WorldLII Home | Databases | WorldLII | Search | Feedback

EPIC Alert

You are here:  WorldLII >> Databases >> EPIC Alert >> 2001 >> [2001] EPICAlert 7

Database Search | Name Search | Recent Articles | Noteup | LawCite | Help

EPIC Alert 8.07 [2001] EPICAlert 7


Volume 8.07 April 18, 2001

Published by the Electronic Privacy Information Center (EPIC)
Washington, D.C.

Table of Contents

[1] Medical Privacy Regulations Go Forward
[2] High Court Urged Not to Review Censorship Ruling
[3] Group Explains and Examines Financial Privacy Notices
[4] ChoicePoint Sells Personal Data to FBI
[5] Study Examines Public Opinion on Privacy and FOI
[6] EPIC Bill-Track: New Bills in Congress
[7] EPIC Bookstore - Digital Copyright
[8] Upcoming Conferences and Events

[1] Medical Privacy Regulations Go Forward

Last week, President George W. Bush and Health and Human Services(HHS) Secretary Tommy Thompson announced that there will be no delayin the implementation of the medical privacy regulations issued in thefinal weeks of the Clinton presidency. The development of theregulations was mandated by the Health Insurance Portability andAccountability Act (HIPAA), a 1996 bill that provided for thespecification of standards to facilitate the transfer of electronicmedical data. At the time, a bi-partisan consensus recognized thatthe ease of communicating medical data could result in violations ofprivacy. Accordingly, HIPAA called for privacy protections to beformulated by Congress or HHS.

The regulations provide the first baseline federal protection for theprivacy of medical information, whether communicated electronically,
by paper, or orally. When fully implemented in 2003, patients willhave the right to notice of privacy policies, request restrictions ondisclosure, amend their records, receive an accounting of disclosures,
and file a complaint with the Secretary of Health and Human Services.

Certain provisions of the regulations fail to adequately protectpatients' privacy. For instance, one section allows law enforcementagents to gain access to medical information without court oversight.
Another allows marketers to contact individual patients about theirconditions in order to send commercial solicitations. Patients must"opt-out" of these solicitations after they are contacted by themarketer.

In March, over a dozen members of the Privacy Coalition sent a letterurging that implementation of the privacy regulations go forwardwithout further delay and that the Secretary close the law enforcementand marketing loopholes. The Bush administration has indicated thatsome provisions of the regulations are likely to be changed. EPICalong with other groups will monitor these changes as they occur.

Privacy Coalition Letter to Secretary Thompson:
The HIPAA Privacy Regulations are available at:

[2] High Court Urged Not to Review Censorship Ruling

EPIC has joined with the American Civil Liberties Union and theElectronic Frontier Foundation in asking the U.S. Supreme Court not todisturb a lower court ruling that found the Child Online ProtectionAct (COPA) to be unconstitutional. In a brief filed on April 16, thegroups oppose a petition for certiorari submitted by the JusticeDepartment seeking Supreme Court review of the June 2000 decision ofthe U.S. Court of Appeals for the Third Circuit in Philadelphia. Inthat opinion, a unanimous three-judge panel expressed its belief thatthe 1998 censorship law is fatally flawed.

The legislation was introduced in Congress after an earlier effort toregulate children's access to "indecent" material, the CommunicationsDecency Act (CDA), was held unconstitutional by a unanimous U.S.
Supreme Court in 1997. To date, every federal judge to consider thelegality of either CDA or COPA has found that the Internet contentregulation laws violate the First Amendment.

COPA would make it a federal crime to "knowingly" communicate "forcommercial purposes" material considered "harmful to minors" to anyoneunder the age of 17. Penalties include fines of up to $50,000 foreach day of violation and up to six months in prison. Compliance withCOPA would require websites to obtain identification and ageverification from visitors, a feature of the law that EPIC has arguedthreatens online privacy and anonymity.

In arguing against Supreme Court review, the free speech groups tellthe Court that
COPA suffers from the very same fundamental defects that caused this Court to strike down the CDA as unconstitutional.
Both statutes, in their attempt to deny minors access to certain speech, "effectively suppress[] a large amount of speech that adults have a constitutional right to receive and to address to one another" and are therefore unconstitutionally overbroad.

