WorldLII Home | Databases | WorldLII | Search | Feedback

EPIC Alert

You are here:  WorldLII >> Databases >> EPIC Alert >> 2001 >> [2001] EPICAlert 3

Database Search | Name Search | Recent Articles | Noteup | LawCite | Help

EPIC Alert 8.03 [2001] EPICAlert 3


Volume 8.03 February 14, 2001

Published by the Electronic Privacy Information Center (EPIC)
Washington, D.C.

Table of Contents

[1] The Privacy Coalition Launches New Initiative
[2] DCS1000: The Device Formerly Known as Carnivore
[3] EPIC Launches Public Interest Law Program
[4] Medical Industry Seeks Roll-Back of Privacy Regulations
[5] FTC Hosts Discussion on Cross-Border Legal Disputes
[6] EPIC Bill-Track: New Bills in Congress
[7] EPIC Bookstore - Why Things Bite Back
[8] Upcoming Conferences and Events

[1] The Privacy Coalition Launches New Initiative

At a press conference at the National Press Club on February 12, ThePrivacy Coalition, a nonpartisan group of consumer, civil liberties,
educational, library, labor, and family-based groups, launched itsfirst initiative. The group presented "The Privacy Pledge" as thestandard for future protection of privacy.

Public interest organizations representing a wide spectrum ofconstituencies support the Privacy Pledge including: the AmericanAssociation of Law Libraries, American Library Association, AmericanCivil Liberties Union (ACLU), Center for Media Education, ComputerProfessionals for Social Responsibility, Consumer Action, ConsumerFederation of America, Consumer Project on Technology, ConsumersUnion, Eagle Forum, Electronic Privacy Information Center (EPIC), FreeCongress Foundation, Home School Legal Defense Association, Institutefor Global Communication, International Union, United Automobile,
Aerospace and Agricultural Implement Workers of America (UAW),
Junkbusters, Media Access Project, National Consumers League,
NetAction, Privacy Foundation, Privacy Journal, Privacy International,
Privacy Rights Clearinghouse, Privacy Times, Traditional ValuesCoalition, and U.S. Public Interest Research Group (PIRG).

The Privacy Pledge addresses the future, necessary steps to protectprivacy. The pledge advocates the adoption of a legal framework basedon full Fair Information Practices, including the rights to accessone's own information held by others, to limit the use of theinformation, and to obtain redress when information is improperlyused, as well as notice, consent, and security; independentenforcement and oversight; the promotion of genuine Privacy EnhancingTechnologies; legal restrictions on surveillance technologies; and afoundation of federal privacy safeguards that allow the private sectorand states to implement supplementary protections as needed.

The Privacy Coalition invites state and federal legislators to signthe pledge and thus protect one of the most important values of theinformation age.

The Privacy Pledge can be found at:

The press release announcing the formation of The Privacy Coalition,
as well as the pledge presented on February 12:

[2] DCS1000: The Device Formerly Known as Carnivore

In an apparent effort to minimize the damage from one of its biggestrecent public relations blunders, the Federal Bureau of Investigationhas given the Carnivore Internet surveillance system a new name. Fromnow on, the FBI will refer to the controversial device as "DCS1000."
Despite some reports indicating that the name is an acronym for "datacollection system," a Bureau spokesperson told Reuters that it"doesn't stand for anything."

The new name is reportedly just the first step in an anticipatedmake-over for Carnivore, which monitors large volumes of trafficpassing through the facilities of an Internet service provider and,
according to the FBI, captures only those data packets that the Bureauhas legal authorization to collect. The Justice Department is soonexpected to present the results of an internal review of Carnivore,
along with recommended changes, to Attorney General John Ashcroft.
That internal report was originally scheduled to be presented toformer Attorney General Janet Reno in December; the Department hasissued no public explanation for the delay.

