WorldLII Home | Databases | WorldLII | Search | Feedback

EPIC Alert

You are here:  WorldLII >> Databases >> EPIC Alert >> 2001 >> [2001] EPICAlert 19

Database Search | Name Search | Recent Articles | Noteup | LawCite | Help

EPIC Alert 8.19 [2001] EPICAlert 19


Volume 8.19 September 25, 2001

Published by the Electronic Privacy Information Center (EPIC)
Washington, D.C.

Table of Contents

[1] Congress Urged to Carefully Consider Anti-Terrorism Proposals
[2] In Defense of Freedom Coalition Launches
[3] Judiciary Approves Limited Monitoring, Standards for Case Files
[4] International Developments on Cybercrime and Terrorism
[5] New Developments in Face Recognition Technology
[6] Microsoft Opens Passport to Competition and More Web Profiling
[7] EPIC Bookstore - Privacy & Human Rights 2001
[8] Upcoming Conferences and Events

[1] Congress Urged to Carefully Consider Anti-Terrorism Proposals

As Congress prepares to consider the Administration's far-reachingAnti-Terrorism Act of 2001, the Electronic Privacy Information Centeron Monday urged careful consideration of proposals that couldsignificantly erode Internet privacy and constitutional rights.
Included in the proposed legislation are provisions that wouldauthorize and expand the use of the FBI's controversial Carnivoresystem, limit judicial oversight of government surveillanceactivities, erode the traditional separation of domestic lawenforcement and foreign intelligence functions, and authorizesurreptitious police entries in all criminal investigations.

The House Judiciary Committee heard testimony yesterday from AttorneyGeneral John Ashcroft and other Justice Department officials. Inresponse to civil liberties concerns raised by members on both sidesof the aisle, Committee Chair James Sensenbrenner (R-WI) postponeduntil next week a mark-up session on the proposed bill, which wasinitially scheduled for today. The Senate Intelligence Committee alsoheld a hearing on the proposal yesterday. The Attorney General isappearing before the Senate Judiciary Committee today.

David L. Sobel, EPIC's General Counsel, said, "This is a major pieceof legislation that addresses complex issues involving rapidlydeveloping technology. While we all recognize the urgency of thesituation our country now faces, we shouldn't rush to enact new lawsthat could jeopardize the freedoms that form the basis of ourdemocracy." Specifically, in a legislative analysis released onMonday, EPIC urged Congress to be guided by the following factors asit considers the anti-terrorism bill:

- Law enforcement and intelligence agencies already possess broadauthority to conduct investigations of suspected terrorist activity.

- Any expansion of existing authorities should be based upon a clearand convincing demonstration of need.

- Congress should assess the likely effectiveness of any proposed newpowers in combating the threats posed by terrorist activity.

- Any new authorities deemed necessary should be narrowly drawn toprotect the privacy and constitutional rights of the millions oflaw-abiding citizens who use the Internet and other communicationsmedia on a daily basis.

- The longstanding distinction between domestic law enforcement andforeign intelligence collection should be preserved to the greatestextent possible consistent with the need to detect and preventterrorist activity.

- Expanded investigative powers should be limited to the investigationof terrorist activity and should not be made generally applicable toall criminal investigations.

EPIC's analysis of provisions of the Anti-Terrorism Act of 2001affecting communications and information privacy is available at:

[2] In Defense of Freedom Coalition Launches

A broad and diverse coalition of civil liberties, religious, consumer,
and other advocacy groups has organized to defend American freedoms inthe wake of terrorist attacks against the country. At a NationalPress Club event on September 20, the coalition released a ten-pointstatement that urges legislators to consider new proposals calmly anddeliberately and to protect the civil liberties that define theAmerican way of life.

The statement, "In Defense of Freedom," has already been endorsed byover 150 organizations, 300 law professors, and 40 computerscientists. Members of the public are also encouraged to endorse thestatement. Individuals can show their support by sending e-mail to: (with the subject line "I Endorse")

Organizations wishing to endorse the statement should for more information.

The In Defense of Freedom statement is available online at:

Endorse the In Defense of Freedom statement:

[3] Judiciary Approves Limited Monitoring, Standards for Case Files

The Judicial Conference, the chief policymaking body for the federalcourts, has approved policies relating to employee Internet monitoringand privacy protections for electronic case files.

The new policy on Internet monitoring allows the AdministrativeOffices of the U.S. Courts to monitor employees' computers to detecttransfers of pornography and large media files over the Internet. Inaddition, certain services, such as Napster, will be blocked. However,
the Administrative Office will be prohibited from monitoring thee-mail communications of judges and their staff.

The Judicial Conference adopted the Internet use policy drafted by thefederal Chief Information Officers Council as a minimum nationwidestandard. The policy will allow judicial employees limited access tothe Internet for personal use. In addition, a controversial portionof the use policy that eliminated employees' reasonable expectation ofprivacy has been tabled for more consideration in committee.