Complete information on the COPA litigation, including the text of thebrief opposing Supreme Court review, is available at:

[3] Group Explains and Examines Financial Privacy Notices

Over the next several months, millions of Americans will beginreceiving notices concerning the protection of their personalfinancial information. Part of the Gramm-Leach-Bliley Act (GLB)
requires financial institutions to send consumers yearly notices onhow their personal financial data is used. Despite the length of mostof the notices, financial institutions are only legally required toprovide an opt-out before sharing information with unaffiliated thirdparties. By July 1, 2001, every financial institution should have senta notice to every one of its account holders. Most of these noticeswill probably be included with monthly account statements.

The Privacy Rights Clearinghouse (PRC) has developed a number of factsheets on these financial privacy notices. "Financial Privacy: How toRead Your 'Opt-Out' Notices" helps break down some of the key termslikely to be used in the privacy notices. It also provides a sampleopt-out letter so that consumers can prevent unwanted informationsharing. PRC has also released "Lost in the Fine Print: Readabilityof Financial Privacy Notices," a study examining the clarity of thefinancial privacy notices. The study found that the privacy notices,
in terms of ease of understanding, were short of current statereadability requirements for other types of documents such asinsurance policies.

In other privacy news, the U.S. General Accounting Office (GAO) andthe Progressive Policy Institute have recently released reports ondata protection issues. On April 12, GAO posted a report looking at"Record Linkage and Privacy: Issues in Creating New Federal Researchand Statistical Information." The report examines issues such as howde-identified data may become re-identified as describing a particularperson and how various techniques may help address the privacyconcerns. At an April 16 event hosted by George WashingtonUniversity, the Progressive Policy Institute issued "Online Privacyand a Free Internet Striking a Balance," a report containing itsrecommendation for Congressional treatment of Internet privacy. Thereport recommended limited legislation that requires websites toprovide only notice and an opt-out and would pre-empt the states'
abilities to enact stronger privacy laws on their own.

Privacy Rights Clearinghouse Fact Sheets (some fact sheets alsoavailable in Spanish):

"Lost in the Fine Print: Readability of Financial Privacy Notices":

[4] ChoicePoint Sells Personal Data to FBI

As reported in the Wall Street Journal on April 13, the FBI, the IRSand other government agencies frequently purchase informationconcerning U.S. citizens from private companies. The Privacy Act of1974 places restrictions on the collection, use and dissemination ofpersonal information by government agencies only and places nolimitations on the private sector. Therefore government agencies havebegun to rely on the huge databases that are freely maintained byprivate companies in order to retrieve information -- such asbirthdates, Social Security numbers, credit histories, purchasinghabits, financial and medical records -- that they could not otherwiselegally collect.

One of the largest providers of these kinds of services isChoicePoint, Inc. This publicly-owned company offers easy searchingand "look-up" services for government officials. It even maintainscustomized Web sites for the FBI, the INS and the Department ofHousing and Urban Development.

These activities (and its role in the Presidential electioncontroversy in Florida last year) have earned ChoicePoint a specialkind of notoriety. At Privacy International's Big Brother Awardceremony held in Cambridge, MA on March 7, ChoicePoint received the"Greatest Corporate Invader" award "for massive selling of records,
accurate and inaccurate to cops, direct marketers and electionofficials."

Information about Privacy International's Third Annual Big BrotherAwards is available at:

[5] Study Examines Public Opinion on Privacy and FOI

On April 3, the American Society of Newspaper Editors and the FirstAmendment Center released "Freedom of Information in the Digital Age,"
a study examining the public's attitudes towards privacy and opengovernment. The study concludes that further efforts to ensure opengovernment must take into account the public's growing focus onprivacy issues.

In one of the first series of questions, the survey found that 61percent of those polled were very concerned about privacy. Incomparison, 65 percent were very concerned about crime and 63 percentwere very concerned about access to health care. In addition, thereport also found that 60 percent of those questioned thought thatpublic access to government records is crucial to the operation ofgood government. A variety of opinions were received in response toquestions about the types of records that should be publiclyavailable. Sixty-six percent of those polled believed that thesalaries of public officials should definitely be made available,
while only 18 percent thought the same of divorce records. Also,
forty-nine percent of respondents strongly agreed that citizens haveno control over personal information in the hands of government. Anidentical 49 percent strongly agreed that citizens have no controlover personal data held by the private sector.

"Freedom of Information in the Digital Age" can be downloaded from:

[6] EPIC Bill-Track: New Bills in Congress


H.R.1215 Medical Information Protection and Research Enhancement Actof 2001. To ensure confidentiality with respect to medical records andhealth care-related information, and for other purposes. Sponsor: RepGreenwood, James C. (R-PA) Latest Major Action: 3/27/2001 Referred toHouse committee: House Energy and Commerce; House Judiciary.