The re-naming is not the only damage control attempted by the Bureauin recent weeks. In a letter dated January 23, FBI LaboratoryDirector Donald Kerr responded to questions about Carnivore raised bySenators Orrin Hatch (R-UT) and Patrick Leahy (D-VT). The leaders ofthe Senate Judiciary Committee, citing language contained in internalFBI documents released to EPIC, had asked the Bureau to explain theresults of a test showing that Carnivore "could reliably capture andarchive all unfiltered traffic" transmitted through an Internetservice provider and store the communications on a hard drive orremovable disks (see EPIC Alert 7.21). Kerr responded that:

Theoretically if Carnivore were to be installed and configured so as to attempt to intercept and archive "all"
traffic in a *very small* ISP . . . , Carnivore might conceivably be able to reliably capture and archive the traffic packets. However, it could not do so as to an ISP of any true size.

The FBI recently completed its processing of EPIC's Freedom ofInformation Act request for Carnivore material, withholding asignificant amount of information. EPIC's FOIA lawsuit is continuing,
and the court will consider the propriety of the Bureau's withholdingdecisions over the next few months.

A scanned image of the January 23 FBI letter to Sens. Hatch and Leahyis available at:

[3] EPIC Launches Public Interest Law Program

On February 8, EPIC launched the Internet Public InterestOpportunities Program (IPIOP) which will serve law students fromacross the country interested in public interest law and the Internet.
The program is made possible by a generous grant provided by ProfessorPam Samuelson and Dr. Robert Glushko. The IPIOP will draw on EPIC'spast experience in many of the Internet's most significant policy andlegal issues such as litigation of the Communications Decency Act andthe Child Online Protection Act, campaigns against the Clipper Chipand for free export of encryption products, advocacy for greaterprotection of consumer privacy, as well as continued use of theFreedom of Information Act.

"EPIC has done a wonderful job as a leading voice for the public onthese new challenges and has provided a great learning experience forstudents interested in cyber law," said Professor Samuelson, a BoaltHall professor and a world-renowned expert on cyberlaw andintellectual property.

The EPIC Internet Public Interest Opportunities Program will work inconjunction with the newly established Samuelson Law, Technology andPublic Policy Clinic at the University of California at Berkeley,
Boalt School of Law, as well as other similar centers around thecountry. The Samuelson Clinic is the first law school program in thecountry to focus on technology and the public interest.

For more details, see the press release announcing the establishmentof the EPIC Internet Public Interest Opportunities Program:
For more information about the Samuelson Law, Technology and PublicPolicy Clinic:

[4] Medical Industry Seeks Roll-Back of Privacy Regulations

As reported by the New York Times on February 12, health carelobbyists have pressured the Bush administration to weaken, delay, oreven withdraw the implementation of recently promulgated regulationsdesigned to protect patients' privacy. The regulations require healthcare providers to gain written consent from patients before using ordisclosing their medical records. Also, patients have the right toinspect their records and suggest corrections where inaccurateinformation is held. The regulations carry civil and criminalpenalties for violations.

Industry lobbyists argue that the regulations impose burdensomerequirements, including the re-training of employees, the purchase ofnew systems designed to comply with the privacy protections, and thehiring of privacy officers charged with the duty of ensuringcompliance. Supporters of the new regulations have stated thatproviding an adequate level of privacy protection will encouragepatients to be more forthcoming about their conditions and thusfacilitate medical treatment and research.

Privacy advocates, while supporting the adoption of federal standardsfor the protection of medical privacy, have pointed to areas in whichthe regulations could be improved. Under the new rules, marketers cantarget advertising to patients based on their afflictions. Patientsmust "opt-out" from this marketing. In addition, the regulationsallow law enforcement officials to gain access to patients' medicalrecords without judicial review.

Senator Patrick Leahy (D-VT) has announced that his staff is draftinga bill to address the marketing loophole exposed by privacy advocates.
Leahy's bill would give patients a private right of action wheremedical information is sold by third parties. The bill would alsorequire patients' consent before marketers could use their records foradvertising.

The regulations are available online at:

[5] FTC Hosts Discussion on Cross-Border Legal Disputes

On February 6, the Federal Trade Commission (FTC) held a roundtablediscussion on alternative dispute resolution (ADR) and the futureHague Treaty on Jurisdiction and Enforcement of Foreign Judgments.
Panelists included academics, business representative, civil libertiesgroups, consumer advocates, government officials and trial lawyers.