Judges and commentators have raised objections to Internet monitoringof judicial networks recently. EPIC sent a letter to the JudicialConference urging the body to end the practice of monitoring, warningthat the monitoring may violate the Electronic Communications PrivacyAct (ECPA) and that merely giving employees notice of the monitoringwould not cure the underlying Fourth Amendment issues.

The Judicial Conference also approved a policy that will enhanceprivacy protections for public access to electronic to case files(ECF). Electronic access to case files raises new risks of identitytheft, harassment, and profiling, as they are becoming more easilyaccessible and contain detailed personal information. The new rulesprovide notice to litigants, and place specific restrictions on theavailability of personal information within civil case files.
Electronic access to criminal case files will be delayed until safetyconcerns can be addressed.

EPIC filed comments and testified to the Judicial Conference earlierthis year in support of greater protections for ECF. Many of EPIC'srecommendations are embodied in the Judicial Conference policy.

Judicial Conference Press Release on Internet Use and Electronic CaseFile Availability (PDF):
EPIC Letter to the Judicial Conference on Employee Monitoring:
Report on Privacy and Public Access to Electronic Case Files:
EPIC's comments on electronic public access to case files:

[4] International Developments on Cybercrime and Terrorism

On September 19, the Council of Europe Convention on Cybercrime wasapproved by the Committee of Minister's Deputies. It will bepresented to the Committee of Ministers for formal adoption inNovember. The Treaty will then be open for signature by the 43 memberstates of the Council of Europe and other countries, such as theUnited States, Canada and Australia, that contributed to the draftingprocess. It will come into force as soon as five countries, includingthree of the member states, have ratified it.

The Convention is the first international treaty to address crimescommitted in "Cyberspace" including breach of copyright, computer-
related fraud, child pornography and hacking. The convention requiressignatory countries to ensure that their laws meet uniform standardsrelating to a wide range of investigative powers, including electronicsurveillance and access to user records maintained by communicationsoperators. During its negotiation, the Convention was stronglycriticized by the Global Internet Liberty Campaign, a coalition ofinternational privacy, security and civil liberties organizations, andthe European Privacy Commissioners as disproportionately weighted infavor of law enforcement interests.

In response to the terrorist attacks of September 11, the Council ofEurope is also considering new anti-terrorist proposals. On September21 a special meeting of the Committee of Ministers was held to discussthis issue and a request for "an urgent debate on democracies facingterrorism" has been presented to the Parliamentary Assembly.

Terrorism is also high on the agenda at the European Union. OnSeptember 20, the European Commission presented two important policyinitiatives: a "Framework Decision on combating terrorism" and a"Framework Decision on an EU Arrest Warrant" to a special meeting ofthe European Justice and Home Affairs Ministers in Brussels. Themain objective of these initiatives is to increase co-operationbetween police and intelligence services through the Europol network,
to agree on a common definition of terrorism, to harmonize penaltiesand sanctions for terrorist acts to abolish formal extraditionprocedures among EU states and to introduce a common arrest warrant tocover all forms of crime, not just terrorism. The EU Justice and HomeAffairs Ministers approved the more than 30 measures contained inthese documents and stressed the need for speed in theirimplementation. They vowed to secure agreement and support from theirnational governments by December.

On September 24, Marc Rotenberg, Executive Director of EPIC, addressedthese and other issues at the 23rd International Conference of DataCommissioners which is taking place in Paris, France.

Council of Europe Press Release, "First International Treaty to CombatCrime in Cyberspace Approved by Ministers' Deputies,"
Council of Europe Press Release, "Democracies Facing Terrorism on theAgenda for the Autumn," September 21, 2001:
European Union Initiatives:
Information on the 23rd International Data Commissioners' Conference:

[5] New Developments in Face Recognition Technology

Visionics Corporation, maker of the Face-It facial recognitiontechnology currently used in the Ybor City district of Tampa, Florida,
released on Monday a white paper entitled "Protecting Civilization>From The Faces Of Terror." The document analyzes the role of facialrecognition technology in airport security, and addresses the need forresponsible use guidelines to prevent the abuse of the technology. Itidentifies five key areas relating to the use of biometrictechnologies for airport security: Facial Screening and Surveillance,
Automated Biometric-Based Boarding, Screening of Airport Employees,
Physical Security, and Intelligence Data Mining. While the documentclaims to be cognizant of privacy concerns, the introduction of datamining raises the important issue that information in face recognitiondatabases could possibly be shared with third parties.

