WorldLII Home | Databases | WorldLII | Search | Feedback

EPIC Alert

You are here:  WorldLII >> Databases >> EPIC Alert >> 2001 >> [2001] EPICAlert 22

Database Search | Name Search | Recent Articles | Noteup | LawCite | Help

EPIC Alert 8.22 [2001] EPICAlert 22



Volume 8.22 November 13, 2001

Published by the Electronic Privacy Information Center (EPIC)
Washington, D.C.

Table of Contents

[1] International Coalition Urges EU to Safeguard Privacy
[2] Groups File Comments at FCC to Protect Telephone Privacy
[3] Consumer Privacy Figures Prominently at House Hearing
[4] Face Recognition Technology Under Scrutiny
[5] Feinstein Introduces Legislation, Will Hold Hearings on Biometrics
[6] EPIC Bill-Track: New Bills in Congress
[7] EPIC Bookstore - The Future of Ideas
[8] Upcoming Conferences and Events

[1] International Coalition Urges EU to Safeguard Privacy

An international coalition of consumer and privacy organizations,
organized by EPIC, wrote yesterday to Guy Verhofstadt, President ofthe European Union Council of Ministers, expressing their concernsabout President Bush's recent letter requesting that the proposed EUDirective on the protection of privacy in the electronic communi-
cations sector be altered to allow for data retention of telephone
calls and Internet messages. EU lawmakers were scheduled to vote
today on the issue.

Bush's letter contains a list of measures that he wants the EU toimplement to fight terrorism. One of them asks that EU lawenforcement authorities "permit the retention of critical data for areasonable period." The proposed EU directive currently allowstelecommunications companies and Internet service providers to retaindata from phone calls and Internet communications for for billingpurposes, for a period of time no longer than necessary. Bush'srequest is aimed at giving EU law enforcement authorities blanketretention powers on all communications data for hypothetical criminalinvestigations.

The coalition's letter emphasizes that many members of the EuropeanParliament, EU Privacy commissioners, and the European ParliamentCommittee on Citizens' Freedoms and Rights, Justice and Home Affairs,
had all condemned routine data retention as violating the fundamentalrights to privacy and data protection, freedom of expression, andpresumption of innocence. It further notes that such a proposal wouldbe inconsistent with international conventions on human rights.

The letter also argues that Bush's request is a threat to the privacyof Americans, since nothing would prevent U.S. law enforcementauthorities from obtaining data held in Europe that it could notlegally obtain domestically. Current U.S. regulations do not requiredata retention, even after the recent enactment of the sweepinganti-terrorism legislation known as the USA PATRIOT Act.

EPIC has filed requests under the Freedom of Information Act seekingthe text of President Bush's letter, as well as other informationconcerning U.S. efforts to erode privacy protections in Europe.

The coalition's letter is available at: (version française)

Information on EU lawmaker's vote (choose Strasbourg, "November 13"):
New York Times coverage of the issue is available at:

[2] Groups File Comments at FCC to Protect Telephone Privacy

On November 1, EPIC and seventeen other civil liberties and consumerprotection groups filed comments with the Federal CommunicationsCommission (FCC) urging it to protect the privacy of telephonecustomers by adopting an opt-in policy towards use of customerinformation by telecommunications carriers.

The FCC's request for public comments relates to the use by telecom-
munications carriers of "customer proprietary network information"
(CPNI), which includes the name, telephone number, call informationand services subscribed to by a telephone customer. In 1998, the FCCpromulgated its initial rule regarding CPNI, which required telecom-
munication carriers to obtain explicit customer approval (opt-in)
before using such information in any manner inconsistent withprovision of services (for example, building detailed profiles basedon personal information obtained through private telephone calls). Analternative approach is opt-out, which enables the carrier to use CPNIuntil a customer informs it otherwise. The FCC rejected an opt-outapproach as insufficiently protective of customer privacy, becauseopting-out places the burden on the customer, many of whom are whollyunaware of their right to opt-out.

In U.S. West v. FCC, the U.S. Court of Appeals for the 10th Circuitruled that the FCC's opt-in approach did not pass First Amendmentscrutiny because the decision to require "opt-in" was not adequatelyconsidered or supported by existing facts. In response to this 1999court decision, the FCC in October 2001 issued a request for publiccomments, seeking advice on, among other things, whether an opt-inapproach inherently violates the First Amendment.