H.R.1223 Parolee LEADS Public Safety Grant Program Act of 2001. Tomake grants to States for providing information regarding parolees tolocal law enforcement agencies, and for other purposes. Sponsor: RepBaca, Joe (D-CA) Latest Major Action: 3/27/2001 Referred to Housecommittee: House Judiciary.

H.R.1259 Computer Security Enhancement Act of 2001. To amend theNational Institute of Standards and Technology Act to enhance theability of the National Institute of Standards and Technology toimprove computer security, and for other purposes. Sponsor: RepMorella, Constance A. (R-MD) Latest Major Action: 3/28/2001 Referredto House committee: House Science.

H.R.1292 Homeland Security Strategy Act of 2001. To require thePresident to develop and implement a strategy for homeland security.
Sponsor: Rep Skelton, Ike (D-MO) Latest Major Action: 3/29/2001Referred to House committee: House Armed Services; House Judiciary;
House Transportation and Infrastructure; House Select Committee onIntelligence.

H.R.1408 Financial Services Antifraud Network Act of 2001. Tosafeguard the public from fraud in the financial services industry, tostreamline and facilitate the antifraud information-sharing efforts ofFederal and State regulators, and for other purposes. Sponsor: RepRogers, Mike (R-MI). Latest Major Action: 4/4/2001 Referred to Housecommittee: House Agriculture; House Financial Services; HouseJudiciary.

H.R.1424. To amend the Telemarketing and Consumer Fraud and AbusePrevention Act to direct the Federal Trade Commission to prescriberules that prohibit certain deceptive and abusive recovery practicesin connection with telemarketing. Sponsor: Rep Baca, Joe (D-CA).
Latest Major Action: 4/4/2001 Referred to House committee: HouseEnergy and Commerce.

H.R.1478. To protect the privacy of the individual with respect to theSocial Security number and other personal information, and for otherpurposes. Sponsor: Rep Kleczka, Gerald D. (D-WI). Latest Major Action:
4/4/2001 Referred to House committee: House Financial Services; HouseWays and Means.


S.630, The Can Spam Act. A bill to prohibit senders of unsolicitedcommercial electronic mail from disguising the source of theirmessages, to give consumers the choice to cease receiving a sender'sunsolicited commercial electronic mail messages, and for otherpurposes. Sponsor: Sen Burns, Conrad R. (R-MT). Latest Major Action:
3/27/2001 Referred to Senate committee: Senate Commerce, Science, andTransportation.

S.722. A bill to amend the Communications Act of 1934 to prohibittelemarketers from interfering with the caller identification serviceof any person to whom a telephone solicitation is made, and for otherpurposes. Sponsor: Sen Frist, Bill (R-TN) Latest Major Action:
4/5/2001 Referred to Senate committee: Senate Commerce, Science, andTransportation.

EPIC Bill Track: Tracking Privacy, Speech, and Cyber-Liberties Billsin the 107th Congress, is available at:

[7] EPIC Bookstore - Digital Copyright

Digital Copyright : Protecting Intellectual Property on the Internetby Jessica Litman
The Internet has been hailed as the most revolutionary socialdevelopment since the printing press. In many ways its astonishinggrowth has outstripped any historical analogy we can unearth. Whathas fueled much of that growth has been the explosion of newpossibilities for connections
among people, among different formerlydiscrete packages of information, among ideas. Digital media andnetwork connections, it is said, are the most democratic of media,
promoting free expression and access to information wherever acomputer can be hooked up to a telephone line.

In this celebration of new possibilities, we tend to emphasize themany things that become feasible when people have ready access toinformation sources and to other people not practicably availablebefore. The scope and the speed of interconnected digital networksmake conversations easy that before were unimaginable. But thetechnological marvel that makes this interconnection possible hasother potential as well. Digital technology makes it possible tomonitor, record and restrict what people look at, listen to, read andhear. Why, in the United States, would one want to do such a thing?
To get paid. If someone, let's call him Fred, keeps track of what wesee and hear, that enables Fred to ensure that we pay for our sightsand sounds. Once information is valuable, an overwhelming temptationarises to appropriate that value, to turn it in to cash.

