers. All prior similar effortshave resulted in the request being dropped, or by having the subpoenaquashed or narrowed by the courts on First Amendment grounds.

Finan called the government's decision a victory for privacy and theFirst Amendment.

Visit the American Booksellers Foundation for Free Expression website:

http://www.abffe.org/



[5] New Privacy Reports by PRI and Privacy Foundation


The Pacific Research Institute (PRI) and the Privacy Foundation (PF)
unveiled new studies on privacy. The PRI report, entitled "ConsumerPrivacy: A Free Choice Approach," stands for the proposition that thefree market and technology will sufficiently protect individuals'
privacy.

PRI argues that privacy should be a matter of individual choice, andthat individuals can use technology to protect privacy consistentwith their preferences. Privacy regulation would actually harmprotections, as individuals would be lulled into a sense of securityand the technology industry would be less inclined to produceprivacy-enhancing technologies.

PRI actually cites the Toysmart.com case as an example of free marketsuccess in privacy protection. In that case, Toysmart.com attemptedto sell its customer lists as a bankruptcy asset in violation of thecompany's privacy policy. After public outcry and FTC involvement,
the bankruptcy judge allowed the sale of the data to a company willingto protect the information with the same privacy policy asToysmart.com. Ultimately, Toysmart's parent company bought thedatabase and destroyed it to avoid further public scrutiny.

The report concludes that consumer privacy legislation will notimprove e-commerce, and that such legislation would restrict freespeech. Legislators should not pursue privacy protection in lawabsent an inquiry into whether risks exist to individuals and whetherthe marketplace can provide a solution to the problem.

The Privacy Foundation, a non-profit research center based in Denver,
CO, released a study entitled "Click, you're hired. Or tracked..."
The study focuses on the privacy practices of Monster.com, an onlinejob-finding service. The Monster.com web site allows job seekers andemployers to post resumes and job announcements.

Monster.com maintains 8.6 million resumes with personal information.
The Privacy Foundation found in interviews with former Monsteremployees that the company schemed to sell personal information fromposted resumes.

Job seekers who decided to delete their resume on Monster.com cannoteliminate their personal information from the company's internaldatabase. The Privacy Foundation report found that Monster.com cansave and mine personal data after a resume has been deleted.

The report notes that the same privacy risks exist on other job searchweb sites besides Monster.com.

Pacific Research Institute report on consumer privacy:

http://www.pacificresearch.org/issues/tech/privacy/privacy_home.html
Privacy Foundation report on Monster.com:

http://www.privacyfoundation.org/privacywatch/monster.asp


[6] Privacytown: Online Guide to Protecting Consumer Privacy


Privacytown is an online consumer privacy guide recently developed byIndustry Canada. The Privacytown Web site is dedicated to protectingconsumer privacy and personal information in the age of electroniccommerce and new information technologies.

Although Privacytown was developed for Canadian consumers, it is alsoa valuable learning tool for consumers living outside of Canada, as itprovides a good introduction to basic consumer privacy issues.

This useful resource provides information about privacy issues thatconsumers might encounter in the various places they go, includinghospitals, liquor stores, video stores, department stores, conveniencestores, and schools. A Privacy Protection Guide and a PrivacyChecklist is provided for each location.

The Privacytown Web site has both a full-graphics and a text-onlyinterface. The entire site is available in both English and French.

Privacytown (English):

http://strategis.ic.gc.ca/SSG/ca01298e.html
La Ville Privee (Francais):

http://strategis.ic.gc.ca/SSGF/ca01298f.html


[7] EPIC Bookstore - Privacy Law Sourcebook 2001


* JUST PUBLISHED! *

The Privacy Law Sourcebook 2001, edited by Marc Rotenberg
http://www.powells.com/cgi-bin/partner?partner_id=24075&cgi=biblio&show=trade%20paper:new:1131377346:40.00
The Privacy Law Sourcebook is the leading resource for students,
attorneys, researchers and journalists interested in privacy law inthe United States and around the world. Includes the full texts ofmajor privacy laws and directives such as the FCRA, the Privacy Act,
FOIA, Family Educational Rights and Privacy Act, Right to FinancialPrivacy Act, Privacy Protection Act, Cable Communications Policy Act,
ECPA, Video Privacy Protection Act, OECD Privacy Guidelines, OECDCryptography Guidelines, and European Union Directives for both DataProtection and Telecommunications, as well as a fully up-to-datesection on recent developments. The Privacy Law Sourcebook is updatedand expanded for 2001 with information about the EU Standard ContractClauses for Transfers of Personal Data, recent privacy legislation inEastern Europe, and new summaries of key statutes for thenon-specialist. Also included is an extensive section on privacyresources with useful web sites and contact information for privacyagencies, organizations, and publications.