EPIC's position, articulated in its comments, is that an opt-inapproach is the only method to adequately protect customers'
legitimate and constitutionally protected interest in privacy. Opt-outmethods do not protect privacy because they place the burden on thecustomer to understand and reply to confusing notices. EPIC'scomments note that 86 percent of consumers favor opt-in forcommunications services.

EPIC's comments are available at:
For a history of the CPNI debate, see:

[3] Consumer Privacy Figures Prominently at House Hearing

Federal Trade Commission Chairman Timothy Muris was the sole witnessat a hearing before the House Energy & Commerce Subcommittee onCommerce, Trade, and Consumer Protection on November 7. The hearing,
the first for the new chairman, provided an opportunity for thesubcommittee members to question Muris on the Commission's agenda, andto voice their concern for particular issues they would like to seeaddressed. Consumer privacy -- both online and offline -- resoundinglyemerged as the leading bipartisan concern. Muris informed thesubcommittee that his agency is working hard to implement the majorthemes of the privacy agenda he announced last month, including anational do-not-call telemarketing list, a crackdown on identity theftand increasing enforcement efforts against privacy violators.

A number of members expressed their disappointment with Muris'
decision not to advance new privacy legislation to protect consumerprivacy online. Rep. Anna Eshoo (D-CA) was particularly critical, aswas Rep. Billy Tauzin (R-LA), chairman of the Committee, who expressedconcern that in the absence of federal legislation a patchwork ofstate laws on privacy might emerge that would make for a difficultbusiness environment. Few comments dealt with specific issues inMuris' privacy agenda, despite EPIC's efforts to direct members'
attention to Microsoft's Passport system and its threat to consumerprivacy. The hearing instead appeared to be more of an opportunity toair concerns and future plans.

In a related matter, EPIC Executive Director Marc Rotenberg testifiedat a joint Congressional hearing on Social Security Numbers (SSNs) andidentity theft. EPIC's testimony stressed the importance of limitingthe use of the SSN, rather than expanding its use and collection;
discussed problems with universal unique identifiers such as the SSN;
and called for legislation to limit the collection and use of the SSN,
arguing that if Congress fails to act, consumers will likely face manymore problems in the years to come.

Testimony from the hearing on challenges facing the Federal TradeCommission is available at:
EPIC's Letter to Congress regarding Microsoft Passport is available at:
EPIC's testimony on SSNs and identity theft is available at:

[4] Face Recognition Technology Under Scrutiny

In light of September's terrorist attacks on the United States, therehas been much discussion about the possibility of using biometricapplications, such as face recognition technology, as a means ofsecurity, especially in airports. While some public officials andcompanies that develop this technology claim that installing facerecognition software in cameras at airports is an effective means ofcatching terrorists, civil liberties groups and members of the publictend to disagree.

The ACLU released a statement on November 1 arguing that facerecognition technology is not effective as a security measure because"the technology doesn't work." The statement further stated:

Facial recognition technology carries the danger that its use will evolve into a widespread tool for spying on American citizens as they move about in public places.
If the technology promised a significant increase in protection against terrorism, it would be important to evaluate its dangers and benefits in depth. But that conversation is beside the point when face recognition has been shown to be so unreliable as to be useless for important security applications. . . . Face-recognition at the airport offers us neither order nor liberty.

Despite this opposition, officials plan to install face recognitionsoftware in cameras at Boston's Logan Airport and at OaklandInternational Airport in California. The Senate Judiciary Committeewill hold a hearing on biometric technologies tomorrow, entitled"Biometric Identifiers and the Modern Face of Terror: New Technologiesin the Global War on Terrorism," where privacy issues relating tobiometric technologies will be addressed.

To voice their opposition against face recognition software, the NewYork Surveillance Camera Players (SCP) will be cutting into the sightlines of a public web camera -- an Internet surveillance device --
operated by a privacy-insensitive company on Saturday, November 17, toprotest against face recognition software. The performance will startat exactly 4:30 P.M. Eastern Standard Time, will last about 10minutes, and will be repeated twice if possible.