The morning session focused on developing principles for onlinedispute resolution for small value consumer contracts. Overallconsensus was reached on the need for effective, inexpensive, fair andaccessible ADR services with some kind of oversight mechanism forconsumers. There was strong disagreement, however, with proposalsfrom business groups that ADR should be mandatory and binding onconsumers. Consumer groups and trial lawyers stated out that thiscould deny a consumer's right to access the courts, prohibit classaction lawsuits, and discourage trust and confidence in themarketplace. They also pointed out that there are certain cases whereADR is clearly not appropriate, for instance in some privacy cases,
where injunctive or other judicial relief would be needed.

The afternoon session was more contentious. The discussion focused onthe future Hague Convention on Jurisdiction and Enforcement of ForeignJudgments which is being negotiated by the Hague Conference on PrivateInternational Law. This convention will potentially affect all civiland commercial cross-border lawsuits, including consumer, privacy,
intellectual property and free-speech disputes. It will harmonizerules of jurisdiction for cross border disputes and allow judgmentholders in one country to have their judgments enforced in the countrywhere the defendant is based. The main source of controversy betweenbusiness and consumer groups was Article 7 of the October 1999 DraftTreaty, which would prohibit businesses from including "choice ofcourt" clauses in consumer contracts and give consumers the right tosue in their home courts. Concerns were also raised by consumer andcivil liberties groups regarding intellectual property and free speechissues. They argued that unless claims involving, for example, breachof copyright, defamation or trade secrets are specifically excludedfrom the Treaty, individuals in one country may be sued by"rights-holders" in other countries with far more restrictive laws onthese issues. Discussions on this Convention are ongoing. The nextmeeting of the Hague Conference will be held in Ottawa from February26 to March 2.

For details of the FTC's February 6 roundtable meeting visit:

For the October 1999 Draft Convention and other relevant documents,
see the Consumer Project on Technology's page on the Hague Treaty:
See also the Trans Atlantic Consumer Dialogue (TACD) resolution onAlternative Dispute Resolution at:

[6] EPIC Bill-Track: New Bills in Congress


H.R.260 Wireless Privacy Protection Act of 2001, To require customerconsent to the provision of wireless call location information.
Sponsor: Rep Frelinghuysen, Rodney P (R-NJ). Latest Major Action:
1/30/2001 Referred to House committee: House Energy and Commerce.

H.R.347 Consumer Online Privacy and Disclosure Act, To require theFederal Trade Commission to prescribe regulations to protect theprivacy of personal information collected from and about individualson the Internet, to provide greater individual control over thecollection and use of that information, and for other purposes.
Sponsor: Rep Green, Gene (D-TX), Latest Major Action: 1/31/2001Referred to House committee: House Energy and Commerce.

H.R.583 Privacy Commission Act, to establish the Commission for theComprehensive Study of Privacy Protection. Sponsor: Rep Hutchinson,
Asa (R-AR). Latest Major Action: 2/13/2001 Referred to Housecommittee: House Government Reform.


S.197 Spyware Control and Privacy Protection Act of 2001, a bill toprovide for the disclosure of the collection of information throughcomputer software, and for other purposes. Sponsor: Sen Edwards, John(D-NC). Latest Major Action: 1/29/2001 Referred to Senate committee:
Senate Commerce, Science, and Transportation
S.201 Federal Employee Protection Act of 2001, a bill to require thatFederal agencies be accountable for violations of antidiscriminationand whistleblower protection laws, and for other purposes. Sponsor:
Sen Warner, John W. (R-VA) Latest Major Action: 1/29/2001 Referred toSenate committee: Senate Governmental Affairs.