The Privacy Law Sourcebook has received much public acclaim:

"The Physicians Desk Reference of the privacy world."

-Evan Hendricks, Privacy Times
"A handy compilation of privacy law instruments and a 'must' foranyone seeking guidance about the location and content of the keystatutes, treaties, and recent developments."

-American Society of International Law
"The Privacy Law Sourcebook belongs front and center on the desk ofevery Information Age lawyer. It provides an indispensable map to themaze that is modern privacy law."

-Prof. Paul M. Schwartz, Brooklyn Law School


EPIC Publications:

"The Privacy Law Sourcebook 2001: United States Law, InternationalLaw, and Recent Developments," Marc Rotenberg, editor (EPIC 2001).
Price: $40. http://www.epic.org/pls2001/

The "Physicians Desk Reference of the privacy world." An invaluableresource for students, attorneys, researchers and journalists who needan up-to-date collection of U.S. and International privacy law, aswell as a comprehensive listing of privacy resources.



"Filters and Freedom 2.0: Free Speech Perspectives on Internet ContentControls" (EPIC 2001). Price: $20.
http://www.epic.org/bookstore/filters2.0/

A collection of essays, studies, and critiques of Internet contentfiltering. These papers are instrumental in explaining why filteringthreatens free expression.



"The Consumer Law Sourcebook 2000: Electronic Commerce and the GlobalEconomy," Sarah Andrews, editor (EPIC 2000). Price: $40.
http://www.epic.org/cls/

The Consumer Law Sourcebook provides a basic set of materials forconsumers, policy makers, practitioners and researchers who areinterested in the emerging field of electronic commerce. The focus ison framework legislation that articulates basic rights for consumersand the basic responsibilities for businesses in the online economy.



"Privacy & Human Rights 2000: An International Survey of Privacy Lawsand Developments," David Banisar, author (EPIC 2000). Price: $20.
http://www.epic.org/phr/

This survey, by EPIC and Privacy International, reviews the state ofprivacy in over fifty countries around the world. The survey examinesa wide range of privacy issues including, data protection, telephonetapping, genetic databases, ID systems and freedom of informationlaws.



"Cryptography and Liberty 2000: An International Survey of EncryptionPolicy," Wayne Madsen and David Banisar, authors (EPIC 2000).
Price: $20. http://www.epic.org/crypto&/

EPIC's third survey of encryption policies around the world. Theresults indicate that the efforts to reduce export controls on strongencryption products have largely succeeded, although severalgovernments are gaining new powers to combat the perceived threats ofencryption to law enforcement.



Additional titles on privacy, open government, free expression,
computer security, and crypto, as well as films and DVDs can beordered through the EPIC Bookstore: http://www.epic.org/bookstore/



[8] Upcoming Conferences and Events


Call for Committee Nominations - September 7, 2001. Study on Privacyin the Information Age. National Research Council, Computer Scienceand Telecommunications Board. For more information:
http://www.cstb.org/

The Broadband Economy: The Emerging Market System in Bandwidth.
Columbia Institute for Tele-Information (CITI). September 14, 2001.
New York, NY. For more information: http://www.citi.columbia.edu/

Privacy Compliance. UC Berkeley Extension. September 18, 2001. SanFrancisco, CA. For more information:
http://www.unex.berkeley.edu/eng/br350/3-1.html
Key Drivers for 3G Wireless: Will 3G Deliver its Promise? ColumbiaInstitute for Tele-Information (CITI). September 20, 2001. New York,
NY. For more information: http://www.citi.columbia.edu/

WorkSurv: A Seminar on the Technical, Legal & Business Issues ofWorkplace Surveillance. Privacy Foundation. September 25, 2001.
Denver, CO. For more information:
http://www.privacyfoundation.org/worksurv.asp
Health Information Privacy: Dialogue with the Stakeholders. RileyInformation Services, Inc. September 28, 2001. Ottawa, Canada. Formore information: http://www.rileyis.com/seminars/

Privacy2001: Information, Security & Ethics for the New Century.
Technology Policy Group. October 3-4, 2001. Cleveland, OH. For moreinformation: http://www.privacy2000.org/

Consumers and Utilities. Residential Utilities Services: MeetingConsumer Energy and Communications Needs in a Dynamic Marketplace.
Consumer Federation of America. October 4-5, 2001. Washington, D.C.
For more information: http://www.consumerfed.org/

Call for Proposals - October 15, 2001. CFP 2002: The TwelfthConference on Computers, Freedom & Privacy. April 16-19, 2002. SanFrancisco, CA. For more information: http://www.cfp2002.org/