In related news, the federal government is considering theinstallation of facial recognition technology at Washington's ReaganNational Airport, among others, as a measure to increase security.
Cameras would be installed at security checkpoints and possibly linkedto each other so that information about suspected terrorists could betransmitted to government officials via the Internet. A governmentcommittee appointed by Transportation Secretary Norman Mineta wasbriefed on Thursday and told that equipment could be installed andoperating within a few weeks. Dr. Joseph Atick, president ofVisionics, has said that the federal government should adopt rules toregulate face recognition databases and protect the privacy of thepublic. Dr. Atick continued to say that Visionics was "not going towalk away from the privacy issues we've previously raised."

EPIC Advisory Board member Phil Agre has written an essay entitled"Your Face is Not a Bar Code: Arguments Against Automatic FaceRecognition in Public Places," which carefully examines privacy issuesraised by the use of this technology.

Visionics Corporation's white paper is available (PDF) at:
Phil Agre's essay, "Your Face is Not a Bar Code":
EPIC's Face Recognition Information Page:

[6] Microsoft Opens Passport to Competition and More Web Profiling

In an attempt to create a single identity for all web users, Microsofthas opened its Passport system to allow competitors and others toemploy the identification and authentication scheme. As a result,
e-commerce companies could employ the identification andauthentication system by participating in a "federated" Passportnetwork.

While opening the Passport system is likely intended to allayantitrust concerns, it creates new privacy risks for Internet users.
The opening of Passport is intended to facilitate the spread ofpersonalization services that are dependent on identification. Itcould result in more sites requiring that an individual reveal one'sidentity in order to view content or enjoy web services. Microsofthas used Passport to require user identification before viewingsupport pages.

In July, EPIC and fourteen other organizations filed a complaint withthe Federal Trade Commission (FTC) alleging that Microsoft violatedconsumer protection law by tying Passport to the Windows XP operatingsystem. EPIC continues to pursue the complaint, and Commission actionis likely to be announced after the new FTC chair, Timothy Muris,
announces the agency's new approach to privacy in early October.

EPIC's page on Microsoft Passport:

[7] EPIC Bookstore - Privacy & Human Rights 2001


Privacy & Human Rights: An International Survey of Privacy Laws andDevelopments (EPIC 2001)
This annual report by EPIC and Privacy International reviews the stateof privacy in over fifty countries around the world. It outlineslegal protections for privacy, new challenges, and summarizesimportant issues and events relating to privacy and surveillance.
Updated and expanded for 2001, the report includes new sections ongenetic privacy, location tracking, authentication and identificationrequirements, electronic numbering, corporate sharing of informationwith governments, and the privacy implications of digital rightsmanagement schemes.

EPIC Publications:

"Privacy & Human Rights 2001: An International Survey of Privacy Lawsand Developments," (EPIC 2001). Price: $20.

This survey, by EPIC and Privacy International, reviews the state ofprivacy in over fifty countries around the world. The survey examinesa wide range of privacy issues including, data protection, telephonetapping, genetic databases, ID systems and freedom of informationlaws.

"The Privacy Law Sourcebook 2001: United States Law, InternationalLaw, and Recent Developments," Marc Rotenberg, editor (EPIC 2001).
Price: $40.

The "Physicians Desk Reference of the privacy world." An invaluableresource for students, attorneys, researchers and journalists who needan up-to-date collection of U.S. and International privacy law, aswell as a comprehensive listing of privacy resources.

"Filters and Freedom 2.0: Free Speech Perspectives on Internet ContentControls" (EPIC 2001). Price: $20.

A collection of essays, studies, and critiques of Internet contentfiltering. These papers are instrumental in explaining why filteringthreatens free expression.

"The Consumer Law Sourcebook 2000: Electronic Commerce and the GlobalEconomy," Sarah Andrews, editor (EPIC 2000). Price: $40.

The Consumer Law Sourcebook provides a basic set of materials forconsumers, policy makers, practitioners and researchers who areinterested in the emerging field of electronic commerce. The focus ison framework legislation that articulates basic rights for consumersand the basic responsibilities for businesses in the online economy.

"Cryptography and Liberty 2000: An International Survey of EncryptionPolicy," Wayne Madsen and David Banisar, authors (EPIC 2000).
Price: $20.

EPIC's third survey of encryption policies around the world. Theresults indicate that the efforts to reduce export controls on strongencryption products have largely succeeded, although severalgovernments are gaining new powers to combat the perceived threats ofencryption to law enforcement.