S.290 The Student Privacy Protection Act, a bill to increase parentalinvolvement and protect student privacy. Sponsor: Sen Dodd,
Christopher J. (D-CT) Latest Major Action: 2/8/2001 Referred to Senatecommittee: Senate Health, Education, Labor, and Pensions

EPIC Bill Track: Tracking Privacy, Speech, and Cyber-Liberties Billsin the 107th Congress, is available at:

[7] EPIC Bookstore - Why Things Bite Back

Why Things Bite Back: Technology and the Revenge of UnintendedConsequences, by Edward Tenner
In this perceptive and provocative look at everything from computersoftware that requires faster processors and more support staff toantibiotics that breed resistant strains of bacteria, Edward Tenneroffers a virtual encyclopedia of what he calls "revenge effects" --
the unintended consequences of the mechanical, chemical, biological,
and medical forms of ingenuity that have been hallmarks of theprogressive, improvement-obsessed modern age. Tenner shows why ourconfidence in technological solutions may be misplaced, and exploresways in which we can better survive in a world where despitetechnology's advances -- and often because of them -- "reality isalways gaining on us." For anyone hoping to understand the ways inwhich society and technology interact, Why Things Bite Back isindispensable reading.

For other books recommended by EPIC, browse the EPIC Bookshelf at:

EPIC Publications:

"The Consumer Law Sourcebook 2000: Electronic Commerce and the GlobalEconomy," Sarah Andrews, editor (EPIC 2000). Price: $40.

The Consumer Law Sourcebook provides a basic set of materials forconsumers, policy makers, practitioners and researchers who areinterested in the emerging field of electronic commerce. The focus ison framework legislation that articulates basic rights for consumersand the basic responsibilities for businesses in the online economy.

"Privacy & Human Rights 2000: An International Survey of Privacy Lawsand Developments," David Banisar, author (EPIC 2000).
Price: $20.

This survey, by EPIC and Privacy International, reviews the state ofprivacy in over fifty countries around the world. The survey examinesa wide range of privacy issues including, data protection, telephonetapping, genetic databases, ID systems and freedom of informationlaws.

"The Privacy Law Sourcebook 2000: United States Law, InternationalLaw, and Recent Developments," Marc Rotenberg, editor (EPIC 2000).
Price: $40.

The "Physicians Desk Reference of the privacy world." An invaluableresource for students, attorneys, researchers and journalists who needan up-to-date collection of U.S. and International privacy law, aswell as a comprehensive listing of privacy resources.

"Cryptography and Liberty 2000: An International Survey of EncryptionPolicy," Wayne Madsen and David Banisar, authors (EPIC 2000).
Price: $20.

EPIC's third survey of encryption policies around the world. Theresults indicate that the efforts to reduce export controls on strongencryption products have largely succeeded, although severalgovernments are gaining new powers to combat the perceived threats ofencryption to law enforcement.

"Filters and Freedom: Free Speech Perspectives on Internet ContentControls," David Sobel, editor (EPIC 1999). Price: $20.

A collection of essays, studies, and critiques of Internet contentfiltering. These papers are instrumental in explaining why filteringthreatens free expression.

Additional titles on privacy, open government, free expression,
computer security, and crypto, as well as films and DVDs can beordered through the EPIC Bookstore:

[8] Upcoming Conferences and Events

Privacy and Technologies of Information: The Problem of Privacyin Public. University of Maryland, School of Public Affairs.
February 15, 2001. College Park, MD. For more information:
Nominations - February 16, 2001. MIT Sloan eBusiness Awards:
Recognizing Successful Innovation in eBusiness. For more information:

Privacy in the New Environments: What the Personal InformationProtection and Electronic Documents Act Means to Your Organization.
Riley Information Services. February 19, 2001. Ottawa, Canada. Formore information:

The Second National HIPAA Summit: The Leading Forum on HealthcarePrivacy, Confidentiality, Data Security and HIPAA Compliance. March1-2, 2001. Washington, DC. For more information:

CFP 2001: the Eleventh Conference on Computers, Freedom and Privacy.
March 6-9, 2001. Cambridge, MA. For more information:

Consumer Assembly 2001: New Issues in a New Political and EconomicEra. Consumer Federation of America. March 8-9, 2001. Washington, DC.
For more information:
Freedom of Expression: New and Existing Challenges. Organization forSecurity and Co-operation in Europe, Office for DemocraticInstitutions and Human Rights. March 12-13, 2001. Vienna, Austria.
For more information:
The Information Marketplace: Merging and Exchanging Consumer Data.
Federal Trade Commission. March 13, 2001. Washington, DC. For moreinformation:

EUROSEC 2001: Forum sur la Sécurité des Systèmes d'Information. XPConseil. March 13-15, 2001. Paris, France. For more information:

Online, Offshore and Cross-Border: Regulating Global E-Commerce.
Washington College of Law, American University. March 30, 2001.
Washington, DC. For more information:
Call For Papers - March 31, 2001 (prizes available for graduatestudent papers). The 29th Research Conference on Communication,
Information and Internet Policy. October 27-29, 2001. Alexandria, VA.
For more information:
BNA Public Policy Forum: Cybersecurity and Privacy. Pike and Fischer,
Inc. April 4, 2001. Washington, DC. For more information:

First International Conference on Human Aspects of the InformationSociety. Information Management Research Institute, University ofNorthumbria at Newcastle. April 9-11, 2001. Newcastle upon Tyne,
England. For more information:
Corporate Privacy Officers Program 2001: Washington Briefing and PeerWorkshop. Privacy and American Business. April 11-12, 2001.
Washington, DC. For more information:

National Summit on Electronic Privacy. The National Institute forGovernment Innovation. April 23-24, 2001. Washington, DC. For moreinformation:

The 26th Annual AAAS Colloquium on Science and Technology Policy.
American Association for the Advancement of Science. May 3-4, 2001.
Washington, DC. For more information:
The Internet Security Conference (TISC) 2001. Core Competence, Inc.
June 4-8, 2001. Los Angeles, CA. For more information:

INET 2001: A Net Odyssey, Mobility and the Internet. The 11th AnnualInternet Society Conference. June 5-8, 2001. Stockholm, Sweden. Formore information:

Call For Submissions - August 3, 2001. Workshop on Security andPrivacy in Digital Rights Management 2001. Eighth Association forComputing Machinery (ACM) Conference on Computer and CommunicationsSecurity. November 5, 2001. For more information:

Privacy2001: Information, Security & Ethics for the New Century.
Technology Policy Group. October 3-4, 2001. Cleveland, Ohio. For moreinformation:

Subscription Information

The EPIC Alert is a free biweekly publication of the ElectronicPrivacy Information Center. A Web-based form is available forsubscribing or unsubscribing at:
To subscribe or unsubscribe using email, send email with the subject: "subscribe" (no quotes) or"unsubscribe".

Back issues are available at:

Privacy Policy

The EPIC Alert mailing list is used only to mail the EPIC Alert and tosend notices about EPIC activities. We do not sell, rent or share ourmailing list. We also intend to challenge any subpoena or other legalprocess seeking access to our mailing list. We do not enhance (linkto other databases) our mailing list or require your actual name.

In the event you wish to subscribe or unsubscribe your email addressfrom this list, please follow the above instructions under"subscription information". Please contact if you haveany other questions.

About EPIC

The Electronic Privacy Information Center is a public interestresearch center in Washington, DC. It was established in 1994 tofocus public attention on emerging privacy issues such as the ClipperChip, the Digital Telephony proposal, national ID cards, medicalrecord privacy, and the collection and sale of personal information.
EPIC publishes the EPIC Alert, pursues Freedom of Information Actlitigation, and conducts policy research. For more information,
e-mail, or write EPIC, 1718Connecticut Ave., NW, Suite 200, Washington, DC 20009.
+1 202 483 1140 (tel), +1 202 483 1248 (fax).

If you'd like to support the work of the Electronic PrivacyInformation Center, contributions are welcome and fullytax-deductible. Checks should be made out to "EPIC" and sent to1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009.
Or you can contribute online at
Your contributions will help support Freedom of Information Act andFirst Amendment litigation, strong and effective advocacy for theright of privacy and efforts to oppose government regulation ofencryption and expanding wiretapping powers.

Thank you for your support.

END EPIC Alert 8.03


WorldLII: Copyright Policy | Disclaimers | Privacy Policy | Feedback