Privacy: The New Management Imperative - Chief Privacy OfficerTraining Program. Southern Methodist University and Privacy Council.
October 15-17, 2001. Dallas, TX. For more information:
http://execdev.cox.smu.edu/

Nurturing the Cybercommons, 1981-2021. Computer Professionals forSocial Responsibility (CPSR) 20th Anniversary Conference and WienerAward Dinner. October 19-21, 2001. Ann Arbor, MI. For moreinformation: http://www.cpsr.org/

The New HIPAA Privacy Rule: Guiding Your Clients Through theImplementation Process. Practising Law Institute. October 24, 2001.
New York, NY. For more information: http://www.pli.edu/

The Third National HIPAA Summit: From Theory to Practice - FromPlanning to Implementation. October 24-26, 2001. Washington, DC. Formore information: http://www.hipaasummit.com/

The 29th Research Conference on Communication, Information andInternet Policy. Telecommunications Policy Research Conference.
October 27-29, 2001. Alexandria, VA. For more information:
http://www.tprc.org/

The 8th Annual Centre for Applied Cryptographic Research (CACR)
Information Security Workshop: The Human Face of Privacy Technology.
University of Waterloo and Information and Privacy Commission/Ontario.
November 1-2, 2001. Toronto, Ontario. For more information:
http://www.cacr.math.uwaterloo.ca/

Workshop on Security and Privacy in Digital Rights Management 2001.
Eighth Association for Computing Machinery (ACM) Conference onComputer and Communications Security. November 5, 2001. Philadelphia,
PA. For more information: http://www.star-lab.com/sander/spdrm/

Privacy: The New Management Imperative - Chief Privacy OfficerTraining Program. Cambridge University and Privacy Council. November5-8, 2001. Cambridge, England. For more information:
kturnerprivacycouncil.com
Learning for the Future. Business for Social Responsibility's NinthAnnual Conference. November 7-9, 2001. Seattle, WA. For moreinformation: http://www.bsr.org/events/2001.asp
Information Operations: Applying Power in the Information Age. Jane'sInformation Group. November 14-15, 2001. Washington, DC. For moreinformation:
http://www.janes.com/security/conference/info_op/info_op.shtml
Call for Papers - December 1, 2001. 11th Annual EICAR & 3rd EuropeanAnti-Malware Conference. European Institute for Computer Anti-VirusResearch (EICAR). June 8-11, 2002. Berlin, Germany. For moreinformation: http://conference.eicar.org/


Subscription Information


Subscribe/unsubscribe via Web interface:

https://mailman.epic.org/cgi-bin/mailman/listinfo/epic_news
Subscribe/unsubscribe via email: epic_news-requestmailman.epic.orgsubject line: "subscribe" or "unsubscribe"

Back issues are available at:

http://www.epic.org/alert/


Privacy Policy


The EPIC Alert mailing list is used only to mail the EPIC Alert and tosend notices about EPIC activities. We do not sell, rent or share ourmailing list. We also intend to challenge any subpoena or other legalprocess seeking access to our mailing list. We do not enhance (linkto other databases) our mailing list or require your actual name.

In the event you wish to subscribe or unsubscribe your email addressfrom this list, please follow the above instructions under"subscription information". Please contact infoepic.org if you haveany other questions.


About EPIC


The Electronic Privacy Information Center is a public interestresearch center in Washington, DC. It was established in 1994 tofocus public attention on emerging privacy issues such as the ClipperChip, the Digital Telephony proposal, national ID cards, medicalrecord privacy, and the collection and sale of personal information.
EPIC publishes the EPIC Alert, pursues Freedom of Information Actlitigation, and conducts policy research. For more information,
e-mail infoepic.org, http://www.epic.org or write EPIC, 1718Connecticut Ave., NW, Suite 200, Washington, DC 20009.
+1 202 483 1140 (tel), +1 202 483 1248 (fax).

If you'd like to support the work of the Electronic PrivacyInformation Center, contributions are welcome and fullytax-deductible. Checks should be made out to "EPIC" and sent to1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009.
Or you can contribute online athttp://www.guidestar.org/aol/search/report/report.adp?ein=52-2225921
Your contributions will help support Freedom of Information Act andFirst Amendment litigation, strong and effective advocacy for theright of privacy and efforts to oppose government regulation ofencryption and expanding wiretapping powers.

Thank you for your support.

END EPIC Alert 8.16


.


WorldLII: Copyright Policy | Disclaimers | Privacy Policy | Feedback
URL: http://www.worldlii.org/int/journals/EPICAlert/2001/16.html