To view the protest (for browsers with Java):
(for browsers without Java - click "Reload" every 15 seconds or so):
"ACLU Opposes Use of Face Recognition Software in Airports Due toIneffectiveness and Privacy":
EPIC's Face Recognition Page:

[5] Feinstein Introduces Legislation, Will Hold Hearings on Biometrics

In response to the September 11 attacks, Senator Dianne Feinstein(D-CA) has introduced the "Visa Entry Reform Act of 2001" and hasscheduled hearings on biometric identifiers.

The bill would require the issuance of a "SmartVisa" to allnon-citizens entering the country. The Attorney General and Secretaryof State would develop the SmartVisa to be machine-readable and toinclude a biometric identifier. In order for other countries to gainvisa waiver status (that is, the ability for its citizens to travel tothe U.S. without being issued a SmartVisa) the foreign country mustimplement its own identification system with machine-readable cardsand biometric identifiers. The legislation does not specify whatspecific biometric identifier would be used for SmartVisas.

Sen. Feinstein's legislation would create a central "lookout" databasethat would provide information on non-citizens to law enforcement, INSauthorities, and others agencies as determined by the AttorneyGeneral. The lookout database would be a joint project of FBI, theOffice of Homeland Security, CIA, the Foreign Terrorist Tracking TaskForce, and private industry.

Non-immigrant students would also be closely tracked under theFeinstein proposal. Educational institutions would be required toissue quarterly reports on students' course of study, the addresses ofparents, friends, and siblings, and work experience. This informationwould be included in the lookout database.

The text of S. 1627, the Visa Entry Reform Act of 2001, is available at:

EPIC's National ID Page:

[6] EPIC Bill-Track: New Bills in Congress


H.R.3162 Uniting and Strengthening America by Providing AppropriateTools Required to Intercept and Obstruct Terrorism (USA PATRIOT ACT)
Act of 2001. To deter and punish terrorist acts in the United Statesand around the world, to enhance law enforcement investigatory tools,
and for other purposes. Sponsor: Rep Sensenbrenner, F. James, Jr.
(R-WI). Latest Major Action: 10/26/2001 Signed by President.
Committees: House Judiciary; House Select Committee on Intelligence;
House Financial Services; House International Relations; House Energyand Commerce; House Education and the Workforce; House Transportationand Infrastructure; House Armed Services
H.R.3181 To establish a temporary moratorium on the issuance of visasfor nonimmigrant foreign students and other exchange programparticipants, to improve procedures for issuance of nonimmigrantstudent visas. To establish a temporary moratorium on the issuance ofvisas for nonimmigrant foreign students and other exchange programparticipants, to improve procedures for issuance of nonimmigrantstudent visas, and to enhance procedures for admission at ports ofentry to the United States. Sponsor: Rep Bilirakis, Michael (R-FL).
Latest Major Action: 10/30/2001 Referred to House committee: HouseJudiciary.

H.R.3205 Enhanced Border Security Act of 2001 To enhance the bordersecurity of the United States, and for other purposes. Sponsor: RepConyers, John, Jr. (D-GA) Latest Major Action: 11/1/2001 Referred toHouse committee: House Judiciary; House Select Committee onIntelligence; House International Relations; House Government Reform;
House Ways and Means; House Transportation and Infrastructure.

H.R.3221 To establish a temporary moratorium on the issuance of visasfor nonimmigrant foreign students and other exchange programparticipants and to improve reporting requirements for universities Toestablish a temporary moratorium on the issuance of visas fornonimmigrant foreign students and other exchange program participantsand to improve reporting requirements for universities under theforeign student monitoring program. Sponsor: Rep Roukema, Marge(R-NJ). Latest Major Action: 11/1/2001 Referred to House committee:
House Judiciary.


S.1618 Enhanced Border Security Act of 2001 A bill to enhance theborder security of the United States, and for other purposes. Sponsor:
Sen Kennedy, Edward M. (D-MA). Latest Major Action: 11/1/2001 Referredto Senate committee: Senate Judiciary.

S.1627 Visa Entry Reform Act of 2001 A bill to enhance the security ofthe international borders of the United States.Sponsor: Sen Feinstein,
Dianne (D-CA). Latest Major Action: 11/1/2001 Referred to Senatecommittee: Senate Judiciary.