Additional titles on privacy, open government, free expression,
computer security, and crypto, as well as films and DVDs can beordered through the EPIC Bookstore:

[8] Upcoming Conferences and Events

WorkSurv: A Seminar on the Technical, Legal & Business Issues ofWorkplace Surveillance. Privacy Foundation. September 25, 2001.
Denver, CO. For more information:
Health Information Privacy: Dialogue with the Stakeholders. RileyInformation Services, Inc. September 28, 2001. Ottawa, Canada. Formore information:

Privacy2001: Information, Security & Ethics for the New Century.
Technology Policy Group. October 3-4, 2001. Cleveland, OH. For moreinformation:

Consumers and Utilities. Residential Utilities Services: MeetingConsumer Energy and Communications Needs in a Dynamic Marketplace.
Consumer Federation of America. October 4-5, 2001. Washington, D.C.
For more information:

Call for Proposals - October 15, 2001. CFP 2002: The TwelfthConference on Computers, Freedom & Privacy. April 16-19, 2002. SanFrancisco, CA. For more information:

Privacy: The New Management Imperative - Chief Privacy OfficerTraining Program. Southern Methodist University and Privacy Council.
October 15-17, 2001. Dallas, TX. For more information:

Nurturing the Cybercommons, 1981-2021. Computer Professionals forSocial Responsibility (CPSR) 20th Anniversary Conference and WienerAward Dinner. October 19-21, 2001. Ann Arbor, MI. For moreinformation:

The New HIPAA Privacy Rule: Guiding Your Clients Through theImplementation Process. Practising Law Institute. October 24, 2001.
New York, NY. For more information:

The Third National HIPAA Summit: From Theory to Practice - FromPlanning to Implementation. October 24-26, 2001. Washington, DC. Formore information:

The 29th Research Conference on Communication, Information andInternet Policy. Telecommunications Policy Research Conference.
October 27-29, 2001. Alexandria, VA. For more information:

The 8th Annual Centre for Applied Cryptographic Research (CACR)
Information Security Workshop: The Human Face of Privacy Technology.
University of Waterloo and Information and Privacy Commission/Ontario.
November 1-2, 2001. Toronto, Ontario. For more information:

Symposium on Privacy and Security 2001. Foundation for Data Protectionand Information Security. November 1-2, 2001. Zurich, Switzerland. Formore information:

Workshop on Security and Privacy in Digital Rights Management 2001.
Eighth Association for Computing Machinery (ACM) Conference onComputer and Communications Security. November 5, 2001. Philadelphia,
PA. For more information:

Privacy: The New Management Imperative - Chief Privacy OfficerTraining Program. Cambridge University and Privacy Council. November5-8, 2001. Cambridge, England. For more information:
Learning for the Future. Business for Social Responsibility's NinthAnnual Conference. November 7-9, 2001. Seattle, WA. For moreinformation:
Information Operations: Applying Power in the Information Age. Jane'sInformation Group. November 14-15, 2001. Washington, DC. For moreinformation:
Information Gathering in the 21st Century. Seton Hall Law School.
November 16, 2001. South Orange, NJ. For more information:
Managing Privacy of Health Information. The Canadian Institute.
November 19-20, 2001. Vancouver, British Columbia. For moreinformation:

Call for Papers - December 1, 2001. 11th Annual EICAR & 3rd EuropeanAnti-Malware Conference. European Institute for Computer Anti-VirusResearch (EICAR). June 8-11, 2002. Berlin, Germany. For moreinformation:

Call for Papers - December 10, 2001. Workshop on Privacy EnhancingTechnologies 2002. April 14-15, 2002. San Francisco, CA. For moreinformation:

Subscription Information

Subscribe/unsubscribe via Web interface:

Subscribe/unsubscribe via email: epic_news-requestmailman.epic.orgsubject line: "subscribe" or "unsubscribe"

Back issues are available at:

Privacy Policy

The EPIC Alert mailing list is used only to mail the EPIC Alert and tosend notices about EPIC activities. We do not sell, rent or share ourmailing list. We also intend to challenge any subpoena or other legalprocess seeking access to our mailing list. We do not enhance (linkto other databases) our mailing list or require your actual name.

In the event you wish to subscribe or unsubscribe your email addressfrom this list, please follow the above instructions under"subscription information". Please contact if you haveany other questions.

About EPIC

The Electronic Privacy Information Center is a public interestresearch center in Washington, DC. It was established in 1994 tofocus public attention on emerging privacy issues such as the ClipperChip, the Digital Telephony proposal, national ID cards, medicalrecord privacy, and the collection and sale of personal information.
EPIC publishes the EPIC Alert, pursues Freedom of Information Actlitigation, and conducts policy research. For more information,
e-mail, or write EPIC, 1718Connecticut Ave., NW, Suite 200, Washington, DC 20009.
+1 202 483 1140 (tel), +1 202 483 1248 (fax).

If you'd like to support the work of the Electronic PrivacyInformation Center, contributions are welcome and fullytax-deductible. Checks should be made out to "EPIC" and sent to1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009.
Or you can contribute online at
Your contributions will help support Freedom of Information Act andFirst Amendment litigation, strong and effective advocacy for theright of privacy and efforts to oppose government regulation ofencryption and expanding wiretapping powers.

Thank you for your support.

END EPIC Alert 8.19


WorldLII: Copyright Policy | Disclaimers | Privacy Policy | Feedback