Now that technology permits the dissemination of information on apay-per-view basis, we've seen the emergence of new way of thinkingabout copyright: Copyright is now seen as a tool for copyright ownersto use to extract all the potential commercial value from works ofauthorship, even if that means that uses that have long been deemedlegal are now brought within the copyright owner's control. In 1998,
copyright owners persuaded Congress to enhance their rights with asheaf of new legal and technological controls. Armed with thosecopyright improvements, copyright lawyers began a concerted campaignto remodel cyberspace into a digital multiplex and shopping mall forcopyright-protected material. The outcome of that effort is stilluncertain. If current trends continue unabated, however, we arelikely to experience a violent collision between our expectations offreedom of expression and the enhanced copyright law.

For other books recommended by EPIC, browse the EPIC Bookshelf at:

EPIC Publications:

"The Consumer Law Sourcebook 2000: Electronic Commerce and the GlobalEconomy," Sarah Andrews, editor (EPIC 2000). Price: $40.

The Consumer Law Sourcebook provides a basic set of materials forconsumers, policy makers, practitioners and researchers who areinterested in the emerging field of electronic commerce. The focus ison framework legislation that articulates basic rights for consumersand the basic responsibilities for businesses in the online economy.

"Privacy & Human Rights 2000: An International Survey of Privacy Lawsand Developments," David Banisar, author (EPIC 2000).
Price: $20.

This survey, by EPIC and Privacy International, reviews the state ofprivacy in over fifty countries around the world. The survey examinesa wide range of privacy issues including, data protection, telephonetapping, genetic databases, ID systems and freedom of informationlaws.

"The Privacy Law Sourcebook 2000: United States Law, InternationalLaw, and Recent Developments," Marc Rotenberg, editor (EPIC 2000).
Price: $40.

The "Physicians Desk Reference of the privacy world." An invaluableresource for students, attorneys, researchers and journalists who needan up-to-date collection of U.S. and International privacy law, aswell as a comprehensive listing of privacy resources.

"Cryptography and Liberty 2000: An International Survey of EncryptionPolicy," Wayne Madsen and David Banisar, authors (EPIC 2000).
Price: $20.

EPIC's third survey of encryption policies around the world. Theresults indicate that the efforts to reduce export controls on strongencryption products have largely succeeded, although severalgovernments are gaining new powers to combat the perceived threats ofencryption to law enforcement.

"Filters and Freedom: Free Speech Perspectives on Internet ContentControls," David Sobel, editor (EPIC 1999). Price: $20.

A collection of essays, studies, and critiques of Internet contentfiltering. These papers are instrumental in explaining why filteringthreatens free expression.

Additional titles on privacy, open government, free expression,
computer security, and crypto, as well as films and DVDs can beordered through the EPIC Bookstore:

[8] Upcoming Conferences and Events

Are the Crypto Wars Over?: Privacy, Digital Security and the Future ofEncryption Policy. The Cato Institute. April 19, 2001. Washington, DC.
For more information:
Globalizing the Rule of Law Through Information Policy. WashingtonCollege of Law, Fund for Constitutional Government and the GovernmentAccountability Project. April 20, 2001. Washington, DC. For moreinformation:

Beyond the Information Superhighway: Searching for the Next PolicyMetaphor. Center for Law, Commerce & Technology, University ofWashington School of Law. April 20-22, 2001. Seattle, WA. For moreinformation:

National Summit on Electronic Privacy. The National Institute forGovernment Innovation. April 23-24, 2001. Washington, DC. For moreinformation:

Privacy Under Assault: Can Encryption Safeguard the Internet? 2001Marconi Forum on Internet Privacy, Columbia University. April 24,
2001. New York, NY. For more information:
Technology and Us - A Vision for the Future. Center for Science,
Technology & Society, Santa Clara University. April 26, 2001. SantaClara, CA. For more information:

The First Annual Privacy and Data Protection Summit. Privacy OfficersAssociation. May 2-4, 2001. Arlington, VA. For more information:
The 26th Annual AAAS Colloquium on Science and Technology Policy.
American Association for the Advancement of Science. May 3-4, 2001.
Washington, DC. For more information:
Surveillance, Risk, and Social Categorization. The SurveillanceProject, Queen's University. May 3-5, 2001. Kingston, Ontario CANADA.
For more information:
Future of the Internet: Preserving the Internet's Openness, Freedom,
and Diversity. Center for Media Education and Center for DigitalDemocracy. May 9, 2001. Washington, DC. For more information:
The Internet and State Security Forum (ISSF). Cambridge Review ofInternational Affairs. May 19, 2001. Cambridge, England. For moreinformation:

Communication Research and Policy Workshop. Ford Foundation andComputer Professionals for Social Responsibility (CPSR). May 24, 2001.
Washington, DC. For more information:
It's the Public's Right. National Freedom of Information Coalition.
May 25-27, 2001. Newport Beach, CA. For more information:

Call for Papers - June 1, 2001. Summer 2001 Issue on Cybermedicine.
John Marshall Journal of Computer and Information Law. For moreinformation:
The Internet Security Conference (TISC) 2001. Core Competence, Inc.
June 4-8, 2001. Los Angeles, CA. For more information:

INET 2001: A Net Odyssey, Mobility and the Internet. The 11th AnnualInternet Society Conference. June 5-8, 2001. Stockholm, Sweden. Formore information:

ETHICOMP 2001: Systems of the Information Society. Telecommunicationsand Informatics Technical University of Gdansk, Poland. June 18-20,
2001. Gdansk, Poland. For more information:

Democracy Forum 2001: Democracy and the Information Revolution.
International Institute for Democracy and Electoral Assistance. June27-29, 2001. Stockholm, Sweden. For more information:
Call for Papers - June 30, 20001. CEPE2001: Computer Ethics,
Philosophical Enquiries. Lancaster University (UK). Centre for Studyof Technology in Organizations, Institute for Environment, Philosophyand Public Policy. December 14-16, 2001. For more information:

Re-shaping the Culture of Research: People, Participation,
Partnerships & Practical Tools - Fourth Annual Community ResearchNetwork Conference. The Loka Institute. July 6-8, 2001. Austin, TX.
For more information:

Call For Submissions - August 3, 2001. Workshop on Security andPrivacy in Digital Rights Management 2001. Eighth Association forComputing Machinery (ACM) Conference on Computer and CommunicationsSecurity. November 5, 2001. For more information:

ICSC 2001: International Conference on Social Computing. University ofBremen. October 1-3, 2001. Bremen, Germany. For more information:

Privacy2001: Information, Security & Ethics for the New Century.
Technology Policy Group. October 3-4, 2001. Cleveland, Ohio. For moreinformation:

Nurturing the Cybercommons, 1981-2001. Computer Professionals forSocial Responsibility (CPSR) 20th Annual Meeting. October 19-21, 2001.
Ann Arbor, MI. For more information:

Learning for the Future. Business for Social Responsibility's NinthAnnual Conference. November 7-9, 2001. Seattle, WA. For moreinformation:

Subscription Information

The EPIC Alert is a free biweekly publication of the ElectronicPrivacy Information Center. A Web-based form is available forsubscribing or unsubscribing at:
To subscribe or unsubscribe using email, send email with the subject: "subscribe" (no quotes) or"unsubscribe".

Back issues are available at:

Privacy Policy

The EPIC Alert mailing list is used only to mail the EPIC Alert and tosend notices about EPIC activities. We do not sell, rent or share ourmailing list. We also intend to challenge any subpoena or other legalprocess seeking access to our mailing list. We do not enhance (linkto other databases) our mailing list or require your actual name.

In the event you wish to subscribe or unsubscribe your email addressfrom this list, please follow the above instructions under"subscription information". Please contact if you haveany other questions.

About EPIC

The Electronic Privacy Information Center is a public interestresearch center in Washington, DC. It was established in 1994 tofocus public attention on emerging privacy issues such as the ClipperChip, the Digital Telephony proposal, national ID cards, medicalrecord privacy, and the collection and sale of personal information.
EPIC publishes the EPIC Alert, pursues Freedom of Information Actlitigation, and conducts policy research. For more information,
e-mail, or write EPIC, 1718Connecticut Ave., NW, Suite 200, Washington, DC 20009.
+1 202 483 1140 (tel), +1 202 483 1248 (fax).

If you'd like to support the work of the Electronic PrivacyInformation Center, contributions are welcome and fullytax-deductible. Checks should be made out to "EPIC" and sent to1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009.
Or you can contribute online at
Your contributions will help support Freedom of Information Act andFirst Amendment litigation, strong and effective advocacy for theright of privacy and efforts to oppose government regulation ofencryption and expanding wiretapping powers.

Thank you for your support.

END EPIC Alert 8.07


WorldLII: Copyright Policy | Disclaimers | Privacy Policy | Feedback