EPIC Bill Track: Tracking Privacy, Speech, and Cyber-Liberties Billsin the 107th Congress, is available at:

[7] EPIC Bookstore - The Future of Ideas

The Future of Ideas: The Fate of the Commons in a Connected World, byLawrence Lessig.
"The Future of Ideas" is a highly readable and deeply engaging sequelto Stanford Law professor Lawrence Lessig's "Code and Other Laws ofCyberspace." In this book, Lessig, who is perhaps most famous for hisbrief tenure as a court-appointed "special master" in the Microsoftantitrust trial, also sees dominant players exercising control throughthe law, technical standards and political might to resist the changethat might otherwise take place. He urges the Internet generation notto forget what made the last 10 years exciting: an open platform thatdid not discriminate among applications or content, an environment forcreativity and innovation, a public commons for an information age. Ina word: the Internet. And instead of calling for the removal ofregulation to encourage freedom, he recommends that there is a placefor some regulation, if we want to preserve liberty.

Lessig's argument is compelling at many levels. It is as good ahistory of the development of Internet architecture as one is likelyto find in a book without pictures. It is also an extraordinarilyskillful interweaving of technical characterization and legalargument. And it is a story well told, with a fair balance of cleveraside and clear purpose.

In time, companies such as Microsoft either acquired or drove out manyof the smaller players. But while the software industry shakedownmoved forward, the public was transfixed by the rapid emergence of theInternet and a new era of creativity. It could be that in the steadymarch today toward the cable companies' "walled garden" and thesoftware giant's ".NET platform," there are the early indicators of anew revolution, what the business folks sometimes call "disruptivetechnologies." But there is also reason to believe that the cycle ofinnovation and consolidation may not continue endlessly. As more ofthe commons -- as more of the intellectual material of innovation --
is controlled, the opportunity for new forms of production isdiminished. The monopolies of today sweep more broadly than themonopolies of the past. Mr. Ford may have controlled the autoindustry, but he did not control the nation's roads. This is thewarning in Lessig's masterly exploration of the history of theInternet and the future of innovation.

EPIC Publications:

"Privacy & Human Rights 2001: An International Survey of Privacy Lawsand Developments," (EPIC 2001). Price: $20.

This survey, by EPIC and Privacy International, reviews the state ofprivacy in over fifty countries around the world. The survey examinesa wide range of privacy issues including, data protection, telephonetapping, genetic databases, ID systems and freedom of informationlaws.

"The Privacy Law Sourcebook 2001: United States Law, InternationalLaw, and Recent Developments," Marc Rotenberg, editor (EPIC 2001).
Price: $40.

The "Physicians Desk Reference of the privacy world." An invaluableresource for students, attorneys, researchers and journalists who needan up-to-date collection of U.S. and International privacy law, aswell as a comprehensive listing of privacy resources.

"Filters and Freedom 2.0: Free Speech Perspectives on Internet ContentControls" (EPIC 2001). Price: $20.

A collection of essays, studies, and critiques of Internet contentfiltering. These papers are instrumental in explaining why filteringthreatens free expression.

"The Consumer Law Sourcebook 2000: Electronic Commerce and the GlobalEconomy," Sarah Andrews, editor (EPIC 2000). Price: $40.

The Consumer Law Sourcebook provides a basic set of materials forconsumers, policy makers, practitioners and researchers who areinterested in the emerging field of electronic commerce. The focus ison framework legislation that articulates basic rights for consumersand the basic responsibilities for businesses in the online economy.

"Cryptography and Liberty 2000: An International Survey of EncryptionPolicy," Wayne Madsen and David Banisar, authors (EPIC 2000).
Price: $20.

EPIC's third survey of encryption policies around the world. Theresults indicate that the efforts to reduce export controls on strongencryption products have largely succeeded, although severalgovernments are gaining new powers to combat the perceived threats ofencryption to law enforcement.

EPIC publications and other books on privacy, open government, freeexpression, crypto and governance can be ordered at:

EPIC Bookstore

"EPIC Bookshelf" at Powell's Books

[8] Upcoming Conferences and Events

Fifth Annual Cato Institute/Forbes ASAP Technology & SocietyConference: The Future of Intellectual Property in the InformationAge. November 14, 2001. Washington, DC. For more information:
Information Operations: Applying Power in the Information Age. Jane'sInformation Group. November 14-15, 2001. Washington, DC. For moreinformation:
Information Gathering in the 21st Century. Seton Hall Law School.
November 16, 2001. South Orange, NJ. For more information:
The 2001 Freedom of Information and Privacy Awards. BC Freedom ofInformation and Privacy Association. November 19, 2001. Vancouver,
British Columbia. For more information:

Managing Privacy of Health Information. The Canadian Institute.
November 19-20, 2001. Vancouver, British Columbia. For moreinformation:

CPO and Privacy Practitioners Workshop. Privacy & American Businessand Privacy Council. November 27, 2001. Washington, DC. For moreinformation:
First Privacy Expo 2001. Privacy & American Business and PrivacyCouncil. November 27-29, 2001. Washington, DC. For more information:
Eighth Annual National "Managing the NEW Privacy Revolution"
Conference. Privacy & American Business and Privacy Council. November28-29, 2001. Washington, DC. For more information:
Privacy Law: New Developments & Issues in a Security-Conscious World.
Practising Law Institute. November 29, 2001. Satellite ViewingLocations. For more information:

Call for Papers - December 1, 2001. 11th Annual EICAR & 3rd EuropeanAnti-Malware Conference. European Institute for Computer Anti-VirusResearch (EICAR). June 8-11, 2002. Berlin, Germany. For moreinformation:

Privacy By Design 2001: Building Privacy for Better Business.
ZeroKnowledge. December 3-5, 2001. Montreal, Canada. For moreinformation:

Get Noticed: Effective Financial Privacy Notices. Federal TradeCommission. December 4, 2001. Washington, DC. For more information:

Call for Papers - December 10, 2001. Workshop on Privacy EnhancingTechnologies 2002. April 14-15, 2002. San Francisco, CA. For moreinformation:

17th Annual Computer Security Applications Conference (ACSAC). AppliedComputer Security Associates. December 10-14, 2001. New Orleans, LA.
For more information:

Call for Content - December 15, 2001. INET 2002 - Internet Crossroads:
Where Technology and Policy Intersect. The Internet Society. June18-21, 2002. Arlington, VA. For more information:

Future of Music Coalition Policy Summit. January 7-8, 2002.
Washington, DC. For more information:

Chief Privacy Officer Skills Development Workshop. PRIVA-C and SelectKnowledge. January 14-16, 2002 and February 18-20, 2002. Dallas, TX.
For more information:

CFP 2002: The Twelfth Conference on Computers, Freedom & Privacy.
April 16-19, 2002. San Francisco, CA. For more information:

Subscription Information

Subscribe/unsubscribe via Web interface:
Subscribe/unsubscribe via email:

To: Subject line: "subscribe" or "unsubscribe"

Back issues are available at:

The EPIC Alert displays best in a fixed-width font, such as Courier.

Privacy Policy

The EPIC Alert mailing list is used only to mail the EPIC Alert and tosend notices about EPIC activities. We do not sell, rent or share ourmailing list. We also intend to challenge any subpoena or other legalprocess seeking access to our mailing list. We do not enhance (linkto other databases) our mailing list or require your actual name.

In the event you wish to subscribe or unsubscribe your email addressfrom this list, please follow the above instructions under"subscription information". Please contact if you wouldlike to change your subscription email address, or if you have anyother questions.

About EPIC

The Electronic Privacy Information Center is a public interestresearch center in Washington, DC. It was established in 1994 tofocus public attention on emerging privacy issues such as the ClipperChip, the Digital Telephony proposal, national ID cards, medicalrecord privacy, and the collection and sale of personal information.
EPIC publishes the EPIC Alert, pursues Freedom of Information Actlitigation, and conducts policy research. For more information,
e-mail, or write EPIC, 1718Connecticut Ave., NW, Suite 200, Washington, DC 20009.
+1 202 483 1140 (tel), +1 202 483 1248 (fax).

If you'd like to support the work of the Electronic PrivacyInformation Center, contributions are welcome and fullytax-deductible. Checks should be made out to "EPIC" and sent to1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009.
Or you can contribute online at

**NEW!** Drink coffee, support civil liberties, get a tax deduction,
and learn Latin at the same time! Receive a free "sed quiscustodiet ipsos custodes?" coffee mug with donation of $75 or more.

Your contributions will help support Freedom of Information Act andFirst Amendment litigation, strong and effective advocacy for theright of privacy and efforts to oppose government regulation ofencryption and expanding wiretapping powers.

Thank you for your support.

END EPIC Alert 8.22


WorldLII: Copyright Policy | Disclaimers | Privacy Policy | Feedback